summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--include/libbb.h3
-rw-r--r--libbb/pw_encrypt.c17
-rw-r--r--loginutils/Config.in89
3 files changed, 75 insertions, 34 deletions
diff --git a/include/libbb.h b/include/libbb.h
index 655ca01..e92dbc4 100644
--- a/include/libbb.h
+++ b/include/libbb.h
@@ -1032,6 +1032,9 @@ extern int restricted_shell(const char *shell);
extern void setup_environment(const char *shell, int clear_env, int change_env, const struct passwd *pw);
extern int correct_password(const struct passwd *pw);
/* Returns a malloced string */
+#if !ENABLE_USE_BB_CRYPT
+#define pw_encrypt(clear, salt, cleanup) pw_encrypt(clear, salt)
+#endif
extern char *pw_encrypt(const char *clear, const char *salt, int cleanup);
extern int obscure(const char *old, const char *newval, const struct passwd *pwdp);
/* rnd is additional random input. New one is returned.
diff --git a/libbb/pw_encrypt.c b/libbb/pw_encrypt.c
index 762cbab..c1e927e 100644
--- a/libbb/pw_encrypt.c
+++ b/libbb/pw_encrypt.c
@@ -9,6 +9,8 @@
#include "libbb.h"
+#if ENABLE_USE_BB_CRYPT
+
/*
* DES and MD5 crypt implementations are taken from uclibc.
* They were modified to not use static buffers.
@@ -69,3 +71,18 @@ char *pw_encrypt(const char *clear, const char *salt, int cleanup)
return encrypted;
}
+
+#else /* if !ENABLE_USE_BB_CRYPT */
+
+char *pw_encrypt(const char *clear, const char *salt, int cleanup)
+{
+#if 0 /* was CONFIG_FEATURE_SHA1_PASSWORDS, but there is no such thing??? */
+ if (strncmp(salt, "$2$", 3) == 0) {
+ return xstrdup(sha1_crypt(clear));
+ }
+#endif
+
+ return xstrdup(crypt(clear, salt));
+}
+
+#endif
diff --git a/loginutils/Config.in b/loginutils/Config.in
index c57d997..e39fb6f 100644
--- a/loginutils/Config.in
+++ b/loginutils/Config.in
@@ -13,45 +13,67 @@ config FEATURE_SHADOWPASSWDS
readable by root and thus the encrypted passwords are no longer
publicly readable.
+config USE_BB_PWD_GRP
+ bool "Use internal password and group functions rather than system functions"
+ default n
+ help
+ If you leave this disabled, busybox will use the system's password
+ and group functions. And if you are using the GNU C library
+ (glibc), you will then need to install the /etc/nsswitch.conf
+ configuration file and the required /lib/libnss_* libraries in
+ order for the password and group functions to work. This generally
+ makes your embedded system quite a bit larger.
+
+ Enabling this option will cause busybox to directly access the
+ system's /etc/password, /etc/group files (and your system will be
+ smaller, and I will get fewer emails asking about how glibc NSS
+ works). When this option is enabled, you will not be able to use
+ PAM to access remote LDAP password servers and whatnot. And if you
+ want hostname resolution to work with glibc, you still need the
+ /lib/libnss_* libraries.
+
+ If you need to use glibc's nsswitch.conf mechanism
+ (e.g. if user/group database is NOT stored in /etc/passwd etc),
+ you must NOT use this option.
+
+ If you enable this option, it will add about 1.5k to busybox.
+
config USE_BB_SHADOW
bool "Use busybox shadow password functions"
default y
depends on USE_BB_PWD_GRP && FEATURE_SHADOWPASSWDS
help
- If you leave this disabled, busybox will use the system's shadow
- password handling functions. And if you are using the GNU C library
- (glibc), you will then need to install the /etc/nsswitch.conf
- configuration file and the required /lib/libnss_* libraries in
- order for the shadow password functions to work. This generally
- makes your embedded system quite a bit larger.
-
- Enabling this option will cause busybox to directly access the
- system's /etc/shadow file when handling shadow passwords. This
- makes your system smaller and I will get fewer emails asking about
- how glibc NSS works). When this option is enabled, you will not be
- able to use PAM to access shadow passwords from remote LDAP
- password servers and whatnot.
-
-config USE_BB_PWD_GRP
- bool "Use internal password and group functions rather than system functions"
- default n
+ If you leave this disabled, busybox will use the system's shadow
+ password handling functions. And if you are using the GNU C library
+ (glibc), you will then need to install the /etc/nsswitch.conf
+ configuration file and the required /lib/libnss_* libraries in
+ order for the shadow password functions to work. This generally
+ makes your embedded system quite a bit larger.
+
+ Enabling this option will cause busybox to directly access the
+ system's /etc/shadow file when handling shadow passwords. This
+ makes your system smaller and I will get fewer emails asking about
+ how glibc NSS works). When this option is enabled, you will not be
+ able to use PAM to access shadow passwords from remote LDAP
+ password servers and whatnot.
+
+config USE_BB_CRYPT
+ bool "Use internal DES and MD5 crypt functions rather than system functions"
+ default y
help
- If you leave this disabled, busybox will use the system's password
- and group functions. And if you are using the GNU C library
- (glibc), you will then need to install the /etc/nsswitch.conf
- configuration file and the required /lib/libnss_* libraries in
- order for the password and group functions to work. This generally
- makes your embedded system quite a bit larger.
-
- Enabling this option will cause busybox to directly access the
- system's /etc/password, /etc/group files (and your system will be
- smaller, and I will get fewer emails asking about how glibc NSS
- works). When this option is enabled, you will not be able to use
- PAM to access remote LDAP password servers and whatnot. And if you
- want hostname resolution to work with glibc, you still need the
- /lib/libnss_* libraries.
-
- If you enable this option, it will add about 1.5k to busybox.
+ If you leave this disabled, busybox will use the system's password
+ and group functions. Most C libraries use large (~70k)
+ static buffers in these functions, and also combine them
+ with more general DES encryption/decryption routines.
+ For busybox, having large static buffers is undesirable,
+ especially so on NOMMU machines.
+
+ These functions produce results which are identical
+ to corresponding C library functions.
+
+ If you enable this option, it will add about 4.8k to busybox
+ if you are building dynamically linked executable.
+ In static build, it makes executable _smaller_ by about 1.2k.
config ADDGROUP
bool "addgroup"
@@ -255,4 +277,3 @@ config VLOCK
work properly.
endmenu
-