Annotation of src/usr.bin/passwd/pwd_gensalt.c, Revision 1.13
1.13 ! itojun 1: /* $OpenBSD: pwd_gensalt.c,v 1.12 2002/02/16 21:27:50 millert Exp $ */
1.1 provos 2: /*
3: * Copyright 1997 Niels Provos <provos@physnet.uni-hamburg.de>
4: * All rights reserved.
5: *
6: * Redistribution and use in source and binary forms, with or without
7: * modification, are permitted provided that the following conditions
8: * are met:
9: * 1. Redistributions of source code must retain the above copyright
10: * notice, this list of conditions and the following disclaimer.
11: * 2. Redistributions in binary form must reproduce the above copyright
12: * notice, this list of conditions and the following disclaimer in the
13: * documentation and/or other materials provided with the distribution.
14: * 3. All advertising materials mentioning features or use of this software
15: * must display the following acknowledgement:
1.2 provos 16: * This product includes software developed by Niels Provos.
1.1 provos 17: * 4. The name of the author may not be used to endorse or promote products
18: * derived from this software without specific prior written permission.
19: *
20: * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
21: * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
22: * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
23: * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
24: * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
25: * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
26: * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
27: * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
28: * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
29: * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
30: */
31:
1.2 provos 32: #include <sys/syslimits.h>
1.7 provos 33: #include <sys/types.h>
1.1 provos 34: #include <stdio.h>
1.4 weingart 35: #include <stdlib.h>
1.1 provos 36: #include <string.h>
37: #include <err.h>
1.7 provos 38: #include <grp.h>
1.1 provos 39: #include <pwd.h>
1.2 provos 40: #include <util.h>
1.4 weingart 41: #include <time.h>
1.10 millert 42: #include <login_cap.h>
1.1 provos 43:
1.12 millert 44: void to64(char *, int32_t, int n);
1.1 provos 45:
1.2 provos 46: int
1.10 millert 47: pwd_gensalt(salt, max, pwd, lc, type)
1.1 provos 48: char *salt;
49: int max;
50: struct passwd *pwd;
1.10 millert 51: login_cap_t *lc;
1.1 provos 52: char type;
53: {
1.12 millert 54: char *bcrypt_gensalt(u_int8_t);
1.1 provos 55: char option[LINE_MAX];
56: char *next, *now;
1.7 provos 57: char *cipher;
1.1 provos 58: *salt = '\0';
59:
60: switch (type) {
61: case 'y':
1.7 provos 62: cipher = "ypcipher";
1.1 provos 63: break;
64: case 'l':
65: default:
1.7 provos 66: cipher = "localcipher";
1.1 provos 67: break;
1.7 provos 68: }
69:
1.10 millert 70: /*
71: * Check login.conf, falling back onto the deprecated passwd.conf
72: */
73: /* XXX - when passwd.conf goes away completely, add a default value */
74: if ((next = login_getcapstr(lc, cipher, NULL, NULL)) != NULL) {
75: strlcpy(option, next, sizeof(option));
76: free(next);
77: } else {
78: pw_getconf(option, LINE_MAX, pwd->pw_name, cipher);
79:
80: /* Try to find an entry for the group */
81: if (*option == 0) {
82: struct group *grp;
83: char grpkey[LINE_MAX];
84:
85: grp = getgrgid(pwd->pw_gid);
86: if (grp != NULL) {
1.13 ! itojun 87: snprintf(grpkey, LINE_MAX-1, ":%s",
! 88: grp->gr_name);
! 89: grpkey[LINE_MAX-1] = 0;
! 90: pw_getconf(option, LINE_MAX, grpkey, cipher);
! 91: }
! 92: if (grp != NULL && *option == 0 &&
! 93: strchr(pwd->pw_name, '.') == NULL) {
1.10 millert 94: snprintf(grpkey, LINE_MAX-1, ".%s",
95: grp->gr_name);
96: grpkey[LINE_MAX-1] = 0;
97: pw_getconf(option, LINE_MAX, grpkey, cipher);
98: }
99: if (*option == 0)
100: pw_getconf(option, LINE_MAX, "default", cipher);
1.7 provos 101: }
1.1 provos 102: }
103:
104: next = option;
105: now = strsep(&next, ",");
106: if (!strcmp(now, "old")) {
1.6 deraadt 107: if (max < 3)
1.2 provos 108: return 0;
1.5 provos 109: to64(&salt[0], arc4random(), 2);
1.2 provos 110: salt[2] = '\0';
1.3 provos 111: } else if (!strcmp(now, "newsalt")) {
1.8 provos 112: u_int32_t rounds = atol(next);
1.6 deraadt 113: if (max < 10)
1.3 provos 114: return 0;
1.9 provos 115: /* Check rounds, 24 bit is max */
116: if (rounds < 7250)
117: rounds = 7250;
118: else if (rounds > 0xffffff)
119: rounds = 0xffffff;
1.3 provos 120: salt[0] = _PASSWORD_EFMT1;
1.8 provos 121: to64(&salt[1], (u_int32_t) rounds, 4);
1.5 provos 122: to64(&salt[5], arc4random(), 4);
1.3 provos 123: salt[9] = '\0';
124: } else if (!strcmp(now, "md5")) {
1.6 deraadt 125: if (max < 13) /* $1$8salt$\0 */
1.3 provos 126: return 0;
127: strcpy(salt, "$1$");
1.5 provos 128: to64(&salt[3], arc4random(), 4);
129: to64(&salt[7], arc4random(), 4);
1.3 provos 130: strcpy(&salt[11], "$");
131: } else if (!strcmp(now, "blowfish")) {
132: int rounds = atoi(next);
133: if (rounds < 4)
134: rounds = 4;
135: strncpy(salt, bcrypt_gensalt(rounds), max - 1);
136: salt[max - 1] = 0;
137: } else {
138: strcpy(salt, ":");
139: warnx("Unkown option %s.", now);
140: }
1.2 provos 141: return 1;
142: }
143:
1.6 deraadt 144: static unsigned char itoa64[] = /* 0 ... 63 => ascii - 64 */
145: "./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz";
1.2 provos 146:
1.6 deraadt 147: void
148: to64(s, v, n)
1.11 mpech 149: char *s;
150: int32_t v;
151: int n;
1.2 provos 152: {
1.6 deraadt 153: while (--n >= 0) {
154: *s++ = itoa64[v&0x3f];
155: v >>= 6;
156: }
1.1 provos 157: }
![[BACK]](/icons/back.gif){kind=icon}
Return to pwd_gensalt.c CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [local] / src / usr.bin / passwd