shadow-4.0.13-crypt_blowfish-1.patch

Brad Worley geekysuavo at gmail.com
Wed Oct 26 17:45:24 PDT 2005


Just by the way, if anyone was wondering, this patch is an updated patch of the blowfish-encrypted passwords hint by Robert Connolly, so you can use blowfish-encrypted passwords with Shadow-4.0.13. (which is what HLFS-SVN-20051023 uses, the latest as of right now).  Sorry if I was supposed to go through some patch certification channel or something official like that, but I got carried away.  Have at.

 ~ brad.

>Submitted By: Bradley Worley <geekysuavo at gmail dot com>
>Date: 2005-10-24
>Initial Package Version: 4.0.13
>Upstream Status: Not submitted
>Origin: http://www.linuxfromscratch.org/patches/downloads/shadow/\
>			shadow-4.0.7-crypt_blowfish-1.patch
>Description: Adds blowfish passwords to shadow. This depends on a blowfish
>library. See:
>http://www.openwall.com/crypt/
>or
>http://ftp.suse.com/pub/people/kukuk/pam/libxcrypt/
>
>If you use libxcrypt you need to do:
>sed -e 's/lcrypt/lxcrypt/g' -i configure
>
>There's a hint for this patch here:
>http://www.linuxfromscratch.org/hints/downloads/files/blowfish-passwords.txt
>
>diff -c -r shadow-4.0.13/config.h.in shadow-4.0.13-1/config.h.in
>*** shadow-4.0.13/config.h.in	2005-10-04 12:02:57.000000000 -0500
>--- shadow-4.0.13-1/config.h.in	2005-10-24 19:00:23.000000000 -0500
>***************
>*** 7,12 ****
>--- 7,15 ----
>  /* Path for faillog file. */
>  #undef FAILLOG_FILE
>
>+ /* Defined if you have crypt blowfish.  */
>+ #undef HAVE_CRYPT_GENSALT
>+
>  /* Define to the type of elements in the array set by `getgroups'. Usually
>     this is either `int' or `gid_t'. */
>  #undef GETGROUPS_T
>***************
>*** 299,304 ****
>--- 302,310 ----
>  /* Path to passwd program. */
>  #undef PASSWD_PROGRAM
>
>+ /* Where is /dev/urandom or a /dev/urandom-alike.  */
>+ #undef RANDOM_FILE
>+
>  /* Define to 1 if the C compiler supports function prototypes. */
>  #undef PROTOTYPES
>
>diff -c -r shadow-4.0.13/configure shadow-4.0.13-1/configure
>*** shadow-4.0.13/configure	2005-09-28 07:46:31.000000000 -0500
>--- shadow-4.0.13-1/configure	2005-10-24 19:21:05.000000000 -0500
>***************
>*** 462,468 ****
>  # include <unistd.h>
>  #endif"
>
>! ac_subst_vars='SHELL PATH_SEPARATOR PACKAGE_NAME PACKAGE_TARNAME
>PACKAGE_VERSION PACKAGE_STRING PACKAGE_BUGREPORT exec_prefix prefix
>program_transform_name bindir sbindir libexecdir datadir sysconfdir
>sharedstatedir localstatedir libdir includedir oldincludedir infodir
>mandir build_alias host_alias target_alias DEFS ECHO_C ECHO_N ECHO_T
>LIBS INSTALL_PROGRAM INSTALL_SCRIPT INSTALL_DATA CYGPATH_W PACKAGE
>VERSION ACLOCAL AUTOCONF AUTOMAKE AUTOHEADER MAKEINFO install_sh STRIP
>ac_ct_STRIP INSTALL_STRIP_PROGRAM mkdir_p AWK SET_MAKE am__leading_dot
