- add new applet mkpasswd(1)

function                                             old     new   delta
bb_ask                                                 -     355    +355
mkpasswd_main                                          -     296    +296
.rodata                                           121746  121847    +101
packed_usage                                       24632   24689     +57
static.methods                                         -      21     +21
gmatch                                               229     248     +19
bb_ask_stdin                                           -      11     +11
applet_names                                        1949    1958      +9
applet_main                                         1172    1176      +4
sulogin_main                                         503     505      +2
applet_nameofs                                       586     588      +2
sha256_hash                                          329     327      -2
correct_password                                     208     206      -2
parse_command                                       1442    1439      -3
get_cred_or_die                                      145     141      -4
passwd_main                                         1054    1044     -10
bb_askpass                                           348       -    -348
------------------------------------------------------------------------------
(add/remove: 4/1 grow/shrink: 7/5 up/down: 877/-369)          Total: 508 bytes

5 files changed, 86 insertions, 7 deletions

diff --git a/loginutils/Config.in b/loginutils/Config.in
index 5f66e8685..6efca7edf 100644
--- a/loginutils/Config.in
+++ b/loginutils/Config.in
@@ -252,6 +252,13 @@ config CHPASSWD
 	  standard input and uses this information to update a group of
 	  existing users.
 
+config MKPASSWD
+	bool "mkpasswd"
+	default n
+	help
+	  mkpasswd encrypts the given password with the crypt(3) libc function
+	  using the given salt.
+
 config SU
 	bool "su"
 	default n
diff --git a/loginutils/Kbuild b/loginutils/Kbuild
index 3d0d777e8..616d97721 100644
--- a/loginutils/Kbuild
+++ b/loginutils/Kbuild
@@ -11,6 +11,7 @@ lib-$(CONFIG_CRYPTPW)	+= cryptpw.o
 lib-$(CONFIG_CHPASSWD)	+= chpasswd.o
 lib-$(CONFIG_GETTY)	+= getty.o
 lib-$(CONFIG_LOGIN)	+= login.o
+lib-$(CONFIG_MKPASSWD)	+= mkpasswd.o
 lib-$(CONFIG_PASSWD)	+= passwd.o
 lib-$(CONFIG_SU)	+= su.o
 lib-$(CONFIG_SULOGIN)	+= sulogin.o
diff --git a/loginutils/mkpasswd.c b/loginutils/mkpasswd.c
new file mode 100644
index 000000000..442738e03
--- /dev/null
+++ b/loginutils/mkpasswd.c
@@ -0,0 +1,71 @@
+/* vi: set sw=4 ts=4 sts=4: */
+/*
+ * mkpasswd - Overfeatured front end to crypt(3)
+ * Copyright (c) 2008 Bernhard Reutner-Fischer
+ *
+ * Licensed under GPLv2 or later, see file LICENSE in this tarball for details.
+ */
+
+#include "libbb.h"
+
+int mkpasswd_main(int argc, char **argv) MAIN_EXTERNALLY_VISIBLE;
+int mkpasswd_main(int argc UNUSED_PARAM, char **argv)
+{
+	char *chp = NULL, *method = NULL, *salt = NULL;
+	char *encrypted;
+	int fd = STDIN_FILENO;
+	enum {
+		OPT_P = (1 << 0),
+		OPT_s = (1 << 1),
+		OPT_m = (1 << 2),
+		OPT_S = (1 << 3)
+	};
+	static const char methods[] ALIGN1 =
+		/*"des\0"*/"md5\0""sha-256\0""sha-512\0";
+	enum { TYPE_des, TYPE_md5, TYPE_sha256, TYPE_sha512 };
+	unsigned algo = TYPE_des, algobits = 1;
+#if ENABLE_GETOPT_LONG
+	static const char mkpasswd_longopts[] ALIGN1 =
+		"password-fd\0"	Required_argument "P"
+		"stdin\0"		No_argument "s"
+		"method\0"		Required_argument "m"
+		"salt\0"		Required_argument "S"
+	;
+	applet_long_options = mkpasswd_longopts;
+#endif
+	opt_complementary = "?1"; /* at most one non-option argument */
+	getopt32(argv, "P:sm:S:", &chp, &method, &salt);
+	argv += optind;
+	if (option_mask32 & OPT_P)
+		fd = xatoi_u(chp);
+	if (option_mask32 & OPT_m)
+		algo = index_in_strings(methods, method) + 1;
+	if (*argv) /* we have a cleartext passwd */
+		chp = *argv;
+	else
+		chp = bb_ask(fd, 0, "Password: ");
+	if (!salt)
+		salt = xmalloc(128);
+
+	if (algo) {
+		char foo[2];
+		foo[0] = foo[2] = '$';
+		algobits = 4;
+		/* MD5 == "$1$", SHA-256 == "$5$", SHA-512 == "$6$" */
+		if (algo > 1) {
+			algo += 3;
+			algobits = 8;
+		}
+		foo[1] = '0' + (algo);
+		strcpy(salt, foo);
+	}
+	/* The opt_complementary adds a bit of additional noise, which is good
+	   but not strictly needed.  */
+	crypt_make_salt(salt + ((!!algo) * 3), algobits, (int)&opt_complementary);
+	encrypted = pw_encrypt(chp, salt, 1);
+	puts(encrypted);
+	if (ENABLE_FEATURE_CLEAN_UP) {
+		free(encrypted);
+	}
+	return EXIT_SUCCESS;
+}
diff --git a/loginutils/passwd.c b/loginutils/passwd.c
index b156ab5af..e3e74bae7 100644
--- a/loginutils/passwd.c
+++ b/loginutils/passwd.c
@@ -22,7 +22,7 @@ static char* new_password(const struct passwd *pw, uid_t myuid, int algo)
 	if (myuid && pw->pw_passwd[0]) {
 		char *encrypted;
 
