

distrib > Mandriva > 2009.1 > i586 > media > main-release-src > by-pkgid > 3837d6e6d6e4fc5e03616d6e4e2ddc8c > files > 4


diff -Naurp sysvinit-2.86/src/Makefile sysvinit-2.86.oden/src/Makefile
--- sysvinit-2.86/src/Makefile	2004-06-09 14:47:45.000000000 +0200
+++ sysvinit-2.86.oden/src/Makefile	2008-12-22 16:29:21.000000000 +0100
@@ -77,8 +77,8 @@ utmpdump:	utmpdump.o
 runlevel:	runlevel.o
 		$(CC) $(LDFLAGS) -o $@ runlevel.o
-sulogin:	sulogin.o
-		$(CC) $(LDFLAGS) $(STATIC) -o $@ sulogin.o $(LCRYPT)
+sulogin:	sulogin.o md5_broken.o md5_crypt_broken.o
+		$(CC) $(LDFLAGS) $(STATIC) -o $@ $^ $(LCRYPT)
 wall:		dowall.o wall.o
 		$(CC) $(LDFLAGS) -o $@ dowall.o wall.o
@@ -98,6 +98,12 @@ utmp.o:		utmp.c init.h
 init_utmp.o:	utmp.c init.h
 		$(CC) -c $(CFLAGS) -DINIT_MAIN utmp.c -o init_utmp.o
+md5_broken.o: md5.c
+		$(CC) $(CFLAGS) -D'MD5Name(x)=Broken##x' -c $< -o $@
+md5_crypt_broken.o: md5_crypt.c
+		$(CC) $(CFLAGS) -D'MD5Name(x)=Broken##x' -c $< -o $@
 		rm -f *.o *.bak
diff -Naurp sysvinit-2.86/src/md5.c sysvinit-2.86.oden/src/md5.c
--- sysvinit-2.86/src/md5.c	1970-01-01 01:00:00.000000000 +0100
+++ sysvinit-2.86.oden/src/md5.c	2008-12-22 16:29:21.000000000 +0100
@@ -0,0 +1,256 @@
+ * $Id: md5.c,v 1999/07/24 00:13:39 gafton Exp $
+ *
+ * This code implements the MD5 message-digest algorithm.
+ * The algorithm is due to Ron Rivest.  This code was
+ * written by Colin Plumb in 1993, no copyright is claimed.
+ * This code is in the public domain; do with it what you wish.
+ *
+ * Equivalent code is available from RSA Data Security, Inc.
+ * This code has been tested against that, and is equivalent,
+ * except that you don't need to include two pages of legalese
+ * with every copy.
+ *
+ * To compute the message digest of a chunk of bytes, declare an
+ * MD5Context structure, pass it to MD5Init, call MD5Update as
+ * needed on buffers full of bytes, and then call MD5Final, which
+ * will fill a supplied 16-byte array with the digest.
+ *
+ */
+#include <string.h>
+#include "md5.h"
+#ifndef HIGHFIRST
+#define byteReverse(buf, len)	/* Nothing */
+static void byteReverse(unsigned char *buf, unsigned longs);
+#ifndef ASM_MD5
+ * Note: this code is harmless on little-endian machines.
+ */
+static void byteReverse(unsigned char *buf, unsigned longs)
+	uint32 t;
+	do {
+		t = (uint32) ((unsigned) buf[3] << 8 | buf[2]) << 16 |
+		    ((unsigned) buf[1] << 8 | buf[0]);
+		*(uint32 *) buf = t;
+		buf += 4;
+	} while (--longs);
+ * Start MD5 accumulation.  Set bit count to 0 and buffer to mysterious
+ * initialization constants.
+ */
+void MD5Name(MD5Init)(struct MD5Context *ctx)
+	ctx->buf[0] = 0x67452301U;
+	ctx->buf[1] = 0xefcdab89U;
+	ctx->buf[2] = 0x98badcfeU;
+	ctx->buf[3] = 0x10325476U;
+	ctx->bits[0] = 0;
+	ctx->bits[1] = 0;
+ * Update context to reflect the concatenation of another buffer full
+ * of bytes.
