From nobody  Thu May  8 01:57:10 1997
Received: (from nobody@localhost)
          by hub.freebsd.org (8.8.5/8.8.5) id BAA16735;
          Thu, 8 May 1997 01:57:10 -0700 (PDT)
Message-Id: <199705080857.BAA16735@hub.freebsd.org>
Date: Thu, 8 May 1997 01:57:10 -0700 (PDT)
From: vova@folco.lms.ru
To: freebsd-gnats-submit@freebsd.org
Subject: sudo package don't accept passwords longer then 8 characters
X-Send-Pr-Version: www-1.0

>Number:         3540
>Category:       ports
>Synopsis:       sudo package don't accept passwords longer then 8 characters
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    erich
>State:          closed
>Quarter:
>Keywords:
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Thu May  8 02:00:01 PDT 1997
>Closed-Date:    Wed May 21 05:50:33 PDT 1997
>Last-Modified:  Wed May 21 05:55:55 PDT 1997
>Originator:     Vladimr B. Grebenschikov
>Release:        2.2-RELEASE
>Organization:
PlugCom
>Environment:
FreeBSD folco.lms.ru 2.2-RELEASE FreeBSD 2.2-RELEASE #0: Thu Mar 27 15:11:35 MSK 1997     vova@folco.lms.ru:/usr/src/sys/compile/Folco  i386

>Description:
I can't do sudo with password longer 8 chars
sudo v1.5.3

>How-To-Repeat:
setup your password longer 8 chars, include yourself to sudoers file
run sudo

>Fix:
I fix it very stupid:

--- ports/security/sudo/work/sudo.v1.5.3/compat.h~   Thu Nov 14 05:37:21 1996
+++ ports/security/sudo/work/sudo.v1.5.3/compat.h    Thu May  8 12:45:06 1997
@@ -104,7 +104,7 @@
 #        if (SHADOW_TYPE != SPW_NONE)
 #          define _PASSWD_LEN  24
 #        else
-#          define _PASSWD_LEN  8
+#          define _PASSWD_LEN  24
 #        endif /* SHADOW_TYPE != SPW_NONE */
 #      endif /* PASS_MAX */
 #    endif /* !_PASSWD_LEN */


>Release-Note:
>Audit-Trail:

From: Narvi <narvi@haldjas.folklore.ee>
To: vova@folco.lms.ru
Cc: freebsd-gnats-submit@FreeBSD.ORG, GNATS Management <gnats@FreeBSD.ORG>,
        freebsd-ports@hub.freebsd.org
Subject: Re: ports/3540: sudo package don't accept passwords longer then 8 characters
Date: Thu, 8 May 1997 22:33:01 +0300 (EEST)

 On Thu, 8 May 1997 vova@folco.lms.ru wrote:
 
 > 
 > >Number:         3540
 > >Category:       ports
 > >Synopsis:       sudo package don't accept passwords longer then 8 characters
 > >Confidential:   no
 > >Severity:       non-critical
 > >Priority:       low
 > >Responsible:    freebsd-ports
 > >State:          open
 > >Class:          sw-bug
 > >Submitter-Id:   current-users
 > >Arrival-Date:   Thu May  8 02:00:01 PDT 1997
 > >Last-Modified:
 > >Originator:     Vladimr B. Grebenschikov
 > >Organization:
 > PlugCom
 > >Release:        2.2-RELEASE
 > >Environment:
 > FreeBSD folco.lms.ru 2.2-RELEASE FreeBSD 2.2-RELEASE #0: Thu Mar 27 15:11:35 MSK 1997     vova@folco.lms.ru:/usr/src/sys/compile/Folco  i386
 > 
 > >Description:
 > I can't do sudo with password longer 8 chars
 > sudo v1.5.3
 > 
 > >How-To-Repeat:
 > setup your password longer 8 chars, include yourself to sudoers file
 > run sudo
 > 
 > >Fix:
 > I fix it very stupid:
 > 
 > --- ports/security/sudo/work/sudo.v1.5.3/compat.h~   Thu Nov 14 05:37:21 1996
 > +++ ports/security/sudo/work/sudo.v1.5.3/compat.h    Thu May  8 12:45:06 1997
 > @@ -104,7 +104,7 @@
 >  #        if (SHADOW_TYPE != SPW_NONE)
 >  #          define _PASSWD_LEN  24
 >  #        else
 > -#          define _PASSWD_LEN  8
 > +#          define _PASSWD_LEN  24
 
 Hey! you just increased the value to 24 but didn't solve the problem -
 sudo shouldn't care, how long passwd I have, but cope with it without an
 overflow. Think of all the people who use sentences for their passwords.
 
