* configure.in: New configure option: --with-sha-crypt enabled by
default. Keeping the feature enabled is safe. Disabling it permits to disable the references to the SHA256 and SHA512 password encryption algorithms from the usage help and manuals (in addition to the support for these algorithms in the code). * libmisc/obscure.c, libmisc/salt.c, src/newusers.c, src/chpasswd.c, src/chgpasswd.c, src/passwd.c: ENCRYPT_METHOD is always supported in login.defs. Remove the ENCRYPTMETHOD_SELECT preprocessor condition. * libmisc/obscure.c, libmisc/salt.c, src/newusers.c, src/chpasswd.c, src/chgpasswd.c, src/passwd.c: Disable SHA256 and SHA512 if USE_SHA_CRYPT is not defined (this corresponds to a subset of the ENCRYPTMETHOD_SELECT sections).
This commit is contained in:
nekral-guest
@@ -210,9 +210,7 @@ static const char *password_check (const char *old, const char *new,
|
||||
int maxlen, oldlen, newlen;
|
||||
char *new1, *old1;
|
||||
const char *msg;
|
||||
#ifdef ENCRYPTMETHOD_SELECT
|
||||
char *result;
|
||||
#endif
|
||||
|
||||
oldlen = strlen (old);
|
||||
newlen = strlen (new);
|
||||
@@ -230,9 +228,7 @@ static const char *password_check (const char *old, const char *new,
|
||||
if (msg)
|
||||
return msg;
|
||||
|
||||
#ifdef ENCRYPTMETHOD_SELECT
|
||||
if ((result = getdef_str ("ENCRYPT_METHOD")) == NULL) {
|
||||
#endif
|
||||
/* The traditional crypt() truncates passwords to 8 chars. It is
|
||||
possible to circumvent the above checks by choosing an easy
|
||||
8-char password and adding some random characters to it...
|
||||
@@ -242,16 +238,17 @@ static const char *password_check (const char *old, const char *new,
|
||||
if (getdef_bool ("MD5_CRYPT_ENAB"))
|
||||
return NULL;
|
||||
|
||||
#ifdef ENCRYPTMETHOD_SELECT
|
||||
} else {
|
||||
|
||||
if (!strcmp (result, "MD5") ||
|
||||
!strcmp (result, "SHA256") ||
|
||||
!strcmp (result, "SHA512"))
|
||||
if ( !strcmp (result, "MD5")
|
||||
#ifdef USE_SHA_CRYPT
|
||||
|| !strcmp (result, "SHA256")
|
||||
|| !strcmp (result, "SHA512")
|
||||
#endif
|
||||
)
|
||||
return NULL;
|
||||
|
||||
}
|
||||
#endif
|
||||
maxlen = getdef_num ("PASS_MAX_LEN", 8);
|
||||
if (oldlen <= maxlen && newlen <= maxlen)
|
||||
return NULL;
|
||||
|
||||
@@ -58,7 +58,7 @@ char *l64a(long value)
|
||||
*/
|
||||
#define MAGNUM(array,ch) (array)[0]=(array)[2]='$',(array)[1]=(ch),(array)[3]='\0'
|
||||
|
||||
#ifdef ENCRYPTMETHOD_SELECT
|
||||
#ifdef USE_SHA_CRYPT
|
||||
/*
|
||||
* Return the salt size.
|
||||
* The size of the salt string is between 8 and 16 bytes for the SHA crypt
|
||||
@@ -187,15 +187,13 @@ char *crypt_make_salt (char *meth, void *arg)
|
||||
if (NULL != meth)
|
||||
method = meth;
|
||||
else {
|
||||
#ifdef ENCRYPTMETHOD_SELECT
|
||||
if ((method = getdef_str ("ENCRYPT_METHOD")) == NULL)
|
||||
#endif
|
||||
method = getdef_bool ("MD5_CRYPT_ENAB") ? "MD5" : "DES";
|
||||
}
|
||||
|
||||
if (!strcmp (method, "MD5")) {
|
||||
MAGNUM(result, '1');
|
||||
#ifdef ENCRYPTMETHOD_SELECT
|
||||
#ifdef USE_SHA_CRYPT
|
||||
} else if (!strcmp (method, "SHA256")) {
|
||||
MAGNUM(result, '5');
|
||||
strcat(result, SHA_salt_rounds((int *)arg));
|
||||
|
||||
Reference in New Issue
Block a user