diff options
| author | des <des@FreeBSD.org> | 2014-10-13 15:56:47 +0000 |
|---|---|---|
| committer | des <des@FreeBSD.org> | 2014-10-13 15:56:47 +0000 |
| commit | 046882fc4fb626214b11a695a1acc99146d07e5e (patch) | |
| tree | fc9624dc0b6a2d487f55731b9669250aa9cd08e3 | |
| parent | 3ebe22f96986cbc21f68efeefe8980160cc3bcc5 (diff) | |
| download | FreeBSD-src-046882fc4fb626214b11a695a1acc99146d07e5e.zip FreeBSD-src-046882fc4fb626214b11a695a1acc99146d07e5e.tar.gz | |
MFH (r272830): change the hardcoded default back to DES
MFH (r272833): remove last vestige of MD5 password hashes
| -rw-r--r-- | lib/libcrypt/crypt.c | 17 | ||||
| -rw-r--r-- | usr.sbin/pw/pw_user.c | 4 |
2 files changed, 12 insertions, 9 deletions
diff --git a/lib/libcrypt/crypt.c b/lib/libcrypt/crypt.c index c3ca4c2..623809e 100644 --- a/lib/libcrypt/crypt.c +++ b/lib/libcrypt/crypt.c @@ -37,24 +37,26 @@ __FBSDID("$FreeBSD$"); #include "crypt.h" /* - * List of supported crypt(3) formats. The first element in the list will - * be the default. + * List of supported crypt(3) formats. + * + * The default algorithm is the last entry in the list (second-to-last + * array element since the last is a sentinel). The reason for placing + * the default last rather than first is that DES needs to be at the + * bottom for the algorithm guessing logic in crypt(3) to work correctly, + * and it needs to be the default for backward compatibility. */ static const struct crypt_format { const char *const name; char *(*const func)(const char *, const char *); const char *const magic; } crypt_formats[] = { - /* default format */ - { "sha512", crypt_sha512, "$6$" }, - - /* other supported formats */ { "md5", crypt_md5, "$1$" }, #ifdef HAS_BLOWFISH { "blf", crypt_blowfish, "$2" }, #endif { "nth", crypt_nthash, "$3$" }, { "sha256", crypt_sha256, "$5$" }, + { "sha512", crypt_sha512, "$6$" }, #ifdef HAS_DES { "des", crypt_des, "_" }, #endif @@ -63,7 +65,8 @@ static const struct crypt_format { { NULL, NULL, NULL } }; -static const struct crypt_format *crypt_format = &crypt_formats[0]; +static const struct crypt_format *crypt_format = + &crypt_formats[(sizeof crypt_formats / sizeof *crypt_formats) - 2]; #define DES_SALT_ALPHABET \ "./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz" diff --git a/usr.sbin/pw/pw_user.c b/usr.sbin/pw/pw_user.c index 36c5d9d..efb2901 100644 --- a/usr.sbin/pw/pw_user.c +++ b/usr.sbin/pw/pw_user.c @@ -615,7 +615,7 @@ pw_user(struct userconf * cnf, int mode, struct cargs * args) pwd->pw_dir = pw_homepolicy(cnf, args, pwd->pw_name); pwd->pw_shell = pw_shellpolicy(cnf, args, NULL); lc = login_getpwclass(pwd); - if (lc == NULL || login_setcryptfmt(lc, "md5", NULL) == NULL) + if (lc == NULL || login_setcryptfmt(lc, "sha512", NULL) == NULL) warn("setting crypt(3) format"); login_close(lc); pwd->pw_passwd = pw_password(cnf, args, pwd->pw_name); @@ -690,7 +690,7 @@ pw_user(struct userconf * cnf, int mode, struct cargs * args) } else { lc = login_getpwclass(pwd); if (lc == NULL || - login_setcryptfmt(lc, "md5", NULL) == NULL) + login_setcryptfmt(lc, "sha512", NULL) == NULL) warn("setting crypt(3) format"); login_close(lc); pwd->pw_passwd = pw_pwcrypt(line); |
