7 files changed, 234 insertions, 7 deletions
diff --git a/ChangeLog b/ChangeLog
index b92f9bfaf..7a60cb318 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -15,8 +15,9 @@
 - Added autoconf option to enable S/Key support (untested)
 - Added autoconf option to enable TCP wrappers support (compiles OK)
 - Renamed BSD helper function files to bsd-*
- - Added tests for login and daemon and OpenBSD replacements for when they
+ - Added tests for login and daemon and enable OpenBSD replacements for 
-   are absent.
+   when they are absent.
+ - Added non-PAM MD5 password support patch from Tudor Bosman <tudorb@jm.nu>
 19991118
 - Merged OpenBSD CVS changes
diff --git a/Makefile.in b/Makefile.in
index fec1d1301..dde1353f9 100644
--- a/Makefile.in
+++ b/Makefile.in
@@ -27,7 +27,8 @@ OBJS=	authfd.o authfile.o auth-passwd.o auth-rhosts.o auth-rh-rsa.o \
                hostfile.o log-client.o login.o log-server.o match.o mpaux.o \
                packet.o pty.o readconf.o readpass.o rsa.o servconf.o serverloop.o \
                sshconnect.o tildexpand.o ttymodes.o uidswap.o xmalloc.o \
-                helper.o bsd-mktemp.o bsd-strlcpy.o bsd-daemon.o bsd-login.o rc4.o
+                helper.o bsd-mktemp.o bsd-strlcpy.o bsd-daemon.o bsd-login.o rc4.o \
+                md5crypt.o
 all: $(OBJS) $(TARGETS)
@@ -38,7 +39,7 @@ libssh.a: authfd.o authfile.o bufaux.o buffer.o canohost.o channels.o cipher.o c
 ssh: ssh.o sshconnect.o log-client.o readconf.o clientloop.o libssh.a
        $(CC) -o $@ $^ $(LFLAGS) $(LIBS) 
-sshd:   sshd.o auth-rhosts.o auth-passwd.o auth-rsa.o auth-rh-rsa.o pty.o log-server.o login.o servconf.o serverloop.o bsd-login.o bsd-daemon.o libssh.a
+sshd:   sshd.o auth-rhosts.o auth-passwd.o auth-rsa.o auth-rh-rsa.o pty.o log-server.o login.o servconf.o serverloop.o bsd-login.o bsd-daemon.o md5crypt.o libssh.a
        $(CC) -o $@ $^ $(LFLAGS) $(LIBS) 
 scp:    scp.o libssh.a
diff --git a/acconfig.h b/acconfig.h
index 2732c26cc..d5a12b2bc 100644
--- a/acconfig.h
+++ b/acconfig.h
@@ -48,6 +48,9 @@
 /* Define if your libraries define daemon() */
 #undef HAVE_DAEMON
+/* Define if you want to allow MD5 passwords */
+#undef HAVE_MD5_PASSWORDS
 @BOTTOM@
 /* ******************* Shouldn't need to edit below this line ************** */
diff --git a/auth-passwd.c b/auth-passwd.c
index ea824f5f4..a08bab3af 100644
--- a/auth-passwd.c
+++ b/auth-passwd.c
@@ -15,7 +15,10 @@ the password is valid for the user.