-		orig = bb_askpass(0, "Old password:"); /* returns ptr to static */
+		orig = bb_ask_stdin("Old password:"); /* returns ptr to static */
 		if (!orig)
 			goto err_ret;
 		encrypted = pw_encrypt(orig, pw->pw_passwd, 1); /* returns malloced str */
@@ -35,16 +35,16 @@ static char* new_password(const struct passwd *pw, uid_t myuid, int algo)
 		}
 		if (ENABLE_FEATURE_CLEAN_UP) free(encrypted);
 	}
-	orig = xstrdup(orig); /* or else bb_askpass() will destroy it */
-	newp = bb_askpass(0, "New password:"); /* returns ptr to static */
+	orig = xstrdup(orig); /* or else bb_ask_stdin() will destroy it */
+	newp = bb_ask_stdin("New password:"); /* returns ptr to static */
 	if (!newp)
 		goto err_ret;
-	newp = xstrdup(newp); /* we are going to bb_askpass() again, so save it */
+	newp = xstrdup(newp); /* we are going to bb_ask_stdin() again, so save it */
 	if (ENABLE_FEATURE_PASSWD_WEAK_CHECK
 	 && obscure(orig, newp, pw) && myuid)
 		goto err_ret; /* non-root is not allowed to have weak passwd */
 
-	cp = bb_askpass(0, "Retype password:");
+	cp = bb_ask_stdin("Retype password:");
 	if (!cp)
 		goto err_ret;
 	if (strcmp(cp, newp)) {
diff --git a/loginutils/sulogin.c b/loginutils/sulogin.c
index 892c43484..4ffefe933 100644
--- a/loginutils/sulogin.c
+++ b/loginutils/sulogin.c
@@ -51,7 +51,7 @@ int sulogin_main(int argc UNUSED_PARAM, char **argv)
 	/* Clear dangerous stuff, set PATH */
 	sanitize_env_if_suid();
 
-// bb_askpass() already handles this
+// bb_ask() already handles this
 //	signal(SIGALRM, catchalarm);
 
 	pwd = getpwuid(0);
@@ -77,7 +77,7 @@ int sulogin_main(int argc UNUSED_PARAM, char **argv)
 		int r;
 
 		/* cp points to a static buffer that is zeroed every time */
-		cp = bb_askpass(timeout,
+		cp = bb_ask(STDIN_FILENO, timeout,
 				"Give root password for system maintenance\n"
 				"(or type Control-D for normal startup):");