From 43b10b311ac290b40ecfd4e933a9b92f85997856 Mon Sep 17 00:00:00 2001
From: nekral-guest <nekral-guest@5a98b0ae-9ef6-0310-add3-de5d479b70d7>
Date: Fri, 23 Nov 2007 20:51:43 +0000
Subject: [PATCH] Applied patch shadow-utils-4.0.18.2-salt.patch. Thanks to Dan
 Kopecek <dkopecek@redhat.com>

---
 ChangeLog       | 13 ++++++++++++
 libmisc/salt.c  | 53 ++++++++++++++++++++++++++++++++-----------------
 src/chgpasswd.c | 10 +++++-----
 src/chpasswd.c  | 10 +++++-----
 src/newusers.c  | 10 +++++-----
 5 files changed, 63 insertions(+), 33 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index 8a1d0015..4d24babf 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,16 @@
+2007-11-23  Nicolas François  <nicolas.francois@centraliens.net>
+
+	Patch contributed by Dan Kopecek <dkopecek@redhat.com>
+	* src/chpasswd.c, src/chgpasswd.c, src/newusers.c: Fix compilation
+	when ENCRYPTMETHOD_SELECT is not defined.
+	* libmisc/salt.c (MAGNUM): The nul char was put on (array)[2]
+	instead of (array)[3].
+	* libmisc/salt.c: MAGNUM should be defined even if
+	ENCRYPTMETHOD_SELECT is not defined.
+	* libmisc/salt.c: Use random instead of rand.
+	* libmisc/salt.c (gensalt): New function to generate a salt
+	(instead of using gettimeofday).
+
 2007-11-23  Nicolas François  <nicolas.francois@centraliens.net>
 
 	* NEWS, src/newusers.c: New options -c/--crypt-method
diff --git a/libmisc/salt.c b/libmisc/salt.c
index 2f1a4be2..a6481187 100644
--- a/libmisc/salt.c
+++ b/libmisc/salt.c
@@ -13,6 +13,7 @@
 
 #include <sys/time.h>
 #include <stdlib.h>
+#include <assert.h>
 #include "prototypes.h"
 #include "defines.h"
 #include "getdef.h"
@@ -52,14 +53,12 @@ char *l64a(long value)
 }
 #endif /* !HAVE_L64A */
 
-#ifdef ENCRYPTMETHOD_SELECT
 /*
  * Add the salt prefix.
  */
-#define MAGNUM(array,ch)	(array)[0]= (array)[2] = '$',\
-				(array)[1]=(ch),\
-				(array)[2]='\0'
+#define MAGNUM(array,ch)	(array)[0]=(array)[2]='$',(array)[1]=(ch),(array)[3]='\0'
 
+#ifdef ENCRYPTMETHOD_SELECT
 /*
  * Return the salt size.
  * The size of the salt string is between 8 and 16 bytes for the SHA crypt
@@ -67,8 +66,8 @@ char *l64a(long value)
  */
 static unsigned int SHA_salt_size (void)
 {
-	srand (time (NULL));
-	return 8 + (double)rand () * 9 / RAND_MAX;
+	srandom ((unsigned int)time (NULL));
+	return 8 + (double)random () * 9 / RAND_MAX;
 }
 
 /* ! Arguments evaluated twice ! */
@@ -133,6 +132,29 @@ static char *SHA_salt_rounds (int *prefered_rounds)
 }
 #endif
 
+/*
+ *  Generate salt of size salt_size.
+ */
+#define MAX_SALT_SIZE 16
+#define MIN_SALT_SIZE 8
+
+char *gensalt (unsigned int salt_size) {
+  static char salt[32];
+ 
+  salt[0] = '\0';
+  
+  if (salt_size >= MIN_SALT_SIZE &&
+      salt_size <= MAX_SALT_SIZE) {
+    strcat (salt, l64a (random()));
+    do {
+      strcat (salt, l64a (random()));
+    } while (strlen (salt) < salt_size);
+    salt[salt_size] = '\0';
+  }
+  
+  return salt;
+}
+
 /*
  * Generate 8 base64 ASCII characters of random salt.  If MD5_CRYPT_ENAB
  * in /etc/login.defs is "yes", the salt string will be prefixed by "$1$"
@@ -150,7 +172,6 @@ static char *SHA_salt_rounds (int *prefered_rounds)
  */
 char *crypt_make_salt (char *meth, void *arg)
 {
-	struct timeval tv;
 	/* Max result size for the SHA methods:
 	 *  +3		$5$
 	 *  +17		rounds=999999999$
@@ -158,7 +179,7 @@ char *crypt_make_salt (char *meth, void *arg)
 	 *  +1		\0
 	 */
 	static char result[40];
-	size_t max_salt_len = 8;
+	size_t salt_len = 8;
 	char *method = "DES";
 
