Re: md5/des ?

Uwe Doering Thu, 13 Nov 2003 06:23:36 -0800

Oles Hnatkevych wrote:

Hello!

/usr/bin/passwd does my passwords MD5 encrypted (accordingly to /etc/login.conf)
But /usr/sbin/adduser creates users with DES encrypted passwords.
How do I make it use MD5 instead of DES? Seems like it's perls crypt()
problem, and the DES is the default...

In case you're running FreeBSD 4.x, please see the attached patch. I pulled it from the Internet some time ago and subsequently improved it slightly, as far as I recall. With this patch applied 'adduser' honors the 'passwd_format' parameter in '/etc/login.conf'.

   Uwe
--
Uwe Doering         |  EscapeBox - Managed On-Demand UNIX Servers
[EMAIL PROTECTED]  |  http://www.escapebox.net

--- src-4.5-RELEASE/usr.sbin/adduser/adduser.perl       Wed Nov 21 02:46:56 2001
+++ src/usr.sbin/adduser/adduser.perl   Wed Apr  9 11:41:17 2003
@@ -26,6 +26,7 @@
 #
 # $FreeBSD: src/usr.sbin/adduser/adduser.perl,v 1.44.2.3 2001/10/15 13:43:18 dd Exp $
 
+use DB_File;
 
 # read variables
 sub variables {
@@ -687,6 +688,7 @@
     local($userhome);
     local($groupmembers_bak, $cryptpwd);
     local($new_users_ok) = 1;
+    local($salt_extended);
 
 
     $new_groups = "no";
@@ -712,7 +714,10 @@
            $new_users_ok = 1;
 
            $cryptpwd = "";
-           $cryptpwd = crypt($password, &salt) if $password ne "";
+           $salt_extended = &passwd_format_prefix($class);
+           $salt_extended .= &salt;
+           $cryptpwd = crypt($password, $salt_extended) if $password ne "";
+
            # obscure perl bug
            $new_entry = "$name\:" . "$cryptpwd" .
                "\:$u_id\:$g_id\:$class\:0:0:$fullname:$userhome:$sh";
@@ -786,11 +791,36 @@
     return @array;
 }
 
+# determine and return salt prefix depended on login_class given
+sub passwd_format_prefix {
+    local($class) = shift;
+    local(%hash,$v);
+    local($ret) = "";
+
+    tie %hash, 'DB_File', "/etc/login.conf.db", O_RDONLY, 0644, $DB_HASH ||
+       return "";
+
+    $class = "default" if($class eq "");
+    if (exists($hash{$class})) {
+       $v = $hash{$class};
+       $v =~ /passwd_format=([a-z0-9]*):/;
+       if ($1 eq 'md5') {
+           $ret = "\$1\$";
+       } elsif ($1 eq 'blf') {
+           $ret = "\$2\$";
+       }
+    }
+
+    untie %hash;
+
+    return $ret;
+}
+
 # see /usr/src/usr.bin/passwd/local_passwd.c or librcypt, crypt(3)
 sub salt {
     local($salt);              # initialization
     local($i, $rand);
-    local(@itoa64) = ( '0' .. '9', 'a' .. 'z', 'A' .. 'Z' ); # 0 .. 63
+    local(@itoa64) = ( '.', '/', '0' .. '9', 'a' .. 'z', 'A' .. 'Z' ); # 0 .. 63
 
     warn "calculate salt\n" if $verbose > 1;
     # to64

_______________________________________________
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: md5/des ?

Reply via email to