summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorDarren Tucker <dtucker@zip.com.au>2016-07-21 14:17:31 +1000
committerDarren Tucker <dtucker@zip.com.au>2016-07-21 14:17:31 +1000
commitdbf788b4d9d9490a5fff08a7b09888272bb10fcc (patch)
tree3c7bc915909379a6436f732f4e94c811c2e041cc
parente8b58f48fbb1b524fb4f0d4865fa0005d6a4b782 (diff)
Search users for one with a valid salt.
If the root account is locked (eg password "!!" or "*LK*") keep looking until we find a user with a valid salt to use for crypting passwords of invalid users. ok djm@
-rw-r--r--openbsd-compat/xcrypt.c24
1 files changed, 15 insertions, 9 deletions
diff --git a/openbsd-compat/xcrypt.c b/openbsd-compat/xcrypt.c
index 8913bb81..cf6a9b99 100644
--- a/openbsd-compat/xcrypt.c
+++ b/openbsd-compat/xcrypt.c
@@ -65,7 +65,9 @@
/*
* Pick an appropriate password encryption type and salt for the running
- * system.
+ * system by searching through accounts until we find one that has a valid
+ * salt. Usually this will be root unless the root account is locked out.
+ * If we don't find one we return a traditional DES-based salt.
*/
static const char *
pick_salt(void)
@@ -78,14 +80,18 @@ pick_salt(void)
if (salt[0] != '\0')
return salt;
strlcpy(salt, "xx", sizeof(salt));
- if ((pw = getpwuid(0)) == NULL)
- return salt;
- passwd = shadow_pw(pw);
- if (passwd[0] != '$' || (p = strrchr(passwd + 1, '$')) == NULL)
- return salt; /* no $, DES */
- typelen = p - passwd + 1;
- strlcpy(salt, passwd, MIN(typelen, sizeof(salt)));
- explicit_bzero(passwd, strlen(passwd));
+ setpwent();
+ while ((pw = getpwent()) != NULL) {
+ passwd = shadow_pw(pw);
+ if (passwd[0] == '$' && (p = strrchr(passwd+1, '$')) != NULL) {
+ typelen = p - passwd + 1;
+ strlcpy(salt, passwd, MIN(typelen, sizeof(salt)));
+ explicit_bzero(passwd, strlen(passwd));
+ goto out;
+ }
+ }
+ out:
+ endpwent();
return salt;
}