1 |
--- yp-tools-2.7/src/yppasswd.c.md5 Tue Jun 11 06:26:00 2002 |
2 |
+++ yp-tools-2.7/src/yppasswd.c Tue Jun 11 06:30:18 2002 |
3 |
@@ -49,6 +49,8 @@ |
4 |
#include <locale.h> |
5 |
#include <libintl.h> |
6 |
#include <sys/param.h> |
7 |
+#include <sys/types.h> |
8 |
+#include <fcntl.h> |
9 |
#include <sys/stat.h> |
10 |
#include <rpcsvc/yp_prot.h> |
11 |
#include <rpcsvc/ypclnt.h> |
12 |
@@ -436,11 +438,44 @@ |
13 |
|
14 |
#endif |
15 |
|
16 |
+#define bin_to_ascii(c) ((c)>=38?((c)-38+'a'):(c)>=12?((c)-12+'A'):(c)+'.') |
17 |
+ |
18 |
+static void |
19 |
+create_random_salt (char *salt, int num_chars) |
20 |
+{ |
21 |
+ int fd; |
22 |
+ unsigned char c; |
23 |
+ int i; |
24 |
+ int res; |
25 |
+ |
26 |
+ fd = open("/dev/urandom", O_RDONLY); |
27 |
+ |
28 |
+ for (i = 0; i < num_chars; i++) |
29 |
+ { |
30 |
+ res = 0; |
31 |
+ |
32 |
+ if (fd != 0) |
33 |
+ res = read (fd, &c, 1); |
34 |
+ |
35 |
+ if (res != 1) |
36 |
+ c = random(); |
37 |
+ |
38 |
+ salt[i] = bin_to_ascii(c & 0x3f); |
39 |
+ } |
40 |
+ |
41 |
+ salt[num_chars] = 0; |
42 |
+ |
43 |
+ if (fd != 0) |
44 |
+ close (fd); |
45 |
+} |
46 |
+ |
47 |
+ |
48 |
int |
49 |
main (int argc, char **argv) |
50 |
{ |
51 |
char *s, *progname, *domainname = NULL, *user = NULL, *master = NULL; |
52 |
int f_flag = 0, l_flag = 0, p_flag = 0, error, status; |
53 |
+ int has_md5_passwd = 0; |
54 |
struct yppasswd yppwd; |
55 |
struct passwd *pwd; |
56 |
CLIENT *clnt; |
57 |
@@ -451,6 +486,8 @@ |
58 |
bindtextdomain (PACKAGE, LOCALEDIR); |
59 |
textdomain (PACKAGE); |
60 |
|
61 |
+ srandom (time (NULL)); |
62 |
+ |
63 |
if ((s = strrchr (argv[0], '/')) != NULL) |
64 |
progname = s + 1; |
65 |
else |
66 |
@@ -642,6 +679,9 @@ |
67 |
cp = stpcpy (hashpass, "##"); |
68 |
strcpy (cp, pwd->pw_name); |
69 |
|
70 |
+ if (strncmp(pwd->pw_passwd, "$1$", 3) == 0) |
71 |
+ has_md5_passwd = 1; |
72 |
+ |
73 |
/* We can't check the password with shadow passwords enabled. We |
74 |
* leave the checking to yppasswdd */ |
75 |
if (uid != 0 && strcmp (pwd->pw_passwd, "x") != 0 && |
76 |
@@ -675,13 +715,11 @@ |
77 |
|
78 |
if (p_flag) |
79 |
{ |
80 |
-#define bin_to_ascii(c) ((c)>=38?((c)-38+'a'):(c)>=12?((c)-12+'A'):(c)+'.') |
81 |
#ifdef USE_CRACKLIB |
82 |
char *error_msg; |
83 |
#endif /* USE_CRACKLIB */ |
84 |
- char *buf, salt[2], *p = NULL; |
85 |
+ char *buf, salt[12], *p = NULL; |
86 |
int tries = 0; |
87 |
- time_t tm; |
88 |
|
89 |
buf = (char *) malloc (129); |
90 |
|
91 |
@@ -732,9 +770,15 @@ |
92 |
} |
93 |
} |
94 |
|
95 |
- time (&tm); |
96 |
- salt[0] = bin_to_ascii (tm & 0x3f); |
97 |
- salt[1] = bin_to_ascii ((tm >> 6) & 0x3f); |
98 |
+ if (!has_md5_passwd) |
99 |
+ create_random_salt (salt, 2); |
100 |
+ else |
101 |
+ { |
102 |
+ /* The user already had a MD5 password, so it's safe to |
103 |
+ * use a MD5 password again */ |
104 |
+ strcpy (salt, "$1$"); |
105 |
+ create_random_salt (salt+3, 8); |
106 |
+ } |
107 |
|
108 |
yppwd.newpw.pw_passwd = strdup (crypt (buf, salt)); |
109 |
} |