>AMTAR am__tar am__untar MAINTAINER_MODE_TRUE MAINTAINER_MODE_FALSE
>MAINT CC CFLAGS LDFLAGS CPPFLAGS ac_ct_CC EXEEXT OBJEXT DEPDIR
>am__include am__quote AMDEP_TRUE AMDEP_FALSE AMDEPBACKSLASH CCDEPMODE
>am__fastdepCC_TRUE am__fastdepCC_FALSE LN_S YACC CPP EGREP U ANSI2KNR
>build build_cpu build_vendor build_os host host_cpu host_vendor
>host_os ECHO AR ac_ct_AR RANLIB ac_ct_RANLIB CXX CXXFLAGS ac_ct_CXX
>CXXDEPMODE am__fastdepCXX_TRUE am__fastdepCXX_FALSE CXXCPP F77 FFLAGS
>ac_ct_F77 LIBTOOL LIBOBJS XSLTPROC XML_CATALOG_FILE XMLCATALOG
>ENABLE_REGENERATE_MAN_TRUE ENABLE_REGENERATE_MAN_FALSE LIBCRYPT
>LIBAUDIT LIBCRACK LIBSELINUX LIBPAM LIBSKEY LIBMD MKINSTALLDIRS
>USE_NLS MSGFMT GMSGFMT XGETTEXT MSGMERGE INTL_MACOSX_LIBS LIBICONV
>LTLIBICONV INTLLIBS LIBINTL LTLIBINTL POSUB LTLIBOBJS'
>  ac_subst_files=''
>
>  # Initialize some variables set by options.
>--- 462,468 ----
>  # include <unistd.h>
>  #endif"
>
>! ac_subst_vars='SHELL PATH_SEPARATOR PACKAGE_NAME PACKAGE_TARNAME
>PACKAGE_VERSION PACKAGE_STRING PACKAGE_BUGREPORT exec_prefix prefix
>program_transform_name bindir sbindir libexecdir datadir sysconfdir
>sharedstatedir localstatedir libdir includedir oldincludedir infodir
>mandir build_alias host_alias target_alias DEFS ECHO_C ECHO_N ECHO_T
>LIBS INSTALL_PROGRAM INSTALL_SCRIPT INSTALL_DATA CYGPATH_W PACKAGE
>VERSION ACLOCAL AUTOCONF AUTOMAKE AUTOHEADER MAKEINFO install_sh STRIP
>ac_ct_STRIP INSTALL_STRIP_PROGRAM mkdir_p AWK SET_MAKE am__leading_dot
>AMTAR am__tar am__untar MAINTAINER_MODE_TRUE MAINTAINER_MODE_FALSE
>MAINT CC CFLAGS LDFLAGS CPPFLAGS ac_ct_CC EXEEXT OBJEXT DEPDIR
>am__include am__quote AMDEP_TRUE AMDEP_FALSE AMDEPBACKSLASH CCDEPMODE
>am__fastdepCC_TRUE am__fastdepCC_FALSE LN_S YACC CPP EGREP U ANSI2KNR
>build build_cpu build_vendor build_os host host_cpu host_vendor
>host_os ECHO AR ac_ct_AR RANLIB ac_ct_RANLIB CXX CXXFLAGS ac_ct_CXX
>CXXDEPMODE am__fastdepCXX_TRUE am__fastdepCXX_FALSE CXXCPP F77 FFLAGS
>ac_ct_F77 LIBTOOL LIBOBJS RANDOM_FILE LIBCRYPT LIBCRACK LIBSKEY LIBMD
>LIBSELINUX LIBPAM MKINSTALLDIRS USE_NLS MSGFMT GMSGFMT XGETTEXT
>MSGMERGE LIBICONV LTLIBICONV INTLLIBS LIBINTL LTLIBINTL POSUB
>LTLIBOBJS'
>  ac_subst_files=''
>
>  # Initialize some variables set by options.
>***************
>*** 1052,1057 ****
>--- 1052,1058 ----
>    --with-libpam           use libpam for PAM support [default=yes if
>                            found]
>    --with-selinux          use SELinux support [default=autodetect]
>+   --with-random=FILE	     read randomness from FILE (default=/dev/urandom)
>    --with-skey             use S/Key support [default=no]
>    --with-libcrack         use libcrack [default=yes if found and if PAM not
>                            enabled]
>***************
>*** 4521,4527 ****
>    ;;
>  *-*-irix6*)
>    # Find out which ABI we are using.
