home *** CD-ROM | disk | FTP | other *** search
- Date: Thu, 21 Jul 1994 18:38:54 -0400
- From: "Nicholas S Castellano" <entropy@terminator.rs.itd.umich.edu>
- To: steve@earth.ox.ac.uk
- Subject: passwd.c (MiNTOS 1.2) patches
-
- This patch fixes three bugs in mintos/usrbin/passwd.c from MiNTOS 1.2.
-
- - root must be allowed to change any user's password
- - ensure echo is disabled when reading new password after a retry
- - generate only valid salts for crypt
-
- --- passwd.c_orig Sat Apr 9 10:29:38 1994
- +++ passwd.c Thu Jul 21 18:08:02 1994
- @@ -109,8 +109,9 @@
- if ((check_passwd((char *)(crypt(oldpassword, key)), pswdent->pw_passwd) == 1) && (noentry == 0))
- oktologin = 1;
- }
- + else if (starting_uid == 0)
- + oktologin = 1;
-
- -
- endpwent();
-
- if (!oktologin)
- @@ -121,9 +122,9 @@
-
- if ((oktologin == 1) && (noentry == 0))
- {
- - ioctl(fileno(stdin), TIOCSETP, &noecho);
- +retry: ioctl(fileno(stdin), TIOCSETP, &noecho);
-
- -retry: printf("New password:");
- + printf("New password:");
- fflush(stdout);
- fgets(newpassword1, MAX_PASSWORD_LENGTH, stdin);
- newpassword1[strlen(newpassword1) - 1] = '\0';
- @@ -178,14 +179,17 @@
- char key[3];
- {
- int value, i;
- + char *salts =
- + "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789./";
- + int saltslen;
-
- + saltslen = strlen(salts);
- srand(time(0L));
-
- for (i = 0; i < 2; i++)
- {
- value = rand();
- - while ((key[i] = (char)((value % 94) + 33)) == ':')
- - value = rand();
- + key[i] = (char)(salts[value % saltslen]);
- }
-
- key[2] = '\0';
-
- --
- entropy -- it's not just a good idea, it's the second law.
- Personal mail: entropy@gnu.ai.mit.edu
- MiNT library mail: entropy@terminator.rs.itd.umich.edu
- "what do you have against octal?" -jrb
-
-
