Annotation of src/usr.bin/encrypt/encrypt.c, Revision 1.49
1.48 deraadt 1: /* $OpenBSD: encrypt.c,v 1.47 2017/05/24 09:19:55 mestre Exp $ */
1.1 downsj 2:
3: /*
4: * Copyright (c) 1996, Jason Downs. All rights reserved.
5: *
6: * Redistribution and use in source and binary forms, with or without
7: * modification, are permitted provided that the following conditions
8: * are met:
9: * 1. Redistributions of source code must retain the above copyright
10: * notice, this list of conditions and the following disclaimer.
11: * 2. Redistributions in binary form must reproduce the above copyright
12: * notice, this list of conditions and the following disclaimer in the
13: * documentation and/or other materials provided with the distribution.
14: *
15: * THIS SOFTWARE IS PROVIDED BY THE AUTHOR(S) ``AS IS'' AND ANY EXPRESS
16: * OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
17: * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
18: * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR(S) BE LIABLE FOR ANY DIRECT,
19: * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
20: * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
21: * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
22: * CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
23: * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
24: * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
25: * SUCH DAMAGE.
26: */
27:
28: #include <sys/types.h>
1.15 millert 29: #include <ctype.h>
1.1 downsj 30: #include <err.h>
1.3 downsj 31: #include <errno.h>
1.15 millert 32: #include <pwd.h>
33: #include <stdio.h>
1.7 kstailey 34: #include <stdlib.h>
1.1 downsj 35: #include <string.h>
36: #include <unistd.h>
1.14 millert 37: #include <login_cap.h>
1.27 jdixon 38: #include <limits.h>
1.43 tedu 39: #include <readpassphrase.h>
1.1 downsj 40:
41: /*
42: * Very simple little program, for encrypting passwords from the command
43: * line. Useful for scripts and such.
44: */
45:
1.15 millert 46: extern char *__progname;
1.19 deraadt 47:
1.45 tb 48: static void __dead usage(void);
49: static void print_passwd(char *, int, char *);
1.3 downsj 50:
1.34 tedu 51: #define DO_BLF 0
52:
1.45 tb 53: static void __dead
1.15 millert 54: usage(void)
1.1 downsj 55: {
1.15 millert 56:
57: (void)fprintf(stderr,
1.34 tedu 58: "usage: %s [-b rounds] [-c class] [-p | string]\n",
1.15 millert 59: __progname);
60: exit(1);
1.1 downsj 61: }
62:
1.37 tedu 63: static void
64: print_passwd(char *string, int operation, char *extra)
1.5 provos 65: {
1.34 tedu 66: char buffer[_PASSWORD_LEN];
1.37 tedu 67: const char *pref;
1.39 tedu 68: char prefbuf[64];
1.15 millert 69:
1.33 tedu 70: if (operation == DO_BLF) {
1.39 tedu 71: if (snprintf(prefbuf, sizeof(prefbuf), "blowfish,%s", extra) >=
72: sizeof(prefbuf))
73: errx(1, "pref too long");
1.37 tedu 74: pref = prefbuf;
1.34 tedu 75: } else {
76: login_cap_t *lc;
1.15 millert 77:
1.18 millert 78: if ((lc = login_getclass(extra)) == NULL)
79: errx(1, "unable to get login class `%s'",
80: extra ? (char *)extra : "default");
1.34 tedu 81: pref = login_getcapstr(lc, "localcipher", NULL, NULL);
1.15 millert 82: }
1.37 tedu 83: if (crypt_newhash(string, pref, buffer, sizeof(buffer)) != 0)
1.40 tedu 84: err(1, "can't generate hash");
1.15 millert 85:
1.34 tedu 86: fputs(buffer, stdout);
1.5 provos 87: }
88:
1.15 millert 89: int
90: main(int argc, char **argv)
1.1 downsj 91: {
1.15 millert 92: int opt;
93: int operation = -1;
94: int prompt = 0;
1.40 tedu 95: char *extra = NULL; /* Store login class or number of rounds */
1.27 jdixon 96: const char *errstr;
1.41 deraadt 97:
1.49 ! deraadt 98: if (unveil(_PATH_LOGIN_CONF, "r") == -1)
! 99: err(1, "unveil");
1.48 deraadt 100: if (pledge("stdio rpath tty", NULL) == -1)
1.41 deraadt 101: err(1, "pledge");
1.15 millert 102:
1.34 tedu 103: while ((opt = getopt(argc, argv, "pb:c:")) != -1) {
1.15 millert 104: switch (opt) {
105: case 'p':
106: prompt = 1;
107: break;
108: case 'b': /* Blowfish password hash */
109: if (operation != -1)
110: usage();
111: operation = DO_BLF;
1.37 tedu 112: if (strcmp(optarg, "a") != 0) {
113: (void)strtonum(optarg, 4, 31, &errstr);
1.36 deraadt 114: if (errstr != NULL)
1.40 tedu 115: errx(1, "rounds is %s: %s", errstr,
116: optarg);
1.36 deraadt 117: }
1.37 tedu 118: extra = optarg;
1.18 millert 119: break;
120: case 'c': /* user login class */
121: extra = optarg;
122: operation = -1;
1.15 millert 123: break;
124: default:
125: usage();
126: }
1.1 downsj 127: }
128:
1.34 tedu 129: if (((argc - optind) < 1)) {
1.43 tedu 130: char line[BUFSIZ];
1.44 tedu 131: char string[1024];
1.1 downsj 132:
1.15 millert 133: if (prompt) {
1.43 tedu 134: if (readpassphrase("Enter string: ", string,
135: sizeof(string), RPP_ECHO_OFF) == NULL)
136: err(1, "readpassphrase");
1.15 millert 137: print_passwd(string, operation, extra);
138: (void)fputc('\n', stdout);
1.46 mestre 139: explicit_bzero(string, sizeof(string));
1.15 millert 140: } else {
1.28 krw 141: size_t len;
1.15 millert 142: /* Encrypt stdin to stdout. */
143: while (!feof(stdin) &&
144: (fgets(line, sizeof(line), stdin) != NULL)) {
1.28 krw 145: len = strlen(line);
146: if (len == 0 || line[0] == '\n')
1.15 millert 147: continue;
1.28 krw 148: if (line[len - 1] == '\n')
149: line[len - 1] = '\0';
150:
151: print_passwd(line, operation, extra);
1.15 millert 152:
153: (void)fputc('\n', stdout);
154: }
155: }
1.9 alex 156: } else {
1.15 millert 157: char *string;
158:
159: /* can't combine -p with a supplied string */
160: if (prompt)
161: usage();
162:
163: /* Perhaps it isn't worth worrying about, but... */
164: if ((string = strdup(argv[optind])) == NULL)
165: err(1, NULL);
166: /* Wipe the argument. */
1.40 tedu 167: explicit_bzero(argv[optind], strlen(argv[optind]));
1.15 millert 168:
1.9 alex 169: print_passwd(string, operation, extra);
170:
1.15 millert 171: (void)fputc('\n', stdout);
172:
173: /* Wipe our copy, before we free it. */
1.47 mestre 174: freezero(string, strlen(string));
1.1 downsj 175: }
1.45 tb 176: return 0;
1.1 downsj 177: }