 */
 #include "includes.h"
-RCSID("$Id: auth-passwd.c,v 1.4 1999/11/13 04:40:10 damien Exp $");
+#ifndef HAVE_PAM
+RCSID("$Id: auth-passwd.c,v 1.5 1999/11/19 04:53:20 damien Exp $");
 #include "packet.h"
 #include "ssh.h"
@@ -27,7 +30,10 @@ RCSID("$Id: auth-passwd.c,v 1.4 1999/11/13 04:40:10 damien Exp $");
 #include <shadow.h>
 #endif
-#ifndef HAVE_PAM
+#ifdef HAVE_MD5_PASSWORDS
+#include "md5crypt.h"
+#endif
 /* Don't need anything from here if we are using PAM */
 /* Tries to authenticate the user using password.  Returns true if
@@ -187,7 +193,14 @@ int auth_password(struct passwd *pw, const char *password)
    return(0);
  /* Encrypt the candidate password using the proper salt. */
+#ifdef HAVE_MD5_PASSWORDS
+  if (is_md5_salt(spw->sp_pwdp))
+    encrypted_password = md5_crypt(password, spw->sp_pwdp);
+  else
+    encrypted_password = crypt(password, spw->sp_pwdp);
+#else /* HAVE_MD5_PASSWORDS */    
  encrypted_password = crypt(password, spw->sp_pwdp);
+#endif /* HAVE_MD5_PASSWORDS */    
  /* Authentication is accepted if the encrypted passwords are identical. */
  return (strcmp(encrypted_password, spw->sp_pwdp) == 0);
diff --git a/configure.in b/configure.in
index dd74b3b4f..697784c6d 100644
--- a/configure.in
+++ b/configure.in
@@ -74,7 +74,7 @@ dnl Check whether use wants to disable the external ssh-askpass
 INSTALL_ASKPASS="yes"
 AC_MSG_CHECKING([whether to enable external ssh-askpass support])
 AC_ARG_WITH(askpass,
-        [  --with-askpass=yes/no   Enable external ssh-askpass support (default=no)],
+        [  --with-askpass=yes/no   Enable external ssh-askpass support (default=yes)],
        [
                if test x$withval = xno ; then
                        INSTALL_ASKPASS="no"
@@ -213,4 +213,10 @@ AC_ARG_WITH(skey,
        ]
 )
+dnl Check whether to enable MD5 passwords
+AC_ARG_WITH(md5passwords,
+        [  --with-md5-passwords    Enable use of MD5 passwords],
+        [AC_DEFINE(HAVE_MD5_PASSWORDS)]
+)
 AC_OUTPUT(Makefile)
diff --git a/md5crypt.c b/md5crypt.c
new file mode 100644
index 000000000..15af422a6
--- /dev/null
+++ b/md5crypt.c
@@ -0,0 +1,166 @@
+/*
+ * ----------------------------------------------------------------------------
+ * "THE BEER-WARE LICENSE" (Revision 42):
+ * <phk@login.dknet.dk> wrote this file.  As long as you retain this notice you
+ * can do whatever you want with this stuff. If we meet some day, and you think
+ * this stuff is worth it, you can buy me a beer in return.   Poul-Henning Kamp
+ * ----------------------------------------------------------------------------
+ */
+/*
+ * Ported from FreeBSD to Linux, only minimal changes.  --marekm
+ */
+/*
+ * Adapted from shadow-19990607 by Tudor Bosman, tudorb@jm.nu
+ */
+#include "config.h"
+#ifdef HAVE_MD5_PASSWORDS
+#include <unistd.h>
+#include <string.h>
+#ifdef HAVE_OPENSSL
+#include <openssl/md5.h>
+#endif
+#ifdef HAVE_SSL
+#include <ssl/md5.h>
+#endif
+static unsigned char itoa64[] =         /* 0 ... 63 => ascii - 64 */
+        "./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz";
+static char     *magic = "$1$"; /*
+                                 * This string is magic for
+                                 * this algorithm.  Having
+                                 * it this way, we can get
+                                 * get better later on
+                                 */
+static void
+to64(char *s, unsigned long v, int n)
+{
+        while (--n >= 0) {
+                *s++ = itoa64[v&0x3f];
+                v >>= 6;
+        }
+}
+int
+is_md5_salt(const char *salt)
+{
+        return (!strncmp(salt, magic, strlen(magic)));
+}
+/*
+ * UNIX password
+ *
+ * Use MD5 for what it is best at...
