#
a2f733ab |
|
24-Nov-2023 |
Warner Losh <imp@FreeBSD.org> |
lib: Automated cleanup of cdefs and other formatting Apply the following automated changes to try to eliminate no-longer-needed sys/cdefs.h includes as well as now-empty blank lines in a row. Remove /^#if.*\n#endif.*\n#include\s+<sys/cdefs.h>.*\n/ Remove /\n+#include\s+<sys/cdefs.h>.*\n+#if.*\n#endif.*\n+/ Remove /\n+#if.*\n#endif.*\n+/ Remove /^#if.*\n#endif.*\n/ Remove /\n+#include\s+<sys/cdefs.h>\n#include\s+<sys/types.h>/ Remove /\n+#include\s+<sys/cdefs.h>\n#include\s+<sys/param.h>/ Remove /\n+#include\s+<sys/cdefs.h>\n#include\s+<sys/capsicum.h>/ Sponsored by: Netflix
|
#
1d386b48 |
|
16-Aug-2023 |
Warner Losh <imp@FreeBSD.org> |
Remove $FreeBSD$: one-line .c pattern Remove /^[\s*]*__FBSDID\("\$FreeBSD\$"\);?\s*\n/
|
#
4d846d26 |
|
10-May-2023 |
Warner Losh <imp@FreeBSD.org> |
spdx: The BSD-2-Clause-FreeBSD identifier is obsolete, drop -FreeBSD The SPDX folks have obsoleted the BSD-2-Clause-FreeBSD identifier. Catch up to that fact and revert to their recommended match of BSD-2-Clause. Discussed with: pfg MFC After: 3 days Sponsored by: Netflix
|
#
7d232d64 |
|
06-Dec-2021 |
Jessica Clarke <jrtc27@FreeBSD.org> |
libcrypt: Drop inclusion of libutil.h This was rendered obsolete in 2012 by a0ee974f0bad, since auth_getval was the only reason the header was included. MFC after: 1 week
|
#
5e53a4f9 |
|
25-Nov-2017 |
Pedro F. Giffuni <pfg@FreeBSD.org> |
lib: further adoption of SPDX licensing ID tags. Mainly focus on files that use BSD 2-Clause license, however the tool I was using mis-identified many licenses so this was mostly a manual - error prone - task. The Software Package Data Exchange (SPDX) group provides a specification to make it easier for automated tools to detect and summarize well known opensource licenses. We are gradually adopting the specification, noting that the tags are considered only advisory and do not, in any way, superceed or replace the license texts.
|
#
5f521d7b |
|
10-Aug-2016 |
Ed Schouten <ed@FreeBSD.org> |
Make libcrypt thread-safe. Add crypt_r(3). glibc has a pretty nice function called crypt_r(3), which is nothing more than crypt(3), but thread-safe. It accomplishes this by introducing a 'struct crypt_data' structure that contains a buffer that is large enough to hold the resulting string. Let's go ahead and also add this function. It would be a shame if a useful function like this wouldn't be usable in multithreaded apps. Refactor crypt.c and all of the backends to no longer declare static arrays, but write their output in a provided buffer. There is no need to do any buffer length computation here, as we'll just need to ensure that 'struct crypt_data' is large enough, which it is. _PASSWORD_LEN is defined to 128 bytes, but in this case I'm picking 256, as this is going to be part of the actual ABI. Differential Revision: https://reviews.freebsd.org/D7306
|
#
e4978d34 |
|
09-Oct-2014 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Change the hardcoded default back from SHA512 to DES. PR: 192277 MFC after: 3 days
|
#
0cb06892 |
|
28-May-2014 |
Hajimu UMEMOTO <ume@FreeBSD.org> |
Don't break the legacy applications which set just 2 bytes to salt. MFC after: 1 week
|
#
5280a314 |
|
26-Apr-2014 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
r261913 broke DES passwords, because the only way they could work, since they don't have an easily recognizable signature, was if they were the default. This commit rewrites crypt_set_format(3) etc to address this: - Use a pointer instead of an index to identify the default format. This pointer is initialized at compile time to point to the first first element in the list of supported formats, eliminating the need for crypt_setdefault(). Using a pointer also simplifies iterating through the list. - Associate DES with the magic string "_", which takes care of the Extended DES format. - Finally, as a special case, if the salt does not match any known magic string but matches ^[./0-9A-Za-z]{13}$, it is assumed to be a DES password and is passed on to crypt_des(). MFC after: 1 week
|
#
e401beb7 |
|
15-Feb-2014 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Switch the hardcoded default hash function from MD5 / DES to SHA512.
|
#
a0ee974f |
|
12-Jun-2012 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Stop using auth_getval() now that it always returns NULL. Instead, hardcode the default to what it would be if we didn't hardcode it, i.e. DES if supported and MD5 otherwise. MFC after: 3 weeks
|
#
ad45dd41 |
|
04-May-2011 |
David E. O'Brien <obrien@FreeBSD.org> |
s/shaN_crypt/crypt_shaN/g to be a more consistent with the existing naming. Reviewed by: markm
|
#
3d6f63c0 |
|
09-Apr-2011 |
Mark Murray <markm@FreeBSD.org> |
Add SHA256/512 ($5$ and $6$) to crypt(3). Used in linux-world, doesn't hurt us. PR: misc/124164 Submitted by: KIMURA Yasuhiro < yasu utahime org > MFC after: 1 month
|
#
a7d5f7eb |
|
19-Oct-2010 |
Jamie Gritton <jamie@FreeBSD.org> |
A new jail(8) with a configuration file, to replace the work currently done by /etc/rc.d/jail.