>!   echo '#line 4524 "configure"' > conftest.$ac_ext
>    if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
>    (eval $ac_compile) 2>&5
>    ac_status=$?
>--- 4522,4528 ----
>    ;;
>  *-*-irix6*)
>    # Find out which ABI we are using.
>!   echo '#line 4514 "configure"' > conftest.$ac_ext
>    if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
>    (eval $ac_compile) 2>&5
>    ac_status=$?
>***************
>*** 5627,5633 ****
>
>
>  # Provide some information about the compiler.
>! echo "$as_me:5630:" \
>       "checking for Fortran 77 compiler version" >&5
>  ac_compiler=`set X $ac_compile; echo $2`
>  { (eval echo "$as_me:$LINENO: \"$ac_compiler --version </dev/null >&5\"") >&5
>--- 5628,5634 ----
>
>
>  # Provide some information about the compiler.
>! echo "$as_me:5631:" \
>       "checking for Fortran 77 compiler version" >&5
>  ac_compiler=`set X $ac_compile; echo $2`
>  { (eval echo "$as_me:$LINENO: \"$ac_compiler --version </dev/null >&5\"") >&5
>***************
>*** 23303,23308 ****
>--- 23304,23350 ----
>    with_libcrack=no
>  fi;
>
>+ # Check whether --with-random or --without-random was given.
>+ if test "${with_random+set}" = set; then
>+   withval="$with_random"
>+    RANDOM_FILE="$withval"
>+ else
>+
>+             echo "$as_me:$LINENO: checking for \"/dev/urandom\"" >&5
>+ echo $ECHO_N "checking for \"/dev/urandom\"... $ECHO_C" >&6
>+ if test "${ac_cv_file___dev_urandom_+set}" = set; then
>+   echo $ECHO_N "(cached) $ECHO_C" >&6
>+ else
>+   test "$cross_compiling" = yes &&
>+   { { echo "$as_me:$LINENO: error: cannot check for file existence
>when cross compiling" >&5
>+ echo "$as_me: error: cannot check for file existence when cross
>compiling" >&2;}
>+    { (exit 1); exit 1; }; }
>+ if test -r ""/dev/urandom""; then
>+   ac_cv_file___dev_urandom_=yes
>+ else
>+   ac_cv_file___dev_urandom_=no
>+ fi
>+ fi
>+ echo "$as_me:$LINENO: result: $ac_cv_file___dev_urandom_" >&5
>+ echo "${ECHO_T}$ac_cv_file___dev_urandom_" >&6
>+ if test $ac_cv_file___dev_urandom_ = yes; then
>+
>+               RANDOM_FILE="/dev/urandom";
>+
>+
>+ fi
>+
>+
>+
>+ fi;
>+ if test -n "$RANDOM_FILE" ; then
>+
>+       cat >>confdefs.h <<_ACEOF
>+ #define RANDOM_FILE "$RANDOM_FILE"
>+ _ACEOF
>+
>+ fi
>+
>
>  echo "$as_me:$LINENO: checking for library containing inet_ntoa" >&5
>  echo $ECHO_N "checking for library containing inet_ntoa... $ECHO_C" >&6
>***************
>*** 23929,23934 ****
>--- 23971,24046 ----
>     { (exit 1); exit 1; }; }
>  fi
>
>+ 	echo "$as_me:$LINENO: checking for crypt_gensalt in -lcrypt" >&5
>+ echo $ECHO_N "checking for crypt_gensalt in -lcrypt... $ECHO_C" >&6
>+ if test "${ac_cv_lib_crypt_crypt_gensalt+set}" = set; then
>+   echo $ECHO_N "(cached) $ECHO_C" >&6
>+ else
>+   ac_check_lib_save_LIBS=$LIBS
>+ LIBS="-lcrypt  $LIBS"
>+ cat >conftest.$ac_ext <<_ACEOF
>+ /* confdefs.h.  */
>+ _ACEOF
>+ cat confdefs.h >>conftest.$ac_ext
>+ cat >>conftest.$ac_ext <<_ACEOF
>+ /* end confdefs.h.  */
>+
>+ /* Override any gcc2 internal prototype to avoid an error.  */
>+ #ifdef __cplusplus
>+ extern "C"
>+ #endif
>+ /* We use char because int might match the return type of a gcc2
>+    builtin and then its argument prototype would still apply.  */
>+ char crypt_gensalt ();
>+ int
>+ main ()
>+ {
>+ crypt_gensalt ();
>+   ;
>+   return 0;
>+ }
>+ _ACEOF
>+ rm -f conftest.$ac_objext conftest$ac_exeext
>+ if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
>+   (eval $ac_link) 2>conftest.er1
>+   ac_status=$?