+ */
+char *
+md5_crypt(const char *pw, const char *salt)
+{
+        static char     passwd[120], *p;
+        static const char *sp,*ep;
+        unsigned char   final[16];
+        int sl,pl,i,j;
+        MD5_CTX ctx,ctx1;
+        unsigned long l;
+        /* Refine the Salt first */
+        sp = salt;
+        /* If it starts with the magic string, then skip that */
+        if(!strncmp(sp,magic,strlen(magic)))
+                sp += strlen(magic);
+        /* It stops at the first '$', max 8 chars */
+        for(ep=sp;*ep && *ep != '$' && ep < (sp+8);ep++)
+                continue;
+        /* get the length of the true salt */
+        sl = ep - sp;
+        MD5_Init(&ctx);
+        /* The password first, since that is what is most unknown */
+        MD5_Update(&ctx,pw,strlen(pw));
+        /* Then our magic string */
+        MD5_Update(&ctx,magic,strlen(magic));
+        /* Then the raw salt */
+        MD5_Update(&ctx,sp,sl);
+        /* Then just as many characters of the MD5(pw,salt,pw) */
+        MD5_Init(&ctx1);
+        MD5_Update(&ctx1,pw,strlen(pw));
+        MD5_Update(&ctx1,sp,sl);
+        MD5_Update(&ctx1,pw,strlen(pw));
+        MD5_Final(final,&ctx1);
+        for(pl = strlen(pw); pl > 0; pl -= 16)
+                MD5_Update(&ctx,final,pl>16 ? 16 : pl);
+        /* Don't leave anything around in vm they could use. */
+        memset(final,0,sizeof final);
+        /* Then something really weird... */
+        for (j=0,i = strlen(pw); i ; i >>= 1)
+                if(i&1)
+                    MD5_Update(&ctx, final+j, 1);
+                else
+                    MD5_Update(&ctx, pw+j, 1);
+        /* Now make the output string */
+        strcpy(passwd,magic);
+        strncat(passwd,sp,sl);
+        strcat(passwd,"$");
+        MD5_Final(final,&ctx);
+        /*
+         * and now, just to make sure things don't run too fast
+         * On a 60 Mhz Pentium this takes 34 msec, so you would
+         * need 30 seconds to build a 1000 entry dictionary...
+         */
+        for(i=0;i<1000;i++) {
+                MD5_Init(&ctx1);
+                if(i & 1)
+                        MD5_Update(&ctx1,pw,strlen(pw));
+                else
+                        MD5_Update(&ctx1,final,16);
+                if(i % 3)
+                        MD5_Update(&ctx1,sp,sl);
+                if(i % 7)
+                        MD5_Update(&ctx1,pw,strlen(pw));
+                if(i & 1)
+                        MD5_Update(&ctx1,final,16);
+                else
+                        MD5_Update(&ctx1,pw,strlen(pw));
+                MD5_Final(final,&ctx1);
+        }
+        p = passwd + strlen(passwd);
+        l = (final[ 0]<<16) | (final[ 6]<<8) | final[12]; to64(p,l,4); p += 4;
+        l = (final[ 1]<<16) | (final[ 7]<<8) | final[13]; to64(p,l,4); p += 4;
+        l = (final[ 2]<<16) | (final[ 8]<<8) | final[14]; to64(p,l,4); p += 4;
+        l = (final[ 3]<<16) | (final[ 9]<<8) | final[15]; to64(p,l,4); p += 4;
+        l = (final[ 4]<<16) | (final[10]<<8) | final[ 5]; to64(p,l,4); p += 4;
+        l =                    final[11]                ; to64(p,l,2); p += 2;
+        *p = '\0';
+        /* Don't leave anything around in vm they could use. */
+        memset(final,0,sizeof final);
+        return passwd;
+}
+#endif  /* HAVE_MD5_PASSWORDS */
diff --git a/md5crypt.h b/md5crypt.h
new file mode 100644
index 000000000..f1d185721
--- /dev/null
+++ b/md5crypt.h
@@ -0,0 +1,37 @@
+/*
+ * ----------------------------------------------------------------------------
+ * "THE BEER-WARE LICENSE" (Revision 42):
+ * <phk@login.dknet.dk> wrote this file.  As long as you retain this notice you
+ * can do whatever you want with this stuff. If we meet some day, and you think
