summaryrefslogtreecommitdiff
path: root/source3/lib
diff options
context:
space:
mode:
authorAndrew Tridgell <tridge@samba.org>1998-04-21 07:26:15 +0000
committerAndrew Tridgell <tridge@samba.org>1998-04-21 07:26:15 +0000
commit8c7e457ae46a820cef36ac3f99e41f1276bc4587 (patch)
tree8742a20de8915aab4eb8a2dfdb58adcb9a7d04f9 /source3/lib
parenta63bcb436ad41058e6425c84c1a9994036be1166 (diff)
downloadsamba-8c7e457ae46a820cef36ac3f99e41f1276bc4587.tar.gz
samba-8c7e457ae46a820cef36ac3f99e41f1276bc4587.tar.bz2
samba-8c7e457ae46a820cef36ac3f99e41f1276bc4587.zip
many systems don't have /etc/shadow but do have another system for
making encrypted passwords secret. For example, with secure NIS+ only root can get the encrypted password. hash in the encrypted password of "root" to provide a nice source of secret on such systems. On systems that don't have this (ie. any user can get roots encrypted password) then the security is so slack that it probably doesn't matter what we do to generate the secret. (This used to be commit 3271e4c29fdc15a1ae61dec94517e484c2457411)
Diffstat (limited to 'source3/lib')
-rw-r--r--source3/lib/genrand.c12
1 files changed, 12 insertions, 0 deletions
diff --git a/source3/lib/genrand.c b/source3/lib/genrand.c
index 78d19da00a..8d7084d9f6 100644
--- a/source3/lib/genrand.c
+++ b/source3/lib/genrand.c
@@ -117,6 +117,7 @@ static void do_reseed(unsigned char *md4_outbuf)
int fd;
struct timeval tval;
pid_t mypid;
+ struct passwd *pw;
memset(md4_inbuf, '\0', sizeof(md4_inbuf));
@@ -144,6 +145,17 @@ static void do_reseed(unsigned char *md4_outbuf)
do_filehash("/etc/shadow", &md4_inbuf[0]);
do_filehash(SMB_PASSWD_FILE, &md4_inbuf[16]);
+ /* add in the root encrypted password. On any system where security is taken
+ seriously this will be secret */
+ pw = getpwnam("root");
+ if (pw) {
+ int i;
+ unsigned char md4_tmp[16];
+ mdfour(md4_tmp, pw->pw_passwd, strlen(pw->pw_passwd));
+ for (i=0;i<16;i++)
+ md4_inbuf[8+i] ^= md4_tmp[i];
+ }
+
/*
* Finally add the counter, time of day, and pid.
*/