diff options
| author | Todd C. Miller <millert@cvs.openbsd.org> | 2003-06-14 23:23:09 +0000 |
|---|---|---|
| committer | Todd C. Miller <millert@cvs.openbsd.org> | 2003-06-14 23:23:09 +0000 |
| commit | f3c4503cb22ba525d6e692ba414deafba065cf9f (patch) | |
| tree | bdbf4f243dfccce9c874ca2aaffd988dfcc9de01 /usr.sbin/adduser | |
| parent | 40628d6099abac8b2a0fcef37be16bd5a61156a8 (diff) | |
Add an "auto" encryption type that calls encrypt(1) with "-c class".
This results in encrypt(1) picking the password cipher based on the
user's login class in /etc/login.conf.
Diffstat (limited to 'usr.sbin/adduser')
| -rw-r--r-- | usr.sbin/adduser/adduser.8 | 9 | ||||
| -rw-r--r-- | usr.sbin/adduser/adduser.perl | 28 |
2 files changed, 22 insertions, 15 deletions
diff --git a/usr.sbin/adduser/adduser.8 b/usr.sbin/adduser/adduser.8 index ca16264e8b7..f364c5ea623 100644 --- a/usr.sbin/adduser/adduser.8 +++ b/usr.sbin/adduser/adduser.8 @@ -1,4 +1,4 @@ -.\" $OpenBSD: adduser.8,v 1.31 2003/06/14 22:45:11 millert Exp $ +.\" $OpenBSD: adduser.8,v 1.32 2003/06/14 23:23:08 millert Exp $ .\" .\" Copyright (c) 1995-1996 Wolfram Schneider <wosch@FreeBSD.org>. Berlin. .\" All rights reserved. @@ -92,7 +92,7 @@ then exit without performing any other operation. .It Fl class Ar login_class Use the specified .Ar login_class -as the default login class. +as the default user login class. See .Xr login.conf 5 for further details. @@ -117,6 +117,11 @@ Encrypt local passwords using .Ar method of encryption as described in .Xr login.conf 5 . +If +.Ar method +is +.Dq auto , +the encryption type will be derived from the user's login class. .It Fl group Ar login_group Specify the default login group. A value of diff --git a/usr.sbin/adduser/adduser.perl b/usr.sbin/adduser/adduser.perl index 9f1d3c81749..5a8ffce855b 100644 --- a/usr.sbin/adduser/adduser.perl +++ b/usr.sbin/adduser/adduser.perl @@ -1,6 +1,6 @@ #!/usr/bin/perl # -# $OpenBSD: adduser.perl,v 1.45 2003/06/10 21:55:02 millert Exp $ +# $OpenBSD: adduser.perl,v 1.46 2003/06/14 23:23:08 millert Exp $ # # Copyright (c) 1995-1996 Wolfram Schneider <wosch@FreeBSD.org>. Berlin. # All rights reserved. @@ -90,15 +90,15 @@ sub variables { $group = "/etc/group"; $etc_login_conf = "/etc/login.conf"; @pwd_mkdb = ("pwd_mkdb", "-p"); # program for building passwd database - $encryptionmethod = "blowfish"; - $rcsid = '$OpenBSD: adduser.perl,v 1.45 2003/06/10 21:55:02 millert Exp $'; + $encryptionmethod = "auto"; + $rcsid = '$OpenBSD: adduser.perl,v 1.46 2003/06/14 23:23:08 millert Exp $'; # List of directories where shells located @path = ('/bin', '/usr/bin', '/usr/local/bin'); # common shells, first element has higher priority @shellpref = ('csh', 'sh', 'bash', 'tcsh', 'ksh'); - @encryption_methods = ('blowfish', 'md5', 'des', 'old'); + @encryption_methods = ('auto', 'blowfish', 'md5', 'des', 'old'); $defaultshell = 'sh'; # defaultshell if not empty $group_uniq = 'USER'; @@ -799,9 +799,9 @@ sub new_users { if (&new_users_ok) { $new_users_ok = 1; - $log_cl = "" if ($log_cl eq "default"); $cryptpwd = "*"; # Locked by default $cryptpwd = encrypt($password, &salt) if ($password ne ""); + $log_cl = "" if ($log_cl eq "default"); # obscure perl bug $new_entry = "$name\:" . "$cryptpwd" . @@ -967,11 +967,11 @@ sub salt { $rand = rand(25*29*17 + $rand); $salt .= $itoa64[$rand & $#itoa64]; } - } elsif ($encryptionmethod eq "md5") { + } elsif ($encryptionmethod eq "md5" || $encryptionmethod eq "auto") { $salt = ""; } elsif ($encryptionmethod =~ /^blowfish/ ) { ($encryptionmethod, $salt) = split(/\,/, $encryptionmethod); - if ($salt eq "") { $salt = 7; } # default rounds inf unspecified + $salt = 7 unless $salt; # default rounds if unspecified } else { warn "$encryptionmethod encryption method invalid\n" if ($verbose > 0); warn "Falling back to blowfish,7...\n" if ($verbose > 0); @@ -987,17 +987,19 @@ sub salt { # Encrypt a password using the selected method sub encrypt { local($pass, $salt) = ($_[0], $_[1]); - local($args, $crypt); + local(@args, $crypt); if ($encryptionmethod eq "des" || $encryptionmethod eq "old") { - $args = "-s $salt"; + @args = ("-s", $salt); } elsif ($encryptionmethod eq "md5") { - $args = "-m"; + @args = ("-m"); } elsif ($encryptionmethod eq "blowfish") { - $args = "-b $salt"; + @args = ("-b", $salt); + } elsif ($encryptionmethod eq "auto") { + @args = ("-c", $log_cl); } - open2(\*ENCRD, \*ENCWR, "/usr/bin/encrypt $args"); + open2(\*ENCRD, \*ENCWR, "/usr/bin/encrypt", @args); print ENCWR "$pass\n"; close ENCWR; $crypt = <ENCRD>; @@ -1524,7 +1526,7 @@ verbose = $verbose defaultpasswd = $defaultpasswd # Default encryption method for user passwords -# Methods are all those listed in passwd.conf(5) +# Methods are all those listed in login.conf(5) encryptionmethod = "$defaultencryption" # copy dotfiles from this dir ("/etc/skel" or "no") |