diff options
-rw-r--r-- | perl-install/NEWS | 1 | ||||
-rw-r--r-- | perl-install/authentication.pm | 22 |
2 files changed, 20 insertions, 3 deletions
diff --git a/perl-install/NEWS b/perl-install/NEWS index e74a7d043..932903c0b 100644 --- a/perl-install/NEWS +++ b/perl-install/NEWS @@ -1,5 +1,6 @@ - drakboot: o fix .old backup for grub2's grub.cfg +- authentication: add support for sha256/sha512 and default to sha512 Version 17.52 - 17 July 2016 diff --git a/perl-install/authentication.pm b/perl-install/authentication.pm index 65d9950fa..6c9bea33d 100644 --- a/perl-install/authentication.pm +++ b/perl-install/authentication.pm @@ -272,6 +272,8 @@ sub get() { my $authentication = { blowfish => to_bool($system_auth =~ /\$2a\$/), md5 => to_bool($system_auth =~ /md5/), + sha256 => to_bool($system_auth =~ /sha256/), + sha512 => to_bool($system_auth =~ /sha512/), shadow => to_bool($system_auth =~ /shadow/), }; @@ -810,9 +812,23 @@ sub user_crypted_passwd { require utf8; utf8::encode($u->{password}); #- we don't want perl to do "smart" things in crypt() - crypt($u->{password}, - !$authentication || $authentication->{blowfish} ? '$2a$08$' . salt(60) : - $authentication->{md5} ? '$1$' . salt(8) : salt(2)); + # Default to sha512 + $authentication = { sha512 => 1 } unless $authentication; + + my $salt; + if ($authentication->{blowfish}) { + $salt = '$2a$08$' . salt(60); + } elsif ($authentication->{md5}) { + $salt = '$1$' . salt(8); + } elsif ($authentication->{sha256}) { + $salt = '$5$' . salt(32); + } elsif ($authentication->{sha512}) { + $salt = '$6$' . salt(64); + } else { + $salt = salt(2); + } + + crypt($u->{password}, $salt); } else { $u->{pw} || ''; } |