svn commit: r273043 - in stable/10: lib/libcrypt usr.sbin/pw

Dag-Erling Smørgrav des at FreeBSD.org
Mon Oct 13 15:56:49 UTC 2014 

Author: des
Date: Mon Oct 13 15:56:47 2014
New Revision: 273043
URL: https://svnweb.freebsd.org/changeset/base/273043

Log:
  MFH (r272830): change the hardcoded default back to DES
  MFH (r272833): remove last vestige of MD5 password hashes

Modified:
  stable/10/lib/libcrypt/crypt.c
  stable/10/usr.sbin/pw/pw_user.c
Directory Properties:
  stable/10/   (props changed)

Modified: stable/10/lib/libcrypt/crypt.c
==============================================================================
--- stable/10/lib/libcrypt/crypt.c	Mon Oct 13 15:53:01 2014	(r273042)
+++ stable/10/lib/libcrypt/crypt.c	Mon Oct 13 15:56:47 2014	(r273043)
@@ -37,24 +37,26 @@ __FBSDID("$FreeBSD$");
 #include "crypt.h"
 
 /*
- * List of supported crypt(3) formats.  The first element in the list will
- * be the default.
+ * List of supported crypt(3) formats.
+ *
+ * The default algorithm is the last entry in the list (second-to-last
+ * array element since the last is a sentinel).  The reason for placing
+ * the default last rather than first is that DES needs to be at the
+ * bottom for the algorithm guessing logic in crypt(3) to work correctly,
+ * and it needs to be the default for backward compatibility.
  */
 static const struct crypt_format {
 	const char *const name;
 	char *(*const func)(const char *, const char *);
 	const char *const magic;
 } crypt_formats[] = {
-	/* default format */
-	{ "sha512",	crypt_sha512,		"$6$"	},
-
-	/* other supported formats */
 	{ "md5",	crypt_md5,		"$1$"	},
 #ifdef HAS_BLOWFISH
 	{ "blf",	crypt_blowfish,		"$2"	},
 #endif
 	{ "nth",	crypt_nthash,		"$3$"	},
 	{ "sha256",	crypt_sha256,		"$5$"	},
+	{ "sha512",	crypt_sha512,		"$6$"	},
 #ifdef HAS_DES
 	{ "des",	crypt_des,		"_"	},
 #endif
@@ -63,7 +65,8 @@ static const struct crypt_format {
 	{ NULL,		NULL,			NULL	}
 };
 
-static const struct crypt_format *crypt_format = &crypt_formats[0];
+static const struct crypt_format *crypt_format =
+    &crypt_formats[(sizeof crypt_formats / sizeof *crypt_formats) - 2];
 
 #define DES_SALT_ALPHABET \
 	"./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz"

Modified: stable/10/usr.sbin/pw/pw_user.c
==============================================================================
--- stable/10/usr.sbin/pw/pw_user.c	Mon Oct 13 15:53:01 2014	(r273042)
+++ stable/10/usr.sbin/pw/pw_user.c	Mon Oct 13 15:56:47 2014	(r273043)
@@ -615,7 +615,7 @@ pw_user(struct userconf * cnf, int mode,
 		pwd->pw_dir = pw_homepolicy(cnf, args, pwd->pw_name);
 		pwd->pw_shell = pw_shellpolicy(cnf, args, NULL);
 		lc = login_getpwclass(pwd);
-		if (lc == NULL || login_setcryptfmt(lc, "md5", NULL) == NULL)
+		if (lc == NULL || login_setcryptfmt(lc, "sha512", NULL) == NULL)
 			warn("setting crypt(3) format");
 		login_close(lc);
 		pwd->pw_passwd = pw_password(cnf, args, pwd->pw_name);
@@ -690,7 +690,7 @@ pw_user(struct userconf * cnf, int mode,
 			} else {
 				lc = login_getpwclass(pwd);
 				if (lc == NULL ||
-				    login_setcryptfmt(lc, "md5", NULL) == NULL)
+				    login_setcryptfmt(lc, "sha512", NULL) == NULL)
 					warn("setting crypt(3) format");
 				login_close(lc);
 				pwd->pw_passwd = pw_pwcrypt(line);

More information about the svn-src-stable mailing list