diff options
| author | Tomas Mraz <tmraz@fedoraproject.org> | 2015-04-07 10:52:16 +0200 |
|---|---|---|
| committer | Tomas Mraz <tmraz@fedoraproject.org> | 2015-04-07 10:52:16 +0200 |
| commit | edcd6ce3a097c9b813909186dcb4accc35e604ef (patch) | |
| tree | 3334336fcd591beb2528e98b43652f35f665426c /modules | |
| parent | 10b83ef224a5e9c3e2663b3f08dd17090acc58ab (diff) | |
| download | pam-edcd6ce3a097c9b813909186dcb4accc35e604ef.tar.gz pam-edcd6ce3a097c9b813909186dcb4accc35e604ef.tar.bz2 pam-edcd6ce3a097c9b813909186dcb4accc35e604ef.zip | |
Use crypt_r if available in pam_userdb and in pam_unix.
* modules/pam_unix/passverify.c (create_password_hash): Call crypt_r()
instead of crypt() if available.
* modules/pam_userdb/pam_userdb.c (user_lookup): Call crypt_r()
instead of crypt() if available.
Diffstat (limited to 'modules')
| -rw-r--r-- | modules/pam_unix/passverify.c | 22 | ||||
| -rw-r--r-- | modules/pam_userdb/pam_userdb.c | 20 |
2 files changed, 35 insertions, 7 deletions
diff --git a/modules/pam_unix/passverify.c b/modules/pam_unix/passverify.c index 7f7bc490..b325602c 100644 --- a/modules/pam_unix/passverify.c +++ b/modules/pam_unix/passverify.c @@ -377,6 +377,9 @@ PAMH_ARG_DECL(char * create_password_hash, const char *algoid; char salt[64]; /* contains rounds number + max 16 bytes of salt + algo id */ char *sp; +#ifdef HAVE_CRYPT_R + struct crypt_data *cdata = NULL; +#endif if (on(UNIX_MD5_PASS, ctrl)) { /* algoid = "$1" */ @@ -423,7 +426,16 @@ PAMH_ARG_DECL(char * create_password_hash, #ifdef HAVE_CRYPT_GENSALT_R } #endif +#ifdef HAVE_CRYPT_R + sp = NULL; + cdata = malloc(sizeof(*cdata)); + if (cdata != NULL) { + cdata->initialized = 0; + sp = crypt_r(password, salt, cdata); + } +#else sp = crypt(password, salt); +#endif if (!sp || strncmp(algoid, sp, strlen(algoid)) != 0) { /* libxcrypt/libc doesn't know the algorithm, use MD5 */ pam_syslog(pamh, LOG_ERR, @@ -435,10 +447,16 @@ PAMH_ARG_DECL(char * create_password_hash, if(sp) { memset(sp, '\0', strlen(sp)); } +#ifdef HAVE_CRYPT_R + free(cdata); +#endif return crypt_md5_wrapper(password); } - - return x_strdup(sp); + sp = x_strdup(sp); +#ifdef HAVE_CRYPT_R + free(cdata); +#endif + return sp; } #ifdef WITH_SELINUX diff --git a/modules/pam_userdb/pam_userdb.c b/modules/pam_userdb/pam_userdb.c index ba36ebf2..8df1a40c 100644 --- a/modules/pam_userdb/pam_userdb.c +++ b/modules/pam_userdb/pam_userdb.c @@ -213,15 +213,23 @@ user_lookup (pam_handle_t *pamh, const char *database, const char *cryptmode, /* crypt(3) password storage */ - char *cryptpw; + char *cryptpw = NULL; if (data.dsize < 13) { compare = -2; } else if (ctrl & PAM_ICASE_ARG) { compare = -2; } else { +#ifdef HAVE_CRYPT_R + struct crypt_data *cdata = NULL; + cdata = malloc(sizeof(*cdata)); + if (cdata != NULL) { + cdata->initialized = 0; + cryptpw = crypt_r(pass, data.dptr, cdata); + } +#else cryptpw = crypt (pass, data.dptr); - +#endif if (cryptpw && strlen(cryptpw) == (size_t)data.dsize) { compare = memcmp(data.dptr, cryptpw, data.dsize); } else { @@ -232,9 +240,11 @@ user_lookup (pam_handle_t *pamh, const char *database, const char *cryptmode, else pam_syslog(pamh, LOG_INFO, "crypt() returned NULL"); } - }; - - }; + } +#ifdef HAVE_CRYPT_R + free(cdata); +#endif + } } else { |