===================================================================
RCS file: /cvs2/dgamelaunch-openbsd/dgamelaunch.c,v
retrieving revision 1.2
retrieving revision 1.7
diff -u -p -r1.2 -r1.7
--- dgamelaunch-openbsd/dgamelaunch.c	2021/03/09 14:48:42	1.2
+++ dgamelaunch-openbsd/dgamelaunch.c	2021/04/02 10:52:15	1.7
@@ -1,5 +1,6 @@
 /* dgamelaunch.c
  *
+ * (c)2021 Rubén Llorente <porting@use.startmail.com>
  * (c)2001-4 M. Drew Streib <dtype@dtype.org>
  * also parts (c) 2003-4 Joshua Kwan <joshk@triplehelix.org>,
  * Brett Carrington <brettcar@segvio.org>,
@@ -1559,7 +1560,7 @@ changepw (int dowrite)
 #if defined(__OpenBSD__)
   me->password = (char *) malloc((_PASSWORD_LEN+1)*sizeof(char)); 
  if ( crypt_newhash(buf, "blowfish,12", me->password, _PASSWORD_LEN) != 0)
-  graceful_exit(1);
+  graceful_exit(300);
 #else
   me->password = strdup (crypt (buf, buf));
 #endif
@@ -2162,6 +2163,11 @@ readfile (int nolock)
       b = n;
 
       /* pw field */
+      /* OpenBSD's implementation stores the password in hashed form.
+       * crypt_checkpass takes care of validating the hashing so we
+       * don't have to ensure the password field has a valid length */ 
+
+#ifndef(__OpenBSD__)
       while (*b != ':')
         {
           users[f_num]->password[(b - n)] = *b;
@@ -2171,6 +2177,7 @@ readfile (int nolock)
             graceful_exit (102);
 	  }
         }
+#endif
 
       /* advance to next field */
       n = b + 1;
@@ -2864,6 +2871,8 @@ main (int argc, char** argv)
 	  graceful_exit (3);
 	}
 
+
+
       /* shed privs. this is done immediately after chroot. */
       if (setgroups (1, &globalconfig.shed_gid) == -1)
 	{
@@ -2882,6 +2891,16 @@ main (int argc, char** argv)
 	  perror ("setuid");
 	  graceful_exit (6);
 	}
+
+#if defined(__OpenBSD__)
+      if ( pledge("stdio rpath wpath cpath fattr flock "
+	  "tty proc exec ps", NULL )==-1 )
+        {
+	  perror("pledge");
+	  graceful_exit (301);
+	}
+#endif
+
     }
 
   if (globalconfig.locale) {