Index: shadow-4.4/lib/getdef.c =================================================================== --- shadow-4.4/lib/getdef.c +++ shadow-4.4/lib/getdef.c 2017-01-23 10:26:11.099787622 -0500 @@ -127,6 +127,8 @@ {"UMASK", NULL}, {"USERDEL_CMD", NULL}, {"USERGROUPS_ENAB", NULL}, + {"CRYPT_PREFIX", NULL}, + {"CRYPT_ROUNDS", NULL}, #ifndef USE_PAM PAMDEFS #endif diff --git a/libmisc/salt.c b/libmisc/salt.c index 6058f85..e6d03ff 100644 --- a/libmisc/salt.c +++ b/libmisc/salt.c @@ -1,6 +1,78 @@ /* * salt.c - generate a random salt string for crypt() * + */ + +#define _OW_SOURCE +#include <stdio.h> +#include <string.h> +#include <fcntl.h> +#include <stdlib.h> +#include <unistd.h> +#include <errno.h> +#include <crypt.h> +#include "config.h" +#include "defines.h" +#include "getdef.h" +#define RANDOM_DEVICE "/dev/urandom" + +static int read_loop(int fd, char *buffer, int count) +{ + int offset, block; + + offset = 0; + while (count > 0) { + block = read(fd, &buffer[offset], count); + + if (block < 0) { + if (errno == EINTR) continue; + return block; + } + if (!block) return offset; + + offset += block; + count -= block; + } + + return offset; +} + +char * +crypt_make_salt(void) +{ + int fd; + char entropy[16]; + char *retval; + + fd = open(RANDOM_DEVICE, O_RDONLY); + if (fd < 0) { + perror("open: " RANDOM_DEVICE); + exit(1); + } + + if (read_loop(fd, entropy, sizeof(entropy)) != sizeof(entropy)) { + close(fd); + fprintf(stderr, "Unable to obtain entropy from %s\n", + RANDOM_DEVICE); + exit(1); + } + + close(fd); + + retval = crypt_gensalt(getdef_str("CRYPT_PREFIX") ?: "", + getdef_num("CRYPT_ROUNDS", 0), entropy, sizeof(entropy)); + memset(entropy, 0, sizeof(entropy)); + if (!retval) { + fprintf(stderr, "Unable to generate a salt, " + "check your CRYPT_PREFIX and CRYPT_ROUNDS settings.\n"); + exit(1); + } + + return retval; +} + +#if 0 +/* * Written by Marek Michalkiewicz <marekm@i17linuxb.ists.pwr.wroc.pl>, * it is in the public domain. * @@ -555,3 +627,5 @@ static /*@observer@*/const char *gensalt (size_t salt_size) return result; #endif /* USE_XCRYPT_GENSALT */ } + +#endif