+ */
+void MD5Name(MD5Update)(struct MD5Context *ctx, unsigned const char *buf, unsigned len)
+	uint32 t;
+	/* Update bitcount */
+	t = ctx->bits[0];
+	if ((ctx->bits[0] = t + ((uint32) len << 3)) < t)
+		ctx->bits[1]++;	/* Carry from low to high */
+	ctx->bits[1] += len >> 29;
+	t = (t >> 3) & 0x3f;	/* Bytes already in shsInfo->data */
+	/* Handle any leading odd-sized chunks */
+	if (t) {
+		unsigned char *p = (unsigned char *) ctx->in + t;
+		t = 64 - t;
+		if (len < t) {
+			memcpy(p, buf, len);
+			return;
+		}
+		memcpy(p, buf, t);
+		byteReverse(ctx->in, 16);
+		MD5Name(MD5Transform)(ctx->buf, (uint32 *) ctx->in);
+		buf += t;
+		len -= t;
+	}
+	/* Process data in 64-byte chunks */
+	while (len >= 64) {
+		memcpy(ctx->in, buf, 64);
+		byteReverse(ctx->in, 16);
+		MD5Name(MD5Transform)(ctx->buf, (uint32 *) ctx->in);
+		buf += 64;
+		len -= 64;
+	}
+	/* Handle any remaining bytes of data. */
+	memcpy(ctx->in, buf, len);
+ * Final wrapup - pad to 64-byte boundary with the bit pattern 
+ * 1 0* (64-bit count of bits processed, MSB-first)
+ */
+void MD5Name(MD5Final)(unsigned char digest[16], struct MD5Context *ctx)
+	unsigned count;
+	unsigned char *p;
+	/* Compute number of bytes mod 64 */
+	count = (ctx->bits[0] >> 3) & 0x3F;
+	/* Set the first char of padding to 0x80.  This is safe since there is
+	   always at least one byte free */
+	p = ctx->in + count;
+	*p++ = 0x80;
+	/* Bytes of padding needed to make 64 bytes */
+	count = 64 - 1 - count;
+	/* Pad out to 56 mod 64 */
+	if (count < 8) {
+		/* Two lots of padding:  Pad the first block to 64 bytes */
+		memset(p, 0, count);
+		byteReverse(ctx->in, 16);
+		MD5Name(MD5Transform)(ctx->buf, (uint32 *) ctx->in);
+		/* Now fill the next block with 56 bytes */
+		memset(ctx->in, 0, 56);
+	} else {
+		/* Pad block to 56 bytes */
+		memset(p, 0, count - 8);
+	}
+	byteReverse(ctx->in, 14);
+	/* Append length in bits and transform */
+	((uint32 *) ctx->in)[14] = ctx->bits[0];
+	((uint32 *) ctx->in)[15] = ctx->bits[1];
+	MD5Name(MD5Transform)(ctx->buf, (uint32 *) ctx->in);
+	byteReverse((unsigned char *) ctx->buf, 4);
+	memcpy(digest, ctx->buf, 16);
+	memset(ctx, 0, sizeof(ctx));	/* In case it's sensitive */
+#ifndef ASM_MD5
+/* The four core functions - F1 is optimized somewhat */
+/* #define F1(x, y, z) (x & y | ~x & z) */
+#define F1(x, y, z) (z ^ (x & (y ^ z)))
+#define F2(x, y, z) F1(z, x, y)
+#define F3(x, y, z) (x ^ y ^ z)
+#define F4(x, y, z) (y ^ (x | ~z))
+/* This is the central step in the MD5 algorithm. */
+#define MD5STEP(f, w, x, y, z, data, s) \
+	( w += f(x, y, z) + data,  w = w<<s | w>>(32-s),  w += x )
+ * The core of the MD5 algorithm, this alters an existing MD5 hash to
+ * reflect the addition of 16 longwords of new data.  MD5Update blocks
+ * the data and converts bytes into longwords for this routine.
