Index: include/unistd.h =================================================================== RCS file: /usr2/ncvs/src/include/unistd.h,v retrieving revision 1.37 diff -u -r1.37 unistd.h --- include/unistd.h 2000/07/29 11:53:35 1.37 +++ include/unistd.h 2000/08/05 05:12:31 @@ -120,6 +120,8 @@ int chroot __P((const char *)); size_t confstr __P((int, char *, size_t)); char *crypt __P((const char *, const char *)); +const char *crypt_get_format __P((void)); +int crypt_set_format __P((const char *)); int des_cipher __P((const char *, char *, long, int)); int des_setkey __P((const char *key)); int encrypt __P((char *, int)); Index: lib/libcrypt/Makefile =================================================================== RCS file: /usr2/ncvs/src/lib/libcrypt/Makefile,v retrieving revision 1.24 diff -u -r1.24 Makefile --- lib/libcrypt/Makefile 2000/01/07 06:33:54 1.24 +++ lib/libcrypt/Makefile 2000/08/16 22:17:34 @@ -16,10 +16,11 @@ .endif .PATH: ${.CURDIR}/../libmd -SRCS= crypt.c crypt-md5.c misc.c -STATICSRCS= md5c.c +SRCS= crypt.c crypt-md5.c crypt-sha1.c misc.c +STATICSRCS= md5c.c sha1c.c STATICOBJS= ${STATICSRCS:S/.c/.o/g} MAN3= crypt.3 +MLINKS= crypt.3 crypt_get_format.3 crypt.3 crypt_set_format.3 CFLAGS+= -I${.CURDIR}/../libmd CFLAGS+= -DLIBC_SCCS -Wall PRECIOUSLIB= yes Index: lib/libcrypt/crypt.3 =================================================================== RCS file: /usr2/ncvs/src/lib/libcrypt/crypt.3,v retrieving revision 1.8 diff -u -r1.8 crypt.3 --- lib/libcrypt/crypt.3 2000/04/22 20:43:21 1.8 +++ lib/libcrypt/crypt.3 2000/08/16 22:51:59 @@ -43,6 +43,10 @@ .Fd #include .Ft char * .Fn crypt "const char *key" "const char *salt" +.Ft const char * +.Fn crypt_get_format "void" +.Ft int +.Fn crypt_set_format "const char *string" .Sh DESCRIPTION The .Fn crypt @@ -57,12 +61,15 @@ Currently these include the .Tn NBS .Tn Data Encryption Standard (DES) , +.Tn FIPS 160-1 (SHA1) , and .Tn MD5 . -The algorithm used will depend upon the format of the Salt--following -the Modular Crypt Format (MCF)--and if +The algorithm used will depend upon the format of the Salt (following +the Modular Crypt Format (MCF)), if .Tn DES -is installed or not. +is installed or not, and whether +.Fn crypt_set_format +has been called to change the default. .Pp The first argument to .Nm @@ -167,6 +174,8 @@ .Bl -tag -width 012345678 -compact -offset indent .It 1 MD5 +.It 10 +SHA1 .El .Pp Other crypt formats may be easilly added. An example salt would be: @@ -177,17 +186,41 @@ .Ss "Traditional" crypt: .Pp The algorithm used will depend upon whether +.Fn crypt_set_format +has been called and whether .Tn DES -is installed or not. If it is, +is installed or not. If .Tn DES -will be used. Otherwise, the best algorithm is used, which is currently +is installed and +.Fn crypt_set_format +has not set the format to something else, it will be used. +Otherwise, the best algorithm is used, which is currently .\" .\" NOTICE: Also make sure to update this +.\" (probably to SHA1 later...) .\" MD5. .Pp How the salt is used will depend upon the algorithm for the hash. For best results, specify at least two characters of salt. +.Pp +The +.Fn crypt_get_format +function returns a constant string that represents the name of the +algorithm currently used. +Valid values are +.\" +.\" NOTICE: Also make sure to update this, too, as well +.