Date: Thu, 16 Oct 2014 21:39:05 +0000 (UTC) From: Dag-Erling Smørgrav <des@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-releng@freebsd.org Subject: svn commit: r273187 - in releng/10.1: lib/libcrypt usr.sbin/pw Message-ID: <201410162139.s9GLd5V3096129@svn.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: des Date: Thu Oct 16 21:39:04 2014 New Revision: 273187 URL: https://svnweb.freebsd.org/changeset/base/273187 Log: MFH (r272830): change the hardcoded default back to DES MFH (r272833): remove last vestige of MD5 password hashes Approved by: re (gjb) Modified: releng/10.1/lib/libcrypt/crypt.c releng/10.1/usr.sbin/pw/pw_user.c Directory Properties: releng/10.1/ (props changed) Modified: releng/10.1/lib/libcrypt/crypt.c ============================================================================== --- releng/10.1/lib/libcrypt/crypt.c Thu Oct 16 21:13:46 2014 (r273186) +++ releng/10.1/lib/libcrypt/crypt.c Thu Oct 16 21:39:04 2014 (r273187) @@ -37,24 +37,26 @@ __FBSDID("$FreeBSD$"); #include "crypt.h" /* - * List of supported crypt(3) formats. The first element in the list will - * be the default. + * List of supported crypt(3) formats. + * + * The default algorithm is the last entry in the list (second-to-last + * array element since the last is a sentinel). The reason for placing + * the default last rather than first is that DES needs to be at the + * bottom for the algorithm guessing logic in crypt(3) to work correctly, + * and it needs to be the default for backward compatibility. */ static const struct crypt_format { const char *const name; char *(*const func)(const char *, const char *); const char *const magic; } crypt_formats[] = { - /* default format */ - { "sha512", crypt_sha512, "$6$" }, - - /* other supported formats */ { "md5", crypt_md5, "$1$" }, #ifdef HAS_BLOWFISH { "blf", crypt_blowfish, "$2" }, #endif { "nth", crypt_nthash, "$3$" }, { "sha256", crypt_sha256, "$5$" }, + { "sha512", crypt_sha512, "$6$" }, #ifdef HAS_DES { "des", crypt_des, "_" }, #endif @@ -63,7 +65,8 @@ static const struct crypt_format { { NULL, NULL, NULL } }; -static const struct crypt_format *crypt_format = &crypt_formats[0]; +static const struct crypt_format *crypt_format = + &crypt_formats[(sizeof crypt_formats / sizeof *crypt_formats) - 2]; #define DES_SALT_ALPHABET \ "./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz" Modified: releng/10.1/usr.sbin/pw/pw_user.c ============================================================================== --- releng/10.1/usr.sbin/pw/pw_user.c Thu Oct 16 21:13:46 2014 (r273186) +++ releng/10.1/usr.sbin/pw/pw_user.c Thu Oct 16 21:39:04 2014 (r273187) @@ -615,7 +615,7 @@ pw_user(struct userconf * cnf, int mode, pwd->pw_dir = pw_homepolicy(cnf, args, pwd->pw_name); pwd->pw_shell = pw_shellpolicy(cnf, args, NULL); lc = login_getpwclass(pwd); - if (lc == NULL || login_setcryptfmt(lc, "md5", NULL) == NULL) + if (lc == NULL || login_setcryptfmt(lc, "sha512", NULL) == NULL) warn("setting crypt(3) format"); login_close(lc); pwd->pw_passwd = pw_password(cnf, args, pwd->pw_name); @@ -690,7 +690,7 @@ pw_user(struct userconf * cnf, int mode, } else { lc = login_getpwclass(pwd); if (lc == NULL || - login_setcryptfmt(lc, "md5", NULL) == NULL) + login_setcryptfmt(lc, "sha512", NULL) == NULL) warn("setting crypt(3) format"); login_close(lc); pwd->pw_passwd = pw_pwcrypt(line);
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201410162139.s9GLd5V3096129>