2 * Copyright (c) 2003 Ben Lindstrom. All rights reserved.
4 * Redistribution and use in source and binary forms, with or without
5 * modification, are permitted provided that the following conditions
7 * 1. Redistributions of source code must retain the above copyright
8 * notice, this list of conditions and the following disclaimer.
9 * 2. Redistributions in binary form must reproduce the above copyright
10 * notice, this list of conditions and the following disclaimer in the
11 * documentation and/or other materials provided with the distribution.
13 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
14 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
15 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
16 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
17 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
18 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
19 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
20 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
21 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
22 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
27 #include <sys/types.h>
32 # if defined(HAVE_CRYPT_H) && !defined(HAVE_SECUREWARE)
37 # include <hpsecurity.h>
41 # ifdef HAVE_SECUREWARE
42 # include <sys/security.h>
43 # include <sys/audit.h>
47 # if defined(HAVE_SHADOW_H) && !defined(DISABLE_SHADOW)
51 # if defined(HAVE_GETPWANAM) && !defined(DISABLE_SHADOW)
52 # include <sys/label.h>
53 # include <sys/audit.h>
57 # if defined(HAVE_MD5_PASSWORDS) && !defined(HAVE_MD5_CRYPT)
58 # include "md5crypt.h"
61 # if defined(WITH_OPENSSL) && !defined(HAVE_CRYPT) && defined(HAVE_DES_CRYPT)
62 # include <openssl/des.h>
63 # define crypt DES_crypt
67 * Pick an appropriate password encryption type and salt for the running
68 * system by searching through accounts until we find one that has a valid
69 * salt. Usually this will be root unless the root account is locked out.
70 * If we don't find one we return a traditional DES-based salt.
82 strlcpy(salt, "xx", sizeof(salt));
84 while ((pw = getpwent()) != NULL) {
85 passwd = shadow_pw(pw);
86 if (passwd[0] == '$' && (p = strrchr(passwd+1, '$')) != NULL) {
87 typelen = p - passwd + 1;
88 strlcpy(salt, passwd, MIN(typelen, sizeof(salt)));
89 explicit_bzero(passwd, strlen(passwd));
99 xcrypt(const char *password, const char *salt)
104 * If we don't have a salt we are encrypting a fake password for
105 * for timing purposes. Pick an appropriate salt.
110 # ifdef HAVE_MD5_PASSWORDS
111 if (is_md5_salt(salt))
112 crypted = md5_crypt(password, salt);
114 crypted = crypt(password, salt);
115 # elif defined(__hpux) && !defined(HAVE_SECUREWARE)
117 crypted = bigcrypt(password, salt);
119 crypted = crypt(password, salt);
120 # elif defined(HAVE_SECUREWARE)
121 crypted = bigcrypt(password, salt);
123 crypted = crypt(password, salt);
130 * Handle shadowed password systems in a cleaner way for portable
135 shadow_pw(struct passwd *pw)
137 char *pw_password = pw->pw_passwd;
139 # if defined(HAVE_SHADOW_H) && !defined(DISABLE_SHADOW)
140 struct spwd *spw = getspnam(pw->pw_name);
143 pw_password = spw->sp_pwdp;
147 return(get_iaf_password(pw));
150 # if defined(HAVE_GETPWANAM) && !defined(DISABLE_SHADOW)
151 struct passwd_adjunct *spw;
152 if (issecure() && (spw = getpwanam(pw->pw_name)) != NULL)
153 pw_password = spw->pwa_passwd;
154 # elif defined(HAVE_SECUREWARE)
155 struct pr_passwd *spw = getprpwnam(pw->pw_name);
158 pw_password = spw->ufld.fd_encrypt;