[PATCH] Fix libxcrypt support

Jozsef Kadlecsik kadlec at blackhole.kfki.hu
Fri Sep 5 12:01:57 UTC 2008


Hello,

In Linux-PAM-1.0.2 libxcrypt the preferred crypto library. However, the 
source files include 'crypt.h' instead of 'xcrypt.h'. In consequence, 
crypt from libcrypt is used and blowfish, sha256, sha512 support is lost 
if the system uses glibc < 2.7.

I also noticed that blowfish is not supported as encryption algorythm for 
new passwords in Linux-PAM. Is there any specific reason for that? Patch 
to add full blowfish support were welcomed? ;-)

diff -ru Linux-PAM-1.0.2-orig/configure.in Linux-PAM-1.0.2-xcrypt/configure.in
--- Linux-PAM-1.0.2-orig/configure.in	2008-08-29 10:13:38.000000000 +0200
+++ Linux-PAM-1.0.2-xcrypt/configure.in	2008-09-05 12:54:30.000000000 +0200
@@ -430,7 +430,7 @@
 AC_HEADER_SYS_WAIT
 AC_CHECK_HEADERS(fcntl.h limits.h malloc.h sys/file.h sys/ioctl.h sys/time.h syslog.h net/if.h termio.h unistd.h sys/fsuid.h inittypes.h)
 
-AC_CHECK_HEADERS(crypt.h)
+AC_CHECK_HEADERS(xcrypt.h crypt.h)
 
 dnl For module/pam_lastlog
 AC_CHECK_HEADERS(lastlog.h utmp.h utmpx.h)
diff -ru Linux-PAM-1.0.2-orig/modules/pam_cracklib/pam_cracklib.c Linux-PAM-1.0.2-xcrypt/modules/pam_cracklib/pam_cracklib.c
--- Linux-PAM-1.0.2-orig/modules/pam_cracklib/pam_cracklib.c	2008-03-05 21:21:38.000000000 +0100
+++ Linux-PAM-1.0.2-xcrypt/modules/pam_cracklib/pam_cracklib.c	2008-09-05 13:00:29.000000000 +0200
@@ -37,7 +37,9 @@
 #include "config.h"
 
 #include <stdio.h>
-#ifdef HAVE_CRYPT_H
+#ifdef HAVE_XCRYPT_H
+# include <xcrypt.h>
+#elif defined(HAVE_CRYPT_H)
 # include <crypt.h>
 #endif
 #include <unistd.h>
diff -ru Linux-PAM-1.0.2-orig/modules/pam_unix/bigcrypt.c Linux-PAM-1.0.2-xcrypt/modules/pam_unix/bigcrypt.c
--- Linux-PAM-1.0.2-orig/modules/pam_unix/bigcrypt.c	2008-01-24 17:42:59.000000000 +0100
+++ Linux-PAM-1.0.2-xcrypt/modules/pam_unix/bigcrypt.c	2008-09-05 12:59:02.000000000 +0200
@@ -29,7 +29,9 @@
 #include <string.h>
 #include <stdlib.h>
 #include <security/_pam_macros.h>
-#ifdef HAVE_CRYPT_H
+#ifdef HAVE_XCRYPT_H
+#include <xcrypt.h>
+#elif defined(HAVE_CRYPT_H)
 #include <crypt.h>
 #endif
 
diff -ru Linux-PAM-1.0.2-orig/modules/pam_unix/passverify.c Linux-PAM-1.0.2-xcrypt/modules/pam_unix/passverify.c
--- Linux-PAM-1.0.2-orig/modules/pam_unix/passverify.c	2008-01-28 14:20:29.000000000 +0100
+++ Linux-PAM-1.0.2-xcrypt/modules/pam_unix/passverify.c	2008-09-05 12:59:40.000000000 +0200
@@ -19,7 +19,9 @@
 #include <sys/time.h>
 #include <sys/stat.h>
 #include <fcntl.h>
-#ifdef HAVE_CRYPT_H
+#ifdef HAVE_XCRYPT_H
+#include <xcrypt.h>
+#elif defined(HAVE_CRYPT_H)
 #include <crypt.h>
 #endif
 
diff -ru Linux-PAM-1.0.2-orig/modules/pam_userdb/pam_userdb.c Linux-PAM-1.0.2-xcrypt/modules/pam_userdb/pam_userdb.c
--- Linux-PAM-1.0.2-orig/modules/pam_userdb/pam_userdb.c	2006-06-17 18:44:58.000000000 +0200
+++ Linux-PAM-1.0.2-xcrypt/modules/pam_userdb/pam_userdb.c	2008-09-05 12:58:11.000000000 +0200
@@ -17,7 +17,9 @@
 #include <sys/stat.h>
 #include <fcntl.h>
 #include <errno.h>
-#ifdef HAVE_CRYPT_H
+#ifdef HAVE_XCRYPT_H
+#include <xcrypt.h>
+#elif defined(HAVE_CRYPT_H)
 #include <crypt.h>
 #endif
 

Best regards,
Jozsef
-
E-mail  : kadlec at blackhole.kfki.hu, kadlec at mail.kfki.hu
PGP key : http://www.kfki.hu/~kadlec/pgp_public_key.txt
Address : KFKI Research Institute for Particle and Nuclear Physics
          H-1525 Budapest 114, POB. 49, Hungary




More information about the Pam-list mailing list