diff options
author | Seraphim Mellos <mellos@ceid.upatras.gr> | 2008-08-12 09:34:03 +0300 |
---|---|---|
committer | Seraphim Mellos <mellos@ceid.upatras.gr> | 2008-08-12 09:34:03 +0300 |
commit | 3459b15aa4d531cffa75889e7ad438b159145b13 (patch) | |
tree | acd5187deeef1a730a10433375e0f1b4d624e7cb | |
parent | Added MD5 support (diff) | |
download | openpam-modules-3459b15aa4d531cffa75889e7ad438b159145b13.tar.gz openpam-modules-3459b15aa4d531cffa75889e7ad438b159145b13.tar.bz2 openpam-modules-3459b15aa4d531cffa75889e7ad438b159145b13.zip |
Fixed a problem in salt generator
-rw-r--r-- | modules/pam_securetty/pam_securetty.c | 5 | ||||
-rw-r--r-- | modules/pam_unix/md5.c | 15 |
2 files changed, 14 insertions, 6 deletions
diff --git a/modules/pam_securetty/pam_securetty.c b/modules/pam_securetty/pam_securetty.c index c22b0ce..424e8dd 100644 --- a/modules/pam_securetty/pam_securetty.c +++ b/modules/pam_securetty/pam_securetty.c @@ -42,7 +42,8 @@ pam_sm_authenticate(pam_handle_t * pamh, int flags, return (PAM_SUCCESS); } - if ( (pam_err = pam_get_item(pamh, PAM_TTY,(void *) &tty) ) != PAM_SUCCESS ) { + if ( (pam_err = pam_get_item(pamh, PAM_TTY,(void *) &tty) ) != PAM_SUCCESS ) { + PAM_ERROR("Could not determine user's tty"); return (pam_err); } @@ -55,7 +56,7 @@ pam_sm_authenticate(pam_handle_t * pamh, int flags, if ( stat(SECURETTY, &ttyfileinfo) ) { PAM_ERROR("Could not open SECURETTY file :%s", SECURETTY); /* From LinuxPAM, they say that for compatibility issues, - * this needs to succeed. Who am I to judge... */ + * this needs to succeed. */ return (PAM_SUCCESS); } diff --git a/modules/pam_unix/md5.c b/modules/pam_unix/md5.c index 94d3dd4..6732b06 100644 --- a/modules/pam_unix/md5.c +++ b/modules/pam_unix/md5.c @@ -16,6 +16,9 @@ */ #include <sys/types.h> +#include <sys/stat.h> +#include <fcntl.h> +#include <unistd.h> #include <string.h> #include <stdio.h> #include <stdlib.h> @@ -394,14 +397,18 @@ static void to64(char *s, long v, int n) { /* Salt suitable for traditional DES and MD5 */ void makesalt(char salt[SALTSIZE]) { - int i; + int i,fd; + unsigned char tmp; /* These are not really random numbers, they are just * numbers that change to thwart construction of a * dictionary. This is exposed to the public. */ - - for (i = 0; i < SALTSIZE; i += 4) - to64(&salt[i], random(), 4); + fd = open("/dev/urandom", O_RDONLY); + for (i = 0; i < SALTSIZE; i += 1) { + read (fd, &tmp, sizeof(char) ); + to64(&salt[i], tmp, 1); + } + close(fd); salt[SALTSIZE] = '\0'; } |