PVE/Auth/PVE.pm: encode uft8 password before calling crypt
authorDietmar Maurer <dietmar@proxmox.com>
Tue, 2 May 2017 08:37:20 +0000 (10:37 +0200)
committerDietmar Maurer <dietmar@proxmox.com>
Tue, 2 May 2017 08:37:20 +0000 (10:37 +0200)
PVE/Auth/PVE.pm

index 6065df0..de39d35 100755 (executable)
@@ -2,6 +2,7 @@ package PVE::Auth::PVE;
 
 use strict;
 use warnings;
+use Encode;
 
 use PVE::Tools;
 use PVE::Auth::Plugin;
@@ -79,8 +80,9 @@ sub authenticate_user {
     my $shadow_cfg = cfs_read_file($shadowconfigfile);
     
     if ($shadow_cfg->{users}->{$username}) {
-       my $encpw = crypt($password, $shadow_cfg->{users}->{$username}->{shadow});
-        die "invalid credentials\n" if ($encpw ne $shadow_cfg->{users}->{$username}->{shadow});
+       my $encpw = crypt(Encode::encode('utf8', $password),
+                         $shadow_cfg->{users}->{$username}->{shadow});
+       die "invalid credentials\n" if ($encpw ne $shadow_cfg->{users}->{$username}->{shadow});
     } else {
        die "no password set\n";
     }