>+   grep -v '^ *+' conftest.er1 >conftest.err
>+   rm -f conftest.er1
>+   cat conftest.err >&5
>+   echo "$as_me:$LINENO: \$? = $ac_status" >&5
>+   (exit $ac_status); } &&
>+ 	 { ac_try='test -z "$ac_c_werror_flag"
>+ 			 || test ! -s conftest.err'
>+   { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
>+   (eval $ac_try) 2>&5
>+   ac_status=$?
>+   echo "$as_me:$LINENO: \$? = $ac_status" >&5
>+   (exit $ac_status); }; } &&
>+ 	 { ac_try='test -s conftest$ac_exeext'
>+   { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
>+   (eval $ac_try) 2>&5
>+   ac_status=$?
>+   echo "$as_me:$LINENO: \$? = $ac_status" >&5
>+   (exit $ac_status); }; }; then
>+   ac_cv_lib_crypt_crypt_gensalt=yes
>+ else
>+   echo "$as_me: failed program was:" >&5
>+ sed 's/^/| /' conftest.$ac_ext >&5
>+
>+ ac_cv_lib_crypt_crypt_gensalt=no
>+ fi
>+ rm -f conftest.err conftest.$ac_objext \
>+       conftest$ac_exeext conftest.$ac_ext
>+ LIBS=$ac_check_lib_save_LIBS
>+ fi
>+ echo "$as_me:$LINENO: result: $ac_cv_lib_crypt_crypt_gensalt" >&5
>+ echo "${ECHO_T}$ac_cv_lib_crypt_crypt_gensalt" >&6
>+ if test $ac_cv_lib_crypt_crypt_gensalt = yes; then
>+   cat >>confdefs.h <<\_ACEOF
>+ #define HAVE_CRYPT_GENSALT 1
>+ _ACEOF
>+
>+ fi
>
>
>  if test "$with_audit" = "yes"; then
>***************
>*** 27568,27573 ****
>--- 27680,27686 ----
>  s, at ac_ct_F77@,$ac_ct_F77,;t t
>  s, at LIBTOOL@,$LIBTOOL,;t t
>  s, at LIBOBJS@,$LIBOBJS,;t t
>+ s, at RANDOM_FILE@,$RANDOM_FILE,;t t
>  s, at XSLTPROC@,$XSLTPROC,;t t
>  s, at XML_CATALOG_FILE@,$XML_CATALOG_FILE,;t t
>  s, at XMLCATALOG@,$XMLCATALOG,;t t
>diff -c -r shadow-4.0.13/etc/login.defs shadow-4.0.13-1/etc/login.defs
>*** shadow-4.0.13/etc/login.defs	2005-09-01 14:57:45.000000000 -0500
>--- shadow-4.0.13-1/etc/login.defs	2005-10-24 19:25:44.000000000 -0500
>***************
>*** 242,254 ****
>  PASS_ALWAYS_WARN	yes
>
>  #
>- # Number of significant characters in the password for crypt().
>- # Default is 8, don't change unless your crypt() is better.
>- # Ignored if MD5_CRYPT_ENAB set to "yes".
>- #
>- #PASS_MAX_LEN		8
>-
>- #
>  # Require password before chfn/chsh can make any changes.
