From 3459b15aa4d531cffa75889e7ad438b159145b13 Mon Sep 17 00:00:00 2001 From: Seraphim Mellos Date: Tue, 12 Aug 2008 09:34:03 +0300 Subject: Fixed a problem in salt generator --- modules/pam_securetty/pam_securetty.c | 5 +++-- modules/pam_unix/md5.c | 15 +++++++++++---- 2 files changed, 14 insertions(+), 6 deletions(-) diff --git a/modules/pam_securetty/pam_securetty.c b/modules/pam_securetty/pam_securetty.c index c22b0ce..424e8dd 100644 --- a/modules/pam_securetty/pam_securetty.c +++ b/modules/pam_securetty/pam_securetty.c @@ -42,7 +42,8 @@ pam_sm_authenticate(pam_handle_t * pamh, int flags, return (PAM_SUCCESS); } - if ( (pam_err = pam_get_item(pamh, PAM_TTY,(void *) &tty) ) != PAM_SUCCESS ) { + if ( (pam_err = pam_get_item(pamh, PAM_TTY,(void *) &tty) ) != PAM_SUCCESS ) { + PAM_ERROR("Could not determine user's tty"); return (pam_err); } @@ -55,7 +56,7 @@ pam_sm_authenticate(pam_handle_t * pamh, int flags, if ( stat(SECURETTY, &ttyfileinfo) ) { PAM_ERROR("Could not open SECURETTY file :%s", SECURETTY); /* From LinuxPAM, they say that for compatibility issues, - * this needs to succeed. Who am I to judge... */ + * this needs to succeed. */ return (PAM_SUCCESS); } diff --git a/modules/pam_unix/md5.c b/modules/pam_unix/md5.c index 94d3dd4..6732b06 100644 --- a/modules/pam_unix/md5.c +++ b/modules/pam_unix/md5.c @@ -16,6 +16,9 @@ */ #include +#include +#include +#include #include #include #include @@ -394,14 +397,18 @@ static void to64(char *s, long v, int n) { /* Salt suitable for traditional DES and MD5 */ void makesalt(char salt[SALTSIZE]) { - int i; + int i,fd; + unsigned char tmp; /* These are not really random numbers, they are just * numbers that change to thwart construction of a * dictionary. This is exposed to the public. */ - - for (i = 0; i < SALTSIZE; i += 4) - to64(&salt[i], random(), 4); + fd = open("/dev/urandom", O_RDONLY); + for (i = 0; i < SALTSIZE; i += 1) { + read (fd, &tmp, sizeof(char) ); + to64(&salt[i], tmp, 1); + } + close(fd); salt[SALTSIZE] = '\0'; } -- cgit v1.2.3-65-gdbad