Skip site navigation (1)Skip section navigation (2)
Date:      Thu, 16 Oct 2014 21:39:05 +0000 (UTC)
From:      Dag-Erling Smørgrav <des@FreeBSD.org>
To:        src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-releng@freebsd.org
Subject:   svn commit: r273187 - in releng/10.1: lib/libcrypt usr.sbin/pw
Message-ID:  <201410162139.s9GLd5V3096129@svn.freebsd.org>

next in thread | raw e-mail | index | archive | help
Author: des
Date: Thu Oct 16 21:39:04 2014
New Revision: 273187
URL: https://svnweb.freebsd.org/changeset/base/273187

Log:
  MFH (r272830): change the hardcoded default back to DES
  MFH (r272833): remove last vestige of MD5 password hashes
  
  Approved by:	re (gjb)

Modified:
  releng/10.1/lib/libcrypt/crypt.c
  releng/10.1/usr.sbin/pw/pw_user.c
Directory Properties:
  releng/10.1/   (props changed)

Modified: releng/10.1/lib/libcrypt/crypt.c
==============================================================================
--- releng/10.1/lib/libcrypt/crypt.c	Thu Oct 16 21:13:46 2014	(r273186)
+++ releng/10.1/lib/libcrypt/crypt.c	Thu Oct 16 21:39:04 2014	(r273187)
@@ -37,24 +37,26 @@ __FBSDID("$FreeBSD$");
 #include "crypt.h"
 
 /*
- * List of supported crypt(3) formats.  The first element in the list will
- * be the default.
+ * List of supported crypt(3) formats.
+ *
+ * The default algorithm is the last entry in the list (second-to-last
+ * array element since the last is a sentinel).  The reason for placing
+ * the default last rather than first is that DES needs to be at the
+ * bottom for the algorithm guessing logic in crypt(3) to work correctly,
+ * and it needs to be the default for backward compatibility.
  */
 static const struct crypt_format {
 	const char *const name;
 	char *(*const func)(const char *, const char *);
 	const char *const magic;
 } crypt_formats[] = {
-	/* default format */
-	{ "sha512",	crypt_sha512,		"$6$"	},
-
-	/* other supported formats */
 	{ "md5",	crypt_md5,		"$1$"	},
 #ifdef HAS_BLOWFISH
 	{ "blf",	crypt_blowfish,		"$2"	},
 #endif
 	{ "nth",	crypt_nthash,		"$3$"	},
 	{ "sha256",	crypt_sha256,		"$5$"	},
+	{ "sha512",	crypt_sha512,		"$6$"	},
 #ifdef HAS_DES
 	{ "des",	crypt_des,		"_"	},
 #endif
@@ -63,7 +65,8 @@ static const struct crypt_format {
 	{ NULL,		NULL,			NULL	}
 };
 
-static const struct crypt_format *crypt_format = &crypt_formats[0];
+static const struct crypt_format *crypt_format =
+    &crypt_formats[(sizeof crypt_formats / sizeof *crypt_formats) - 2];
 
 #define DES_SALT_ALPHABET \
 	"./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz"

Modified: releng/10.1/usr.sbin/pw/pw_user.c
==============================================================================
--- releng/10.1/usr.sbin/pw/pw_user.c	Thu Oct 16 21:13:46 2014	(r273186)
+++ releng/10.1/usr.sbin/pw/pw_user.c	Thu Oct 16 21:39:04 2014	(r273187)
@@ -615,7 +615,7 @@ pw_user(struct userconf * cnf, int mode,
 		pwd->pw_dir = pw_homepolicy(cnf, args, pwd->pw_name);
 		pwd->pw_shell = pw_shellpolicy(cnf, args, NULL);
 		lc = login_getpwclass(pwd);
-		if (lc == NULL || login_setcryptfmt(lc, "md5", NULL) == NULL)
+		if (lc == NULL || login_setcryptfmt(lc, "sha512", NULL) == NULL)
 			warn("setting crypt(3) format");
 		login_close(lc);
 		pwd->pw_passwd = pw_password(cnf, args, pwd->pw_name);
@@ -690,7 +690,7 @@ pw_user(struct userconf * cnf, int mode,
 			} else {
 				lc = login_getpwclass(pwd);
 				if (lc == NULL ||
-				    login_setcryptfmt(lc, "md5", NULL) == NULL)
+				    login_setcryptfmt(lc, "sha512", NULL) == NULL)
 					warn("setting crypt(3) format");
 				login_close(lc);
 				pwd->pw_passwd = pw_pwcrypt(line);



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201410162139.s9GLd5V3096129>