+ * this stuff is worth it, you can buy me a beer in return.   Poul-Henning Kamp
+ * ----------------------------------------------------------------------------
+ */
+/*
+ * Ported from FreeBSD to Linux, only minimal changes.  --marekm
+ */
+/*
+ * Adapted from shadow-19990607 by Tudor Bosman, tudorb@jm.nu
+ */
+#ifndef _MD5CRYPT_H
+#define _MD5CRYPT_H
+#include "config.h"
+#include <unistd.h>
+#include <string.h>
+#ifdef HAVE_OPENSSL
+#include <openssl/md5.h>
+#endif
+#ifdef HAVE_SSL
+#include <ssl/md5.h>
+#endif
+int is_md5_salt(const char *salt);
+char *md5_crypt(const char *pw, const char *salt);
+#endif /* MD5CRYPT_H */

diff --git a/ChangeLog b/ChangeLog index b92f9bfaf..7a60cb318 100644 --- a/ChangeLog +++ b/ChangeLog
@@ -15,8 +15,9 @@
15	- Added autoconf option to enable S/Key support (untested)	15	- Added autoconf option to enable S/Key support (untested)
16	- Added autoconf option to enable TCP wrappers support (compiles OK)	16	- Added autoconf option to enable TCP wrappers support (compiles OK)
17	- Renamed BSD helper function files to bsd-*	17	- Renamed BSD helper function files to bsd-*
18	- Added tests for login and daemon and OpenBSD replacements for when they	18	- Added tests for login and daemon and enable OpenBSD replacements for
19	are absent.	19	when they are absent.
		20	- Added non-PAM MD5 password support patch from Tudor Bosman <tudorb@jm.nu>
20		21
21	19991118	22	19991118
22	- Merged OpenBSD CVS changes	23	- Merged OpenBSD CVS changes


diff --git a/Makefile.in b/Makefile.in index fec1d1301..dde1353f9 100644 --- a/Makefile.in +++ b/Makefile.in
@@ -27,7 +27,8 @@ OBJS= authfd.o authfile.o auth-passwd.o auth-rhosts.o auth-rh-rsa.o \
27	hostfile.o log-client.o login.o log-server.o match.o mpaux.o \	27	hostfile.o log-client.o login.o log-server.o match.o mpaux.o \
28	packet.o pty.o readconf.o readpass.o rsa.o servconf.o serverloop.o \	28	packet.o pty.o readconf.o readpass.o rsa.o servconf.o serverloop.o \
29	sshconnect.o tildexpand.o ttymodes.o uidswap.o xmalloc.o \	29	sshconnect.o tildexpand.o ttymodes.o uidswap.o xmalloc.o \
30	helper.o bsd-mktemp.o bsd-strlcpy.o bsd-daemon.o bsd-login.o rc4.o	30	helper.o bsd-mktemp.o bsd-strlcpy.o bsd-daemon.o bsd-login.o rc4.o \
		31	md5crypt.o
31		32
32	all: $(OBJS) $(TARGETS)	33	all: $(OBJS) $(TARGETS)
33		34
@@ -38,7 +39,7 @@ libssh.a: authfd.o authfile.o bufaux.o buffer.o canohost.o channels.o cipher.o c
38	ssh: ssh.o sshconnect.o log-client.o readconf.o clientloop.o libssh.a	39	ssh: ssh.o sshconnect.o log-client.o readconf.o clientloop.o libssh.a
39	$(CC) -o $@ $^ $(LFLAGS) $(LIBS)	40	$(CC) -o $@ $^ $(LFLAGS) $(LIBS)
40		41
41	sshd: sshd.o auth-rhosts.o auth-passwd.o auth-rsa.o auth-rh-rsa.o pty.o log-server.o login.o servconf.o serverloop.o bsd-login.o bsd-daemon.o libssh.a	42	sshd: sshd.o auth-rhosts.o auth-passwd.o auth-rsa.o auth-rh-rsa.o pty.o log-server.o login.o servconf.o serverloop.o bsd-login.o bsd-daemon.o md5crypt.o libssh.a
42	$(CC) -o $@ $^ $(LFLAGS) $(LIBS)	43	$(CC) -o $@ $^ $(LFLAGS) $(LIBS)
43		44
44	scp: scp.o libssh.a	45	scp: scp.o libssh.a


diff --git a/acconfig.h b/acconfig.h index 2732c26cc..d5a12b2bc 100644 --- a/acconfig.h +++ b/acconfig.h
@@ -48,6 +48,9 @@
48	/* Define if your libraries define daemon() */	48	/* Define if your libraries define daemon() */
49	#undef HAVE_DAEMON	49	#undef HAVE_DAEMON
50		50
		51	/* Define if you want to allow MD5 passwords */
		52	#undef HAVE_MD5_PASSWORDS
		53
51	@BOTTOM@	54	@BOTTOM@
52		55
53	/* ***************** Shouldn't need to edit below this line ************ */	56	/* ***************** Shouldn't need to edit below this line ************ */


diff --git a/auth-passwd.c b/auth-passwd.c index ea824f5f4..a08bab3af 100644 --- a/auth-passwd.c +++ b/auth-passwd.c
@@ -15,7 +15,10 @@ the password is valid for the user.
