AC_ARG_WITH([tcb],
[AS_HELP_STRING([--with-tcb], [use tcb support (incomplete) @<:@default=yes if found@:>@])],
[with_tcb=$withval], [with_tcb=maybe])
-AC_ARG_WITH([sha-crypt],
- [AS_HELP_STRING([--with-sha-crypt], [allow the SHA256 and SHA512 password encryption algorithms @<:@default=yes@:>@])],
- [with_sha_crypt=$withval], [with_sha_crypt=yes])
AC_ARG_WITH([bcrypt],
[AS_HELP_STRING([--with-bcrypt], [allow the bcrypt password encryption algorithm @<:@default=no@:>@])],
[with_bcrypt=$withval], [with_bcrypt=no])
GROUP_NAME_MAX_LENGTH="$with_group_name_max_length"
-AM_CONDITIONAL([USE_SHA_CRYPT], [test "x$with_sha_crypt" = "xyes"])
-if test "X$with_sha_crypt" = "Xyes"; then
- AC_DEFINE([USE_SHA_CRYPT], [1], [Define to allow the SHA256 and SHA512 password encryption algorithms])
-fi
-
AM_CONDITIONAL([USE_BCRYPT], [test "x$with_bcrypt" = "xyes"])
if test "X$with_bcrypt" = "Xyes"; then
AC_DEFINE([USE_BCRYPT], [1], [Define to allow the bcrypt password encryption algorithm])
tcb support (incomplete): $with_tcb
shadow group support: $enable_shadowgrp
S/Key support: $with_skey
- SHA passwords encryption: $with_sha_crypt
bcrypt passwords encryption: $with_bcrypt
yescrypt passwords encryption: $with_yescrypt
nscd support: $with_nscd
{"PASS_MAX_DAYS", NULL},
{"PASS_MIN_DAYS", NULL},
{"PASS_WARN_AGE", NULL},
-#ifdef USE_SHA_CRYPT
{"SHA_CRYPT_MAX_ROUNDS", NULL},
{"SHA_CRYPT_MIN_ROUNDS", NULL},
-#endif
#ifdef USE_BCRYPT
{"BCRYPT_MAX_ROUNDS", NULL},
{"BCRYPT_MIN_ROUNDS", NULL},
}
} else {
if ( streq(method, "MD5")
-#ifdef USE_SHA_CRYPT
|| streq(method, "SHA256")
|| streq(method, "SHA512")
-#endif
#ifdef USE_BCRYPT
|| streq(method, "BCRYPT")
#endif
#define B_ROUNDS_MAX 31
#endif /* USE_BCRYPT */
-#ifdef USE_SHA_CRYPT
/* Fixed salt len for sha{256,512}crypt. */
#define SHA_CRYPT_SALT_SIZE 16
/* Default number of rounds if not explicitly specified. */
#define SHA_ROUNDS_MIN 1000
/* Maximum number of rounds. */
#define SHA_ROUNDS_MAX 999999999
-#endif
#ifdef USE_YESCRYPT
/*
#if !USE_XCRYPT_GENSALT
static /*@observer@*/const char *gensalt (size_t salt_size);
#endif /* !USE_XCRYPT_GENSALT */
-#ifdef USE_SHA_CRYPT
static /*@observer@*/unsigned long SHA_get_salt_rounds (/*@null@*/const int *prefered_rounds);
static /*@observer@*/void SHA_salt_rounds_to_buf (char *buf, unsigned long rounds);
-#endif /* USE_SHA_CRYPT */
#ifdef USE_BCRYPT
static /*@observer@*/unsigned long BCRYPT_get_salt_rounds (/*@null@*/const int *prefered_rounds);
static /*@observer@*/void BCRYPT_salt_rounds_to_buf (char *buf, unsigned long rounds);
#endif /* USE_YESCRYPT */
-#ifdef USE_SHA_CRYPT
/* Return the the rounds number for the SHA crypt methods. */
static /*@observer@*/unsigned long SHA_get_salt_rounds (/*@null@*/const int *prefered_rounds)
{
(void) snprintf (buf + buf_begin, 18, "rounds=%lu$", rounds);
}
-#endif /* USE_SHA_CRYPT */
#ifdef USE_BCRYPT
/* Return the the rounds number for the BCRYPT method. */
rounds = YESCRYPT_get_salt_cost (arg);
YESCRYPT_salt_cost_to_buf (result, rounds);
#endif /* USE_YESCRYPT */
-#ifdef USE_SHA_CRYPT
} else if (streq(method, "SHA256")) {