\" +.Ql des , +.Ql md5 +and +.Ql sha1 . +.Pp +The +.Fn crypt_set_format +function sets the default encoding format according to the supplied +.Fa string . .Sh RETURN VALUES .Pp .Fn crypt @@ -195,6 +228,10 @@ Note: this is not a standard behaviour, AT&T .Fn crypt will always return a pointer to a string. +.Pp +.Fn crypt_set_format +will return 1 if the supplied encoding format was valid. +Otherwise, a value of 0 is returned. .Sh SEE ALSO .Xr login 1 , .Xr passwd 1 , @@ -206,7 +243,9 @@ .Fn crypt function returns a pointer to static data, and subsequent calls to .Fn crypt -will modify the same data. +will modify the same data. Likewise, +.Fn crypt_set_format +modifies static data. .Sh HISTORY A rotor-based .Fn crypt @@ -230,6 +269,7 @@ .An David Burren Aq davidb@werj.com.au , later additions and changes by .An Poul-henning Kamp , -.An Mark R V Murray -and +.An Mark R V Murray , .An Kris Kennaway . +and +.An Brian Feldman . Index: lib/libcrypt/crypt.c =================================================================== RCS file: /usr2/ncvs/src/lib/libcrypt/crypt.c,v retrieving revision 1.14 diff -u -r1.14 crypt.c --- lib/libcrypt/crypt.c 2000/01/07 06:33:54 1.14 +++ lib/libcrypt/crypt.c 2000/08/04 02:46:08 @@ -34,14 +34,62 @@ #include #include "crypt.h" +static const struct { + const char *const name; + char *(*const func)(const char *, const char *); + const char *const magic; +} crypt_types[] = { + { + "des", + crypt_des, + NULL + }, + { + "md5", + crypt_md5, + "$1$" + }, + { + "sha1", + crypt_sha1, + "$10$" + }, + { + NULL, + NULL + } +}; + +static int crypt_type = 0; + +const char * +crypt_get_format(void) { + + return (crypt_types[crypt_type].name); +} + +int +crypt_set_format(char *type) { + int i; + + for (i = 0; i < sizeof(crypt_types) / sizeof(crypt_types[0]) - 1; i++) { + if (strcmp(type, crypt_types[i].name) == 0) { + crypt_type = i; + return (1); + } + } + return (0); +} + char * crypt(char *passwd, char *salt) { - if (!strncmp(salt, "$1$", 3)) - return crypt_md5(passwd, salt); -#ifdef NONEXPORTABLE_CRYPT - return crypt_des(passwd, salt); -#else - return crypt_md5(passwd, salt); -#endif + int i; + + for (i = 0; i < sizeof(crypt_types) / sizeof(crypt_types[0]) - 1; i++) { + if (crypt_types[i].magic != NULL && strncmp(salt, + crypt_types[i].magic, strlen(crypt_types[i].magic)) == 0) + return (crypt_types[i].func(passwd, salt)); + } + return (crypt_types[crypt_type].func(passwd, salt)); } Index: lib/libcrypt/crypt.h =================================================================== RCS file: /usr2/ncvs/src/lib/libcrypt/crypt.h,v retrieving revision 1.4 diff -u -r1.4 crypt.h --- lib/libcrypt/crypt.h 2000/01/07 06:33:54 1.4 +++ lib/libcrypt/crypt.h 2000/07/27 12:53:27 @@ -33,6 +33,7 @@ char *crypt_des(const char *pw, const char *salt); char *crypt_md5(const char *pw, const char *salt); +char *crypt_sha1(const char *pw, const char *salt); extern void _crypt_to64(char *s, unsigned long v, int n); Index: lib/libutil/Makefile =================================================================== RCS file: /usr2/ncvs/src/lib/libutil/Makefile,v retrieving revision 1.33 diff -u -r1.33 Makefile --- lib/libutil/Makefile 2000/02/14 03:55:27 1.33 +++ lib/libutil/Makefile 2000/08/05 11:09:54 @@ -10,6 +10,10 @@ login_cap.c login_class.c login_auth.c login_times.c login_ok.c \ _secure_path.c uucplock.c property.c auth.c realhostname.c fparseln.c INCS= libutil.h login_cap.h + +LDADD+= -lcrypt +DPADD+= ${LIBCRYPT} + MAN3+= login.3 login_auth.3 login_tty.3 logout.3 