diff options
| author | Michael Forney <mforney@mforney.org> | 2016-06-04 11:42:38 -0700 |
|---|---|---|
| committer | Michael Forney <mforney@mforney.org> | 2016-06-04 11:42:38 -0700 |
| commit | e6e9bd1008fb097688fc1e00430db02bc5a93d5a (patch) | |
| tree | 0d676c0b5edefbea8478eb6c430f6f3543236885 | |
| parent | 8b52db755696b3a2b29a3da28d664b315483193f (diff) | |
ubase: Add patch to use a salt for hashing passwords
| -rw-r--r-- | core/ubase/patch/0001-passwd-Use-a-salt-when-encrypting-passwords.patch | 77 |
1 files changed, 77 insertions, 0 deletions
diff --git a/core/ubase/patch/0001-passwd-Use-a-salt-when-encrypting-passwords.patch b/core/ubase/patch/0001-passwd-Use-a-salt-when-encrypting-passwords.patch new file mode 100644 index 00000000..4c349432 --- /dev/null +++ b/core/ubase/patch/0001-passwd-Use-a-salt-when-encrypting-passwords.patch @@ -0,0 +1,77 @@ +From 00b4ff3b70fd367c0f757943c3d557ffd42c477d Mon Sep 17 00:00:00 2001 +From: Michael Forney <mforney@mforney.org> +Date: Tue, 20 Oct 2015 20:23:50 -0700 +Subject: [PATCH] passwd: Use a salt when encrypting passwords + +--- + passwd.c | 27 ++++++++++++++++++++++++++- + 1 file changed, 26 insertions(+), 1 deletion(-) + +diff --git a/passwd.c b/passwd.c +index 3ea3dd1..d062482 100644 +--- a/passwd.c ++++ b/passwd.c +@@ -2,12 +2,14 @@ + #include <sys/ioctl.h> + #include <sys/stat.h> + #include <sys/types.h> ++#include <sys/syscall.h> + + #include <errno.h> + #include <fcntl.h> + #include <limits.h> + #include <pwd.h> + #include <shadow.h> ++#include <stdint.h> + #include <stdio.h> + #include <stdlib.h> + #include <string.h> +@@ -128,6 +130,25 @@ cleanup: + } + + static void ++gensalt(char *s) ++{ ++ static const char b64[] = "./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz"; ++ uint8_t buf[12]; ++ uint32_t n; ++ int i; ++ ++ if (syscall(SYS_getrandom, buf, sizeof(buf), 0) < 0) ++ eprintf("getrandom:"); ++ for (i = 0; i < 12; i += 3) { ++ n = buf[i] << 16 | buf[i+1] << 8 | buf[i+2]; ++ *s++ = b64[n%64]; n /= 64; ++ *s++ = b64[n%64]; n /= 64; ++ *s++ = b64[n%64]; n /= 64; ++ *s++ = b64[n]; ++ } ++} ++ ++static void + usage(void) + { + eprintf("usage: %s [username]\n", argv0); +@@ -137,7 +158,8 @@ int + main(int argc, char *argv[]) + { + char *cryptpass1 = NULL, *cryptpass2 = NULL, *cryptpass3 = NULL; +- char *inpass, *p, *salt = PW_CIPHER, *prevhash = NULL; ++ char saltbuf[32] = PW_CIPHER; ++ char *inpass, *p, *salt, *prevhash = NULL; + struct passwd *pw; + struct spwd *spw = NULL; + FILE *fp = NULL; +@@ -207,6 +229,9 @@ main(int argc, char *argv[]) + eprintf("incorrect password\n"); + + newpass: ++ gensalt(saltbuf + strlen(saltbuf)); ++ salt = saltbuf; ++ + inpass = getpass("Enter new password: "); + if (!inpass) + eprintf("getpass:"); +-- +2.8.1 + |