[Pkg-shadow-commits] r1449 - in upstream/trunk: . src

Fri Nov 23 20:24:42 UTC 2007

Author: nekral-guest
Date: 2007-11-23 20:24:42 +0000 (Fri, 23 Nov 2007)
New Revision: 1449

Modified:
   upstream/trunk/ChangeLog
   upstream/trunk/NEWS
   upstream/trunk/src/newusers.c
Log:
News options -c/--crypt-method -s/--sha-rounds to newusers.
Document also new login.defs variables.


Modified: upstream/trunk/ChangeLog
===================================================================

--- upstream/trunk/ChangeLog	2007-11-23 20:11:00 UTC (rev 1448)
+++ upstream/trunk/ChangeLog	2007-11-23 20:24:42 UTC (rev 1449)
@@ -1,5 +1,10 @@
 2007-11-23  Nicolas François  <nicolas.francois at centraliens.net>
 
+	* NEWS, src/newusers.c: New options -c/--crypt-method
+	-s/--sha-rounds.
+
+2007-11-23  Nicolas François  <nicolas.francois at centraliens.net>
+
 	* src/chpasswd.c: Added crypt method: NONE.
 	* src/chpasswd.c: Added --sha-rounds to the usage().
 	* libmisc/Makefile.am, libmisc/getlong.c, src/chgpasswd.c,

Modified: upstream/trunk/NEWS
===================================================================
--- upstream/trunk/NEWS	2007-11-23 20:11:00 UTC (rev 1448)
+++ upstream/trunk/NEWS	2007-11-23 20:24:42 UTC (rev 1449)
@@ -50,6 +50,11 @@
   better support for split groups. Be careful when using this variable:
   not all tools support well split groups (in or out of the shadow
   tool suite). It fixes gpasswd and chgpasswd when split groups are used.
+- Use MD5_CRYPT_ENAB, ENCRYPT_METHOD, SHA_CRYPT_MIN_ROUNDS, and
+  SHA_CRYPT_MAX_ROUNDS to define the default encryption algorithm for the
+  passwords.
+- chpaswd, chgpasswd, newusers: New options -c/--crypt-method and
+  -s/--sha-rounds to supersede the system default encryption algorithm.
 
 *** documentation:
 - Generate the translated manpages from PO at build time.

Modified: upstream/trunk/src/newusers.c
===================================================================
--- upstream/trunk/src/newusers.c	2007-11-23 20:11:00 UTC (rev 1448)
+++ upstream/trunk/src/newusers.c	2007-11-23 20:24:42 UTC (rev 1449)
@@ -43,6 +43,7 @@
 #include <pwd.h>
 #include <grp.h>
 #include <fcntl.h>
+#include <getopt.h>
 #ifdef USE_PAM
 #include "pam_defs.h"
 #endif				/* USE_PAM */
@@ -57,7 +58,12 @@
  * Global variables
  */
 static char *Prog;
+static int cflg = 0;
+static int sflg = 0;
 
+static char *crypt_method = NULL;
+static long sha_rounds = 5000;
+
 static int is_shadow;
 
 /* local function prototypes */
@@ -72,7 +78,19 @@
  */
 static void usage (void)
 {
-	fprintf (stderr, _("Usage: %s [input]\n"), Prog);
+	fprintf (stderr, _("Usage: %s [options] [input]\n"
+	                   "\n"
+			   "  -c, --crypt-method	the crypt method (one of %s)\n"
+			   "%s"
+			   "\n"),
+			 Prog,
+#ifndef ENCRYPTMETHOD_SELECT
+			 "NONE DES MD5", ""
+#else
+			 "NONE DES MD5 SHA256 SHA512",
+			 _("  -s, --sha-rounds		number of SHA rounds for the SHA* crypt algorithms\n")
+#endif
+			 );
 	exit (1);
 }
 
@@ -216,7 +234,19 @@
 
 static void update_passwd (struct passwd *pwd, const char *passwd)
 {
-	pwd->pw_passwd = pw_encrypt (passwd, crypt_make_salt (NULL, NULL));
+	void *arg = NULL;
+	if (crypt_method != NULL) {
+		if (sflg)
+			arg = &sha_rounds;
+	}
+
+	if (crypt_method != NULL && 0 == strcmp(crypt_method, "NONE")) {
+		pwd->pw_passwd = (char *)passwd;
+	} else {
+		pwd->pw_passwd = pw_encrypt (passwd,
+		                             crypt_make_salt (crypt_method,
+		                                              arg));
+	}
 }
 
 /*
@@ -301,9 +331,78 @@
 	bindtextdomain (PACKAGE, LOCALEDIR);
 	textdomain (PACKAGE);
 
-	if (argc > 1 && argv[1][0] == '-')
+	{
+		int option_index = 0;
+		int c;
+		static struct option long_options[] = {
+			{"crypt-method", required_argument, NULL, 'c'},
+			{"help", no_argument, NULL, 'h'},
+			{"sha-rounds", required_argument, NULL, 's'},
+			{NULL, 0, NULL, '\0'}
+		};
+
+		while ((c =
+			getopt_long (argc, argv, "c:hs:", long_options,
+			             &option_index)) != -1) {
+			switch (c) {
+			case 'c':
+				cflg = 1;
+				crypt_method = optarg;
+				break;
+			case 'h':
+				usage ();
+				break;
+			case 's':
+				sflg = 1;
+				if (!getlong(optarg, &sha_rounds)) {
+					fprintf (stderr,
+					         _("%s: invalid numeric argument '%s'\n"),
+					         Prog, optarg);
+					usage ();
+				}
+				break;
+			case 0:
+				/* long option */
+				break;
+			default:
+				usage ();
+				break;
+			}
+		}
+	}
+
+	/* validate options */
+	if (sflg && !cflg) {
+		fprintf (stderr,
+		         _("%s: %s flag is ONLY allowed with the %s flag\n"),
+		         Prog, "-s", "-c");
 		usage ();
+	}
+	if (cflg) {
+		if (0 != strcmp (crypt_method, "DES") &&
+		    0 != strcmp (crypt_method, "MD5") &&
+		    0 != strcmp (crypt_method, "NONE") &&
+#ifdef ENCRYPTMETHOD_SELECT
+		    0 != strcmp (crypt_method, "SHA256") &&
+		    0 != strcmp (crypt_method, "SHA512")
+#endif
+		    ) {
+			fprintf (stderr,
+			         _("%s: unsupported crypt method: %s\n"),
+			         Prog, crypt_method);
+			usage ();
+		}
+	}
 
+	if (argv[optind] != NULL) {
+		if (!freopen (argv[optind], "r", stdin)) {
+			snprintf (buf, sizeof buf, "%s: %s", Prog, argv[1]);
+			perror (buf);
+			exit (1);
+		}
+	}
+
+
 #ifdef USE_PAM
 	retval = PAM_SUCCESS;
 
@@ -340,14 +439,6 @@
 	}
 #endif				/* USE_PAM */
 
-	if (argc == 2) {
-		if (!freopen (argv[1], "r", stdin)) {
-			snprintf (buf, sizeof buf, "%s: %s", Prog, argv[1]);
-			perror (buf);
-			exit (1);
-		}
-	}
-
 	/*
 	 * Lock the password files and open them for update. This will bring
 	 * all of the entries into memory where they may be searched for an


