Specially for Bernhard Fischer introduce USE_BB_CRYPT

which selects between libc/custom crypt routines.
This commit is contained in:
Denis Vlasenko 2008-06-15 18:35:34 +00:00
parent 5703c22a51
commit b4c5bf615e
3 changed files with 71 additions and 30 deletions

View File

@ -1032,6 +1032,9 @@ extern int restricted_shell(const char *shell);
extern void setup_environment(const char *shell, int clear_env, int change_env, const struct passwd *pw);
extern int correct_password(const struct passwd *pw);
/* Returns a malloced string */
#if !ENABLE_USE_BB_CRYPT
#define pw_encrypt(clear, salt, cleanup) pw_encrypt(clear, salt)
#endif
extern char *pw_encrypt(const char *clear, const char *salt, int cleanup);
extern int obscure(const char *old, const char *newval, const struct passwd *pwdp);
/* rnd is additional random input. New one is returned.

View File

@ -9,6 +9,8 @@
#include "libbb.h"
#if ENABLE_USE_BB_CRYPT
/*
* DES and MD5 crypt implementations are taken from uclibc.
* They were modified to not use static buffers.
@ -69,3 +71,18 @@ char *pw_encrypt(const char *clear, const char *salt, int cleanup)
return encrypted;
}
#else /* if !ENABLE_USE_BB_CRYPT */
char *pw_encrypt(const char *clear, const char *salt, int cleanup)
{
#if 0 /* was CONFIG_FEATURE_SHA1_PASSWORDS, but there is no such thing??? */
if (strncmp(salt, "$2$", 3) == 0) {
return xstrdup(sha1_crypt(clear));
}
#endif
return xstrdup(crypt(clear, salt));
}
#endif

View File

@ -13,45 +13,67 @@ config FEATURE_SHADOWPASSWDS
readable by root and thus the encrypted passwords are no longer
publicly readable.
config USE_BB_PWD_GRP
bool "Use internal password and group functions rather than system functions"
default n
help
If you leave this disabled, busybox will use the system's password
and group functions. And if you are using the GNU C library
(glibc), you will then need to install the /etc/nsswitch.conf
configuration file and the required /lib/libnss_* libraries in
order for the password and group functions to work. This generally
makes your embedded system quite a bit larger.
Enabling this option will cause busybox to directly access the
system's /etc/password, /etc/group files (and your system will be
smaller, and I will get fewer emails asking about how glibc NSS
works). When this option is enabled, you will not be able to use
PAM to access remote LDAP password servers and whatnot. And if you
want hostname resolution to work with glibc, you still need the
/lib/libnss_* libraries.
If you need to use glibc's nsswitch.conf mechanism
(e.g. if user/group database is NOT stored in /etc/passwd etc),
you must NOT use this option.
If you enable this option, it will add about 1.5k to busybox.
config USE_BB_SHADOW
bool "Use busybox shadow password functions"
default y
depends on USE_BB_PWD_GRP && FEATURE_SHADOWPASSWDS
help
If you leave this disabled, busybox will use the system's shadow
password handling functions. And if you are using the GNU C library
(glibc), you will then need to install the /etc/nsswitch.conf
configuration file and the required /lib/libnss_* libraries in
order for the shadow password functions to work. This generally
makes your embedded system quite a bit larger.
If you leave this disabled, busybox will use the system's shadow
password handling functions. And if you are using the GNU C library
(glibc), you will then need to install the /etc/nsswitch.conf
configuration file and the required /lib/libnss_* libraries in
order for the shadow password functions to work. This generally
makes your embedded system quite a bit larger.
Enabling this option will cause busybox to directly access the
system's /etc/shadow file when handling shadow passwords. This
makes your system smaller and I will get fewer emails asking about
how glibc NSS works). When this option is enabled, you will not be
able to use PAM to access shadow passwords from remote LDAP
password servers and whatnot.
Enabling this option will cause busybox to directly access the
system's /etc/shadow file when handling shadow passwords. This
makes your system smaller and I will get fewer emails asking about
how glibc NSS works). When this option is enabled, you will not be
able to use PAM to access shadow passwords from remote LDAP
password servers and whatnot.
config USE_BB_PWD_GRP
bool "Use internal password and group functions rather than system functions"
default n
config USE_BB_CRYPT
bool "Use internal DES and MD5 crypt functions rather than system functions"
default y
help
If you leave this disabled, busybox will use the system's password
and group functions. And if you are using the GNU C library
(glibc), you will then need to install the /etc/nsswitch.conf
configuration file and the required /lib/libnss_* libraries in
order for the password and group functions to work. This generally
makes your embedded system quite a bit larger.
If you leave this disabled, busybox will use the system's password
and group functions. Most C libraries use large (~70k)
static buffers in these functions, and also combine them
with more general DES encryption/decryption routines.
For busybox, having large static buffers is undesirable,
especially so on NOMMU machines.
Enabling this option will cause busybox to directly access the
system's /etc/password, /etc/group files (and your system will be
smaller, and I will get fewer emails asking about how glibc NSS
works). When this option is enabled, you will not be able to use
PAM to access remote LDAP password servers and whatnot. And if you
want hostname resolution to work with glibc, you still need the
/lib/libnss_* libraries.
These functions produce results which are identical
to corresponding C library functions.
If you enable this option, it will add about 1.5k to busybox.
If you enable this option, it will add about 4.8k to busybox
if you are building dynamically linked executable.
In static build, it makes executable _smaller_ by about 1.2k.
config ADDGROUP
bool "addgroup"
@ -255,4 +277,3 @@ config VLOCK
work properly.
endmenu