From: Todd C. Miller <Todd.Miller@courtesan.com>
Date: Sat, 3 Jun 1995 22:52:00 +0000 (+0000)
Subject: added crypt() for osf/1 3.x enhanced secuiry
X-Git-Tag: SUDO_1_4_0~396
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=e776214bfe606bf43b3cce6b8552482340052f6e;p=sudo

added crypt() for osf/1 3.x enhanced secuiry
---

diff --git a/check.c b/check.c
index f25f3b51e..d99bfa093 100644
--- a/check.c
+++ b/check.c
@@ -95,6 +95,7 @@ static int   check_timestamp	__P((void));
 static void  check_passwd	__P((void));
 static void  update_timestamp	__P((void));
 static void  reminder		__P((void));
+static char *osf_C2_crypt	__P((char *, char *));
 int   user_is_exempt		__P((void));
 
 /*
@@ -103,6 +104,13 @@ int   user_is_exempt		__P((void));
 static int   timedir_is_good;
 static char *timestampfile_p;
 
+/*
+ * Defines for Digital Un*x 3.x enhanced security
+ */
+#define C2_MAXPASS	100
+#define C2_MAXENPASS	200
+#define C2_SEGSIZE	8
+
 
 /********************************************************************
  *
@@ -430,6 +438,10 @@ static void check_passwd()
 	if (spw_ent && !strcmp(encrypted, (char *) crypt16(pass, encrypted)))
 	    return;		/* if the passwd is correct return() */
 #endif /* ultrix && HAVE_C2_SECURITY */
+#if defined(__osf__) && defined(HAVE_C2_SECURITY)
+	if (spw_ent && !strcmp(encrypted, osf_C2_crypt(pass,encrypted)))
+	    return;             /* if the passwd is correct return() */
+#endif /* __osf__ && HAVE_C2_SECURITY */
 #ifdef HAVE_SKEY
 	if (!strcmp(pw_ent->pw_passwd, skey_crypt(pass, pw_ent->pw_passwd,
 	    pw_ent, pw_ok)))
@@ -472,6 +484,56 @@ static void check_passwd()
 }
 
 
+/********************************************************************
+ * osf_C2_crypt()  - returns OSF/1 3.0 enhanced security encrypted
+ *               password.  crypt() produces, given an eight
+ *               character segment, an encrypted 13 character
+ *               with the first two the salt and the remaining
+ *               11 characters the encrypted password.  OSF/1 uses
+ *               crypt() on each 8 character segment appending each
+ *               resulting encrypted segment except the first two
+ *               character (salt) after the first segement.  See
+ *               OSF/1 Security documentation section 16.4.
+ * Programmer: Richard Jackson, George Mason University
+ */
+static char *osf_C2_crypt(pass, encrypt_salt)
+    char *pass;
+    char *encrypt_salt;
+{
+    static char     enpass[C2_MAXENPASS];
+    char   segpass[C2_MAXPASS];	    /* segment of original password */
+    char   segenpass[C2_MAXENPASS]; /* segment of encrypted password */
+    char   salt[3];		    /* salt for crypt() */
+    int    segnum;		    /* num of 8 char pw segments to process */
+    int    len;			    /* length of passwd */
+    int    i;
+
+    /*
+     * calculate the num of pw segs to process
+     */
+    len = strlen(pass);
+    if ((len % C2_SEGSIZE) > 0)
+	segnum = (len / C2_SEGSIZE) + 1;	/* ie, 9 chars is 2 segments */
+    else
+	segnum = (len / C2_SEGSIZE);		/* ie, 8 chars is 1 segment */
+
+    strncpy(salt, encrypt_salt, 2);		/* starting salt */
+    for (i = 0; i < segnum; i++) {
+	strncpy(segpass, (pass + (i * C2_SEGSIZE)), C2_SEGSIZE);
+
+	strncpy(segenpass, (char *) crypt(segpass, salt), C2_MAXENPASS);
+
+	strncpy(salt, (segenpass + 2), 2);  /* next salt is from previous seg */
+
+	if (i == 0)
+	    strncpy(enpass, segenpass, C2_MAXENPASS);
+	else
+	    strncat(enpass, (segenpass + 2), C2_MAXENPASS);
+    }
+
+    return(enpass);
+}
+
 
 /********************************************************************
  *