[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

passwd.c (MiNTOS 1.2) patches

To: steve@earth.ox.ac.uk
Subject: passwd.c (MiNTOS 1.2) patches
From: "Nicholas S Castellano" <entropy@terminator.rs.itd.umich.edu>
Date: Thu, 21 Jul 1994 18:38:54 -0400
Cc: mint@terminator.rs.itd.umich.edu

This patch fixes three bugs in mintos/usrbin/passwd.c from MiNTOS 1.2.

- root must be allowed to change any user's password
- ensure echo is disabled when reading new password after a retry
- generate only valid salts for crypt

--- passwd.c_orig	Sat Apr  9 10:29:38 1994
+++ passwd.c	Thu Jul 21 18:08:02 1994
@@ -109,8 +109,9 @@
 		if ((check_passwd((char *)(crypt(oldpassword, key)), pswdent->pw_passwd) == 1) && (noentry == 0))
 			oktologin = 1;
 	}
+	else if (starting_uid == 0)
+		oktologin = 1;
 
-
 	endpwent();
 
 	if (!oktologin)
@@ -121,9 +122,9 @@
 
 	if ((oktologin == 1) && (noentry == 0))
 	{
-		ioctl(fileno(stdin), TIOCSETP, &noecho);
+retry:		ioctl(fileno(stdin), TIOCSETP, &noecho);
 
-retry:		printf("New password:");
+		printf("New password:");
 		fflush(stdout);
 		fgets(newpassword1, MAX_PASSWORD_LENGTH, stdin);
 		newpassword1[strlen(newpassword1) - 1] = '\0';
@@ -178,14 +179,17 @@
 char key[3];
 {
 	int value, i;
+	char *salts = 
+	  "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789./";
+	int saltslen;
 
+	saltslen = strlen(salts);
 	srand(time(0L));
 
 	for (i = 0; i < 2; i++)
 	{
 		value = rand();
-		while ((key[i] = (char)((value % 94) + 33)) == ':')
-			value = rand();
+		key[i] = (char)(salts[value % saltslen]);
 	}
 
 	key[2] = '\0';

--
entropy -- it's not just a good idea, it's the second law.
Personal mail:      entropy@gnu.ai.mit.edu
MiNT library mail:  entropy@terminator.rs.itd.umich.edu
"what do you have against octal?" -jrb

Prev by Date: Background jobs writing on terminal
Next by Date: Re: Rsconf problems under MiNT 1.10h6
Previous by thread: Re: Background jobs writing on terminal
Next by thread: what is gid_t?
Index(es):
- Date
- Thread