+ */
+void MD5Name(MD5Transform)(uint32 buf[4], uint32 const in[16])
+	register uint32 a, b, c, d;
+	a = buf[0];
+	b = buf[1];
+	c = buf[2];
+	d = buf[3];
+	MD5STEP(F1, a, b, c, d, in[0] + 0xd76aa478U, 7);
+	MD5STEP(F1, d, a, b, c, in[1] + 0xe8c7b756U, 12);
+	MD5STEP(F1, c, d, a, b, in[2] + 0x242070dbU, 17);
+	MD5STEP(F1, b, c, d, a, in[3] + 0xc1bdceeeU, 22);
+	MD5STEP(F1, a, b, c, d, in[4] + 0xf57c0fafU, 7);
+	MD5STEP(F1, d, a, b, c, in[5] + 0x4787c62aU, 12);
+	MD5STEP(F1, c, d, a, b, in[6] + 0xa8304613U, 17);
+	MD5STEP(F1, b, c, d, a, in[7] + 0xfd469501U, 22);
+	MD5STEP(F1, a, b, c, d, in[8] + 0x698098d8U, 7);
+	MD5STEP(F1, d, a, b, c, in[9] + 0x8b44f7afU, 12);
+	MD5STEP(F1, c, d, a, b, in[10] + 0xffff5bb1U, 17);
+	MD5STEP(F1, b, c, d, a, in[11] + 0x895cd7beU, 22);
+	MD5STEP(F1, a, b, c, d, in[12] + 0x6b901122U, 7);
+	MD5STEP(F1, d, a, b, c, in[13] + 0xfd987193U, 12);
+	MD5STEP(F1, c, d, a, b, in[14] + 0xa679438eU, 17);
+	MD5STEP(F1, b, c, d, a, in[15] + 0x49b40821U, 22);
+	MD5STEP(F2, a, b, c, d, in[1] + 0xf61e2562U, 5);
+	MD5STEP(F2, d, a, b, c, in[6] + 0xc040b340U, 9);
+	MD5STEP(F2, c, d, a, b, in[11] + 0x265e5a51U, 14);
+	MD5STEP(F2, b, c, d, a, in[0] + 0xe9b6c7aaU, 20);
+	MD5STEP(F2, a, b, c, d, in[5] + 0xd62f105dU, 5);
+	MD5STEP(F2, d, a, b, c, in[10] + 0x02441453U, 9);
+	MD5STEP(F2, c, d, a, b, in[15] + 0xd8a1e681U, 14);
+	MD5STEP(F2, b, c, d, a, in[4] + 0xe7d3fbc8U, 20);
+	MD5STEP(F2, a, b, c, d, in[9] + 0x21e1cde6U, 5);
+	MD5STEP(F2, d, a, b, c, in[14] + 0xc33707d6U, 9);
+	MD5STEP(F2, c, d, a, b, in[3] + 0xf4d50d87U, 14);
+	MD5STEP(F2, b, c, d, a, in[8] + 0x455a14edU, 20);
+	MD5STEP(F2, a, b, c, d, in[13] + 0xa9e3e905U, 5);
+	MD5STEP(F2, d, a, b, c, in[2] + 0xfcefa3f8U, 9);
+	MD5STEP(F2, c, d, a, b, in[7] + 0x676f02d9U, 14);
+	MD5STEP(F2, b, c, d, a, in[12] + 0x8d2a4c8aU, 20);
+	MD5STEP(F3, a, b, c, d, in[5] + 0xfffa3942U, 4);
+	MD5STEP(F3, d, a, b, c, in[8] + 0x8771f681U, 11);
+	MD5STEP(F3, c, d, a, b, in[11] + 0x6d9d6122U, 16);
+	MD5STEP(F3, b, c, d, a, in[14] + 0xfde5380cU, 23);
+	MD5STEP(F3, a, b, c, d, in[1] + 0xa4beea44U, 4);
+	MD5STEP(F3, d, a, b, c, in[4] + 0x4bdecfa9U, 11);
+	MD5STEP(F3, c, d, a, b, in[7] + 0xf6bb4b60U, 16);
+	MD5STEP(F3, b, c, d, a, in[10] + 0xbebfbc70U, 23);
+	MD5STEP(F3, a, b, c, d, in[13] + 0x289b7ec6U, 4);
+	MD5STEP(F3, d, a, b, c, in[0] + 0xeaa127faU, 11);
+	MD5STEP(F3, c, d, a, b, in[3] + 0xd4ef3085U, 16);
