version 1.13, 2002/05/27 21:12:54 |
version 1.14, 2002/06/28 22:28:17 |
|
|
#include <time.h> |
#include <time.h> |
#include <login_cap.h> |
#include <login_cap.h> |
|
|
void to64(char *, int32_t, int n); |
void to64(char *, int32_t, int n); |
|
char *bcrypt_gensalt(u_int8_t); |
|
|
int |
int |
pwd_gensalt(salt, max, pwd, lc, type) |
pwd_gensalt(char *salt, int saltlen, struct passwd *pwd, login_cap_t *lc, char type) |
char *salt; |
|
int max; |
|
struct passwd *pwd; |
|
login_cap_t *lc; |
|
char type; |
|
{ |
{ |
char *bcrypt_gensalt(u_int8_t); |
char option[LINE_MAX], *next, *now, *cipher; |
char option[LINE_MAX]; |
|
char *next, *now; |
|
char *cipher; |
|
*salt = '\0'; |
*salt = '\0'; |
|
|
switch (type) { |
switch (type) { |
case 'y': |
case 'y': |
cipher = "ypcipher"; |
cipher = "ypcipher"; |
break; |
break; |
case 'l': |
case 'l': |
default: |
default: |
cipher = "localcipher"; |
cipher = "localcipher"; |
break; |
break; |
} |
} |
|
|
|
|
|
|
grp = getgrgid(pwd->pw_gid); |
grp = getgrgid(pwd->pw_gid); |
if (grp != NULL) { |
if (grp != NULL) { |
snprintf(grpkey, LINE_MAX-1, ":%s", |
snprintf(grpkey, LINE_MAX, ":%s", |
grp->gr_name); |
grp->gr_name); |
grpkey[LINE_MAX-1] = 0; |
|
pw_getconf(option, LINE_MAX, grpkey, cipher); |
pw_getconf(option, LINE_MAX, grpkey, cipher); |
} |
} |
if (grp != NULL && *option == 0 && |
if (grp != NULL && *option == 0 && |
strchr(pwd->pw_name, '.') == NULL) { |
strchr(pwd->pw_name, '.') == NULL) { |
snprintf(grpkey, LINE_MAX-1, ".%s", |
snprintf(grpkey, LINE_MAX, ".%s", |
grp->gr_name); |
grp->gr_name); |
grpkey[LINE_MAX-1] = 0; |
|
pw_getconf(option, LINE_MAX, grpkey, cipher); |
pw_getconf(option, LINE_MAX, grpkey, cipher); |
} |
} |
if (*option == 0) |
if (*option == 0) |
|
|
next = option; |
next = option; |
now = strsep(&next, ","); |
now = strsep(&next, ","); |
if (!strcmp(now, "old")) { |
if (!strcmp(now, "old")) { |
if (max < 3) |
if (saltlen < 3) |
return 0; |
return 0; |
to64(&salt[0], arc4random(), 2); |
to64(&salt[0], arc4random(), 2); |
salt[2] = '\0'; |
salt[2] = '\0'; |
} else if (!strcmp(now, "newsalt")) { |
} else if (!strcmp(now, "newsalt")) { |
u_int32_t rounds = atol(next); |
u_int32_t rounds = atol(next); |
if (max < 10) |
|
|
if (saltlen < 10) |
return 0; |
return 0; |
/* Check rounds, 24 bit is max */ |
/* Check rounds, 24 bit is max */ |
if (rounds < 7250) |
if (rounds < 7250) |
rounds = 7250; |
rounds = 7250; |
else if (rounds > 0xffffff) |
else if (rounds > 0xffffff) |
rounds = 0xffffff; |
rounds = 0xffffff; |
salt[0] = _PASSWORD_EFMT1; |
salt[0] = _PASSWORD_EFMT1; |
to64(&salt[1], (u_int32_t) rounds, 4); |
to64(&salt[1], (u_int32_t) rounds, 4); |
to64(&salt[5], arc4random(), 4); |
to64(&salt[5], arc4random(), 4); |
salt[9] = '\0'; |
salt[9] = '\0'; |
} else if (!strcmp(now, "md5")) { |
} else if (!strcmp(now, "md5")) { |
if (max < 13) /* $1$8salt$\0 */ |
if (saltlen < 13) /* $1$8salt$\0 */ |
return 0; |
return 0; |
strcpy(salt, "$1$"); |
|
|
strlcpy(salt, "$1$", saltlen); |
to64(&salt[3], arc4random(), 4); |
to64(&salt[3], arc4random(), 4); |
to64(&salt[7], arc4random(), 4); |
to64(&salt[7], arc4random(), 4); |
strcpy(&salt[11], "$"); |
strcpy(&salt[11], "$"); |
} else if (!strcmp(now, "blowfish")) { |
} else if (!strcmp(now, "blowfish")) { |
int rounds = atoi(next); |
int rounds = atoi(next); |
|
|
if (rounds < 4) |
if (rounds < 4) |
rounds = 4; |
rounds = 4; |
strncpy(salt, bcrypt_gensalt(rounds), max - 1); |
strlcpy(salt, bcrypt_gensalt(rounds), saltlen); |
salt[max - 1] = 0; |
|
} else { |
} else { |
strcpy(salt, ":"); |
strlcpy(salt, ":", saltlen); |
warnx("Unkown option %s.", now); |
warnx("Unkown option %s.", now); |
} |
} |
return 1; |
return 1; |
|
|
"./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz"; |
"./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz"; |
|
|
void |
void |
to64(s, v, n) |
to64(char *s, int32_t v, int n) |
char *s; |
|
int32_t v; |
|
int n; |
|
{ |
{ |
while (--n >= 0) { |
while (--n >= 0) { |
*s++ = itoa64[v&0x3f]; |
*s++ = itoa64[v&0x3f]; |