15	*/	15	*/
16		16
17	#include "includes.h"	17	#include "includes.h"
18	RCSID("$Id: auth-passwd.c,v 1.4 1999/11/13 04:40:10 damien Exp $");	18
		19	#ifndef HAVE_PAM
		20
		21	RCSID("$Id: auth-passwd.c,v 1.5 1999/11/19 04:53:20 damien Exp $");
19		22
20	#include "packet.h"	23	#include "packet.h"
21	#include "ssh.h"	24	#include "ssh.h"
@@ -27,7 +30,10 @@ RCSID("$Id: auth-passwd.c,v 1.4 1999/11/13 04:40:10 damien Exp $");
27	#include <shadow.h>	30	#include <shadow.h>
28	#endif	31	#endif
29		32
30	#ifndef HAVE_PAM	33	#ifdef HAVE_MD5_PASSWORDS
		34	#include "md5crypt.h"
		35	#endif
		36
31	/* Don't need anything from here if we are using PAM */	37	/* Don't need anything from here if we are using PAM */
32		38
33	/* Tries to authenticate the user using password. Returns true if	39	/* Tries to authenticate the user using password. Returns true if
@@ -187,7 +193,14 @@ int auth_password(struct passwd pw, const char password)
187	return(0);	193	return(0);
188		194
189	/* Encrypt the candidate password using the proper salt. */	195	/* Encrypt the candidate password using the proper salt. */
		196	#ifdef HAVE_MD5_PASSWORDS
		197	if (is_md5_salt(spw->sp_pwdp))
		198	encrypted_password = md5_crypt(password, spw->sp_pwdp);
		199	else
		200	encrypted_password = crypt(password, spw->sp_pwdp);
		201	#else /* HAVE_MD5_PASSWORDS */
190	encrypted_password = crypt(password, spw->sp_pwdp);	202	encrypted_password = crypt(password, spw->sp_pwdp);
		203	#endif /* HAVE_MD5_PASSWORDS */
191		204
192	/* Authentication is accepted if the encrypted passwords are identical. */	205	/* Authentication is accepted if the encrypted passwords are identical. */
193	return (strcmp(encrypted_password, spw->sp_pwdp) == 0);	206	return (strcmp(encrypted_password, spw->sp_pwdp) == 0);


diff --git a/configure.in b/configure.in index dd74b3b4f..697784c6d 100644 --- a/configure.in +++ b/configure.in
@@ -74,7 +74,7 @@ dnl Check whether use wants to disable the external ssh-askpass
74	INSTALL_ASKPASS="yes"	74	INSTALL_ASKPASS="yes"
75	AC_MSG_CHECKING([whether to enable external ssh-askpass support])	75	AC_MSG_CHECKING([whether to enable external ssh-askpass support])
76	AC_ARG_WITH(askpass,	76	AC_ARG_WITH(askpass,
77	[ --with-askpass=yes/no Enable external ssh-askpass support (default=no)],	77	[ --with-askpass=yes/no Enable external ssh-askpass support (default=yes)],
78	[	78	[
79	if test x$withval = xno ; then	79	if test x$withval = xno ; then
80	INSTALL_ASKPASS="no"	80	INSTALL_ASKPASS="no"
@@ -213,4 +213,10 @@ AC_ARG_WITH(skey,
213	]	213	]
214	)	214	)
215		215
		216	dnl Check whether to enable MD5 passwords
		217	AC_ARG_WITH(md5passwords,
		218	[ --with-md5-passwords Enable use of MD5 passwords],
		219	[AC_DEFINE(HAVE_MD5_PASSWORDS)]
		220	)
		221
216	AC_OUTPUT(Makefile)	222	AC_OUTPUT(Makefile)


diff --git a/md5crypt.c b/md5crypt.c new file mode 100644 index 000000000..15af422a6 --- /dev/null +++ b/md5crypt.c
@@ -0,0 +1,166 @@
		1	/*
		2	* ----------------------------------------------------------------------------
		3	* "THE BEER-WARE LICENSE" (Revision 42):
		4	* <phk@login.dknet.dk> wrote this file. As long as you retain this notice you