 	Sander
 
 >  #        endif /* SHADOW_TYPE != SPW_NONE */
 >  #      endif /* PASS_MAX */
 >  #    endif /* !_PASSWD_LEN */
 > 
 > 
 > >Audit-Trail:
 > >Unformatted:
 > 
 

From: Narvi <narvi@haldjas.folklore.ee>
To: vova@folco.lms.ru
Cc: freebsd-gnats-submit@FreeBSD.ORG, GNATS Management <gnats@FreeBSD.ORG>,
        freebsd-ports@hub.freebsd.org
Subject: Re: ports/3540: sudo package don't accept passwords longer then 8 characters
Date: Thu, 8 May 1997 22:33:01 +0300 (EEST)

 On Thu, 8 May 1997 vova@folco.lms.ru wrote:
 
 > 
 > >Number:         3540
 > >Category:       ports
 > >Synopsis:       sudo package don't accept passwords longer then 8 characters
 > >Confidential:   no
 > >Severity:       non-critical
 > >Priority:       low
 > >Responsible:    freebsd-ports
 > >State:          open
 > >Class:          sw-bug
 > >Submitter-Id:   current-users
 > >Arrival-Date:   Thu May  8 02:00:01 PDT 1997
 > >Last-Modified:
 > >Originator:     Vladimr B. Grebenschikov
 > >Organization:
 > PlugCom
 > >Release:        2.2-RELEASE
 > >Environment:
 > FreeBSD folco.lms.ru 2.2-RELEASE FreeBSD 2.2-RELEASE #0: Thu Mar 27 15:11:35 MSK 1997     vova@folco.lms.ru:/usr/src/sys/compile/Folco  i386
 > 
 > >Description:
 > I can't do sudo with password longer 8 chars
 > sudo v1.5.3
 > 
 > >How-To-Repeat:
 > setup your password longer 8 chars, include yourself to sudoers file
 > run sudo
 > 
 > >Fix:
 > I fix it very stupid:
 > 
 > --- ports/security/sudo/work/sudo.v1.5.3/compat.h~   Thu Nov 14 05:37:21 1996
 > +++ ports/security/sudo/work/sudo.v1.5.3/compat.h    Thu May  8 12:45:06 1997
 > @@ -104,7 +104,7 @@
 >  #        if (SHADOW_TYPE != SPW_NONE)
 >  #          define _PASSWD_LEN  24
 >  #        else
 > -#          define _PASSWD_LEN  8
 > +#          define _PASSWD_LEN  24
 
 Hey! you just increased the value to 24 but didn't solve the problem -
 sudo shouldn't care, how long passwd I have, but cope with it without an
 overflow. Think of all the people who use sentences for their passwords.
 
 	Sander
 
 >  #        endif /* SHADOW_TYPE != SPW_NONE */
 >  #      endif /* PASS_MAX */
 >  #    endif /* !_PASSWD_LEN */
 > 
 > 
 > >Audit-Trail:
 > >Unformatted:
 > 
 
Responsible-Changed-From-To: freebsd-ports->erich 
Responsible-Changed-By: asami 
Responsible-Changed-When: Tue May 20 20:43:18 PDT 1997 
Responsible-Changed-Why:  
Eric, can you verify the validity of the report and close it if  
appropriate? 
State-Changed-From-To: open->closed 
State-Changed-By: erich 
State-Changed-When: Wed May 21 05:50:33 PDT 1997 
State-Changed-Why:  
It works with DES passwds under -current 

I can't test md5 passwds, but I'll look at a patch if there's 
a problem. 

>Unformatted:
