--- shadow-4.0.12/lib/getdef.c.crypt_gensalt 2005-08-11 08:19:06.000000000 -0600 +++ shadow-4.0.12/lib/getdef.c 2006-06-30 21:32:12.000000000 -0600 @@ -80,6 +80,8 @@ {"UMASK", NULL}, {"USERDEL_CMD", NULL}, {"USERGROUPS_ENAB", NULL}, + {"CRYPT_PREFIX", NULL}, + {"CRYPT_ROUNDS", NULL}, #ifndef USE_PAM {"CHFN_AUTH", NULL}, {"CHSH_AUTH", NULL}, --- shadow-4.0.12/man/login.defs.5.crypt_gensalt 2005-08-03 10:24:53.000000000 -0600 +++ shadow-4.0.12/man/login.defs.5 2006-06-30 21:38:18.000000000 -0600 @@ -47,11 +51,14 @@ \fB\-m\fR flag on useradd command line. .TP +CRYPT_PREFIX (string), CRYPT_ROUNDS (number) +The password hashing method and iteration count to use for group passwords that may be set with \fBgpasswd\fR(1). Please refer to \fBcrypt\fR(3) for information on supported password hashing methods. +.TP GID_MAX (number), GID_MIN (number) Range of group IDs to choose from for the \fBuseradd\fR and -\fBgroupadd\fRprograms. +\fBgroupadd\fR programs. .TP MAIL_DIR (string) The mail spool directory. This is needed to manipulate the mailbox when its corresponding user account is modified or deleted. If not specified, a compile\-time default is used. @@ -87,6 +94,9 @@ chsh CHFN_AUTH .TP +gpasswd +CRYPT_PREFIX CRYPT_ROUNDS +.TP groupadd GID_MAX GID_MIN .TP @@ -114,9 +124,11 @@ \fBsu\fR(1). Please refer to the corresponding PAM configuration files instead. .SH "SEE ALSO" .PP +\fBgpasswd\fR(1), \fBlogin\fR(1), \fBpasswd\fR(1), \fBsu\fR(1), +\fBcrypt\fR(3), \fBpasswd\fR(5), \fBshadow\fR(5), \fBpam\fR(8) --- shadow-4.0.12/libmisc/salt.c.crypt_gensalt 2005-06-14 14:27:35.000000000 -0600 +++ shadow-4.0.12/libmisc/salt.c 2006-06-30 21:42:38.000000000 -0600 @@ -1,6 +1,77 @@ /* * salt.c - generate a random salt string for crypt() - * + */ + +#define _OW_SOURCE +#include <stdio.h> +#include <string.h> +#include <fcntl.h> +#include <stdlib.h> +#include <unistd.h> +#include <errno.h> +#include <crypt.h> + +#include "getdef.h" + +#define RANDOM_DEVICE "/dev/urandom" + +static int read_loop(int fd, char *buffer, int count) +{ + int offset, block; + + offset = 0; + while (count > 0) { + block = read(fd, &buffer[offset], count); + + if (block < 0) { + if (errno == EINTR) continue; + return block; + } + if (!block) return offset; + + offset += block; + count -= block; + } + + return offset; +} + +char * +crypt_make_salt(void) +{ + int fd; + char entropy[16]; + char *retval; + + fd = open(RANDOM_DEVICE, O_RDONLY); + if (fd < 0) { + perror("open: " RANDOM_DEVICE); + exit(1); + } + + if (read_loop(fd, entropy, sizeof(entropy)) != sizeof(entropy)) { + close(fd); + fprintf(stderr, "Unable to obtain entropy from %s\n", + RANDOM_DEVICE); + exit(1); + } + + close(fd); + + retval = crypt_gensalt(getdef_str("CRYPT_PREFIX") ?: "", + getdef_num("CRYPT_ROUNDS", 0), entropy, sizeof(entropy)); + memset(entropy, 0, sizeof(entropy)); + if (!retval) { + fprintf(stderr, "Unable to generate a salt, " + "check your CRYPT_PREFIX and CRYPT_ROUNDS settings.\n"); + exit(1); + } + + return retval; +} + +#if 0 +/* * Written by Marek Michalkiewicz <marekm@i17linuxb.ists.pwr.wroc.pl>, * public domain. */ @@ -42,3 +113,4 @@ return result; } +#endif