8f796e40a5
We would reject various passwords that glibc accepts, for example "" or any descrypted password. Accounts with empty password are definitely useful, for example for testing or in scenarios where a password is not needed. Also, using weak encryption methods is probably not a good idea, it's not the job of our nss helpers to decide that: they should just faithfully forward whatever data is there. Also rename the function to make it more obvious that the returned answer is not in any way certain.
23 lines
715 B
C
23 lines
715 B
C
/* SPDX-License-Identifier: LGPL-2.1+ */
|
|
#pragma once
|
|
|
|
#if HAVE_CRYPT_H
|
|
/* libxcrypt is a replacement for glibc's libcrypt, and libcrypt might be
|
|
* removed from glibc at some point. As part of the removal, defines for
|
|
* crypt(3) are dropped from unistd.h, and we must include crypt.h instead.
|
|
*
|
|
* Newer versions of glibc (v2.0+) already ship crypt.h with a definition
|
|
* of crypt(3) as well, so we simply include it if it is present. MariaDB,
|
|
* MySQL, PostgreSQL, Perl and some other wide-spread packages do it the
|
|
* same way since ages without any problems.
|
|
*/
|
|
#include <crypt.h>
|
|
#endif
|
|
|
|
#include <stdbool.h>
|
|
#include <stdlib.h>
|
|
|
|
int make_salt(char **ret);
|
|
|
|
bool looks_like_hashed_password(const char *s);
|