xref: /OK3568_Linux_fs/buildroot/package/linux-pam/0002-Remove-support-for-legacy-xcrypt.patch (revision 4882a59341e53eb6f0b4789bf948001014eff981) 
1From 530c9f9e2d746e1d168c6b17863debda7664ac7c Mon Sep 17 00:00:00 2001
2From: =?UTF-8?q?Bj=C3=B6rn=20Esser?= <besser82@fedoraproject.org>
3Date: Fri, 28 Feb 2020 15:47:52 +0100
4Subject: [PATCH] Remove support for legacy xcrypt
5
6Since many distributions are shipping a version of libxcrypt >= 4.0.0
7as a replacement for glibc's libcrypt now, older versions of xcrypt,
8which could be installed in parallel, are not relevant anymore.
9
10* configure.ac (AC_CHECK_HEADERS): Remove xcrypt.h.
11(AC_SEARCH_LIBS): Remove xcrypt.
12(AC_CHECK_FUNCS): Remove crypt_gensalt_r.
13(AC_DEFINE): Remove HAVE_LIBXCRYPT.
14* modules/pam_pwhistory/opasswd.c [HAVE_LIBXCRYPT]: Remove.
15* modules/pam_unix/bigcrypt.c [HAVE_LIBXCRYPT]: Likewise.
16* modules/pam_userdb/pam_userdb.c [HAVE_LIBXCRYPT]: Likewise.
17* modules/pam_unix/passverify.c [HAVE_LIBXCRYPT]: Likewise.
18(create_password_hash) [HAVE_LIBXCRYPT]: Likewise.
19
20[Retrieved from:
21https://github.com/linux-pam/linux-pam/commit/530c9f9e2d746e1d168c6b17863debda7664ac7c]
22Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
23---
24 configure.ac                    | 12 +++---------
25 modules/pam_pwhistory/opasswd.c |  4 +---
26 modules/pam_unix/bigcrypt.c     |  4 +---
27 modules/pam_unix/passverify.c   | 24 +++++-------------------
28 modules/pam_userdb/pam_userdb.c |  4 +---
29 5 files changed, 11 insertions(+), 37 deletions(-)
30
31diff --git a/configure.ac b/configure.ac
32index 8e5d0ff7c..100565552 100644
33--- a/configure.ac
34+++ b/configure.ac
35@@ -359,23 +359,17 @@ else
36 fi
37 AC_SUBST(LIBAUDIT)
38
39-AC_CHECK_HEADERS(xcrypt.h crypt.h)
40-AS_IF([test "x$ac_cv_header_xcrypt_h" = "xyes"],
41-  [crypt_libs="xcrypt crypt"],
42-  [crypt_libs="crypt"])
43+AC_CHECK_HEADERS(crypt.h)
44
45 BACKUP_LIBS=$LIBS
46-AC_SEARCH_LIBS([crypt],[$crypt_libs])
47+AC_SEARCH_LIBS([crypt],[crypt])
48 case "$ac_cv_search_crypt" in
49 	-l*) LIBCRYPT="$ac_cv_search_crypt" ;;
50 	*) LIBCRYPT="" ;;
51 esac
52-AC_CHECK_FUNCS(crypt_r crypt_gensalt_r)
53+AC_CHECK_FUNCS([crypt_r])
54 LIBS=$BACKUP_LIBS
55 AC_SUBST(LIBCRYPT)
56-if test "$LIBCRYPT" = "-lxcrypt" && test "$ac_cv_header_xcrypt_h" = "yes" ; then
57-	AC_DEFINE([HAVE_LIBXCRYPT], 1, [Define to 1 if xcrypt support should be compiled in.])
