change prototype for crypt_newhash. the login_cap_t is a holdover from its

pwd_gensalt origins, but a string argument works equally work and is more friendly to consumers beyond local user accounts. ok deraadt
10 years ago · a5c612c089
--- a/src/include/login_cap.h
+++ b/src/include/login_cap.h
@ -1,4 +1,4 @@
 /*	$OpenBSD: login_cap.h,v 1.14 2014/11/19 22:59:50 tedu Exp $	*/
 /*	$OpenBSD: login_cap.h,v 1.15 2014/11/21 05:13:44 tedu Exp $	*/
 /*-
 * Copyright (c) 1995,1997 Berkeley Software Design, Inc. All rights reserved.
@ -104,8 +104,6 @@ int	secure_path(char *);
 int	setclasscontext(char *, unsigned int);
 int	setusercontext(login_cap_t *, struct passwd *, uid_t, unsigned int);
 int	 crypt_newhash(const char *pass, login_cap_t *lc, char *hash, size_t hashlen);
 __END_DECLS
 #endif /* _LOGIN_CAP_H_ */
--- a/src/include/unistd.h
+++ b/src/include/unistd.h
@ -1,4 +1,4 @@
 /*	$OpenBSD: unistd.h,v 1.93 2014/09/18 04:37:56 guenther Exp $ */
 /*	$OpenBSD: unistd.h,v 1.94 2014/11/21 05:13:44 tedu Exp $ */
 /*	$NetBSD: unistd.h,v 1.26.4.1 1996/05/28 02:31:51 mrg Exp $	*/
 /*-
@ -489,6 +489,7 @@ int	pipe2(int [2], int);
 int	 acct(const char *);
 int	 closefrom(int);
 int	 crypt_checkpass(const char *, const char *);
 int	 crypt_newhash(const char *, const char *, char *, size_t);
 int	 des_cipher(const char *, char *, int32_t, int);
 int	 des_setkey(const char *);
 void	 endusershell(void);
--- a/src/lib/libc/crypt/crypt_checkpass.3
+++ b/src/lib/libc/crypt/crypt_checkpass.3
@ -1,4 +1,4 @@
 .\" $OpenBSD: crypt_checkpass.3,v 1.1 2014/11/20 19:18:25 tedu Exp $
 .\" $OpenBSD: crypt_checkpass.3,v 1.2 2014/11/21 05:13:44 tedu Exp $
 .\"
 .\" Copyright (c) Ted Unangst <tedu@openbsd.org>
 .\"
@ -14,7 +14,7 @@
 .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
 .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 .\"
 .Dd $Mdocdate: November 20 2014 $
 .Dd $Mdocdate: November 21 2014 $
 .Dt CRYPT_CHECKPASS 3
 .Os
 .Sh NAME
@ -25,9 +25,8 @@
 .In unistd.h
 .Ft int
 .Fn crypt_checkpass "const char *password" "const char *hash"
 .In login_cap.h
 .Ft int
 .Fn crypt_newhash "const char *password" "login_cap_t *lc" "char *hash" "size_t hashsize"
 .Fn crypt_newhash "const char *password" "const char *pref" "char *hash" "size_t hashsize"
 .Sh DESCRIPTION
 The
 .Fn crypt_checkpass
@ -47,9 +46,9 @@ The provided
 .Fa password
 is randomly salted and hashed and stored in
 .Fa hash .
 The login class argument
 .Fa lc
 is used to identify the preferred hashing algorithm and parameters.
 The
 .Fa pref
 argument identifies the preferred hashing algorithm and parameters.
 Refer to
 .Xr login.conf 5 .
 .Sh RETURN VALUES
--- a/src/lib/libc/crypt/cryptutil.c
+++ b/src/lib/libc/crypt/cryptutil.c
@ -1,4 +1,4 @@
 /* $OpenBSD: cryptutil.c,v 1.2 2014/11/17 16:47:28 tedu Exp $ */
 /* $OpenBSD: cryptutil.c,v 1.3 2014/11/21 05:13:44 tedu Exp $ */
 /*
 * Copyright (c) 2014 Ted Unangst <tedu@openbsd.org>
 *
@ -55,16 +55,14 @@ fail:
 }
 int
 crypt_newhash(const char *pass, login_cap_t *lc, char *hash, size_t hashlen)
 crypt_newhash(const char *pass, const char *pref, char *hash, size_t hashlen)
 {
 	int rv = -1;
 	char *pref;
 	char *defaultpref = "blowfish,8";
 	const char *defaultpref = "blowfish,8";
 	const char *errstr;
 	int rounds;
 	if (lc == NULL ||
 	    (pref = login_getcapstr(lc, "localcipher", NULL, NULL)) == NULL)
 	if (pref == NULL)
 		pref = defaultpref;
 	if (strncmp(pref, "blowfish,", 9) != 0) {
 		errno = EINVAL;
@ -76,7 +74,5 @@ crypt_newhash(const char *pass, login_cap_t *lc, char *hash, size_t hashlen)
 	rv = bcrypt_newhash(pass, rounds, hash, hashlen);
 err:
 	if (pref != defaultpref)
 		free(pref);
 	return rv;
 }