 	result[0] = '\0';
@@ -174,16 +195,15 @@ char *crypt_make_salt (char *meth, void *arg)
 
 	if (!strcmp (method, "MD5")) {
 		MAGNUM(result, '1');
-		max_salt_len = 11;
 #ifdef ENCRYPTMETHOD_SELECT
 	} else if (!strcmp (method, "SHA256")) {
 		MAGNUM(result, '5');
 		strcat(result, SHA_salt_rounds((int *)arg));
-		max_salt_len = strlen(result) + SHA_salt_size();
+		salt_len = SHA_salt_size();
 	} else if (!strcmp (method, "SHA512")) {
 		MAGNUM(result, '6');
 		strcat(result, SHA_salt_rounds((int *)arg));
-		max_salt_len = strlen(result) + SHA_salt_size();
+		salt_len = SHA_salt_size();
 #endif
 	} else if (0 != strcmp (method, "DES")) {
 		fprintf (stderr,
@@ -196,13 +216,10 @@ char *crypt_make_salt (char *meth, void *arg)
 	/*
 	 * Concatenate a pseudo random salt.
 	 */
-	gettimeofday (&tv, (struct timezone *) 0);
-	strncat (result, l64a (tv.tv_usec), sizeof(result));
-	strncat (result, l64a (tv.tv_sec + getpid () + clock ()),
-	         sizeof(result));
-
-	if (strlen (result) > max_salt_len)	/* magic+salt */
-		result[max_salt_len] = '\0';
+	assert (sizeof (result) > strlen (result) + salt_len);
+	srandom ((unsigned int)time(NULL));
+	strncat (result, gensalt (salt_len),
+		 sizeof (result) - strlen (result) - 1);
 
 	return result;
 }
diff --git a/src/chgpasswd.c b/src/chgpasswd.c
index 39dfe424..c1a1ecf8 100644
--- a/src/chgpasswd.c
+++ b/src/chgpasswd.c
@@ -183,12 +183,12 @@ int main (int argc, char **argv)
 		usage ();
 	}
 	if (cflg) {
-		if (0 != strcmp (crypt_method, "DES") &&
-		    0 != strcmp (crypt_method, "MD5") &&
-		    0 != strcmp (crypt_method, "NONE") &&
+		if (   0 != strcmp (crypt_method, "DES")
+		    && 0 != strcmp (crypt_method, "MD5")
+		    && 0 != strcmp (crypt_method, "NONE")
 #ifdef ENCRYPTMETHOD_SELECT
-		    0 != strcmp (crypt_method, "SHA256") &&
-		    0 != strcmp (crypt_method, "SHA512")
+		    && 0 != strcmp (crypt_method, "SHA256")
+		    && 0 != strcmp (crypt_method, "SHA512")
 #endif
 		    ) {
 			fprintf (stderr,
diff --git a/src/chpasswd.c b/src/chpasswd.c
index afddb71d..8a22e499 100644
--- a/src/chpasswd.c
+++ b/src/chpasswd.c
@@ -179,12 +179,12 @@ int main (int argc, char **argv)
 		usage ();
 	}
 	if (cflg) {
-		if (0 != strcmp (crypt_method, "DES") &&
-		    0 != strcmp (crypt_method, "MD5") &&
-		    0 != strcmp (crypt_method, "NONE") &&
+		if (   0 != strcmp (crypt_method, "DES")
+		    && 0 != strcmp (crypt_method, "MD5")
+		    && 0 != strcmp (crypt_method, "NONE")
 #ifdef ENCRYPTMETHOD_SELECT
-		    0 != strcmp (crypt_method, "SHA256") &&
-		    0 != strcmp (crypt_method, "SHA512")
+		    && 0 != strcmp (crypt_method, "SHA256")
+		    && 0 != strcmp (crypt_method, "SHA512")
 #endif
 		    ) {
 			fprintf (stderr,
diff --git a/src/newusers.c b/src/newusers.c
index 95753b92..5bdf567f 100644
--- a/src/newusers.c
+++ b/src/newusers.c
@@ -379,12 +379,12 @@ int main (int argc, char **argv)
 		usage ();
 	}
 	if (cflg) {
-		if (0 != strcmp (crypt_method, "DES") &&
-		    0 != strcmp (crypt_method, "MD5") &&
-		    0 != strcmp (crypt_method, "NONE") &&
+		if (   0 != strcmp (crypt_method, "DES")
+		    && 0 != strcmp (crypt_method, "MD5")
+		    && 0 != strcmp (crypt_method, "NONE")
 #ifdef ENCRYPTMETHOD_SELECT
-		    0 != strcmp (crypt_method, "SHA256") &&
-		    0 != strcmp (crypt_method, "SHA512")
+		    && 0 != strcmp (crypt_method, "SHA256")
+		    && 0 != strcmp (crypt_method, "SHA512")
 #endif
 		    ) {
 			fprintf (stderr,