1 |
diff --git a/lib/getdef.c b/lib/getdef.c |
2 |
index 25c0733..a9b6c42 100644 |
3 |
--- a/lib/getdef.c |
4 |
+++ b/lib/getdef.c |
5 |
@@ -95,6 +95,8 @@ static struct itemdef def_table[] = { |
6 |
{"UMASK", NULL}, |
7 |
{"USERDEL_CMD", NULL}, |
8 |
{"USERGROUPS_ENAB", NULL}, |
9 |
+ {"CRYPT_PREFIX", NULL}, |
10 |
+ {"CRYPT_ROUNDS", NULL}, |
11 |
#ifndef USE_PAM |
12 |
{"CHFN_AUTH", NULL}, |
13 |
{"CHSH_AUTH", NULL}, |
14 |
diff --git a/libmisc/salt.c b/libmisc/salt.c |
15 |
index 6058f85..e6d03ff 100644 |
16 |
--- a/libmisc/salt.c |
17 |
+++ b/libmisc/salt.c |
18 |
@@ -1,6 +1,78 @@ |
19 |
/* |
20 |
* salt.c - generate a random salt string for crypt() |
21 |
* |
22 |
+ */ |
23 |
+ |
24 |
+#define _OW_SOURCE |
25 |
+#include <stdio.h> |
26 |
+#include <string.h> |
27 |
+#include <fcntl.h> |
28 |
+#include <stdlib.h> |
29 |
+#include <unistd.h> |
30 |
+#include <errno.h> |
31 |
+#include <crypt.h> |
32 |
+#include "config.h" |
33 |
+#include "defines.h" |
34 |
+#include "getdef.h" |
35 |
+#define RANDOM_DEVICE "/dev/urandom" |
36 |
+ |
37 |
+static int read_loop(int fd, char *buffer, int count) |
38 |
+{ |
39 |
+ int offset, block; |
40 |
+ |
41 |
+ offset = 0; |
42 |
+ while (count > 0) { |
43 |
+ block = read(fd, &buffer[offset], count); |
44 |
+ |
45 |
+ if (block < 0) { |
46 |
+ if (errno == EINTR) continue; |
47 |
+ return block; |
48 |
+ } |
49 |
+ if (!block) return offset; |
50 |
+ |
51 |
+ offset += block; |
52 |
+ count -= block; |
53 |
+ } |
54 |
+ |
55 |
+ return offset; |
56 |
+} |
57 |
+ |
58 |
+char * |
59 |
+crypt_make_salt(void) |
60 |
+{ |
61 |
+ int fd; |
62 |
+ char entropy[16]; |
63 |
+ char *retval; |
64 |
+ |
65 |
+ fd = open(RANDOM_DEVICE, O_RDONLY); |
66 |
+ if (fd < 0) { |
67 |
+ perror("open: " RANDOM_DEVICE); |
68 |
+ exit(1); |
69 |
+ } |
70 |
+ |
71 |
+ if (read_loop(fd, entropy, sizeof(entropy)) != sizeof(entropy)) { |
72 |
+ close(fd); |
73 |
+ fprintf(stderr, "Unable to obtain entropy from %s\n", |
74 |
+ RANDOM_DEVICE); |
75 |
+ exit(1); |
76 |
+ } |
77 |
+ |
78 |
+ close(fd); |
79 |
+ |
80 |
+ retval = crypt_gensalt(getdef_str("CRYPT_PREFIX") ?: "", |
81 |
+ getdef_num("CRYPT_ROUNDS", 0), entropy, sizeof(entropy)); |
82 |
+ memset(entropy, 0, sizeof(entropy)); |
83 |
+ if (!retval) { |
84 |
+ fprintf(stderr, "Unable to generate a salt, " |
85 |
+ "check your CRYPT_PREFIX and CRYPT_ROUNDS settings.\n"); |
86 |
+ exit(1); |
87 |
+ } |
88 |
+ |
89 |
+ return retval; |
90 |
+} |
91 |
+ |
92 |
+#if 0 |
93 |
+/* |
94 |
* Written by Marek Michalkiewicz <marekm@i17linuxb.ists.pwr.wroc.pl>, |
95 |
* it is in the public domain. |
96 |
* |
97 |
@@ -255,3 +327,4 @@ static /*@observer@*/const char *gensalt (size_t salt_size) |
98 |
return result; |
99 |
} |
100 |
|
101 |
+#endif |
102 |
#diff --git a/man/login.defs.5 b/man/login.defs.5 |
103 |
#index 8d2b852..38aa78a 100644 |
104 |
#--- a/man/login.defs.5 |
105 |
#+++ b/man/login.defs.5 |
106 |
#@@ -244,6 +244,9 @@ will execute this shell instead of the users\' shell specified in |
107 |
# If defined, login failures will be logged in this file in a utmp format\&. |
108 |
# .RE |
109 |
# .PP |
110 |
#+CRYPT_PREFIX (string), CRYPT_ROUNDS (number) |
111 |
#+The password hashing method and iteration count to use for group passwords that may be set with \fBgpasswd\fR(1). Please refer to \fBcrypt\fR(3) for information on supported password hashing methods. |
112 |
#+.PP |
113 |
# \fBGID_MAX\fR (number), \fBGID_MIN\fR (number) |
114 |
# .RS 4 |
115 |
# Range of group IDs used for the creation of regular groups by |
116 |
#@@ -662,7 +665,7 @@ CHSH_AUTH LOGIN_STRING |
117 |
# gpasswd |
118 |
# .RS 4 |
119 |
# ENCRYPT_METHOD MAX_MEMBERS_PER_GROUP MD5_CRYPT_ENAB |
120 |
#-SHA_CRYPT_MAX_ROUNDS SHA_CRYPT_MIN_ROUNDS |
121 |
#+SHA_CRYPT_MAX_ROUNDS SHA_CRYPT_MIN_ROUNDS CRYPT_PREFIX CRYPT_ROUNDS |
122 |
# .RE |
123 |
# .PP |
124 |
# groupadd |
125 |
#-- |
126 |
1.6.5.3 |
127 |
|