yp-tools/yp-tools-2.12-hash.patch

diff -up yp-tools-2.12/man/yppasswd.1.in.hash yp-tools-2.12/man/yppasswd.1.in
--- yp-tools-2.12/man/yppasswd.1.in.hash	2011-09-09 16:18:49.469037058 +0200
+++ yp-tools-2.12/man/yppasswd.1.in	2011-09-09 16:20:19.101030930 +0200
@@ -81,6 +81,12 @@ for authentication with the
 .BR yppasswdd (8)
 daemon. Subsequently, the
 program prompts for the updated information:
+.P
+If we use shadowing passwords using passwd.adjunct, SHA-512 will be 
+used for hashing a new password by default. If we want to use MD5, 
+SHA_256 or older DES, we need to set the environment variable 
+YP_PASSWD_HASH. Possible values are "DES", "MD5", "SHA-256" and 
+"SHA-512" (value is case-insensitive).
 .\"
 .\"
 .IP "\fByppasswd\fP or \fB-p\fP"
diff -up yp-tools-2.12/src/yppasswd.c.hash yp-tools-2.12/src/yppasswd.c
--- yp-tools-2.12/src/yppasswd.c.hash	2011-09-09 16:20:35.360029823 +0200
+++ yp-tools-2.12/src/yppasswd.c	2011-09-09 16:25:21.589010245 +0200
@@ -514,6 +514,32 @@ create_random_salt (char *salt, int num_
     close (fd);
 }
 
+
+/*
+ * Reads environment variable YP_PASSWD_HASH and returns hash id.
+ * Possible values are MD5, SHA-256, SHA-512 and DES.
+ * If other value is set or it is not set at all, SHA-512 is used.
+ */ 
+static int
+get_env_hash_id()
+{
+  const char *v = getenv("YP_PASSWD_HASH");
+  if (!v)
+    return SHA_512;
+
+  if (!strcasecmp(v, "DES"))
+    return DES;
+
+  if (!strcasecmp(v, "SHA-256"))
+    return SHA_256;
+
+  if (!strcasecmp(v, "MD5"))
+    return MD5;
+
+  return SHA_512;
+}
+
+
 int
 main (int argc, char **argv)
 {
@@ -723,6 +749,15 @@ main (int argc, char **argv)
 
       hash_id = get_hash_id (pwd->pw_passwd);
 
+      /* If we use passwd.adjunct, there is no magic value like $1$ in the 
+       * beginning of password, but ##username instead. Thus, SHA_512 will be 
+       * used for hashing a new password by default. If we want to use DES, 
+       * MD5 or SHA_256, we need to set the environment variable 
+       * YP_PASSWD_HASH (e.g. YP_PASSWD_HASH=DES).
+       */
+      if (strncmp(pwd->pw_passwd, "##", 2) == 0)
+        hash_id = get_env_hash_id();
+
       /* Preserve 'rounds=<N>$' (if present) in case of SHA-2 */
       if (hash_id == SHA_256 || hash_id == SHA_512)
 	{
Added YP_PASSWD_HASH environment variable to set default algorithm for hashing a new password Resolves: #699666 2011-09-09 14:37:49 +00:00			`diff -up yp-tools-2.12/man/yppasswd.1.in.hash yp-tools-2.12/man/yppasswd.1.in`
			`--- yp-tools-2.12/man/yppasswd.1.in.hash 2011-09-09 16:18:49.469037058 +0200`
			`+++ yp-tools-2.12/man/yppasswd.1.in 2011-09-09 16:20:19.101030930 +0200`
			`@@ -81,6 +81,12 @@ for authentication with the`
			`.BR yppasswdd (8)`
			`daemon. Subsequently, the`
			`program prompts for the updated information:`
			`+.P`
			`+If we use shadowing passwords using passwd.adjunct, SHA-512 will be`
			`+used for hashing a new password by default. If we want to use MD5,`
			`+SHA_256 or older DES, we need to set the environment variable`
			`+YP_PASSWD_HASH. Possible values are "DES", "MD5", "SHA-256" and`
			`+"SHA-512" (value is case-insensitive).`
			`.\"`
			`.\"`
			`.IP "\fByppasswd\fP or \fB-p\fP"`
			`diff -up yp-tools-2.12/src/yppasswd.c.hash yp-tools-2.12/src/yppasswd.c`
			`--- yp-tools-2.12/src/yppasswd.c.hash 2011-09-09 16:20:35.360029823 +0200`
			`+++ yp-tools-2.12/src/yppasswd.c 2011-09-09 16:25:21.589010245 +0200`
			`@@ -514,6 +514,32 @@ create_random_salt (char *salt, int num_`
			`close (fd);`
			`}`

			`+`
			`+/*`
			`+ * Reads environment variable YP_PASSWD_HASH and returns hash id.`
			`+ * Possible values are MD5, SHA-256, SHA-512 and DES.`
			`+ * If other value is set or it is not set at all, SHA-512 is used.`
			`+ */`
			`+static int`
			`+get_env_hash_id()`
			`+{`
			`+ const char *v = getenv("YP_PASSWD_HASH");`
			`+ if (!v)`
			`+ return SHA_512;`
			`+`
			`+ if (!strcasecmp(v, "DES"))`
			`+ return DES;`
			`+`
			`+ if (!strcasecmp(v, "SHA-256"))`
			`+ return SHA_256;`
			`+`
			`+ if (!strcasecmp(v, "MD5"))`
			`+ return MD5;`
			`+`
			`+ return SHA_512;`
			`+}`
			`+`
			`+`
			`int`
			`main (int argc, char **argv)`
			`{`
			`@@ -723,6 +749,15 @@ main (int argc, char **argv)`

			`hash_id = get_hash_id (pwd->pw_passwd);`

			`+ /* If we use passwd.adjunct, there is no magic value like $1$ in the`
			`+ * beginning of password, but ##username instead. Thus, SHA_512 will be`
			`+ * used for hashing a new password by default. If we want to use DES,`
			`+ * MD5 or SHA_256, we need to set the environment variable`
			`+ * YP_PASSWD_HASH (e.g. YP_PASSWD_HASH=DES).`
			`+ */`
			`+ if (strncmp(pwd->pw_passwd, "##", 2) == 0)`
			`+ hash_id = get_env_hash_id();`
			`+`
			`/* Preserve 'rounds=<N>$' (if present) in case of SHA-2 */`
			`if (hash_id == SHA_256 \|\| hash_id == SHA_512)`
			`{`