Re: gated 3.6A1 for 1.3.99 (diffs)

Marek Michalkiewicz (marekm@i17linuxb.ists.pwr.wroc.pl)
Mon, 13 May 1996 03:08:15 +0200 (MET DST)


Stephen Davies:
> Attached are an autoconfig file for Linux 1.3.9? and a diff file against
> the official gated 3.6Alpha1 sources.
>
> These diffs remove the last dependencies on BSD headers, add support for
> long shadow passwords to GII and fix a couple of minor interface problems.
>
> Both files have been submitted to Merit and should become part of the
> next official release.

Hi,

I am the current maintainer of the Linux port of the shadow suite.
Yet another program which needs to know about shadow passwords...
I hope it is not too late to add a few comments.

> pw = getpwnam(GII_USER);
> + #ifdef SHADOW_PASSWD
> + spw = getspnam (pw->pw_name);
> + if (!pw || !pw->pw_passwd || !spw) {
> + #else
> if (!pw || !pw->pw_passwd) {
> + #endif

Please don't do it this way. This means that the shadow-aware binary
will not work with non-shadow passwords (including NIS passwords).
Instead, please do something like this:

pw = getpwnam(GII_USER);
#ifdef SHADOW_PASSWD
if (pw) {
spw = getspnam(pw->pw_name);
if (spw)
pw->pw_passwd = spw->sp_pwdp;
endspent();
}
#endif
if (!pw || !pw->pw_passwd[0]) {

(I suppose this should check for passwordless accounts - the original
check does nothing because pw->pw_passwd is never a NULL pointer.)

This way the same binary will work with both shadow and non-shadow
passwords. For ELF systems, it is safe to always define SHADOW_PASSWD
- getspnam() is in the standard libc-5.x.

> + #ifdef SHADOW_PASSWD
> + if(strcmp(spw->sp_pwdp,(char *) pw_encrypt(ln, spw->sp_pwdp)))
> + #else
> if (strcmp(pw->pw_passwd, (char *)crypt(ln, pw->pw_passwd)))
> + #endif

This #ifdef is now unnecessary, just do what is in the #else part.

Long passwords are discouraged, as the algorithm used for them has some
known weaknesses. Existing long passwords can be converted to short
ones by truncating them to first 13 characters. Also, pw_encrypt()
requires libshadow.a (which is otherwise not necessary with libc-5.x
- now you can build shadow-aware applications even if you don't have
the shadow suite).

If really want to use pw_encrypt(), a simple

#define crypt pw_encrypt

should do the trick. The MD5-based crypt() as found in recent releases
of FreeBSD might be a better choice for long passwords (if you don't
need to share them with other systems which don't understand them).

> # List libraries required for your environment
>
> ldflags -lshadow -ldb

As said above, -lshadow is no longer necessary with libc5. It is
still necessary for old a.out systems, of course - but these are
disappearing now...

Making the same binary work with both shadow and non-shadow passwords
means one less program to recompile when installing the shadow suite -
let's make this process less painful than it used to be. What I have
said here generally applies to most programs which need to verify
passwords - I hope this becomes the standard for Linux ELF systems.

Regards,

Marek