summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--INSTALL1
-rw-r--r--Makefile13
-rw-r--r--README17
-rw-r--r--bigcrypt.c74
-rw-r--r--bigcrypt.h1
-rw-r--r--changelog28
-rw-r--r--md5.c237
-rw-r--r--md5.h31
-rw-r--r--md5_crypt.c147
-rw-r--r--pam_pwdfile.c13
10 files changed, 31 insertions, 531 deletions
diff --git a/INSTALL b/INSTALL
index 80846dd..b691668 100644
--- a/INSTALL
+++ b/INSTALL
@@ -2,6 +2,7 @@
* make
* C compiler (e.g. gcc or clang)
* libc development headers (package libc6-dev on Debian, glibc-headers on Hat)
+ * libcrypt development headers if not included in libc (package libcrypt-dev on Debian, libxcrypt-devel on Hat)
* PAM development headers (package libpam-dev on Debian, pam-devel on Hat)
* make
* make install
diff --git a/Makefile b/Makefile
index a0d2f3f..ecc69e5 100644
--- a/Makefile
+++ b/Makefile
@@ -2,15 +2,14 @@ PAM_LIB_DIR ?= /lib/security
INSTALL ?= install
CFLAGS ?= -O2 -g -Wall -Wformat-security
-CPPFLAGS += -DUSE_CRYPT_R
+CPPFLAGS += -DUSE_CRYPT_R -D_FILE_OFFSET_BITS=64
CFLAGS += -fPIC -fvisibility=hidden
LDFLAGS += -Wl,-x -shared
TITLE = pam_pwdfile
LIBSHARED = $(TITLE).so
LDLIBS = -lcrypt -lpam
-LIBOBJ = $(TITLE).o md5_broken.o md5_crypt_broken.o bigcrypt.o
-CPPFLAGS_MD5_BROKEN = -DHIGHFIRST -D'MD5Name(x)=Broken\#\#x'
+LIBOBJ = $(TITLE).o
all: $(LIBSHARED)
@@ -18,14 +17,6 @@ all: $(LIBSHARED)
$(LIBSHARED): $(LIBOBJ)
$(CC) $(LDFLAGS) $(LIBOBJ) $(LDLIBS) -o $@
-
-md5_broken.o: md5.c
- $(CC) -c $(CPPFLAGS) $(CPPFLAGS_MD5_BROKEN) $(CFLAGS) $< -o $@
-
-md5_crypt_broken.o: md5_crypt.c
- $(CC) -c $(CPPFLAGS) $(CPPFLAGS_MD5_BROKEN) $(CFLAGS) $< -o $@
-
-
install: $(LIBSHARED)
$(INSTALL) -m 0755 -d $(DESTDIR)$(PAM_LIB_DIR)
$(INSTALL) -m 0755 $(LIBSHARED) $(DESTDIR)$(PAM_LIB_DIR)
diff --git a/README b/README
index bf9eacd..2c46cd1 100644
--- a/README
+++ b/README
@@ -25,7 +25,6 @@ options
* debug: produce a bit of debug output
* nodelay: don't tell the PAM stack to cause a delay on auth failure
* flock: use a shared (read) advisory lock on pwdfile, you should better move new versions into place instead
-* legacy_crypt: see section LEGACY CRYPT
PASSWORD FILE
@@ -36,19 +35,3 @@ First field contains the username, the second the crypt()ed password.
Other fields are optional.
crypt()ed passwords in various formats can be generated with mkpasswd from the whois package.
-
-
-LEGACY CRYPT
-============
-
-There are two crypt types that are disabled by default: bigcrypt and broken md5_crypt.
-They are disabled because they use static buffers which is bad when doing PAM authentication using this module in a multithreaded server.
-All the other crypt types are checked via the systems crypt_r function if available, else with the normal crypt function and the same static-buffer-problem.
-
-bigcrypt was used on DEC systems to allow for longer passwords.
-You can check if your passwd file contains any of these with `cut -d: -f2 passwd-file | egrep '^[^$].{13}'`.
-
-Broken md5_crypt is a speciality of big-endian systems.
-An early implementation of md5_crypt got the byte order wrong here and produced different crypt outputs.
-You might have some of these crypt hashes in your passwd file only if you created them on a big-endian system.