logwtmp.3 pty.3 \ setproctitle.3 login_cap.3 login_class.3 login_times.3 login_ok.3 \ _secure_path.3 uucplock.3 property.3 auth.3 realhostname.3 \ Index: lib/libutil/login_cap.c =================================================================== RCS file: /usr2/ncvs/src/lib/libutil/login_cap.c,v retrieving revision 1.18 diff -u -r1.18 login_cap.c --- lib/libutil/login_cap.c 2000/05/21 02:50:36 1.18 +++ lib/libutil/login_cap.c 2000/08/05 06:19:28 @@ -798,3 +798,16 @@ return lc->lc_style; } + +const char * +login_setcryptfmt(login_cap_t *lc, const char *def, const char *error) +{ + const char *cipher; + + cipher = login_getcapstr(lc, "passwd_format", def, NULL); + if (cipher == NULL) + return (error); + if (!crypt_set_format(cipher)) + return (error); + return (cipher); +} Index: lib/libutil/login_cap.h =================================================================== RCS file: /usr2/ncvs/src/lib/libutil/login_cap.h,v retrieving revision 1.3 diff -u -r1.3 login_cap.h --- lib/libutil/login_cap.h 1999/08/28 00:05:46 1.3 +++ lib/libutil/login_cap.h 2000/07/29 07:11:05 @@ -110,6 +110,7 @@ rlim_t login_getcapsize __P((login_cap_t *, const char *, rlim_t, rlim_t)); char *login_getpath __P((login_cap_t *, const char *, char *)); int login_getcapbool __P((login_cap_t *, const char *, int)); +const char *login_setcryptfmt __P((login_cap_t *, const char *, const char *)); int setclasscontext __P((const char*, unsigned int)); int setusercontext __P((login_cap_t*, const struct passwd*, uid_t, unsigned int)); Index: secure/lib/libcrypt/Makefile =================================================================== RCS file: /usr2/ncvs/src/secure/lib/libcrypt/Makefile,v retrieving revision 1.27 diff -u -r1.27 Makefile --- secure/lib/libcrypt/Makefile 2000/07/16 05:52:51 1.27 +++ secure/lib/libcrypt/Makefile 2000/08/16 22:15:13 @@ -16,11 +16,12 @@ .endif .PATH: ${.CURDIR}/../../../lib/libmd ${.CURDIR}/../../../lib/libcrypt -SRCS= crypt.c crypt-md5.c misc.c -STATICSRCS= md5c.c +SRCS= crypt.c crypt-md5.c crypt-sha1.c misc.c +STATICSRCS= md5c.c sha1c.c STATICOBJS= ${STATICSRCS:S/.c/.o/g} SRCS+= crypt-des.c MAN3= crypt.3 +MLINKS= crypt.3 crypt_get_format.3 crypt.3 crypt_set_format.3 CFLAGS+= -I${.CURDIR}/../../../lib/libmd CFLAGS+= -I${.CURDIR}/../../../lib/libcrypt CFLAGS+= -DNONEXPORTABLE_CRYPT Index: usr.bin/passwd/local_passwd.c =================================================================== RCS file: /usr2/ncvs/src/usr.bin/passwd/local_passwd.c,v retrieving revision 1.24 diff -u -r1.24 local_passwd.c --- usr.bin/passwd/local_passwd.c 2000/02/11 14:08:44 1.24 +++ usr.bin/passwd/local_passwd.c 2000/07/29 07:47:39 @@ -172,20 +174,13 @@ #else /* Make a good size salt for algoritms that can use it. */ gettimeofday(&tv,0); - if (strncmp(pw->pw_passwd, "$1$", 3)) { - /* DES Salt */ - to64(&salt[0], random(), 3); - to64(&salt[3], tv.tv_usec, 3); - to64(&salt[6], tv.tv_sec, 2); - salt[8] = '\0'; - } - else { - /* MD5 Salt */ - strncpy(&salt[0], "$1$", 3); - to64(&salt[3], random(), 3); - to64(&salt[6], tv.tv_usec, 3); - salt[8] = '\0'; - } + if (login_setcryptfmt(lc, "md5", NULL) == NULL) + pw_error("cannot set password cipher", 1, 1); + /* Salt suitable for anything */ + to64(&salt[0], random(), 3); + to64(&salt[3], tv.tv_usec, 3); + to64(&salt[6], tv.tv_sec, 2); + salt[8] = '\0'; #endif return (crypt(buf, salt)); } Index: usr.sbin/pw/Makefile =================================================================== RCS