add support for sha256/sha512 and default to sha512

2 files changed, 20 insertions, 3 deletions

diff --git a/perl-install/NEWS b/perl-install/NEWS
index e74a7d043..932903c0b 100644
--- a/perl-install/NEWS
+++ b/perl-install/NEWS
@@ -1,5 +1,6 @@
 - drakboot:
   o fix .old backup for grub2's grub.cfg
+- authentication: add support for sha256/sha512 and default to sha512
 
 Version 17.52 - 17 July 2016
 
diff --git a/perl-install/authentication.pm b/perl-install/authentication.pm
index 65d9950fa..6c9bea33d 100644
--- a/perl-install/authentication.pm
+++ b/perl-install/authentication.pm
@@ -272,6 +272,8 @@ sub get() {
     my $authentication = {
 	blowfish => to_bool($system_auth =~ /\$2a\$/),
 	md5      => to_bool($system_auth =~ /md5/), 
+	sha256   => to_bool($system_auth =~ /sha256/),
+	sha512   => to_bool($system_auth =~ /sha512/),
 	shadow   => to_bool($system_auth =~ /shadow/),
     };
 
@@ -810,9 +812,23 @@ sub user_crypted_passwd {
 	require utf8;
 	utf8::encode($u->{password}); #- we don't want perl to do "smart" things in crypt()
 
-	crypt($u->{password}, 
-	      !$authentication || $authentication->{blowfish} ? '$2a$08$' . salt(60) :
-	      $authentication->{md5} ? '$1$' . salt(8) : salt(2));
+	# Default to sha512
+	$authentication = { sha512 => 1 } unless $authentication;
+
+	my $salt;
+	if ($authentication->{blowfish}) {
+	    $salt = '$2a$08$' . salt(60);
+	} elsif ($authentication->{md5}) {
+	    $salt = '$1$' . salt(8);
+	} elsif ($authentication->{sha256}) {
+	    $salt = '$5$' . salt(32);
+	} elsif ($authentication->{sha512}) {
+	    $salt = '$6$' . salt(64);
+	} else {
+	    $salt = salt(2);
+	}
+
+	crypt($u->{password}, $salt);
     } else {
 	$u->{pw} || '';
     }