1*4882a593SmuzhiyunFrom 530c9f9e2d746e1d168c6b17863debda7664ac7c Mon Sep 17 00:00:00 2001 2*4882a593SmuzhiyunFrom: =?UTF-8?q?Bj=C3=B6rn=20Esser?= <besser82@fedoraproject.org> 3*4882a593SmuzhiyunDate: Fri, 28 Feb 2020 15:47:52 +0100 4*4882a593SmuzhiyunSubject: [PATCH] Remove support for legacy xcrypt 5*4882a593Smuzhiyun 6*4882a593SmuzhiyunSince many distributions are shipping a version of libxcrypt >= 4.0.0 7*4882a593Smuzhiyunas a replacement for glibc's libcrypt now, older versions of xcrypt, 8*4882a593Smuzhiyunwhich could be installed in parallel, are not relevant anymore. 9*4882a593Smuzhiyun 10*4882a593Smuzhiyun* configure.ac (AC_CHECK_HEADERS): Remove xcrypt.h. 11*4882a593Smuzhiyun(AC_SEARCH_LIBS): Remove xcrypt. 12*4882a593Smuzhiyun(AC_CHECK_FUNCS): Remove crypt_gensalt_r. 13*4882a593Smuzhiyun(AC_DEFINE): Remove HAVE_LIBXCRYPT. 14*4882a593Smuzhiyun* modules/pam_pwhistory/opasswd.c [HAVE_LIBXCRYPT]: Remove. 15*4882a593Smuzhiyun* modules/pam_unix/bigcrypt.c [HAVE_LIBXCRYPT]: Likewise. 16*4882a593Smuzhiyun* modules/pam_userdb/pam_userdb.c [HAVE_LIBXCRYPT]: Likewise. 17*4882a593Smuzhiyun* modules/pam_unix/passverify.c [HAVE_LIBXCRYPT]: Likewise. 18*4882a593Smuzhiyun(create_password_hash) [HAVE_LIBXCRYPT]: Likewise. 19*4882a593Smuzhiyun 20*4882a593Smuzhiyun[Retrieved from: 21*4882a593Smuzhiyunhttps://github.com/linux-pam/linux-pam/commit/530c9f9e2d746e1d168c6b17863debda7664ac7c] 22*4882a593SmuzhiyunSigned-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com> 23*4882a593Smuzhiyun--- 24*4882a593Smuzhiyun configure.ac | 12 +++--------- 25*4882a593Smuzhiyun modules/pam_pwhistory/opasswd.c | 4 +--- 26*4882a593Smuzhiyun modules/pam_unix/bigcrypt.c | 4 +--- 27*4882a593Smuzhiyun modules/pam_unix/passverify.c | 24 +++++------------------- 28*4882a593Smuzhiyun modules/pam_userdb/pam_userdb.c | 4 +--- 29*4882a593Smuzhiyun 5 files changed, 11 insertions(+), 37 deletions(-) 30*4882a593Smuzhiyun 31*4882a593Smuzhiyundiff --git a/configure.ac b/configure.ac 32*4882a593Smuzhiyunindex 8e5d0ff7c..100565552 100644 33*4882a593Smuzhiyun--- a/configure.ac 34*4882a593Smuzhiyun+++ b/configure.ac 35*4882a593Smuzhiyun@@ -359,23 +359,17 @@ else 36*4882a593Smuzhiyun fi 37*4882a593Smuzhiyun AC_SUBST(LIBAUDIT) 38*4882a593Smuzhiyun 39*4882a593Smuzhiyun-AC_CHECK_HEADERS(xcrypt.h crypt.h) 40*4882a593Smuzhiyun-AS_IF([test "x$ac_cv_header_xcrypt_h" = "xyes"], 41*4882a593Smuzhiyun- [crypt_libs="xcrypt crypt"], 42*4882a593Smuzhiyun- [crypt_libs="crypt"]) 43*4882a593Smuzhiyun+AC_CHECK_HEADERS(crypt.h) 44*4882a593Smuzhiyun 45*4882a593Smuzhiyun BACKUP_LIBS=$LIBS 46*4882a593Smuzhiyun-AC_SEARCH_LIBS([crypt],[$crypt_libs]) 