Add working and easy crypt(3)-switching. Yes, we need a whole new API

for crypt(3) by now.  In any case:

Add crypt_set_format(3) + documentation to -lcrypt.
Add login_setcryptfmt(3) + documentation to -lutil.
Support for switching crypt formats in passwd(8).
Support for switching crypt formats in pw(8).

The simple synopsis is:
edit login.conf; add a passwd_format field set to "des" or "md5"; go nuts :)

Reviewed by:	peter

4 files changed, 95 insertions, 17 deletions

diff --git a/lib/libcrypt/Makefile b/lib/libcrypt/Makefile
index 17c978e..1c54fa6 100644
--- a/lib/libcrypt/Makefile
+++ b/lib/libcrypt/Makefile
@@ -17,9 +17,10 @@ SONAME=		${LCRYPTSO}
 
 .PATH:		${.CURDIR}/../libmd
 SRCS=		crypt.c crypt-md5.c misc.c
-STATICSRCS=	md5c.c
+STATICSRCS=	md5c.c sha1c.c
 STATICOBJS=	${STATICSRCS:S/.c/.o/g}
 MAN3=		crypt.3
+MLINKS=		crypt.3 crypt_get_format.3 crypt.3 crypt_set_format.3
 CFLAGS+=	-I${.CURDIR}/../libmd
 CFLAGS+=	-DLIBC_SCCS -Wall
 PRECIOUSLIB=	yes
diff --git a/lib/libcrypt/crypt.3 b/lib/libcrypt/crypt.3
index e9f98c1..81f6261 100644
--- a/lib/libcrypt/crypt.3
+++ b/lib/libcrypt/crypt.3
@@ -43,6 +43,10 @@
 .Fd #include <unistd.h>
 .Ft char *
 .Fn crypt "const char *key" "const char *salt"
+.Ft const char *
+.Fn crypt_get_format "void"
+.Ft int
+.Fn crypt_set_format "const char *string"
 .Sh DESCRIPTION
 The
 .Fn crypt
@@ -59,10 +63,12 @@ Currently these include the
 .Tn Data Encryption Standard (DES) ,
 and
 .Tn MD5 .
-The algorithm used will depend upon the format of the Salt--following
-the Modular Crypt Format (MCF)--and if
+The algorithm used will depend upon the format of the Salt (following
+the Modular Crypt Format (MCF)), if
 .Tn DES
-is installed or not.
+is installed or not, and whether
+.Fn crypt_set_format
+has been called to change the default.
 .Pp
 The first argument to
 .Nm
@@ -177,10 +183,15 @@ Other crypt formats may be easilly added.  An example salt would be:
 .Ss "Traditional" crypt:
 .Pp
 The algorithm used will depend upon whether
+.Fn crypt_set_format
+has been called and whether
 .Tn DES
-is installed or not.  If it is,
+is installed or not.  If
 .Tn DES
-will be used.  Otherwise, the best algorithm is used, which is currently
+is installed and
+.Fn crypt_set_format
+has not set the format to something else, it will be used.
+Otherwise, the best algorithm is used, which is currently
 .\"
 .\" NOTICE: Also make sure to update this
 .\"
@@ -188,6 +199,23 @@ MD5.
 .Pp
 How the salt is used will depend upon the algorithm for the hash.  For
 best results, specify at least two characters of salt.
+.Pp
+The
+.Fn crypt_get_format
+function returns a constant string that represents the name of the
+algorithm currently used.
+Valid values are
+.\"
+.\" NOTICE: Also make sure to update this, too, as well
+.\"
+.Ql des
+and
+.Ql md5 .
+.Pp
+The
+.Fn crypt_set_format
+function sets the default encoding format according to the supplied
+.Fa string .
 .Sh RETURN VALUES
 .Pp
 .Fn crypt
@@ -195,6 +223,10 @@ returns a pointer to the encrypted value on success, and NULL on failure.
 Note: this is not a standard behaviour, AT&T
 .Fn crypt
 will always return a pointer to a string.
+.Pp
+.Fn crypt_set_format
+will return 1 if the supplied encoding format was valid.
+Otherwise, a value of 0 is returned.
 .Sh SEE ALSO
 .Xr login 1 ,
 .Xr passwd 1 ,
@@ -206,7 +238,9 @@ The
 .Fn crypt
 function returns a pointer to static data, and subsequent calls to
 .Fn crypt
-will modify the same data.
+will modify the same data.  Likewise,
+.Fn crypt_set_format
+modifies static data.
 .Sh HISTORY
 A rotor-based
 .Fn crypt
@@ -230,6 +264,7 @@ Originally written by
 .An David Burren Aq davidb@werj.com.au ,
 later additions and changes by
 .An Poul-henning Kamp ,
-.An Mark R V Murray
-and
+.An Mark R V Murray ,
 .An Kris Kennaway .
+and
+.An Brian Feldman .
diff --git a/lib/libcrypt/crypt.c b/lib/libcrypt/crypt.c
index e040be1..7a61b42 100644
--- a/lib/libcrypt/crypt.c
+++ b/lib/libcrypt/crypt.c
@@ -34,14 +34,57 @@ static char rcsid[] = "$FreeBSD$";
 #include <string.h>
 #include "crypt.h"
 
+static const struct {
+	const char *const name;
+	char *(*const func)(const char *, const char *);
+	const char *const magic;
+} crypt_types[] = {
+	{
+		"des",
+		crypt_des,
+		NULL
+	},
+	{
+		"md5",
+		crypt_md5,
+		"$1$"
+	},
+	{
+		NULL,
+		NULL
+	}
+};
+
+static int crypt_type = 0;
+
+const char *
+crypt_get_format(void) {
+
+	return (crypt_types[crypt_type].name);
+}
+
+int
+crypt_set_format(char *type) {
+	int i;
+
+	for (i = 0; i < sizeof(crypt_types) / sizeof(crypt_types[0]) - 1; i++) {
+		if (strcmp(type, crypt_types[i].name) == 0) {
+			crypt_type = i;
+			return (1);
+		}
+	}
+	return (0);
+}
+
 char *
 crypt(char *passwd, char *salt)
 {
-	if (!strncmp(salt, "$1$", 3))
-		return crypt_md5(passwd, salt);
-#ifdef NONEXPORTABLE_CRYPT
-	return crypt_des(passwd, salt);
-#else
-	return crypt_md5(passwd, salt);
-#endif
+	int i;
+
+	for (i = 0; i < sizeof(crypt_types) / sizeof(crypt_types[0]) - 1; i++) {
+		if (crypt_types[i].magic != NULL && strncmp(salt,
+		    crypt_types[i].magic, strlen(crypt_types[i].magic)) == 0)
+			return (crypt_types[i].func(passwd, salt));
+	}
+	return (crypt_types[crypt_type].func(passwd, salt));
 }
diff --git a/lib/libcrypt/crypt.h b/lib/libcrypt/crypt.h
index 8920986c..3544f89 100644
--- a/lib/libcrypt/crypt.h
+++ b/lib/libcrypt/crypt.h
@@ -29,7 +29,6 @@
 
 /* magic sizes */
 #define MD5_SIZE 16
-#define SHS_SIZE 20
 
 char *crypt_des(const char *pw, const char *salt);
 char *crypt_md5(const char *pw, const char *salt);