MAGNUM(result, '5');
salt_len = SHA_CRYPT_SALT_SIZE;
salt_len = SHA_CRYPT_SALT_SIZE;
rounds = SHA_get_salt_rounds (arg);
SHA_salt_rounds_to_buf (result, rounds);
-#endif /* USE_SHA_CRYPT */
} else if (!streq(method, "DES")) {
fprintf (log_get_logfd(),
_("Invalid ENCRYPT_METHOD value: '%s'.\n"
The available methods are <phrase condition="bcrypt">
<replaceable>BCRYPT</replaceable>,</phrase>
<replaceable>DES</replaceable>,
- <replaceable>MD5</replaceable><phrase condition="sha_crypt">,
+ <replaceable>MD5</replaceable>,
<replaceable>SHA256</replaceable>,
- <replaceable>SHA512</replaceable></phrase><phrase condition="yescrypt">,
+ <replaceable>SHA512</replaceable>,
+ <phrase condition="yescrypt">
<replaceable>YESCRYPT</replaceable></phrase> and
<replaceable>NONE</replaceable>
if your libc supports these methods.
</para>
</listitem>
</varlistentry>
- <varlistentry condition="bcrypt;sha_crypt;yescrypt">
+ <varlistentry>
<term><option>-s</option>, <option>--sha-rounds</option></term>
<listitem>
<para>
You can only use this option with crypt method:
<phrase condition="bcrypt">
<replaceable>BCRYPT</replaceable></phrase>
- <phrase condition="sha_crypt">
<replaceable>SHA256</replaceable>
- <replaceable>SHA512</replaceable></phrase>
+ <replaceable>SHA512</replaceable>
<phrase condition="yescrypt">
<replaceable>YESCRYPT</replaceable></phrase>
</para>
A minimal value of 4 and a maximal value of 31
will be enforced for BCRYPT. The default number of rounds is 13.
</para>
- <para condition="sha_crypt">
+ <para>
By default, the number of rounds for SHA256 or SHA512 is defined by
the SHA_CRYPT_MIN_ROUNDS and SHA_CRYPT_MAX_ROUNDS variables in
<filename>/etc/login.defs</filename>.
</para>
- <para condition="sha_crypt">
+ <para>
A minimal value of 1000 and a maximal value of 999,999,999
will be enforced for SHA256 and SHA512. The default number of rounds
is 5000.
The available methods are <phrase condition="bcrypt">
<replaceable>BCRYPT</replaceable>,</phrase>
<replaceable>DES</replaceable>,
- <replaceable>MD5</replaceable><phrase condition="sha_crypt">,
+ <replaceable>MD5</replaceable>,
<replaceable>SHA256</replaceable>,
- <replaceable>SHA512</replaceable></phrase><phrase condition="yescrypt">,
+ <replaceable>SHA512</replaceable>,
+ <phrase condition="yescrypt">
<replaceable>YESCRYPT</replaceable></phrase> and
<replaceable>NONE</replaceable>
if your libc supports these methods.
</para>
</listitem>
</varlistentry>
- <varlistentry condition="bcrypt;sha_crypt;yescrypt">
+ <varlistentry>
<term>
<option>-s</option>, <option>--sha-rounds</option> <replaceable>ROUNDS</replaceable>
</term>
You can only use this option with crypt method:
<phrase condition="bcrypt">
<replaceable>BCRYPT</replaceable></phrase>
- <phrase condition="sha_crypt">
<replaceable>SHA256</replaceable>
- <replaceable>SHA512</replaceable></phrase>
+ <replaceable>SHA512</replaceable>
<phrase condition="yescrypt">
<replaceable>YESCRYPT</replaceable></phrase>
</para>
A minimal value of 4 and a maximal value of 31
will be enforced for BCRYPT. The default number of rounds is 13.
