diff options
Diffstat (limited to 'openbsd-compat/xcrypt.c')
-rw-r--r-- | openbsd-compat/xcrypt.c | 24 |
1 files changed, 15 insertions, 9 deletions
diff --git a/openbsd-compat/xcrypt.c b/openbsd-compat/xcrypt.c index 8913bb81a..cf6a9b99f 100644 --- a/openbsd-compat/xcrypt.c +++ b/openbsd-compat/xcrypt.c | |||
@@ -65,7 +65,9 @@ | |||
65 | 65 | ||
66 | /* | 66 | /* |
67 | * Pick an appropriate password encryption type and salt for the running | 67 | * Pick an appropriate password encryption type and salt for the running |
68 | * system. | 68 | * system by searching through accounts until we find one that has a valid |
69 | * salt. Usually this will be root unless the root account is locked out. | ||
70 | * If we don't find one we return a traditional DES-based salt. | ||
69 | */ | 71 | */ |
70 | static const char * | 72 | static const char * |
71 | pick_salt(void) | 73 | pick_salt(void) |
@@ -78,14 +80,18 @@ pick_salt(void) | |||
78 | if (salt[0] != '\0') | 80 | if (salt[0] != '\0') |
79 | return salt; | 81 | return salt; |
80 | strlcpy(salt, "xx", sizeof(salt)); | 82 | strlcpy(salt, "xx", sizeof(salt)); |
81 | if ((pw = getpwuid(0)) == NULL) | 83 | setpwent(); |
82 | return salt; | 84 | while ((pw = getpwent()) != NULL) { |
83 | passwd = shadow_pw(pw); | 85 | passwd = shadow_pw(pw); |
84 | if (passwd[0] != '$' || (p = strrchr(passwd + 1, '$')) == NULL) | 86 | if (passwd[0] == '$' && (p = strrchr(passwd+1, '$')) != NULL) { |
85 | return salt; /* no $, DES */ | 87 | typelen = p - passwd + 1; |
86 | typelen = p - passwd + 1; | 88 | strlcpy(salt, passwd, MIN(typelen, sizeof(salt))); |
87 | strlcpy(salt, passwd, MIN(typelen, sizeof(salt))); | 89 | explicit_bzero(passwd, strlen(passwd)); |
88 | explicit_bzero(passwd, strlen(passwd)); | 90 | goto out; |
91 | } | ||
92 | } | ||
93 | out: | ||
94 | endpwent(); | ||
89 | return salt; | 95 | return salt; |
90 | } | 96 | } |
91 | 97 | ||