-If an md5_crypt hash also worked on a little-endian system (up to and including libpam-pwdfile 0.99) it isn't broken md5_crypt.
diff --git a/bigcrypt.c b/bigcrypt.c
deleted file mode 100644
index 18024dc..0000000
--- a/bigcrypt.c
+++ /dev/null
@@ -1,74 +0,0 @@
-/*
- * This function implements the "bigcrypt" algorithm specifically for
- * Linux-PAM.
- *
- * This algorithm is algorithm 0 (default) shipped with the C2 secure
- * implementation of Digital UNIX.
- *
- * Disclaimer: This work is not based on the source code to Digital
- * UNIX, nor am I connected to Digital Equipment Corp, in any way
- * other than as a customer. This code is based on published
- * interfaces and reasonable guesswork.
- *
- * Description: The cleartext is divided into blocks of SEGMENT_SIZE=8
- * characters or less. Each block is encrypted using the standard UNIX
- * libc crypt function. The result of the encryption for one block
- * provides the salt for the suceeding block.
- *
- * Restrictions: The buffer used to hold the encrypted result is
- * statically allocated. (see MAX_PASS_LEN below). This is necessary,
- * as the returned pointer points to "static data that are overwritten
- * by each call", (XPG3: XSI System Interface + Headers pg 109), and
- * this is a drop in replacement for crypt();
- *
- * Andy Phillips <atp@mssl.ucl.ac.uk>
- */
-
-#define _XOPEN_SOURCE 700
-#include <unistd.h>
-#include <string.h>
-
-#include "bigcrypt.h"
-
-/*
- * Max cleartext password length in segments of 8 characters this
- * function can deal with (16 segments of 8 chars= max 128 character
- * password).
- */
-
-#define MAX_SEGMENTS 16
-#define SEGMENT_SIZE 8
-#define SALT_SIZE 2
-#define ESEGMENT_SIZE 11
-
-char *bigcrypt(char const * key, char const * salt) {
- static char outbuf[MAX_SEGMENTS * ESEGMENT_SIZE + SALT_SIZE + 1]; /* static storage area */
-
- unsigned char n_seg, seg;
- char * outptr;
-
- /* ensure NUL-termination */
- memset(outbuf, 0, sizeof(outbuf));
-
- if (strlen(salt) == (SALT_SIZE + ESEGMENT_SIZE)) /* conventional crypt */
- n_seg = 1;
- else if (key[0] == '\0')
- n_seg = 1;
- else
- n_seg = (strnlen(key, MAX_SEGMENTS * SEGMENT_SIZE) + SEGMENT_SIZE - 1) / SEGMENT_SIZE;
-
- /* first block is special and just traditional crypt() */
- outptr = outbuf;
- strncpy(outptr, crypt(key, salt), SALT_SIZE + ESEGMENT_SIZE);
-
- for (seg = 1, outptr += SALT_SIZE; seg < n_seg; ++seg) {
- /* subsequent blocks use the previous output block for salt input */
- salt = outptr;
- key += SEGMENT_SIZE;
- outptr += ESEGMENT_SIZE;
- /* and omit the salt on output */
- strncpy(outptr, crypt(key, salt) + SALT_SIZE, ESEGMENT_SIZE);
- }
-
- return outbuf;
-}
diff --git a/bigcrypt.h b/bigcrypt.h
deleted file mode 100644
index a66a96e..0000000
--- a/bigcrypt.h
+++ /dev/null
@@ -1 +0,0 @@
-extern char *bigcrypt(const char *key, const char *salt);
diff --git a/changelog b/changelog
index 3cc9312..09d071b 100644
--- a/changelog
+++ b/changelog
@@ -1,3 +1,31 @@
+commit 83beb3d7564e32b7de3a2099825b18496e8dc6a1
+Author: Timo Weingärtner <timo@tiwe.de>
+Date: 2024-06-17 12:11:08 +0200
+
+ INSTALL: mention libxcrypt
+
+commit f46bd38f387f0a580e134388086321b03e6b17d3
+Author: Timo Weingärtner <timo@tiwe.de>
+Date: 2021-04-16 19:33:21 +0200
+
+ do away with legacy crypt types
+
+ it is the responsibility of libcrypt to implement crypt types
+
+commit e29d26e77d8577ea272211c20240b3c39dff6bf0
+Author: Timo Weingärtner <timo@tiwe.de>
+Date: 2014-03-06 21:30:20 +0100
+
+ enable large file support
+
+ this should make some tests for LFS happy; we don't use sizes of or offsets in files here
+
+commit 8f0e412b48178c00abd023917dd2c9050ee89c18 (tag: v1.0)
+Author: Timo Weingärtner <timo@tiwe.de>
+Date: 2013-09-29 15:55:25 +0200
+
+ release 1.0
+
commit 6946f4bd3102d677d9ce43d4c48ed6bec2b13a31
Author: Timo Weingärtner <timo@tiwe.de>
Date: 2013-09-29 15:50:21 +0200
diff --git a/md5.c b/md5.c
deleted file mode 100644
index 542ff80..0000000
--- a/md5.c
+++ /dev/null
@@ -1,237 +0,0 @@
-/*
- * This code implements the MD5 message-digest algorithm.
