author: Mark Murray <markm@FreeBSD.org> 2001-05-24 12:20:03 +0000
committer: Mark Murray <markm@FreeBSD.org> 2001-05-24 12:20:03 +0000
commit: 16063c03bdb0a0c190841aadae10a6b874f44a42 (patch)
tree: 4c5412b4bb64ae29043348c29a946b76b38e5412
parent: 9c1b63adf15f954509037cf43c37693d49ab8ac6 (diff)
6 files changed, 90 insertions, 65 deletions
diff --git a/lib/libcrypt/Makefile b/lib/libcrypt/Makefile
index dc373993ade9..1e9b91a79edc 100644
--- a/lib/libcrypt/Makefile
+++ b/lib/libcrypt/Makefile
@@ -16,13 +16,20 @@ SONAME=		${LCRYPTSO}
 .endif
 
 .PATH:		${.CURDIR}/../libmd
-SRCS=		crypt.c crypt-md5.c misc.c
+SRCS=		crypt.c crypt-md5.c md5c.c misc.c
 STATICSRCS=	md5c.c
 STATICOBJS=	${STATICSRCS:S/.c/.o/g}
 MAN=		crypt.3
 MLINKS=		crypt.3 crypt_get_format.3 crypt.3 crypt_set_format.3
 CFLAGS+=	-I${.CURDIR}/../libmd
 CFLAGS+=	-DLIBC_SCCS -Wall
+# And the auth_getval() code and support.
+.PATH:		${.CURDIR}/../libutil
+SRCS+=		auth.c property.c
+.for sym in MD5Init MD5Final MD5Update MD5Pad auth_getval \
+		property_find properties_read properties_free
+CFLAGS+=	-D${sym}=__${sym}
+.endfor
 PRECIOUSLIB=	yes
 
 # Include this early to pick up the definitions of SHLIB_MAJOR and
diff --git a/lib/libcrypt/crypt-md5.c b/lib/libcrypt/crypt-md5.c
index c112bd8436e7..6b639ccde50c 100644
--- a/lib/libcrypt/crypt-md5.c
+++ b/lib/libcrypt/crypt-md5.c
@@ -22,18 +22,6 @@ static const char rcsid[] = \
 #include <err.h>
 #include "crypt.h"
 
-#ifdef __PIC__
-#include <dlfcn.h>
-
-#define	MD5Init(ctx)			dl_MD5Init(ctx)
-#define	MD5Update(ctx, data, len)	dl_MD5Update(ctx, data, len)
-#define	MD5Final(dgst, ctx)		dl_MD5Final(dgst, ctx)
-
-static void (*dl_MD5Init)(MD5_CTX *);
-static void (*dl_MD5Update)(MD5_CTX *, const unsigned char *, unsigned int);
-static void (*dl_MD5Final)(unsigned char digest[16], MD5_CTX *);
-#endif
-
 /*
  * UNIX password
  */
@@ -55,9 +43,6 @@ crypt_md5(pw, salt)
 	int sl,pl,i;
 	MD5_CTX	ctx,ctx1;
 	unsigned long l;
-#ifdef __PIC__
-	void *libmd;
-#endif
 
 	/* Refine the Salt first */
 	sp = salt;
@@ -73,31 +58,6 @@ crypt_md5(pw, salt)
 	/* get the length of the true salt */
 	sl = ep - sp;
 
-#ifdef __PIC__
-	libmd = dlopen("libmd.so", RTLD_NOW);
-	if (libmd == NULL) {
-		warnx("libcrypt-md5: dlopen(libmd.so): %s\n", dlerror());
-		return NULL;
-	}
-	dl_MD5Init = dlsym(libmd, "MD5Init");
-	if (dl_MD5Init == NULL) {
-		warnx("libcrypt-md5: looking for MD5Init: %s\n", dlerror());
-		dlclose(libmd);
-		return NULL;
-	}
-	dl_MD5Update = dlsym(libmd, "MD5Update");
-	if (dl_MD5Update == NULL) {
-		warnx("libcrypt-md5: looking for MD5Update: %s\n", dlerror());
-		dlclose(libmd);
-		return NULL;
-	}
-	dl_MD5Final = dlsym(libmd, "MD5Final");
-	if (dl_MD5Final == NULL) {
-		warnx("libcrypt-md5: looking for MD5Final: %s\n", dlerror());
-		dlclose(libmd);
-		return NULL;
-	}
-#endif
 	MD5Init(&ctx);
 
 	/* The password first, since that is what is most unknown */
@@ -160,9 +120,6 @@ crypt_md5(pw, salt)
 		MD5Final(final,&ctx1);
 	}
 