>  #
>  CHFN_AUTH		yes
>--- 242,247 ----
>***************
>*** 268,282 ****
>  # to use the default which is just "Password: ".
>  #LOGIN_STRING		"%s's Password: "
>
>  #
>! # Only works if compiled with MD5_CRYPT defined:
>! # If set to "yes", new passwords will be encrypted using the MD5-based
>! # algorithm compatible with the one used by recent releases of FreeBSD.
>! # It supports passwords of unlimited length and longer salt strings.
>! # Set to "no" if you need to copy encrypted passwords to other systems
>! # which don't understand the new algorithm.  Default is "no".
>  #
>! #MD5_CRYPT_ENAB	no
>
>  #
>  # List of groups to add to the user's supplementary group set
>--- 261,321 ----
>  # to use the default which is just "Password: ".
>  #LOGIN_STRING		"%s's Password: "
>
>+ # Each password entry contains a prefix that specifies the hashing algorithm
>+ # used to create the remaining characters/bytes. Use this setting to specify
>+ # which hashing algorithm is used to create new passwords.
>+ #
>+ # The default here is to use the Blowfish-based algorithm, (which currently
>+ # requires you to be running a patched version of glibc). To use the slightly
>+ # more compatible MD5-based algorithm, you would set this to $1$. To be
>+ # completely backwards compatible and use the traditional DES-based hashing,
>+ # you should set this value to an empty string, but be warned, passwords using
>+ # this algorithm offer very little security.
>+ #
>+ CRYPT_PREFIX	"$2a$"
>+
>+ # For hashing algorithms that can alter their complexity, use this setting to
>+ # achieve a balance between the security of the password and
>performance on the
>+ # host system.
>+ #
>+ # This value is interpreted by each algorithm in specific ways. With the
>+ # Blowfish algorithm, it specifies the number of rounds as a base-2 logarithm
>+ # of the actual iteration count, so 12 actually refers to 2^12. Altering the
>+ # value to 11 would therefore halve the number of iterations used to 2^11.
>+ #
>+ # Make sure that if you alter the above setting, this setting is also
>+ # appropriate. For algorithms that have fixed iteration counts, or to
>+ # enforce the use of a low default value, use a setting of 0.
>+ #
>+ CRYPT_ROUNDS	12
>+
>+ #
>+ # All algorithms require varying amounts of random bytes known as salt. For
>+ # example the DES-based algorithm requires only 12-bits, (1½ bytes), whereas
>+ # the Blowfish-based algorithm requires 128-bits, (16 bytes).
>+ #
>+ # If an algorithm doesn't receive enough salt, more will be collected from
>+ # /dev/urandom, a byte at a time until it's satisfied. If you know how much
>+ # is enough to satisfy even the most hungry of algorithms locally available,
>+ # setting it here will speed up the generation of passwords.
>+ #
>+ # A maximum is also provided to enforce an upper limit on this to prevent a
>+ # wayward algorithm munching all the randomness unnecessarily.
>+ #
>+ CRYPT_MINSALT	16
>+ CRYPT_MAXSALT	32
>+
>+ #
>+ # Number of significant characters in the password for crypt(). MD5 can
>+ # effectively cope with unlimited length passwords, but a limit of ~127 is
>+ # reasonable. Blowfish can handle up to 72 characters, and the DES algorithm
>+ # can only handle 8.
>  #
>! # This setting is used in some of the obscure checks, and also to inform the
>! # user on how big their new password should be, so it should be set in
>! # accordance to the choice of algorithm.
