From owner-FreeBSD-users-jp@jp.freebsd.org  Wed Apr 26 15:40:55 2000
Received: (from daemon@localhost)
	by castle.jp.freebsd.org (8.9.3+3.2W/8.7.3) id PAA76063;
	Wed, 26 Apr 2000 15:40:55 +0900 (JST)
	(envelope-from owner-FreeBSD-users-jp@jp.FreeBSD.org)
Received: from rins.st.ryukoku.ac.jp (rins.st.ryukoku.ac.jp [133.83.4.1])
	by castle.jp.freebsd.org (8.9.3+3.2W/8.7.3) with ESMTP id PAA76058
	for <FreeBSD-users-jp@jp.freebsd.org>; Wed, 26 Apr 2000 15:40:54 +0900 (JST)
	(envelope-from kjm@ideon.st.ryukoku.ac.jp)
Received: from ideon.st.ryukoku.ac.jp (ideon.st.ryukoku.ac.jp [133.83.36.5])
	by rins.st.ryukoku.ac.jp (8.9.3+3.2W/3.7W/RINS-1.9.6-NOSPAM) with ESMTP id PAA26228
	for <FreeBSD-users-jp@jp.freebsd.org>; Wed, 26 Apr 2000 15:40:50 +0900 (JST)
Received: from ideon.st.ryukoku.ac.jp (kjm@localhost [127.0.0.1])
	by ideon.st.ryukoku.ac.jp (8.9.3/3.7W/kjm-19990628) with ESMTP id PAA23991
	for <FreeBSD-users-jp@jp.freebsd.org>; Wed, 26 Apr 2000 15:40:50 +0900 (JST)
From: kjm@rins.ryukoku.ac.jp (KOJIMA Hajime /
    =?ISO-2022-JP?B?GyRCPi5FZ0glGyhC?=)
To: FreeBSD-users-jp@jp.freebsd.org
In-reply-to: Your message of "Wed, 26 Apr 2000 14:39:48 JST."
	<200004260539.OAA17185@muse.hans.or.jp>
Mime-Version: 1.0
Content-Type: text/plain; charset=iso-2022-jp
Date: Wed, 26 Apr 2000 15:40:50 +0900
Message-ID: <23987.956731250@ideon.st.ryukoku.ac.jp>
Reply-To: FreeBSD-users-jp@jp.freebsd.org
Precedence: list
X-Distribute: distribute version 2.1 (Alpha) patchlevel 24e+000315
X-Sequence: FreeBSD-users-jp 51402
Subject: [FreeBSD-users-jp 51402] Re: about MD5 and OpenSSH
Errors-To: owner-FreeBSD-users-jp@jp.freebsd.org
Sender: owner-FreeBSD-users-jp@jp.freebsd.org
X-Originator: kjm@ideon.st.ryukoku.ac.jp

  3.4 $BMQ$N9q:]HG(B crypto $B$J$s$F$N$,$G$-$?$s$G$9$M!#(B

<ftp://ftp4.jp.freebsd.org/pub/FreeBSD-nonUS/releases/i386/3.4-RELEASE/crypto/>

<200004260539.OAA17185@muse.hans.or.jp>$B$K$*$$$F(B
Teruhiko Shinmura $B$5$s$,$*$C$7$c$k$K$O(B:
| 
| FreeBSD 4.0-RELEASE $B$r(B UNIX USER $B;o(B 5 $B7n9f$NIUO?(B CD-ROM $B$+$i%$%s%9(B
| $B%H!<%k$7$F$$$k$H$3$m$G$9!#(B
| $B%Q%9%o!<%IJ}<0$r(B DES $B$G$O$J$/(B MD5 $B$rA*Br$7(B 4.0 $B$+$iF~$k$h$&$K$J$C(B
| $B$?(B OpenSSH $B$d(B OpenSSL $B$J$I$r;HMQ$9$k$K$O$I$N$h$&$K$7$?$iNI$$$N$G$7$g(B
| $B$&$+(B?
| 
| $B%$%s%9%H!<%k$NESCf$G(B crypto $B$rA*Br$9$l$P(B OpenSSH $B$d(B OpenSSL $B$J$I$,(B
| $B%$%s%9%H!<%k$5$l$k$h$&$G$9$,!"(BDES $BJ}<0$N%Q%9%o!<%I$K$J$k$N$GA0$N%P!<(B
| $B%8%g%s$N%Q%9%o!<%I%U%!%$%k$+$i$=$N$^$^0\9T$G$-$J$$$N$G$O(B?$B$H;W$$$^(B
| $B$9!#(B

  MD5 $B$N$^$^$GLdBj$J$/;H$($^$9!#$?$@$7!"(Bpasswd $B%3%^%s%I$GJQ99$9$k$H(B
  DES $B$K$J$C$A$c$&$h$&$J5$$,$7$^$9!#(B

| $B$^$?(B DES $B$N>l9g!"I8=`$G$O(B?$B:GBg(B 8 $BJ8;z$^$G$N%Q%9%o!<%I$7$+@_Dj$G$-(B
| $B$J$$$HJ9$-$^$7$?!#(B
| $B0JA0$+$i(B MD5 $BJ}<0$N%Q%9%o!<%I$r;HMQ$7$F$-$^$7$?$N$G$I$N$h$&$K$7$h(B
| $B$&$+G:$s$G$$$^$9!#(B

