diff options
| -rw-r--r-- | openbsd-compat/xcrypt.c | 24 |
1 files changed, 15 insertions, 9 deletions
diff --git a/openbsd-compat/xcrypt.c b/openbsd-compat/xcrypt.c index 8913bb81a..cf6a9b99f 100644 --- a/openbsd-compat/xcrypt.c +++ b/openbsd-compat/xcrypt.c | |||
| @@ -65,7 +65,9 @@ | |||
| 65 | 65 | ||
| 66 | /* | 66 | /* |
| 67 | * Pick an appropriate password encryption type and salt for the running | 67 | * Pick an appropriate password encryption type and salt for the running |
| 68 | * system. | 68 | * system by searching through accounts until we find one that has a valid |
| 69 | * salt. Usually this will be root unless the root account is locked out. | ||
| 70 | * If we don't find one we return a traditional DES-based salt. | ||
| 69 | */ | 71 | */ |
| 70 | static const char * | 72 | static const char * |
| 71 | pick_salt(void) | 73 | pick_salt(void) |
| @@ -78,14 +80,18 @@ pick_salt(void) | |||
| 78 | if (salt[0] != '\0') | 80 | if (salt[0] != '\0') |
| 79 | return salt; | 81 | return salt; |
| 80 | strlcpy(salt, "xx", sizeof(salt)); | 82 | strlcpy(salt, "xx", sizeof(salt)); |
| 81 | if ((pw = getpwuid(0)) == NULL) | 83 | setpwent(); |
| 82 | return salt; | 84 | while ((pw = getpwent()) != NULL) { |
| 83 | passwd = shadow_pw(pw); | 85 | passwd = shadow_pw(pw); |
| 84 | if (passwd[0] != '$' || (p = strrchr(passwd + 1, '$')) == NULL) | 86 | if (passwd[0] == '$' && (p = strrchr(passwd+1, '$')) != NULL) { |
| 85 | return salt; /* no $, DES */ | 87 | typelen = p - passwd + 1; |
| 86 | typelen = p - passwd + 1; | 88 | strlcpy(salt, passwd, MIN(typelen, sizeof(salt))); |
| 87 | strlcpy(salt, passwd, MIN(typelen, sizeof(salt))); | 89 | explicit_bzero(passwd, strlen(passwd)); |
| 88 | explicit_bzero(passwd, strlen(passwd)); | 90 | goto out; |
| 91 | } | ||
| 92 | } | ||
| 93 | out: | ||
| 94 | endpwent(); | ||
| 89 | return salt; | 95 | return salt; |
| 90 | } | 96 | } |
| 91 | 97 | ||