diff --git a/lib/getdef.c b/lib/getdef.c index 25c0733..a9b6c42 100644 --- a/lib/getdef.c +++ b/lib/getdef.c @@ -95,6 +95,8 @@ static struct itemdef def_table[] = { {"UMASK", NULL}, {"USERDEL_CMD", NULL}, {"USERGROUPS_ENAB", NULL}, + {"CRYPT_PREFIX", NULL}, + {"CRYPT_ROUNDS", NULL}, #ifndef USE_PAM {"CHFN_AUTH", NULL}, {"CHSH_AUTH", NULL}, diff --git a/libmisc/salt.c b/libmisc/salt.c index 6058f85..e6d03ff 100644 --- a/libmisc/salt.c +++ b/libmisc/salt.c @@ -1,6 +1,78 @@ /* * salt.c - generate a random salt string for crypt() * + */ + +#define _OW_SOURCE +#include <stdio.h> +#include <string.h> +#include <fcntl.h> +#include <stdlib.h> +#include <unistd.h> +#include <errno.h> +#include <crypt.h> +#include "config.h" +#include "defines.h" +#include "getdef.h" +#define RANDOM_DEVICE "/dev/urandom" + +static int read_loop(int fd, char *buffer, int count) +{ + int offset, block; + + offset = 0; + while (count > 0) { + block = read(fd, &buffer[offset], count); + + if (block < 0) { + if (errno == EINTR) continue; + return block; + } + if (!block) return offset; + + offset += block; + count -= block; + } + + return offset; +} + +char * +crypt_make_salt(void) +{ + int fd; + char entropy[16]; + char *retval; + + fd = open(RANDOM_DEVICE, O_RDONLY); + if (fd < 0) { + perror("open: " RANDOM_DEVICE); + exit(1); + } + + if (read_loop(fd, entropy, sizeof(entropy)) != sizeof(entropy)) { + close(fd); + fprintf(stderr, "Unable to obtain entropy from %s\n", + RANDOM_DEVICE); + exit(1); + } + + close(fd); + + retval = crypt_gensalt(getdef_str("CRYPT_PREFIX") ?: "", + getdef_num("CRYPT_ROUNDS", 0), entropy, sizeof(entropy)); + memset(entropy, 0, sizeof(entropy)); + if (!retval) { + fprintf(stderr, "Unable to generate a salt, " + "check your CRYPT_PREFIX and CRYPT_ROUNDS settings.\n"); + exit(1); + } + + return retval; +} + +#if 0 +/* * Written by Marek Michalkiewicz <marekm@i17linuxb.ists.pwr.wroc.pl>, * it is in the public domain. * @@ -255,3 +327,4 @@ static /*@observer@*/const char *gensalt (size_t salt_size) return result; } +#endif diff --git a/man/login.defs.5 b/man/login.defs.5 index 8d2b852..38aa78a 100644 --- a/man/login.defs.5 +++ b/man/login.defs.5 @@ -244,6 +244,9 @@ will execute this shell instead of the users\' shell specified in If defined, login failures will be logged in this file in a utmp format\&. .RE .PP +CRYPT_PREFIX (string), CRYPT_ROUNDS (number) +The password hashing method and iteration count to use for group passwords that may be set with \fBgpasswd\fR(1). Please refer to \fBcrypt\fR(3) for information on supported password hashing methods. +.PP \fBGID_MAX\fR (number), \fBGID_MIN\fR (number) .RS 4 Range of group IDs used for the creation of regular groups by @@ -662,7 +665,7 @@ CHSH_AUTH LOGIN_STRING gpasswd .RS 4 ENCRYPT_METHOD MAX_MEMBERS_PER_GROUP MD5_CRYPT_ENAB -SHA_CRYPT_MAX_ROUNDS SHA_CRYPT_MIN_ROUNDS +SHA_CRYPT_MAX_ROUNDS SHA_CRYPT_MIN_ROUNDS CRYPT_PREFIX CRYPT_ROUNDS .RE .PP groupadd -- 1.6.5.3