-#ifdef __PIC__
-	dlclose(libmd);
-#endif
 	p = passwd + strlen(passwd);
 
 	l = (final[ 0]<<16) | (final[ 6]<<8) | final[12];
diff --git a/lib/libcrypt/crypt.3 b/lib/libcrypt/crypt.3
index dc2d861ce2ad..bb292f003174 100644
--- a/lib/libcrypt/crypt.3
+++ b/lib/libcrypt/crypt.3
@@ -60,11 +60,15 @@ in the hash.
 .\"
 Currently these include the
 .Tn NBS
-.Tn Data Encryption Standard (DES) , and
-.Tn MD5 .
+.Tn Data Encryption Standard (DES) ,
+.Tn MD5
+and
+.Tn Blowfish .
 The algorithm used will depend upon the format of the Salt (following
 the Modular Crypt Format (MCF)), if
 .Tn DES
+and/or
+.Tn Blowfish
 is installed or not, and whether
 .Fn crypt_set_format
 has been called to change the default.
@@ -172,6 +176,8 @@ Currently supported algorithms are:
 .Bl -enum -compact -offset indent
 .It
 MD5
+.It
+Blowfish
 .El
 .Pp
 Other crypt formats may be easilly added.  An example salt would be:
@@ -183,18 +189,17 @@ Other crypt formats may be easilly added.  An example salt would be:
 .Pp
 The algorithm used will depend upon whether
 .Fn crypt_set_format
-has been called and whether
-.Tn DES
-is installed or not.  If
-.Tn DES
-is installed and
+has been called and whether a global default format has been specified.
+Unless a global default has been specified or
 .Fn crypt_set_format
-has not set the format to something else, it will be used.
-Otherwise, the best algorithm is used, which is currently
+has set the format to something else, the built-in default format is
+used.
+This is currently
 .\"
 .\" NOTICE: Also make sure to update this
 .\"
-MD5.
+DES
+if it is available, or MD5 if not.
 .Pp
 How the salt is used will depend upon the algorithm for the hash.  For
 best results, specify at least two characters of salt.
@@ -207,7 +212,8 @@ Valid values are
 .\"
 .\" NOTICE: Also make sure to update this, too, as well
 .\"
-.Ql des
+.Ql des ,
+.Ql blf
 and
 .Ql md5 .
 .Pp
@@ -215,6 +221,12 @@ The
 .Fn crypt_set_format
 function sets the default encoding format according to the supplied
 .Fa string .
+.Pp
+The global default format can be set using the
+.Pa /etc/auth.conf
+file using the
+.Ql crypt_format
+property.
 .Sh RETURN VALUES
 .Pp
 .Fn crypt
@@ -229,8 +241,10 @@ Otherwise, a value of 0 is returned.
 .Sh SEE ALSO
 .Xr login 1 ,
 .Xr passwd 1 ,
+.Xr auth_getval 3 ,
 .Xr cipher 3 ,
 .Xr getpass 3 ,
+.Xr auth.conf 5 ,
 .Xr passwd 5 ,
 .Sh BUGS
 The
@@ -265,6 +279,8 @@ Originally written by
 later additions and changes by
 .An Poul-Henning Kamp ,
 .An Mark R V Murray ,
-.An Kris Kennaway
+.An Kris Kennaway ,
+.An Brian Feldman ,
+.An Paul Herman
 and
-.An Brian Feldman .
+.An Niels Provos .
diff --git a/lib/libcrypt/crypt.c b/lib/libcrypt/crypt.c
index abb1ef379c18..0d4c88114ca0 100644
--- a/lib/libcrypt/crypt.c
+++ b/lib/libcrypt/crypt.c
@@ -28,10 +28,13 @@
  */
 
 #if defined(LIBC_SCCS) && !defined(lint)
-static char rcsid[] = "$FreeBSD$";
+static const char rcsid[] =
+"$FreeBSD$";
 #endif /* LIBC_SCCS and not lint */
 
+#include <sys/types.h>
 #include <string.h>
+#include <libutil.h>
 #include "crypt.h"
 
 static const struct {
@@ -39,7 +42,7 @@ static const struct {
 	char *(*const func)(const char *, const char *);
 	const char *const magic;
 } crypt_types[] = {
-#ifdef NONEXPORTABLE_CRYPT
+#ifdef HAS_DES
 	{
 		"des",
 		crypt_des,
@@ -51,24 +54,57 @@ static const struct {
 		crypt_md5,
 		"$1$"
 	},
+#ifdef HAS_BLOWFISH
+	{
+		"blf",
+		crypt_blowfish,
+		"$2"
+	},
+#endif
 	{
 		NULL,
 		NULL
 	}
 };
 
