diff options
author | Denis Vlasenko <vda.linux@googlemail.com> | 2008-11-10 18:52:35 +0000 |
---|---|---|
committer | Denis Vlasenko <vda.linux@googlemail.com> | 2008-11-10 18:52:35 +0000 |
commit | 2211d5268cc6fc5575f758a9835070fae5ffc405 (patch) | |
tree | 46b23253b2be2c2c5bcdb6909a740e894a93ae07 /loginutils | |
parent | 56dceb9b7722193ef53fb1afb981f1289eecb0b0 (diff) | |
download | busybox-2211d5268cc6fc5575f758a9835070fae5ffc405.tar.gz |
libbb: add optionl support for SHA256/512 encrypted passwords
function old new delta
sha_crypt - 2423 +2423
cryptpw_main 128 183 +55
to64 - 29 +29
pw_encrypt 974 1000 +26
str_rounds - 11 +11
login_main 1532 1541 +9
packed_usage 25215 25200 -15
__md5_to64 29 - -29
------------------------------------------------------------------------------
(add/remove: 3/1 grow/shrink: 3/1 up/down: 2553/-44) Total: 2509 bytes
Diffstat (limited to 'loginutils')
-rw-r--r-- | loginutils/Config.in | 14 | ||||
-rw-r--r-- | loginutils/cryptpw.c | 28 |
2 files changed, 34 insertions, 8 deletions
diff --git a/loginutils/Config.in b/loginutils/Config.in index bb1369cdd..5f66e8685 100644 --- a/loginutils/Config.in +++ b/loginutils/Config.in @@ -58,7 +58,7 @@ config USE_BB_SHADOW password servers and whatnot. config USE_BB_CRYPT - bool "Use internal DES and MD5 crypt functions" + bool "Use internal crypt functions" default y help Busybox has internal DES and MD5 crypt functions. @@ -79,6 +79,18 @@ config USE_BB_CRYPT In static build, it makes code _smaller_ by about 1.2k, and likely many kilobytes less of bss. +config USE_BB_CRYPT_SHA + bool "Enable SHA256/512 crypt functions" + default n + depends on USE_BB_CRYPT + help + Enable this if you have passwords starting with "$5$" or "$6$" + in your /etc/passwd or /etc/shadow files. These passwords + are hashed using SHA256 and SHA512 algorithms. Support for them + was added to glibc in 2008. + With this option off, login will fail password check for any + user which has password encrypted with these algorithms. + config ADDGROUP bool "addgroup" default n diff --git a/loginutils/cryptpw.c b/loginutils/cryptpw.c index db5d95920..d76deac20 100644 --- a/loginutils/cryptpw.c +++ b/loginutils/cryptpw.c @@ -34,22 +34,36 @@ done int cryptpw_main(int argc, char **argv) MAIN_EXTERNALLY_VISIBLE; int cryptpw_main(int argc UNUSED_PARAM, char **argv) { - char salt[sizeof("$N$XXXXXXXX")]; + char salt[sizeof("$N$") + 16]; char *opt_a; + int opts; - if (!getopt32(argv, "a:", &opt_a) || opt_a[0] != 'd') { + opts = getopt32(argv, "a:", &opt_a); + + if (opts && opt_a[0] == 'd') { + crypt_make_salt(salt, 2/2, 0); /* des */ +#if TESTING + strcpy(salt, "a."); +#endif + } else { salt[0] = '$'; salt[1] = '1'; salt[2] = '$'; - crypt_make_salt(salt + 3, 4, 0); /* md5 */ +#if !ENABLE_USE_BB_CRYPT || ENABLE_USE_BB_CRYPT_SHA + if (opts && opt_a[0] == 's') { + salt[1] = '5' + (strcmp(opt_a, "sha512") == 0); + crypt_make_salt(salt + 3, 16/2, 0); /* sha */ #if TESTING - strcpy(salt + 3, "ajg./bcf"); + strcpy(salt, "$6$em7yVj./Mv5n1V5X"); #endif - } else { - crypt_make_salt(salt, 1, 0); /* des */ + } else +#endif + { + crypt_make_salt(salt + 3, 8/2, 0); /* md5 */ #if TESTING - strcpy(salt, "a."); + strcpy(salt + 3, "ajg./bcf"); #endif + } } puts(pw_encrypt(argv[optind] ? argv[optind] : xmalloc_fgetline(stdin), salt, 1)); |