Xref: utzoo sci.crypt:4417 comp.unix.xenix.sco:2101 comp.unix.sysv386:6577
Path: utzoo!utgpu!news-server.csri.toronto.edu!rpi!zaphod.mps.ohio-state.edu!sdd.hp.com!elroy.jpl.nasa.gov!decwrl!deccrl!bloom-beacon!eru!hagbard!sunic!mcsun!ukc!tcdcs!dce.ie!em
From: em@dce.ie (Eamonn McManus)
Newsgroups: sci.crypt,comp.unix.xenix.sco,comp.unix.sysv386
Subject: Re: New Login: need crypt
Message-ID: <bigpryct@dce.ie>
Date: 2 Apr 91 21:52:30 GMT
References: <1991Mar27.082707.17385@logixwi.uucp>
Followup-To: comp.unix.sysv386
Organization: Datacode Communications Ltd, Dublin, Ireland
Lines: 49

I have cut down the crossposting and directed followups to
comp.unix.sysv386.

jpm@logixwi.uucp (Jan-Piet Mens @ Logix GmbH, Wiesbaden) writes:
>I am writing a new login which should have a few extras (any ideas ?) for
>an SCO UNIX 3.2.2 machine.
>Apart from the set_auth* stuff which I have found (omegod :-), there is a 
>crypt(3) routine in the shared library libc_s that only returns 13 
>characters of encrypted password.
>SCO UNIX though, allows (and has) passwords with more than 13 encrypted 
>characterns in the security database /tcb/files/auth/?/*.

There is an undocumented routine called bigcrypt() which is called in
essentially the same way as crypt().  It produces the same result as
crypt() for short passwords (<= 8 plaintext characters); for longer
passwords it apparently crypts each block of eight characters separately
and concatenates the results.  Here is a relevant excerpt from my
replacement SCO su:

  ...
  #if SecureWare
  #include <sys/security.h>
  #include <prot.h>
  #endif
  ...
	  char *pass, *crpass, *realpass;
  #if SecureWare
	  struct pr_passwd *ugh;
	  int origumask;
  #endif
  ...
	  origumask = umask(0); (void) umask(origumask);
	  set_auth_parameters(argc, argv);
	  /* OBNOXIOUS MISFEATURE: above call sets the umask to 077.  If I want
	     the umask to be changed, I'll ASK for it to be changed.  Grrr.  */
	  (void) umask(origumask);
	  if ((ugh = getprpwnam(user)) == NULL)
	      crash("get protected password", user);
	  if ((pass = getpasswd("Password:", AUTH_MAX_PASSWD_LENGTH)) == NULL)
	      crash("getpasswd", user);
	  /* Use the undocumented bigcrypt() routine which crypts a password
	     in pieces if it is longer than 8 characters. */
	  if ((crpass = bigcrypt(pass, ugh->ufld.fd_encrypt)) == NULL)
	      crash("crypt", user);
	      /* I don't think crypt can fail, but may as well test. */
  ...

,
Eamonn