diff options
| -rw-r--r-- | etc/auth.conf | 2 | ||||
| -rw-r--r-- | lib/Makefile | 9 | ||||
| -rw-r--r-- | lib/libcrypt/Makefile | 70 | ||||
| -rw-r--r-- | lib/libcrypt/crypt-md5.c | 43 | ||||
| -rw-r--r-- | lib/libcrypt/crypt.3 | 19 | ||||
| -rw-r--r-- | lib/libcrypt/crypt.c | 50 | ||||
| -rw-r--r-- | release/Makefile | 9 | ||||
| -rw-r--r-- | secure/lib/libcrypt/Makefile | 73 |
8 files changed, 70 insertions, 205 deletions
diff --git a/etc/auth.conf b/etc/auth.conf index afdf552..5e9179a 100644 --- a/etc/auth.conf +++ b/etc/auth.conf @@ -4,7 +4,7 @@ # This file contains information on what types of authentication to use. # It is just the beginnings of a greater scheme. -# auth_default = des +# crypt_default = md5 des # auth_list = passwd kerberos auth_list = passwd diff --git a/lib/Makefile b/lib/Makefile index 3db3e82..e84d25d2 100644 --- a/lib/Makefile +++ b/lib/Makefile @@ -19,7 +19,7 @@ # # Otherwise, the SUBDIR list should be in alphabetical order. -SUBDIR= ${_csu} libcom_err ${_libcrypt} msun libmd \ +SUBDIR= ${_csu} libcom_err libcrypt msun libmd \ libncurses libradius libskey libtacplus libutil \ ${_compat} libalias libatm ${_libbind} libc ${_libc_r} libcalendar \ libcam libcompat libdevstat libdisk libedit libfetch libform \ @@ -43,13 +43,6 @@ _libc_r= libc_r _libbind= libbind .endif -_libcrypt= libcrypt -.if exists(${.CURDIR}/../secure) && !defined(NOSECURE) && !defined(NOCRYPT) && !defined(NO_DESCRYPT) -# Build both libraries. They have different names, so no harm, -# and this avoids having stale libscrypt.* -_libcrypt+= ../secure/lib/libcrypt -.endif - .if ${MACHINE_ARCH} == "i386" _compat= compat _libncp= libncp diff --git a/lib/libcrypt/Makefile b/lib/libcrypt/Makefile index dc6311e..55e76d3 100644 --- a/lib/libcrypt/Makefile +++ b/lib/libcrypt/Makefile @@ -3,66 +3,28 @@ # SHLIB_MAJOR= 2 -LIB= scrypt - -LCRYPTBASE= libcrypt -LSCRYPTBASE= lib${LIB} - -LCRYPTSO= ${LCRYPTBASE}.so.${SHLIB_MAJOR} -LSCRYPTSO= ${LSCRYPTBASE}.so.${SHLIB_MAJOR} - -.if ${OBJFORMAT} == elf -SONAME= ${LCRYPTSO} -.endif +LIB= crypt .PATH: ${.CURDIR}/../libmd -SRCS= crypt.c crypt-md5.c misc.c -STATICSRCS= md5c.c -STATICOBJS= ${STATICSRCS:S/.c/.o/g} +SRCS= crypt.c crypt-md5.c md5c.c misc.c MAN3= crypt.3 MLINKS= crypt.3 crypt_get_format.3 crypt.3 crypt_set_format.3 CFLAGS+= -I${.CURDIR}/../libmd CFLAGS+= -DLIBC_SCCS -Wall +# Pull in the crypt-des.c source, assuming it is present. +.if exists(${.CURDIR}/../../secure/lib/libcrypt/crypt-des.c) && \ + !defined(NOSECURE) && !defined(NOCRYPT) +.PATH: ${.CURDIR}/../../secure/lib/libcrypt +SRCS+= crypt-des.c +CFLAGS+= -I${.CURDIR} -DHAS_DES +.endif +# And the auth_getval() code and support. +.PATH: ${.CURDIR}/../libutil +SRCS+= auth.c property.c +.for sym in MD5Init MD5Final MD5Update MD5Pad auth_getval \ + property_find properties_read properties_free +CFLAGS+= -D${sym}=__${sym} +.endfor PRECIOUSLIB= yes -# Include this early to pick up the definitions of SHLIB_MAJOR and -# SHLIB_MINOR which are used in the existence tests. -.include "${.CURDIR}/../Makefile.inc" - -# We only install the links if they do not already exist. -# This may have to be revised -.if !exists(${DESTDIR}${LIBDIR}/${LCRYPTBASE}.a) -SYMLINKS+= ${LSCRYPTBASE}.a ${LIBDIR}/${LCRYPTBASE}.a -.endif -.if !defined(NOPROFILE) && !exists(${DESTDIR}${LIBDIR}/${LCRYPTBASE}_p.a) -SYMLINKS+= ${LSCRYPTBASE}_p.a ${LIBDIR}/${LCRYPTBASE}_p.a -.endif -.if !defined(NOPIC) && !exists(${DESTDIR}${SHLIBDIR}/${LCRYPTSO}) -SYMLINKS+= ${LSCRYPTSO} ${SHLIBDIR}/${LCRYPTSO} -.endif -.if !defined(NOPIC) && ${OBJFORMAT} == elf && \ - !exists(${DESTDIR}${SHLIBDIR}/${LCRYPTBASE}.so) -SYMLINKS+= ${LSCRYPTBASE}.so ${SHLIBDIR}/${LCRYPTBASE}.so -.endif - .include <bsd.lib.mk> - -afterinstall: -.if !defined(NOPIC) - @cd ${DESTDIR}${SHLIBDIR}; \ - rm -f ${LCRYPTSO}; \ - ln -sf ${LSCRYPTSO} ${LCRYPTSO}; -.endif -.if !defined(NOPIC) && ${OBJFORMAT} == elf - @cd ${DESTDIR}${SHLIBDIR}; \ - rm -f ${LCRYPTBASE}.so; \ - ln -sf ${LSCRYPTBASE}.so libcrypt.so -.endif - @cd ${DESTDIR}${LIBDIR}; \ - rm -f ${LCRYPTBASE}.a; \ - ln -sf ${LSCRYPTBASE}.a libcrypt.a -.if !defined(NOPROFILE) - @cd ${DESTDIR}${LIBDIR}; \ - rm -f ${LCRYPTBASE}_p.a; \ - ln -sf ${LSCRYPTBASE}_p.a libcrypt_p.a -.endif diff --git a/lib/libcrypt/crypt-md5.c b/lib/libcrypt/crypt-md5.c index c112bd8..6b639cc 100644 --- a/lib/libcrypt/crypt-md5.c +++ b/lib/libcrypt/crypt-md5.c @@ -22,18 +22,6 @@ static const char rcsid[] = \ #include <err.h> #include "crypt.h" -#ifdef __PIC__ -#include <dlfcn.h> - -#define MD5Init(ctx) dl_MD5Init(ctx) -#define MD5Update(ctx, data, len) dl_MD5Update(ctx, data, len) -#define MD5Final(dgst, ctx) dl_MD5Final(dgst, ctx) - -static void (*dl_MD5Init)(MD5_CTX *); -static void (*dl_MD5Update)(MD5_CTX *, const unsigned char *, unsigned int); -static void (*dl_MD5Final)(unsigned char digest[16], MD5_CTX *); -#endif - /* * UNIX password */ @@ -55,9 +43,6 @@ crypt_md5(pw, salt) int sl,pl,i; MD5_CTX ctx,ctx1; unsigned long l; -#ifdef __PIC__ - void *libmd; -#endif /* Refine the Salt first */ sp = salt; @@ -73,31 +58,6 @@ crypt_md5(pw, salt) /* get the length of the true salt */ sl = ep - sp; -#ifdef __PIC__ - libmd = dlopen("libmd.so", RTLD_NOW); - if (libmd == NULL) { - warnx("libcrypt-md5: dlopen(libmd.so): %s\n", dlerror()); - return NULL; - } - dl_MD5Init = dlsym(libmd, "MD5Init"); - if (dl_MD5Init == NULL) { - warnx("libcrypt-md5: looking for MD5Init: %s\n", dlerror()); - dlclose(libmd); - return NULL; - } - dl_MD5Update = dlsym(libmd, "MD5Update"); - if (dl_MD5Update == NULL) { - warnx("libcrypt-md5: looking for MD5Update: %s\n", dlerror()); - dlclose(libmd); - return NULL; - } - dl_MD5Final = dlsym(libmd, "MD5Final"); - if (dl_MD5Final == NULL) { - warnx("libcrypt-md5: looking for MD5Final: %s\n", dlerror()); - dlclose(libmd); - return NULL; - } -#endif MD5Init(&ctx); /* The password first, since that is what is most unknown */ @@ -160,9 +120,6 @@ crypt_md5(pw, salt) MD5Final(final,&ctx1); } -#ifdef __PIC__ - dlclose(libmd); -#endif p = passwd + strlen(passwd); l = (final[ 0]<<16) | (final[ 6]<<8) | final[12]; diff --git a/lib/libcrypt/crypt.3 b/lib/libcrypt/crypt.3 index 0db73fa..1d786aa 100644 --- a/lib/libcrypt/crypt.3 +++ b/lib/libcrypt/crypt.3 @@ -184,14 +184,11 @@ Other crypt formats may be easilly added. An example salt would be: .Pp The algorithm used will depend upon whether .Fn crypt_set_format -has been called and whether -.Tn DES -is installed or not. If -.Tn DES -is installed and +has been called and whether a global default format has been specified. +Unless a global default has been specified or .Fn crypt_set_format -has not set the format to something else, it will be used. -Otherwise, the best algorithm is used, which is currently +has set the format to something else, the best algorithm is used +which is currently .\" .\" NOTICE: Also make sure to update this .\" @@ -216,6 +213,12 @@ The .Fn crypt_set_format function sets the default encoding format according to the supplied .Fa string . +.Pp +The global default format can be set using the +.Pa /etc/auth.conf +file using the +.Ql crypt_format +property. .Sh RETURN VALUES .Pp .Fn crypt @@ -230,8 +233,10 @@ Otherwise, a value of 0 is returned. .Sh SEE ALSO .Xr login 1 , .Xr passwd 1 , +.Xr auth_getval 3 , .Xr cipher 3 , .Xr getpass 3 , +.Xr auth.conf 5 , .Xr passwd 5 , .Sh BUGS The diff --git a/lib/libcrypt/crypt.c b/lib/libcrypt/crypt.c index abb1ef3..989d745 100644 --- a/lib/libcrypt/crypt.c +++ b/lib/libcrypt/crypt.c @@ -28,10 +28,13 @@ */ #if defined(LIBC_SCCS) && !defined(lint) -static char rcsid[] = "$FreeBSD$"; +static const char rcsid[] = +"$FreeBSD$"; #endif /* LIBC_SCCS and not lint */ +#include <sys/types.h> #include <string.h> +#include <libutil.h> #include "crypt.h" static const struct { @@ -39,7 +42,12 @@ static const struct { char *(*const func)(const char *, const char *); const char *const magic; } crypt_types[] = { -#ifdef NONEXPORTABLE_CRYPT + { + "md5", + crypt_md5, + "$1$" + }, +#ifdef HAS_DES { "des", crypt_des, @@ -47,28 +55,49 @@ static const struct { }, #endif { - "md5", - crypt_md5, - "$1$" - }, - { NULL, NULL } }; -static int crypt_type = 0; +static int crypt_type = -1; + +static void +crypt_setdefault(void) +{ + char *def; + int i; + + if (crypt_type != -1) + return; + def = auth_getval("crypt_default"); + if (def == NULL) { + crypt_type = 0; + return; + } + for (i = 0; i < sizeof(crypt_types) / sizeof(crypt_types[0]) - 1; i++) { + if (strcmp(def, crypt_types[i].name) == 0) { + crypt_type = i; + return; + } + } + crypt_type = 0; +} const char * -crypt_get_format(void) { +crypt_get_format(void) +{ + crypt_setdefault(); return (crypt_types[crypt_type].name); } int -crypt_set_format(char *type) { +crypt_set_format(char *type) +{ int i; + crypt_setdefault(); for (i = 0; i < sizeof(crypt_types) / sizeof(crypt_types[0]) - 1; i++) { if (strcmp(type, crypt_types[i].name) == 0) { crypt_type = i; @@ -83,6 +112,7 @@ crypt(char *passwd, char *salt) { int i; + crypt_setdefault(); for (i = 0; i < sizeof(crypt_types) / sizeof(crypt_types[0]) - 