Annotation of src/usr.bin/passwd/pwd_gensalt.c, Revision 1.12
1.12 ! millert 1: /* $OpenBSD: pwd_gensalt.c,v 1.11 2001/11/19 19:02:15 mpech Exp $ */
1.1 provos 2: /*
3: * Copyright 1997 Niels Provos <provos@physnet.uni-hamburg.de>
4: * All rights reserved.
5: *
6: * Redistribution and use in source and binary forms, with or without
7: * modification, are permitted provided that the following conditions
8: * are met:
9: * 1. Redistributions of source code must retain the above copyright
10: * notice, this list of conditions and the following disclaimer.
11: * 2. Redistributions in binary form must reproduce the above copyright
12: * notice, this list of conditions and the following disclaimer in the
13: * documentation and/or other materials provided with the distribution.
14: * 3. All advertising materials mentioning features or use of this software
15: * must display the following acknowledgement:
1.2 provos 16: * This product includes software developed by Niels Provos.
1.1 provos 17: * 4. The name of the author may not be used to endorse or promote products
18: * derived from this software without specific prior written permission.
19: *
20: * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
21: * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
22: * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
23: * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
24: * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
25: * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
26: * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
27: * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
28: * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
29: * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
30: */
31:
1.2 provos 32: #include <sys/syslimits.h>
1.7 provos 33: #include <sys/types.h>
1.1 provos 34: #include <stdio.h>
1.4 weingart 35: #include <stdlib.h>
1.1 provos 36: #include <string.h>
37: #include <err.h>
1.7 provos 38: #include <grp.h>
1.1 provos 39: #include <pwd.h>
1.2 provos 40: #include <util.h>
1.4 weingart 41: #include <time.h>
1.10 millert 42: #include <login_cap.h>
1.1 provos 43:
1.12 ! millert 44: void to64(char *, int32_t, int n);
1.1 provos 45:
1.2 provos 46: int
1.10 millert 47: pwd_gensalt(salt, max, pwd, lc, type)
1.1 provos 48: char *salt;
49: int max;
50: struct passwd *pwd;
1.10 millert 51: login_cap_t *lc;
1.1 provos 52: char type;
53: {
1.12 ! millert 54: char *bcrypt_gensalt(u_int8_t);
1.1 provos 55: char option[LINE_MAX];
56: char *next, *now;
1.7 provos 57: char *cipher;
1.1 provos 58: *salt = '\0';
59:
60: switch (type) {
61: case 'y':
1.7 provos 62: cipher = "ypcipher";
1.1 provos 63: break;
64: case 'l':
65: default:
1.7 provos 66: cipher = "localcipher";
1.1 provos 67: break;
1.7 provos 68: }
69:
1.10 millert 70: /*
71: * Check login.conf, falling back onto the deprecated passwd.conf
72: */
73: /* XXX - when passwd.conf goes away completely, add a default value */
74: if ((next = login_getcapstr(lc, cipher, NULL, NULL)) != NULL) {
75: strlcpy(option, next, sizeof(option));
76: free(next);
77: } else {
78: pw_getconf(option, LINE_MAX, pwd->pw_name, cipher);
79:
80: /* Try to find an entry for the group */
81: if (*option == 0) {
82: struct group *grp;
83: char grpkey[LINE_MAX];
84:
85: grp = getgrgid(pwd->pw_gid);
86: if (grp != NULL) {
87: snprintf(grpkey, LINE_MAX-1, ".%s",
88: grp->gr_name);
89: grpkey[LINE_MAX-1] = 0;
90: pw_getconf(option, LINE_MAX, grpkey, cipher);
91: }
92: if (*option == 0)
93: pw_getconf(option, LINE_MAX, "default", cipher);
1.7 provos 94: }
1.1 provos 95: }
96:
97: next = option;
98: now = strsep(&next, ",");
99: if (!strcmp(now, "old")) {
1.6 deraadt 100: if (max < 3)
1.2 provos 101: return 0;
1.5 provos 102: to64(&salt[0], arc4random(), 2);
1.2 provos 103: salt[2] = '\0';
1.3 provos 104: } else if (!strcmp(now, "newsalt")) {
1.8 provos 105: u_int32_t rounds = atol(next);
1.6 deraadt 106: if (max < 10)
1.3 provos 107: return 0;
1.9 provos 108: /* Check rounds, 24 bit is max */
109: if (rounds < 7250)
110: rounds = 7250;
111: else if (rounds > 0xffffff)
112: rounds = 0xffffff;
1.3 provos 113: salt[0] = _PASSWORD_EFMT1;
1.8 provos 114: to64(&salt[1], (u_int32_t) rounds, 4);
1.5 provos 115: to64(&salt[5], arc4random(), 4);
1.3 provos 116: salt[9] = '\0';
117: } else if (!strcmp(now, "md5")) {
1.6 deraadt 118: if (max < 13) /* $1$8salt$\0 */
1.3 provos 119: return 0;
120: strcpy(salt, "$1$");
1.5 provos 121: to64(&salt[3], arc4random(), 4);
122: to64(&salt[7], arc4random(), 4);
1.3 provos 123: strcpy(&salt[11], "$");
124: } else if (!strcmp(now, "blowfish")) {
125: int rounds = atoi(next);
126: if (rounds < 4)
127: rounds = 4;
128: strncpy(salt, bcrypt_gensalt(rounds), max - 1);
129: salt[max - 1] = 0;
130: } else {
131: strcpy(salt, ":");
132: warnx("Unkown option %s.", now);
133: }
1.2 provos 134: return 1;
135: }
136:
1.6 deraadt 137: static unsigned char itoa64[] = /* 0 ... 63 => ascii - 64 */
138: "./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz";
1.2 provos 139:
1.6 deraadt 140: void
141: to64(s, v, n)
1.11 mpech 142: char *s;
143: int32_t v;
144: int n;
1.2 provos 145: {
1.6 deraadt 146: while (--n >= 0) {
147: *s++ = itoa64[v&0x3f];
148: v >>= 6;
149: }
1.1 provos 150: }