>  #
>! PASS_MAX_LEN	72
>
>  #
>  # List of groups to add to the user's supplementary group set
>diff -c -r shadow-4.0.13/lib/getdef.c shadow-4.0.13-1/lib/getdef.c
>*** shadow-4.0.13/lib/getdef.c	2005-08-31 12:24:56.000000000 -0500
>--- shadow-4.0.13-1/lib/getdef.c	2005-10-24 19:28:37.000000000 -0500
>***************
>*** 51,56 ****
>--- 51,62 ----
>  	{"CONSOLE_GROUPS", NULL},
>  	{"CONSOLE", NULL},
>  	{"CREATE_HOME", NULL},
>+ #ifdef HAVE_CRYPT_GENSALT
>+ 	{ "CRYPT_MAXSALT",		NULL },
>+ 	{ "CRYPT_MINSALT",		NULL },
>+ 	{ "CRYPT_PREFIX",		NULL },
>+ 	{ "CRYPT_ROUNDS",		NULL },
>+ #endif /* HAVE_CRYPT_GENSALT */
>  	{"DEFAULT_HOME", NULL},
>  	{"ENV_PATH", NULL},
>  	{"ENV_SUPATH", NULL},
>***************
>*** 94,100 ****
>  	{"LOGIN_STRING", NULL},
>  	{"MAIL_CHECK_ENAB", NULL},
>  	{"MAIL_FILE", NULL},
>! 	{"MD5_CRYPT_ENAB", NULL},
>  	{"MOTD_FILE", NULL},
>  	{"NOLOGINS_FILE", NULL},
>  	{"OBSCURE_CHECKS_ENAB", NULL},
>--- 100,108 ----
>  	{"LOGIN_STRING", NULL},
>  	{"MAIL_CHECK_ENAB", NULL},
>  	{"MAIL_FILE", NULL},
>! #ifndef HAVE_CRYPT_GENSALT
>!  	{ "MD5_CRYPT_ENAB",		NULL },
>! #endif /* ! HAVE_CRYPT_GENSALT */
>  	{"MOTD_FILE", NULL},
>  	{"NOLOGINS_FILE", NULL},
>  	{"OBSCURE_CHECKS_ENAB", NULL},
>diff -c -r shadow-4.0.13/libmisc/obscure.c shadow-4.0.13-1/libmisc/obscure.c
>*** shadow-4.0.13/libmisc/obscure.c	2005-08-31 12:24:57.000000000 -0500
>--- shadow-4.0.13-1/libmisc/obscure.c	2005-10-24 19:30:46.000000000 -0500
>***************
>*** 233,240 ****
>--- 233,242 ----
>  	   Example: "password$%^&*123".  So check it again, this time
>  	   truncated to the maximum length.  Idea from npasswd.  --marekm */
>
>+ #ifndef HAVE_CRYPT_GENSALT
>  	if (getdef_bool ("MD5_CRYPT_ENAB"))
>  		return NULL;	/* unlimited password length */
>+ #endif
>
>  	maxlen = getdef_num ("PASS_MAX_LEN", 8);
>  	if (oldlen <= maxlen && newlen <= maxlen)
>diff -c -r shadow-4.0.13/libmisc/salt.c shadow-4.0.13-1/libmisc/salt.c
>*** shadow-4.0.13/libmisc/salt.c	2005-08-31 12:24:58.000000000 -0500
>--- shadow-4.0.13-1/libmisc/salt.c	2005-10-24 19:44:23.000000000 -0500
>***************
>*** 3,15 ****
>--- 3,108 ----
>   *
>   * Written by Marek Michalkiewicz <marekm at i17linuxb.ists.pwr.wroc.pl>,
>   * public domain.
>+  *
>+  * Broken by Matt Dainty <madmatt at bits.bris.ac.uk>
>   */
>
>+ #define _OW_SOURCE
>+
>  #include <config.h>
>
>  #ident "$Id: salt.c,v 1.10 2005/08/31 17:24:58 kloczek Exp $"
>
>  #include <sys/time.h>
>+ #ifdef HAVE_CRYPT_GENSALT
>+ #include <errno.h>
>+ #include <sys/types.h>
>+ #include <sys/stat.h>
>+ #include <fcntl.h>
>+ #include <crypt.h>
>+ #include "getdef.h"
>+
>+ /* Soopa-doopa salt generation function. There isn't anything algorithm
>+  * specific in here, although it does require the Openwall-patched glibc to
>+  * provide the crypt_gensalt() function, as well as make use of Blowfish-based
>+  * hashing.
