diff options
author | ache <ache@FreeBSD.org> | 2002-01-19 04:58:51 +0000 |
---|---|---|
committer | ache <ache@FreeBSD.org> | 2002-01-19 04:58:51 +0000 |
commit | 35ada60969591b5914e2d4a76b55162edf6020a6 (patch) | |
tree | 4594434246d259eece466ec304f08225cbd02578 | |
parent | a32ee285cb3b2ac3db82ffb4f028bdd15e6713fb (diff) | |
download | FreeBSD-src-35ada60969591b5914e2d4a76b55162edf6020a6.zip FreeBSD-src-35ada60969591b5914e2d4a76b55162edf6020a6.tar.gz |
Add yet one expired-right-now password check, in pam_sm_chauthtok
srandomdev() can't be used in libraries, replace srandomdev()+random()
by arc4random()
-rw-r--r-- | lib/libpam/modules/pam_unix/pam_unix.c | 25 |
1 files changed, 12 insertions, 13 deletions
diff --git a/lib/libpam/modules/pam_unix/pam_unix.c b/lib/libpam/modules/pam_unix/pam_unix.c index 6f8c0b4..791bb49 100644 --- a/lib/libpam/modules/pam_unix/pam_unix.c +++ b/lib/libpam/modules/pam_unix/pam_unix.c @@ -351,7 +351,8 @@ pam_sm_chauthtok(pam_handle_t *pamh, int flags, int argc, const char **argv) PAM_LOG("Encrypted password 1 is: %s", encrypted); PAM_LOG("Encrypted password 2 is: %s", pwd->pw_passwd); - if (strcmp(encrypted, pwd->pw_passwd) != 0) + if (strcmp(encrypted, pwd->pw_passwd) != 0 || + (pwd->pw_expire && time(NULL) >= pwd->pw_expire)) PAM_RETURN(PAM_AUTH_ERR); retval = pam_set_item(pamh, PAM_OLDAUTHTOK, (const void *)pass); @@ -504,15 +505,14 @@ local_passwd(const char *user, const char *pass) syslog(LOG_ERR, "cannot set password cipher"); login_close(lc); /* Salt suitable for anything */ - srandomdev(); gettimeofday(&tv, 0); - to64(&salt[0], random(), 3); + to64(&salt[0], arc4random(), 3); to64(&salt[3], tv.tv_usec, 3); to64(&salt[6], tv.tv_sec, 2); - to64(&salt[8], random(), 5); - to64(&salt[13], random(), 5); - to64(&salt[17], random(), 5); - to64(&salt[22], random(), 5); + to64(&salt[8], arc4random(), 5); + to64(&salt[13], arc4random(), 5); + to64(&salt[17], arc4random(), 5); + to64(&salt[22], arc4random(), 5); salt[27] = '\0'; pwd->pw_passwd = crypt(pass, salt); @@ -598,15 +598,14 @@ yp_passwd(const char *user, const char *pass) syslog(LOG_ERR, "cannot set password cipher"); login_close(lc); /* Salt suitable for anything */ - srandomdev(); gettimeofday(&tv, 0); - to64(&salt[0], random(), 3); + to64(&salt[0], arc4random(), 3); to64(&salt[3], tv.tv_usec, 3); to64(&salt[6], tv.tv_sec, 2); - to64(&salt[8], random(), 5); - to64(&salt[13], random(), 5); - to64(&salt[17], random(), 5); - to64(&salt[22], random(), 5); + to64(&salt[8], arc4random(), 5); + to64(&salt[13], arc4random(), 5); + to64(&salt[17], arc4random(), 5); + to64(&salt[22], arc4random(), 5); salt[27] = '\0'; if (suser_override) |