From 629c03d7775e1f4b5c0fdee358c6773f70e91961 Mon Sep 17 00:00:00 2001
From: Timo Weingärtner <timo@tiwe.de>
Date: Fri, 26 Apr 2013 12:57:56 +0200
Subject: add debug module option and use pam_syslog

also:
* remove some unnessesary comments
* add vim settings for unusual indentation
---
 bigcrypt.c | 5 -----
 1 file changed, 5 deletions(-)

(limited to 'bigcrypt.c')

diff --git a/bigcrypt.c b/bigcrypt.c
index b1568d6..28d042a 100644
--- a/bigcrypt.c
+++ b/bigcrypt.c
@@ -25,7 +25,6 @@
  */
 
 #include <string.h>
-#include <security/_pam_macros.h>
 
 char *crypt(const char *key, const char *salt);
 char *bigcrypt(const char *key, const char *salt);
@@ -51,8 +50,6 @@ char *bigcrypt(const char *key, const char *salt)
 	char *cipher_ptr, *plaintext_ptr, *tmp_ptr, *salt_ptr;
 	char keybuf[KEYBUF_SIZE + 1];
 
-	D(("called with key='%s', salt='%s'.", key, salt));
-
 	/* reset arrays */
 	memset(keybuf, 0, KEYBUF_SIZE + 1);
 	memset(dec_c2_cryptbuf, 0, CBUF_SIZE);
@@ -111,9 +108,7 @@ char *bigcrypt(const char *key, const char *salt)
 			salt_ptr = cipher_ptr - ESEGMENT_SIZE;
 		}
 	}
-	D(("key=|%s|, salt=|%s|\nbuf=|%s|\n", key, salt, dec_c2_cryptbuf));
 
 	/* this is the <NUL> terminated encrypted password */
-
 	return dec_c2_cryptbuf;
 }
-- 
cgit v1.2.3


From 88dd2b1a22cd06fc401a8ddadd41114cebe159d5 Mon Sep 17 00:00:00 2001
From: Timo Weingärtner <timo@tiwe.de>
Date: Fri, 10 May 2013 21:27:56 +0200
Subject: include proper headers for crypt()

this also prepares for crypt_r()
---
 bigcrypt.c    |  5 +++--
 bigcrypt.h    |  1 +
 pam_pwdfile.c | 15 +++++++++++++--
 3 files changed, 17 insertions(+), 4 deletions(-)
 create mode 100644 bigcrypt.h

(limited to 'bigcrypt.c')

diff --git a/bigcrypt.c b/bigcrypt.c
index 28d042a..c1486fa 100644
--- a/bigcrypt.c
+++ b/bigcrypt.c
@@ -24,10 +24,11 @@
  * Andy Phillips <atp@mssl.ucl.ac.uk>
  */
 
+#define _XOPEN_SOURCE
+#include <unistd.h>
 #include <string.h>
 
-char *crypt(const char *key, const char *salt);
-char *bigcrypt(const char *key, const char *salt);
+#include "bigcrypt.h"
 
 /*
  * Max cleartext password length in segments of 8 characters this
diff --git a/bigcrypt.h b/bigcrypt.h
new file mode 100644
index 0000000..a66a96e
--- /dev/null
+++ b/bigcrypt.h
@@ -0,0 +1 @@
+extern char *bigcrypt(const char *key, const char *salt);
diff --git a/pam_pwdfile.c b/pam_pwdfile.c
index 80cd893..34ce78d 100644
--- a/pam_pwdfile.c
+++ b/pam_pwdfile.c
@@ -42,6 +42,18 @@
  * OF THE POSSIBILITY OF SUCH DAMAGE.
  */
 
+#ifdef USE_CRYPT_R
+#define _GNU_SOURCE
+#include <crypt.h>
+#else
+#ifndef _XOPEN_SOURCE
+#define _XOPEN_SOURCE 700
+#endif
+#ifndef _BSD_SOURCE
+#define _BSD_SOURCE
+#endif
+#endif
+
 #include <features.h>
 #include <syslog.h>
 #include <stdio.h>
@@ -62,8 +74,7 @@
 #include <security/pam_ext.h>
 
 #include "md5.h"
-extern char *crypt(const char *key, const char *salt);
-extern char *bigcrypt(const char *key, const char *salt);
+#include "bigcrypt.h"
 
 #define CRYPTED_DESPWD_LEN 13
 #define CRYPTED_MD5PWD_LEN 34
-- 
cgit v1.2.3


From caea065f12f3d358948cd0ca760ebd7c27cb6c80 Mon Sep 17 00:00:00 2001
From: Timo Weingärtner <timo@tiwe.de>
Date: Tue, 14 May 2013 20:08:06 +0200
Subject: overhaul bigcrypt.c

* drop unnessesary variables
* rename variables and define's to be more desciptive
* rotate pointer updates to front of loop
* don't copy key

there was no point in using crypt_r() here, we return our result in a static
buffer ourselves
---
 bigcrypt.c | 93 ++++++++++++++++++--------------------------------------------
 1 file changed, 26 insertions(+), 67 deletions(-)