		5	* can do whatever you want with this stuff. If we meet some day, and you think
		6	* this stuff is worth it, you can buy me a beer in return. Poul-Henning Kamp
		7	* ----------------------------------------------------------------------------
		8	*/
		9
		10	/*
		11	* Ported from FreeBSD to Linux, only minimal changes. --marekm
		12	*/
		13
		14	/*
		15	* Adapted from shadow-19990607 by Tudor Bosman, tudorb@jm.nu
		16	*/
		17
		18	#include "config.h"
		19
		20	#ifdef HAVE_MD5_PASSWORDS
		21
		22	#include <unistd.h>
		23	#include <string.h>
		24
		25	#ifdef HAVE_OPENSSL
		26	#include <openssl/md5.h>
		27	#endif
		28
		29	#ifdef HAVE_SSL
		30	#include <ssl/md5.h>
		31	#endif
		32
		33	static unsigned char itoa64[] = /* 0 ... 63 => ascii - 64 */
		34	"./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz";
		35
		36	static char magic = "$1$"; /
		37	* This string is magic for
		38	* this algorithm. Having
		39	* it this way, we can get
		40	* get better later on
		41	*/
		42
		43	static void
		44	to64(char *s, unsigned long v, int n)
		45	{
		46	while (--n >= 0) {
		47	*s++ = itoa64[v&0x3f];
		48	v >>= 6;
		49	}
		50	}
		51
		52	int
		53	is_md5_salt(const char *salt)
		54	{
		55	return (!strncmp(salt, magic, strlen(magic)));
		56	}
		57
		58	/*
		59	* UNIX password
		60	*
		61	* Use MD5 for what it is best at...
		62	*/
		63
		64	char *
		65	md5_crypt(const char pw, const char salt)
		66	{
		67	static char passwd[120], *p;
		68	static const char sp,ep;
		69	unsigned char final[16];
		70	int sl,pl,i,j;
		71	MD5_CTX ctx,ctx1;
		72	unsigned long l;
		73
		74	/* Refine the Salt first */
		75	sp = salt;
		76
		77	/* If it starts with the magic string, then skip that */
		78	if(!strncmp(sp,magic,strlen(magic)))
		79	sp += strlen(magic);
		80
		81	/* It stops at the first '$', max 8 chars */
		82	for(ep=sp;ep && ep != '$' && ep < (sp+8);ep++)
		83	continue;
		84
		85	/* get the length of the true salt */
		86	sl = ep - sp;
		87
		88	MD5_Init(&ctx);
		89
		90	/* The password first, since that is what is most unknown */
		91	MD5_Update(&ctx,pw,strlen(pw));
		92
		93	/* Then our magic string */
		94	MD5_Update(&ctx,magic,strlen(magic));
		95
		96	/* Then the raw salt */
		97	MD5_Update(&ctx,sp,sl);
		98
		99	/* Then just as many characters of the MD5(pw,salt,pw) */
		100	MD5_Init(&ctx1);
		101	MD5_Update(&ctx1,pw,strlen(pw));
		102	MD5_Update(&ctx1,sp,sl);
		103	MD5_Update(&ctx1,pw,strlen(pw));
		104	MD5_Final(final,&ctx1);
		105	for(pl = strlen(pw); pl > 0; pl -= 16)
		106	MD5_Update(&ctx,final,pl>16 ? 16 : pl);
		107
		108	/* Don't leave anything around in vm they could use. */
		109	memset(final,0,sizeof final);
		110
		111	/* Then something really weird... */
		112	for (j=0,i = strlen(pw); i ; i >>= 1)
		113	if(i&1)
		114	MD5_Update(&ctx, final+j, 1);
		115	else
		116	MD5_Update(&ctx, pw+j, 1);
		117
		118	/* Now make the output string */
		119	strcpy(passwd,magic);
		120	strncat(passwd,sp,sl);
		121	strcat(passwd,"$");
		122
		123	MD5_Final(final,&ctx);
		124
		125	/*
		126	* and now, just to make sure things don't run too fast
		127	* On a 60 Mhz Pentium this takes 34 msec, so you would
		128	* need 30 seconds to build a 1000 entry dictionary...