</para>
- <para condition="sha_crypt">
+ <para>
By default, the number of rounds for SHA256 or SHA512 is defined by
the SHA_CRYPT_MIN_ROUNDS and SHA_CRYPT_MAX_ROUNDS variables in
<filename>/etc/login.defs</filename>.
</para>
- <para condition="sha_crypt">
+ <para>
A minimal value of 1000 and a maximal value of 999,999,999
will be enforced for SHA256 and SHA512. The default number of rounds
is 5000.
TCB_COND=no_tcb
endif
-if USE_SHA_CRYPT
-SHA_CRYPT_COND=sha_crypt
-else
-SHA_CRYPT_COND=no_sha_crypt
-endif
-
if USE_BCRYPT
BCRYPT_COND=bcrypt
else
fi
man1/% man3/% man5/% man8/%: %.xml-config Makefile config.xml
- $(XSLTPROC) --stringparam profile.condition "$(PAM_COND);$(SHADOWGRP_COND);$(TCB_COND);$(SHA_CRYPT_COND);$(BCRYPT_COND);$(YESCRYPT_COND);$(SUBIDS_COND);$(VENDORDIR_COND);$(LASTLOG_COND)" \
+ $(XSLTPROC) --stringparam profile.condition "$(PAM_COND);$(SHADOWGRP_COND);$(TCB_COND);$(BCRYPT_COND);$(YESCRYPT_COND);$(SUBIDS_COND);$(VENDORDIR_COND);$(LASTLOG_COND)" \
--param "man.authors.section.enabled" "0" \
--stringparam "man.output.base.dir" "" \
--stringparam vendordir "$(VENDORDIR)" \
<phrase condition="bcrypt">BCRYPT_MAX_ROUNDS
BCRYPT_MIN_ROUNDS</phrase>
ENCRYPT_METHOD MAX_MEMBERS_PER_GROUP MD5_CRYPT_ENAB
- <phrase condition="sha_crypt">SHA_CRYPT_MAX_ROUNDS
- SHA_CRYPT_MIN_ROUNDS</phrase>
+ SHA_CRYPT_MAX_ROUNDS SHA_CRYPT_MIN_ROUNDS
<phrase condition="yescrypt">YESCRYPT_COST_FACTOR</phrase>
</para>
</listitem>
BCRYPT_MIN_ROUNDS</phrase>
<phrase condition="no_pam">ENCRYPT_METHOD
MD5_CRYPT_ENAB </phrase>
- <phrase condition="sha_crypt">SHA_CRYPT_MAX_ROUNDS
- SHA_CRYPT_MIN_ROUNDS</phrase>
+ SHA_CRYPT_MAX_ROUNDS SHA_CRYPT_MIN_ROUNDS
<phrase condition="yescrypt">YESCRYPT_COST_FACTOR</phrase>
</para>
</listitem>
<phrase condition="bcrypt">BCRYPT_MAX_ROUNDS
BCRYPT_MIN_ROUNDS</phrase>
ENCRYPT_METHOD MAX_MEMBERS_PER_GROUP MD5_CRYPT_ENAB
- <phrase condition="sha_crypt">SHA_CRYPT_MAX_ROUNDS
- SHA_CRYPT_MIN_ROUNDS</phrase>
+ SHA_CRYPT_MAX_ROUNDS SHA_CRYPT_MIN_ROUNDS
<phrase condition="yescrypt">YESCRYPT_COST_FACTOR</phrase>
</para>
</listitem>
MAX_MEMBERS_PER_GROUP MD5_CRYPT_ENAB
HOME_MODE
PASS_MAX_DAYS PASS_MIN_DAYS PASS_WARN_AGE
- <phrase condition="sha_crypt">SHA_CRYPT_MAX_ROUNDS
- SHA_CRYPT_MIN_ROUNDS</phrase>
+ SHA_CRYPT_MAX_ROUNDS SHA_CRYPT_MIN_ROUNDS
SUB_GID_COUNT SUB_GID_MAX SUB_GID_MIN
SUB_UID_COUNT SUB_UID_MAX SUB_UID_MIN