58-fi
59
60 AC_ARG_WITH([randomdev], AS_HELP_STRING([--with-randomdev=(<path>|yes|no)],[use specified random device instead of /dev/urandom or 'no' to disable]), opt_randomdev=$withval)
61 if test "$opt_randomdev" = yes || test -z "$opt_randomdev"; then
62diff --git a/modules/pam_pwhistory/opasswd.c b/modules/pam_pwhistory/opasswd.c
63index 40296d590..a6cd3d2a3 100644
64--- a/modules/pam_pwhistory/opasswd.c
65+++ b/modules/pam_pwhistory/opasswd.c
66@@ -54,9 +54,7 @@
67 #endif
68 #include <sys/stat.h>
69
70-#if defined HAVE_LIBXCRYPT
71-#include <xcrypt.h>
72-#elif defined (HAVE_CRYPT_H)
73+#ifdef HAVE_CRYPT_H
74 #include <crypt.h>
75 #endif
76
77diff --git a/modules/pam_unix/bigcrypt.c b/modules/pam_unix/bigcrypt.c
78index 31be2f7b0..d8d61a4b0 100644
79--- a/modules/pam_unix/bigcrypt.c
80+++ b/modules/pam_unix/bigcrypt.c
81@@ -29,9 +29,7 @@
82 #include <string.h>
83 #include <stdlib.h>
84 #include <security/_pam_macros.h>
85-#ifdef HAVE_LIBXCRYPT
86-#include <xcrypt.h>
87-#elif defined(HAVE_CRYPT_H)
88+#ifdef HAVE_CRYPT_H
89 #include <crypt.h>
90 #endif
91
92diff --git a/modules/pam_unix/passverify.c b/modules/pam_unix/passverify.c
93index 5a19ed856..e833402c1 100644
94--- a/modules/pam_unix/passverify.c
95+++ b/modules/pam_unix/passverify.c
96@@ -19,9 +19,7 @@
97 #include <sys/time.h>
98 #include <sys/stat.h>
99 #include <fcntl.h>
100-#ifdef HAVE_LIBXCRYPT
101-#include <xcrypt.h>
102-#elif defined(HAVE_CRYPT_H)
103+#ifdef HAVE_CRYPT_H
104 #include <crypt.h>
105 #endif
106
107@@ -467,23 +465,11 @@ PAMH_ARG_DECL(char * create_password_hash,
108 	 */
109 	sp = crypt_gensalt_rn(algoid, rounds, NULL, 0, salt, sizeof(salt));
110 #else
111-#ifdef HAVE_CRYPT_GENSALT_R
112-	if (on(UNIX_BLOWFISH_PASS, ctrl)) {
113-		char entropy[17];
114-		crypt_make_salt(entropy, sizeof(entropy) - 1);
115-		sp = crypt_gensalt_r (algoid, rounds,
116-				      entropy, sizeof(entropy),
117-				      salt, sizeof(salt));
118-	} else {
119-#endif
120-		sp = stpcpy(salt, algoid);
121-		if (on(UNIX_ALGO_ROUNDS, ctrl)) {
122-			sp += snprintf(sp, sizeof(salt) - (16 + 1 + (sp - salt)), "rounds=%u$", rounds);
123-		}
124-		crypt_make_salt(sp, 16);
125-#ifdef HAVE_CRYPT_GENSALT_R
126+	sp = stpcpy(salt, algoid);
127+	if (on(UNIX_ALGO_ROUNDS, ctrl)) {
128+		sp += snprintf(sp, sizeof(salt) - (16 + 1 + (sp - salt)), "rounds=%u$", rounds);
129 	}
130-#endif
131+	crypt_make_salt(sp, 16);
132 #endif /* CRYPT_GENSALT_IMPLEMENTS_AUTO_ENTROPY */
133 #ifdef HAVE_CRYPT_R
134 	sp = NULL;
135diff --git a/modules/pam_userdb/pam_userdb.c b/modules/pam_userdb/pam_userdb.c
136index d59801bfd..f467ea4c8 100644
137--- a/modules/pam_userdb/pam_userdb.c
138+++ b/modules/pam_userdb/pam_userdb.c
139@@ -17,9 +17,7 @@
140 #include <sys/stat.h>
141 #include <fcntl.h>
142 #include <errno.h>
143-#ifdef HAVE_LIBXCRYPT
144-#include <xcrypt.h>
145-#elif defined(HAVE_CRYPT_H)
146+#ifdef HAVE_CRYPT_H
147 #include <crypt.h>
148 #endif
149
150