From dbc6a54f1ef91ef3196b094ca3c3fc3e6f842a35 Mon Sep 17 00:00:00 2001 From: Antoine Brodin Date: Tue, 27 May 2008 19:04:31 +0000 Subject: - Increase the size of the salt in pw(8) from 8 to 32 (same as in pam_unix(8)). This makes blowfish password hashes look normal when set using pw(8)/adduser(8). [1] - Make it possible to have a '/' in the salt. PR: 121146 [1] Submitted by: Jaakko Heinonen [1] Approved by: rwatson (mentor) MFC after: 1 month --- pw/pw_user.c | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) (limited to 'pw/pw_user.c') diff --git a/pw/pw_user.c b/pw/pw_user.c index 0eb1b53..7da16f8 100644 --- a/pw/pw_user.c +++ b/pw/pw_user.c @@ -1029,22 +1029,24 @@ pw_shellpolicy(struct userconf * cnf, struct cargs * args, char *newshell) return shell_path(cnf->shelldir, cnf->shells, sh ? sh : cnf->shell_default); } -static char const chars[] = "0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ."; +#define SALTSIZE 32 + +static char const chars[] = "0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ./"; char * pw_pwcrypt(char *password) { int i; - char salt[12]; + char salt[SALTSIZE + 1]; static char buf[256]; /* * Calculate a salt value */ - for (i = 0; i < 8; i++) - salt[i] = chars[arc4random() % 63]; - salt[i] = '\0'; + for (i = 0; i < SALTSIZE; i++) + salt[i] = chars[arc4random() % (sizeof(chars) - 1)]; + salt[SALTSIZE] = '\0'; return strcpy(buf, crypt(password, salt)); } -- cgit v1.2.3-56-ge451