  $B<j85$G$O(B passwd $B%3%^%s%I$r$$$8$C$F!"%*%W%7%g%s$G(B MD5 $B$bA*Br$G$-$k$h(B
  $B$&$K$7$^$7$?!#0J2<$O(B FreeBSD 3.4-RELEASE $BMQ$G!"$7$+$b(B cracklib $B$r(B
  link $B$9$k$h$&$K$7$F$$$k$b$N$G$9$,!";29M$K$O$J$k$H;W$$$^$9!#(B-D $B$G(B DES
  $B%Q%9%o!<%I!"(B-5 $B$G(B MD5 $B%Q%9%o!<%I$r@_Dj$7$^$9!#(B

--- Makefile.dist	Tue Mar  7 20:14:58 2000
+++ Makefile	Tue Mar  7 20:18:31 2000
@@ -10,10 +10,10 @@
 
 GENSRCS=yp.h yp_clnt.c yppasswd.h yppasswd_clnt.c \
 	yppasswd_private.h yppasswd_private_clnt.c yppasswd_private_xdr.c
-CFLAGS+=-Wall -DPASSWD_IGNORE_COMMENTS
+CFLAGS+=-Wall -DPASSWD_IGNORE_COMMENTS -I/usr/local/include -DUSE_CRACKLIB
 
 DPADD=	${LIBCRYPT} ${LIBUTIL}
-LDADD=	-lcrypt -lutil
+LDADD=	-lcrypt -lutil -L/usr/local/lib -lcrack
 .PATH:  ${.CURDIR}/../../usr.bin/chpass ${.CURDIR}/../../usr.sbin/vipw \
 	${.CURDIR}/../rlogin 
 
@@ -29,10 +29,10 @@
 	yp_passwd.c ypxfr_misc.c ${GENSRCS}
 GENSRCS=yp.h yp_clnt.c yppasswd.h yppasswd_clnt.c \
 	yppasswd_private.h yppasswd_private_clnt.c yppasswd_private_xdr.c
-CFLAGS+=-Wall -DPASSWD_IGNORE_COMMENTS
+CFLAGS+=-Wall -DPASSWD_IGNORE_COMMENTS -I/usr/local/include -DUSE_CRACKLIB
 
 DPADD=	${LIBCRYPT} ${LIBRPCSVC} ${LIBUTIL}
-LDADD=	-lcrypt -lrpcsvc -lutil
+LDADD=	-lcrypt -lrpcsvc -lutil -L/usr/local/lib -lcrack
 .PATH:  ${.CURDIR}/../../usr.bin/chpass ${.CURDIR}/../../usr.sbin/vipw \
 	${.CURDIR}/../rlogin ${.CURDIR}/../../libexec/ypxfr \
 	${.CURDIR}/../../usr.sbin/rpc.yppasswdd
--- extern.h.dist	Tue Mar 28 19:33:49 2000
+++ extern.h	Tue Mar  7 20:11:35 2000
@@ -36,3 +36,7 @@
 
 int	krb_passwd __P((char *, char *, char *, char *));
 int	local_passwd __P((char *));
+
+extern int select_algorithm;
+#define	ALGORITHM_USE_MD5	1
+#define ALGORITHM_USE_DES	2
--- local_passwd.c.dist	Tue Mar  7 20:02:17 2000
+++ local_passwd.c	Tue Mar  7 20:19:00 2000
@@ -67,6 +67,10 @@
 #include <login_cap.h>
 #endif
 
+#ifdef USE_CRACKLIB
+#include <cracklib.h>
+#endif
+
 #include "extern.h"
 