- * The algorithm is due to Ron Rivest. This code was
- * written by Colin Plumb in 1993, no copyright is claimed.
- * This code is in the public domain; do with it what you wish.
- *
- * Equivalent code is available from RSA Data Security, Inc.
- * This code has been tested against that, and is equivalent,
- * except that you don't need to include two pages of legalese
- * with every copy.
- *
- * To compute the message digest of a chunk of bytes, declare an
- * MD5Context structure, pass it to MD5Init, call MD5Update as
- * needed on buffers full of bytes, and then call MD5Final, which
- * will fill a supplied 16-byte array with the digest.
- *
- */
-
-#include <string.h>
-#include <byteswap.h>
-#include "md5.h"
-
-#ifndef HIGHFIRST
-#define byteReverse(buf, len) /* Nothing */
-#else
-static void byteReverse(unsigned char *buf, unsigned longs) {
- for (; longs; --longs, buf +=4)
- *((uint32_t *) buf) = bswap_32(*((uint32_t *) buf));
-}
-#endif
-
-/*
- * Start MD5 accumulation. Set bit count to 0 and buffer to mysterious
- * initialization constants.
- */
-void MD5Name(MD5Init)(struct MD5Context *ctx)
-{
- ctx->buf[0] = 0x67452301U;
- ctx->buf[1] = 0xefcdab89U;
- ctx->buf[2] = 0x98badcfeU;
- ctx->buf[3] = 0x10325476U;
-
- ctx->bits[0] = 0;
- ctx->bits[1] = 0;
-}
-
-/*
- * Update context to reflect the concatenation of another buffer full
- * of bytes.
- */
-void MD5Name(MD5Update)(struct MD5Context *ctx, unsigned const char *buf, unsigned len)
-{
- uint32_t t;
-
- /* Update bitcount */
-
- t = ctx->bits[0];
- if ((ctx->bits[0] = t + ((uint32_t) len << 3)) < t)
- ctx->bits[1]++; /* Carry from low to high */
- ctx->bits[1] += len >> 29;
-
- t = (t >> 3) & 0x3f; /* Bytes already in shsInfo->data */
-
- /* Handle any leading odd-sized chunks */
-
- if (t) {
- unsigned char *p = (unsigned char *) ctx->in + t;
-
- t = 64 - t;
- if (len < t) {
- memcpy(p, buf, len);
- return;
- }
- memcpy(p, buf, t);
- byteReverse(ctx->in, 16);
- MD5Name(MD5Transform)(ctx->buf, (uint32_t *) ctx->in);
- buf += t;
- len -= t;
- }
- /* Process data in 64-byte chunks */
-
- while (len >= 64) {
- memcpy(ctx->in, buf, 64);
- byteReverse(ctx->in, 16);
- MD5Name(MD5Transform)(ctx->buf, (uint32_t *) ctx->in);
- buf += 64;
- len -= 64;
- }
-
- /* Handle any remaining bytes of data. */
-
- memcpy(ctx->in, buf, len);
-}
-
-/*
- * Final wrapup - pad to 64-byte boundary with the bit pattern
- * 1 0* (64-bit count of bits processed, MSB-first)
- */
-void MD5Name(MD5Final)(unsigned char digest[16], struct MD5Context *ctx)
-{
- unsigned count;
- unsigned char *p;
-
- /* Compute number of bytes mod 64 */
- count = (ctx->bits[0] >> 3) & 0x3F;
-
- /* Set the first char of padding to 0x80. This is safe since there is
- always at least one byte free */
- p = ctx->in + count;
- *p++ = 0x80;
-
- /* Bytes of padding needed to make 64 bytes */
- count = 64 - 1 - count;
-
- /* Pad out to 56 mod 64 */
