diff options
Diffstat (limited to 'modules')
| -rw-r--r-- | modules/pam_unix/bigcrypt.c | 26 | ||||
| -rw-r--r-- | modules/pam_unix/passverify.c | 38 | ||||
| -rw-r--r-- | modules/pam_unix/passverify.h | 2 |
3 files changed, 59 insertions, 7 deletions
diff --git a/modules/pam_unix/bigcrypt.c b/modules/pam_unix/bigcrypt.c index d825bc71..9cd55384 100644 --- a/modules/pam_unix/bigcrypt.c +++ b/modules/pam_unix/bigcrypt.c @@ -51,7 +51,9 @@ char *bigcrypt(const char *key, const char *salt) { char *dec_c2_cryptbuf; - +#ifdef HAVE_CRYPT_R + struct crypt_data *cdata; +#endif unsigned long int keylen, n_seg, j; char *cipher_ptr, *plaintext_ptr, *tmp_ptr, *salt_ptr; char keybuf[KEYBUF_SIZE + 1]; @@ -63,6 +65,14 @@ char *bigcrypt(const char *key, const char *salt) if (!dec_c2_cryptbuf) { return NULL; } +#ifdef HAVE_CRYPT_R + cdata = malloc(sizeof(*cdata)); + if(!cdata) { + free(dec_c2_cryptbuf); + return NULL; + } + cdata->initialized = 0; +#endif memset(keybuf, 0, KEYBUF_SIZE + 1); memset(dec_c2_cryptbuf, 0, CBUF_SIZE); @@ -92,8 +102,11 @@ char *bigcrypt(const char *key, const char *salt) plaintext_ptr = keybuf; /* do the first block with supplied salt */ +#ifdef HAVE_CRYPT_R + tmp_ptr = crypt_r(plaintext_ptr, salt, cdata); /* libc crypt_r() */ +#else tmp_ptr = crypt(plaintext_ptr, salt); /* libc crypt() */ - +#endif /* and place in the static area */ strncpy(cipher_ptr, tmp_ptr, 13); cipher_ptr += ESEGMENT_SIZE + SALT_SIZE; @@ -110,7 +123,11 @@ char *bigcrypt(const char *key, const char *salt) if (n_seg > 1) { for (j = 2; j <= n_seg; j++) { +#ifdef HAVE_CRYPT_R + tmp_ptr = crypt_r(plaintext_ptr, salt_ptr, cdata); +#else tmp_ptr = crypt(plaintext_ptr, salt_ptr); +#endif /* skip the salt for seg!=0 */ strncpy(cipher_ptr, (tmp_ptr + SALT_SIZE), ESEGMENT_SIZE); @@ -122,7 +139,10 @@ char *bigcrypt(const char *key, const char *salt) } D(("key=|%s|, salt=|%s|\nbuf=|%s|\n", key, salt, dec_c2_cryptbuf)); - /* this is the <NUL> terminated encrypted password */ +#ifdef HAVE_CRYPT_R + free(cdata); +#endif + /* this is the <NUL> terminated encrypted password */ return dec_c2_cryptbuf; } diff --git a/modules/pam_unix/passverify.c b/modules/pam_unix/passverify.c index 6fc4dcce..9b9f0a42 100644 --- a/modules/pam_unix/passverify.c +++ b/modules/pam_unix/passverify.c @@ -19,6 +19,9 @@ #include <sys/time.h> #include <sys/stat.h> #include <fcntl.h> +#ifdef HAVE_CRYPT_H +#include <crypt.h> +#endif #include "md5.h" #include "bigcrypt.h" @@ -44,14 +47,32 @@ # include "./lckpwdf.-c" #endif +static void +strip_hpux_aging(char *hash) +{ + static const char valid[] = "ABCDEFGHIJKLMNOPQRSTUVWXYZ" + "abcdefghijklmnopqrstuvwxyz" + "0123456789./"; + if ((*hash != '$') && (strlen(hash) > 13)) { + for (hash += 13; *hash != '\0'; hash++) { + if (strchr(valid, *hash) == NULL) { + *hash = '\0'; + break; + } + } + } +} + int -verify_pwd_hash(const char *p, const char *hash, unsigned int nullok) +verify_pwd_hash(const char *p, char *hash, unsigned int nullok) { - size_t hash_len = strlen(hash); + size_t hash_len; char *pp = NULL; int retval; D(("called")); + strip_hpux_aging(hash); + hash_len = strlen(hash); if (!hash_len) { /* the stored password is NULL */ if (nullok) { /* this means we've succeeded */ @@ -78,9 +99,20 @@ verify_pwd_hash(const char *p, const char *hash, unsigned int nullok) } else { /* * Ok, we don't know the crypt algorithm, but maybe - * libcrypt nows about it? We should try it. + * libcrypt knows about it? We should try it. */ +#ifdef HAVE_CRYPT_R + struct crypt_data *cdata; + cdata = malloc(sizeof(*cdata)); + if (cdata != NULL) { + cdata->initialized = 0; + pp = x_strdup(crypt_r(p, hash, cdata)); + memset(cdata, '\0', sizeof(*cdata)); + free(cdata); + } +#else pp = x_strdup(crypt(p, hash)); +#endif } p = NULL; /* no longer needed here */ diff --git a/modules/pam_unix/passverify.h b/modules/pam_unix/passverify.h index 196e0e33..e8e112d0 100644 --- a/modules/pam_unix/passverify.h +++ b/modules/pam_unix/passverify.h @@ -13,7 +13,7 @@ #define OLD_PASSWORDS_FILE "/etc/security/opasswd" int -verify_pwd_hash(const char *p, const char *hash, unsigned int nullok); +verify_pwd_hash(const char *p, char *hash, unsigned int nullok); int is_pwd_shadowed(const struct passwd *pwd); |