|
#
fe0506d7 |
|
09-Mar-2010 |
Marcel Moolenaar <marcel@FreeBSD.org> |
Create the altix project branch. The altix project will add support for the SGI Altix 350 to FreeBSD/ia64. The hardware used for porting is a two-module system, consisting of a base compute module and a CPU expansion module. SGI's NUMAFlex architecture can be an excellent platform to test CPU affinity and NUMA-aware features in FreeBSD.
|
#
d7f03759 |
|
19-Oct-2008 |
Ulf Lilleengen <lulf@FreeBSD.org> |
- Import the HEAD csup code which is the basis for the cvsmode work.
|
#
bf513f69 |
|
02-Jun-2003 |
Mark Murray <markm@FreeBSD.org> |
Add a new hash type. This "NT-hash" is compatible with the password hashing scheme used in Microsoft's NT machines. IT IS NOT SECURE! DON'T USE IT! This is for the use of competent sysadmins only! Submitted by: Michael Bretterklieber
|
#
f2ac424a |
|
06-Mar-2002 |
Mark Murray <markm@FreeBSD.org> |
No functional change, but big code cleanup. WARNS, lint(1) and style(9).
|
#
e67f5b9f |
|
16-Sep-2001 |
Matthew Dillon <dillon@FreeBSD.org> |
Implement __FBSDID()
|
#
8af1452c |
|
13-Aug-2001 |
Ruslan Ermilov <ru@FreeBSD.org> |
Removed duplicate VCS ID tags, as per style(9).
|
#
5c129616 |
|
11-Mar-2001 |
Mark Murray <markm@FreeBSD.org> |
Add OpenBSD-style blowfish password hashing. This makes one less gratuitous difference between us and our sister project. This was given to me _ages_ ago. May apologies to Paul for the length of time its taken me to commit. Obtained from: Niels Provos <provos@physnet.uni-hamburg.de>/OpenBSD Submitted by: Paul Herman <pherman@frenchfries.net>
|
#
65c10f6d |
|
28-Dec-2000 |
Peter Wemm <peter@FreeBSD.org> |
Hindsight is wonderful, but I got cold feet over the crypt(3) default so I am backing it out for now. The problem is that some random program calling crypt() could be passing a DES salt and the crypt(3) library would encrypt it in md5 mode and there would be a password mismatch as a result. I wrote a validater function for the DES code to verify that a salt is valid for DES, but I realized there were too many strange things to go wrong. passwd(1), pw(8) etc still generate md5 passwords by default for /etc/master.passwd, so this is almost academic. It is a big deal for things that have their own crypt(3)-ed password strings (.htaccess, etc etc). Those are the things I do not want to break. My DES salt recognizer basically checked if the salt was either 2 or 13 characters long, or began with '_' (_PASSWORD_EFMT1). I think it would have worked but I have seen way too much crypt() mishandling in the past.
|
#
9886bcdf |
|
28-Dec-2000 |
Peter Wemm <peter@FreeBSD.org> |
Merge into a single US-exportable libcrypt, which only provides one-way hash functions for authentication purposes. There is no more "set the libcrypt->libXXXcrypt" nightmare. - Undo the libmd.so hack, use -D to hide the md5c.c internals. - Remove the symlink hacks in release/Makefile - the algorthm is set by set_crypt_format() as before. If this is not called, it tries to heuristically figure out the hash format, and if all else fails, it uses the optional auth.conf entry to chose the overall default hash. - Since source has non-hidden crypto in it there may be some issues with having the source it in some countries, so preserve the "secure/*" division. You can still build a des-free libcrypt library if you want to badly enough. This should not be a problem in the US or exporting from the US as freebsd.org had notified BXA some time ago. That makes this stuff re-exportable by anyone. - For consistancy, the default in absence of any other clues is md5. This is to try and minimize POLA across buildworld where folk may suddenly be activating des-crypt()-hash support. Since the des hash may not always be present, it seemed sensible to make the stronger md5 algorithm the default. All things being equal, no functionality is lost. Reviewed-by: jkh (flame-proof suit on)
|
#
da140a05 |
|
24-Aug-2000 |
Brian Feldman <green@FreeBSD.org> |
Still have to support libscrypt for now :( Add #defines to take DES out for it.
|
#
04c9749f |
|
21-Aug-2000 |
Brian Feldman <green@FreeBSD.org> |
Add working and easy crypt(3)-switching. Yes, we need a whole new API for crypt(3) by now. In any case: Add crypt_set_format(3) + documentation to -lcrypt. Add login_setcryptfmt(3) + documentation to -lutil. Support for switching crypt formats in passwd(8). Support for switching crypt formats in pw(8). The simple synopsis is: edit login.conf; add a passwd_format field set to "des" or "md5"; go nuts :) Reviewed by: peter
|
#
0ade301d |
|
06-Jan-2000 |
Kris Kennaway <kris@FreeBSD.org> |
Zap SHA1 password support. This will be re-implemented at a later date.
