From 117ae0dab37bc1cc35a0315ff2df8e77e35977e1 Mon Sep 17 00:00:00 2001
From: peter <peter@FreeBSD.org>
Date: Thu, 28 Dec 2000 10:32:02 +0000
Subject: Merge into a single US-exportable libcrypt, which only provides
 one-way hash functions for authentication purposes.  There is no more "set
 the libcrypt->libXXXcrypt" nightmare. - Undo the libmd.so hack, use -D to
 hide the md5c.c internals. - Remove the symlink hacks in release/Makefile -
 the algorthm is set by set_crypt_format() as before.  If this is   not
 called, it tries to heuristically figure out the hash format, and   if all
 else fails, it uses the optional auth.conf entry to chose the   overall
 default hash. - Since source has non-hidden crypto in it there may be some
 issues with   having the source it in some countries, so preserve the
 "secure/*"   division.  You can still build a des-free libcrypt library if
 you want   to badly enough.  This should not be a problem in the US or
 exporting   from the US as freebsd.org had notified BXA some time ago.  That
 makes   this stuff re-exportable by anyone. - For consistancy, the default in
 absence of any other clues is md5.  This   is to try and minimize POLA across
 buildworld where folk may suddenly   be activating des-crypt()-hash support. 
 Since the des hash may not   always be present, it seemed sensible to make
 the stronger md5 algorithm   the default. All things being equal, no
 functionality is lost.

Reviewed-by: jkh

(flame-proof suit on)
---
 lib/libcrypt/crypt.c | 50 ++++++++++++++++++++++++++++++++++++++++----------
 1 file changed, 40 insertions(+), 10 deletions(-)

(limited to 'lib/libcrypt/crypt.c')

diff --git a/lib/libcrypt/crypt.c b/lib/libcrypt/crypt.c
index abb1ef3..989d745 100644
--- a/lib/libcrypt/crypt.c
+++ b/lib/libcrypt/crypt.c
@@ -28,10 +28,13 @@
  */
 
 #if defined(LIBC_SCCS) && !defined(lint)
-static char rcsid[] = "$FreeBSD$";
+static const char rcsid[] =
+"$FreeBSD$";
 #endif /* LIBC_SCCS and not lint */
 
+#include <sys/types.h>
 #include <string.h>
+#include <libutil.h>
 #include "crypt.h"
 
 static const struct {
@@ -39,7 +42,12 @@ static const struct {
 	char *(*const func)(const char *, const char *);
 	const char *const magic;
 } crypt_types[] = {
-#ifdef NONEXPORTABLE_CRYPT
+	{
+		"md5",
+		crypt_md5,
+		"$1$"
+	},
+#ifdef HAS_DES
 	{
 		"des",
 		crypt_des,
@@ -47,28 +55,49 @@ static const struct {
 	},
 #endif
 	{
-		"md5",
-		crypt_md5,
-		"$1$"
-	},
-	{
 		NULL,
 		NULL
 	}
 };
 
-static int crypt_type = 0;
+static int crypt_type = -1;
+
+static void
+crypt_setdefault(void)
+{
+	char *def;
+	int i;
+
+	if (crypt_type != -1)
+		return;
+	def = auth_getval("crypt_default");
+	if (def == NULL) {
+		crypt_type = 0;
+		return;
+	}
+	for (i = 0; i < sizeof(crypt_types) / sizeof(crypt_types[0]) - 1; i++) {
+		if (strcmp(def, crypt_types[i].name) == 0) {
+			crypt_type = i;
+			return;
+		}
+	}
+	crypt_type = 0;
+}
 
 const char *
-crypt_get_format(void) {
+crypt_get_format(void)
+{
 
+	crypt_setdefault();
 	return (crypt_types[crypt_type].name);
 }
 
 int
-crypt_set_format(char *type) {
+crypt_set_format(char *type)
+{
 	int i;
 
+	crypt_setdefault();
 	for (i = 0; i < sizeof(crypt_types) / sizeof(crypt_types[0]) - 1; i++) {
 		if (strcmp(type, crypt_types[i].name) == 0) {
 			crypt_type = i;
@@ -83,6 +112,7 @@ crypt(char *passwd, char *salt)
 {
 	int i;
 
+	crypt_setdefault();
 	for (i = 0; i < sizeof(crypt_types) / sizeof(crypt_types[0]) - 1; i++) {
 		if (crypt_types[i].magic != NULL && strncmp(salt,
 		    crypt_types[i].magic, strlen(crypt_types[i].magic)) == 0)
-- 
cgit v1.1