diff --git a/ChangeLog b/ChangeLog index 8a1d0015..4d24babf 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,16 @@ +2007-11-23 Nicolas François + + Patch contributed by Dan Kopecek + * src/chpasswd.c, src/chgpasswd.c, src/newusers.c: Fix compilation + when ENCRYPTMETHOD_SELECT is not defined. + * libmisc/salt.c (MAGNUM): The nul char was put on (array)[2] + instead of (array)[3]. + * libmisc/salt.c: MAGNUM should be defined even if + ENCRYPTMETHOD_SELECT is not defined. + * libmisc/salt.c: Use random instead of rand. + * libmisc/salt.c (gensalt): New function to generate a salt + (instead of using gettimeofday). + 2007-11-23 Nicolas François * NEWS, src/newusers.c: New options -c/--crypt-method diff --git a/libmisc/salt.c b/libmisc/salt.c index 2f1a4be2..a6481187 100644 --- a/libmisc/salt.c +++ b/libmisc/salt.c @@ -13,6 +13,7 @@ #include #include +#include #include "prototypes.h" #include "defines.h" #include "getdef.h" @@ -52,14 +53,12 @@ char *l64a(long value) } #endif /* !HAVE_L64A */ -#ifdef ENCRYPTMETHOD_SELECT /* * Add the salt prefix. */ -#define MAGNUM(array,ch) (array)[0]= (array)[2] = '$',\ - (array)[1]=(ch),\ - (array)[2]='\0' +#define MAGNUM(array,ch) (array)[0]=(array)[2]='$',(array)[1]=(ch),(array)[3]='\0' +#ifdef ENCRYPTMETHOD_SELECT /* * Return the salt size. * The size of the salt string is between 8 and 16 bytes for the SHA crypt @@ -67,8 +66,8 @@ char *l64a(long value) */ static unsigned int SHA_salt_size (void) { - srand (time (NULL)); - return 8 + (double)rand () * 9 / RAND_MAX; + srandom ((unsigned int)time (NULL)); + return 8 + (double)random () * 9 / RAND_MAX; } /* ! Arguments evaluated twice ! */ @@ -133,6 +132,29 @@ static char *SHA_salt_rounds (int *prefered_rounds) } #endif +/* + * Generate salt of size salt_size. + */ +#define MAX_SALT_SIZE 16 +#define MIN_SALT_SIZE 8 + +char *gensalt (unsigned int salt_size) { + static char salt[32]; + + salt[0] = '\0'; + + if (salt_size >= MIN_SALT_SIZE && + salt_size <= MAX_SALT_SIZE) { + strcat (salt, l64a (random())); + do { + strcat (salt, l64a (random())); + } while (strlen (salt) < salt_size); + salt[salt_size] = '\0'; + } + + return salt; +} + /* * Generate 8 base64 ASCII characters of random salt. If MD5_CRYPT_ENAB * in /etc/login.defs is "yes", the salt string will be prefixed by "$1$" @@ -150,7 +172,6 @@ static char *SHA_salt_rounds (int *prefered_rounds) */ char *crypt_make_salt (char *meth, void *arg) { - struct timeval tv; /* Max result size for the SHA methods: * +3 $5$ * +17 rounds=999999999$ @@ -158,7 +179,7 @@ char *crypt_make_salt (char *meth, void *arg) * +1 \0 */ static char result[40]; - size_t max_salt_len = 8; + size_t salt_len = 8; char *method = "DES"; result[0] = '\0'; @@ -174,16 +195,15 @@ char *crypt_make_salt (char *meth, void *arg) if (!strcmp (method, "MD5")) { MAGNUM(result, '1'); - max_salt_len = 11; #ifdef ENCRYPTMETHOD_SELECT } else if (!strcmp (method, "SHA256")) { MAGNUM(result, '5'); strcat(result, SHA_salt_rounds((int *)arg)); - max_salt_len = strlen(result) + SHA_salt_size(); + salt_len = SHA_salt_size(); } else if (!strcmp (method, "SHA512")) { MAGNUM(result, '6'); strcat(result, SHA_salt_rounds((int *)arg)); - max_salt_len = strlen(result) + SHA_salt_size(); + salt_len = SHA_salt_size(); #endif } else if (0 != strcmp (method, "DES")) { fprintf (stderr, @@ -196,13 +216,10 @@ char *crypt_make_salt (char *meth, void *arg) /* * Concatenate a pseudo random salt. */ - gettimeofday (&tv, (struct timezone *) 0); - strncat (result, l64a (tv.tv_usec), sizeof(result)); - strncat (result, l64a (tv.tv_sec + getpid () + clock ()), - sizeof(result)); - - if (strlen (result) > max_salt_len) /* magic+salt */ - result[max_salt_len] = '\0'; + assert (sizeof (result) > strlen (result) + salt_len); + srandom ((unsigned int)time(NULL)); + strncat (result, gensalt (salt_len), + sizeof (result) - strlen (result) - 1); return result; } diff --git a/src/chgpasswd.c b/src/chgpasswd.c index 39dfe424..c1a1ecf8 100644 --- a/src/chgpasswd.c +++ b/src/chgpasswd.c @@ -183,12 +183,12 @@ int main (int argc, char **argv) usage (); } if (cflg) { - if (0 != strcmp (crypt_method, "DES") && - 0 != strcmp (crypt_method, "MD5") && - 0 != strcmp (crypt_method, "NONE") && + if ( 0 != strcmp (crypt_method, "DES") + && 0 != strcmp (crypt_method, "MD5") + && 0 != strcmp (crypt_method, "NONE") #ifdef ENCRYPTMETHOD_SELECT - 0 != strcmp (crypt_method, "SHA256") && - 0 != strcmp (crypt_method, "SHA512") + && 0 != strcmp (crypt_method, "SHA256") + && 0 != strcmp (crypt_method, "SHA512") #endif ) { fprintf (stderr, diff --git a/src/chpasswd.c b/src/chpasswd.c index afddb71d..8a22e499 100644 --- a/src/chpasswd.c +++ b/src/chpasswd.c @@ -179,12 +179,12 @@ int main (int argc, char **argv) usage (); } if (cflg) { - if (0 != strcmp (crypt_method, "DES") && - 0 != strcmp (crypt_method, "MD5") && - 0 != strcmp (crypt_method, "NONE") && + if ( 0 != strcmp (crypt_method, "DES") + && 0 != strcmp (crypt_method, "MD5") + && 0 != strcmp (crypt_method, "NONE") #ifdef ENCRYPTMETHOD_SELECT - 0 != strcmp (crypt_method, "SHA256") && - 0 != strcmp (crypt_method, "SHA512") + && 0 != strcmp (crypt_method, "SHA256") + && 0 != strcmp (crypt_method, "SHA512") #endif ) { fprintf (stderr, diff --git a/src/newusers.c b/src/newusers.c index 95753b92..5bdf567f 100644 --- a/src/newusers.c +++ b/src/newusers.c @@ -379,12 +379,12 @@ int main (int argc, char **argv) usage (); } if (cflg) { - if (0 != strcmp (crypt_method, "DES") && - 0 != strcmp (crypt_method, "MD5") && - 0 != strcmp (crypt_method, "NONE") && + if ( 0 != strcmp (crypt_method, "DES") + && 0 != strcmp (crypt_method, "MD5") + && 0 != strcmp (crypt_method, "NONE") #ifdef ENCRYPTMETHOD_SELECT - 0 != strcmp (crypt_method, "SHA256") && - 0 != strcmp (crypt_method, "SHA512") + && 0 != strcmp (crypt_method, "SHA256") + && 0 != strcmp (crypt_method, "SHA512") #endif ) { fprintf (stderr,