Specially for Bernhard Fischer introduce USE_BB_CRYPT
which selects between libc/custom crypt routines.
This commit is contained in:
Denis Vlasenko
parent
5703c22a51
commit
b4c5bf615e
@ -1032,6 +1032,9 @@ extern int restricted_shell(const char *shell);
|
||||
extern void setup_environment(const char *shell, int clear_env, int change_env, const struct passwd *pw);
|
||||
extern int correct_password(const struct passwd *pw);
|
||||
/* Returns a malloced string */
|
||||
#if !ENABLE_USE_BB_CRYPT
|
||||
#define pw_encrypt(clear, salt, cleanup) pw_encrypt(clear, salt)
|
||||
#endif
|
||||
extern char *pw_encrypt(const char *clear, const char *salt, int cleanup);
|
||||
extern int obscure(const char *old, const char *newval, const struct passwd *pwdp);
|
||||
/* rnd is additional random input. New one is returned.
|
||||
|
||||
@ -9,6 +9,8 @@
|
||||
|
||||
#include "libbb.h"
|
||||
|
||||
#if ENABLE_USE_BB_CRYPT
|
||||
|
||||
/*
|
||||
* DES and MD5 crypt implementations are taken from uclibc.
|
||||
* They were modified to not use static buffers.
|
||||
@ -69,3 +71,18 @@ char *pw_encrypt(const char *clear, const char *salt, int cleanup)
|
||||
|
||||
return encrypted;
|
||||
}
|
||||
|
||||
#else /* if !ENABLE_USE_BB_CRYPT */
|
||||
|
||||
char *pw_encrypt(const char *clear, const char *salt, int cleanup)
|
||||
{
|
||||
#if 0 /* was CONFIG_FEATURE_SHA1_PASSWORDS, but there is no such thing??? */
|
||||
if (strncmp(salt, "$2$", 3) == 0) {
|
||||
return xstrdup(sha1_crypt(clear));
|
||||
}
|
||||
#endif
|
||||
|
||||
return xstrdup(crypt(clear, salt));
|
||||
}
|
||||
|
||||
#endif
|
||||
|
||||
@ -13,45 +13,67 @@ config FEATURE_SHADOWPASSWDS
|
||||
readable by root and thus the encrypted passwords are no longer
|
||||
publicly readable.
|
||||
|
||||
config USE_BB_PWD_GRP
|
||||
bool "Use internal password and group functions rather than system functions"
|
||||
default n
|
||||
help
|
||||
If you leave this disabled, busybox will use the system's password
|
||||
and group functions. And if you are using the GNU C library
|
||||
(glibc), you will then need to install the /etc/nsswitch.conf
|
||||
configuration file and the required /lib/libnss_* libraries in
|
||||
order for the password and group functions to work. This generally
|
||||
makes your embedded system quite a bit larger.
|
||||
|
||||
Enabling this option will cause busybox to directly access the
|
||||
system's /etc/password, /etc/group files (and your system will be
|
||||
smaller, and I will get fewer emails asking about how glibc NSS
|
||||
works). When this option is enabled, you will not be able to use
|
||||
PAM to access remote LDAP password servers and whatnot. And if you
|
||||
want hostname resolution to work with glibc, you still need the
|
||||
/lib/libnss_* libraries.
|
||||
|
||||
If you need to use glibc's nsswitch.conf mechanism
|
||||
(e.g. if user/group database is NOT stored in /etc/passwd etc),
|
||||
you must NOT use this option.
|
||||
|
||||
If you enable this option, it will add about 1.5k to busybox.
|
||||
|
||||
config USE_BB_SHADOW
|
||||
bool "Use busybox shadow password functions"
|
||||
default y
|
||||
depends on USE_BB_PWD_GRP && FEATURE_SHADOWPASSWDS
|
||||
help
|
||||
If you leave this disabled, busybox will use the system's shadow
|
||||
password handling functions. And if you are using the GNU C library
|
||||
(glibc), you will then need to install the /etc/nsswitch.conf
|
||||
configuration file and the required /lib/libnss_* libraries in
|
||||
order for the shadow password functions to work. This generally
|
||||
makes your embedded system quite a bit larger.
|
||||
If you leave this disabled, busybox will use the system's shadow
|
||||
password handling functions. And if you are using the GNU C library
|
||||
(glibc), you will then need to install the /etc/nsswitch.conf
|
||||
configuration file and the required /lib/libnss_* libraries in
|
||||
order for the shadow password functions to work. This generally
|
||||
makes your embedded system quite a bit larger.
|
||||
|
||||
Enabling this option will cause busybox to directly access the
|
||||
system's /etc/shadow file when handling shadow passwords. This
|
||||
makes your system smaller and I will get fewer emails asking about
|
||||
how glibc NSS works). When this option is enabled, you will not be
|
||||
able to use PAM to access shadow passwords from remote LDAP
|
||||
password servers and whatnot.
|
||||
Enabling this option will cause busybox to directly access the
|
||||
system's /etc/shadow file when handling shadow passwords. This
|
||||
makes your system smaller and I will get fewer emails asking about
|
||||
how glibc NSS works). When this option is enabled, you will not be
|
||||
able to use PAM to access shadow passwords from remote LDAP
|
||||
password servers and whatnot.
|
||||
|
||||
config USE_BB_PWD_GRP
|
||||
bool "Use internal password and group functions rather than system functions"
|
||||
default n
|
||||
config USE_BB_CRYPT
|
||||
bool "Use internal DES and MD5 crypt functions rather than system functions"
|
||||
default y
|
||||
help
|
||||
If you leave this disabled, busybox will use the system's password
|
||||
and group functions. And if you are using the GNU C library
|
||||
(glibc), you will then need to install the /etc/nsswitch.conf
|
||||
configuration file and the required /lib/libnss_* libraries in
|
||||
order for the password and group functions to work. This generally
|
||||
makes your embedded system quite a bit larger.
|
||||
If you leave this disabled, busybox will use the system's password
|
||||
and group functions. Most C libraries use large (~70k)
|
||||
static buffers in these functions, and also combine them
|
||||
with more general DES encryption/decryption routines.
|
||||
For busybox, having large static buffers is undesirable,
|
||||
especially so on NOMMU machines.
|
||||
|
||||
Enabling this option will cause busybox to directly access the
|
||||
system's /etc/password, /etc/group files (and your system will be
|
||||
smaller, and I will get fewer emails asking about how glibc NSS
|
||||
works). When this option is enabled, you will not be able to use
|
||||
PAM to access remote LDAP password servers and whatnot. And if you
|
||||
want hostname resolution to work with glibc, you still need the
|
||||
/lib/libnss_* libraries.
|
||||
These functions produce results which are identical
|
||||
to corresponding C library functions.
|
||||
|
||||
If you enable this option, it will add about 1.5k to busybox.
|
||||
If you enable this option, it will add about 4.8k to busybox
|
||||
if you are building dynamically linked executable.
|
||||
In static build, it makes executable _smaller_ by about 1.2k.
|
||||
|
||||
config ADDGROUP
|
||||
bool "addgroup"
|
||||
@ -255,4 +277,3 @@ config VLOCK
|
||||
work properly.
|
||||
|
||||
endmenu
|
||||
|
||||
|
||||
Loading…
Reference in New Issue
Block a user