- if (count < 8) {
- /* Two lots of padding: Pad the first block to 64 bytes */
- memset(p, 0, count);
- byteReverse(ctx->in, 16);
- MD5Name(MD5Transform)(ctx->buf, (uint32_t *) ctx->in);
-
- /* Now fill the next block with 56 bytes */
- memset(ctx->in, 0, 56);
- } else {
- /* Pad block to 56 bytes */
- memset(p, 0, count - 8);
- }
- byteReverse(ctx->in, 14);
-
- /* Append length in bits and transform */
- memcpy(ctx->in + 56, ctx->bits, 8);
-
- MD5Name(MD5Transform)(ctx->buf, (uint32_t *) ctx->in);
- byteReverse((unsigned char *) ctx->buf, 4);
- memcpy(digest, ctx->buf, 16);
- memset(ctx, 0, sizeof(*ctx)); /* In case it's sensitive */
-}
-
-/* The four core functions - F1 is optimized somewhat */
-
-/* #define F1(x, y, z) (x & y | ~x & z) */
-#define F1(x, y, z) (z ^ (x & (y ^ z)))
-#define F2(x, y, z) F1(z, x, y)
-#define F3(x, y, z) (x ^ y ^ z)
-#define F4(x, y, z) (y ^ (x | ~z))
-
-/* This is the central step in the MD5 algorithm. */
-#define MD5STEP(f, w, x, y, z, data, s) \
- ( w += f(x, y, z) + data, w = w<<s | w>>(32-s), w += x )
-
-/*
- * The core of the MD5 algorithm, this alters an existing MD5 hash to
- * reflect the addition of 16 longwords of new data. MD5Update blocks
- * the data and converts bytes into longwords for this routine.
- */
-void MD5Name(MD5Transform)(uint32_t buf[4], uint32_t const in[16])
-{
- register uint32_t a, b, c, d;
-
- a = buf[0];
- b = buf[1];
- c = buf[2];
- d = buf[3];
-
- MD5STEP(F1, a, b, c, d, in[0] + 0xd76aa478U, 7);
- MD5STEP(F1, d, a, b, c, in[1] + 0xe8c7b756U, 12);
- MD5STEP(F1, c, d, a, b, in[2] + 0x242070dbU, 17);
- MD5STEP(F1, b, c, d, a, in[3] + 0xc1bdceeeU, 22);
- MD5STEP(F1, a, b, c, d, in[4] + 0xf57c0fafU, 7);
- MD5STEP(F1, d, a, b, c, in[5] + 0x4787c62aU, 12);
- MD5STEP(F1, c, d, a, b, in[6] + 0xa8304613U, 17);
- MD5STEP(F1, b, c, d, a, in[7] + 0xfd469501U, 22);
- MD5STEP(F1, a, b, c, d, in[8] + 0x698098d8U, 7);
- MD5STEP(F1, d, a, b, c, in[9] + 0x8b44f7afU, 12);
- MD5STEP(F1, c, d, a, b, in[10] + 0xffff5bb1U, 17);
- MD5STEP(F1, b, c, d, a, in[11] + 0x895cd7beU, 22);
- MD5STEP(F1, a, b, c, d, in[12] + 0x6b901122U, 7);
- MD5STEP(F1, d, a, b, c, in[13] + 0xfd987193U, 12);
- MD5STEP(F1, c, d, a, b, in[14] + 0xa679438eU, 17);
- MD5STEP(F1, b, c, d, a, in[15] + 0x49b40821U, 22);
-
- MD5STEP(F2, a, b, c, d, in[1] + 0xf61e2562U, 5);
- MD5STEP(F2, d, a, b, c, in[6] + 0xc040b340U, 9);
- MD5STEP(F2, c, d, a, b, in[11] + 0x265e5a51U, 14);
- MD5STEP(F2, b, c, d, a, in[0] + 0xe9b6c7aaU, 20);
- MD5STEP(F2, a, b, c, d, in[5] + 0xd62f105dU, 5);
- MD5STEP(F2, d, a, b, c, in[10] + 0x02441453U, 9);
- MD5STEP(F2, c, d, a, b, in[15] + 0xd8a1e681U, 14);
- MD5STEP(F2, b, c, d, a, in[4] + 0xe7d3fbc8U, 20);
- MD5STEP(F2, a, b, c, d, in[9] + 0x21e1cde6U, 5);
- MD5STEP(F2, d, a, b, c, in[14] + 0xc33707d6U, 9);
- MD5STEP(F2, c, d, a, b, in[3] + 0xf4d50d87U, 14);
- MD5STEP(F2, b, c, d, a, in[8] + 0x455a14edU, 20);
