From: Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl>
Date: Thu, 10 Sep 2020 16:21:41 +0000 (+0200)
Subject: Check for crypt_gensalt_ra() instead of relying on libxcrypt presence
X-Git-Tag: v247-rc1~204^2~4
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=2b49f0ca83279cdf1199df33ee794d0e026a08d2;p=thirdparty%2Fsystemd.git

Check for crypt_gensalt_ra() instead of relying on libxcrypt presence

Since the loop to check various xcrypt functions is already in place,
adding one more is cheap. And it is nicer to check for the function
directly. People like to backport things, so we might get lucky even
without having libxcrypt.
---

diff --git a/meson.build b/meson.build
index 203aa63c1a3..f75c9b2cfbc 100644
--- a/meson.build
+++ b/meson.build
@@ -884,7 +884,8 @@ libcrypt = cc.find_library('crypt')
 crypt_header = conf.get('HAVE_CRYPT_H') == 1 ? \
                '''#include <crypt.h>''' : '''#include <unistd.h>'''
 foreach ident : [
-        ['crypt_ra',          crypt_header]]
+        ['crypt_ra',          crypt_header],
+        ['crypt_gensalt_ra',  crypt_header]]
 
         have = cc.has_function(ident[0], prefix : ident[1], args : '-D_GNU_SOURCE',
                                dependencies : libcrypt)
diff --git a/src/shared/libcrypt-util.c b/src/shared/libcrypt-util.c
index ca40c02c4ea..de0cfced6d9 100644
--- a/src/shared/libcrypt-util.c
+++ b/src/shared/libcrypt-util.c
@@ -31,12 +31,12 @@
 
 int make_salt(char **ret) {
 
-#ifdef XCRYPT_VERSION_MAJOR
+#if HAVE_CRYPT_GENSALT_RA
         const char *e;
         char *salt;
 
-        /* If we have libxcrypt we default to the "preferred method" (i.e. usually yescrypt), and generate it
-         * with crypt_gensalt_ra(). */
+        /* If we have crypt_gensalt_ra() we default to the "preferred method" (i.e. usually yescrypt).
+         * crypt_gensalt_ra() is usually provided by libxcrypt. */
 
         e = secure_getenv("SYSTEMD_CRYPT_PREFIX");
         if (!e)
@@ -51,8 +51,7 @@ int make_salt(char **ret) {
         *ret = salt;
         return 0;
 #else
-        /* If libxcrypt is not used, we use SHA512 and generate the salt on our own since crypt_gensalt_ra()
-         * is not available. */
+        /* If crypt_gensalt_ra() is not available, we use SHA512 and generate the salt on our own. */
 
         static const char table[] =
                 "abcdefghijklmnopqrstuvwxyz"