Specially for Bernhard Fischer introduce USE_BB_CRYPT
which selects between libc/custom crypt routines.
This commit is contained in:
Denis Vlasenko
parent
5703c22a51
commit
b4c5bf615e
@ -1032,6 +1032,9 @@ extern int restricted_shell(const char *shell);
|
|||||||
extern void setup_environment(const char *shell, int clear_env, int change_env, const struct passwd *pw);
|
extern void setup_environment(const char *shell, int clear_env, int change_env, const struct passwd *pw);
|
||||||
extern int correct_password(const struct passwd *pw);
|
extern int correct_password(const struct passwd *pw);
|
||||||
/* Returns a malloced string */
|
/* Returns a malloced string */
|
||||||
|
#if !ENABLE_USE_BB_CRYPT
|
||||||
|
#define pw_encrypt(clear, salt, cleanup) pw_encrypt(clear, salt)
|
||||||
|
#endif
|
||||||
extern char *pw_encrypt(const char *clear, const char *salt, int cleanup);
|
extern char *pw_encrypt(const char *clear, const char *salt, int cleanup);
|
||||||
extern int obscure(const char *old, const char *newval, const struct passwd *pwdp);
|
extern int obscure(const char *old, const char *newval, const struct passwd *pwdp);
|
||||||
/* rnd is additional random input. New one is returned.
|
/* rnd is additional random input. New one is returned.
|
||||||
|
|||||||
@ -9,6 +9,8 @@
|
|||||||
|
|
||||||
#include "libbb.h"
|
#include "libbb.h"
|
||||||
|
|
||||||
|
#if ENABLE_USE_BB_CRYPT
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* DES and MD5 crypt implementations are taken from uclibc.
|
* DES and MD5 crypt implementations are taken from uclibc.
|
||||||
* They were modified to not use static buffers.
|
* They were modified to not use static buffers.
|
||||||
@ -69,3 +71,18 @@ char *pw_encrypt(const char *clear, const char *salt, int cleanup)
|
|||||||
|
|
||||||
return encrypted;
|
return encrypted;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
#else /* if !ENABLE_USE_BB_CRYPT */
|
||||||
|
|
||||||
|
char *pw_encrypt(const char *clear, const char *salt, int cleanup)
|
||||||
|
{
|
||||||
|
#if 0 /* was CONFIG_FEATURE_SHA1_PASSWORDS, but there is no such thing??? */
|
||||||
|
if (strncmp(salt, "$2$", 3) == 0) {
|
||||||
|
return xstrdup(sha1_crypt(clear));
|
||||||
|
}
|
||||||
|
#endif
|
||||||
|
|
||||||
|
return xstrdup(crypt(clear, salt));
|
||||||
|
}
|
||||||
|
|
||||||
|
#endif
|
||||||
|
|||||||
@ -13,45 +13,67 @@ config FEATURE_SHADOWPASSWDS
|
|||||||
readable by root and thus the encrypted passwords are no longer
|
readable by root and thus the encrypted passwords are no longer
|
||||||
publicly readable.
|
publicly readable.
|
||||||
|
|
||||||
|
config USE_BB_PWD_GRP
|
||||||
|
bool "Use internal password and group functions rather than system functions"
|
||||||
|
default n
|
||||||
|
help
|
||||||
|
If you leave this disabled, busybox will use the system's password
|
||||||
|
and group functions. And if you are using the GNU C library
|
||||||
|
(glibc), you will then need to install the /etc/nsswitch.conf
|
||||||
|
configuration file and the required /lib/libnss_* libraries in
|
||||||
|
order for the password and group functions to work. This generally
|
||||||
|
makes your embedded system quite a bit larger.
|
||||||
|
|
||||||
|
Enabling this option will cause busybox to directly access the
|
||||||
|
system's /etc/password, /etc/group files (and your system will be
|
||||||
|
smaller, and I will get fewer emails asking about how glibc NSS
|
||||||
|
works). When this option is enabled, you will not be able to use
|
||||||
|
PAM to access remote LDAP password servers and whatnot. And if you
|
||||||
|
want hostname resolution to work with glibc, you still need the
|
||||||
|
/lib/libnss_* libraries.
|
||||||
|
|
||||||
|
If you need to use glibc's nsswitch.conf mechanism
|
||||||
|
(e.g. if user/group database is NOT stored in /etc/passwd etc),
|
||||||
|
you must NOT use this option.
|
||||||
|
|
||||||
|
If you enable this option, it will add about 1.5k to busybox.
|
||||||
|
|
||||||
config USE_BB_SHADOW
|
config USE_BB_SHADOW
|
||||||
bool "Use busybox shadow password functions"
|
bool "Use busybox shadow password functions"
|
||||||
default y
|
default y
|
||||||
depends on USE_BB_PWD_GRP && FEATURE_SHADOWPASSWDS
|
depends on USE_BB_PWD_GRP && FEATURE_SHADOWPASSWDS
|
||||||
help
|
help
|
||||||
If you leave this disabled, busybox will use the system's shadow
|
If you leave this disabled, busybox will use the system's shadow
|
||||||
password handling functions. And if you are using the GNU C library
|
password handling functions. And if you are using the GNU C library
|
||||||
(glibc), you will then need to install the /etc/nsswitch.conf
|
(glibc), you will then need to install the /etc/nsswitch.conf
|
||||||
configuration file and the required /lib/libnss_* libraries in
|
configuration file and the required /lib/libnss_* libraries in
|
||||||
order for the shadow password functions to work. This generally
|
order for the shadow password functions to work. This generally
|
||||||
makes your embedded system quite a bit larger.
|
makes your embedded system quite a bit larger.
|
||||||
|
|
||||||
Enabling this option will cause busybox to directly access the
|
Enabling this option will cause busybox to directly access the
|
||||||
system's /etc/shadow file when handling shadow passwords. This
|
system's /etc/shadow file when handling shadow passwords. This
|
||||||
makes your system smaller and I will get fewer emails asking about
|
makes your system smaller and I will get fewer emails asking about
|
||||||
how glibc NSS works). When this option is enabled, you will not be
|
how glibc NSS works). When this option is enabled, you will not be
|
||||||
able to use PAM to access shadow passwords from remote LDAP
|
able to use PAM to access shadow passwords from remote LDAP
|
||||||
password servers and whatnot.
|
password servers and whatnot.
|
||||||
|
|
||||||
config USE_BB_PWD_GRP
|
config USE_BB_CRYPT
|
||||||
bool "Use internal password and group functions rather than system functions"
|
bool "Use internal DES and MD5 crypt functions rather than system functions"
|
||||||
default n
|
default y
|
||||||
help
|
help
|
||||||
If you leave this disabled, busybox will use the system's password
|
If you leave this disabled, busybox will use the system's password
|
||||||
and group functions. And if you are using the GNU C library
|
and group functions. Most C libraries use large (~70k)
|
||||||
(glibc), you will then need to install the /etc/nsswitch.conf
|
static buffers in these functions, and also combine them
|
||||||
configuration file and the required /lib/libnss_* libraries in
|
with more general DES encryption/decryption routines.
|
||||||
order for the password and group functions to work. This generally
|
For busybox, having large static buffers is undesirable,
|
||||||
makes your embedded system quite a bit larger.
|
especially so on NOMMU machines.
|
||||||
|
|
||||||
Enabling this option will cause busybox to directly access the
|
These functions produce results which are identical
|
||||||
system's /etc/password, /etc/group files (and your system will be
|
to corresponding C library functions.
|
||||||
smaller, and I will get fewer emails asking about how glibc NSS
|
|
||||||
works). When this option is enabled, you will not be able to use
|
|
||||||
PAM to access remote LDAP password servers and whatnot. And if you
|
|
||||||
want hostname resolution to work with glibc, you still need the
|
|
||||||
/lib/libnss_* libraries.
|
|
||||||
|
|
||||||
If you enable this option, it will add about 1.5k to busybox.
|
If you enable this option, it will add about 4.8k to busybox
|
||||||
|
if you are building dynamically linked executable.
|
||||||
|
In static build, it makes executable _smaller_ by about 1.2k.
|
||||||
|
|
||||||
config ADDGROUP
|
config ADDGROUP
|
||||||
bool "addgroup"
|
bool "addgroup"
|
||||||
@ -255,4 +277,3 @@ config VLOCK
|
|||||||
work properly.
|
work properly.
|
||||||
|
|
||||||
endmenu
|
endmenu
|
||||||
|
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user