pam_unix: read yescrypt rounds from login.defs

Retrieves YESCRYPT_COST_FACTOR from /etc/login.defs for yescrypt in a similar fashion to reading number of rounds for SHA-2. Resolves #607. Signed-off-by: Nathan Du <nathandu@outlook.com>
linux-pam · Nov 27, 2023 · 8d082da · 8d082da
1 parent 6619819
commit 8d082da
Showing 1 changed file with 7 additions and 2 deletions.
diff --git a/modules/pam_unix/support.c b/modules/pam_unix/support.c
@@ -99,8 +99,13 @@ unsigned long long _set_ctrl(pam_handle_t *pamh, int flags, int *remember,
 	  free (val);
 
 	  /* read number of rounds for crypt algo */
-	  if (rounds && (on(UNIX_SHA256_PASS, ctrl) || on(UNIX_SHA512_PASS, ctrl))) {
-	    val = pam_modutil_search_key(pamh, LOGIN_DEFS, "SHA_CRYPT_MAX_ROUNDS");
+	  if (rounds) {
+	    val = NULL;
+	    if (on(UNIX_SHA256_PASS, ctrl) || on(UNIX_SHA512_PASS, ctrl)) {
+	      val = pam_modutil_search_key(pamh, LOGIN_DEFS, "SHA_CRYPT_MAX_ROUNDS");
+	    } else if (on(UNIX_YESCRYPT_PASS, ctrl)) {
+	      val = pam_modutil_search_key(pamh, LOGIN_DEFS, "YESCRYPT_COST_FACTOR");
+	    }
 
 	    if (val) {
 	      *rounds = strtol(val, NULL, 10);