Use crypt_r if available in pam_userdb and in pam_unix.

* modules/pam_unix/passverify.c (create_password_hash): Call crypt_r()
instead of crypt() if available.
* modules/pam_userdb/pam_userdb.c (user_lookup): Call crypt_r()
instead of crypt() if available.

diff --git a/modules/pam_unix/passverify.c b/modules/pam_unix/passverify.c
index 7f7bc4901182e63a4fa0439f43b62727171c16f2..b325602c0bfa07cdad9fed6c1b5b12cdae976a97 100644 (file)
--- a/modules/pam_unix/passverify.c
+++ b/modules/pam_unix/passverify.c
@@ -377,6 +377,9 @@ PAMH_ARG_DECL(char * create_password_hash,
        const char *algoid;
        char salt[64]; /* contains rounds number + max 16 bytes of salt + algo id */
        char *sp;
+#ifdef HAVE_CRYPT_R
+       struct crypt_data *cdata = NULL;
+#endif
 
        if (on(UNIX_MD5_PASS, ctrl)) {
                /* algoid = "$1" */
@@ -423,7 +426,16 @@ PAMH_ARG_DECL(char * create_password_hash,
 #ifdef HAVE_CRYPT_GENSALT_R
        }
 #endif
+#ifdef HAVE_CRYPT_R
+       sp = NULL;
+       cdata = malloc(sizeof(*cdata));
+       if (cdata != NULL) {
+               cdata->initialized = 0;
+               sp = crypt_r(password, salt, cdata);
+       }
+#else
        sp = crypt(password, salt);
+#endif
        if (!sp || strncmp(algoid, sp, strlen(algoid)) != 0) {
                /* libxcrypt/libc doesn't know the algorithm, use MD5 */
                pam_syslog(pamh, LOG_ERR,
@@ -435,10 +447,16 @@ PAMH_ARG_DECL(char * create_password_hash,
                if(sp) {
                   memset(sp, '\0', strlen(sp));
                }
+#ifdef HAVE_CRYPT_R
+               free(cdata);
+#endif
                return crypt_md5_wrapper(password);
        }
-
-       return x_strdup(sp);
+       sp = x_strdup(sp);
+#ifdef HAVE_CRYPT_R
+       free(cdata);
+#endif
+       return sp;
 }
 
 #ifdef WITH_SELINUX

diff --git a/modules/pam_userdb/pam_userdb.c b/modules/pam_userdb/pam_userdb.c
index ba36ebf23b4e5bddca8211ecf18a0571978dca6b..8df1a40cb041971acb2dcdac30fb5d7cb87747c9 100644 (file)
--- a/modules/pam_userdb/pam_userdb.c
+++ b/modules/pam_userdb/pam_userdb.c
@@ -213,15 +213,23 @@ user_lookup (pam_handle_t *pamh, const char *database, const char *cryptmode,
 
          /* crypt(3) password storage */
 
-         char *cryptpw;
+         char *cryptpw = NULL;
 
          if (data.dsize < 13) {
            compare = -2;
          } else if (ctrl & PAM_ICASE_ARG) {
            compare = -2;
          } else {
+#ifdef HAVE_CRYPT_R
+           struct crypt_data *cdata = NULL;
+           cdata = malloc(sizeof(*cdata));
+           if (cdata != NULL) {
+               cdata->initialized = 0;
+               cryptpw = crypt_r(pass, data.dptr, cdata);
+           }
+#else
            cryptpw = crypt (pass, data.dptr);
-
+#endif
            if (cryptpw && strlen(cryptpw) == (size_t)data.dsize) {
              compare = memcmp(data.dptr, cryptpw, data.dsize);
            } else {
@@ -232,9 +240,11 @@ user_lookup (pam_handle_t *pamh, const char *database, const char *cryptmode,
                else
                  pam_syslog(pamh, LOG_INFO, "crypt() returned NULL");
              }
-           };
-
-         };
+           }
+#ifdef HAVE_CRYPT_R
+           free(cdata);
+#endif
+         }
 
        } else {