		129	*/
		130	for(i=0;i<1000;i++) {
		131	MD5_Init(&ctx1);
		132	if(i & 1)
		133	MD5_Update(&ctx1,pw,strlen(pw));
		134	else
		135	MD5_Update(&ctx1,final,16);
		136
		137	if(i % 3)
		138	MD5_Update(&ctx1,sp,sl);
		139
		140	if(i % 7)
		141	MD5_Update(&ctx1,pw,strlen(pw));
		142
		143	if(i & 1)
		144	MD5_Update(&ctx1,final,16);
		145	else
		146	MD5_Update(&ctx1,pw,strlen(pw));
		147	MD5_Final(final,&ctx1);
		148	}
		149
		150	p = passwd + strlen(passwd);
		151
		152	l = (final[ 0]<<16) \| (final[ 6]<<8) \| final[12]; to64(p,l,4); p += 4;
		153	l = (final[ 1]<<16) \| (final[ 7]<<8) \| final[13]; to64(p,l,4); p += 4;
		154	l = (final[ 2]<<16) \| (final[ 8]<<8) \| final[14]; to64(p,l,4); p += 4;
		155	l = (final[ 3]<<16) \| (final[ 9]<<8) \| final[15]; to64(p,l,4); p += 4;
		156	l = (final[ 4]<<16) \| (final[10]<<8) \| final[ 5]; to64(p,l,4); p += 4;
		157	l = final[11] ; to64(p,l,2); p += 2;
		158	*p = '\0';
		159
		160	/* Don't leave anything around in vm they could use. */
		161	memset(final,0,sizeof final);
		162
		163	return passwd;
		164	}
		165
		166	#endif /* HAVE_MD5_PASSWORDS */


diff --git a/md5crypt.h b/md5crypt.h new file mode 100644 index 000000000..f1d185721 --- /dev/null +++ b/md5crypt.h
@@ -0,0 +1,37 @@
		1	/*
		2	* ----------------------------------------------------------------------------
		3	* "THE BEER-WARE LICENSE" (Revision 42):
		4	* <phk@login.dknet.dk> wrote this file. As long as you retain this notice you
		5	* can do whatever you want with this stuff. If we meet some day, and you think
		6	* this stuff is worth it, you can buy me a beer in return. Poul-Henning Kamp
		7	* ----------------------------------------------------------------------------
		8	*/
		9
		10	/*
		11	* Ported from FreeBSD to Linux, only minimal changes. --marekm
		12	*/
		13
		14	/*
		15	* Adapted from shadow-19990607 by Tudor Bosman, tudorb@jm.nu
		16	*/
		17
		18	#ifndef _MD5CRYPT_H
		19	#define _MD5CRYPT_H
		20
		21	#include "config.h"
		22
		23	#include <unistd.h>
		24	#include <string.h>
		25
		26	#ifdef HAVE_OPENSSL
		27	#include <openssl/md5.h>
		28	#endif
		29
		30	#ifdef HAVE_SSL
		31	#include <ssl/md5.h>
		32	#endif
		33
		34	int is_md5_salt(const char *salt);
		35	char md5_crypt(const char pw, const char *salt);
		36
		37	#endif /* MD5CRYPT_H */