diff options
| author | Björn Esser <besser82@fedoraproject.org> | 2020-02-28 15:47:52 +0100 |
|---|---|---|
| committer | Tomáš Mráz <tm@t8m.info> | 2021-06-14 12:56:49 +0200 |
| commit | 530c9f9e2d746e1d168c6b17863debda7664ac7c (patch) | |
| tree | 80efa21420f836c85e9833f7e24b3bd3233d9d88 | |
| parent | 80bfda5962e5be3daa70e0fc8c75fc97d1c55121 (diff) | |
| download | pam-530c9f9e2d746e1d168c6b17863debda7664ac7c.tar.gz pam-530c9f9e2d746e1d168c6b17863debda7664ac7c.tar.bz2 pam-530c9f9e2d746e1d168c6b17863debda7664ac7c.zip | |
Remove support for legacy xcrypt
Since many distributions are shipping a version of libxcrypt >= 4.0.0
as a replacement for glibc's libcrypt now, older versions of xcrypt,
which could be installed in parallel, are not relevant anymore.
* configure.ac (AC_CHECK_HEADERS): Remove xcrypt.h.
(AC_SEARCH_LIBS): Remove xcrypt.
(AC_CHECK_FUNCS): Remove crypt_gensalt_r.
(AC_DEFINE): Remove HAVE_LIBXCRYPT.
* modules/pam_pwhistory/opasswd.c [HAVE_LIBXCRYPT]: Remove.
* modules/pam_unix/bigcrypt.c [HAVE_LIBXCRYPT]: Likewise.
* modules/pam_userdb/pam_userdb.c [HAVE_LIBXCRYPT]: Likewise.
* modules/pam_unix/passverify.c [HAVE_LIBXCRYPT]: Likewise.
(create_password_hash) [HAVE_LIBXCRYPT]: Likewise.
| -rw-r--r-- | configure.ac | 12 | ||||
| -rw-r--r-- | modules/pam_pwhistory/opasswd.c | 4 | ||||
| -rw-r--r-- | modules/pam_unix/bigcrypt.c | 4 | ||||
| -rw-r--r-- | modules/pam_unix/passverify.c | 24 | ||||
| -rw-r--r-- | modules/pam_userdb/pam_userdb.c | 4 |
5 files changed, 11 insertions, 37 deletions
diff --git a/configure.ac b/configure.ac index 8e5d0ff7..10056555 100644 --- a/configure.ac +++ b/configure.ac @@ -359,23 +359,17 @@ else fi AC_SUBST(LIBAUDIT) -AC_CHECK_HEADERS(xcrypt.h crypt.h) -AS_IF([test "x$ac_cv_header_xcrypt_h" = "xyes"], - [crypt_libs="xcrypt crypt"], - [crypt_libs="crypt"]) +AC_CHECK_HEADERS(crypt.h) BACKUP_LIBS=$LIBS -AC_SEARCH_LIBS([crypt],[$crypt_libs]) +AC_SEARCH_LIBS([crypt],[crypt]) case "$ac_cv_search_crypt" in -l*) LIBCRYPT="$ac_cv_search_crypt" ;; *) LIBCRYPT="" ;; esac -AC_CHECK_FUNCS(crypt_r crypt_gensalt_r) +AC_CHECK_FUNCS([crypt_r]) LIBS=$BACKUP_LIBS AC_SUBST(LIBCRYPT) -if test "$LIBCRYPT" = "-lxcrypt" && test "$ac_cv_header_xcrypt_h" = "yes" ; then - AC_DEFINE([HAVE_LIBXCRYPT], 1, [Define to 1 if xcrypt support should be compiled in.]) -fi AC_ARG_WITH([randomdev], AS_HELP_STRING([--with-randomdev=(<path>|yes|no)],[use specified random device instead of /dev/urandom or 'no' to disable]), opt_randomdev=$withval) if test "$opt_randomdev" = yes || test -z "$opt_randomdev"; then diff --git a/modules/pam_pwhistory/opasswd.c b/modules/pam_pwhistory/opasswd.c index 40296d59..a6cd3d2a 100644 --- a/modules/pam_pwhistory/opasswd.c +++ b/modules/pam_pwhistory/opasswd.c @@ -54,9 +54,7 @@ #endif #include <sys/stat.h> -#if defined HAVE_LIBXCRYPT -#include <xcrypt.h> -#elif defined (HAVE_CRYPT_H) +#ifdef HAVE_CRYPT_H #include <crypt.h> #endif diff --git a/modules/pam_unix/bigcrypt.c b/modules/pam_unix/bigcrypt.c index 31be2f7b..d8d61a4b 100644 --- a/modules/pam_unix/bigcrypt.c +++ b/modules/pam_unix/bigcrypt.c @@ -29,9 +29,7 @@ #include <string.h> #include <stdlib.h> #include <security/_pam_macros.h> -#ifdef HAVE_LIBXCRYPT -#include <xcrypt.h> -#elif defined(HAVE_CRYPT_H) +#ifdef HAVE_CRYPT_H #include <crypt.h> #endif diff --git a/modules/pam_unix/passverify.c b/modules/pam_unix/passverify.c index 5a19ed85..e833402c 100644 --- a/modules/pam_unix/passverify.c +++ b/modules/pam_unix/passverify.c @@ -19,9 +19,7 @@ #include <sys/time.h> #include <sys/stat.h> #include <fcntl.h> -#ifdef HAVE_LIBXCRYPT -#include <xcrypt.h> -#elif defined(HAVE_CRYPT_H) +#ifdef HAVE_CRYPT_H #include <crypt.h> #endif @@ -467,23 +465,11 @@ PAMH_ARG_DECL(char * create_password_hash, */ sp = crypt_gensalt_rn(algoid, rounds, NULL, 0, salt, sizeof(salt)); #else -#ifdef HAVE_CRYPT_GENSALT_R - if (on(UNIX_BLOWFISH_PASS, ctrl)) { - char entropy[17]; - crypt_make_salt(entropy, sizeof(entropy) - 1); - sp = crypt_gensalt_r (algoid, rounds, - entropy, sizeof(entropy), - salt, sizeof(salt)); - } else { -#endif - sp = stpcpy(salt, algoid); - if (on(UNIX_ALGO_ROUNDS, ctrl)) { - sp += snprintf(sp, sizeof(salt) - (16 + 1 + (sp - salt)), "rounds=%u$", rounds); - } - crypt_make_salt(sp, 16); -#ifdef HAVE_CRYPT_GENSALT_R + sp = stpcpy(salt, algoid); + if (on(UNIX_ALGO_ROUNDS, ctrl)) { + sp += snprintf(sp, sizeof(salt) - (16 + 1 + (sp - salt)), "rounds=%u$", rounds); } -#endif + crypt_make_salt(sp, 16); #endif /* CRYPT_GENSALT_IMPLEMENTS_AUTO_ENTROPY */ #ifdef HAVE_CRYPT_R sp = NULL; diff --git a/modules/pam_userdb/pam_userdb.c b/modules/pam_userdb/pam_userdb.c index d59801bf..f467ea4c 100644 --- a/modules/pam_userdb/pam_userdb.c +++ b/modules/pam_userdb/pam_userdb.c @@ -17,9 +17,7 @@ #include <sys/stat.h> #include <fcntl.h> #include <errno.h> -#ifdef HAVE_LIBXCRYPT -#include <xcrypt.h> -#elif defined(HAVE_CRYPT_H) +#ifdef HAVE_CRYPT_H #include <crypt.h> #endif |