From 8d082da1bc993b5b061ae81a9743891328e04ce6 Mon Sep 17 00:00:00 2001
From: Nathan Du <nathandu@outlook.com>
Date: Mon, 27 Nov 2023 22:42:46 +0800
Subject: pam_unix: read yescrypt rounds from login.defs

Retrieves YESCRYPT_COST_FACTOR from /etc/login.defs for yescrypt
in a similar fashion to reading number of rounds for SHA-2.

Resolves #607.

Signed-off-by: Nathan Du <nathandu@outlook.com>
---
 modules/pam_unix/support.c | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/modules/pam_unix/support.c b/modules/pam_unix/support.c
index 31c5ecb6..cfc3003c 100644
--- a/modules/pam_unix/support.c
+++ b/modules/pam_unix/support.c
@@ -99,8 +99,13 @@ unsigned long long _set_ctrl(pam_handle_t *pamh, int flags, int *remember,
 	  free (val);
 
 	  /* read number of rounds for crypt algo */
-	  if (rounds && (on(UNIX_SHA256_PASS, ctrl) || on(UNIX_SHA512_PASS, ctrl))) {
-	    val = pam_modutil_search_key(pamh, LOGIN_DEFS, "SHA_CRYPT_MAX_ROUNDS");
+	  if (rounds) {
+	    val = NULL;
+	    if (on(UNIX_SHA256_PASS, ctrl) || on(UNIX_SHA512_PASS, ctrl)) {
+	      val = pam_modutil_search_key(pamh, LOGIN_DEFS, "SHA_CRYPT_MAX_ROUNDS");
+	    } else if (on(UNIX_YESCRYPT_PASS, ctrl)) {
+	      val = pam_modutil_search_key(pamh, LOGIN_DEFS, "YESCRYPT_COST_FACTOR");
+	    }
 
 	    if (val) {
 	      *rounds = strtol(val, NULL, 10);
-- 
cgit v1.2.3