[PATCH] Fix libxcrypt support
Jozsef Kadlecsik
kadlec at blackhole.kfki.hu
Fri Sep 5 12:01:57 UTC 2008
Hello,
In Linux-PAM-1.0.2 libxcrypt the preferred crypto library. However, the
source files include 'crypt.h' instead of 'xcrypt.h'. In consequence,
crypt from libcrypt is used and blowfish, sha256, sha512 support is lost
if the system uses glibc < 2.7.
I also noticed that blowfish is not supported as encryption algorythm for
new passwords in Linux-PAM. Is there any specific reason for that? Patch
to add full blowfish support were welcomed? ;-)
diff -ru Linux-PAM-1.0.2-orig/configure.in Linux-PAM-1.0.2-xcrypt/configure.in
--- Linux-PAM-1.0.2-orig/configure.in 2008-08-29 10:13:38.000000000 +0200
+++ Linux-PAM-1.0.2-xcrypt/configure.in 2008-09-05 12:54:30.000000000 +0200
@@ -430,7 +430,7 @@
AC_HEADER_SYS_WAIT
AC_CHECK_HEADERS(fcntl.h limits.h malloc.h sys/file.h sys/ioctl.h sys/time.h syslog.h net/if.h termio.h unistd.h sys/fsuid.h inittypes.h)
-AC_CHECK_HEADERS(crypt.h)
+AC_CHECK_HEADERS(xcrypt.h crypt.h)
dnl For module/pam_lastlog
AC_CHECK_HEADERS(lastlog.h utmp.h utmpx.h)
diff -ru Linux-PAM-1.0.2-orig/modules/pam_cracklib/pam_cracklib.c Linux-PAM-1.0.2-xcrypt/modules/pam_cracklib/pam_cracklib.c
--- Linux-PAM-1.0.2-orig/modules/pam_cracklib/pam_cracklib.c 2008-03-05 21:21:38.000000000 +0100
+++ Linux-PAM-1.0.2-xcrypt/modules/pam_cracklib/pam_cracklib.c 2008-09-05 13:00:29.000000000 +0200
@@ -37,7 +37,9 @@
#include "config.h"
#include <stdio.h>
-#ifdef HAVE_CRYPT_H
+#ifdef HAVE_XCRYPT_H
+# include <xcrypt.h>
+#elif defined(HAVE_CRYPT_H)
# include <crypt.h>
#endif
#include <unistd.h>
diff -ru Linux-PAM-1.0.2-orig/modules/pam_unix/bigcrypt.c Linux-PAM-1.0.2-xcrypt/modules/pam_unix/bigcrypt.c
--- Linux-PAM-1.0.2-orig/modules/pam_unix/bigcrypt.c 2008-01-24 17:42:59.000000000 +0100
+++ Linux-PAM-1.0.2-xcrypt/modules/pam_unix/bigcrypt.c 2008-09-05 12:59:02.000000000 +0200
@@ -29,7 +29,9 @@
#include <string.h>
#include <stdlib.h>
#include <security/_pam_macros.h>
-#ifdef HAVE_CRYPT_H
+#ifdef HAVE_XCRYPT_H
+#include <xcrypt.h>
+#elif defined(HAVE_CRYPT_H)
#include <crypt.h>
#endif
diff -ru Linux-PAM-1.0.2-orig/modules/pam_unix/passverify.c Linux-PAM-1.0.2-xcrypt/modules/pam_unix/passverify.c
--- Linux-PAM-1.0.2-orig/modules/pam_unix/passverify.c 2008-01-28 14:20:29.000000000 +0100
+++ Linux-PAM-1.0.2-xcrypt/modules/pam_unix/passverify.c 2008-09-05 12:59:40.000000000 +0200
@@ -19,7 +19,9 @@
#include <sys/time.h>
#include <sys/stat.h>
#include <fcntl.h>
-#ifdef HAVE_CRYPT_H
+#ifdef HAVE_XCRYPT_H
+#include <xcrypt.h>
+#elif defined(HAVE_CRYPT_H)
#include <crypt.h>
#endif
diff -ru Linux-PAM-1.0.2-orig/modules/pam_userdb/pam_userdb.c Linux-PAM-1.0.2-xcrypt/modules/pam_userdb/pam_userdb.c
--- Linux-PAM-1.0.2-orig/modules/pam_userdb/pam_userdb.c 2006-06-17 18:44:58.000000000 +0200
+++ Linux-PAM-1.0.2-xcrypt/modules/pam_userdb/pam_userdb.c 2008-09-05 12:58:11.000000000 +0200
@@ -17,7 +17,9 @@
#include <sys/stat.h>
#include <fcntl.h>
#include <errno.h>
-#ifdef HAVE_CRYPT_H
+#ifdef HAVE_XCRYPT_H
+#include <xcrypt.h>
+#elif defined(HAVE_CRYPT_H)
#include <crypt.h>
#endif
Best regards,
Jozsef
-
E-mail : kadlec at blackhole.kfki.hu, kadlec at mail.kfki.hu
PGP key : http://www.kfki.hu/~kadlec/pgp_public_key.txt
Address : KFKI Research Institute for Particle and Nuclear Physics
H-1525 Budapest 114, POB. 49, Hungary
More information about the Pam-list
mailing list