diff options
| author | peter <peter@FreeBSD.org> | 2000-12-28 10:32:02 +0000 |
|---|---|---|
| committer | peter <peter@FreeBSD.org> | 2000-12-28 10:32:02 +0000 |
| commit | 117ae0dab37bc1cc35a0315ff2df8e77e35977e1 (patch) | |
| tree | f0d0cfdbc7bfc57a3aa8de23f9d6d7e0a7bfa0de /lib/libcrypt/crypt.c | |
| parent | f49769785010468be1e939afb84ceafc62153c2c (diff) | |
| download | FreeBSD-src-117ae0dab37bc1cc35a0315ff2df8e77e35977e1.zip FreeBSD-src-117ae0dab37bc1cc35a0315ff2df8e77e35977e1.tar.gz | |
Merge into a single US-exportable libcrypt, which only provides
one-way hash functions for authentication purposes. There is no more
"set the libcrypt->libXXXcrypt" nightmare.
- Undo the libmd.so hack, use -D to hide the md5c.c internals.
- Remove the symlink hacks in release/Makefile
- the algorthm is set by set_crypt_format() as before. If this is
not called, it tries to heuristically figure out the hash format, and
if all else fails, it uses the optional auth.conf entry to chose the
overall default hash.
- Since source has non-hidden crypto in it there may be some issues with
having the source it in some countries, so preserve the "secure/*"
division. You can still build a des-free libcrypt library if you want
to badly enough. This should not be a problem in the US or exporting
from the US as freebsd.org had notified BXA some time ago. That makes
this stuff re-exportable by anyone.
- For consistancy, the default in absence of any other clues is md5. This
is to try and minimize POLA across buildworld where folk may suddenly
be activating des-crypt()-hash support. Since the des hash may not
always be present, it seemed sensible to make the stronger md5 algorithm
the default.
All things being equal, no functionality is lost.
Reviewed-by: jkh
(flame-proof suit on)
Diffstat (limited to 'lib/libcrypt/crypt.c')
| -rw-r--r-- | lib/libcrypt/crypt.c | 50 |
1 files changed, 40 insertions, 10 deletions
diff --git a/lib/libcrypt/crypt.c b/lib/libcrypt/crypt.c index abb1ef3..989d745 100644 --- a/lib/libcrypt/crypt.c +++ b/lib/libcrypt/crypt.c @@ -28,10 +28,13 @@ */ #if defined(LIBC_SCCS) && !defined(lint) -static char rcsid[] = "$FreeBSD$"; +static const char rcsid[] = +"$FreeBSD$"; #endif /* LIBC_SCCS and not lint */ +#include <sys/types.h> #include <string.h> +#include <libutil.h> #include "crypt.h" static const struct { @@ -39,7 +42,12 @@ static const struct { char *(*const func)(const char *, const char *); const char *const magic; } crypt_types[] = { -#ifdef NONEXPORTABLE_CRYPT + { + "md5", + crypt_md5, + "$1$" + }, +#ifdef HAS_DES { "des", crypt_des, @@ -47,28 +55,49 @@ static const struct { }, #endif { - "md5", - crypt_md5, - "$1$" - }, - { NULL, NULL } }; -static int crypt_type = 0; +static int crypt_type = -1; + +static void +crypt_setdefault(void) +{ + char *def; + int i; + + if (crypt_type != -1) + return; + def = auth_getval("crypt_default"); + if (def == NULL) { + crypt_type = 0; + return; + } + for (i = 0; i < sizeof(crypt_types) / sizeof(crypt_types[0]) - 1; i++) { + if (strcmp(def, crypt_types[i].name) == 0) { + crypt_type = i; + return; + } + } + crypt_type = 0; +} const char * -crypt_get_format(void) { +crypt_get_format(void) +{ + crypt_setdefault(); return (crypt_types[crypt_type].name); } int -crypt_set_format(char *type) { +crypt_set_format(char *type) +{ int i; + crypt_setdefault(); for (i = 0; i < sizeof(crypt_types) / sizeof(crypt_types[0]) - 1; i++) { if (strcmp(type, crypt_types[i].name) == 0) { crypt_type = i; @@ -83,6 +112,7 @@ crypt(char *passwd, char *salt) { int i; + crypt_setdefault(); for (i = 0; i < sizeof(crypt_types) / sizeof(crypt_types[0]) - 1; i++) { if (crypt_types[i].magic != NULL && strncmp(salt, crypt_types[i].magic, strlen(crypt_types[i].magic)) == 0) |