-static int crypt_type = 0;
+static int crypt_type = -1;
+
+static void
+crypt_setdefault(void)
+{
+	char *def;
+	int i;
+
+	if (crypt_type != -1)
+		return;
+	def = auth_getval("crypt_default");
+	if (def == NULL) {
+		crypt_type = 0;
+		return;
+	}
+	for (i = 0; i < sizeof(crypt_types) / sizeof(crypt_types[0]) - 1; i++) {
+		if (strcmp(def, crypt_types[i].name) == 0) {
+			crypt_type = i;
+			return;
+		}
+	}
+	crypt_type = 0;
+}
 
 const char *
-crypt_get_format(void) {
+crypt_get_format(void)
+{
 
+	crypt_setdefault();
 	return (crypt_types[crypt_type].name);
 }
 
 int
-crypt_set_format(char *type) {
+crypt_set_format(char *type)
+{
 	int i;
 
+	crypt_setdefault();
 	for (i = 0; i < sizeof(crypt_types) / sizeof(crypt_types[0]) - 1; i++) {
 		if (strcmp(type, crypt_types[i].name) == 0) {
 			crypt_type = i;
@@ -83,6 +119,7 @@ crypt(char *passwd, char *salt)
 {
 	int i;
 
+	crypt_setdefault();
 	for (i = 0; i < sizeof(crypt_types) / sizeof(crypt_types[0]) - 1; i++) {
 		if (crypt_types[i].magic != NULL && strncmp(salt,
 		    crypt_types[i].magic, strlen(crypt_types[i].magic)) == 0)
diff --git a/lib/libcrypt/crypt.h b/lib/libcrypt/crypt.h
index 3544f896563d..b62bd8ed5b52 100644
--- a/lib/libcrypt/crypt.h
+++ b/lib/libcrypt/crypt.h
@@ -32,6 +32,7 @@
 
 char *crypt_des(const char *pw, const char *salt);
 char *crypt_md5(const char *pw, const char *salt);
+char *crypt_blowfish(const char *pw, const char *salt);
 
 extern void _crypt_to64(char *s, unsigned long v, int n);
 
diff --git a/secure/lib/libcrypt/Makefile b/secure/lib/libcrypt/Makefile
index b46df113346b..f0db4882f3a6 100644
--- a/secure/lib/libcrypt/Makefile
+++ b/secure/lib/libcrypt/Makefile
@@ -16,16 +16,23 @@ SONAME=		${LCRYPTSO}
 .endif
 
 .PATH:		${.CURDIR}/../../../lib/libmd ${.CURDIR}/../../../lib/libcrypt
-SRCS=		crypt.c crypt-md5.c misc.c
+SRCS=		crypt.c crypt-md5.c md5c.c misc.c
 STATICSRCS=	md5c.c
 STATICOBJS=	${STATICSRCS:S/.c/.o/g}
-SRCS+=		crypt-des.c
+SRCS+=		crypt-des.c crypt-blowfish.c blowfish.c
 MAN3=		crypt.3
 MLINKS=		crypt.3 crypt_get_format.3 crypt.3 crypt_set_format.3
 CFLAGS+=	-I${.CURDIR}/../../../lib/libmd
 CFLAGS+=	-I${.CURDIR}/../../../lib/libcrypt
-CFLAGS+=	-DNONEXPORTABLE_CRYPT
+CFLAGS+=	-DHAS_BLOWFISH -DHAS_DES
 CFLAGS+=	-DLIBC_SCCS -Wall
+# And the auth_getval() code and support.
+.PATH:		${.CURDIR}/../../../lib/libutil
+SRCS+=		auth.c property.c
+.for sym in MD5Init MD5Final MD5Update MD5Pad auth_getval \
+		property_find properties_read properties_free
+CFLAGS+=	-D${sym}=__${sym}
+.endfor
 PRECIOUSLIB=	yes
 
 # Include this early to pick up the definitions of SHLIB_MAJOR and
author	Mark Murray <markm@FreeBSD.org>	2001-05-24 12:20:03 +0000
committer	Mark Murray <markm@FreeBSD.org>	2001-05-24 12:20:03 +0000
commit	16063c03bdb0a0c190841aadae10a6b874f44a42 (patch)
tree	4c5412b4bb64ae29043348c29a946b76b38e5412
parent	9c1b63adf15f954509037cf43c37693d49ab8ac6 (diff)