Author: aschnell Date: Thu Mar 31 11:28:22 2011 New Revision: 63684 URL: http://svn.opensuse.org/viewcvs/yast?rev=63684&view=rev Log: - added sha256 and sha516 password encryption (fate #309705) Modified: branches/SuSE-Code-11-SP2-Branch/core/VERSION branches/SuSE-Code-11-SP2-Branch/core/libycp/src/YCPBuiltinString.cc branches/SuSE-Code-11-SP2-Branch/core/libycp/src/y2crypt.cc branches/SuSE-Code-11-SP2-Branch/core/libycp/src/y2crypt.h branches/SuSE-Code-11-SP2-Branch/core/package/yast2-core.changes Modified: branches/SuSE-Code-11-SP2-Branch/core/VERSION URL: http://svn.opensuse.org/viewcvs/yast/branches/SuSE-Code-11-SP2-Branch/core/VERSION?rev=63684&r1=63683&r2=63684&view=diff ============================================================================== --- branches/SuSE-Code-11-SP2-Branch/core/VERSION (original) +++ branches/SuSE-Code-11-SP2-Branch/core/VERSION Thu Mar 31 11:28:22 2011 @@ -1 +1 @@ -2.17.35 +2.17.36 Modified: branches/SuSE-Code-11-SP2-Branch/core/libycp/src/YCPBuiltinString.cc URL: http://svn.opensuse.org/viewcvs/yast/branches/SuSE-Code-11-SP2-Branch/core/libycp/src/YCPBuiltinString.cc?rev=63684&r1=63683&r2=63684&view=diff ============================================================================== --- branches/SuSE-Code-11-SP2-Branch/core/libycp/src/YCPBuiltinString.cc (original) +++ branches/SuSE-Code-11-SP2-Branch/core/libycp/src/YCPBuiltinString.cc Thu Mar 31 11:28:22 2011 @@ -1337,6 +1337,68 @@ static YCPValue +s_cryptsha256(const YCPString& original) +{ + /** + * @builtin cryptsha256 + * @short Encrypts a string with sha256 + * @description + * Encrypts the string <tt>UNENCRYPTED</tt> using sha256 + * password encryption. The password is not truncated. + * + * @param string UNENCRYPTED + * @return string + * @usage cryptsha256 ("readable") -> "$5$keev8D8I$kZdbw1WYM7XJtn4cpl1S3QtoKXnxIIFVSqwadMAGLE3" + */ + + if (original.isNull ()) + return YCPNull (); + + string unencrypted = original->value(); + string encrypted; + + if (crypt_pass (unencrypted, SHA256, &encrypted)) + return YCPString (encrypted); + else + { + ycp2error ("Encryption using sha256 failed"); + return YCPNull (); + } +} + + +static YCPValue +s_cryptsha512(const YCPString& original) +{ + /** + * @builtin cryptsha512 + * @short Encrypts a string with sha512 + * @description + * Encrypts the string <tt>UNENCRYPTED</tt> using sha512 + * password encryption. The password is not truncated. + * + * @param string UNENCRYPTED + * @return string + * @usage cryptsha512 ("readable") -> "$6$QskPAFTK$R40N1UI047Bg.nD96ZYSGnx71mgbBgb.UEtKuR8bGGxuzYgXjCTxKIQmqXrgftBzA20m2P9ayrUKQQ2pnWzm70" + */ + + if (original.isNull ()) + return YCPNull (); + + string unencrypted = original->value(); + string encrypted; + + if (crypt_pass (unencrypted, SHA512, &encrypted)) + return YCPString (encrypted); + else + { + ycp2error ("Encryption using sha512 failed"); + return YCPNull (); + } +} + + +static YCPValue s_dgettext (const YCPString& domain, const YCPString& text) { /** @@ -1520,6 +1582,8 @@ { "cryptmd5", "string (string)", (void *)s_cryptmd5 }, { "cryptbigcrypt", "string (string)", (void *)s_cryptbigcrypt }, { "cryptblowfish", "string (string)", (void *)s_cryptblowfish }, + { "cryptsha256", "string (string)", (void *)s_cryptsha256 }, + { "cryptsha512", "string (string)", (void *)s_cryptsha512 }, { "regexpmatch", "boolean (string, string)", (void *)s_regexpmatch }, { "regexppos", "list<integer> (string, string)", (void *)s_regexppos }, { "regexpsub", "string (string, string, string)", (void *)s_regexpsub }, Modified: branches/SuSE-Code-11-SP2-Branch/core/libycp/src/y2crypt.cc URL: http://svn.opensuse.org/viewcvs/yast/branches/SuSE-Code-11-SP2-Branch/core/libycp/src/y2crypt.cc?rev=63684&r1=63683&r2=63684&view=diff ============================================================================== --- branches/SuSE-Code-11-SP2-Branch/core/libycp/src/y2crypt.cc (original) +++ branches/SuSE-Code-11-SP2-Branch/core/libycp/src/y2crypt.cc Thu Mar 31 11:28:22 2011 @@ -151,6 +151,28 @@ free (salt); break; + case SHA256: + salt = make_crypt_salt ("$5$", 0); + if (!salt) + { + y2error ("Cannot create salt for sha256 crypt"); + return false; + } + newencrypted = xcrypt_r (unencrypted.c_str (), salt, &output); + free (salt); + break; + + case SHA512: + salt = make_crypt_salt ("$6$", 0); + if (!salt) + { + y2error ("Cannot create salt for sha512 crypt"); + return false; + } + newencrypted = xcrypt_r (unencrypted.c_str (), salt, &output); + free (salt); + break; + default: y2error ("Don't know crypt type %d", use_crypt); return false; Modified: branches/SuSE-Code-11-SP2-Branch/core/libycp/src/y2crypt.h URL: http://svn.opensuse.org/viewcvs/yast/branches/SuSE-Code-11-SP2-Branch/core/libycp/src/y2crypt.h?rev=63684&r1=63683&r2=63684&view=diff ============================================================================== --- branches/SuSE-Code-11-SP2-Branch/core/libycp/src/y2crypt.h (original) +++ branches/SuSE-Code-11-SP2-Branch/core/libycp/src/y2crypt.h Thu Mar 31 11:28:22 2011 @@ -14,7 +14,7 @@ using std::string; -enum crypt_t { CRYPT, MD5, BIGCRYPT, BLOWFISH }; +enum crypt_t { CRYPT, MD5, BIGCRYPT, BLOWFISH, SHA256, SHA512 }; bool crypt_pass (string unencrypted, crypt_t use_crypt, string* encrypted); Modified: branches/SuSE-Code-11-SP2-Branch/core/package/yast2-core.changes URL: http://svn.opensuse.org/viewcvs/yast/branches/SuSE-Code-11-SP2-Branch/core/package/yast2-core.changes?rev=63684&r1=63683&r2=63684&view=diff ============================================================================== --- branches/SuSE-Code-11-SP2-Branch/core/package/yast2-core.changes (original) +++ branches/SuSE-Code-11-SP2-Branch/core/package/yast2-core.changes Thu Mar 31 11:28:22 2011 @@ -1,4 +1,10 @@ ------------------------------------------------------------------- +Thu Mar 31 11:20:29 CEST 2011 - aschnell@suse.de + +- added sha256 and sha516 password encryption (fate #309705) +- 2.17.36 + +------------------------------------------------------------------- Thu Mar 11 15:36:27 CET 2010 - mvidner@suse.cz - Fixed the regexpsub algorithm not to loop endlessly -- To unsubscribe, e-mail: yast-commit+unsubscribe@opensuse.org For additional commands, e-mail: yast-commit+help@opensuse.org