diff options
Diffstat (limited to 'testing/source/PAM/a/pam/fedora-patches/pam-1.3.1-unix-gensalt-autoentropy.patch')
| -rw-r--r-- | testing/source/PAM/a/pam/fedora-patches/pam-1.3.1-unix-gensalt-autoentropy.patch | 95 |
1 files changed, 0 insertions, 95 deletions
diff --git a/testing/source/PAM/a/pam/fedora-patches/pam-1.3.1-unix-gensalt-autoentropy.patch b/testing/source/PAM/a/pam/fedora-patches/pam-1.3.1-unix-gensalt-autoentropy.patch deleted file mode 100644 index 8ae4abfd8..000000000 --- a/testing/source/PAM/a/pam/fedora-patches/pam-1.3.1-unix-gensalt-autoentropy.patch +++ /dev/null @@ -1,95 +0,0 @@ -From 05aa693b7db6b818d31e41f0cab1d5fb4f49600e Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Bj=C3=B6rn=20Esser?= <besser82@fedoraproject.org> -Date: Thu, 15 Nov 2018 15:58:56 +0100 -Subject: [PATCH] pam_unix: Prefer a gensalt function, that supports auto - entropy. - -* modules/pam_unix/pam_unix_passwd.c: Initialize rounds parameter to 0. -* modules/pam_unix/passverify.c: Prefer gensalt with auto entropy. -* modules/pam_unix/support.c: Fix sanitizing of rounds parameter. ---- - modules/pam_unix/pam_unix_passwd.c | 2 +- - modules/pam_unix/passverify.c | 13 +++++++++++++ - modules/pam_unix/support.c | 7 +++++-- - 3 files changed, 19 insertions(+), 3 deletions(-) - -Index: Linux-PAM-1.3.1/modules/pam_unix/pam_unix_passwd.c -=================================================================== ---- Linux-PAM-1.3.1.orig/modules/pam_unix/pam_unix_passwd.c -+++ Linux-PAM-1.3.1/modules/pam_unix/pam_unix_passwd.c -@@ -607,7 +607,7 @@ pam_sm_chauthtok(pam_handle_t *pamh, int - unsigned int ctrl, lctrl; - int retval; - int remember = -1; -- int rounds = -1; -+ int rounds = 0; - int pass_min_len = 0; - - /* <DO NOT free() THESE> */ -Index: Linux-PAM-1.3.1/modules/pam_unix/passverify.c -=================================================================== ---- Linux-PAM-1.3.1.orig/modules/pam_unix/passverify.c -+++ Linux-PAM-1.3.1/modules/pam_unix/passverify.c -@@ -375,7 +375,12 @@ PAMH_ARG_DECL(char * create_password_has - const char *password, unsigned int ctrl, int rounds) - { - const char *algoid; -+#if defined(CRYPT_GENSALT_OUTPUT_SIZE) && CRYPT_GENSALT_OUTPUT_SIZE > 64 -+ /* Strings returned by crypt_gensalt_rn will be no longer than this. */ -+ char salt[CRYPT_GENSALT_OUTPUT_SIZE]; -+#else - char salt[64]; /* contains rounds number + max 16 bytes of salt + algo id */ -+#endif - char *sp; - #ifdef HAVE_CRYPT_R - struct crypt_data *cdata = NULL; -@@ -406,6 +411,13 @@ PAMH_ARG_DECL(char * create_password_has - return crypted; - } - -+#if defined(CRYPT_GENSALT_IMPLEMENTS_AUTO_ENTROPY) && CRYPT_GENSALT_IMPLEMENTS_AUTO_ENTROPY -+ /* -+ * Any version of libcrypt supporting auto entropy is -+ * guaranteed to have crypt_gensalt_rn(). -+ */ -+ sp = crypt_gensalt_rn(algoid, rounds, NULL, 0, salt, sizeof(salt)); -+#else - #ifdef HAVE_CRYPT_GENSALT_R - if (on(UNIX_BLOWFISH_PASS, ctrl)) { - char entropy[17]; -@@ -423,6 +435,7 @@ PAMH_ARG_DECL(char * create_password_has - #ifdef HAVE_CRYPT_GENSALT_R - } - #endif -+#endif /* CRYPT_GENSALT_IMPLEMENTS_AUTO_ENTROPY */ - #ifdef HAVE_CRYPT_R - sp = NULL; - cdata = malloc(sizeof(*cdata)); -Index: Linux-PAM-1.3.1/modules/pam_unix/support.c -=================================================================== ---- Linux-PAM-1.3.1.orig/modules/pam_unix/support.c -+++ Linux-PAM-1.3.1/modules/pam_unix/support.c -@@ -175,6 +175,7 @@ int _set_ctrl(pam_handle_t *pamh, int fl - - if (val) { - *rounds = strtol(val, NULL, 10); -+ set(UNIX_ALGO_ROUNDS, ctrl); - free (val); - } - } -@@ -254,11 +255,13 @@ int _set_ctrl(pam_handle_t *pamh, int fl - if (*rounds < 4 || *rounds > 31) - *rounds = 5; - } else if (on(UNIX_SHA256_PASS, ctrl) || on(UNIX_SHA512_PASS, ctrl)) { -- if ((*rounds < 1000) || (*rounds == INT_MAX)) -+ if ((*rounds < 1000) || (*rounds == INT_MAX)) { - /* don't care about bogus values */ -+ *rounds = 0; - unset(UNIX_ALGO_ROUNDS, ctrl); -- if (*rounds >= 10000000) -+ } else if (*rounds >= 10000000) { - *rounds = 9999999; -+ } - } - } - |