+	MD5STEP(F3, b, c, d, a, in[6] + 0x04881d05U, 23);
+	MD5STEP(F3, a, b, c, d, in[9] + 0xd9d4d039U, 4);
+	MD5STEP(F3, d, a, b, c, in[12] + 0xe6db99e5U, 11);
+	MD5STEP(F3, c, d, a, b, in[15] + 0x1fa27cf8U, 16);
+	MD5STEP(F3, b, c, d, a, in[2] + 0xc4ac5665U, 23);
+	MD5STEP(F4, a, b, c, d, in[0] + 0xf4292244U, 6);
+	MD5STEP(F4, d, a, b, c, in[7] + 0x432aff97U, 10);
+	MD5STEP(F4, c, d, a, b, in[14] + 0xab9423a7U, 15);
+	MD5STEP(F4, b, c, d, a, in[5] + 0xfc93a039U, 21);
+	MD5STEP(F4, a, b, c, d, in[12] + 0x655b59c3U, 6);
+	MD5STEP(F4, d, a, b, c, in[3] + 0x8f0ccc92U, 10);
+	MD5STEP(F4, c, d, a, b, in[10] + 0xffeff47dU, 15);
+	MD5STEP(F4, b, c, d, a, in[1] + 0x85845dd1U, 21);
+	MD5STEP(F4, a, b, c, d, in[8] + 0x6fa87e4fU, 6);
+	MD5STEP(F4, d, a, b, c, in[15] + 0xfe2ce6e0U, 10);
+	MD5STEP(F4, c, d, a, b, in[6] + 0xa3014314U, 15);
+	MD5STEP(F4, b, c, d, a, in[13] + 0x4e0811a1U, 21);
+	MD5STEP(F4, a, b, c, d, in[4] + 0xf7537e82U, 6);
+	MD5STEP(F4, d, a, b, c, in[11] + 0xbd3af235U, 10);
+	MD5STEP(F4, c, d, a, b, in[2] + 0x2ad7d2bbU, 15);
+	MD5STEP(F4, b, c, d, a, in[9] + 0xeb86d391U, 21);
+	buf[0] += a;
+	buf[1] += b;
+	buf[2] += c;
+	buf[3] += d;
diff -Naurp sysvinit-2.86/src/md5.h sysvinit-2.86.oden/src/md5.h
--- sysvinit-2.86/src/md5.h	1970-01-01 01:00:00.000000000 +0100
+++ sysvinit-2.86.oden/src/md5.h	2008-12-22 16:29:21.000000000 +0100
@@ -0,0 +1,40 @@
+#ifndef MD5_H
+#define MD5_H
+#include <features.h>
+#if defined(__GLIBC__) && __GLIBC__ > 1
+# include <stdint.h>
+typedef uint32_t uint32;
+# ifdef __alpha
+typedef unsigned int uint32;
+# else
+typedef unsigned long uint32;
+# endif
+struct MD5Context {
+    uint32 buf[4];
+    uint32 bits[2];
+    unsigned char in[64];
+void GoodMD5Init(struct MD5Context *);
+void GoodMD5Update(struct MD5Context *, unsigned const char *, unsigned);
+void GoodMD5Final(unsigned char digest[16], struct MD5Context *);
+void GoodMD5Transform(uint32 buf[4], uint32 const in[16]);
+void BrokenMD5Init(struct MD5Context *);
+void BrokenMD5Update(struct MD5Context *, unsigned const char *, unsigned);
+void BrokenMD5Final(unsigned char digest[16], struct MD5Context *);
+void BrokenMD5Transform(uint32 buf[4], uint32 const in[16]);
+char *Goodcrypt_md5(const char *pw, const char *salt);
+char *Brokencrypt_md5(const char *pw, const char *salt);
+* This is needed to make RSAREF happy on some MS-DOS compilers.
