From 70b52c92e25b591a71e7a773a064bc8709264454 Mon Sep 17 00:00:00 2001
From: David Nugent <davidn@FreeBSD.org>
Date: Tue, 17 Dec 1996 14:15:35 +0000
Subject: Changes to password generator: fallback to MD5 generator disabled
 (/dev/urandom used by default under FreeBSD), and implemented a "portable"
 but less secure generator for other systems. Add display of expiry/password
 change dates in -P user display.

---
 pw/Makefile  |  7 +++--
 pw/pw_user.c | 98 ++++++++++++++++++++++++++++++++++++++++--------------------
 2 files changed, 70 insertions(+), 35 deletions(-)

(limited to 'pw')

diff --git a/pw/Makefile b/pw/Makefile
index f02e256..ae8ec1e 100644
--- a/pw/Makefile
+++ b/pw/Makefile
@@ -1,4 +1,4 @@
-# $Id: Makefile,v 1.1.1.2 1996/12/09 23:55:12 joerg Exp $
+# $Id: Makefile,v 1.1.1.3 1996/12/10 23:58:50 joerg Exp $
 
 PROG=	pw
 SRCS=	pw.c pw_conf.c pw_user.c pw_group.c pw_log.c \
@@ -7,8 +7,9 @@ SRCS=	pw.c pw_conf.c pw_user.c pw_group.c pw_log.c \
 
 MAN5=	pw.conf.5
 MAN8=	pw.8
-	
-CFLAGS+= -Wall $(CDB)
+
+#RND=	-DUSE_MD5RAND
+CFLAGS+= -Wall $(CDB) $(RND)
 LDADD=	-lcrypt
 DPADD=	${LIBCRYPT}
 
diff --git a/pw/pw_user.c b/pw/pw_user.c
index b70d68c..2967190 100644
--- a/pw/pw_user.c
+++ b/pw/pw_user.c
@@ -23,7 +23,7 @@
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
  *
- *	$Id: pw_user.c,v 1.3 1996/12/16 17:37:58 davidn Exp $
+ *	$Id: pw_user.c,v 1.4 1996/12/17 01:43:30 davidn Exp $
  */
 
 #include <unistd.h>
@@ -742,47 +742,74 @@ pw_pwcrypt(char *password)
 	return strcpy(buf, crypt(password, salt));
 }
 
+#if defined(__FreeBSD__)
+
+#if defined(USE_MD5RAND)
 u_char *
-pw_genmd5rand (u_char *d)		/* cryptographically secure rng */
+pw_getrand(u_char *buf, int len)	/* cryptographically secure rng */
 {
-	MD5_CTX md5_ctx;
-	struct timeval tv, tvo;
-	struct rusage ru;
-	int n=0;
-	int t;
-	MD5Init (&md5_ctx);
-	t=getpid();
-	MD5Update (&md5_ctx, (u_char*)&t, sizeof t);
-	t=getppid();
-	MD5Update (&md5_ctx, (u_char*)&t, sizeof t);
-	gettimeofday (&tvo, NULL);
-	do {
-		getrusage (RUSAGE_SELF, &ru);
-		MD5Update (&md5_ctx, (u_char*)&ru, sizeof ru);
-		gettimeofday (&tv, NULL);
-		MD5Update (&md5_ctx, (u_char*)&tv, sizeof tv);
-	} while (n++<20 || tv.tv_usec-tvo.tv_usec<100*1000);
-	MD5Final (d, &md5_ctx);
-	return d;
+	int i;
+	for (i=0;i<len;i+=16) {
+		u_char ubuf[16];
+
+		MD5_CTX md5_ctx;
+		struct timeval tv, tvo;
+		struct rusage ru;
+		int n=0;
+		int t;
+
+		MD5Init (&md5_ctx);
+		t=getpid();
+		MD5Update (&md5_ctx, (u_char*)&t, sizeof t);
+		t=getppid();
+		MD5Update (&md5_ctx, (u_char*)&t, sizeof t);
+		gettimeofday (&tvo, NULL);
+		do {
+			getrusage (RUSAGE_SELF, &ru);
+			MD5Update (&md5_ctx, (u_char*)&ru, sizeof ru);
+			gettimeofday (&tv, NULL);
+			MD5Update (&md5_ctx, (u_char*)&tv, sizeof tv);
+		} while (n++<20 || tv.tv_usec-tvo.tv_usec<100*1000);
+		MD5Final (ubuf, &md5_ctx);
+		memcpy(buf+i, ubuf, MIN(16, len-n));
+	}
+	return buf;
 }
 
