Annotation of src/usr.bin/passwd/pwd_gensalt.c, Revision 1.16
1.16 ! deraadt 1: /* $OpenBSD: pwd_gensalt.c,v 1.15 2002/11/21 15:02:03 henning Exp $ */
1.1 provos 2: /*
3: * Copyright 1997 Niels Provos <provos@physnet.uni-hamburg.de>
4: * All rights reserved.
5: *
6: * Redistribution and use in source and binary forms, with or without
7: * modification, are permitted provided that the following conditions
8: * are met:
9: * 1. Redistributions of source code must retain the above copyright
10: * notice, this list of conditions and the following disclaimer.
11: * 2. Redistributions in binary form must reproduce the above copyright
12: * notice, this list of conditions and the following disclaimer in the
13: * documentation and/or other materials provided with the distribution.
14: * 3. All advertising materials mentioning features or use of this software
15: * must display the following acknowledgement:
1.2 provos 16: * This product includes software developed by Niels Provos.
1.1 provos 17: * 4. The name of the author may not be used to endorse or promote products
18: * derived from this software without specific prior written permission.
19: *
20: * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
21: * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
22: * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
23: * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
24: * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
25: * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
26: * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
27: * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
28: * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
29: * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
30: */
31:
1.2 provos 32: #include <sys/syslimits.h>
1.7 provos 33: #include <sys/types.h>
1.1 provos 34: #include <stdio.h>
1.4 weingart 35: #include <stdlib.h>
1.1 provos 36: #include <string.h>
37: #include <err.h>
1.7 provos 38: #include <grp.h>
1.1 provos 39: #include <pwd.h>
1.2 provos 40: #include <util.h>
1.4 weingart 41: #include <time.h>
1.10 millert 42: #include <login_cap.h>
1.1 provos 43:
1.14 deraadt 44: void to64(char *, int32_t, int n);
45: char *bcrypt_gensalt(u_int8_t);
1.1 provos 46:
1.2 provos 47: int
1.14 deraadt 48: pwd_gensalt(char *salt, int saltlen, struct passwd *pwd, login_cap_t *lc, char type)
1.1 provos 49: {
1.14 deraadt 50: char option[LINE_MAX], *next, *now, *cipher;
51:
1.1 provos 52: *salt = '\0';
53:
54: switch (type) {
55: case 'y':
1.14 deraadt 56: cipher = "ypcipher";
1.1 provos 57: break;
58: case 'l':
59: default:
1.14 deraadt 60: cipher = "localcipher";
1.1 provos 61: break;
1.7 provos 62: }
63:
1.10 millert 64: /*
65: * Check login.conf, falling back onto the deprecated passwd.conf
66: */
67: /* XXX - when passwd.conf goes away completely, add a default value */
68: if ((next = login_getcapstr(lc, cipher, NULL, NULL)) != NULL) {
69: strlcpy(option, next, sizeof(option));
70: free(next);
71: } else {
72: pw_getconf(option, LINE_MAX, pwd->pw_name, cipher);
73:
74: /* Try to find an entry for the group */
75: if (*option == 0) {
76: struct group *grp;
77: char grpkey[LINE_MAX];
78:
79: grp = getgrgid(pwd->pw_gid);
80: if (grp != NULL) {
1.14 deraadt 81: snprintf(grpkey, LINE_MAX, ":%s",
1.13 itojun 82: grp->gr_name);
83: pw_getconf(option, LINE_MAX, grpkey, cipher);
84: }
85: if (grp != NULL && *option == 0 &&
86: strchr(pwd->pw_name, '.') == NULL) {
1.14 deraadt 87: snprintf(grpkey, LINE_MAX, ".%s",
1.10 millert 88: grp->gr_name);
89: pw_getconf(option, LINE_MAX, grpkey, cipher);
90: }
91: if (*option == 0)
92: pw_getconf(option, LINE_MAX, "default", cipher);
1.7 provos 93: }
1.1 provos 94: }
95:
96: next = option;
97: now = strsep(&next, ",");
98: if (!strcmp(now, "old")) {
1.14 deraadt 99: if (saltlen < 3)
1.2 provos 100: return 0;
1.5 provos 101: to64(&salt[0], arc4random(), 2);
1.2 provos 102: salt[2] = '\0';
1.3 provos 103: } else if (!strcmp(now, "newsalt")) {
1.8 provos 104: u_int32_t rounds = atol(next);
1.14 deraadt 105:
106: if (saltlen < 10)
1.3 provos 107: return 0;
1.9 provos 108: /* Check rounds, 24 bit is max */
109: if (rounds < 7250)
110: rounds = 7250;
111: else if (rounds > 0xffffff)
1.14 deraadt 112: rounds = 0xffffff;
1.3 provos 113: salt[0] = _PASSWORD_EFMT1;
1.8 provos 114: to64(&salt[1], (u_int32_t) rounds, 4);
1.5 provos 115: to64(&salt[5], arc4random(), 4);
1.3 provos 116: salt[9] = '\0';
117: } else if (!strcmp(now, "md5")) {
1.14 deraadt 118: if (saltlen < 13) /* $1$8salt$\0 */
1.3 provos 119: return 0;
1.14 deraadt 120:
121: strlcpy(salt, "$1$", saltlen);
1.5 provos 122: to64(&salt[3], arc4random(), 4);
123: to64(&salt[7], arc4random(), 4);
1.16 ! deraadt 124: strlcpy(&salt[11], "$", saltlen - 11);
1.3 provos 125: } else if (!strcmp(now, "blowfish")) {
1.14 deraadt 126: int rounds = atoi(next);
127:
1.3 provos 128: if (rounds < 4)
129: rounds = 4;
1.14 deraadt 130: strlcpy(salt, bcrypt_gensalt(rounds), saltlen);
1.3 provos 131: } else {
1.14 deraadt 132: strlcpy(salt, ":", saltlen);
1.15 henning 133: warnx("Unknown option %s.", now);
1.3 provos 134: }
1.2 provos 135: return 1;
136: }
137:
1.6 deraadt 138: static unsigned char itoa64[] = /* 0 ... 63 => ascii - 64 */
139: "./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz";
1.2 provos 140:
1.6 deraadt 141: void
1.14 deraadt 142: to64(char *s, int32_t v, int n)
1.2 provos 143: {
1.6 deraadt 144: while (--n >= 0) {
145: *s++ = itoa64[v&0x3f];
146: v >>= 6;
147: }
1.1 provos 148: }