summaryrefslogtreecommitdiff
path: root/modules/pam_unix
diff options
context:
space:
mode:
authorTomas Mraz <tmraz@fedoraproject.org>2015-04-07 10:52:16 +0200
committerTomas Mraz <tmraz@fedoraproject.org>2015-04-07 10:52:16 +0200
commitedcd6ce3a097c9b813909186dcb4accc35e604ef (patch)
tree3334336fcd591beb2528e98b43652f35f665426c /modules/pam_unix
parent10b83ef224a5e9c3e2663b3f08dd17090acc58ab (diff)
Use crypt_r if available in pam_userdb and in pam_unix.
* modules/pam_unix/passverify.c (create_password_hash): Call crypt_r() instead of crypt() if available. * modules/pam_userdb/pam_userdb.c (user_lookup): Call crypt_r() instead of crypt() if available.
Diffstat (limited to 'modules/pam_unix')
-rw-r--r--modules/pam_unix/passverify.c22
1 files changed, 20 insertions, 2 deletions
diff --git a/modules/pam_unix/passverify.c b/modules/pam_unix/passverify.c
index 7f7bc490..b325602c 100644
--- a/modules/pam_unix/passverify.c
+++ b/modules/pam_unix/passverify.c
@@ -377,6 +377,9 @@ PAMH_ARG_DECL(char * create_password_hash,
const char *algoid;
char salt[64]; /* contains rounds number + max 16 bytes of salt + algo id */
char *sp;
+#ifdef HAVE_CRYPT_R
+ struct crypt_data *cdata = NULL;
+#endif
if (on(UNIX_MD5_PASS, ctrl)) {
/* algoid = "$1" */
@@ -423,7 +426,16 @@ PAMH_ARG_DECL(char * create_password_hash,
#ifdef HAVE_CRYPT_GENSALT_R
}
#endif
+#ifdef HAVE_CRYPT_R
+ sp = NULL;
+ cdata = malloc(sizeof(*cdata));
+ if (cdata != NULL) {
+ cdata->initialized = 0;
+ sp = crypt_r(password, salt, cdata);
+ }
+#else
sp = crypt(password, salt);
+#endif
if (!sp || strncmp(algoid, sp, strlen(algoid)) != 0) {
/* libxcrypt/libc doesn't know the algorithm, use MD5 */
pam_syslog(pamh, LOG_ERR,
@@ -435,10 +447,16 @@ PAMH_ARG_DECL(char * create_password_hash,
if(sp) {
memset(sp, '\0', strlen(sp));
}
+#ifdef HAVE_CRYPT_R
+ free(cdata);
+#endif
return crypt_md5_wrapper(password);
}
-
- return x_strdup(sp);
+ sp = x_strdup(sp);
+#ifdef HAVE_CRYPT_R
+ free(cdata);
+#endif
+ return sp;
}
#ifdef WITH_SELINUX