From owner-freebsd-security Thu Jul 25 06:41:08 1996 Return-Path: owner-security Received: (from root@localhost) by freefall.freebsd.org (8.7.5/8.7.3) id GAA29215 for security-outgoing; Thu, 25 Jul 1996 06:41:08 -0700 (PDT) Received: from nervosa.netcom.com (nervosa.vendetta.com [192.187.167.18]) by freefall.freebsd.org (8.7.5/8.7.3) with ESMTP id GAA29177; Thu, 25 Jul 1996 06:41:00 -0700 (PDT) Received: (from coredump@localhost) by nervosa.netcom.com (8.7.5/8.7.3) id GAA12575; Thu, 25 Jul 1996 06:41:17 -0700 (PDT) Date: Thu, 25 Jul 1996 06:41:17 -0700 (PDT) From: goamatic To: winter@jurai.net cc: freebsd-current@freebsd.org, freebsd-security@freebsd.org Subject: well.. Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-security@freebsd.org X-Loop: FreeBSD.org Precedence: bulk Here is beta 1 of the changes I have done to Crack 4.1 in order to make it work with master.passwd (md5) style passwords. Patch from crack/ -- begin --- diff -c Sources/Makefile /var/tmp/Sources/Makefile *** Sources/Makefile Thu Jun 25 07:54:38 1992 --- /var/tmp/Sources/Makefile Thu Jul 25 05:02:14 1996 *************** *** 2,8 **** # Revised Makefile for Crack v4.1 - AEM, Feb 14 1992 ### ! LIBS= CFLAGS= -O PWC= crack-pwc FCRYPT= crack-fcrypt.o --- 2,8 ---- # Revised Makefile for Crack v4.1 - AEM, Feb 14 1992 ### ! LIBS= -lcrypt CFLAGS= -O PWC= crack-pwc FCRYPT= crack-fcrypt.o diff -c Sources/conf.h /var/tmp/Sources/conf.h *** Sources/conf.h Thu Jun 25 07:54:41 1992 --- /var/tmp/Sources/conf.h Thu Jul 25 04:23:15 1996 *************** *** 58,64 **** */ #define COMPRESSION ! #define ZCAT "/usr/ucb/zcat" /* as in "zcat Dicts/bigdict.Z" */ #define PCAT "/usr/bin/pcat" /* --- 58,64 ---- */ #define COMPRESSION ! #define ZCAT "/usr/bin/zcat" /* as in "zcat Dicts/bigdict.Z" */ #define PCAT "/usr/bin/pcat" /* *************** *** 66,69 **** * doesn't work properly */ ! #define FCRYPT --- 66,69 ---- * doesn't work properly */ ! #undef FCRYPT diff -c Sources/crack-pwc.c /var/tmp/Sources/crack-pwc.c *** Sources/crack-pwc.c Thu Jun 25 07:55:44 1992 --- /var/tmp/Sources/crack-pwc.c Thu Jul 25 06:21:44 1996 *************** *** 125,131 **** p = PWSkip (p); retval -> passwd.pw_gid = atoi (p); ! p = PWSkip (p); retval -> passwd.pw_gecos = p; p = PWSkip (p); --- 125,140 ---- p = PWSkip (p); retval -> passwd.pw_gid = atoi (p); ! p = PWSkip (p); ! retval -> passwd.pw_class = p; ! ! p = PWSkip (p); ! retval -> passwd.pw_change = atoi (p); ! ! p = PWSkip (p); ! retval -> passwd.pw_expire = atoi (p); ! ! p = PWSkip (p); retval -> passwd.pw_gecos = p; p = PWSkip (p); *************** *** 143,149 **** { int i; char *ptr; ! char salt[2]; char buffer[STRINGSIZE]; long int numlines; long int numentries; --- 152,158 ---- { int i; char *ptr; ! char salt[34]; char buffer[STRINGSIZE]; long int numlines; long int numentries; *************** *** 153,159 **** numlines = 0L; numentries = 0L; current_line = NULL; ! salt[0] = salt[1] = '*'; while (fgets (buffer, STRINGSIZE, stdin)) { --- 162,169 ---- numlines = 0L; numentries = 0L; current_line = NULL; ! salt[0] = '*'; ! salt[1] = '$'; while (fgets (buffer, STRINGSIZE, stdin)) { *************** *** 191,202 **** new_element -> filename); continue; } ! if (i > 13) { Log ("User %s (in %s) has a long pw_passwd field - truncating.\n", new_element -> passwd.pw_name, new_element -> filename); ! ptr[13] = '\0'; } numentries++; --- 201,212 ---- new_element -> filename); continue; } ! if (i > 34) { Log ("User %s (in %s) has a long pw_passwd field - truncating.\n", new_element -> passwd.pw_name, new_element -> filename); ! ptr[34] = '\0'; } numentries++; *************** *** 204,222 **** { new_element -> across = current_line; current_line = new_element; ! } else { if (current_line) { ! current_line -> next = userroot; } userroot = current_line; current_line = new_element; numlines++; ! salt[0] = ptr[0]; ! salt[1] = ptr[1]; ! } } if (current_line) /* last one tends to hang about */ { --- 214,233 ---- { new_element -> across = current_line; current_line = new_element; ! } else { if (current_line) { ! current_line -> next = userroot; } userroot = current_line; current_line = new_element; numlines++; ! strcpy(salt, ptr); ! /* salt[0] = ptr[0]; */ ! /* salt[1] = ptr[1]; */ } + } if (current_line) /* last one tends to hang about */ { *************** *** 1091,1104 **** /* Quick, verify that we are sane ! */ - if (strcmp (crypt ("fredfred", "fredfred"), "frxWbx4IRuBBA")) - { - Log ("Version of crypt() being used internally is not compatible with standard.\n"); - Log ("This could be due to byte ordering problems - see the comments in Sources/conf.h\n"); - Log ("If there is another reason for this, edit the source to remove this assertion.\n"); - Log ("Terminating...\n"); - exit (0); - } #ifndef AMIGA signal (SIGTERM, CatchTERM); #endif --- 1102,1107 ---- diff -c Scripts/do_join /var/tmp/Scripts/do_join *** Scripts/do_join Thu Jun 25 07:54:20 1992 --- /var/tmp/Scripts/do_join Thu Jul 25 05:05:32 1996 *************** *** 48,54 **** awk -F: ' BEGIN { FS = ":"; ! numf = 8; # number of fields in a pwent, + 1 warn="'"$warn"'"; date = "'"`date`"'"; date = substr(date, 5, 15); --- 48,54 ---- awk -F: ' BEGIN { FS = ":"; ! numf = 11; # number of fields in a pwent, + 1 warn="'"$warn"'"; date = "'"`date`"'"; date = substr(date, 5, 15); -- cut -------- == Chris Layne ======================================== Nervosa Computing == == coredump@nervosa.vendetta.com == http://nervosa.vendetta.com/~coredump ==