yp-tools/yp-tools-2.7-md5.patch

110 lines
2.6 KiB
Diff
Raw Normal View History

--- yp-tools-2.8/src/yppasswd.c.orig 2002-12-05 08:49:20.000000000 -0500
+++ yp-tools-2.8/src/yppasswd.c 2003-04-23 14:58:13.000000000 -0400
@@ -49,6 +49,8 @@
#include <locale.h>
#include <libintl.h>
#include <sys/param.h>
+#include <sys/types.h>
+#include <fcntl.h>
#include <sys/stat.h>
#include <rpcsvc/yp_prot.h>
#include <rpcsvc/ypclnt.h>
@@ -436,11 +438,44 @@ verifypassword (struct passwd *pwd, char
#endif
+#define bin_to_ascii(c) ((c)>=38?((c)-38+'a'):(c)>=12?((c)-12+'A'):(c)+'.')
+
+static void
+create_random_salt (char *salt, int num_chars)
+{
+ int fd;
+ unsigned char c;
+ int i;
+ int res;
+
+ fd = open("/dev/urandom", O_RDONLY);
+
+ for (i = 0; i < num_chars; i++)
+ {
+ res = 0;
+
+ if (fd != 0)
+ res = read (fd, &c, 1);
+
+ if (res != 1)
+ c = random();
+
+ salt[i] = bin_to_ascii(c & 0x3f);
+ }
+
+ salt[num_chars] = 0;
+
+ if (fd != 0)
+ close (fd);
+}
+
+
int
main (int argc, char **argv)
{
char *s, *progname, *domainname = NULL, *user = NULL, *master = NULL;
int f_flag = 0, l_flag = 0, p_flag = 0, error, status;
+ int has_md5_passwd = 0;
struct yppasswd yppwd;
struct passwd *pwd;
CLIENT *clnt;
@@ -451,6 +486,8 @@ main (int argc, char **argv)
bindtextdomain (PACKAGE, LOCALEDIR);
textdomain (PACKAGE);
+ srandom (time (NULL));
+
if ((s = strrchr (argv[0], '/')) != NULL)
progname = s + 1;
else
@@ -642,6 +679,9 @@ main (int argc, char **argv)
cp = stpcpy (hashpass, "##");
strcpy (cp, pwd->pw_name);
+ if (strncmp(pwd->pw_passwd, "$1$", 3) == 0)
+ has_md5_passwd = 1;
+
/* We can't check the password with shadow passwords enabled. We
* leave the checking to yppasswdd */
if (uid != 0 && strcmp (pwd->pw_passwd, "x") != 0 &&
@@ -676,13 +716,11 @@ main (int argc, char **argv)
if (p_flag)
{
-#define bin_to_ascii(c) ((c)>=38?((c)-38+'a'):(c)>=12?((c)-12+'A'):(c)+'.')
#ifdef USE_CRACKLIB
char *error_msg;
#endif /* USE_CRACKLIB */
- char *buf, salt[2], *p = NULL;
+ char *buf, salt[12], *p = NULL;
int tries = 0;
- time_t tm;
buf = (char *) malloc (129);
@@ -733,9 +771,15 @@ main (int argc, char **argv)
}
}
- time (&tm);
- salt[0] = bin_to_ascii (tm & 0x3f);
- salt[1] = bin_to_ascii ((tm >> 6) & 0x3f);
+ if (!has_md5_passwd)
+ create_random_salt (salt, 2);
+ else
+ {
+ /* The user already had a MD5 password, so it's safe to
+ * use a MD5 password again */
+ strcpy (salt, "$1$");
+ create_random_salt (salt+3, 8);
+ }
yppwd.newpw.pw_passwd = strdup (crypt (buf, salt));
}