47*4882a593Smuzhiyun+AC_SEARCH_LIBS([crypt],[crypt]) 48*4882a593Smuzhiyun case "$ac_cv_search_crypt" in 49*4882a593Smuzhiyun -l*) LIBCRYPT="$ac_cv_search_crypt" ;; 50*4882a593Smuzhiyun *) LIBCRYPT="" ;; 51*4882a593Smuzhiyun esac 52*4882a593Smuzhiyun-AC_CHECK_FUNCS(crypt_r crypt_gensalt_r) 53*4882a593Smuzhiyun+AC_CHECK_FUNCS([crypt_r]) 54*4882a593Smuzhiyun LIBS=$BACKUP_LIBS 55*4882a593Smuzhiyun AC_SUBST(LIBCRYPT) 56*4882a593Smuzhiyun-if test "$LIBCRYPT" = "-lxcrypt" && test "$ac_cv_header_xcrypt_h" = "yes" ; then 57*4882a593Smuzhiyun- AC_DEFINE([HAVE_LIBXCRYPT], 1, [Define to 1 if xcrypt support should be compiled in.]) 58*4882a593Smuzhiyun-fi 59*4882a593Smuzhiyun 60*4882a593Smuzhiyun AC_ARG_WITH([randomdev], AS_HELP_STRING([--with-randomdev=(<path>|yes|no)],[use specified random device instead of /dev/urandom or 'no' to disable]), opt_randomdev=$withval) 61*4882a593Smuzhiyun if test "$opt_randomdev" = yes || test -z "$opt_randomdev"; then 62*4882a593Smuzhiyundiff --git a/modules/pam_pwhistory/opasswd.c b/modules/pam_pwhistory/opasswd.c 63*4882a593Smuzhiyunindex 40296d590..a6cd3d2a3 100644 64*4882a593Smuzhiyun--- a/modules/pam_pwhistory/opasswd.c 65*4882a593Smuzhiyun+++ b/modules/pam_pwhistory/opasswd.c 66*4882a593Smuzhiyun@@ -54,9 +54,7 @@ 67*4882a593Smuzhiyun #endif 68*4882a593Smuzhiyun #include <sys/stat.h> 69*4882a593Smuzhiyun 70*4882a593Smuzhiyun-#if defined HAVE_LIBXCRYPT 71*4882a593Smuzhiyun-#include <xcrypt.h> 72*4882a593Smuzhiyun-#elif defined (HAVE_CRYPT_H) 73*4882a593Smuzhiyun+#ifdef HAVE_CRYPT_H 74*4882a593Smuzhiyun #include <crypt.h> 75*4882a593Smuzhiyun #endif 76*4882a593Smuzhiyun 77*4882a593Smuzhiyundiff --git a/modules/pam_unix/bigcrypt.c b/modules/pam_unix/bigcrypt.c 78*4882a593Smuzhiyunindex 31be2f7b0..d8d61a4b0 100644 79*4882a593Smuzhiyun--- a/modules/pam_unix/bigcrypt.c 80*4882a593Smuzhiyun+++ b/modules/pam_unix/bigcrypt.c 81*4882a593Smuzhiyun@@ -29,9 +29,7 @@ 82*4882a593Smuzhiyun #include <string.h> 83*4882a593Smuzhiyun #include <stdlib.h> 84*4882a593Smuzhiyun #include <security/_pam_macros.h> 85*4882a593Smuzhiyun-#ifdef HAVE_LIBXCRYPT 86*4882a593Smuzhiyun-#include <xcrypt.h> 87*4882a593Smuzhiyun-#elif defined(HAVE_CRYPT_H) 88*4882a593Smuzhiyun+#ifdef HAVE_CRYPT_H 89*4882a593Smuzhiyun #include <crypt.h> 90*4882a593Smuzhiyun #endif 91*4882a593Smuzhiyun 92*4882a593Smuzhiyundiff --git a/modules/pam_unix/passverify.c b/modules/pam_unix/passverify.c 93*4882a593Smuzhiyunindex 5a19ed856..e833402c1 100644 94*4882a593Smuzhiyun--- a/modules/pam_unix/passverify.c 95*4882a593Smuzhiyun+++ b/modules/pam_unix/passverify.c 