mirror of
https://github.com/uutils/shadow.git
synced 2026-06-10 16:14:57 -07:00
crypt: detect unsupported hash methods from crypt(3)
crypt(3) returns "*0" or "*1" when the requested method is unsupported (e.g. yescrypt on musl libc). Previously this was returned as a valid hash, causing assertion failures in tests on Alpine. Now hash_password() checks for the "*" error prefix and returns ShadowError::Auth, allowing callers to handle gracefully.
This commit is contained in:
@@ -106,8 +106,10 @@ pub fn hash_password(
|
||||
.to_str()
|
||||
.map_err(|_| ShadowError::Auth("crypt(3) returned invalid UTF-8".into()))?;
|
||||
|
||||
// crypt(3) returns "*0" or "*1" when the method is unsupported.
|
||||
if hash.starts_with('*') {
|
||||
// crypt(3) returns "*0"/"*1" for unsupported methods (glibc/libxcrypt).
|
||||
// musl silently falls back to DES — detect by checking the method prefix.
|
||||
let prefix = method.prefix();
|
||||
if hash.starts_with('*') || !hash.starts_with(prefix) {
|
||||
return Err(ShadowError::Auth(
|
||||
format!("crypt(3) does not support {method:?} on this system").into(),
|
||||
));
|
||||
|
||||
Reference in New Issue
Block a user