[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

sulogin and MD5 pwds



> Hi all!
>
> For security reasons I've switched to MD5_CRYPT + shadow pwd's.
> login seems to work fine, but sulogin refused to recognize my
root-password
>  that is much longer than 8 chars.
>
> Thanks,
> Soeren.
>
> ----
> we usually get what we want.

Its me quoting myself.
I've had a look at sulogin.c and discovered that the max. pass-string-length
is about 15 characters.
Is there anyone to patch that ? (I guess MD5 allows max. 127 characters) so
the only thing to do would be setting these:

Original getpasswd function:

/*
 *	Ask for the password. Note that there is no
 *	default timeout as we normally skip this during boot.
 */
char *getpasswd()
{
	struct termios old, tty;
	static char pass[16];
	char *ret = pass;
	int i;

	printf("Give root password for maintenance\n");
	printf("(or type Control-D for normal startup): ");
	fflush(stdout);

	tcgetattr(0, &old);
	tcgetattr(0, &tty);
	tty.c_iflag &= ~(IUCLC|IXON|IXOFF|IXANY);
	tty.c_lflag &= ~(ECHO|ECHOE|ECHOK|ECHONL|TOSTOP);
	tcsetattr(0, TCSANOW, &tty);

	pass[15] = 0;
	if (timeout) alarm(timeout);
	if (read(0, pass, 15) <= 0)
		ret = NULL;
	else {
		for(i = 0; i < 15; i++)
			if (pass[i] == '\r' || pass[i] == '\n') {
				pass[i] = 0;
				break;
			}
	}
	alarm(0);
	tcsetattr(0, TCSANOW, &old);
	printf("\n");

	return ret;
}

Changed should look like:

/*
 *	Ask for the password. Note that there is no
 *	default timeout as we normally skip this during boot.
 */
char *getpasswd()
{
	struct termios old, tty;
	static char pass[128];
	char *ret = pass;
	int i;

	printf("Give root password for maintenance\n");
	printf("(or type Control-D for normal startup): ");
	fflush(stdout);

	tcgetattr(0, &old);
	tcgetattr(0, &tty);
	tty.c_iflag &= ~(IUCLC|IXON|IXOFF|IXANY);
	tty.c_lflag &= ~(ECHO|ECHOE|ECHOK|ECHONL|TOSTOP);
	tcsetattr(0, TCSANOW, &tty);

	pass[127] = 0;
	if (timeout) alarm(timeout);
	if (read(0, pass, 127) <= 0)
		ret = NULL;
	else {
		for(i = 0; i < 127; i++)
			if (pass[i] == '\r' || pass[i] == '\n') {
				pass[i] = 0;
				break;
			}
	}
	alarm(0);
	tcsetattr(0, TCSANOW, &old);
	printf("\n");

	return ret;
}

I am not very sure wheter passwords with length=127 will work, maybe someone
will try.
Anyway it works for me now.

S.
----
Das Fluchen ist die Sprache, die alle Programmierer am besten verstehen.


Reply to: