summaryrefslogtreecommitdiff
path: root/loginutils
diff options
context:
space:
mode:
Diffstat (limited to 'loginutils')
-rw-r--r--loginutils/Config.in14
-rw-r--r--loginutils/cryptpw.c28
2 files changed, 34 insertions, 8 deletions
diff --git a/loginutils/Config.in b/loginutils/Config.in
index bb1369c..5f66e86 100644
--- a/loginutils/Config.in
+++ b/loginutils/Config.in
@@ -58,7 +58,7 @@ config USE_BB_SHADOW
password servers and whatnot.
config USE_BB_CRYPT
- bool "Use internal DES and MD5 crypt functions"
+ bool "Use internal crypt functions"
default y
help
Busybox has internal DES and MD5 crypt functions.
@@ -79,6 +79,18 @@ config USE_BB_CRYPT
In static build, it makes code _smaller_ by about 1.2k,
and likely many kilobytes less of bss.
+config USE_BB_CRYPT_SHA
+ bool "Enable SHA256/512 crypt functions"
+ default n
+ depends on USE_BB_CRYPT
+ help
+ Enable this if you have passwords starting with "$5$" or "$6$"
+ in your /etc/passwd or /etc/shadow files. These passwords
+ are hashed using SHA256 and SHA512 algorithms. Support for them
+ was added to glibc in 2008.
+ With this option off, login will fail password check for any
+ user which has password encrypted with these algorithms.
+
config ADDGROUP
bool "addgroup"
default n
diff --git a/loginutils/cryptpw.c b/loginutils/cryptpw.c
index db5d959..d76deac 100644
--- a/loginutils/cryptpw.c
+++ b/loginutils/cryptpw.c
@@ -34,22 +34,36 @@ done
int cryptpw_main(int argc, char **argv) MAIN_EXTERNALLY_VISIBLE;
int cryptpw_main(int argc UNUSED_PARAM, char **argv)
{
- char salt[sizeof("$N$XXXXXXXX")];
+ char salt[sizeof("$N$") + 16];
char *opt_a;
+ int opts;
- if (!getopt32(argv, "a:", &opt_a) || opt_a[0] != 'd') {
+ opts = getopt32(argv, "a:", &opt_a);
+
+ if (opts && opt_a[0] == 'd') {
+ crypt_make_salt(salt, 2/2, 0); /* des */
+#if TESTING
+ strcpy(salt, "a.");
+#endif
+ } else {
salt[0] = '$';
salt[1] = '1';
salt[2] = '$';
- crypt_make_salt(salt + 3, 4, 0); /* md5 */
+#if !ENABLE_USE_BB_CRYPT || ENABLE_USE_BB_CRYPT_SHA
+ if (opts && opt_a[0] == 's') {
+ salt[1] = '5' + (strcmp(opt_a, "sha512") == 0);
+ crypt_make_salt(salt + 3, 16/2, 0); /* sha */
#if TESTING
- strcpy(salt + 3, "ajg./bcf");
+ strcpy(salt, "$6$em7yVj./Mv5n1V5X");
#endif
- } else {
- crypt_make_salt(salt, 1, 0); /* des */
+ } else
+#endif
+ {
+ crypt_make_salt(salt + 3, 8/2, 0); /* md5 */
#if TESTING
- strcpy(salt, "a.");
+ strcpy(salt + 3, "ajg./bcf");
#endif
+ }
}
puts(pw_encrypt(argv[optind] ? argv[optind] : xmalloc_fgetline(stdin), salt, 1));