|
#
3ab9676a |
|
22-Sep-1999 |
Mark Murray <markm@FreeBSD.org> |
Never return NULL, always return a hash. Submitted by: dt
|
#
e9a56ad5 |
|
19-Sep-1999 |
Mark Murray <markm@FreeBSD.org> |
Big code cleanup. (Inspired by Brandon Gillespie). Also move as much as possible away from secure/ to make extending easier.
|
#
a1a4f1a0 |
|
27-Aug-1999 |
Peter Wemm <peter@FreeBSD.org> |
$Header$ -> $FreeBSD$
|
#
7f3dea24 |
|
27-Aug-1999 |
Peter Wemm <peter@FreeBSD.org> |
$Id$ -> $FreeBSD$
|
#
4fdd3d54 |
|
23-Jan-1999 |
Mark Murray <markm@FreeBSD.org> |
The new crypt code broke "make world". Back it out.
|
#
da5c7089 |
|
21-Jan-1999 |
Brandon Gillespie <brandon@FreeBSD.org> |
Rewrite of crypt library to be more modular, and addition of the Secure Hashing Algorithm - 1 (SHA-1), along with the further refinement of what $x$salt$hash means. With this new crypt the following are all acceptable: $1$ $MD5$ $SHA1$ Note: $2$ is used by OpenBSD's Blowfish, which I considered adding as $BF$, but there is no actual need for it with SHA-1. However, somebody wishing to add OpenBSD password support could easilly add it in now. There is also a malloc_crypt() available in the library now, which behaves exactly the same as crypt(), but it uses a malloced buffer instead of a static buffer. However, this is not standard so will likely not be used much (at all). Also, for those interested I did a brief speed test Pentium 166/MMX, which shows the DES crypt to do approximately 2640 crypts a CPU second, MD5 to do about 62 crypts a CPU second and SHA1 to do about 18 crypts a CPU second. Reviewed by: Mark Murray
|
#
7e546392 |
|
22-Feb-1997 |
Peter Wemm <peter@FreeBSD.org> |
Revert $FreeBSD$ to $Id$
|
#
1130b656 |
|
14-Jan-1997 |
Jordan K. Hubbard <jkh@FreeBSD.org> |
Make the long-awaited change from $Id$ to $FreeBSD$ This will make a number of things easier in the future, as well as (finally!) avoiding the Id-smashing problem which has plagued developers for so long. Boy, I'm glad we're not using sup anymore. This update would have been insane otherwise.
|
#
139107f0 |
|
14-Oct-1996 |
Poul-Henning Kamp <phk@FreeBSD.org> |
A couple of minor nits. Submitted by: Craig Leres <leres@ee.lbl.gov> Submitted by: Theo Deraadt <deraadt@theos.com>
|
#
51295a4d |
|
12-Jul-1996 |
Jordan K. Hubbard <jkh@FreeBSD.org> |
General -Wall warning cleanup, part I. Submitted-By: Kent Vander Velden <graphix@iastate.edu>
|
#
6c06b4e2 |
|
29-May-1995 |
Rodney W. Grimes <rgrimes@FreeBSD.org> |
Remove trailing whitespace.
|
#
3b2b7f71 |
|
07-Nov-1994 |
Poul-Henning Kamp <phk@FreeBSD.org> |
*** ATTENTION *** YOU MIGHT BE ABOUT TO BE HOSED *** ATTENTION *** This effectively changes the non-DES password algoritm. If you have the "securedist" installed you will have no problems with this. (Though you might want to consider using this password-encryption instead of the DES-based if your system is likely to be hacked) If you are running a -current system without the "securedist" installed: YOU WILL NEED TO CHANGE ALL PASSWORDS !! There is no backwards mode. Suggested procedure is: Update your sources cd /usr/src/lib/libcrypt make clean make all make install passwd root <set roots new password> change password for any other users on the system. This algorithm is expected to be much better than the traditional DES- based algorithm. It uses the MD5 algorithm at what it is best at, as opposed to the DES algorithm at something it isn't good at at all. The algorithm is designed such that it should very hard to shortcut the calculations needed to build a dictionary, and to make partial knowledge (Hmm, his password starts with a 'P'...) useless. Of course if somebody breaks the MD5 algorithm this looses too. The salt is 48 bits (8 char @ base64). The encrypted password is 128 bits. And I am positively delighted to say that it takes 34 msec to crypt() a password on a Pentium/60Mhz, so building a dictionary is not really an option for hackers at the moment.
|
#
0e27b8d5 |
|
09-Aug-1994 |
Geoff Rehmet <csgr@FreeBSD.org> |
Nates password scrambler, from FreebSD 1.1.5, but with everything except crypt() ripped out Reviewed by: Geoff Rehmet Submitted by: Nate Williams
|