summaryrefslogtreecommitdiff
path: root/loginutils
diff options
context:
space:
mode:
authorDenis Vlasenko2008-11-10 18:52:35 +0000
committerDenis Vlasenko2008-11-10 18:52:35 +0000
commit2211d5268cc6fc5575f758a9835070fae5ffc405 (patch)
tree46b23253b2be2c2c5bcdb6909a740e894a93ae07 /loginutils
parent56dceb9b7722193ef53fb1afb981f1289eecb0b0 (diff)
downloadbusybox-2211d5268cc6fc5575f758a9835070fae5ffc405.zip
busybox-2211d5268cc6fc5575f758a9835070fae5ffc405.tar.gz
libbb: add optionl support for SHA256/512 encrypted passwords
function old new delta sha_crypt - 2423 +2423 cryptpw_main 128 183 +55 to64 - 29 +29 pw_encrypt 974 1000 +26 str_rounds - 11 +11 login_main 1532 1541 +9 packed_usage 25215 25200 -15 __md5_to64 29 - -29 ------------------------------------------------------------------------------ (add/remove: 3/1 grow/shrink: 3/1 up/down: 2553/-44) Total: 2509 bytes
Diffstat (limited to 'loginutils')
-rw-r--r--loginutils/Config.in14
-rw-r--r--loginutils/cryptpw.c28
2 files changed, 34 insertions, 8 deletions
diff --git a/loginutils/Config.in b/loginutils/Config.in
index bb1369c..5f66e86 100644
--- a/loginutils/Config.in
+++ b/loginutils/Config.in
@@ -58,7 +58,7 @@ config USE_BB_SHADOW
password servers and whatnot.
config USE_BB_CRYPT
- bool "Use internal DES and MD5 crypt functions"
+ bool "Use internal crypt functions"
default y
help
Busybox has internal DES and MD5 crypt functions.
@@ -79,6 +79,18 @@ config USE_BB_CRYPT
In static build, it makes code _smaller_ by about 1.2k,
and likely many kilobytes less of bss.
+config USE_BB_CRYPT_SHA
+ bool "Enable SHA256/512 crypt functions"
+ default n
+ depends on USE_BB_CRYPT
+ help
+ Enable this if you have passwords starting with "$5$" or "$6$"
+ in your /etc/passwd or /etc/shadow files. These passwords
+ are hashed using SHA256 and SHA512 algorithms. Support for them
+ was added to glibc in 2008.
+ With this option off, login will fail password check for any
+ user which has password encrypted with these algorithms.
+
config ADDGROUP
bool "addgroup"
default n
diff --git a/loginutils/cryptpw.c b/loginutils/cryptpw.c
index db5d959..d76deac 100644
--- a/loginutils/cryptpw.c
+++ b/loginutils/cryptpw.c
@@ -34,22 +34,36 @@ done
int cryptpw_main(int argc, char **argv) MAIN_EXTERNALLY_VISIBLE;
int cryptpw_main(int argc UNUSED_PARAM, char **argv)
{
- char salt[sizeof("$N$XXXXXXXX")];
+ char salt[sizeof("$N$") + 16];
char *opt_a;
+ int opts;
- if (!getopt32(argv, "a:", &opt_a) || opt_a[0] != 'd') {
+ opts = getopt32(argv, "a:", &opt_a);
+
+ if (opts && opt_a[0] == 'd') {
+ crypt_make_salt(salt, 2/2, 0); /* des */
+#if TESTING
+ strcpy(salt, "a.");
+#endif
+ } else {
salt[0] = '$';
salt[1] = '1';
salt[2] = '$';
- crypt_make_salt(salt + 3, 4, 0); /* md5 */
+#if !ENABLE_USE_BB_CRYPT || ENABLE_USE_BB_CRYPT_SHA
+ if (opts && opt_a[0] == 's') {
+ salt[1] = '5' + (strcmp(opt_a, "sha512") == 0);
+ crypt_make_salt(salt + 3, 16/2, 0); /* sha */
#if TESTING
- strcpy(salt + 3, "ajg./bcf");
+ strcpy(salt, "$6$em7yVj./Mv5n1V5X");
#endif
- } else {
- crypt_make_salt(salt, 1, 0); /* des */
+ } else
+#endif
+ {
+ crypt_make_salt(salt + 3, 8/2, 0); /* md5 */
#if TESTING
- strcpy(salt, "a.");
+ strcpy(salt + 3, "ajg./bcf");
#endif
+ }
}
puts(pw_encrypt(argv[optind] ? argv[optind] : xmalloc_fgetline(stdin), salt, 1));