SYS_GID_MAX SYS_GID_MIN SYS_UID_MAX SYS_UID_MIN UID_MAX UID_MIN
BCRYPT_MIN_ROUNDS</phrase>
ENCRYPT_METHOD MD5_CRYPT_ENAB OBSCURE_CHECKS_ENAB
PASS_ALWAYS_WARN PASS_CHANGE_TRIES PASS_MAX_LEN PASS_MIN_LEN
- <phrase condition="sha_crypt">SHA_CRYPT_MAX_ROUNDS
- SHA_CRYPT_MIN_ROUNDS</phrase>
+ SHA_CRYPT_MAX_ROUNDS SHA_CRYPT_MIN_ROUNDS
<phrase condition="yescrypt">YESCRYPT_COST_FACTOR</phrase>
</para>
</listitem>
It can take one of these values: <phrase condition="bcrypt">
<replaceable>BCRYPT</replaceable>,</phrase>
<replaceable>DES</replaceable> (default),
- <replaceable>MD5</replaceable><phrase condition="sha_crypt">,
+ <replaceable>MD5</replaceable>,
<replaceable>SHA256</replaceable>,
- <replaceable>SHA512</replaceable></phrase><phrase condition="yescrypt">,
+ <replaceable>SHA512</replaceable>,
+ <phrase condition="yescrypt">
<replaceable>YESCRYPT</replaceable></phrase>.
MD5 and DES should not be used for new hashes, see
<refentrytitle>crypt</refentrytitle><manvolnum>5</manvolnum>
SPDX-FileCopyrightText: 2007 - 2008, Nicolas François
SPDX-License-Identifier: BSD-3-Clause
-->
-<varlistentry condition="sha_crypt">
+<varlistentry>
<term><option>SHA_CRYPT_MIN_ROUNDS</option> (number)</term>
<term><option>SHA_CRYPT_MAX_ROUNDS</option> (number)</term>
<listitem>
</varlistentry>
</variablelist>
<variablelist remap='IP' condition="no_pam">
- <varlistentry condition="bcrypt;sha_crypt;yescrypt">
+ <varlistentry>
<term><option>-s</option>, <option>--sha-rounds</option></term>
<listitem>
<para>
You can only use this option with crypt method:
<phrase condition="bcrypt">
<replaceable>BCRYPT</replaceable></phrase>
- <phrase condition="sha_crypt">
<replaceable>SHA256</replaceable>
- <replaceable>SHA512</replaceable></phrase>
+ <replaceable>SHA512</replaceable>
<phrase condition="yescrypt">
<replaceable>YESCRYPT</replaceable></phrase>
</para>
A minimal value of 4 and a maximal value of 31
will be enforced for BCRYPT. The default is 13.
</para>
- <para condition="sha_crypt">
+ <para>
By default, the number of rounds for SHA256 or SHA512 is defined by the
SHA_CRYPT_MIN_ROUNDS and SHA_CRYPT_MAX_ROUNDS variables in
<filename>/etc/login.defs</filename>.
</para>
- <para condition="sha_crypt">
+ <para>
A minimal value of 1000 and a maximal value of 999,999,999
will be enforced for SHA256 and SHA512. The default is 5000.
