diff options
| author | Björn Esser <besser82@fedoraproject.org> | 2018-11-15 16:38:05 +0100 |
|---|---|---|
| committer | Tomáš Mráz <t8m@users.noreply.github.com> | 2018-11-23 15:39:24 +0100 |
| commit | 16bd523f85ede9fa9115f80e826f2d803d7e61d4 (patch) | |
| tree | 66ebe2f6abb103f8937c69b03fa7c797dbb1cf4f /modules/pam_unix/passverify.c | |
| parent | b8ba9fafae478ae96529d61e2ce163b338f9b29b (diff) | |
| download | pam-16bd523f85ede9fa9115f80e826f2d803d7e61d4.tar.gz pam-16bd523f85ede9fa9115f80e826f2d803d7e61d4.tar.bz2 pam-16bd523f85ede9fa9115f80e826f2d803d7e61d4.zip | |
pam_unix: Add support for (gost-)yescrypt hashing methods.
libxcrypt (v4.2 and later) has added support for the yescrypt
hashing method; gost-yescrypt has been added in v4.3.
* modules/pam_unix/pam_unix.8.xml: Documentation for (gost-)yescrypt.
* modules/pam_unix/pam_unix_acct.c: Use 64 bit type for control flags.
* modules/pam_unix/pam_unix_auth.c: Likewise.
* modules/pam_unix/pam_unix_passwd.c: Likewise.
* modules/pam_unix/pam_unix_sess.c: Likewise.
* modules/pam_unix/passverify.c: Add support for (gost-)yescrypt.
* modules/pam_unix/passverify.h: Use 64 bit type for control flags.
* modules/pam_unix/support.c: Set sane rounds for (gost-)yescrypt.
* modules/pam_unix/support.h: Add support for (gost-)yescrypt.
Diffstat (limited to 'modules/pam_unix/passverify.c')
| -rw-r--r-- | modules/pam_unix/passverify.c | 8 |
1 files changed, 7 insertions, 1 deletions
diff --git a/modules/pam_unix/passverify.c b/modules/pam_unix/passverify.c index 95dfe528..39e2bfac 100644 --- a/modules/pam_unix/passverify.c +++ b/modules/pam_unix/passverify.c @@ -387,7 +387,7 @@ crypt_md5_wrapper(const char *pass_new) } PAMH_ARG_DECL(char * create_password_hash, - const char *password, unsigned int ctrl, int rounds) + const char *password, unsigned long long ctrl, int rounds) { const char *algoid; #if defined(CRYPT_GENSALT_OUTPUT_SIZE) && CRYPT_GENSALT_OUTPUT_SIZE > 64 @@ -404,6 +404,10 @@ PAMH_ARG_DECL(char * create_password_hash, if (on(UNIX_MD5_PASS, ctrl)) { /* algoid = "$1" */ return crypt_md5_wrapper(password); + } else if (on(UNIX_YESCRYPT_PASS, ctrl)) { + algoid = "$y$"; + } else if (on(UNIX_GOST_YESCRYPT_PASS, ctrl)) { + algoid = "$gy$"; } else if (on(UNIX_BLOWFISH_PASS, ctrl)) { algoid = "$2b$"; } else if (on(UNIX_SHA256_PASS, ctrl)) { @@ -466,6 +470,8 @@ PAMH_ARG_DECL(char * create_password_hash, pam_syslog(pamh, LOG_ERR, "Algo %s not supported by the crypto backend, " "falling back to MD5\n", + on(UNIX_YESCRYPT_PASS, ctrl) ? "yescrypt" : + on(UNIX_GOST_YESCRYPT_PASS, ctrl) ? "gost_yescrypt" : on(UNIX_BLOWFISH_PASS, ctrl) ? "blowfish" : on(UNIX_SHA256_PASS, ctrl) ? "sha256" : on(UNIX_SHA512_PASS, ctrl) ? "sha512" : algoid); |