New Login: need crypt

[Eamonn McManus]

I have cut down the crossposting and directed followups to
comp.unix.sysv386.

jpm at logixwi.uucp (Jan-Piet Mens @ Logix GmbH, Wiesbaden) writes:
>I am writing a new login which should have a few extras (any ideas ?) for
>an SCO UNIX 3.2.2 machine.
>Apart from the set_auth* stuff which I have found (omegod :-), there is a 
>crypt(3) routine in the shared library libc_s that only returns 13 
>characters of encrypted password.
>SCO UNIX though, allows (and has) passwords with more than 13 encrypted 
>characterns in the security database /tcb/files/auth/?/*.

There is an undocumented routine called bigcrypt() which is called in
essentially the same way as crypt().  It produces the same result as
crypt() for short passwords (<= 8 plaintext characters); for longer
passwords it apparently crypts each block of eight characters separately
and concatenates the results.  Here is a relevant excerpt from my
replacement SCO su:

  ...
  #if SecureWare
  #include <sys/security.h>
  #include <prot.h>
  #endif
  ...
	  char *pass, *crpass, *realpass;
  #if SecureWare
	  struct pr_passwd *ugh;
	  int origumask;
  #endif
  ...
	  origumask = umask(0); (void) umask(origumask);
	  set_auth_parameters(argc, argv);
	  /* OBNOXIOUS MISFEATURE: above call sets the umask to 077.  If I want
	     the umask to be changed, I'll ASK for it to be changed.  Grrr.  */
	  (void) umask(origumask);
	  if ((ugh = getprpwnam(user)) == NULL)
	      crash("get protected password", user);
	  if ((pass = getpasswd("Password:", AUTH_MAX_PASSWD_LENGTH)) == NULL)
	      crash("getpasswd", user);
	  /* Use the undocumented bigcrypt() routine which crypts a password
	     in pieces if it is longer than 8 characters. */
	  if ((crpass = bigcrypt(pass, ugh->ufld.fd_encrypt)) == NULL)
	      crash("crypt", user);
	      /* I don't think crypt can fail, but may as well test. */
  ...

,
Eamonn