Add working and easy crypt(3)-switching. Yes, we need a whole new API

for crypt(3) by now.  In any case:

Add crypt_set_format(3) + documentation to -lcrypt.
Add login_setcryptfmt(3) + documentation to -lutil.
Support for switching crypt formats in passwd(8).
Support for switching crypt formats in pw(8).

The simple synopsis is:
edit login.conf; add a passwd_format field set to "des" or "md5"; go nuts :)

Reviewed by:	peter

4 files changed, 40 insertions, 2 deletions

diff --git a/lib/libutil/Makefile b/lib/libutil/Makefile
index 3b83b41e512c..9cc5ef531f9e 100644
--- a/lib/libutil/Makefile
+++ b/lib/libutil/Makefile
@@ -10,6 +10,10 @@ SRCS=	login.c login_tty.c logout.c logwtmp.c pty.c setproctitle.c \
 	login_cap.c login_class.c login_auth.c login_times.c login_ok.c \
 	_secure_path.c uucplock.c property.c auth.c realhostname.c fparseln.c
 INCS=	libutil.h login_cap.h
+
+LDADD+=	-lcrypt
+DPADD+=	${LIBCRYPT}
+
 MAN3+=	login.3 login_auth.3 login_tty.3 logout.3 logwtmp.3 pty.3 \
 	setproctitle.3 login_cap.3 login_class.3 login_times.3 login_ok.3 \
 	_secure_path.3 uucplock.3 property.3 auth.3 realhostname.3 \
@@ -25,7 +29,7 @@ MLINKS+=login_cap.3 login_getclassbyname.3 login_cap.3 login_close.3 \
 	login_cap.3 login_getstyle.3 login_cap.3 login_getcaptime.3 \
 	login_cap.3 login_getcapnum.3 login_cap.3 login_getcapsize.3 \
 	login_cap.3 login_getcapbool.3 login_cap.3 login_getpath.3 \
-	login_cap.3 login_getpwclass.3
+	login_cap.3 login_getpwclass.3 login_cap.3 login_setcryptfmt.3
 MLINKS+=login_class.3 setusercontext.3 login_class.3 setclasscontext.3 \
 	login_class.3 setclassenvironment.3 login_class.3 setclassresources.3
 MLINKS+=login_times.3 parse_lt.3 login_times.3 in_ltm.3 \
diff --git a/lib/libutil/login_cap.3 b/lib/libutil/login_cap.3
index 44ccd64941d0..4bdf54f3cd23 100644
--- a/lib/libutil/login_cap.3
+++ b/lib/libutil/login_cap.3
@@ -34,7 +34,8 @@
 .Nm login_getclassbyname ,
 .Nm login_getpwclass ,
 .Nm login_getstyle ,
-.Nm login_getuserclass
+.Nm login_getuserclass ,
+.Nm login_setcryptfmt
 .Nd functions for accessing the login class capabilities database.
 .Sh LIBRARY
 .Lb libutil
@@ -67,6 +68,8 @@
 .Fn login_getcapbool "login_cap_t *lc" "const char *cap" "int def"
 .Ft char *
 .Fn login_getstyle "login_cap_t *lc" "char *style" "const char *auth"
+.Ft const char *
+.Fn login_setcryptfmt "login_cap_t *lc" "const char *def" "const char *error"
 .Sh DESCRIPTION
 These functions represent a programming interface to the login
 classes database provided in
@@ -396,8 +399,25 @@ the authentication method used for access to the system via the
 network, and standard methods via direct dialup or console
 logins, significantly reducing the risk of password discovery
 by "snooping" network packets.
+.It Fn login_setcryptfmt
+The
+.Fn login_setcryptfmt
+function is used to set the
+.Xr crypt 3
+format using the
+.Ql passwd_format
+configuration entry.
+If no entry is found,
+.Fa def
+is taken to be used as the fallback.
+If calling
+.Xr crypt_set_format 3
+on the specifier fails,
+.Fa error
+is returned to indicate this.
 .El
 .Sh SEE ALSO
+.Xr crypt 3 ,
 .Xr getcap 3 ,
 .Xr login_class 3 ,
 .Xr login.conf 5 ,
diff --git a/lib/libutil/login_cap.c b/lib/libutil/login_cap.c
index b7528b99efc2..74103805f60f 100644
--- a/lib/libutil/login_cap.c
+++ b/lib/libutil/login_cap.c
@@ -798,3 +798,16 @@ login_getstyle(login_cap_t *lc, char *style, const char *auth)
 
     return lc->lc_style;
 }
+
+const char *
+login_setcryptfmt(login_cap_t *lc, const char *def, const char *error)
+{
+	const char *cipher;
+
+	cipher = login_getcapstr(lc, "passwd_format", def, NULL);
+	if (cipher == NULL)
+		return (error);
+	if (!crypt_set_format(cipher))
+		return (error);
+	return (cipher);
+}
diff --git a/lib/libutil/login_cap.h b/lib/libutil/login_cap.h
index f4b382519770..1320278e074a 100644
--- a/lib/libutil/login_cap.h
+++ b/lib/libutil/login_cap.h
@@ -110,6 +110,7 @@ rlim_t login_getcapnum __P((login_cap_t *, const char *, rlim_t, rlim_t));
 rlim_t login_getcapsize __P((login_cap_t *, const char *, rlim_t, rlim_t));
 char *login_getpath __P((login_cap_t *, const char *, char *));
 int login_getcapbool __P((login_cap_t *, const char *, int));
+const char *login_setcryptfmt __P((login_cap_t *, const char *, const char *));
 
 int setclasscontext __P((const char*, unsigned int));
 int setusercontext __P((login_cap_t*, const struct passwd*, uid_t, unsigned int));