[git commit] chpasswd: support -c argument and respect DEFAULT_PASSWD_ALGO

Denys Vlasenko vda.linux at googlemail.com
Fri Dec 18 18:01:14 UTC 2015


commit: http://git.busybox.net/busybox/commit/?id=2c0d3f5fd08ccc6963c402030efcbe8a2c028f2d
branch: http://git.busybox.net/busybox/commit/?id=refs/heads/master

Signed-off-by: Pascal Bach <pascal.bach at siemens.com>
Signed-off-by: Denys Vlasenko <vda.linux at googlemail.com>
---
 libbb/pw_encrypt.c    | 10 +++++++---
 loginutils/chpasswd.c | 31 ++++++++++++++++---------------
 2 files changed, 23 insertions(+), 18 deletions(-)

diff --git a/libbb/pw_encrypt.c b/libbb/pw_encrypt.c
index bfc7030..dbc15e5 100644
--- a/libbb/pw_encrypt.c
+++ b/libbb/pw_encrypt.c
@@ -52,14 +52,18 @@ char* FAST_FUNC crypt_make_pw_salt(char salt[MAX_PW_SALT_LEN], const char *algo)
 {
 	int len = 2/2;
 	char *salt_ptr = salt;
-	if (algo[0] != 'd') { /* not des */
+
+	/* Standard chpasswd uses uppercase algos ("MD5", not "md5").
+	 * Need to be case-insensitive in the code below.
+	 */
+	if ((algo[0]|0x20) != 'd') { /* not des */
 		len = 8/2; /* so far assuming md5 */
 		*salt_ptr++ = '$';
 		*salt_ptr++ = '1';
 		*salt_ptr++ = '$';
 #if !ENABLE_USE_BB_CRYPT || ENABLE_USE_BB_CRYPT_SHA
-		if (algo[0] == 's') { /* sha */
-			salt[1] = '5' + (strcmp(algo, "sha512") == 0);
+		if ((algo[0]|0x20) == 's') { /* sha */
+			salt[1] = '5' + (strcasecmp(algo, "sha512") == 0);
 			len = 16/2;
 		}
 #endif
diff --git a/loginutils/chpasswd.c b/loginutils/chpasswd.c
index 6c41d17..a022a42 100644
--- a/loginutils/chpasswd.c
+++ b/loginutils/chpasswd.c
@@ -24,26 +24,27 @@
 //kbuild:lib-$(CONFIG_CHPASSWD) += chpasswd.o
 
 //usage:#define chpasswd_trivial_usage
-//usage:	IF_LONG_OPTS("[--md5|--encrypted]") IF_NOT_LONG_OPTS("[-m|-e]")
+//usage:	IF_LONG_OPTS("[--md5|--encrypted|--crypt-method]") IF_NOT_LONG_OPTS("[-m|-e|-c]")
 //usage:#define chpasswd_full_usage "\n\n"
 //usage:       "Read user:password from stdin and update /etc/passwd\n"
 //usage:	IF_LONG_OPTS(
-//usage:     "\n	-e,--encrypted	Supplied passwords are in encrypted form"
-//usage:     "\n	-m,--md5	Use MD5 encryption instead of DES"
+//usage:     "\n	-e,--encrypted		Supplied passwords are in encrypted form"
+//usage:     "\n	-m,--md5		Use MD5 encryption instead of DES"
+//usage:     "\n	-c,--crypt-method	Use the specified method to encrypt the passwords"
 //usage:	)
 //usage:	IF_NOT_LONG_OPTS(
 //usage:     "\n	-e	Supplied passwords are in encrypted form"
 //usage:     "\n	-m	Use MD5 encryption instead of DES"
+//usage:     "\n	-c	Use the specified method to encrypt the passwords"
 //usage:	)
 
-//TODO: implement -c ALGO
-
 #include "libbb.h"
 
 #if ENABLE_LONG_OPTS
 static const char chpasswd_longopts[] ALIGN1 =
-	"encrypted\0" No_argument "e"
-	"md5\0"       No_argument "m"
+	"encrypted\0"    No_argument       "e"
+	"md5\0"          No_argument       "m"
+	"crypt-method\0" Required_argument "c"
 	;
 #endif
 
@@ -54,14 +55,15 @@ int chpasswd_main(int argc, char **argv) MAIN_EXTERNALLY_VISIBLE;
 int chpasswd_main(int argc UNUSED_PARAM, char **argv)
 {
 	char *name;
+	const char *algo = CONFIG_FEATURE_DEFAULT_PASSWD_ALGO;
 	int opt;
 
 	if (getuid() != 0)
 		bb_error_msg_and_die(bb_msg_perm_denied_are_you_root);
 
-	opt_complementary = "m--e:e--m";
+	opt_complementary = "m--ec:e--mc:c--em";
 	IF_LONG_OPTS(applet_long_options = chpasswd_longopts;)
-	opt = getopt32(argv, "em");
+	opt = getopt32(argv, "emc:", &algo);
 
 	while ((name = xmalloc_fgetline(stdin)) != NULL) {
 		char *free_me;
@@ -77,15 +79,14 @@ int chpasswd_main(int argc UNUSED_PARAM, char **argv)
 
 		free_me = NULL;
 		if (!(opt & OPT_ENC)) {
-			char salt[sizeof("$N$XXXXXXXX")];
+			char salt[MAX_PW_SALT_LEN];
 
-			crypt_make_salt(salt, 1);
 			if (opt & OPT_MD5) {
-				salt[0] = '$';
-				salt[1] = '1';
-				salt[2] = '$';
-				crypt_make_salt(salt + 3, 4);
+				/* Force MD5 if the -m flag is set */
+				algo = "md5";
 			}
+
+			crypt_make_pw_salt(salt, algo);
 			free_me = pass = pw_encrypt(pass, salt, 0);
 		}
 


More information about the busybox-cvs mailing list