Date: Mon, 11 Mar 1996 19:47:37 +0200 From: Dmitry Kohmanyuk <dk@snark.ukma.kiev.ua> To: sia@jriver.com, sia@nest.org Cc: bag@ua.net, freebsd-hackers@freebsd.org, stesin@elvisti.kiev.ua Subject: libcrypt patch to allow mixed DES/MD5 passwords Message-ID: <199603111747.TAA17678@snark.ukma.kiev.ua>
next in thread | raw e-mail | index | archive | help
Hi hackers,
Following are 2 patches for descrypt which make it fallback to
md5 crypt if the salt begins with a '$'.
the patches are against 2.1-RELEASE lib and secure distributions;
they are relative to $src/lib/libcrypt and $src/secure/lib/libcrypt
sorry for broken $Id$s; you can always fix the patch by hand.
you need to remove old /usr/lib/libcrypt* symlinks and do a `make install'
in secure/lib/libcrypt
you need to rebuild init (in secure) afterwards or otherwise you wouldn't be able
to login to secure console in single-user if you change the password
to DES-encrypted.
I have noticed that xdm stopped working; I hope to fix that soon.
I am running these patches since February 24th on our 7-machine LAN
(FreeBSD as NIS server, Solaris and Linux as NIS clients, diskless
FreeBSD 4Mb boxes as X terminals) with no problems apart from xdm
I've mentioned.
You can't use MD5 passwords on other systems until you patch theirs
libc, obvious. And even after that you can't fix all the static buffers.
All new passwords would be DES-encrypted unless you change passwd(1)
or yppasswd(1) (same on FreeBSD, other program on other systems)
to make '$1$text' to be your salt.
It was just very helpful to merge 2 password databases without causing
half of users to change their passwords.
please feedback to me directly since I don't read -hackers after
my home disk crash.
cheers,
Dmitry.
lib-libcrypt.diff
secure-libcrypt.diff
diff -ru lib/libcrypt/crypt.c ./crypt.c
--- lib/libcrypt/crypt.c Tue May 30 08:42:22 1995
+++ ./crypt.c Mon Mar 11 18:04:50 1996
@@ -40,7 +40,11 @@
*/
char *
+#ifdef SCRYPT
+scrypt(pw, salt)
+#else
crypt(pw, salt)
+#endif
register const char *pw;
register const char *salt;
{
diff -ru secure/lib/libcrypt/Makefile ./Makefile
--- secure/lib/libcrypt/Makefile Sat Aug 27 02:31:11 1994
+++ ./Makefile Mon Mar 11 18:25:39 1996
@@ -1,5 +1,5 @@
#
-# $Id: Makefile,v 1.7 1994/08/26 23:31:11 wollman Exp $
+# $Id: Makefile,v 1.1 1996/02/24 15:54:31 dk Exp dk $
#
LCRYPTBASE= libcrypt
@@ -9,8 +9,10 @@
LDCRYPTBASE= libdescrypt
LDCRYPTSO= $(LDCRYPTBASE).so.$(SHLIB_MAJOR).$(SHLIB_MINOR)
+.PATH: ${.CURDIR}/../../../lib/libmd
LIB= descrypt
-SRCS= crypt.c
+SRCS= crypt.c scrypt.c md5c.c
+CFLAGS+= -I${.CURDIR}/../../../libmd -DSCRYPT
PRECIOUSLIB= yes
#MAN3= crypt.3
@@ -22,6 +24,9 @@
test:
cd test ; make test ; make clean
+
+scrypt.c:
+ ln -s ${.CURDIR}/../../../lib/libcrypt/crypt.c scrypt.c
.include <bsd.lib.mk>
diff -ru secure/lib/libcrypt/crypt.c ./crypt.c
--- secure/lib/libcrypt/crypt.c Tue May 30 09:11:46 1995
+++ ./crypt.c Sat Feb 24 18:11:53 1996
@@ -32,7 +32,7 @@
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
- * $Id: crypt.c,v 1.6 1995/05/30 06:11:46 rgrimes Exp $
+ * $Id: crypt.c,v 1.1 1996/02/24 16:06:00 dk Exp dk $
*
* This is an original implementation of the DES and the crypt(3) interfaces
* by David Burren <davidb@werj.com.au>.
@@ -63,6 +63,10 @@
# include <stdio.h>
#endif
+#ifdef SCRYPT
+extern char *scrypt(char *, char *);
+#endif
+
/* We can't always assume gcc */
#ifdef __GNUC__
#define INLINE inline
@@ -588,6 +592,11 @@
u_long count, salt, l, r0, r1, keybuf[2];
u_char *p, *q;
static u_char output[21];
+
+#ifdef SCRYPT
+ if (setting[0] == '$')
+ return(scrypt(key, setting));
+#endif
if (!des_initialised)
des_init();
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199603111747.TAA17678>