Merge branch 'busybox' into merge

4 files changed, 48 insertions, 11 deletions

diff --git a/loginutils/Config.src b/loginutils/Config.src
index cbb09646b..a7812bd32 100644
--- a/loginutils/Config.src
+++ b/loginutils/Config.src
@@ -91,6 +91,17 @@ config USE_BB_CRYPT_SHA
         With this option off, login will fail password check for any
         user which has password encrypted with these algorithms.
 
+config USE_BB_CRYPT_YES
+        bool "Enable yescrypt functions"
+        default y
+        depends on USE_BB_CRYPT
+        help
+        Enable this if you have passwords starting with "$y$" or
+        in your /etc/passwd or /etc/shadow files. These passwords
+        are hashed using yescrypt algorithms.
+        With this option off, login will fail password check for any
+        user which has password encrypted with these algorithms.
+
 INSERT
 
 endmenu
diff --git a/loginutils/chpasswd.c b/loginutils/chpasswd.c
index 65530b614..353f19961 100644
--- a/loginutils/chpasswd.c
+++ b/loginutils/chpasswd.c
@@ -17,7 +17,7 @@
 //config:       default "des"
 //config:       depends on PASSWD || CRYPTPW || CHPASSWD
 //config:       help
-//config:       Possible choices are "d[es]", "m[d5]", "s[ha256]" or "sha512".
+//config:       Possible choices: "d[es]", "m[d5]", "s[ha256]", "sha512", "yescrypt"
 
 //applet:IF_CHPASSWD(APPLET(chpasswd, BB_DIR_USR_SBIN, BB_SUID_DROP))
 
diff --git a/loginutils/cryptpw.c b/loginutils/cryptpw.c
index 1c338540f..666deff0b 100644
--- a/loginutils/cryptpw.c
+++ b/loginutils/cryptpw.c
@@ -84,8 +84,7 @@ to cryptpw. -a option (alias for -m) came from cryptpw.
 int cryptpw_main(int argc, char **argv) MAIN_EXTERNALLY_VISIBLE;
 int cryptpw_main(int argc UNUSED_PARAM, char **argv)
 {
-        /* Supports: cryptpw -m sha256 PASS 'rounds=999999999$SALT' */
-        char salt[MAX_PW_SALT_LEN + sizeof("rounds=999999999$")];
+        char salt[MAX_PW_SALT_LEN];
         char *salt_ptr;
         char *password;
         const char *opt_m, *opt_S;
@@ -100,7 +99,7 @@ int cryptpw_main(int argc UNUSED_PARAM, char **argv)
         ;
 #endif
         fd = STDIN_FILENO;
-        opt_m = CONFIG_FEATURE_DEFAULT_PASSWD_ALGO;
+        opt_m = NULL;
         opt_S = NULL;
         /* at most two non-option arguments; -P NUM */
         getopt32long(argv, "^" "sP:+S:m:a:" "\0" "?2",
@@ -114,10 +113,34 @@ int cryptpw_main(int argc UNUSED_PARAM, char **argv)
         if (argv[0] && !opt_S)
                 opt_S = argv[1];
 
-        salt_ptr = crypt_make_pw_salt(salt, opt_m);
-        if (opt_S)
-                /* put user's data after the "$N$" prefix */
-                safe_strncpy(salt_ptr, opt_S, sizeof(salt) - (sizeof("$N$")-1));
+        if (opt_S && !opt_S[0]) {
+                /* mkpasswd 5.6.2 compat: SALT of ""
+                 * is treated as not specified
+                 * (both forms: -S "" and argv[1] of "")
+                 */
+                opt_S = NULL;
+        }
+
+        if (opt_m) {
+                /* "cryptpw -m ALGO PASSWORD [SALT]" */
+                /* generate "$x$" algo prefix + random salt */
+                salt_ptr = crypt_make_pw_salt(salt, opt_m);
+                if (opt_S) {
+                        /* "cryptpw -m ALGO PASSWORD SALT" */
+                        /* put SALT data after the "$x$" prefix */
+                        safe_strncpy(salt_ptr, opt_S, sizeof(salt) - (sizeof("$N$")-1));
+                }
+        } else {
+                if (!opt_S) {
+                        /* "cryptpw PASSWORD" */
+                        /* generate random salt with default algo */
+                        crypt_make_pw_salt(salt, CONFIG_FEATURE_DEFAULT_PASSWD_ALGO);
+                } else {
+                        /* "cryptpw PASSWORD '$x$SALT'" */
+                        /* use given salt; algo will be detected by pw_encrypt() */
+                        safe_strncpy(salt, opt_S, sizeof(salt));
+                }
+        }
 
         xmove_fd(fd, STDIN_FILENO);
 
diff --git a/loginutils/sulogin.c b/loginutils/sulogin.c
index 9c927ed79..984889915 100644
--- a/loginutils/sulogin.c
+++ b/loginutils/sulogin.c
@@ -79,7 +79,7 @@ int sulogin_main(int argc UNUSED_PARAM, char **argv)
                         break;
                 }
                 pause_after_failed_login();
-                bb_simple_info_msg("Login incorrect");
+                bb_simple_error_msg("Login incorrect");
         }
 
         /* util-linux 2.36.1 compat: no message */
@@ -119,9 +119,12 @@ int sulogin_main(int argc UNUSED_PARAM, char **argv)
         }
 
         /*
-         * Note: login does this (should we do it too?):
+         * Note: login does this. util-linux's sulogin does NOT.
+         * But it's rather unpleasant to have non-functioning ^C in a shell,
+         * and surprisingly, there is no easy way to remove SIG_IGN from ^C
+         * in the shell. So, we are doing it:
          */
-        /*signal(SIGINT, SIG_DFL);*/
+        signal(SIGINT, SIG_DFL);
 
         /* Exec shell with no additional parameters. Never returns. */
         exec_shell(shell, /* -p? then shell is login:*/(opts & 1), NULL);