Specially for Bernhard Fischer introduce USE_BB_CRYPT

which selects between libc/custom crypt routines.

3 files changed, 75 insertions, 34 deletions

diff --git a/include/libbb.h b/include/libbb.h
index 655ca01a5..e92dbc4c0 100644
--- a/include/libbb.h
+++ b/include/libbb.h
@@ -1032,6 +1032,9 @@ extern int restricted_shell(const char *shell);
 extern void setup_environment(const char *shell, int clear_env, int change_env, const struct passwd *pw);
 extern int correct_password(const struct passwd *pw);
 /* Returns a malloced string */
+#if !ENABLE_USE_BB_CRYPT
+#define pw_encrypt(clear, salt, cleanup) pw_encrypt(clear, salt)
+#endif
 extern char *pw_encrypt(const char *clear, const char *salt, int cleanup);
 extern int obscure(const char *old, const char *newval, const struct passwd *pwdp);
 /* rnd is additional random input. New one is returned.
diff --git a/libbb/pw_encrypt.c b/libbb/pw_encrypt.c
index 762cbab27..c1e927e23 100644
--- a/libbb/pw_encrypt.c
+++ b/libbb/pw_encrypt.c
@@ -9,6 +9,8 @@
 
 #include "libbb.h"
 
+#if ENABLE_USE_BB_CRYPT
+
 /*
  * DES and MD5 crypt implementations are taken from uclibc.
  * They were modified to not use static buffers.
@@ -69,3 +71,18 @@ char *pw_encrypt(const char *clear, const char *salt, int cleanup)
 
         return encrypted;
 }
+
+#else /* if !ENABLE_USE_BB_CRYPT */
+
+char *pw_encrypt(const char *clear, const char *salt, int cleanup)
+{
+#if 0 /* was CONFIG_FEATURE_SHA1_PASSWORDS, but there is no such thing??? */
+        if (strncmp(salt, "$2$", 3) == 0) {
+                return xstrdup(sha1_crypt(clear));
+        }
+#endif
+
+        return xstrdup(crypt(clear, salt));
+}
+
+#endif
diff --git a/loginutils/Config.in b/loginutils/Config.in
index c57d9976e..e39fb6f79 100644
--- a/loginutils/Config.in
+++ b/loginutils/Config.in
@@ -13,45 +13,67 @@ config FEATURE_SHADOWPASSWDS
           readable by root and thus the encrypted passwords are no longer
           publicly readable.
 
+config USE_BB_PWD_GRP
+        bool "Use internal password and group functions rather than system functions"
+        default n
+        help
+          If you leave this disabled, busybox will use the system's password
+          and group functions.  And if you are using the GNU C library
+          (glibc), you will then need to install the /etc/nsswitch.conf
+          configuration file and the required /lib/libnss_* libraries in
+          order for the password and group functions to work.  This generally
+          makes your embedded system quite a bit larger.
+
+          Enabling this option will cause busybox to directly access the
+          system's /etc/password, /etc/group files (and your system will be
+          smaller, and I will get fewer emails asking about how glibc NSS
+          works).  When this option is enabled, you will not be able to use
+          PAM to access remote LDAP password servers and whatnot.  And if you
+          want hostname resolution to work with glibc, you still need the
+          /lib/libnss_* libraries.
+
+          If you need to use glibc's nsswitch.conf mechanism
+          (e.g. if user/group database is NOT stored in /etc/passwd etc),
+          you must NOT use this option.
+
+          If you enable this option, it will add about 1.5k to busybox.
+
 config USE_BB_SHADOW
         bool "Use busybox shadow password functions"
         default y
         depends on USE_BB_PWD_GRP && FEATURE_SHADOWPASSWDS
         help
-            If you leave this disabled, busybox will use the system's shadow
-            password handling functions.  And if you are using the GNU C library
-            (glibc), you will then need to install the /etc/nsswitch.conf
-            configuration file and the required /lib/libnss_* libraries in
-            order for the shadow password functions to work.  This generally
-            makes your embedded system quite a bit larger.
-
-            Enabling this option will cause busybox to directly access the
-            system's /etc/shadow file when handling shadow passwords.  This
-            makes your system smaller and I will get fewer emails asking about
-            how glibc NSS works).  When this option is enabled, you will not be
-            able to use PAM to access shadow passwords from remote LDAP
-            password servers and whatnot.
-
-config USE_BB_PWD_GRP
-        bool "Use internal password and group functions rather than system functions"
-        default n
+          If you leave this disabled, busybox will use the system's shadow
+          password handling functions.  And if you are using the GNU C library
+          (glibc), you will then need to install the /etc/nsswitch.conf
+          configuration file and the required /lib/libnss_* libraries in
+          order for the shadow password functions to work.  This generally
+          makes your embedded system quite a bit larger.
+
+          Enabling this option will cause busybox to directly access the
+          system's /etc/shadow file when handling shadow passwords.  This
+          makes your system smaller and I will get fewer emails asking about
+          how glibc NSS works).  When this option is enabled, you will not be
+          able to use PAM to access shadow passwords from remote LDAP
+          password servers and whatnot.
+
+config USE_BB_CRYPT
+        bool "Use internal DES and MD5 crypt functions rather than system functions"
+        default y
         help
-            If you leave this disabled, busybox will use the system's password
-            and group functions.  And if you are using the GNU C library
-            (glibc), you will then need to install the /etc/nsswitch.conf
-            configuration file and the required /lib/libnss_* libraries in
-            order for the password and group functions to work.  This generally
-            makes your embedded system quite a bit larger.
-
-            Enabling this option will cause busybox to directly access the
-            system's /etc/password, /etc/group files (and your system will be
-            smaller, and I will get fewer emails asking about how glibc NSS
-            works).  When this option is enabled, you will not be able to use
-            PAM to access remote LDAP password servers and whatnot.  And if you
-            want hostname resolution to work with glibc, you still need the
-            /lib/libnss_* libraries.
-
-            If you enable this option, it will add about 1.5k to busybox.
+          If you leave this disabled, busybox will use the system's password
+          and group functions.  Most C libraries use large (~70k)
+          static buffers in these functions, and also combine them
+          with more general DES encryption/decryption routines.
+          For busybox, having large static buffers is undesirable,
+          especially so on NOMMU machines.
+
+          These functions produce results which are identical
+          to corresponding C library functions.
+
+          If you enable this option, it will add about 4.8k to busybox
+          if you are building dynamically linked executable.
+          In static build, it makes executable _smaller_ by about 1.2k.
 
 config ADDGROUP
         bool "addgroup"
@@ -255,4 +277,3 @@ config VLOCK
           work properly.
 
 endmenu
-