From 2e782e3d7d367743d944f259735d113ee42aeff7 Mon Sep 17 00:00:00 2001 From: nekral-guest Date: Sat, 24 Nov 2007 00:16:41 +0000 Subject: [PATCH] * libmisc/salt.c: Make sure method is not NULL, defaulting to DES. Thanks to Dan Kopecek . * src/chpasswd.c, src/chgpasswd.c: Do not use DES by default, but the system default define in /Etc/login.defs. Thanks to Dan Kopecek . * NEWS, man/chpasswd.8.xml, man/chgpasswd.8.xml: Do not mention DES as the default algorithm. * src/chpasswd.c, src/chgpasswd.c: Tag the ENCRYPTMETHOD_SELECT dependent code accordingly. --- ChangeLog | 8 +++++++- NEWS | 2 ++ man/chgpasswd.8.xml | 4 ++-- man/chpasswd.8.xml | 6 +++--- src/chgpasswd.c | 17 +++++++++++++---- src/chpasswd.c | 17 +++++++++++++---- 6 files changed, 40 insertions(+), 14 deletions(-) diff --git a/ChangeLog b/ChangeLog index e8c1ca31..7bdbc80d 100644 --- a/ChangeLog +++ b/ChangeLog @@ -2,7 +2,13 @@ * libmisc/salt.c: Make sure method is not NULL, defaulting to DES. Thanks to Dan Kopecek . - + * src/chpasswd.c, src/chgpasswd.c: Do not use DES by default, but + the system default define in /Etc/login.defs. Thanks to Dan + Kopecek . + * NEWS, man/chpasswd.8.xml, man/chgpasswd.8.xml: Do not mention + DES as the default algorithm. + * src/chpasswd.c, src/chgpasswd.c: Tag the ENCRYPTMETHOD_SELECT + dependent code accordingly. 2007-11-23 Nicolas François diff --git a/NEWS b/NEWS index 5c9988f4..1e697093 100644 --- a/NEWS +++ b/NEWS @@ -55,6 +55,8 @@ shadow-4.0.18.1 -> shadow-4.0.18.2 UNRELEASED passwords. - chpaswd, chgpasswd, newusers: New options -c/--crypt-method and -s/--sha-rounds to supersede the system default encryption algorithm. +- chpaswd, chgpasswd, newusers: DES is no more the default algorithm. They + will respect the system default configured in /etc/login.defs *** documentation: - Generate the translated manpages from PO at build time. diff --git a/man/chgpasswd.8.xml b/man/chgpasswd.8.xml index 2f5a90a5..baa76739 100644 --- a/man/chgpasswd.8.xml +++ b/man/chgpasswd.8.xml @@ -32,8 +32,8 @@ remap='I'>password - By default the supplied password must be in clear-text. Default - encryption algorithm is DES. + By default the supplied password must be in clear-text, and is + encrypted by chgpasswd. The default encryption algorithm can be defined for the system with diff --git a/man/chpasswd.8.xml b/man/chpasswd.8.xml index 59473135..b0f7124b 100644 --- a/man/chpasswd.8.xml +++ b/man/chpasswd.8.xml @@ -32,9 +32,9 @@ remap='I'>password - By default the supplied password must be in clear-text. Default - encryption algorithm is DES. Also the password age will be updated, if - present. + By default the supplied password must be in clear-text, and is + encrypted by chpasswd. + Also the password age will be updated, if present. The default encryption algorithm can be defined for the system with diff --git a/src/chgpasswd.c b/src/chgpasswd.c index c1a1ecf8..6a829df5 100644 --- a/src/chgpasswd.c +++ b/src/chgpasswd.c @@ -76,8 +76,7 @@ static void usage (void) " -c, --crypt-method the crypt method (one of %s)\n" " -e, --encrypted supplied passwords are encrypted\n" " -h, --help display this help message and exit\n" - " -m, --md5 use MD5 encryption instead of DES when the supplied\n" - " passwords are not encrypted\n" + " -m, --md5 encrypt the clear text password using the MD5 algorithm\n" "%s" "\n"), Prog, @@ -128,12 +127,20 @@ int main (int argc, char **argv) {"encrypted", no_argument, NULL, 'e'}, {"help", no_argument, NULL, 'h'}, {"md5", no_argument, NULL, 'm'}, +#ifdef ENCRYPTMETHOD_SELECT {"sha-rounds", required_argument, NULL, 's'}, +#endif {NULL, 0, NULL, '\0'} }; while ((c = - getopt_long (argc, argv, "c:ehms:", long_options, + getopt_long (argc, argv, +#ifdef ENCRYPTMETHOD_SELECT + "c:ehms:", +#else + "c:ehm", +#endif + long_options, &option_index)) != -1) { switch (c) { case 'c': @@ -149,6 +156,7 @@ int main (int argc, char **argv) case 'm': md5flg = 1; break; +#ifdef ENCRYPTMETHOD_SELECT case 's': sflg = 1; if (!getlong(optarg, &sha_rounds)) { @@ -158,6 +166,7 @@ int main (int argc, char **argv) usage (); } break; +#endif case 0: /* long option */ break; @@ -312,7 +321,7 @@ int main (int argc, char **argv) if (sflg) arg = &sha_rounds; } else - crypt_method = "DES"; + crypt_method = NULL; cp = pw_encrypt (newpwd, crypt_make_salt(crypt_method, arg)); } diff --git a/src/chpasswd.c b/src/chpasswd.c index 8a22e499..78d4919f 100644 --- a/src/chpasswd.c +++ b/src/chpasswd.c @@ -73,8 +73,7 @@ static void usage (void) " -c, --crypt-method the crypt method (one of %s)\n" " -e, --encrypted supplied passwords are encrypted\n" " -h, --help display this help message and exit\n" - " -m, --md5 use MD5 encryption instead of DES when the supplied\n" - " passwords are not encrypted\n" + " -m, --md5 encrypt the clear text password using the MD5 algorithm\n" "%s" "\n"), Prog, @@ -124,12 +123,20 @@ int main (int argc, char **argv) {"encrypted", no_argument, NULL, 'e'}, {"help", no_argument, NULL, 'h'}, {"md5", no_argument, NULL, 'm'}, +#ifdef ENCRYPTMETHOD_SELECT {"sha-rounds", required_argument, NULL, 's'}, +#endif {NULL, 0, NULL, '\0'} }; while ((c = - getopt_long (argc, argv, "c:ehms:", long_options, + getopt_long (argc, argv, +#ifdef ENCRYPTMETHOD_SELECT + "c:ehms:", +#else + "c:ehm", +#endif + long_options, &option_index)) != -1) { switch (c) { case 'c': @@ -145,6 +152,7 @@ int main (int argc, char **argv) case 'm': md5flg = 1; break; +#ifdef ENCRYPTMETHOD_SELECT case 's': sflg = 1; if (!getlong(optarg, &sha_rounds)) { @@ -154,6 +162,7 @@ int main (int argc, char **argv) usage (); } break; +#endif case 0: /* long option */ break; @@ -310,7 +319,7 @@ int main (int argc, char **argv) if (sflg) arg = &sha_rounds; } else - crypt_method = "DES"; + crypt_method = NULL; cp = pw_encrypt (newpwd, crypt_make_salt(crypt_method, arg)); } -- 2.40.0