>+  *
>+  * All parameters can be customised from the /etc/login.defs file
>+  *
>+  * Written by Matt Dainty <madmatt at bits.bris.ac.uk>
>+  */
>+ char *
>+ crypt_make_salt(void)
>+ {
>+ 	char *result, *salt;
>+ 	int fd, offset, minsalt, maxsalt, count;
>+
>+ 	minsalt = getdef_num( "CRYPT_MINSALT", 16 );
>+ 	maxsalt = getdef_num( "CRYPT_MAXSALT", 32 );
>+
>+ 	if( minsalt > maxsalt ) {
>+ 		fprintf( stderr, "Check the CRYPT_MINSALT and CRYPT_MAXSALT settings!\n" );
>+ 		exit(1);
>+ 	}
>+
>+ 	if( ( salt = ( char * ) malloc( maxsalt ) ) == NULL ) {
>+ 		fprintf( stderr, "Can't allocate %d bytes of memory\n", maxsalt );
>+ 		exit(1);
>+ 	}
>+
>+ 	if( ( fd = open( RANDOM_FILE, O_RDONLY ) ) < 0 ) {
>+ 		fprintf( stderr, "Can't open %s for reading\n", RANDOM_FILE );
>+ 		free( salt );
>+ 		exit(1);
>+ 	}
>+
>+ 	offset = 0;
>+ 	result = NULL;
>+
>+ 	while( !result ) {
>+ 		while( offset < minsalt ) {
>+ 			count = read( fd, &salt[offset], minsalt - offset );
>+ 			if( count <= 0 ) {
>+ 				if( errno == EINTR )
>+ 					continue;
>+ 				goto finish;
>+ 			}
>+ 			offset += count;
>+ 		}
>+ 		result = crypt_gensalt( getdef_str( "CRYPT_PREFIX" ),
>+ 					getdef_num( "CRYPT_ROUNDS", 0 ),
>+ 					salt, minsalt );
>+
>+ 		if( !result && errno == EINVAL ) {
>+ 			if( minsalt < maxsalt ) {
>+ 				minsalt++;
>+ 			} else {
>+ 				fprintf( stderr, "CRYPT_PREFIX or CRYPT_ROUNDS is set incorrectly\n" );
>+ 				goto finish;
>+ 			}
>+ 		}
>+ 	}
>+
>+ finish:
>+ 	if( salt )
>+ 		free( salt );
>+ 	if( fd )
>+ 		close( fd );
>+
>+ 	/* XXX	If we return the salt string as NULL, crypt will currently
>+ 	 * 	segfault, so if have we a NULL salt string, exit here.
>+ 	 * 	Otherwise, every invocation of crypt_make_salt() will have to
>+ 	 * 	check for a NULL return value.
>+ 	 *
>+ 	 * 	This way, I don't muck up any more code! :-)
>+ 	 */
>+ 	if( result )
>+ 		return result;
>+
>+ 	exit(1);
>+ }
>+ #elif 1 /* HAVE_CRYPT_GENSALT */
>+
>  #include <stdlib.h>
>  #include "prototypes.h"
>  #include "defines.h"
>***************
>*** 44,46 ****
>--- 137,140 ----
>
>  	return result;
>  }
>+ #endif
>\ No newline at end of file
>diff -c -r shadow-4.0.13/src/passwd.c shadow-4.0.13-1/src/passwd.c
>*** shadow-4.0.13/src/passwd.c	2005-09-15 11:44:13.000000000 -0500
>--- shadow-4.0.13-1/src/passwd.c	2005-10-24 19:36:20.000000000 -0500
>***************
>*** 236,244 ****
>--- 236,246 ----
>  	 * for strength, unless it is the root user. This provides an escape
>  	 * for initial login passwords.
>  	 */
>+ #ifndef HAVE_CRYPT_GENSALT
>  	if (getdef_bool ("MD5_CRYPT_ENAB"))
>  		pass_max_len = 127;
>  	else
>+ #endif
>  		pass_max_len = getdef_num ("PASS_MAX_LEN", 8);
>
>  	if (!qflg)
>
>  
>




More information about the hlfs-dev mailing list