diff options
Diffstat (limited to 'loginutils')
| -rw-r--r-- | loginutils/Config.in | 14 | ||||
| -rw-r--r-- | loginutils/cryptpw.c | 28 |
2 files changed, 34 insertions, 8 deletions
diff --git a/loginutils/Config.in b/loginutils/Config.in index bb1369cdd..5f66e8685 100644 --- a/loginutils/Config.in +++ b/loginutils/Config.in @@ -58,7 +58,7 @@ config USE_BB_SHADOW password servers and whatnot. config USE_BB_CRYPT - bool "Use internal DES and MD5 crypt functions" + bool "Use internal crypt functions" default y help Busybox has internal DES and MD5 crypt functions. @@ -79,6 +79,18 @@ config USE_BB_CRYPT In static build, it makes code _smaller_ by about 1.2k, and likely many kilobytes less of bss. +config USE_BB_CRYPT_SHA + bool "Enable SHA256/512 crypt functions" + default n + depends on USE_BB_CRYPT + help + Enable this if you have passwords starting with "$5$" or "$6$" + in your /etc/passwd or /etc/shadow files. These passwords + are hashed using SHA256 and SHA512 algorithms. Support for them + was added to glibc in 2008. + With this option off, login will fail password check for any + user which has password encrypted with these algorithms. + config ADDGROUP bool "addgroup" default n diff --git a/loginutils/cryptpw.c b/loginutils/cryptpw.c index db5d95920..d76deac20 100644 --- a/loginutils/cryptpw.c +++ b/loginutils/cryptpw.c @@ -34,22 +34,36 @@ done int cryptpw_main(int argc, char **argv) MAIN_EXTERNALLY_VISIBLE; int cryptpw_main(int argc UNUSED_PARAM, char **argv) { - char salt[sizeof("$N$XXXXXXXX")]; + char salt[sizeof("$N$") + 16]; char *opt_a; + int opts; - if (!getopt32(argv, "a:", &opt_a) || opt_a[0] != 'd') { + opts = getopt32(argv, "a:", &opt_a); + + if (opts && opt_a[0] == 'd') { + crypt_make_salt(salt, 2/2, 0); /* des */ +#if TESTING + strcpy(salt, "a."); +#endif + } else { salt[0] = '$'; salt[1] = '1'; salt[2] = '$'; - crypt_make_salt(salt + 3, 4, 0); /* md5 */ +#if !ENABLE_USE_BB_CRYPT || ENABLE_USE_BB_CRYPT_SHA + if (opts && opt_a[0] == 's') { + salt[1] = '5' + (strcmp(opt_a, "sha512") == 0); + crypt_make_salt(salt + 3, 16/2, 0); /* sha */ #if TESTING - strcpy(salt + 3, "ajg./bcf"); + strcpy(salt, "$6$em7yVj./Mv5n1V5X"); #endif - } else { - crypt_make_salt(salt, 1, 0); /* des */ + } else +#endif + { + crypt_make_salt(salt + 3, 8/2, 0); /* md5 */ #if TESTING - strcpy(salt, "a."); + strcpy(salt + 3, "ajg./bcf"); #endif + } } puts(pw_encrypt(argv[optind] ? argv[optind] : xmalloc_fgetline(stdin), salt, 1)); |