</para>
static const char Prog[] = "chgpasswd";
static bool eflg = false;
static bool md5flg = false;
-#if defined(USE_SHA_CRYPT) || defined(USE_BCRYPT) || defined(USE_YESCRYPT)
static bool sflg = false;
-#endif /* USE_SHA_CRYPT || USE_BCRYPT || USE_YESCRYPT */
static /*@null@*//*@observer@*/const char *crypt_method = NULL;
#define cflg (NULL != crypt_method)
-#ifdef USE_SHA_CRYPT
static long sha_rounds = 5000;
-#endif
#ifdef USE_BCRYPT
static long bcrypt_rounds = 13;
#endif
(void) fprintf (usageout,
_(" -c, --crypt-method METHOD the crypt method (one of %s)\n"),
"NONE DES MD5"
-#if defined(USE_SHA_CRYPT)
" SHA256 SHA512"
-#endif
#if defined(USE_BCRYPT)
" BCRYPT"
#endif
" the MD5 algorithm\n"),
usageout);
(void) fputs (_(" -R, --root CHROOT_DIR directory to chroot into\n"), usageout);
-#if defined(USE_SHA_CRYPT) || defined(USE_BCRYPT) || defined(USE_YESCRYPT)
(void) fputs (_(" -s, --sha-rounds number of rounds for the SHA, BCRYPT\n"
" or YESCRYPT crypt algorithms\n"),
usageout);
-#endif /* USE_SHA_CRYPT || USE_BCRYPT || USE_YESCRYPT */
(void) fputs ("\n", usageout);
exit (status);
static void process_flags (int argc, char **argv, struct option_flags *flags)
{
int c;
-#if defined(USE_SHA_CRYPT) || defined(USE_BCRYPT) || defined(USE_YESCRYPT)
int bad_s;
-#endif /* USE_SHA_CRYPT || USE_BCRYPT || USE_YESCRYPT */
static struct option long_options[] = {
{"crypt-method", required_argument, NULL, 'c'},
{"encrypted", no_argument, NULL, 'e'},
{"help", no_argument, NULL, 'h'},
{"md5", no_argument, NULL, 'm'},
{"root", required_argument, NULL, 'R'},
-#if defined(USE_SHA_CRYPT) || defined(USE_BCRYPT) || defined(USE_YESCRYPT)
{"sha-rounds", required_argument, NULL, 's'},
-#endif /* USE_SHA_CRYPT || USE_BCRYPT || USE_YESCRYPT */
{NULL, 0, NULL, '\0'}
};
while ((c = getopt_long (argc, argv,
-#if defined(USE_SHA_CRYPT) || defined(USE_BCRYPT) || defined(USE_YESCRYPT)
"c:ehmR:s:",
-#else
- "c:ehmR:",
-#endif
long_options, NULL)) != -1) {
switch (c) {
case 'c':
case 'R': /* no-op, handled in process_root_flag () */
flags->chroot = true;
break;
-#if defined(USE_SHA_CRYPT) || defined(USE_BCRYPT) || defined(USE_YESCRYPT)
case 's':
sflg = true;
bad_s = 0;
Prog);
usage (E_USAGE);
}
-#if defined(USE_SHA_CRYPT)
if ( ( (streq(crypt_method, "SHA256") || streq(crypt_method, "SHA512"))
&& (-1 == str2sl(&sha_rounds, optarg)))) {
bad_s = 1;
}
-#endif /* USE_SHA_CRYPT */
#if defined(USE_BCRYPT)
if ( ( streq(crypt_method, "BCRYPT")
&& (-1 == str2sl(&bcrypt_rounds, optarg)))) {
usage (E_USAGE);
}
break;
-#endif /* USE_SHA_CRYPT || USE_BCRYPT || USE_YESCRYPT */
-
default:
usage (E_USAGE);
/*@notreached@*/break;
*/
static void check_flags (void)
{
-#if defined(USE_SHA_CRYPT) || defined(USE_BCRYPT) || defined(USE_YESCRYPT)
if (sflg && !cflg) {
fprintf (stderr,