+typedef struct MD5Context MD5_CTX;
+#endif /* MD5_H */
diff -Naurp sysvinit-2.86/src/md5_crypt.c sysvinit-2.86.oden/src/md5_crypt.c
--- sysvinit-2.86/src/md5_crypt.c	1970-01-01 01:00:00.000000000 +0100
+++ sysvinit-2.86.oden/src/md5_crypt.c	2008-12-22 16:29:21.000000000 +0100
@@ -0,0 +1,149 @@
+ * $Id: md5_crypt.c,v 1999/07/24 00:13:39 gafton Exp $
+ *
+ * ----------------------------------------------------------------------------
+ * "THE BEER-WARE LICENSE" (Revision 42):
+ * <> wrote this file.  As long as you retain this notice you
+ * can do whatever you want with this stuff. If we meet some day, and you think
+ * this stuff is worth it, you can buy me a beer in return.   Poul-Henning Kamp
+ * ----------------------------------------------------------------------------
+ *
+ * Origin: Id: crypt.c,v 1.3 1995/05/30 05:42:22 rgrimes Exp
+ *
+ */
+#include <string.h>
+#include "md5.h"
+static unsigned char itoa64[] =	/* 0 ... 63 => ascii - 64 */
+static void to64(char *s, unsigned long v, int n)
+	while (--n >= 0) {
+		*s++ = itoa64[v & 0x3f];
+		v >>= 6;
+	}
+ * UNIX password
+ *
+ * Use MD5 for what it is best at...
+ */
+char *MD5Name(crypt_md5)(const char *pw, const char *salt)
+	const char *magic = "$1$";
+	/* This string is magic for this algorithm.  Having
+	 * it this way, we can get get better later on */
+	static char passwd[120], *p;
+	static const char *sp, *ep;
+	unsigned char final[16];
+	int sl, pl, i, j;
+	MD5_CTX ctx, ctx1;
+	unsigned long l;
+	/* Refine the Salt first */
+	sp = salt;
+	/* If it starts with the magic string, then skip that */
+	if (!strncmp(sp, magic, strlen(magic)))
+		sp += strlen(magic);
+	/* It stops at the first '$', max 8 chars */
+	for (ep = sp; *ep && *ep != '$' && ep < (sp + 8); ep++)
+		continue;
+	/* get the length of the true salt */
+	sl = ep - sp;
+	MD5Name(MD5Init)(&ctx);
+	/* The password first, since that is what is most unknown */
+	MD5Name(MD5Update)(&ctx,(unsigned const char *)pw,strlen(pw));
+	/* Then our magic string */
+	MD5Name(MD5Update)(&ctx,(unsigned const char *)magic,strlen(magic));
+	/* Then the raw salt */
+	MD5Name(MD5Update)(&ctx,(unsigned const char *)sp,sl);
+	/* Then just as many characters of the MD5(pw,salt,pw) */
+	MD5Name(MD5Init)(&ctx1);
+	MD5Name(MD5Update)(&ctx1,(unsigned const char *)pw,strlen(pw));
+	MD5Name(MD5Update)(&ctx1,(unsigned const char *)sp,sl);
+	MD5Name(MD5Update)(&ctx1,(unsigned const char *)pw,strlen(pw));
+	MD5Name(MD5Final)(final,&ctx1);
+	for (pl = strlen(pw); pl > 0; pl -= 16)
+		MD5Name(MD5Update)(&ctx,(unsigned const char *)final,pl>16 ? 16 : pl);
+	/* Don't leave anything around in vm they could use. */
+	memset(final, 0, sizeof final);
+	/* Then something really weird... */
+	for (j = 0, i = strlen(pw); i; i >>= 1)
+		if (i & 1)
+			MD5Name(MD5Update)(&ctx, (unsigned const char *)final+j, 1);
+		else
+			MD5Name(MD5Update)(&ctx, (unsigned const char *)pw+j, 1);
+	/* Now make the output string */
+	strcpy(passwd, magic);
+	strncat(passwd, sp, sl);
+	strcat(passwd, "$");
+	MD5Name(MD5Final)(final,&ctx);
+	/*
+	 * and now, just to make sure things don't run too fast
+	 * On a 60 Mhz Pentium this takes 34 msec, so you would
+	 * need 30 seconds to build a 1000 entry dictionary...
