Prevent security attack guessing valid server accounts

[netatalk.git] / etc / uams / uams_randnum.c

diff --git a/etc/uams/uams_randnum.c b/etc/uams/uams_randnum.c
index 8adebec705519d939508fdf96f435a96d9f0287f..3d3a5bb9b72afc9bf267a03bb3682d9288f28d1f 100644 (file)
--- a/etc/uams/uams_randnum.c
+++ b/etc/uams/uams_randnum.c
@@ -1,5 +1,5 @@
 /* 
- * $Id: uams_randnum.c,v 1.19 2009-10-15 11:39:48 didg Exp $
+ * $Id: uams_randnum.c,v 1.21 2010-03-30 10:25:49 franklahm Exp $
  *
  * Copyright (c) 1990,1993 Regents of The University of Michigan.
  * Copyright (c) 1999 Adrian Sun (asun@u.washington.edu) 
@@ -310,7 +310,7 @@ static int rand_login(void *obj, char *username, int ulen, struct passwd **uam_p
   int err;
  
   if (( randpwd = uam_getname(obj, username, ulen)) == NULL )
-    return AFPERR_PARAM; /* unknown user */
+    return AFPERR_NOTAUTH; /* unknown user */
   
   LOG(log_info, logtype_uams, "randnum/rand2num login: %s", username);
   if (uam_checkuser(randpwd) < 0)
@@ -476,7 +476,7 @@ static int randnum_changepw(void *obj, const char *username _U_,
 #endif /* USE_CRACKLIB */
 
     if (!err) 
-      err = randpass(pwd, passwdfile, ibuf + PASSWDLEN, sizeof(seskey), 1);
+        err = randpass(pwd, passwdfile, (unsigned char *)ibuf + PASSWDLEN, sizeof(seskey), 1);
 
     /* zero out some fields */
     memset(&seskeysched, 0, sizeof(seskeysched));