1; i++) { if (crypt_types[i].magic != NULL && strncmp(salt, crypt_types[i].magic, strlen(crypt_types[i].magic)) == 0) diff --git a/release/Makefile b/release/Makefile index 7371499..abd5159 100644 --- a/release/Makefile +++ b/release/Makefile @@ -436,15 +436,6 @@ release.5: fi \ done \ - # Create symlinks for the MD5-based crypt lib, too. The - # automatically created links still point to the DES stuff, - # which went into its own distribution. - for i in ${RD}/trees/bin/usr/lib/libscrypt* ; do \ - c=`echo $$i | sed -e 's/libscrypt/libcrypt/'` ; \ - rm -f $$c ; \ - ln -s `basename $$i` $$c ; \ - done - # Remove all the directories we don't need. -cd ${RD}/trees && \ find ${OTHER_DISTS} ${COMPAT_DISTS} ${CRYPTO_DISTS} -depth -type d -print | xargs rmdir diff --git a/secure/lib/libcrypt/Makefile b/secure/lib/libcrypt/Makefile deleted file mode 100644 index b46df11..0000000 --- a/secure/lib/libcrypt/Makefile +++ /dev/null @@ -1,73 +0,0 @@ -# -# $FreeBSD$ -# - -SHLIB_MAJOR= 2 -LIB= descrypt - -LCRYPTBASE= libcrypt -LSCRYPTBASE= lib${LIB} - -LCRYPTSO= ${LCRYPTBASE}.so.${SHLIB_MAJOR} -LSCRYPTSO= ${LSCRYPTBASE}.so.${SHLIB_MAJOR} - -.if ${OBJFORMAT} == elf -SONAME= ${LCRYPTSO} -.endif - -.PATH: ${.CURDIR}/../../../lib/libmd ${.CURDIR}/../../../lib/libcrypt -SRCS= crypt.c crypt-md5.c misc.c -STATICSRCS= md5c.c -STATICOBJS= ${STATICSRCS:S/.c/.o/g} -SRCS+= crypt-des.c -MAN3= crypt.3 -MLINKS= crypt.3 crypt_get_format.3 crypt.3 crypt_set_format.3 -CFLAGS+= -I${.CURDIR}/../../../lib/libmd -CFLAGS+= -I${.CURDIR}/../../../lib/libcrypt -CFLAGS+= -DNONEXPORTABLE_CRYPT -CFLAGS+= -DLIBC_SCCS -Wall -PRECIOUSLIB= yes - -# Include this early to pick up the definitions of SHLIB_MAJOR and -# SHLIB_MINOR which are used in the existence tests. -.include "${.CURDIR}/../../../lib/Makefile.inc" - -# We only install the links if they do not already exist. -# This may have to be revised -.if !exists(${DESTDIR}${LIBDIR}/${LCRYPTBASE}.a) -SYMLINKS+= ${LSCRYPTBASE}.a ${LIBDIR}/${LCRYPTBASE}.a -.endif -.if !defined(NOPROFILE) && !exists(${DESTDIR}${LIBDIR}/${LCRYPTBASE}_p.a) -SYMLINKS+= ${LSCRYPTBASE}_p.a ${LIBDIR}/${LCRYPTBASE}_p.a -.endif -.if !defined(NOPIC) && !exists(${DESTDIR}${SHLIBDIR}/${LCRYPTSO}) -SYMLINKS+= ${LSCRYPTSO} ${SHLIBDIR}/${LCRYPTSO} -.endif -.if !defined(NOPIC) && ${OBJFORMAT} == elf && \ - !exists(${DESTDIR}${SHLIBDIR}/${LCRYPTBASE}.so) -SYMLINKS+= ${LSCRYPTBASE}.so ${SHLIBDIR}/${LCRYPTBASE}.so -.endif - -.include <bsd.lib.mk> - -afterinstall: -.if !defined(NODESCRYPTLINKS) -.if !defined(NOPIC) - @cd ${DESTDIR}${SHLIBDIR}; \ - rm -f ${LCRYPTSO}; \ - ln -sf ${LSCRYPTSO} ${LCRYPTSO}; -.endif -.if !defined(NOPIC) && ${OBJFORMAT} == elf - @cd ${DESTDIR}${SHLIBDIR}; \ - rm -f ${LCRYPTBASE}.so; \ - ln -sf ${LSCRYPTBASE}.so libcrypt.so -.endif - @cd ${DESTDIR}${LIBDIR}; \ - rm -f ${LCRYPTBASE}.a; \ - ln -sf ${LSCRYPTBASE}.a libcrypt.a -.if !defined(NOPROFILE) - @cd ${DESTDIR}${LIBDIR}; \ - rm -f ${LCRYPTBASE}_p.a; \ - ln -sf ${LSCRYPTBASE}_p.a libcrypt_p.a -.endif -.endif |
