From 8c7e457ae46a820cef36ac3f99e41f1276bc4587 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Tue, 21 Apr 1998 07:26:15 +0000 Subject: many systems don't have /etc/shadow but do have another system for making encrypted passwords secret. For example, with secure NIS+ only root can get the encrypted password. hash in the encrypted password of "root" to provide a nice source of secret on such systems. On systems that don't have this (ie. any user can get roots encrypted password) then the security is so slack that it probably doesn't matter what we do to generate the secret. (This used to be commit 3271e4c29fdc15a1ae61dec94517e484c2457411) --- source3/lib/genrand.c | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/source3/lib/genrand.c b/source3/lib/genrand.c index 78d19da00a..8d7084d9f6 100644 --- a/source3/lib/genrand.c +++ b/source3/lib/genrand.c @@ -117,6 +117,7 @@ static void do_reseed(unsigned char *md4_outbuf) int fd; struct timeval tval; pid_t mypid; + struct passwd *pw; memset(md4_inbuf, '\0', sizeof(md4_inbuf)); @@ -144,6 +145,17 @@ static void do_reseed(unsigned char *md4_outbuf) do_filehash("/etc/shadow", &md4_inbuf[0]); do_filehash(SMB_PASSWD_FILE, &md4_inbuf[16]); + /* add in the root encrypted password. On any system where security is taken + seriously this will be secret */ + pw = getpwnam("root"); + if (pw) { + int i; + unsigned char md4_tmp[16]; + mdfour(md4_tmp, pw->pw_passwd, strlen(pw->pw_passwd)); + for (i=0;i<16;i++) + md4_inbuf[8+i] ^= md4_tmp[i]; + } + /* * Finally add the counter, time of day, and pid. */ -- cgit