file: /usr2/ncvs/src/usr.sbin/pw/Makefile,v retrieving revision 1.11 diff -u -r1.11 Makefile --- usr.sbin/pw/Makefile 2000/01/15 00:20:19 1.11 +++ usr.sbin/pw/Makefile 2000/08/16 22:11:50 @@ -11,8 +11,8 @@ #RND= -DUSE_MD5RAND CFLAGS+= -W -Wall $(CDB) $(RND) -LDADD= -lcrypt -DPADD= ${LIBCRYPT} +LDADD= -lcrypt -lutil +DPADD= ${LIBCRYPT} ${LIBUTIL} BINMODE=0555 Index: usr.sbin/pw/pw_user.c =================================================================== RCS file: /usr2/ncvs/src/usr.sbin/pw/pw_user.c,v retrieving revision 1.42 diff -u -r1.42 pw_user.c --- usr.sbin/pw/pw_user.c 2000/07/20 05:11:56 1.42 +++ usr.sbin/pw/pw_user.c 2000/08/16 22:11:23 @@ -42,6 +42,7 @@ #include #include #include +#include #if defined(USE_MD5RAND) #include #endif @@ -544,11 +545,19 @@ } if ((arg = getarg(args, 'w')) != NULL && getarg(args, 'h') == NULL) { + login_cap_t *lc; + + lc = login_getpwclass(pwd); + if (lc == NULL || + login_setcryptfmt(lc, "md5", NULL) == NULL) + warn("setting crypt(3) format"); + login_close(lc); pwd->pw_passwd = pw_password(cnf, args, pwd->pw_name); edited = 1; } } else { + login_cap_t *lc; /* * Add code @@ -565,13 +574,17 @@ pwd = &fakeuser; pwd->pw_name = a_name->val; pwd->pw_class = cnf->default_class ? cnf->default_class : ""; - pwd->pw_passwd = pw_password(cnf, args, pwd->pw_name); pwd->pw_uid = pw_uidpolicy(cnf, args); pwd->pw_gid = pw_gidpolicy(cnf, args, pwd->pw_name, (gid_t) pwd->pw_uid); pwd->pw_change = pw_pwdpolicy(cnf, args); pwd->pw_expire = pw_exppolicy(cnf, args); pwd->pw_dir = pw_homepolicy(cnf, args, pwd->pw_name); pwd->pw_shell = pw_shellpolicy(cnf, args, NULL); + lc = login_getpwclass(pwd); + if (lc == NULL || login_setcryptfmt(lc, "md5", NULL) == NULL) + warn("setting crypt(3) format"); + login_close(lc); + pwd->pw_passwd = pw_password(cnf, args, pwd->pw_name); edited = 1; if (pwd->pw_uid == 0 && strcmp(pwd->pw_name, "root") != 0) @@ -600,6 +613,7 @@ int b; int istty = isatty(fd); struct termios t; + login_cap_t *lc; if (istty) { if (tcgetattr(fd, &t) == -1) @@ -629,6 +643,11 @@ *p = '\0'; if (!*line) errx(EX_DATAERR, "empty password read on file descriptor %d", fd); + lc = login_getpwclass(pwd); + if (lc == NULL || + login_setcryptfmt(lc, "md5", NULL) == NULL) + warn("setting crypt(3) format"); + login_close(lc); pwd->pw_passwd = pw_pwcrypt(line); edited = 1; } Index: lib/libcrypt/crypt-sha1.c =================================================================== RCS file: crypt-sha1.c diff -N crypt-sha1.c --- /dev/null Wed Aug 16 19:41:12 2000 +++ crypt-sha1.c Thu Aug 3 23:45:27 2000 @@ -0,0 +1,189 @@ +/* + * ---------------------------------------------------------------------------- + * "THE BEER-WARE LICENSE" (Revision 42): + * wrote this file. As long as you retain this notice you + * can do whatever you want with this stuff. If we meet some day, and you think + * this stuff is worth it, you can buy me a beer in return. Poul-Henning Kamp + * ---------------------------------------------------------------------------- + * + * $FreeBSD: src/lib/libcrypt/crypt-md5.c,v 1.5 1999/12/17 20:21:45 peter Exp $ + * + */ + +#if defined(LIBC_SCCS) && !defined(lint) +static const char rcsid[] = \ +"$FreeBSD: src/lib/libcrypt/crypt-md5.c,v 1.5 1999/12/17 20:21:45 peter Exp $"; +#endif /* LIBC_SCCS and not lint */ + +#include +#include +#include +#include +#include +#include "crypt.h" + +#ifdef __PIC__ +#include + +#define