- MD5STEP(F2, a, b, c, d, in[13] + 0xa9e3e905U, 5);
- MD5STEP(F2, d, a, b, c, in[2] + 0xfcefa3f8U, 9);
- MD5STEP(F2, c, d, a, b, in[7] + 0x676f02d9U, 14);
- MD5STEP(F2, b, c, d, a, in[12] + 0x8d2a4c8aU, 20);
-
- MD5STEP(F3, a, b, c, d, in[5] + 0xfffa3942U, 4);
- MD5STEP(F3, d, a, b, c, in[8] + 0x8771f681U, 11);
- MD5STEP(F3, c, d, a, b, in[11] + 0x6d9d6122U, 16);
- MD5STEP(F3, b, c, d, a, in[14] + 0xfde5380cU, 23);
- MD5STEP(F3, a, b, c, d, in[1] + 0xa4beea44U, 4);
- MD5STEP(F3, d, a, b, c, in[4] + 0x4bdecfa9U, 11);
- MD5STEP(F3, c, d, a, b, in[7] + 0xf6bb4b60U, 16);
- MD5STEP(F3, b, c, d, a, in[10] + 0xbebfbc70U, 23);
- MD5STEP(F3, a, b, c, d, in[13] + 0x289b7ec6U, 4);
- MD5STEP(F3, d, a, b, c, in[0] + 0xeaa127faU, 11);
- MD5STEP(F3, c, d, a, b, in[3] + 0xd4ef3085U, 16);
- MD5STEP(F3, b, c, d, a, in[6] + 0x04881d05U, 23);
- MD5STEP(F3, a, b, c, d, in[9] + 0xd9d4d039U, 4);
- MD5STEP(F3, d, a, b, c, in[12] + 0xe6db99e5U, 11);
- MD5STEP(F3, c, d, a, b, in[15] + 0x1fa27cf8U, 16);
- MD5STEP(F3, b, c, d, a, in[2] + 0xc4ac5665U, 23);
-
- MD5STEP(F4, a, b, c, d, in[0] + 0xf4292244U, 6);
- MD5STEP(F4, d, a, b, c, in[7] + 0x432aff97U, 10);
- MD5STEP(F4, c, d, a, b, in[14] + 0xab9423a7U, 15);
- MD5STEP(F4, b, c, d, a, in[5] + 0xfc93a039U, 21);
- MD5STEP(F4, a, b, c, d, in[12] + 0x655b59c3U, 6);
- MD5STEP(F4, d, a, b, c, in[3] + 0x8f0ccc92U, 10);
- MD5STEP(F4, c, d, a, b, in[10] + 0xffeff47dU, 15);
- MD5STEP(F4, b, c, d, a, in[1] + 0x85845dd1U, 21);
- MD5STEP(F4, a, b, c, d, in[8] + 0x6fa87e4fU, 6);
- MD5STEP(F4, d, a, b, c, in[15] + 0xfe2ce6e0U, 10);
- MD5STEP(F4, c, d, a, b, in[6] + 0xa3014314U, 15);
- MD5STEP(F4, b, c, d, a, in[13] + 0x4e0811a1U, 21);
- MD5STEP(F4, a, b, c, d, in[4] + 0xf7537e82U, 6);
- MD5STEP(F4, d, a, b, c, in[11] + 0xbd3af235U, 10);
- MD5STEP(F4, c, d, a, b, in[2] + 0x2ad7d2bbU, 15);
- MD5STEP(F4, b, c, d, a, in[9] + 0xeb86d391U, 21);
-
- buf[0] += a;
- buf[1] += b;
- buf[2] += c;
- buf[3] += d;
-}
diff --git a/md5.h b/md5.h
deleted file mode 100644
index b48edea..0000000
--- a/md5.h
+++ /dev/null
@@ -1,31 +0,0 @@
-
-#ifndef MD5_H
-#define MD5_H
-
-#include <stdint.h>
-
-struct MD5Context {
- uint32_t buf[4];
- uint32_t bits[2];
- unsigned char in[64];
-};
-
-void GoodMD5Init(struct MD5Context *);
-void GoodMD5Update(struct MD5Context *, unsigned const char *, unsigned);
-void GoodMD5Final(unsigned char digest[16], struct MD5Context *);
-void GoodMD5Transform(uint32_t buf[4], uint32_t const in[16]);
-void BrokenMD5Init(struct MD5Context *);
-void BrokenMD5Update(struct MD5Context *, unsigned const char *, unsigned);
-void BrokenMD5Final(unsigned char digest[16], struct MD5Context *);
-void BrokenMD5Transform(uint32_t buf[4], uint32_t const in[16]);
-
-char *Goodcrypt_md5(const char *pw, const char *salt);
-char *Brokencrypt_md5(const char *pw, const char *salt);
-
-/*
- * This is needed to make RSAREF happy on some MS-DOS compilers.
