From edcd6ce3a097c9b813909186dcb4accc35e604ef Mon Sep 17 00:00:00 2001
From: Tomas Mraz <tmraz@fedoraproject.org>
Date: Tue, 7 Apr 2015 10:52:16 +0200
Subject: Use crypt_r if available in pam_userdb and in pam_unix.

* modules/pam_unix/passverify.c (create_password_hash): Call crypt_r()
instead of crypt() if available.
* modules/pam_userdb/pam_userdb.c (user_lookup): Call crypt_r()
instead of crypt() if available.
---
 modules/pam_unix/passverify.c   | 22 ++++++++++++++++++++--
 modules/pam_userdb/pam_userdb.c | 20 +++++++++++++++-----
 2 files changed, 35 insertions(+), 7 deletions(-)

(limited to 'modules')

diff --git a/modules/pam_unix/passverify.c b/modules/pam_unix/passverify.c
index 7f7bc490..b325602c 100644
--- a/modules/pam_unix/passverify.c
+++ b/modules/pam_unix/passverify.c
@@ -377,6 +377,9 @@ PAMH_ARG_DECL(char * create_password_hash,
 	const char *algoid;
 	char salt[64]; /* contains rounds number + max 16 bytes of salt + algo id */
 	char *sp;
+#ifdef HAVE_CRYPT_R
+	struct crypt_data *cdata = NULL;
+#endif
 
 	if (on(UNIX_MD5_PASS, ctrl)) {
 		/* algoid = "$1" */
@@ -423,7 +426,16 @@ PAMH_ARG_DECL(char * create_password_hash,
 #ifdef HAVE_CRYPT_GENSALT_R
 	}
 #endif
+#ifdef HAVE_CRYPT_R
+	sp = NULL;
+	cdata = malloc(sizeof(*cdata));
+	if (cdata != NULL) {
+		cdata->initialized = 0;
+		sp = crypt_r(password, salt, cdata);
+	}
+#else
 	sp = crypt(password, salt);
+#endif
 	if (!sp || strncmp(algoid, sp, strlen(algoid)) != 0) {
 		/* libxcrypt/libc doesn't know the algorithm, use MD5 */
 		pam_syslog(pamh, LOG_ERR,
@@ -435,10 +447,16 @@ PAMH_ARG_DECL(char * create_password_hash,
 		if(sp) {
 		   memset(sp, '\0', strlen(sp));
 		}
+#ifdef HAVE_CRYPT_R
+		free(cdata);
+#endif
 		return crypt_md5_wrapper(password);
 	}
-
-	return x_strdup(sp);
+	sp = x_strdup(sp);
+#ifdef HAVE_CRYPT_R
+	free(cdata);
+#endif
+	return sp;
 }
 
 #ifdef WITH_SELINUX
diff --git a/modules/pam_userdb/pam_userdb.c b/modules/pam_userdb/pam_userdb.c
index ba36ebf2..8df1a40c 100644
--- a/modules/pam_userdb/pam_userdb.c
+++ b/modules/pam_userdb/pam_userdb.c
@@ -213,15 +213,23 @@ user_lookup (pam_handle_t *pamh, const char *database, const char *cryptmode,
 
 	  /* crypt(3) password storage */
 
-	  char *cryptpw;
+	  char *cryptpw = NULL;
 
 	  if (data.dsize < 13) {
 	    compare = -2;
 	  } else if (ctrl & PAM_ICASE_ARG) {
 	    compare = -2;
 	  } else {
+#ifdef HAVE_CRYPT_R
+	    struct crypt_data *cdata = NULL;
+	    cdata = malloc(sizeof(*cdata));
+	    if (cdata != NULL) {
+		cdata->initialized = 0;
+		cryptpw = crypt_r(pass, data.dptr, cdata);
+	    }
+#else
 	    cryptpw = crypt (pass, data.dptr);
-
+#endif
 	    if (cryptpw && strlen(cryptpw) == (size_t)data.dsize) {
 	      compare = memcmp(data.dptr, cryptpw, data.dsize);
 	    } else {
@@ -232,9 +240,11 @@ user_lookup (pam_handle_t *pamh, const char *database, const char *cryptmode,
 		else
 		  pam_syslog(pamh, LOG_INFO, "crypt() returned NULL");
 	      }
-	    };
-
-	  };
+	    }
+#ifdef HAVE_CRYPT_R
+	    free(cdata);
+#endif
+	  }
 
 	} else {
 
-- 
cgit v1.2.3