aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorSeraphim Mellos <mellos@ceid.upatras.gr>2008-08-12 09:34:03 +0300
committerSeraphim Mellos <mellos@ceid.upatras.gr>2008-08-12 09:34:03 +0300
commit3459b15aa4d531cffa75889e7ad438b159145b13 (patch)
treeacd5187deeef1a730a10433375e0f1b4d624e7cb
parentAdded MD5 support (diff)
downloadopenpam-modules-3459b15aa4d531cffa75889e7ad438b159145b13.tar.gz
openpam-modules-3459b15aa4d531cffa75889e7ad438b159145b13.tar.bz2
openpam-modules-3459b15aa4d531cffa75889e7ad438b159145b13.zip
Fixed a problem in salt generator
-rw-r--r--modules/pam_securetty/pam_securetty.c5
-rw-r--r--modules/pam_unix/md5.c15
2 files changed, 14 insertions, 6 deletions
diff --git a/modules/pam_securetty/pam_securetty.c b/modules/pam_securetty/pam_securetty.c
index c22b0ce..424e8dd 100644
--- a/modules/pam_securetty/pam_securetty.c
+++ b/modules/pam_securetty/pam_securetty.c
@@ -42,7 +42,8 @@ pam_sm_authenticate(pam_handle_t * pamh, int flags,
return (PAM_SUCCESS);
}
- if ( (pam_err = pam_get_item(pamh, PAM_TTY,(void *) &tty) ) != PAM_SUCCESS ) {
+ if ( (pam_err = pam_get_item(pamh, PAM_TTY,(void *) &tty) ) != PAM_SUCCESS ) {
+ PAM_ERROR("Could not determine user's tty");
return (pam_err);
}
@@ -55,7 +56,7 @@ pam_sm_authenticate(pam_handle_t * pamh, int flags,
if ( stat(SECURETTY, &ttyfileinfo) ) {
PAM_ERROR("Could not open SECURETTY file :%s", SECURETTY);
/* From LinuxPAM, they say that for compatibility issues,
- * this needs to succeed. Who am I to judge... */
+ * this needs to succeed. */
return (PAM_SUCCESS);
}
diff --git a/modules/pam_unix/md5.c b/modules/pam_unix/md5.c
index 94d3dd4..6732b06 100644
--- a/modules/pam_unix/md5.c
+++ b/modules/pam_unix/md5.c
@@ -16,6 +16,9 @@
*/
#include <sys/types.h>
+#include <sys/stat.h>
+#include <fcntl.h>
+#include <unistd.h>
#include <string.h>
#include <stdio.h>
#include <stdlib.h>
@@ -394,14 +397,18 @@ static void to64(char *s, long v, int n) {
/* Salt suitable for traditional DES and MD5 */
void makesalt(char salt[SALTSIZE]) {
- int i;
+ int i,fd;
+ unsigned char tmp;
/* These are not really random numbers, they are just
* numbers that change to thwart construction of a
* dictionary. This is exposed to the public.
*/
-
- for (i = 0; i < SALTSIZE; i += 4)
- to64(&salt[i], random(), 4);
+ fd = open("/dev/urandom", O_RDONLY);
+ for (i = 0; i < SALTSIZE; i += 1) {
+ read (fd, &tmp, sizeof(char) );
+ to64(&salt[i], tmp, 1);
+ }
+ close(fd);
salt[SALTSIZE] = '\0';
}