SHA1_Init(ctx) dl_SHA1_Init(ctx) +#define SHA1_Update(ctx, data, len) dl_SHA1_Update(ctx, data, len) +#define SHA1_Final(dgst, ctx) dl_SHA1_Final(dgst, ctx) + +static void (*dl_SHA1_Init)(SHA_CTX *); +static void (*dl_SHA1_Update)(SHA_CTX *, const unsigned char *, unsigned int); +static void (*dl_SHA1_Final)(unsigned char digest[16], SHA_CTX *); +#endif + +/* + * UNIX password + */ + +char * +crypt_sha1(pw, salt) + const char *pw; + const char *salt; +{ + static char *magic = "$10$";/* + * This string is magic for + * this algorithm. Having + * it this way, we can get + * get better later on + */ + static char passwd[120], *p; + static const char *sp,*ep; + unsigned char final[SHA_DIGEST_LENGTH]; + int sl,pl,i; + SHA_CTX ctx,ctx1; + unsigned long l; +#ifdef __PIC__ + void *libmd; +#endif + + /* Refine the Salt first */ + sp = salt; + + /* If it starts with the magic string, then skip that */ + if(!strncmp(sp,magic,strlen(magic))) + sp += strlen(magic); + + /* It stops at the first '$', max 8 chars */ + for(ep=sp;*ep && *ep != '$' && ep < (sp+8);ep++) + continue; + + /* get the length of the true salt */ + sl = ep - sp; + +#ifdef __PIC__ + libmd = dlopen("libmd.so", RTLD_NOW); + if (libmd == NULL) { + warnx("libcrypt-sha1: dlopen(libmd.so): %s\n", dlerror()); + return NULL; + } + dl_SHA1_Init = dlsym(libmd, "SHA1_Init"); + if (dl_SHA1_Init == NULL) { + warnx("libcrypt-sha1: looking for SHA1_Init: %s\n", dlerror()); + dlclose(libmd); + return NULL; + } + dl_SHA1_Update = dlsym(libmd, "SHA1_Update"); + if (dl_SHA1_Update == NULL) { + warnx("libcrypt-sha1: looking for SHA1_Update: %s\n", dlerror()); + dlclose(libmd); + return NULL; + } + dl_SHA1_Final = dlsym(libmd, "SHA1_Final"); + if (dl_SHA1_Final == NULL) { + warnx("libcrypt-sha1: looking for SHA1_Final: %s\n", dlerror()); + dlclose(libmd); + return NULL; + } +#endif + SHA1_Init(&ctx); + + /* The password first, since that is what is most unknown */ + SHA1_Update(&ctx,pw,strlen(pw)); + + /* Then our magic string */ + SHA1_Update(&ctx,magic,strlen(magic)); + + /* Then the raw salt */ + SHA1_Update(&ctx,sp,sl); + + /* Then just as many characters of the SHA1(pw,salt,pw) */ + SHA1_Init(&ctx1); + SHA1_Update(&ctx1,pw,strlen(pw)); + SHA1_Update(&ctx1,sp,sl); + SHA1_Update(&ctx1,pw,strlen(pw)); + SHA1_Final(final,&ctx1); + for(pl = strlen(pw); pl > 0; pl -= SHA_DIGEST_LENGTH) + SHA1_Update(&ctx, final, pl > SHA_DIGEST_LENGTH ? + SHA_DIGEST_LENGTH : pl); + + /* Don't leave anything around in vm they could use. */ + memset(final,0,sizeof final); + + /* Then something really weird... */ + for (i = strlen(pw); i ; i >>= 1) + if(i&1) + SHA1_Update(&ctx, final, 1); + else + SHA1_Update(&ctx, pw, 1); + + /* Now make the output string */ + strcpy(passwd,magic); + strncat(passwd,sp,sl); + strcat(passwd,"$"); + + SHA1_Final(final,&ctx); + + /* + * and now, just to make sure things don't run too fast + * On a 60 Mhz Pentium this takes 34 msec, so you would + * need 30 seconds to build a 1000 entry dictionary... + */ + for(i=0;i<1000;i++) { + SHA1_Init(&ctx1); + if(i & 1) + SHA1_Update(&ctx1,pw,strlen(pw)); + else + SHA1_Update(&ctx1,final,SHA_DIGEST_LENGTH); + + if(i % 3) + SHA1_Update(&ctx1,sp,sl); + + if(i % 7) + SHA1_Update(&ctx1,pw,strlen(pw)); + + if(i & 1) + SHA1_Update(&ctx1,final,SHA_DIGEST_LENGTH); + else + SHA1_Update(&ctx1,pw,strlen(pw)); + SHA1_Final(final,&ctx1); + } + +#ifdef __PIC__ + dlclose(libmd); +#endif + p = passwd + strlen(passwd); + + l = (final[ 0]<<16) | (final[ 7]<<8) | final[14]; + _crypt_to64(p,l,4); p += 4; + l = (final[ 1]<<16) | (final[ 8]<<8) | final[15]; + _crypt_to64(p,l,4); p += 4; + l = (final[ 2]<<16) | (final[ 9]<<8) | final[16]; + _crypt_to64(p,l,4); p += 4; + l = (final[ 3]<<16) | (final[10]<<8) | final[17]; + _crypt_to64(p,l,4); p += 4; + l = (final[ 4]<<16) | (final[11]<<8) | final[18]; + _crypt_to64(p,l,4); p += 4; + l = (final[ 5]<<16) | (final[12]<<8) | final[19]; + _crypt_to64(p,l,4); p += 4; + l = (final[ 6]<<8) | final[13]; + _crypt_to64(p,l,3); p += 3; + *p = '\0'; + + /* Don't leave anything around in vm they could use. */ + memset(final,0,sizeof final); + + return passwd; +} Index: lib/libutil/Makefile =================================================================== RCS file: /usr2/ncvs/src/lib/libutil/Makefile,v retrieving revision 1.33 diff -u -r1.33 Makefile --- lib/libutil/Makefile 2000/02/14 03:55:27 1.33 +++ lib/libutil/Makefile 2000/08/17 04:12:05 @@ -10,6 +10,10 @@ login_cap.c login_class.c login_auth.c login_times.c login_ok.c \ _secure_path.c uucplock.c property.c auth.c realhostname.c fparseln.c INCS= libutil.h login_cap.h + +LDADD+= -lcrypt +DPADD+= ${LIBCRYPT} + MAN3+= login.3 login_auth.3 login_tty.3 logout.3 logwtmp.3 pty.3 \ setproctitle.3 login_cap.3 login_class.3 login_times.3 login_ok.3 \ _secure_path.3 uucplock.3 property.3 auth.3 realhostname.3 \ @@ -25,7 +29,7 @@ login_cap.3 login_getstyle.3 login_cap.3 login_getcaptime.3 \ login_cap.3 login_getcapnum.3 login_cap.3 login_getcapsize.3 \ login_cap.3 login_getcapbool.3 login_cap.3 login_getpath.3 \ - login_cap.3 login_getpwclass.3 + login_cap.3 login_getpwclass.3 login_cap.3 login_setcryptfmt.3 MLINKS+=login_class.3 setusercontext.3 login_class.3 setclasscontext.3 \ login_class.3 setclassenvironment.3 login_class.3 setclassresources.3 MLINKS+=login_times.3 parse_lt.3 login_times.3 in_ltm.3 \ Index: lib/libutil/login_cap.3 =================================================================== RCS file: /usr2/ncvs/src/lib/libutil/login_cap.3,v retrieving revision 1.20 diff -u -r1.20 login_cap.3 --- lib/libutil/login_cap.3 2000/07/06 20:13:42 1.20 +++ lib/libutil/login_cap.3 2000/08/17 04:11:23 @@ -34,7 +34,8 @@ .Nm login_getclassbyname , .Nm login_getpwclass , .Nm login_getstyle , -.Nm login_getuserclass +.Nm login_getuserclass , +.Nm login_setcryptfmt .Nd functions for accessing the login class capabilities database. .Sh LIBRARY .Lb libutil @@ -67,6 +68,8 @@ .Fn login_getcapbool "login_cap_t *lc" "const char *cap" "int def" .Ft char * .Fn login_getstyle "login_cap_t *lc" "char *style" "const char *auth" +.Ft const char * +.Fn login_setcryptfmt "login_cap_t *lc" "const char *def" "const char *error" .Sh DESCRIPTION These functions represent a programming interface to the login classes database provided in @@ -396,8 +399,25 @@ network, and standard methods via direct dialup or console logins, significantly reducing the risk of password discovery by "snooping" network packets. +.It Fn login_setcryptfmt +The +.Fn login_setcryptfmt +function is used to set the +.Xr crypt 3 +format using the +.Ql passwd_format +configuration entry. +If no entry is found, +.Fa def +is taken to be used as the fallback. +If calling +.Xr crypt_set_format 3 +on the specifier fails, +.Fa error +is returned to indicate this. .El .Sh SEE ALSO +.Xr crypt 3 , .Xr getcap 3 , .Xr login_class 3 , .Xr login.conf 5 ,