diff --git a/useradmin/md5-lib.pl b/useradmin/md5-lib.pl index af3b9db27..c8250114e 100755 --- a/useradmin/md5-lib.pl +++ b/useradmin/md5-lib.pl @@ -1,5 +1,9 @@ # Functions for MD5 and SHA1 password encryption +use strict; +use warnings; +our %config; + # check_md5() # Returns a perl module name if the needed perl module(s) for MD5 encryption # are not installed, or undef if they are @@ -23,9 +27,8 @@ return undef; # Returns a string encrypted in MD5 format sub encrypt_md5 { -local $passwd = $_[0]; -local $salt = $_[1]; -local $magic = '$1$'; +my ($passwd, $salt) = @_; +my $magic = '$1$'; if ($salt =~ /^\$1\$([^\$]+)/) { # Extract actual salt from already encrypted password $salt = $1; @@ -42,7 +45,7 @@ if (&unix_crypt_supports_md5()) { } # Add the password, magic and salt -local $cls = "MD5"; +my $cls = "MD5"; eval "use MD5"; if ($@) { $cls = "Digest::MD5"; @@ -51,26 +54,25 @@ if ($@) { &error("Missing MD5 or Digest::MD5 perl modules"); } } -local $ctx = eval "new $cls"; +my $ctx = eval "new $cls"; $ctx->add($passwd); $ctx->add($magic); $ctx->add($salt); # Add some more stuff from the hash of the password and salt -local $ctx1 = eval "new $cls"; +my $ctx1 = eval "new $cls"; $ctx1->add($passwd); $ctx1->add($salt); $ctx1->add($passwd); -local $final = $ctx1->digest(); -for($pl=length($passwd); $pl>0; $pl-=16) { +my $final = $ctx1->digest(); +for(my $pl=length($passwd); $pl>0; $pl-=16) { $ctx->add($pl > 16 ? $final : substr($final, 0, $pl)); } # This piece of code seems rather pointless, but it's in the C code that # does MD5 in PAM so it has to go in! -local $j = 0; -local ($i, $l); -for($i=length($passwd); $i; $i >>= 1) { +my $j = 0; +for(my $i=length($passwd); $i; $i >>= 1) { if ($i & 1) { $ctx->add("\0"); } @@ -81,8 +83,8 @@ for($i=length($passwd); $i; $i >>= 1) { $final = $ctx->digest(); # This loop exists only to waste time -for($i=0; $i<1000; $i++) { - $ctx1 = eval "new $cls"; +for(my $i=0; $i<1000; $i++) { + my $ctx1 = eval "new $cls"; $ctx1->add($i & 1 ? $passwd : $final); $ctx1->add($salt) if ($i % 3); $ctx1->add($passwd) if ($i % 7); @@ -91,9 +93,9 @@ for($i=0; $i<1000; $i++) { } # Convert the 16-byte final string into a readable form -local $rv = $magic.$salt.'$'; -local @final = map { ord($_) } split(//, $final); -$l = ($final[ 0]<<16) + ($final[ 6]<<8) + $final[12]; +my $rv = $magic.$salt.'$'; +my @final = map { ord($_) } split(//, $final); +my $l = ($final[ 0]<<16) + ($final[ 6]<<8) + $final[12]; $rv .= &to64($l, 4); $l = ($final[ 1]<<16) + ($final[ 7]<<8) + $final[13]; $rv .= &to64($l, 4); @@ -118,11 +120,12 @@ my $newhash = eval { crypt('test', $hash) }; return $newhash eq $hash; } -@itoa64 = split(//, "./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz"); +our @itoa64 = split(//, "./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz"); + sub to64 { -local ($v, $n) = @_; -local $r; +my ($v, $n) = @_; +my $r = ""; while(--$n >= 0) { $r .= $itoa64[$v & 0x3f]; $v >>= 6; @@ -140,8 +143,8 @@ return $@ ? "Digest::SHA1" : undef; # Encrypts a password in SHA1 format sub encrypt_sha1 { -local $pass = $_[0]; -local $sh = eval "use Digest::SHA1 qw(sha1_base64);return sha1_base64(\$pass);"; +my ($pass) = @_; +my $sh = eval "use Digest::SHA1 qw(sha1_base64);return sha1_base64(\$pass);"; return "{SHA}$sh="; } @@ -149,7 +152,7 @@ return "{SHA}$sh="; # Hashes a combined salt+password with SHA1, and returns it in hex. Used on OSX sub encrypt_sha1_hash { -local ($pass, $salt) = @_; +my ($pass, $salt) = @_; # XXX not done yet?? } @@ -165,8 +168,8 @@ return $@ ? "Crypt::Eksblowfish::Bcrypt" : undef; # Returns a string encrypted in blowfish format, suitable for /etc/shadow sub encrypt_blowfish { -local ($passwd, $salt) = @_; -local ($plain, $base64); +my ($passwd, $salt) = @_; +my ($plain, $base64) = ("", ""); eval "use Crypt::Eksblowfish::Bcrypt"; if ($salt !~ /^\$2a\$/) { # Invalid salt for Blowfish @@ -205,7 +208,7 @@ return &unix_crypt_supports_sha512() ? undef : 'Crypt::SHA'; # Hashes a password, possibly with the give salt, with SHA512 sub encrypt_sha512 { -local ($passwd, $salt) = @_; +my ($passwd, $salt) = @_; $salt ||= '$6$'.substr(time(), -8).'$'; return crypt($passwd, $salt); } @@ -215,10 +218,10 @@ return crypt($passwd, $salt); # 0 otherwise. Tries all supported hashing schemes. sub validate_password { -local ($passwd, $hash) = @_; +my ($passwd, $hash) = @_; # Classic Unix crypt -local $chash = eval { +my $chash = eval { local $main::error_must_die = 1; &unix_crypt($passwd, $hash); }; @@ -226,24 +229,24 @@ return 1 if ($chash eq $hash); # MD5 if (!&check_md5()) { - local $mhash = &encrypt_md5($passwd, $hash); + my $mhash = &encrypt_md5($passwd, $hash); return 1 if ($mhash eq $hash); } # Blowfish if (!&check_blowfish()) { - local $mhash = &encrypt_blowfish($passwd, $hash); + my $mhash = &encrypt_blowfish($passwd, $hash); return 1 if ($mhash eq $hash); } # SHA1 if (!&check_sha512()) { - local $shash = &encrypt_sha512($passwd, $hash); + my $shash = &encrypt_sha512($passwd, $hash); return 1 if ($shash eq $hash); } # Some other hashing, maybe supported by crypt -local $ohash = eval { crypt($passwd, $hash) }; +my $ohash = eval { crypt($passwd, $hash) }; return 1 if ($ohash eq $hash); return 0; @@ -269,8 +272,9 @@ else { } foreach my $f (@files) { my $found = 0; - &open_readfile(WORDS, $f); - while() { + my $fh = "WORDS"; + &open_readfile($fh, $f); + while(<$fh>) { s/#.*//; s/\s//; if (lc($_) eq $word) { @@ -278,7 +282,7 @@ foreach my $f (@files) { last; } } - close(WORDS); + close($fh); return 1 if ($found); } return 0;