sulogin and MD5 pwds
> Hi all!
>
> For security reasons I've switched to MD5_CRYPT + shadow pwd's.
> login seems to work fine, but sulogin refused to recognize my
root-password
> that is much longer than 8 chars.
>
> Thanks,
> Soeren.
>
> ----
> we usually get what we want.
Its me quoting myself.
I've had a look at sulogin.c and discovered that the max. pass-string-length
is about 15 characters.
Is there anyone to patch that ? (I guess MD5 allows max. 127 characters) so
the only thing to do would be setting these:
Original getpasswd function:
/*
* Ask for the password. Note that there is no
* default timeout as we normally skip this during boot.
*/
char *getpasswd()
{
struct termios old, tty;
static char pass[16];
char *ret = pass;
int i;
printf("Give root password for maintenance\n");
printf("(or type Control-D for normal startup): ");
fflush(stdout);
tcgetattr(0, &old);
tcgetattr(0, &tty);
tty.c_iflag &= ~(IUCLC|IXON|IXOFF|IXANY);
tty.c_lflag &= ~(ECHO|ECHOE|ECHOK|ECHONL|TOSTOP);
tcsetattr(0, TCSANOW, &tty);
pass[15] = 0;
if (timeout) alarm(timeout);
if (read(0, pass, 15) <= 0)
ret = NULL;
else {
for(i = 0; i < 15; i++)
if (pass[i] == '\r' || pass[i] == '\n') {
pass[i] = 0;
break;
}
}
alarm(0);
tcsetattr(0, TCSANOW, &old);
printf("\n");
return ret;
}
Changed should look like:
/*
* Ask for the password. Note that there is no
* default timeout as we normally skip this during boot.
*/
char *getpasswd()
{
struct termios old, tty;
static char pass[128];
char *ret = pass;
int i;
printf("Give root password for maintenance\n");
printf("(or type Control-D for normal startup): ");
fflush(stdout);
tcgetattr(0, &old);
tcgetattr(0, &tty);
tty.c_iflag &= ~(IUCLC|IXON|IXOFF|IXANY);
tty.c_lflag &= ~(ECHO|ECHOE|ECHOK|ECHONL|TOSTOP);
tcsetattr(0, TCSANOW, &tty);
pass[127] = 0;
if (timeout) alarm(timeout);
if (read(0, pass, 127) <= 0)
ret = NULL;
else {
for(i = 0; i < 127; i++)
if (pass[i] == '\r' || pass[i] == '\n') {
pass[i] = 0;
break;
}
}
alarm(0);
tcsetattr(0, TCSANOW, &old);
printf("\n");
return ret;
}
I am not very sure wheter passwords with length=127 will work, maybe someone
will try.
Anyway it works for me now.
S.
----
Das Fluchen ist die Sprache, die alle Programmierer am besten verstehen.
Reply to: