shadow-4.0.13-crypt_blowfish-1.patch

Bradley Worley geekysuavo at gmail.com
Mon Oct 24 13:39:33 PDT 2005


Submitted By: Bradley Worley <geekysuavo at gmail dot com>
Date: 2005-10-24
Initial Package Version: 4.0.13
Upstream Status: Not submitted
Origin: http://www.linuxfromscratch.org/patches/downloads/shadow/\
			shadow-4.0.7-crypt_blowfish-1.patch
Description: Adds blowfish passwords to shadow. This depends on a blowfish
library. See:
http://www.openwall.com/crypt/
or
http://ftp.suse.com/pub/people/kukuk/pam/libxcrypt/

If you use libxcrypt you need to do:
sed -e 's/lcrypt/lxcrypt/g' -i configure

There's a hint for this patch here:
http://www.linuxfromscratch.org/hints/downloads/files/blowfish-passwords.txt

diff -c -r shadow-4.0.13/config.h.in shadow-4.0.13-1/config.h.in
*** shadow-4.0.13/config.h.in	2005-10-04 12:02:57.000000000 -0500
--- shadow-4.0.13-1/config.h.in	2005-10-24 19:00:23.000000000 -0500
***************
*** 7,12 ****
--- 7,15 ----
  /* Path for faillog file. */
  #undef FAILLOG_FILE

+ /* Defined if you have crypt blowfish.  */
+ #undef HAVE_CRYPT_GENSALT
+
  /* Define to the type of elements in the array set by `getgroups'. Usually
     this is either `int' or `gid_t'. */
  #undef GETGROUPS_T
***************
*** 299,304 ****
--- 302,310 ----
  /* Path to passwd program. */
  #undef PASSWD_PROGRAM

+ /* Where is /dev/urandom or a /dev/urandom-alike.  */
+ #undef RANDOM_FILE
+
  /* Define to 1 if the C compiler supports function prototypes. */
  #undef PROTOTYPES

diff -c -r shadow-4.0.13/configure shadow-4.0.13-1/configure
*** shadow-4.0.13/configure	2005-09-28 07:46:31.000000000 -0500
--- shadow-4.0.13-1/configure	2005-10-24 19:21:05.000000000 -0500
***************
*** 462,468 ****
  # include <unistd.h>
  #endif"

! ac_subst_vars='SHELL PATH_SEPARATOR PACKAGE_NAME PACKAGE_TARNAME
PACKAGE_VERSION PACKAGE_STRING PACKAGE_BUGREPORT exec_prefix prefix
program_transform_name bindir sbindir libexecdir datadir sysconfdir
sharedstatedir localstatedir libdir includedir oldincludedir infodir
mandir build_alias host_alias target_alias DEFS ECHO_C ECHO_N ECHO_T
LIBS INSTALL_PROGRAM INSTALL_SCRIPT INSTALL_DATA CYGPATH_W PACKAGE
VERSION ACLOCAL AUTOCONF AUTOMAKE AUTOHEADER MAKEINFO install_sh STRIP
ac_ct_STRIP INSTALL_STRIP_PROGRAM mkdir_p AWK SET_MAKE am__leading_dot
AMTAR am__tar am__untar MAINTAINER_MODE_TRUE MAINTAINER_MODE_FALSE
MAINT CC CFLAGS LDFLAGS CPPFLAGS ac_ct_CC EXEEXT OBJEXT DEPDIR
am__include am__quote AMDEP_TRUE AMDEP_FALSE AMDEPBACKSLASH CCDEPMODE
am__fastdepCC_TRUE am__fastdepCC_FALSE LN_S YACC CPP EGREP U ANSI2KNR
build build_cpu build_vendor build_os host host_cpu host_vendor
host_os ECHO AR ac_ct_AR RANLIB ac_ct_RANLIB CXX CXXFLAGS ac_ct_CXX
CXXDEPMODE am__fastdepCXX_TRUE am__fastdepCXX_FALSE CXXCPP F77 FFLAGS
ac_ct_F77 LIBTOOL LIBOBJS XSLTPROC XML_CATALOG_FILE XMLCATALOG
ENABLE_REGENERATE_MAN_TRUE ENABLE_REGENERATE_MAN_FALSE LIBCRYPT
LIBAUDIT LIBCRACK LIBSELINUX LIBPAM LIBSKEY LIBMD MKINSTALLDIRS
USE_NLS MSGFMT GMSGFMT XGETTEXT MSGMERGE INTL_MACOSX_LIBS LIBICONV
LTLIBICONV INTLLIBS LIBINTL LTLIBINTL POSUB LTLIBOBJS'
  ac_subst_files=''

  # Initialize some variables set by options.
--- 462,468 ----
  # include <unistd.h>
  #endif"

! ac_subst_vars='SHELL PATH_SEPARATOR PACKAGE_NAME PACKAGE_TARNAME
PACKAGE_VERSION PACKAGE_STRING PACKAGE_BUGREPORT exec_prefix prefix
program_transform_name bindir sbindir libexecdir datadir sysconfdir
sharedstatedir localstatedir libdir includedir oldincludedir infodir
mandir build_alias host_alias target_alias DEFS ECHO_C ECHO_N ECHO_T
LIBS INSTALL_PROGRAM INSTALL_SCRIPT INSTALL_DATA CYGPATH_W PACKAGE
VERSION ACLOCAL AUTOCONF AUTOMAKE AUTOHEADER MAKEINFO install_sh STRIP
ac_ct_STRIP INSTALL_STRIP_PROGRAM mkdir_p AWK SET_MAKE am__leading_dot
AMTAR am__tar am__untar MAINTAINER_MODE_TRUE MAINTAINER_MODE_FALSE
MAINT CC CFLAGS LDFLAGS CPPFLAGS ac_ct_CC EXEEXT OBJEXT DEPDIR
am__include am__quote AMDEP_TRUE AMDEP_FALSE AMDEPBACKSLASH CCDEPMODE
am__fastdepCC_TRUE am__fastdepCC_FALSE LN_S YACC CPP EGREP U ANSI2KNR
build build_cpu build_vendor build_os host host_cpu host_vendor
host_os ECHO AR ac_ct_AR RANLIB ac_ct_RANLIB CXX CXXFLAGS ac_ct_CXX
CXXDEPMODE am__fastdepCXX_TRUE am__fastdepCXX_FALSE CXXCPP F77 FFLAGS
ac_ct_F77 LIBTOOL LIBOBJS RANDOM_FILE LIBCRYPT LIBCRACK LIBSKEY LIBMD
LIBSELINUX LIBPAM MKINSTALLDIRS USE_NLS MSGFMT GMSGFMT XGETTEXT
MSGMERGE LIBICONV LTLIBICONV INTLLIBS LIBINTL LTLIBINTL POSUB
LTLIBOBJS'
  ac_subst_files=''

  # Initialize some variables set by options.
***************
*** 1052,1057 ****
--- 1052,1058 ----
    --with-libpam           use libpam for PAM support [default=yes if
                            found]
    --with-selinux          use SELinux support [default=autodetect]
+   --with-random=FILE	     read randomness from FILE (default=/dev/urandom)
    --with-skey             use S/Key support [default=no]
    --with-libcrack         use libcrack [default=yes if found and if PAM not
                            enabled]
***************
*** 4521,4527 ****
    ;;
  *-*-irix6*)
    # Find out which ABI we are using.
!   echo '#line 4524 "configure"' > conftest.$ac_ext
    if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
    (eval $ac_compile) 2>&5
    ac_status=$?
--- 4522,4528 ----
    ;;
  *-*-irix6*)
    # Find out which ABI we are using.
!   echo '#line 4514 "configure"' > conftest.$ac_ext
    if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
    (eval $ac_compile) 2>&5
    ac_status=$?
***************
*** 5627,5633 ****


  # Provide some information about the compiler.
! echo "$as_me:5630:" \
       "checking for Fortran 77 compiler version" >&5
  ac_compiler=`set X $ac_compile; echo $2`
  { (eval echo "$as_me:$LINENO: \"$ac_compiler --version </dev/null >&5\"") >&5
--- 5628,5634 ----


  # Provide some information about the compiler.
! echo "$as_me:5631:" \
       "checking for Fortran 77 compiler version" >&5
  ac_compiler=`set X $ac_compile; echo $2`
  { (eval echo "$as_me:$LINENO: \"$ac_compiler --version </dev/null >&5\"") >&5
***************
*** 23303,23308 ****
--- 23304,23350 ----
    with_libcrack=no
  fi;

+ # Check whether --with-random or --without-random was given.
+ if test "${with_random+set}" = set; then
+   withval="$with_random"
+    RANDOM_FILE="$withval"
+ else
+
+             echo "$as_me:$LINENO: checking for \"/dev/urandom\"" >&5
+ echo $ECHO_N "checking for \"/dev/urandom\"... $ECHO_C" >&6
+ if test "${ac_cv_file___dev_urandom_+set}" = set; then
+   echo $ECHO_N "(cached) $ECHO_C" >&6
+ else
+   test "$cross_compiling" = yes &&
+   { { echo "$as_me:$LINENO: error: cannot check for file existence
when cross compiling" >&5
+ echo "$as_me: error: cannot check for file existence when cross
compiling" >&2;}
+    { (exit 1); exit 1; }; }
+ if test -r ""/dev/urandom""; then
+   ac_cv_file___dev_urandom_=yes
+ else
+   ac_cv_file___dev_urandom_=no
+ fi
+ fi
+ echo "$as_me:$LINENO: result: $ac_cv_file___dev_urandom_" >&5
+ echo "${ECHO_T}$ac_cv_file___dev_urandom_" >&6
+ if test $ac_cv_file___dev_urandom_ = yes; then
+
+               RANDOM_FILE="/dev/urandom";
+
+
+ fi
+
+
+
+ fi;
+ if test -n "$RANDOM_FILE" ; then
+
+       cat >>confdefs.h <<_ACEOF
+ #define RANDOM_FILE "$RANDOM_FILE"
+ _ACEOF
+
+ fi
+

  echo "$as_me:$LINENO: checking for library containing inet_ntoa" >&5
  echo $ECHO_N "checking for library containing inet_ntoa... $ECHO_C" >&6
***************
*** 23929,23934 ****
--- 23971,24046 ----
     { (exit 1); exit 1; }; }
  fi

+ 	echo "$as_me:$LINENO: checking for crypt_gensalt in -lcrypt" >&5
+ echo $ECHO_N "checking for crypt_gensalt in -lcrypt... $ECHO_C" >&6
+ if test "${ac_cv_lib_crypt_crypt_gensalt+set}" = set; then
+   echo $ECHO_N "(cached) $ECHO_C" >&6
+ else
+   ac_check_lib_save_LIBS=$LIBS
+ LIBS="-lcrypt  $LIBS"
+ cat >conftest.$ac_ext <<_ACEOF
+ /* confdefs.h.  */
+ _ACEOF
+ cat confdefs.h >>conftest.$ac_ext
+ cat >>conftest.$ac_ext <<_ACEOF
+ /* end confdefs.h.  */
+
+ /* Override any gcc2 internal prototype to avoid an error.  */
+ #ifdef __cplusplus
+ extern "C"
+ #endif
+ /* We use char because int might match the return type of a gcc2
+    builtin and then its argument prototype would still apply.  */
+ char crypt_gensalt ();
+ int
+ main ()
+ {
+ crypt_gensalt ();
+   ;
+   return 0;
+ }
+ _ACEOF
+ rm -f conftest.$ac_objext conftest$ac_exeext
+ if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
+   (eval $ac_link) 2>conftest.er1
+   ac_status=$?
+   grep -v '^ *+' conftest.er1 >conftest.err
+   rm -f conftest.er1
+   cat conftest.err >&5
+   echo "$as_me:$LINENO: \$? = $ac_status" >&5
+   (exit $ac_status); } &&
+ 	 { ac_try='test -z "$ac_c_werror_flag"
+ 			 || test ! -s conftest.err'
+   { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+   (eval $ac_try) 2>&5
+   ac_status=$?
+   echo "$as_me:$LINENO: \$? = $ac_status" >&5
+   (exit $ac_status); }; } &&
+ 	 { ac_try='test -s conftest$ac_exeext'
+   { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+   (eval $ac_try) 2>&5
+   ac_status=$?
+   echo "$as_me:$LINENO: \$? = $ac_status" >&5
+   (exit $ac_status); }; }; then
+   ac_cv_lib_crypt_crypt_gensalt=yes
+ else
+   echo "$as_me: failed program was:" >&5
+ sed 's/^/| /' conftest.$ac_ext >&5
+
+ ac_cv_lib_crypt_crypt_gensalt=no
+ fi
+ rm -f conftest.err conftest.$ac_objext \
+       conftest$ac_exeext conftest.$ac_ext
+ LIBS=$ac_check_lib_save_LIBS
+ fi
+ echo "$as_me:$LINENO: result: $ac_cv_lib_crypt_crypt_gensalt" >&5
+ echo "${ECHO_T}$ac_cv_lib_crypt_crypt_gensalt" >&6
+ if test $ac_cv_lib_crypt_crypt_gensalt = yes; then
+   cat >>confdefs.h <<\_ACEOF
+ #define HAVE_CRYPT_GENSALT 1
+ _ACEOF
+
+ fi


  if test "$with_audit" = "yes"; then
***************
*** 27568,27573 ****
--- 27680,27686 ----
  s, at ac_ct_F77@,$ac_ct_F77,;t t
  s, at LIBTOOL@,$LIBTOOL,;t t
  s, at LIBOBJS@,$LIBOBJS,;t t
+ s, at RANDOM_FILE@,$RANDOM_FILE,;t t
  s, at XSLTPROC@,$XSLTPROC,;t t
  s, at XML_CATALOG_FILE@,$XML_CATALOG_FILE,;t t
  s, at XMLCATALOG@,$XMLCATALOG,;t t
diff -c -r shadow-4.0.13/etc/login.defs shadow-4.0.13-1/etc/login.defs
*** shadow-4.0.13/etc/login.defs	2005-09-01 14:57:45.000000000 -0500
--- shadow-4.0.13-1/etc/login.defs	2005-10-24 19:25:44.000000000 -0500
***************
*** 242,254 ****
  PASS_ALWAYS_WARN	yes

  #
- # Number of significant characters in the password for crypt().
- # Default is 8, don't change unless your crypt() is better.
- # Ignored if MD5_CRYPT_ENAB set to "yes".
- #
- #PASS_MAX_LEN		8
-
- #
  # Require password before chfn/chsh can make any changes.
  #
  CHFN_AUTH		yes
--- 242,247 ----
***************
*** 268,282 ****
  # to use the default which is just "Password: ".
  #LOGIN_STRING		"%s's Password: "

  #
! # Only works if compiled with MD5_CRYPT defined:
! # If set to "yes", new passwords will be encrypted using the MD5-based
! # algorithm compatible with the one used by recent releases of FreeBSD.
! # It supports passwords of unlimited length and longer salt strings.
! # Set to "no" if you need to copy encrypted passwords to other systems
! # which don't understand the new algorithm.  Default is "no".
  #
! #MD5_CRYPT_ENAB	no

  #
  # List of groups to add to the user's supplementary group set
--- 261,321 ----
  # to use the default which is just "Password: ".
  #LOGIN_STRING		"%s's Password: "

+ # Each password entry contains a prefix that specifies the hashing algorithm
+ # used to create the remaining characters/bytes. Use this setting to specify
+ # which hashing algorithm is used to create new passwords.
+ #
+ # The default here is to use the Blowfish-based algorithm, (which currently
+ # requires you to be running a patched version of glibc). To use the slightly
+ # more compatible MD5-based algorithm, you would set this to $1$. To be
+ # completely backwards compatible and use the traditional DES-based hashing,
+ # you should set this value to an empty string, but be warned, passwords using
+ # this algorithm offer very little security.
+ #
+ CRYPT_PREFIX	"$2a$"
+
+ # For hashing algorithms that can alter their complexity, use this setting to
+ # achieve a balance between the security of the password and
performance on the
+ # host system.
+ #
+ # This value is interpreted by each algorithm in specific ways. With the
+ # Blowfish algorithm, it specifies the number of rounds as a base-2 logarithm
+ # of the actual iteration count, so 12 actually refers to 2^12. Altering the
+ # value to 11 would therefore halve the number of iterations used to 2^11.
+ #
+ # Make sure that if you alter the above setting, this setting is also
+ # appropriate. For algorithms that have fixed iteration counts, or to
+ # enforce the use of a low default value, use a setting of 0.
+ #
+ CRYPT_ROUNDS	12
+
+ #
+ # All algorithms require varying amounts of random bytes known as salt. For
+ # example the DES-based algorithm requires only 12-bits, (1½ bytes), whereas
+ # the Blowfish-based algorithm requires 128-bits, (16 bytes).
+ #
+ # If an algorithm doesn't receive enough salt, more will be collected from
+ # /dev/urandom, a byte at a time until it's satisfied. If you know how much
+ # is enough to satisfy even the most hungry of algorithms locally available,
+ # setting it here will speed up the generation of passwords.
+ #
+ # A maximum is also provided to enforce an upper limit on this to prevent a
+ # wayward algorithm munching all the randomness unnecessarily.
+ #
+ CRYPT_MINSALT	16
+ CRYPT_MAXSALT	32
+
+ #
+ # Number of significant characters in the password for crypt(). MD5 can
+ # effectively cope with unlimited length passwords, but a limit of ~127 is
+ # reasonable. Blowfish can handle up to 72 characters, and the DES algorithm
+ # can only handle 8.
  #
! # This setting is used in some of the obscure checks, and also to inform the
! # user on how big their new password should be, so it should be set in
! # accordance to the choice of algorithm.
  #
! PASS_MAX_LEN	72

  #
  # List of groups to add to the user's supplementary group set
diff -c -r shadow-4.0.13/lib/getdef.c shadow-4.0.13-1/lib/getdef.c
*** shadow-4.0.13/lib/getdef.c	2005-08-31 12:24:56.000000000 -0500
--- shadow-4.0.13-1/lib/getdef.c	2005-10-24 19:28:37.000000000 -0500
***************
*** 51,56 ****
--- 51,62 ----
  	{"CONSOLE_GROUPS", NULL},
  	{"CONSOLE", NULL},
  	{"CREATE_HOME", NULL},
+ #ifdef HAVE_CRYPT_GENSALT
+ 	{ "CRYPT_MAXSALT",		NULL },
+ 	{ "CRYPT_MINSALT",		NULL },
+ 	{ "CRYPT_PREFIX",		NULL },
+ 	{ "CRYPT_ROUNDS",		NULL },
+ #endif /* HAVE_CRYPT_GENSALT */
  	{"DEFAULT_HOME", NULL},
  	{"ENV_PATH", NULL},
  	{"ENV_SUPATH", NULL},
***************
*** 94,100 ****
  	{"LOGIN_STRING", NULL},
  	{"MAIL_CHECK_ENAB", NULL},
  	{"MAIL_FILE", NULL},
! 	{"MD5_CRYPT_ENAB", NULL},
  	{"MOTD_FILE", NULL},
  	{"NOLOGINS_FILE", NULL},
  	{"OBSCURE_CHECKS_ENAB", NULL},
--- 100,108 ----
  	{"LOGIN_STRING", NULL},
  	{"MAIL_CHECK_ENAB", NULL},
  	{"MAIL_FILE", NULL},
! #ifndef HAVE_CRYPT_GENSALT
!  	{ "MD5_CRYPT_ENAB",		NULL },
! #endif /* ! HAVE_CRYPT_GENSALT */
  	{"MOTD_FILE", NULL},
  	{"NOLOGINS_FILE", NULL},
  	{"OBSCURE_CHECKS_ENAB", NULL},
diff -c -r shadow-4.0.13/libmisc/obscure.c shadow-4.0.13-1/libmisc/obscure.c
*** shadow-4.0.13/libmisc/obscure.c	2005-08-31 12:24:57.000000000 -0500
--- shadow-4.0.13-1/libmisc/obscure.c	2005-10-24 19:30:46.000000000 -0500
***************
*** 233,240 ****
--- 233,242 ----
  	   Example: "password$%^&*123".  So check it again, this time
  	   truncated to the maximum length.  Idea from npasswd.  --marekm */

+ #ifndef HAVE_CRYPT_GENSALT
  	if (getdef_bool ("MD5_CRYPT_ENAB"))
  		return NULL;	/* unlimited password length */
+ #endif

  	maxlen = getdef_num ("PASS_MAX_LEN", 8);
  	if (oldlen <= maxlen && newlen <= maxlen)
diff -c -r shadow-4.0.13/libmisc/salt.c shadow-4.0.13-1/libmisc/salt.c
*** shadow-4.0.13/libmisc/salt.c	2005-08-31 12:24:58.000000000 -0500
--- shadow-4.0.13-1/libmisc/salt.c	2005-10-24 19:44:23.000000000 -0500
***************
*** 3,15 ****
--- 3,108 ----
   *
   * Written by Marek Michalkiewicz <marekm at i17linuxb.ists.pwr.wroc.pl>,
   * public domain.
+  *
+  * Broken by Matt Dainty <madmatt at bits.bris.ac.uk>
   */

+ #define _OW_SOURCE
+
  #include <config.h>

  #ident "$Id: salt.c,v 1.10 2005/08/31 17:24:58 kloczek Exp $"

  #include <sys/time.h>
+ #ifdef HAVE_CRYPT_GENSALT
+ #include <errno.h>
+ #include <sys/types.h>
+ #include <sys/stat.h>
+ #include <fcntl.h>
+ #include <crypt.h>
+ #include "getdef.h"
+
+ /* Soopa-doopa salt generation function. There isn't anything algorithm
+  * specific in here, although it does require the Openwall-patched glibc to
+  * provide the crypt_gensalt() function, as well as make use of Blowfish-based
+  * hashing.
+  *
+  * All parameters can be customised from the /etc/login.defs file
+  *
+  * Written by Matt Dainty <madmatt at bits.bris.ac.uk>
+  */
+ char *
+ crypt_make_salt(void)
+ {
+ 	char *result, *salt;
+ 	int fd, offset, minsalt, maxsalt, count;
+
+ 	minsalt = getdef_num( "CRYPT_MINSALT", 16 );
+ 	maxsalt = getdef_num( "CRYPT_MAXSALT", 32 );
+
+ 	if( minsalt > maxsalt ) {
+ 		fprintf( stderr, "Check the CRYPT_MINSALT and CRYPT_MAXSALT settings!\n" );
+ 		exit(1);
+ 	}
+
+ 	if( ( salt = ( char * ) malloc( maxsalt ) ) == NULL ) {
+ 		fprintf( stderr, "Can't allocate %d bytes of memory\n", maxsalt );
+ 		exit(1);
+ 	}
+
+ 	if( ( fd = open( RANDOM_FILE, O_RDONLY ) ) < 0 ) {
+ 		fprintf( stderr, "Can't open %s for reading\n", RANDOM_FILE );
+ 		free( salt );
+ 		exit(1);
+ 	}
+
+ 	offset = 0;
+ 	result = NULL;
+
+ 	while( !result ) {
+ 		while( offset < minsalt ) {
+ 			count = read( fd, &salt[offset], minsalt - offset );
+ 			if( count <= 0 ) {
+ 				if( errno == EINTR )
+ 					continue;
+ 				goto finish;
+ 			}
+ 			offset += count;
+ 		}
+ 		result = crypt_gensalt( getdef_str( "CRYPT_PREFIX" ),
+ 					getdef_num( "CRYPT_ROUNDS", 0 ),
+ 					salt, minsalt );
+
+ 		if( !result && errno == EINVAL ) {
+ 			if( minsalt < maxsalt ) {
+ 				minsalt++;
+ 			} else {
+ 				fprintf( stderr, "CRYPT_PREFIX or CRYPT_ROUNDS is set incorrectly\n" );
+ 				goto finish;
+ 			}
+ 		}
+ 	}
+
+ finish:
+ 	if( salt )
+ 		free( salt );
+ 	if( fd )
+ 		close( fd );
+
+ 	/* XXX	If we return the salt string as NULL, crypt will currently
+ 	 * 	segfault, so if have we a NULL salt string, exit here.
+ 	 * 	Otherwise, every invocation of crypt_make_salt() will have to
+ 	 * 	check for a NULL return value.
+ 	 *
+ 	 * 	This way, I don't muck up any more code! :-)
+ 	 */
+ 	if( result )
+ 		return result;
+
+ 	exit(1);
+ }
+ #elif 1 /* HAVE_CRYPT_GENSALT */
+
  #include <stdlib.h>
  #include "prototypes.h"
  #include "defines.h"
***************
*** 44,46 ****
--- 137,140 ----

  	return result;
  }
+ #endif
\ No newline at end of file
diff -c -r shadow-4.0.13/src/passwd.c shadow-4.0.13-1/src/passwd.c
*** shadow-4.0.13/src/passwd.c	2005-09-15 11:44:13.000000000 -0500
--- shadow-4.0.13-1/src/passwd.c	2005-10-24 19:36:20.000000000 -0500
***************
*** 236,244 ****
--- 236,246 ----
  	 * for strength, unless it is the root user. This provides an escape
  	 * for initial login passwords.
  	 */
+ #ifndef HAVE_CRYPT_GENSALT
  	if (getdef_bool ("MD5_CRYPT_ENAB"))
  		pass_max_len = 127;
  	else
+ #endif
  		pass_max_len = getdef_num ("PASS_MAX_LEN", 8);

  	if (!qflg)



More information about the hlfs-dev mailing list