_("%s: %s flag is only allowed with the %s flag\n"),
Prog, "-s", "-c");
usage (E_USAGE);
}
-#endif
if ((eflg && (md5flg || cflg)) ||
(md5flg && cflg)) {
if ( !streq(crypt_method, "DES")
&& !streq(crypt_method, "MD5")
&& !streq(crypt_method, "NONE")
-#ifdef USE_SHA_CRYPT
&& !streq(crypt_method, "SHA256")
&& !streq(crypt_method, "SHA512")
-#endif /* USE_SHA_CRYPT */
#ifdef USE_BCRYPT
&& !streq(crypt_method, "BCRYPT")
#endif /* USE_BCRYPT */
if (md5flg) {
crypt_method = "MD5";
}
-#if defined(USE_SHA_CRYPT) || defined(USE_BCRYPT) || defined(USE_YESCRYPT)
if (sflg) {
-#if defined(USE_SHA_CRYPT)
if ( streq(crypt_method, "SHA256")
|| streq(crypt_method, "SHA512")) {
arg = &sha_rounds;
}
-#endif /* USE_SHA_CRYPT */
#if defined(USE_BCRYPT)
if (streq(crypt_method, "BCRYPT")) {
arg = &bcrypt_rounds;
}
#endif /* USE_YESCRYPT */
}
-#endif
salt = crypt_make_salt (crypt_method, arg);
cp = pw_encrypt (newpwd, salt);
if (NULL == cp) {
static const char Prog[] = "chpasswd";
static bool eflg = false;
static bool md5flg = false;
-#if defined(USE_SHA_CRYPT) || defined(USE_BCRYPT) || defined(USE_YESCRYPT)
static bool sflg = false;
-#endif
static /*@null@*//*@observer@*/const char *crypt_method = NULL;
#define cflg (NULL != crypt_method)
-#ifdef USE_SHA_CRYPT
static long sha_rounds = 5000;
-#endif
#ifdef USE_BCRYPT
static long bcrypt_rounds = 13;
#endif
(void) fprintf (usageout,
_(" -c, --crypt-method METHOD the crypt method (one of %s)\n"),
"NONE DES MD5"
-#if defined(USE_SHA_CRYPT)
" SHA256 SHA512"
-#endif
#if defined(USE_BCRYPT)
" BCRYPT"
#endif
usageout);
(void) fputs (_(" -R, --root CHROOT_DIR directory to chroot into\n"), usageout);
(void) fputs (_(" -P, --prefix PREFIX_DIR directory prefix\n"), usageout);
-#if defined(USE_SHA_CRYPT) || defined(USE_BCRYPT) || defined(USE_YESCRYPT)
(void) fputs (_(" -s, --sha-rounds number of rounds for the SHA, BCRYPT\n"
" or YESCRYPT crypt algorithms\n"),
usageout);
-#endif /* USE_SHA_CRYPT || USE_BCRYPT || USE_YESCRYPT */
(void) fputs ("\n", usageout);
exit (status);
static void process_flags (int argc, char **argv, struct option_flags *flags)
{
int c;
-#if defined(USE_SHA_CRYPT) || defined(USE_BCRYPT) || defined(USE_YESCRYPT)
int bad_s;
-#endif /* USE_SHA_CRYPT || USE_BCRYPT || USE_YESCRYPT */
static struct option long_options[] = {
{"crypt-method", required_argument, NULL, 'c'},
{"encrypted", no_argument, NULL, 'e'},
{"md5", no_argument, NULL, 'm'},
{"root", required_argument, NULL, 'R'},
{"prefix", required_argument, NULL, 'P'},
-#if defined(USE_SHA_CRYPT) || defined(USE_BCRYPT) || defined(USE_YESCRYPT)
{"sha-rounds", required_argument, NULL, 's'},
-#endif /* USE_SHA_CRYPT || USE_BCRYPT || USE_YESCRYPT */
{NULL, 0, NULL, '\0'}
};
while ((c = getopt_long (argc, argv,
-#if defined(USE_SHA_CRYPT) || defined(USE_BCRYPT) || defined(USE_YESCRYPT)