- */
-
-typedef struct MD5Context MD5_CTX;
-
-#endif /* MD5_H */
diff --git a/md5_crypt.c b/md5_crypt.c
deleted file mode 100644
index 639b1d3..0000000
--- a/md5_crypt.c
+++ /dev/null
@@ -1,147 +0,0 @@
-/*
- * ----------------------------------------------------------------------------
- * "THE BEER-WARE LICENSE" (Revision 42):
- * <phk@login.dknet.dk> wrote this file. As long as you retain this notice you
- * can do whatever you want with this stuff. If we meet some day, and you think
- * this stuff is worth it, you can buy me a beer in return. Poul-Henning Kamp
- * ----------------------------------------------------------------------------
- *
- * Origin: Id: crypt.c,v 1.3 1995/05/30 05:42:22 rgrimes Exp
- *
- */
-
-#include <string.h>
-#include "md5.h"
-
-static unsigned char itoa64[] = /* 0 ... 63 => ascii - 64 */
-"./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz";
-
-static void to64(char *s, unsigned long v, int n)
-{
- while (--n >= 0) {
- *s++ = itoa64[v & 0x3f];
- v >>= 6;
- }
-}
-
-/*
- * UNIX password
- *
- * Use MD5 for what it is best at...
- */
-
-char *MD5Name(crypt_md5)(const char *pw, const char *salt)
-{
- const char *magic = "$1$";
- /* This string is magic for this algorithm. Having
- * it this way, we can get get better later on */
- static char passwd[120], *p;
- static const char *sp, *ep;
- unsigned char final[16];
- int sl, pl, i, j;
- MD5_CTX ctx, ctx1;
- unsigned long l;
-
- /* Refine the Salt first */
- sp = salt;
-
- /* If it starts with the magic string, then skip that */
- if (!strncmp(sp, magic, strlen(magic)))
- sp += strlen(magic);
-
- /* It stops at the first '$', max 8 chars */
- for (ep = sp; *ep && *ep != '$' && ep < (sp + 8); ep++)
- continue;
-
- /* get the length of the true salt */
- sl = ep - sp;
-
- MD5Name(MD5Init)(&ctx);
-
- /* The password first, since that is what is most unknown */
- MD5Name(MD5Update)(&ctx,(unsigned const char *)pw,strlen(pw));
-
- /* Then our magic string */
- MD5Name(MD5Update)(&ctx,(unsigned const char *)magic,strlen(magic));
-
- /* Then the raw salt */
- MD5Name(MD5Update)(&ctx,(unsigned const char *)sp,sl);
-
- /* Then just as many characters of the MD5(pw,salt,pw) */
- MD5Name(MD5Init)(&ctx1);
- MD5Name(MD5Update)(&ctx1,(unsigned const char *)pw,strlen(pw));
- MD5Name(MD5Update)(&ctx1,(unsigned const char *)sp,sl);
- MD5Name(MD5Update)(&ctx1,(unsigned const char *)pw,strlen(pw));
- MD5Name(MD5Final)(final,&ctx1);
- for (pl = strlen(pw); pl > 0; pl -= 16)
- MD5Name(MD5Update)(&ctx,(unsigned const char *)final,pl>16 ? 16 : pl);
-
- /* Don't leave anything around in vm they could use. */
- memset(final, 0, sizeof final);
-
- /* Then something really weird... */
- for (j = 0, i = strlen(pw); i; i >>= 1)
- if (i & 1)
- MD5Name(MD5Update)(&ctx, (unsigned const char *)final+j, 1);
- else
- MD5Name(MD5Update)(&ctx, (unsigned const char *)pw+j, 1);
-
- /* Now make the output string */
- strcpy(passwd, magic);
- strncat(passwd, sp, sl);
- strcat(passwd, "$");
-
- MD5Name(MD5Final)(final,&ctx);
-
- /*
- * and now, just to make sure things don't run too fast
- * On a 60 Mhz Pentium this takes 34 msec, so you would
- * need 30 seconds to build a 1000 entry dictionary...