(limited to 'bigcrypt.c')

diff --git a/bigcrypt.c b/bigcrypt.c
index c1486fa..18024dc 100644
--- a/bigcrypt.c
+++ b/bigcrypt.c
@@ -24,7 +24,7 @@
  * Andy Phillips <atp@mssl.ucl.ac.uk>
  */
 
-#define _XOPEN_SOURCE
+#define _XOPEN_SOURCE 700
 #include <unistd.h>
 #include <string.h>
 
@@ -36,80 +36,39 @@
  * password).
  */
 
-#define MAX_PASS_LEN       16
+#define MAX_SEGMENTS       16
 #define SEGMENT_SIZE       8
 #define SALT_SIZE          2
-#define KEYBUF_SIZE        ((MAX_PASS_LEN*SEGMENT_SIZE)+SALT_SIZE)
 #define ESEGMENT_SIZE      11
-#define CBUF_SIZE          ((MAX_PASS_LEN*ESEGMENT_SIZE)+SALT_SIZE+1)
 
-char *bigcrypt(const char *key, const char *salt)
-{
-	static char dec_c2_cryptbuf[CBUF_SIZE];		/* static storage area */
+char *bigcrypt(char const * key, char const * salt) {
+	static char outbuf[MAX_SEGMENTS * ESEGMENT_SIZE + SALT_SIZE + 1];	/* static storage area */
 
-	unsigned long int keylen, n_seg, j;
-	char *cipher_ptr, *plaintext_ptr, *tmp_ptr, *salt_ptr;
-	char keybuf[KEYBUF_SIZE + 1];
+	unsigned char n_seg, seg;
+	char * outptr;
 
-	/* reset arrays */
-	memset(keybuf, 0, KEYBUF_SIZE + 1);
-	memset(dec_c2_cryptbuf, 0, CBUF_SIZE);
+	/* ensure NUL-termination */
+	memset(outbuf, 0, sizeof(outbuf));
 
-	/* fill KEYBUF_SIZE with key */
-	strncpy(keybuf, key, KEYBUF_SIZE);
-
-	/* deal with case that we are doing a password check for a
-	   conventially encrypted password: the salt will be
-	   SALT_SIZE+ESEGMENT_SIZE long. */
-	if (strlen(salt) == (SALT_SIZE + ESEGMENT_SIZE))
-		keybuf[SEGMENT_SIZE] = '\0';	/* terminate password early(?) */
-
-	keylen = strlen(keybuf);
-
-	if (!keylen) {
+	if (strlen(salt) == (SALT_SIZE + ESEGMENT_SIZE)) /* conventional crypt */
 		n_seg = 1;
-	} else {
-		/* work out how many segments */
-		n_seg = 1 + ((keylen - 1) / SEGMENT_SIZE);
-	}
-
-	if (n_seg > MAX_PASS_LEN)
-		n_seg = MAX_PASS_LEN;	/* truncate at max length */
-
-	/* set up some pointers */
-	cipher_ptr = dec_c2_cryptbuf;
-	plaintext_ptr = keybuf;
-
-	/* do the first block with supplied salt */
-	tmp_ptr = crypt(plaintext_ptr, salt);	/* libc crypt() */
-
-	/* and place in the static area */
-	strncpy(cipher_ptr, tmp_ptr, 13);
-	cipher_ptr += ESEGMENT_SIZE + SALT_SIZE;
-	plaintext_ptr += SEGMENT_SIZE;	/* first block of SEGMENT_SIZE */
-
-	/* change the salt (1st 2 chars of previous block) - this was found
-	   by dowsing */
-
-	salt_ptr = cipher_ptr - ESEGMENT_SIZE;
-
-	/* so far this is identical to "return crypt(key, salt);", if
-	   there is more than one block encrypt them... */
-
-	if (n_seg > 1) {
-		for (j = 2; j <= n_seg; j++) {
-
-			tmp_ptr = crypt(plaintext_ptr, salt_ptr);
-
-			/* skip the salt for seg!=0 */
-			strncpy(cipher_ptr, (tmp_ptr + SALT_SIZE), ESEGMENT_SIZE);
-
-			cipher_ptr += ESEGMENT_SIZE;
-			plaintext_ptr += SEGMENT_SIZE;
-			salt_ptr = cipher_ptr - ESEGMENT_SIZE;
-		}
+	else if (key[0] == '\0')
+		n_seg = 1;
+	else
+		n_seg = (strnlen(key, MAX_SEGMENTS * SEGMENT_SIZE) + SEGMENT_SIZE - 1) / SEGMENT_SIZE;
+
+	/* first block is special and just traditional crypt() */
+	outptr = outbuf;
+	strncpy(outptr, crypt(key, salt), SALT_SIZE + ESEGMENT_SIZE);
+
+	for (seg = 1, outptr += SALT_SIZE; seg < n_seg; ++seg) {
+		/* subsequent blocks use the previous output block for salt input */
+		salt = outptr;
+		key += SEGMENT_SIZE;
+		outptr += ESEGMENT_SIZE;
+		/* and omit the salt on output */
+		strncpy(outptr, crypt(key, salt) + SALT_SIZE, ESEGMENT_SIZE);
 	}
 
-	/* this is the <NUL> terminated encrypted password */
-	return dec_c2_cryptbuf;
+	return outbuf;
 }
-- 
cgit v1.2.3