"c:ehmR:P:s:",
-#else
- "c:ehmR:P:",
-#endif
long_options, NULL)) != -1) {
switch (c) {
case 'c':
case 'P': /* no-op, handled in process_prefix_flag () */
flags->prefix = true;
break;
-#if defined(USE_SHA_CRYPT) || defined(USE_BCRYPT) || defined(USE_YESCRYPT)
case 's':
sflg = true;
bad_s = 0;
-#if defined(USE_SHA_CRYPT)
if ((IS_CRYPT_METHOD("SHA256") || IS_CRYPT_METHOD("SHA512"))
&& (-1 == str2sl(&sha_rounds, optarg))) {
bad_s = 1;
}
-#endif /* USE_SHA_CRYPT */
#if defined(USE_BCRYPT)
if (IS_CRYPT_METHOD("BCRYPT")
&& (-1 == str2sl(&bcrypt_rounds, optarg))) {
usage (E_USAGE);
}
break;
-#endif /* USE_SHA_CRYPT || USE_BCRYPT || USE_YESCRYPT */
-
default:
usage (E_USAGE);
/*@notreached@*/break;
*/
static void check_flags (void)
{
-#if defined(USE_SHA_CRYPT) || defined(USE_BCRYPT) || defined(USE_YESCRYPT)
if (sflg && !cflg) {
fprintf (stderr,
_("%s: %s flag is only allowed with the %s flag\n"),
Prog, "-s", "-c");
usage (E_USAGE);
}
-#endif
if ((eflg && (md5flg || cflg)) ||
(md5flg && cflg)) {
if ((!IS_CRYPT_METHOD("DES"))
&&(!IS_CRYPT_METHOD("MD5"))
&&(!IS_CRYPT_METHOD("NONE"))
-#ifdef USE_SHA_CRYPT
&&(!IS_CRYPT_METHOD("SHA256"))
&&(!IS_CRYPT_METHOD("SHA512"))
-#endif /* USE_SHA_CRYPT */
#ifdef USE_BCRYPT
&&(!IS_CRYPT_METHOD("BCRYPT"))
#endif /* USE_BCRYPT */
if (md5flg) {
crypt_method = "MD5";
}
-#if defined(USE_SHA_CRYPT) || defined(USE_BCRYPT) || defined(USE_YESCRYPT)
if (sflg) {
-#if defined(USE_SHA_CRYPT)
if (IS_CRYPT_METHOD("SHA256") || IS_CRYPT_METHOD("SHA512")) {
arg = &sha_rounds;
}
-#endif /* USE_SHA_CRYPT */
#if defined(USE_BCRYPT)
if (IS_CRYPT_METHOD("BCRYPT")) {
arg = &bcrypt_rounds;
}
#endif /* USE_YESCRYPT */
}
-#endif
return crypt_make_salt (crypt_method, arg);
}
#ifndef USE_PAM
static /*@null@*//*@observer@*/char *crypt_method = NULL;
#define cflg (NULL != crypt_method)
-#if defined(USE_SHA_CRYPT) || defined(USE_BCRYPT) || defined(USE_YESCRYPT)
static bool sflg = false;
-#endif
-#ifdef USE_SHA_CRYPT
static long sha_rounds = 5000;
-#endif /* USE_SHA_CRYPT */
#ifdef USE_BCRYPT
static long bcrypt_rounds = 13;
#endif /* USE_BCRYPT */
(void) fprintf (usageout,
_(" -c, --crypt-method METHOD the crypt method (one of %s)\n"),
"NONE DES MD5"
-#if defined(USE_SHA_CRYPT)
" SHA256 SHA512"
-#endif
#if defined(USE_BCRYPT)
" BCRYPT"
#endif
(void) fputs (_(" -r, --system create system accounts\n"), usageout);
(void) fputs (_(" -R, --root CHROOT_DIR directory to chroot into\n"), usageout);
#ifndef USE_PAM
-#if defined(USE_SHA_CRYPT) || defined(USE_BCRYPT) || defined(USE_YESCRYPT)
(void) fputs (_(" -s, --sha-rounds number of rounds for the SHA, BCRYPT\n"
" or YESCRYPT crypt algorithms\n"),
usageout);
-#endif /* USE_SHA_CRYPT || USE_BCRYPT || USE_YESCRYPT */
#endif /* !USE_PAM */
(void) fputs ("\n", usageout);
