* configure.in: New configure option: --with-sha-crypt enabled by

default. Keeping the feature enabled is safe. Disabling it permits to disable the references to the SHA256 and SHA512 password encryption algorithms from the usage help and manuals (in addition to the support for these algorithms in the code). * libmisc/obscure.c, libmisc/salt.c, src/newusers.c, src/chpasswd.c, src/chgpasswd.c, src/passwd.c: ENCRYPT_METHOD is always supported in login.defs. Remove the ENCRYPTMETHOD_SELECT preprocessor condition. * libmisc/obscure.c, libmisc/salt.c, src/newusers.c, src/chpasswd.c, src/chgpasswd.c, src/passwd.c: Disable SHA256 and SHA512 if USE_SHA_CRYPT is not defined (this corresponds to a subset of the ENCRYPTMETHOD_SELECT sections).
2007-11-24 13:08:08 +00:00
parent ee5c48d51c
commit 4d606cc690
8 changed files with 54 additions and 37 deletions
--- a/libmisc/salt.c
+++ b/libmisc/salt.c
@ -58,7 +58,7 @@ char *l64a(long value)
 */
 #define MAGNUM(array,ch)	(array)[0]=(array)[2]='$',(array)[1]=(ch),(array)[3]='\0'

-#ifdef ENCRYPTMETHOD_SELECT
+#ifdef USE_SHA_CRYPT
 /*
 * Return the salt size.
 * The size of the salt string is between 8 and 16 bytes for the SHA crypt
@ -187,15 +187,13 @@ char *crypt_make_salt (char *meth, void *arg)
 	if (NULL != meth)
 		method = meth;
 	else {
-#ifdef ENCRYPTMETHOD_SELECT
 	if ((method = getdef_str ("ENCRYPT_METHOD")) == NULL)
-#endif
 		method = getdef_bool ("MD5_CRYPT_ENAB") ? "MD5" : "DES";
 	}

 	if (!strcmp (method, "MD5")) {
 		MAGNUM(result, '1');
-#ifdef ENCRYPTMETHOD_SELECT
+#ifdef USE_SHA_CRYPT
 	} else if (!strcmp (method, "SHA256")) {
 		MAGNUM(result, '5');
 		strcat(result, SHA_salt_rounds((int *)arg));