# This is a shell archive. Save it in a file, remove anything before # this line, and then unpack it by entering "sh file". Note, it may # create directories; files and directories will be owned by you and # have default permissions. # # This archive contains: # # login.conf.5.patch # login.conf.patch # pam_unix.c.patch # echo x - login.conf.5.patch sed 's/^X//' >login.conf.5.patch << 'd004b1f1103394d3b7210e3d0b27e4cf' X--- /usr/src/lib/libutil/login.conf.5.orig 2013-09-30 10:15:58.000000000 -0400 X+++ /usr/src/lib/libutil/login.conf.5 2013-09-30 10:16:20.000000000 -0400 X@@ -275,7 +275,15 @@ X NIS clients using a X .No non- Ns Fx X NIS server should probably use "des". X-.It "passwd_prompt string The password prompt presented by" X+.It "passwd_modular string $02$08$ The encryption format that new or" X+changed passwords will use, based on the X+.Xr crypt 3 X+magic constants. Overrides passwd_format when set. Valid values include "disabled" to fall back to passwd_format, $02$08$ would be blf with work factor 8, or $6$rounds=5000$ would be sha512 with 5000 rounds, will accept any of the magic salt values from X+.Xr crypt 3 X+Be aware that setting this to an invalid crypt magic will likely fall back to des. Appending text to after the salt magic, (e.g. $02$08$dontdothis) will weaken the salt. Please refer to X+.Xr crypt 3 X+for proper syntax and useage. X+.It "passwd_prompt string The password prompt presented by X .Xr login 1 X .It "times.allow list List of time periods during which" X logins are allowed. d004b1f1103394d3b7210e3d0b27e4cf echo x - login.conf.patch sed 's/^X//' >login.conf.patch << '91dbd97499532c598f33fd04820120bd' X--- /etc/login.conf.orig 2013-09-30 10:18:16.000000000 -0400 X+++ /etc/login.conf 2013-09-30 10:18:38.000000000 -0400 X@@ -24,6 +24,7 @@ X X default:\ X :passwd_format=sha512:\ X+ :passwd_modular=$2a$08$:\ X :copyright=/etc/COPYRIGHT:\ X :welcome=/etc/motd:\ X :setenv=MAIL=/var/mail/$,BLOCKSIZE=K:\ 91dbd97499532c598f33fd04820120bd echo x - pam_unix.c.patch sed 's/^X//' >pam_unix.c.patch << '9833db6189445b1dfe20e210ed2256ff' X--- /usr/src/lib/libpam/modules/pam_unix/pam_unix.c.orig 2013-09-30 10:16:06.000000000 -0400 X+++ /usr/src/lib/libpam/modules/pam_unix/pam_unix.c 2013-09-30 10:16:35.000000000 -0400 X@@ -68,8 +68,9 @@ X #include X X #define PASSWORD_HASH "md5" X+#define NOMODULAR "disabled" X #define DEFAULT_WARN (2L * 7L * 86400L) /* Two weeks */ X-#define SALTSIZE 32 X+#define SALTSIZE 64 X X #define LOCKED_PREFIX "*LOCKED*" X #define LOCKED_PREFIX_LEN (sizeof(LOCKED_PREFIX) - 1) X@@ -77,6 +78,7 @@ X static void makesalt(char []); X X static char password_hash[] = PASSWORD_HASH; X+static char password_nomodular[] = NOMODULAR; X X #define PAM_OPT_LOCAL_PASS "local_pass" X #define PAM_OPT_NIS_PASS "nis_pass" X@@ -272,7 +274,7 @@ X char salt[SALTSIZE + 1]; X login_cap_t *lc; X struct passwd *pwd, *old_pwd; X- const char *user, *old_pass, *new_pass; X+ const char *user, *old_pass, *new_pass, *modular_salt; X char *encrypted; X time_t passwordtime; X int pfd, tfd, retval; X@@ -378,9 +380,16 @@ X return (PAM_BUF_ERR); X X lc = login_getclass(pwd->pw_class); X+ X+ memset(salt, 0, sizeof(salt)); X+ modular_salt = login_getcapstr(lc, "passwd_modular", password_nomodular, NULL); X+ if (strcmp(modular_salt, password_nomodular) == 0) { X if (login_setcryptfmt(lc, password_hash, NULL) == NULL) X openpam_log(PAM_LOG_ERROR, X "can't set password cipher, relying on default"); X+ } else { X+ strncpy(salt, modular_salt, sizeof(salt) - 1); X+ } X X /* set password expiry date */ X pwd->pw_change = 0; X@@ -464,13 +473,25 @@ X makesalt(char salt[SALTSIZE + 1]) X { X int i; X+ int remainder; X+ X+ /* If a salt magic has already been set, skip to the free area */ X+ for (i = 0; i < SALTSIZE; i++) { X+ if (salt[i] == '\0') { X+ break; X+ } X+ } X X /* These are not really random numbers, they are just X * numbers that change to thwart construction of a X * dictionary. X */ X- for (i = 0; i < SALTSIZE; i += 4) X- to64(&salt[i], arc4random(), 4); X+ while (i < SALTSIZE) { X+ remainder = SALTSIZE - i; X+ to64(&salt[i], arc4random(), (remainder < 4 ? remainder : 4) ); X+ i += 4; X+ } X+ X salt[SALTSIZE] = '\0'; X } X 9833db6189445b1dfe20e210ed2256ff exit