md5/des ?

Uwe Doering gemini at geminix.org
Thu Nov 13 05:16:45 PST 2003 

Oles Hnatkevych wrote:
> Hello!
> 
> /usr/bin/passwd does my passwords MD5 encrypted (accordingly to /etc/login.conf)
> But /usr/sbin/adduser creates users with DES encrypted passwords.
> How do I make it use MD5 instead of DES? Seems like it's perls crypt()
> problem, and the DES is the default...

In case you're running FreeBSD 4.x, please see the attached patch.  I 
pulled it from the Internet some time ago and subsequently improved it 
slightly, as far as I recall.  With this patch applied 'adduser' honors 
the 'passwd_format' parameter in '/etc/login.conf'.

    Uwe
-- 
Uwe Doering         |  EscapeBox - Managed On-Demand UNIX Servers
gemini at geminix.org  |  http://www.escapebox.net
-------------- next part --------------
--- src-4.5-RELEASE/usr.sbin/adduser/adduser.perl	Wed Nov 21 02:46:56 2001
+++ src/usr.sbin/adduser/adduser.perl	Wed Apr  9 11:41:17 2003
@@ -26,6 +26,7 @@
 #
 # $FreeBSD: src/usr.sbin/adduser/adduser.perl,v 1.44.2.3 2001/10/15 13:43:18 dd Exp $
 
+use DB_File;
 
 # read variables
 sub variables {
@@ -687,6 +688,7 @@
     local($userhome);
     local($groupmembers_bak, $cryptpwd);
     local($new_users_ok) = 1;
+    local($salt_extended);
 
 
     $new_groups = "no";
@@ -712,7 +714,10 @@
 	    $new_users_ok = 1;
 
 	    $cryptpwd = "";
-	    $cryptpwd = crypt($password, &salt) if $password ne "";
+	    $salt_extended = &passwd_format_prefix($class);
+	    $salt_extended .= &salt;
+	    $cryptpwd = crypt($password, $salt_extended) if $password ne "";
+
 	    # obscure perl bug
 	    $new_entry = "$name\:" . "$cryptpwd" .
 		"\:$u_id\:$g_id\:$class\:0:0:$fullname:$userhome:$sh";
@@ -786,11 +791,36 @@
     return @array;
 }
 
+# determine and return salt prefix depended on login_class given
+sub passwd_format_prefix {
+    local($class) = shift;
+    local(%hash,$v);
+    local($ret) = "";
+
+    tie %hash, 'DB_File', "/etc/login.conf.db", O_RDONLY, 0644, $DB_HASH ||
+	return "";
+
+    $class = "default" if($class eq "");
+    if (exists($hash{$class})) {
+	$v = $hash{$class};
+	$v =~ /passwd_format=([a-z0-9]*):/;
+	if ($1 eq 'md5') {
+	    $ret = "\$1\$";
+	} elsif ($1 eq 'blf') {
+	    $ret = "\$2\$";
+	}
+    }
+
+    untie %hash;
+
+    return $ret;
+}
+
 # see /usr/src/usr.bin/passwd/local_passwd.c or librcypt, crypt(3)
 sub salt {
     local($salt);		# initialization
     local($i, $rand);
-    local(@itoa64) = ( '0' .. '9', 'a' .. 'z', 'A' .. 'Z' ); # 0 .. 63
+    local(@itoa64) = ( '.', '/', '0' .. '9', 'a' .. 'z', 'A' .. 'Z' ); # 0 .. 63
 
     warn "calculate salt\n" if $verbose > 1;
     # to64

More information about the freebsd-questions mailing list