void *crypt_arg = NULL;
char *cp;
if (NULL != crypt_method) {
-#if defined(USE_SHA_CRYPT)
if (sflg) {
if ( streq(crypt_method, "SHA256")
|| streq(crypt_method, "SHA512")) {
crypt_arg = &sha_rounds;
}
}
-#endif /* USE_SHA_CRYPT */
#if defined(USE_BCRYPT)
if (sflg) {
if (streq(crypt_method, "BCRYPT")) {
#ifndef USE_PAM
void *crypt_arg = NULL;
if (NULL != crypt_method) {
-#if defined(USE_SHA_CRYPT)
if (sflg) {
if (streq(crypt_method, "SHA256")
|| streq(crypt_method, "SHA512"))
crypt_arg = &sha_rounds;
}
}
-#endif /* USE_SHA_CRYPT */
#if defined(USE_BCRYPT)
if (sflg) {
if (streq(crypt_method, "BCRYPT")) {
{
int c;
#ifndef USE_PAM
-#if defined(USE_SHA_CRYPT) || defined(USE_BCRYPT) || defined(USE_YESCRYPT)
int bad_s;
-#endif /* USE_SHA_CRYPT || USE_BCRYPT || USE_YESCRYPT */
#endif /* !USE_PAM */
static struct option long_options[] = {
{"badname", no_argument, NULL, 'b'},
{"system", no_argument, NULL, 'r'},
{"root", required_argument, NULL, 'R'},
#ifndef USE_PAM
-#if defined(USE_SHA_CRYPT) || defined(USE_BCRYPT) || defined(USE_YESCRYPT)
{"sha-rounds", required_argument, NULL, 's'},
-#endif /* USE_SHA_CRYPT || USE_BCRYPT || USE_YESCRYPT */
#endif /* !USE_PAM */
{NULL, 0, NULL, '\0'}
};
while ((c = getopt_long (argc, argv,
#ifndef USE_PAM
-#if defined(USE_SHA_CRYPT) || defined(USE_BCRYPT) || defined(USE_YESCRYPT)
"c:bhrs:",
-#else /* !USE_SHA_CRYPT && !USE_BCRYPT && !USE_YESCRYPT */
- "c:bhr",
-#endif /* USE_SHA_CRYPT || USE_BCRYPT || USE_YESCRYPT */
#else /* USE_PAM */
"bhr",
#endif
flags->chroot = true;
break;
#ifndef USE_PAM
-#if defined(USE_SHA_CRYPT) || defined(USE_BCRYPT) || defined(USE_YESCRYPT)
case 's':
sflg = true;
bad_s = 0;
Prog);
usage (EXIT_FAILURE);
}
-#if defined(USE_SHA_CRYPT)
if ( ( (streq(crypt_method, "SHA256") || streq(crypt_method, "SHA512"))
&& (-1 == str2sl(&sha_rounds, optarg)))) {
bad_s = 1;
}
-#endif /* USE_SHA_CRYPT */
#if defined(USE_BCRYPT)
if ( ( streq(crypt_method, "BCRYPT")
&& (-1 == str2sl(&bcrypt_rounds, optarg)))) {
usage (EXIT_FAILURE);
}
break;
-#endif /* USE_SHA_CRYPT || USE_BCRYPT || USE_YESCRYPT */
#endif /* !USE_PAM */
default:
usage (EXIT_FAILURE);
static void check_flags (void)
{
#ifndef USE_PAM
-#if defined(USE_SHA_CRYPT) || defined(USE_BCRYPT) || defined(USE_YESCRYPT)
if (sflg && !cflg) {
fprintf (stderr,
_("%s: %s flag is only allowed with the %s flag\n"),
Prog, "-s", "-c");
usage (EXIT_FAILURE);
}
-#endif /* USE_SHA_CRYPT || USE_BCRYPT || USE_YESCRYPT */
if (cflg) {
if ( !streq(crypt_method, "DES")
&& !streq(crypt_method, "MD5")
&& !streq(crypt_method, "NONE")
-#ifdef USE_SHA_CRYPT
&& !streq(crypt_method, "SHA256")
&& !streq(crypt_method, "SHA512")
-#endif /* USE_SHA_CRYPT */
#ifdef USE_BCRYPT
&& !streq(crypt_method, "BCRYPT")
#endif /* USE_BCRYPT */
projects / thirdparty / shadow.git / commitdiff
