Date: Thu, 13 Nov 2003 14:16:34 +0100 From: Uwe Doering <gemini@geminix.org> To: freebsd-questions@freebsd.org Subject: Re: md5/des ? Message-ID: <3FB38432.1000702@geminix.org> In-Reply-To: <102687543915.20031112132335@alfabank.kiev.ua> References: <102687543915.20031112132335@alfabank.kiev.ua>
next in thread | previous in thread | raw e-mail | index | archive | help
This is a multi-part message in MIME format.
--------------060900030801000306090607
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
Oles Hnatkevych wrote:
> Hello!
>
> /usr/bin/passwd does my passwords MD5 encrypted (accordingly to /etc/login.conf)
> But /usr/sbin/adduser creates users with DES encrypted passwords.
> How do I make it use MD5 instead of DES? Seems like it's perls crypt()
> problem, and the DES is the default...
In case you're running FreeBSD 4.x, please see the attached patch. I
pulled it from the Internet some time ago and subsequently improved it
slightly, as far as I recall. With this patch applied 'adduser' honors
the 'passwd_format' parameter in '/etc/login.conf'.
Uwe
--
Uwe Doering | EscapeBox - Managed On-Demand UNIX Servers
gemini@geminix.org | http://www.escapebox.net
--------------060900030801000306090607
Content-Type: text/plain;
name="usr.sbin-adduser-adduser.perl"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline;
filename="usr.sbin-adduser-adduser.perl"
--- src-4.5-RELEASE/usr.sbin/adduser/adduser.perl Wed Nov 21 02:46:56 2001
+++ src/usr.sbin/adduser/adduser.perl Wed Apr 9 11:41:17 2003
@@ -26,6 +26,7 @@
#
# $FreeBSD: src/usr.sbin/adduser/adduser.perl,v 1.44.2.3 2001/10/15 13:43:18 dd Exp $
+use DB_File;
# read variables
sub variables {
@@ -687,6 +688,7 @@
local($userhome);
local($groupmembers_bak, $cryptpwd);
local($new_users_ok) = 1;
+ local($salt_extended);
$new_groups = "no";
@@ -712,7 +714,10 @@
$new_users_ok = 1;
$cryptpwd = "";
- $cryptpwd = crypt($password, &salt) if $password ne "";
+ $salt_extended = &passwd_format_prefix($class);
+ $salt_extended .= &salt;
+ $cryptpwd = crypt($password, $salt_extended) if $password ne "";
+
# obscure perl bug
$new_entry = "$name\:" . "$cryptpwd" .
"\:$u_id\:$g_id\:$class\:0:0:$fullname:$userhome:$sh";
@@ -786,11 +791,36 @@
return @array;
}
+# determine and return salt prefix depended on login_class given
+sub passwd_format_prefix {
+ local($class) = shift;
+ local(%hash,$v);
+ local($ret) = "";
+
+ tie %hash, 'DB_File', "/etc/login.conf.db", O_RDONLY, 0644, $DB_HASH ||
+ return "";
+
+ $class = "default" if($class eq "");
+ if (exists($hash{$class})) {
+ $v = $hash{$class};
+ $v =~ /passwd_format=([a-z0-9]*):/;
+ if ($1 eq 'md5') {
+ $ret = "\$1\$";
+ } elsif ($1 eq 'blf') {
+ $ret = "\$2\$";
+ }
+ }
+
+ untie %hash;
+
+ return $ret;
+}
+
# see /usr/src/usr.bin/passwd/local_passwd.c or librcypt, crypt(3)
sub salt {
local($salt); # initialization
local($i, $rand);
- local(@itoa64) = ( '0' .. '9', 'a' .. 'z', 'A' .. 'Z' ); # 0 .. 63
+ local(@itoa64) = ( '.', '/', '0' .. '9', 'a' .. 'z', 'A' .. 'Z' ); # 0 .. 63
warn "calculate salt\n" if $verbose > 1;
# to64
--------------060900030801000306090607--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3FB38432.1000702>