Annotation of src/usr.bin/passwd/pwd_gensalt.c, Revision 1.24
1.24 ! deraadt 1: /* $OpenBSD: pwd_gensalt.c,v 1.23 2006/03/30 21:06:29 deraadt Exp $ */
1.17 deraadt 2:
1.1 provos 3: /*
4: * Copyright 1997 Niels Provos <provos@physnet.uni-hamburg.de>
5: * All rights reserved.
6: *
7: * Redistribution and use in source and binary forms, with or without
8: * modification, are permitted provided that the following conditions
9: * are met:
10: * 1. Redistributions of source code must retain the above copyright
11: * notice, this list of conditions and the following disclaimer.
12: * 2. Redistributions in binary form must reproduce the above copyright
13: * notice, this list of conditions and the following disclaimer in the
14: * documentation and/or other materials provided with the distribution.
15: * 3. All advertising materials mentioning features or use of this software
16: * must display the following acknowledgement:
1.2 provos 17: * This product includes software developed by Niels Provos.
1.1 provos 18: * 4. The name of the author may not be used to endorse or promote products
19: * derived from this software without specific prior written permission.
20: *
21: * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
22: * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
23: * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
24: * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
25: * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
26: * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
27: * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
28: * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
29: * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
30: * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
31: */
32:
1.2 provos 33: #include <sys/syslimits.h>
1.7 provos 34: #include <sys/types.h>
1.1 provos 35: #include <stdio.h>
1.4 weingart 36: #include <stdlib.h>
1.1 provos 37: #include <string.h>
38: #include <err.h>
1.7 provos 39: #include <grp.h>
1.1 provos 40: #include <pwd.h>
1.4 weingart 41: #include <time.h>
1.10 millert 42: #include <login_cap.h>
1.1 provos 43:
1.24 ! deraadt 44: static void to64(char *, u_int32_t, int n);
! 45: char *bcrypt_gensalt(u_int8_t);
! 46: int pwd_gensalt(char *, int, login_cap_t *, char);
1.1 provos 47:
1.20 millert 48: #define YPCIPHER_DEF "old"
49: #define LOCALCIPHER_DEF "blowfish,6"
50:
1.2 provos 51: int
1.18 millert 52: pwd_gensalt(char *salt, int saltlen, login_cap_t *lc, char type)
1.1 provos 53: {
1.21 otto 54: char *next, *now, *oldnext;
1.14 deraadt 55:
1.1 provos 56: *salt = '\0';
57:
58: switch (type) {
59: case 'y':
1.21 otto 60: next = login_getcapstr(lc, "ypcipher", NULL, NULL);
61: if (next == NULL && (next = strdup(YPCIPHER_DEF)) == NULL) {
62: warn(NULL);
63: return 0;
64: }
1.1 provos 65: break;
66: case 'l':
67: default:
1.21 otto 68: next = login_getcapstr(lc, "localcipher", NULL, NULL);
69: if (next == NULL && (next = strdup(LOCALCIPHER_DEF)) == NULL) {
70: warn(NULL);
71: return 0;
72: }
1.1 provos 73: break;
74: }
75:
1.21 otto 76: oldnext = next;
1.1 provos 77: now = strsep(&next, ",");
78: if (!strcmp(now, "old")) {
1.21 otto 79: if (saltlen < 3) {
80: free(oldnext);
1.2 provos 81: return 0;
1.21 otto 82: }
1.5 provos 83: to64(&salt[0], arc4random(), 2);
1.2 provos 84: salt[2] = '\0';
1.3 provos 85: } else if (!strcmp(now, "newsalt")) {
1.22 moritz 86: u_int32_t rounds = 7250;
1.14 deraadt 87:
1.22 moritz 88: if (next)
89: rounds = atol(next);
1.21 otto 90: if (saltlen < 10) {
91: free(oldnext);
1.3 provos 92: return 0;
1.21 otto 93: }
1.9 provos 94: /* Check rounds, 24 bit is max */
95: if (rounds < 7250)
96: rounds = 7250;
97: else if (rounds > 0xffffff)
1.14 deraadt 98: rounds = 0xffffff;
1.3 provos 99: salt[0] = _PASSWORD_EFMT1;
1.23 deraadt 100: to64(&salt[1], (u_int32_t)rounds, 4);
1.5 provos 101: to64(&salt[5], arc4random(), 4);
1.3 provos 102: salt[9] = '\0';
103: } else if (!strcmp(now, "md5")) {
1.21 otto 104: if (saltlen < 13) { /* $1$8salt$\0 */
105: free(oldnext);
1.3 provos 106: return 0;
1.21 otto 107: }
1.14 deraadt 108:
109: strlcpy(salt, "$1$", saltlen);
1.5 provos 110: to64(&salt[3], arc4random(), 4);
111: to64(&salt[7], arc4random(), 4);
1.16 deraadt 112: strlcpy(&salt[11], "$", saltlen - 11);
1.3 provos 113: } else if (!strcmp(now, "blowfish")) {
1.22 moritz 114: int rounds = 6;
1.14 deraadt 115:
1.22 moritz 116: if (next)
117: rounds = atoi(next);
1.3 provos 118: if (rounds < 4)
119: rounds = 4;
1.22 moritz 120: if (rounds > 31)
121: rounds = 31;
1.14 deraadt 122: strlcpy(salt, bcrypt_gensalt(rounds), saltlen);
1.3 provos 123: } else {
1.15 henning 124: warnx("Unknown option %s.", now);
1.22 moritz 125: free(oldnext);
126: return 0;
1.3 provos 127: }
1.21 otto 128: free(oldnext);
1.2 provos 129: return 1;
130: }
131:
1.6 deraadt 132: static unsigned char itoa64[] = /* 0 ... 63 => ascii - 64 */
133: "./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz";
1.2 provos 134:
1.24 ! deraadt 135: static void
! 136: to64(char *s, u_int32_t v, int n)
1.2 provos 137: {
1.6 deraadt 138: while (--n >= 0) {
139: *s++ = itoa64[v&0x3f];
1.24 ! deraadt 140: v >>= 6;
1.6 deraadt 141: }
1.1 provos 142: }