 static uid_t uid;
@@ -138,6 +142,7 @@
 			(void)printf("Password unchanged.\n");
 			pw_error(NULL, 0, 0);
 		}
+#ifndef USE_CRACKLIB
 		if (strlen(p) < min_length && (uid != 0 || ++tries < 2)) {
 			(void)printf("Please enter a password at least %d characters in length.\n", min_length);
 			continue;
@@ -147,6 +152,16 @@
 			(void)printf("Please don't use an all-lower case password.\nUnusual capitalization, control characters or digits are suggested.\n");
 			continue;
 		}
+#else
+		{
+			char *msg;
+			if (msg = (char *) FascistCheck(p, CRACKLIB_DICTPATH)) {
+				printf("Please use a different password.\n");
+				printf("The one you have chosen is unsuitable because %s.\n", msg);
+				continue;	/* go round and round until they get it right */
+			}
+		}
+#endif
 		(void)strcpy(buf, p);
 		if (!strcmp(buf, getpass("Retype new password:")))
 			break;
@@ -165,19 +180,31 @@
 #else
 	/* Make a good size salt for algoritms that can use it. */
 	gettimeofday(&tv,0);
-	if (strncmp(pw->pw_passwd, "$1$", 3)) {
-	    /* DES Salt */
-	    to64(&salt[0], random(), 3);
-	    to64(&salt[3], tv.tv_usec, 3);
-	    to64(&salt[6], tv.tv_sec, 2);
-	    salt[8] = '\0';
-	}
-	else {
-	    /* MD5 Salt */
-	    strncpy(&salt[0], "$1$", 3);
-	    to64(&salt[3], random(), 3);
-	    to64(&salt[6], tv.tv_usec, 3);
-	    salt[8] = '\0';
+	if (select_algorithm == ALGORITHM_USE_MD5) {
+		strncpy(&salt[0], "$1$", 3);
+		to64(&salt[3], random(), 3);
+		to64(&salt[6], tv.tv_usec, 3);
+		salt[8] = '\0';
+	} else if (select_algorithm == ALGORITHM_USE_DES) {
+		to64(&salt[0], random(), 3);
+		to64(&salt[3], tv.tv_usec, 3);
+		to64(&salt[6], tv.tv_sec, 2);
+		salt[8] = '\0';
+	} else {
+	    if (strncmp(pw->pw_passwd, "$1$", 3)) {
+		/* DES Salt */
+		to64(&salt[0], random(), 3);
+		to64(&salt[3], tv.tv_usec, 3);
+		to64(&salt[6], tv.tv_sec, 2);
+		salt[8] = '\0';
+	    }
+	    else {
+		/* MD5 Salt */
+		strncpy(&salt[0], "$1$", 3);
+		to64(&salt[3], random(), 3);
+		to64(&salt[6], tv.tv_usec, 3);
+		salt[8] = '\0';
+	    }
 	}
 #endif
 	return (crypt(buf, salt));
--- passwd.c.dist	Tue Mar  7 18:56:28 2000
+++ passwd.c	Tue Mar  7 20:20:34 2000
@@ -73,6 +73,7 @@
 static void usage __P((void));
 
 int use_local_passwd = 0;
+int select_algorithm = 0;
 
 int
 main(argc, argv)
@@ -89,16 +90,16 @@
 #ifdef YP
 #ifdef KERBEROS
 	char realm[REALM_SZ];
-#define OPTIONS "d:h:lysfoi:r:u:"
+#define OPTIONS "D5d:h:lysfoi:r:u:"
 #else
-#define OPTIONS "d:h:lysfo"
+#define OPTIONS "D5d:h:lysfo"
 #endif
 #else
 #ifdef KERBEROS
 	char realm[REALM_SZ];
-#define OPTIONS "li:r:u:"
+#define OPTIONS "D5li:r:u:"
 #else
-#define OPTIONS "l"
+#define OPTIONS "D5l"
 #endif
 #endif
 
@@ -156,6 +157,14 @@
 			force_old++;
 			break;
 #endif
+		case 'D':
+			select_algorithm = ALGORITHM_USE_DES;
+			break;
+
+		case '5':
+			select_algorithm = ALGORITHM_USE_MD5;
+			break;
+
 		default:
 		case '?':
 			usage();
@@ -231,18 +240,18 @@
 #ifdef	YP
 #ifdef	KERBEROS
 	fprintf(stderr, "%s\n%s\n",
-		"usage: passwd [-l] [-i instance] [-r realm] [-u fullname]",
-		"       passwd [-l] [-y] [-o] [-d domain [-h host]] [user]");
+		"usage: passwd [-l] [-5] [-D] [-i instance] [-r realm] [-u fullname]",
+		"       passwd [-l] [-5] [-D] [-y] [-o] [-d domain [-h host]] [user]");
 #else
 	(void)fprintf(stderr,
-		"usage: passwd [-l] [-y] [-o] [-d domain [-h host]] [user]\n");
+		"usage: passwd [-l] [-5] [-D] [-y] [-o] [-d domain [-h host]] [user]\n");
 #endif
 #else
 #ifdef	KERBEROS
 	fprintf(stderr,
-		"usage: passwd [-l] [-i instance] [-r realm] [-u fullname] [user]\n");
+		"usage: passwd [-l] [-5] [-D] [-i instance] [-r realm] [-u fullname] [user]\n");
 #else
-	(void)fprintf(stderr, "usage: passwd user\n");
+	(void)fprintf(stderr, "usage: passwd [-l] [-5] [-D] user\n");
 #endif
 #endif
 	exit(1);
----
// $BLZ2<@'M:!VM}2J7O$N:nJ85;=Q!WCf8x?7=q(B 624 $B$rFI$b$&(B!!

$B>.Eg(B $BH%(B - KOJIMA Hajime
[Office] kjm@rins.ryukoku.ac.jp, http://www.st.ryukoku.ac.jp/~kjm/
         Phone: 077-543-7414  Fax: 077-543-0706
