On Wed, Aug 02, 2006 at 11:11:45AM -0400, Robert Connolly wrote: > Hi. I have a couple patches ported from the Owl blowfish patches: > > http://www.topside.org/~ashes/new/glibc-2.4-owl_blowfish.patch > http://www.topside.org/~ashes/new/shadow-4.0.17-owl_blowfish.patch > > I'm not sure if sulogin needs a patch or not. I noticed sulogin.c doesn't > seem > to care what hash you use (it used to).
sulogin only cares about the format of the password field in /etc/passwd (for the "read /etc/passwd" fallback). valid() checks for crypt-style passwords (13 chars, 0-9a-zA-z./) and for md5-style passwords (starting $1$). The glibc crypt() function deals with the actual hashing method selection (based on the format of the salt passed to it), so it only matters in this fallback scenario. I think the attached patch should fix sulogin.c. > > Do we want this in HLFS? Personally, I'd say yes... Alex :-) -- Pippin Computer Monkey to the Pelican www.oxrev.org.uk, www.corpusjcr.org, www.rev.org.uk
diff -ru sysvinit-2.86.old/src/sulogin.c sysvinit-2.86/src/sulogin.c
--- sysvinit-2.86.old/src/sulogin.c 2004-07-30 12:40:28.000000000 +0100
+++ sysvinit-2.86/src/sulogin.c 2006-08-03 22:37:46.000000000 +0100
@@ -29,7 +29,9 @@
#endif
#define CHECK_DES 1
+#define CHECK_BDES 1
#define CHECK_MD5 1
+#define CHECK_BLOWFISH 1
#define F_PASSWD "/etc/passwd"
#define F_SHADOW "/etc/shadow"
@@ -119,8 +121,36 @@
return 1;
}
#endif
-#if CHECK_DES
- if (strlen(pass) != 13) return 0;
+#if CHECK_BLOWFISH
+ /*
+ * 4 bytes for the signature $1$
+ * 2 bytes for base 2 log of iter count (must be >4)
+ * $
+ * the MD5 hash (128 bits or 16 bytes) encoded in base64 = 22 bytes
+ */
+ if (strncmp(pass, "$2a$", 4) == 0) {
+ s = pass + 4;
+ if (*s < '0' || *s > '9') return 0;
+ if (*(s+1) < '0' || *(s+1) > '9') return 0;
+ if (*s == '0' && *(s+1) < '4') return 0;
+
+ s = s + 2;
+ if (*s++ != '$') return 0;
+
+ if (strlen(s) != 53) return 0;
+
+ return 1;
+ }
+#endif
+#if CHECK_BDES || CHECK_DES
+ len = strlen(pass);
+#if ! CHECK_DES
+ if (len != 19) return 0;
+#elif ! CHECK_BDES
+ if (len != 13) return 0;
+#else
+ if (len != 13 && len != 19) return 0;
+#endif
for (s = pass; *s; s++) {
if ((*s < '0' || *s > '9') &&
(*s < 'a' || *s > 'z') &&
pgpyuQ9JqKwPe.pgp
Description: PGP signature
-- http://linuxfromscratch.org/mailman/listinfo/hlfs-dev FAQ: http://www.linuxfromscratch.org/faq/ Unsubscribe: See the above information page
