- if (strncmp(p, request, u-request) != 0) {
- /* user uncompared */
- continue;
- }
- pp = strchr(p, ':');
-+ if(pp && pp[1] == '$' && pp[2] == 'p' &&
-+ pp[3] == '$' && pp[4] &&
-+ (pwd = getpwnam(&pp[4])) != NULL) {
-+ if(pwd->pw_passwd && pwd->pw_passwd[0] == '!') {
-+ prev = NULL;
-+ continue;
-+ }
-+ ppnew = xrealloc(ppnew, 5 + strlen(pwd->pw_passwd));
-+ ppnew[0] = ':';
-+ strcpy(ppnew + 1, pwd->pw_passwd);
-+ pp = ppnew;
-+ }
- if (pp && pp[1] == '$' && pp[2] == '1' &&
- pp[3] == '$' && pp[4]) {
- pp++;
-@@ -1396,6 +1410,10 @@
- /* unauthorized */
+ md5_passwd++;
+- user_len_p1 = md5_passwd - cur->after_colon;
+ /* comparing "user:" */
+ if (strncmp(cur->after_colon, user_and_passwd, user_len_p1) != 0) {