- */
- for (i = 0; i < 1000; i++) {
- MD5Name(MD5Init)(&ctx1);
- if (i & 1)
- MD5Name(MD5Update)(&ctx1,(unsigned const char *)pw,strlen(pw));
- else
- MD5Name(MD5Update)(&ctx1,(unsigned const char *)final,16);
-
- if (i % 3)
- MD5Name(MD5Update)(&ctx1,(unsigned const char *)sp,sl);
-
- if (i % 7)
- MD5Name(MD5Update)(&ctx1,(unsigned const char *)pw,strlen(pw));
-
- if (i & 1)
- MD5Name(MD5Update)(&ctx1,(unsigned const char *)final,16);
- else
- MD5Name(MD5Update)(&ctx1,(unsigned const char *)pw,strlen(pw));
- MD5Name(MD5Final)(final,&ctx1);
- }
-
- p = passwd + strlen(passwd);
-
- l = (final[0] << 16) | (final[6] << 8) | final[12];
- to64(p, l, 4);
- p += 4;
- l = (final[1] << 16) | (final[7] << 8) | final[13];
- to64(p, l, 4);
- p += 4;
- l = (final[2] << 16) | (final[8] << 8) | final[14];
- to64(p, l, 4);
- p += 4;
- l = (final[3] << 16) | (final[9] << 8) | final[15];
- to64(p, l, 4);
- p += 4;
- l = (final[4] << 16) | (final[10] << 8) | final[5];
- to64(p, l, 4);
- p += 4;
- l = final[11];
- to64(p, l, 2);
- p += 2;
- *p = '\0';
-
- /* Don't leave anything around in vm they could use. */
- memset(final, 0, sizeof final);
-
- return passwd;
-}
diff --git a/pam_pwdfile.c b/pam_pwdfile.c
index bebbeea..1ea4a06 100644
--- a/pam_pwdfile.c
+++ b/pam_pwdfile.c
@@ -68,9 +68,6 @@
#include <security/pam_modules.h>
#include <security/pam_ext.h>
-#include "md5.h"
-#include "bigcrypt.h"
-
static int lock_fd(int fd) {
int delay;
@@ -101,7 +98,6 @@ PAM_EXTERN int pam_sm_authenticate(pam_handle_t *pamh, int flags,
FILE *pwdfile;
int use_flock = 0;
int use_delay = 1;
- int legacy_crypt = 0;
int debug = 0;
char * linebuf = NULL;
size_t linebuflen;
@@ -123,8 +119,6 @@ PAM_EXTERN int pam_sm_authenticate(pam_handle_t *pamh, int flags,
use_delay = 0;
else if (!strcmp(argv[i], "debug"))
debug = 1;
- else if (!strcmp(argv[i], "legacy_crypt"))
- legacy_crypt = 1;
}
#ifdef HAVE_PAM_FAIL_DELAY
@@ -211,13 +205,6 @@ PAM_EXTERN int pam_sm_authenticate(pam_handle_t *pamh, int flags,
return PAM_AUTH_ERR;
}
- if (legacy_crypt && strcmp(crypted_password, stored_crypted_password)) {
- if (!strncmp(stored_crypted_password, "$1$", 3))
- crypted_password = Brokencrypt_md5(password, stored_crypted_password);
- else
- crypted_password = bigcrypt(password, stored_crypted_password);
- }
-
if (strcmp(crypted_password, stored_crypted_password)) {
pam_syslog(pamh, LOG_NOTICE, "wrong password for user %s", name);
free(linebuf);