4 files changed, 40 insertions, 2 deletions

diff --git a/lib/libutil/Makefile b/lib/libutil/Makefile
index 3b83b41e..9cc5ef5 100644
--- a/lib/libutil/Makefile
+++ b/lib/libutil/Makefile
@@ -10,6 +10,10 @@ SRCS=	login.c login_tty.c logout.c logwtmp.c pty.c setproctitle.c \
 	login_cap.c login_class.c login_auth.c login_times.c login_ok.c \
 	_secure_path.c uucplock.c property.c auth.c realhostname.c fparseln.c
 INCS=	libutil.h login_cap.h
+
+LDADD+=	-lcrypt
+DPADD+=	${LIBCRYPT}
+
 MAN3+=	login.3 login_auth.3 login_tty.3 logout.3 logwtmp.3 pty.3 \
 	setproctitle.3 login_cap.3 login_class.3 login_times.3 login_ok.3 \
 	_secure_path.3 uucplock.3 property.3 auth.3 realhostname.3 \
@@ -25,7 +29,7 @@ MLINKS+=login_cap.3 login_getclassbyname.3 login_cap.3 login_close.3 \
 	login_cap.3 login_getstyle.3 login_cap.3 login_getcaptime.3 \
 	login_cap.3 login_getcapnum.3 login_cap.3 login_getcapsize.3 \
 	login_cap.3 login_getcapbool.3 login_cap.3 login_getpath.3 \
-	login_cap.3 login_getpwclass.3
+	login_cap.3 login_getpwclass.3 login_cap.3 login_setcryptfmt.3
 MLINKS+=login_class.3 setusercontext.3 login_class.3 setclasscontext.3 \
 	login_class.3 setclassenvironment.3 login_class.3 setclassresources.3
 MLINKS+=login_times.3 parse_lt.3 login_times.3 in_ltm.3 \
diff --git a/lib/libutil/login_cap.3 b/lib/libutil/login_cap.3
index 44ccd64..4bdf54f 100644
--- a/lib/libutil/login_cap.3
+++ b/lib/libutil/login_cap.3
@@ -34,7 +34,8 @@
 .Nm login_getclassbyname ,
 .Nm login_getpwclass ,
 .Nm login_getstyle ,
-.Nm login_getuserclass
+.Nm login_getuserclass ,
+.Nm login_setcryptfmt
 .Nd functions for accessing the login class capabilities database.
 .Sh LIBRARY
 .Lb libutil
@@ -67,6 +68,8 @@
 .Fn login_getcapbool "login_cap_t *lc" "const char *cap" "int def"
 .Ft char *
 .Fn login_getstyle "login_cap_t *lc" "char *style" "const char *auth"
+.Ft const char *
+.Fn login_setcryptfmt "login_cap_t *lc" "const char *def" "const char *error"
 .Sh DESCRIPTION
 These functions represent a programming interface to the login
 classes database provided in
@@ -396,8 +399,25 @@ the authentication method used for access to the system via the
 network, and standard methods via direct dialup or console
 logins, significantly reducing the risk of password discovery
 by "snooping" network packets.
+.It Fn login_setcryptfmt
+The
+.Fn login_setcryptfmt
+function is used to set the
+.Xr crypt 3
+format using the
+.Ql passwd_format
+configuration entry.
+If no entry is found,
+.Fa def
+is taken to be used as the fallback.
+If calling
+.Xr crypt_set_format 3
+on the specifier fails,
+.Fa error
+is returned to indicate this.
 .El
 .Sh SEE ALSO
+.Xr crypt 3 ,
 .Xr getcap 3 ,
 .Xr login_class 3 ,
 .Xr login.conf 5 ,
diff --git a/lib/libutil/login_cap.c b/lib/libutil/login_cap.c
index b7528b9..7410380 100644
--- a/lib/libutil/login_cap.c
+++ b/lib/libutil/login_cap.c
@@ -798,3 +798,16 @@ login_getstyle(login_cap_t *lc, char *style, const char *auth)
 
     return lc->lc_style;
 }
+
+const char *
+login_setcryptfmt(login_cap_t *lc, const char *def, const char *error)
+{
+	const char *cipher;
+
+	cipher = login_getcapstr(lc, "passwd_format", def, NULL);
+	if (cipher == NULL)
+		return (error);
+	if (!crypt_set_format(cipher))
+		return (error);
+	return (cipher);
+}
diff --git a/lib/libutil/login_cap.h b/lib/libutil/login_cap.h
index f4b3825..1320278 100644
--- a/lib/libutil/login_cap.h
+++ b/lib/libutil/login_cap.h
@@ -110,6 +110,7 @@ rlim_t login_getcapnum __P((login_cap_t *, const char *, rlim_t, rlim_t));
 rlim_t login_getcapsize __P((login_cap_t *, const char *, rlim_t, rlim_t));
 char *login_getpath __P((login_cap_t *, const char *, char *));
 int login_getcapbool __P((login_cap_t *, const char *, int));
+const char *login_setcryptfmt __P((login_cap_t *, const char *, const char *));
 
 int setclasscontext __P((const char*, unsigned int));
 int setusercontext __P((login_cap_t*, const struct passwd*, uid_t, unsigned int));