96*4882a593Smuzhiyun@@ -19,9 +19,7 @@ 97*4882a593Smuzhiyun #include <sys/time.h> 98*4882a593Smuzhiyun #include <sys/stat.h> 99*4882a593Smuzhiyun #include <fcntl.h> 100*4882a593Smuzhiyun-#ifdef HAVE_LIBXCRYPT 101*4882a593Smuzhiyun-#include <xcrypt.h> 102*4882a593Smuzhiyun-#elif defined(HAVE_CRYPT_H) 103*4882a593Smuzhiyun+#ifdef HAVE_CRYPT_H 104*4882a593Smuzhiyun #include <crypt.h> 105*4882a593Smuzhiyun #endif 106*4882a593Smuzhiyun 107*4882a593Smuzhiyun@@ -467,23 +465,11 @@ PAMH_ARG_DECL(char * create_password_hash, 108*4882a593Smuzhiyun */ 109*4882a593Smuzhiyun sp = crypt_gensalt_rn(algoid, rounds, NULL, 0, salt, sizeof(salt)); 110*4882a593Smuzhiyun #else 111*4882a593Smuzhiyun-#ifdef HAVE_CRYPT_GENSALT_R 112*4882a593Smuzhiyun- if (on(UNIX_BLOWFISH_PASS, ctrl)) { 113*4882a593Smuzhiyun- char entropy[17]; 114*4882a593Smuzhiyun- crypt_make_salt(entropy, sizeof(entropy) - 1); 115*4882a593Smuzhiyun- sp = crypt_gensalt_r (algoid, rounds, 116*4882a593Smuzhiyun- entropy, sizeof(entropy), 117*4882a593Smuzhiyun- salt, sizeof(salt)); 118*4882a593Smuzhiyun- } else { 119*4882a593Smuzhiyun-#endif 120*4882a593Smuzhiyun- sp = stpcpy(salt, algoid); 121*4882a593Smuzhiyun- if (on(UNIX_ALGO_ROUNDS, ctrl)) { 122*4882a593Smuzhiyun- sp += snprintf(sp, sizeof(salt) - (16 + 1 + (sp - salt)), "rounds=%u$", rounds); 123*4882a593Smuzhiyun- } 124*4882a593Smuzhiyun- crypt_make_salt(sp, 16); 125*4882a593Smuzhiyun-#ifdef HAVE_CRYPT_GENSALT_R 126*4882a593Smuzhiyun+ sp = stpcpy(salt, algoid); 127*4882a593Smuzhiyun+ if (on(UNIX_ALGO_ROUNDS, ctrl)) { 128*4882a593Smuzhiyun+ sp += snprintf(sp, sizeof(salt) - (16 + 1 + (sp - salt)), "rounds=%u$", rounds); 129*4882a593Smuzhiyun } 130*4882a593Smuzhiyun-#endif 131*4882a593Smuzhiyun+ crypt_make_salt(sp, 16); 132*4882a593Smuzhiyun #endif /* CRYPT_GENSALT_IMPLEMENTS_AUTO_ENTROPY */ 133*4882a593Smuzhiyun #ifdef HAVE_CRYPT_R 134*4882a593Smuzhiyun sp = NULL; 135*4882a593Smuzhiyundiff --git a/modules/pam_userdb/pam_userdb.c b/modules/pam_userdb/pam_userdb.c 136*4882a593Smuzhiyunindex d59801bfd..f467ea4c8 100644 137*4882a593Smuzhiyun--- a/modules/pam_userdb/pam_userdb.c 138*4882a593Smuzhiyun+++ b/modules/pam_userdb/pam_userdb.c 139*4882a593Smuzhiyun@@ -17,9 +17,7 @@ 140*4882a593Smuzhiyun #include <sys/stat.h> 141*4882a593Smuzhiyun #include <fcntl.h> 142*4882a593Smuzhiyun #include <errno.h> 143*4882a593Smuzhiyun-#ifdef HAVE_LIBXCRYPT 144*4882a593Smuzhiyun-#include <xcrypt.h> 145*4882a593Smuzhiyun-#elif defined(HAVE_CRYPT_H) 146*4882a593Smuzhiyun+#ifdef HAVE_CRYPT_H 147*4882a593Smuzhiyun #include <crypt.h> 148*4882a593Smuzhiyun #endif 149*4882a593Smuzhiyun 150