current/SOURCES/yp-tools-2.7-md5.patch

--- yp-tools-2.7/src/yppasswd.c.md5     Tue Jun 11 06:26:00 2002
+++ yp-tools-2.7/src/yppasswd.c Tue Jun 11 06:30:18 2002
@@ -49,6 +49,8 @@
 #include <locale.h>
 #include <libintl.h>
 #include <sys/param.h>
+#include <sys/types.h>
+#include <fcntl.h>
 #include <sys/stat.h>
 #include <rpcsvc/yp_prot.h>
 #include <rpcsvc/ypclnt.h>
@@ -436,11 +438,44 @@
 
 #endif
 
+#define bin_to_ascii(c) ((c)>=38?((c)-38+'a'):(c)>=12?((c)-12+'A'):(c)+'.')
+
+static void
+create_random_salt (char *salt, int num_chars)
+{
+  int fd;
+  unsigned char c;
+  int i;
+  int res;
+  
+  fd = open("/dev/urandom", O_RDONLY);
+
+  for (i = 0; i < num_chars; i++)
+    {
+      res = 0;
+      
+      if (fd != 0)
+       res = read (fd, &c, 1);
+
+      if (res != 1)
+       c = random();
+      
+      salt[i] = bin_to_ascii(c & 0x3f);
+    }
+  
+  salt[num_chars] = 0;
+
+  if (fd != 0)
+    close (fd);
+}
+
+
 int
 main (int argc, char **argv)
 {
   char *s, *progname, *domainname = NULL, *user = NULL, *master = NULL;
   int f_flag = 0, l_flag = 0, p_flag = 0, error, status;
+  int has_md5_passwd = 0;
   struct yppasswd yppwd;
   struct passwd *pwd;
   CLIENT *clnt;
@@ -451,6 +486,8 @@
   bindtextdomain (PACKAGE, LOCALEDIR);
   textdomain (PACKAGE);
 
+  srandom (time (NULL));
+
   if ((s = strrchr (argv[0], '/')) != NULL)
     progname = s + 1;
   else
@@ -642,6 +679,9 @@
       cp = stpcpy (hashpass, "##");
       strcpy (cp, pwd->pw_name);
 
+      if (strncmp(pwd->pw_passwd, "$1$", 3) == 0)
+       has_md5_passwd = 1;
+
       /* We can't check the password with shadow passwords enabled. We
        * leave the checking to yppasswdd */
       if (uid != 0 && strcmp (pwd->pw_passwd, "x") != 0 &&
@@ -675,13 +715,11 @@
 
   if (p_flag)
     {
-#define bin_to_ascii(c) ((c)>=38?((c)-38+'a'):(c)>=12?((c)-12+'A'):(c)+'.')
 #ifdef USE_CRACKLIB
       char *error_msg;
 #endif /* USE_CRACKLIB */
-      char *buf, salt[2], *p = NULL;
+      char *buf, salt[12], *p = NULL;
       int tries = 0;
-      time_t tm;
 
       buf = (char *) malloc (129);
 
@@ -732,9 +770,15 @@
            }
        }
 
-      time (&tm);
-      salt[0] = bin_to_ascii (tm & 0x3f);
-      salt[1] = bin_to_ascii ((tm >> 6) & 0x3f);
+      if (!has_md5_passwd)
+       create_random_salt (salt, 2);
+      else
+       {
+         /* The user already had a MD5 password, so it's safe to
+          * use a MD5 password again */
+         strcpy (salt, "$1$");
+         create_random_salt (salt+3, 8);
+       }
 
       yppwd.newpw.pw_passwd = strdup (crypt (buf, salt));
     }
1	--- yp-tools-2.7/src/yppasswd.c.md5 Tue Jun 11 06:26:00 2002
2	+++ yp-tools-2.7/src/yppasswd.c Tue Jun 11 06:30:18 2002
3	@@ -49,6 +49,8 @@
4	#include <locale.h>
5	#include <libintl.h>
6	#include <sys/param.h>
7	+#include <sys/types.h>
8	+#include <fcntl.h>
9	#include <sys/stat.h>
10	#include <rpcsvc/yp_prot.h>
11	#include <rpcsvc/ypclnt.h>
12	@@ -436,11 +438,44 @@
13
14	#endif
15
16	+#define bin_to_ascii(c) ((c)>=38?((c)-38+'a'):(c)>=12?((c)-12+'A'):(c)+'.')
17	+
18	+static void
19	+create_random_salt (char *salt, int num_chars)
20	+{
21	+ int fd;
22	+ unsigned char c;
23	+ int i;
24	+ int res;
25	+
26	+ fd = open("/dev/urandom", O_RDONLY);
27	+
28	+ for (i = 0; i < num_chars; i++)
29	+ {
30	+ res = 0;
31	+
32	+ if (fd != 0)
33	+ res = read (fd, &c, 1);
34	+
35	+ if (res != 1)
36	+ c = random();
37	+
38	+ salt[i] = bin_to_ascii(c & 0x3f);
39	+ }
40	+
41	+ salt[num_chars] = 0;
42	+
43	+ if (fd != 0)
44	+ close (fd);
45	+}
46	+
47	+
48	int
49	main (int argc, char **argv)
50	{
51	char s, progname, domainname = NULL, user = NULL, *master = NULL;
52	int f_flag = 0, l_flag = 0, p_flag = 0, error, status;
53	+ int has_md5_passwd = 0;
54	struct yppasswd yppwd;
55	struct passwd *pwd;
56	CLIENT *clnt;
57	@@ -451,6 +486,8 @@
58	bindtextdomain (PACKAGE, LOCALEDIR);
59	textdomain (PACKAGE);
60
61	+ srandom (time (NULL));
62	+
63	if ((s = strrchr (argv[0], '/')) != NULL)
64	progname = s + 1;
65	else
66	@@ -642,6 +679,9 @@
67	cp = stpcpy (hashpass, "##");
68	strcpy (cp, pwd->pw_name);
69
70	+ if (strncmp(pwd->pw_passwd, "$1$", 3) == 0)
71	+ has_md5_passwd = 1;
72	+
73	/* We can't check the password with shadow passwords enabled. We
74	* leave the checking to yppasswdd */
75	if (uid != 0 && strcmp (pwd->pw_passwd, "x") != 0 &&
76	@@ -675,13 +715,11 @@
77
78	if (p_flag)
79	{
80	-#define bin_to_ascii(c) ((c)>=38?((c)-38+'a'):(c)>=12?((c)-12+'A'):(c)+'.')
81	#ifdef USE_CRACKLIB
82	char *error_msg;
83	#endif /* USE_CRACKLIB */
84	- char buf, salt[2], p = NULL;
85	+ char buf, salt[12], p = NULL;
86	int tries = 0;
87	- time_t tm;
88
89	buf = (char *) malloc (129);
90
91	@@ -732,9 +770,15 @@
92	}
93	}
94
95	- time (&tm);
96	- salt[0] = bin_to_ascii (tm & 0x3f);
97	- salt[1] = bin_to_ascii ((tm >> 6) & 0x3f);
98	+ if (!has_md5_passwd)
99	+ create_random_salt (salt, 2);
100	+ else
101	+ {
102	+ /* The user already had a MD5 password, so it's safe to
103	+ * use a MD5 password again */
104	+ strcpy (salt, "$1$");
105	+ create_random_salt (salt+3, 8);
106	+ }
107
108	yppwd.newpw.pw_passwd = strdup (crypt (buf, salt));
109	}