+	 */
+	for (i = 0; i < 1000; i++) {
+		MD5Name(MD5Init)(&ctx1);
+		if (i & 1)
+			MD5Name(MD5Update)(&ctx1,(unsigned const char *)pw,strlen(pw));
+		else
+			MD5Name(MD5Update)(&ctx1,(unsigned const char *)final,16);
+		if (i % 3)
+			MD5Name(MD5Update)(&ctx1,(unsigned const char *)sp,sl);
+		if (i % 7)
+			MD5Name(MD5Update)(&ctx1,(unsigned const char *)pw,strlen(pw));
+		if (i & 1)
+			MD5Name(MD5Update)(&ctx1,(unsigned const char *)final,16);
+		else
+			MD5Name(MD5Update)(&ctx1,(unsigned const char *)pw,strlen(pw));
+		MD5Name(MD5Final)(final,&ctx1);
+	}
+	p = passwd + strlen(passwd);
+	l = (final[0] << 16) | (final[6] << 8) | final[12];
+	to64(p, l, 4);
+	p += 4;
+	l = (final[1] << 16) | (final[7] << 8) | final[13];
+	to64(p, l, 4);
+	p += 4;
+	l = (final[2] << 16) | (final[8] << 8) | final[14];
+	to64(p, l, 4);
+	p += 4;
+	l = (final[3] << 16) | (final[9] << 8) | final[15];
+	to64(p, l, 4);
+	p += 4;
+	l = (final[4] << 16) | (final[10] << 8) | final[5];
+	to64(p, l, 4);
+	p += 4;
+	l = final[11];
+	to64(p, l, 2);
+	p += 2;
+	*p = '\0';
+	/* Don't leave anything around in vm they could use. */
+	memset(final, 0, sizeof final);
+	return passwd;
diff -Naurp sysvinit-2.86/src/sulogin.c sysvinit-2.86.oden/src/sulogin.c
--- sysvinit-2.86/src/sulogin.c	2004-07-30 13:40:28.000000000 +0200
+++ sysvinit-2.86.oden/src/sulogin.c	2008-12-22 16:29:21.000000000 +0100
@@ -27,6 +27,7 @@
 #if defined(__GLIBC__)
 #  include <crypt.h>
+#include "md5.h"
 #define CHECK_DES	1
 #define CHECK_MD5	1
@@ -443,7 +444,12 @@ int main(int argc, char **argv)
 	while(pwd) {
 		if ((p = getpasswd(pwd->pw_passwd)) == NULL) break;
 		if (pwd->pw_passwd[0] == 0 ||
-		    strcmp(crypt(p, pwd->pw_passwd), pwd->pw_passwd) == 0)
+		    strcmp(crypt(p, pwd->pw_passwd), pwd->pw_passwd) == 0
+#ifdef CHECK_MD5
+		    || (strncmp(pwd->pw_passwd, "$1$", 3) == 0 &&
+			strcmp(Brokencrypt_md5(p, pwd->pw_passwd), pwd->pw_passwd) == 0)
+		    )
 		printf("Login incorrect.\n");