+#else	/* Use random device (preferred) */
+
 static u_char *
 pw_getrand(u_char *buf, int len)
 {
 	int		fd;
 	fd = open("/dev/urandom", O_RDONLY);
-	if (fd==-1 || read(fd, buf, len)!=len) {
-		int n;
-		for (n=0;n<len;n+=16) {
-			u_char ubuf[16];
-			pw_genmd5rand(ubuf);
-			memcpy(buf+n, ubuf, MIN(16, len-n));
-		}
-	}
+	if (fd==-1)
+		cmderr(EX_OSFILE, "can't open /dev/urandom: %s\n", strerror(errno));
+	else if (read(fd, buf, len)!=len)
+		cmderr(EX_IOERR, "read error on /dev/urandom\n");
 	close(fd);
 	return buf;
 }
 
+#endif
+
+#else	/* Portable version */
+
+static u_char *
+pw_getrand(u_char *buf, int len)
+{
+	int i;
+
+	for (i = 0; i < len; i++) {
+		unsigned val = random();
+		/* Use all bits in the random value */
+		buf[i]=(u_char)((val >> 24) ^ (val >> 16) ^ (val >> 8) ^ val);
+	}
+	return buf;
+}
+
+#endif
+
 static char    *
 pw_password(struct userconf * cnf, struct cargs * args, char const * user)
 {
@@ -840,6 +867,8 @@ print_user(struct passwd * pwd, int pretty)
 		struct group   *grp = getgrgid(pwd->pw_gid);
 		char            uname[60] = "User &", office[60] = "[None]",
 		                wphone[60] = "[None]", hphone[60] = "[None]";
+		char		acexpire[32] = "[None]", pwexpire[32] = "[None]";
+		struct tm *    tptr;
 
 		if ((p = strtok(pwd->pw_gecos, ",")) != NULL) {
 			strncpy(uname, p, sizeof uname);
@@ -868,16 +897,21 @@ print_user(struct passwd * pwd, int pretty)
 			memmove(p, pwd->pw_name, l);
 			*p = (char) toupper(*p);
 		}
+		if (pwd->pw_expire > (time_t)0 && (tptr = localtime(&pwd->pw_expire)) != NULL)
+		  strftime(acexpire, sizeof acexpire, "%c", tptr);
+		if (pwd->pw_change > (time_t)9 && (tptr = localtime(&pwd->pw_change)) != NULL)
+		  strftime(pwexpire, sizeof pwexpire, "%c", tptr);
 		printf("Login Name : %-10s   #%-22ld  Group : %-10s   #%ld\n"
 		       " Full Name : %s\n"
 		       "      Home : %-32.32s      Class : %s\n"
 		       "     Shell : %-32.32s     Office : %s\n"
-		       "Work Phone : %-32.32s Home Phone : %s\n",
-		       
+		       "Work Phone : %-32.32s Home Phone : %s\n"
+		       "Acc Expire : %-32.32s Pwd Expire : %s\n",
 		       pwd->pw_name, (long) pwd->pw_uid,
 		       grp ? grp->gr_name : "(invalid)", (long) pwd->pw_gid,
 		       uname, pwd->pw_dir, pwd->pw_class,
-		       pwd->pw_shell, office, wphone, hphone);
+		       pwd->pw_shell, office, wphone, hphone,
+		       acexpire, pwexpire);
 	        setgrent();
 		j = 0;
 		while ((grp=getgrent()) != NULL)
-- 
cgit v1.2.3-56-ge451