pw_gensalt.c revision 1.3
1 1.3 christos /* $NetBSD: pw_gensalt.c,v 1.3 2005/01/11 23:21:31 christos Exp $ */ 2 1.1 christos 3 1.1 christos /* 4 1.1 christos * Copyright 1997 Niels Provos <provos (at) physnet.uni-hamburg.de> 5 1.1 christos * All rights reserved. 6 1.1 christos * 7 1.1 christos * Redistribution and use in source and binary forms, with or without 8 1.1 christos * modification, are permitted provided that the following conditions 9 1.1 christos * are met: 10 1.1 christos * 1. Redistributions of source code must retain the above copyright 11 1.1 christos * notice, this list of conditions and the following disclaimer. 12 1.1 christos * 2. Redistributions in binary form must reproduce the above copyright 13 1.1 christos * notice, this list of conditions and the following disclaimer in the 14 1.1 christos * documentation and/or other materials provided with the distribution. 15 1.1 christos * 3. All advertising materials mentioning features or use of this software 16 1.1 christos * must display the following acknowledgement: 17 1.1 christos * This product includes software developed by Niels Provos. 18 1.1 christos * 4. The name of the author may not be used to endorse or promote products 19 1.1 christos * derived from this software without specific prior written permission. 20 1.1 christos * 21 1.1 christos * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 22 1.1 christos * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 23 1.1 christos * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 24 1.1 christos * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, 25 1.1 christos * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 26 1.1 christos * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 27 1.1 christos * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 28 1.1 christos * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 29 1.1 christos * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 30 1.1 christos * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 31 1.1 christos * 32 1.1 christos * from OpenBSD: pwd_gensalt.c,v 1.9 1998/07/05 21:08:32 provos Exp 33 1.1 christos */ 34 1.1 christos 35 1.1 christos #include <sys/cdefs.h> 36 1.1 christos #ifndef lint 37 1.3 christos __RCSID("$NetBSD: pw_gensalt.c,v 1.3 2005/01/11 23:21:31 christos Exp $"); 38 1.1 christos #endif /* not lint */ 39 1.1 christos 40 1.1 christos #include <sys/syslimits.h> 41 1.1 christos #include <sys/types.h> 42 1.1 christos 43 1.1 christos #include <stdio.h> 44 1.1 christos #include <stdlib.h> 45 1.1 christos #include <string.h> 46 1.1 christos #include <limits.h> 47 1.1 christos #include <err.h> 48 1.1 christos #include <grp.h> 49 1.1 christos #include <pwd.h> 50 1.1 christos #include <util.h> 51 1.1 christos #include <time.h> 52 1.1 christos #include <errno.h> 53 1.1 christos #include <pwd.h> 54 1.1 christos 55 1.3 christos #include "crypt.h" 56 1.1 christos 57 1.1 christos 58 1.1 christos static const struct pw_salt { 59 1.1 christos const char *name; 60 1.1 christos int (*gensalt)(char *, size_t, size_t); 61 1.1 christos } salts[] = { 62 1.1 christos { "old", __gensalt_old }, 63 1.1 christos { "new", __gensalt_new }, 64 1.1 christos { "newsalt", __gensalt_new }, 65 1.1 christos { "md5", __gensalt_md5 }, 66 1.1 christos { "sha1", __gensalt_sha1 }, 67 1.1 christos { "blowfish", __gensalt_blowfish }, 68 1.1 christos { NULL, NULL } 69 1.1 christos }; 70 1.1 christos 71 1.1 christos int 72 1.3 christos /*ARGSUSED2*/ 73 1.1 christos __gensalt_old(char *salt, size_t saltsiz, size_t nrounds) 74 1.1 christos { 75 1.1 christos if (saltsiz < 3) { 76 1.1 christos errno = ENOSPC; 77 1.1 christos return -1; 78 1.1 christos } 79 1.1 christos __crypt_to64(&salt[0], arc4random(), 2); 80 1.1 christos salt[2] = '\0'; 81 1.1 christos return 0; 82 1.1 christos } 83 1.1 christos 84 1.1 christos int 85 1.3 christos /*ARGSUSED2*/ 86 1.1 christos __gensalt_new(char *salt, size_t saltsiz, size_t nrounds) 87 1.1 christos { 88 1.1 christos if (saltsiz < 10) { 89 1.1 christos errno = ENOSPC; 90 1.1 christos return -1; 91 1.1 christos } 92 1.1 christos /* Check rounds, 24 bit is max */ 93 1.1 christos if (nrounds < 7250) 94 1.1 christos nrounds = 7250; 95 1.1 christos else if (nrounds > 0xffffff) 96 1.1 christos nrounds = 0xffffff; 97 1.1 christos salt[0] = _PASSWORD_EFMT1; 98 1.1 christos __crypt_to64(&salt[1], (uint32_t)nrounds, 4); 99 1.1 christos __crypt_to64(&salt[5], arc4random(), 4); 100 1.1 christos salt[9] = '\0'; 101 1.1 christos return 0; 102 1.1 christos } 103 1.1 christos 104 1.1 christos int 105 1.3 christos /*ARGSUSED2*/ 106 1.1 christos __gensalt_md5(char *salt, size_t saltsiz, size_t nrounds) 107 1.1 christos { 108 1.1 christos if (saltsiz < 13) { /* $1$8salt$\0 */ 109 1.1 christos errno = ENOSPC; 110 1.1 christos return -1; 111 1.1 christos } 112 1.1 christos salt[0] = _PASSWORD_NONDES; 113 1.1 christos salt[1] = '1'; 114 1.1 christos salt[2] = '$'; 115 1.1 christos __crypt_to64(&salt[3], arc4random(), 4); 116 1.1 christos __crypt_to64(&salt[7], arc4random(), 4); 117 1.1 christos salt[11] = '$'; 118 1.1 christos salt[12] = '\0'; 119 1.1 christos return 0; 120 1.1 christos } 121 1.1 christos 122 1.1 christos int 123 1.1 christos __gensalt_sha1(char *salt, size_t saltsiz, size_t nrounds) 124 1.1 christos { 125 1.1 christos int n; 126 1.1 christos 127 1.1 christos n = snprintf(salt, saltsiz, "%s%u$", SHA1_MAGIC, 128 1.1 christos __crypt_sha1_iterations(nrounds)); 129 1.1 christos /* 130 1.1 christos * The salt can be up to 64 bytes, but 8 131 1.1 christos * is considered enough for now. 132 1.1 christos */ 133 1.1 christos if (n + 9 >= saltsiz) 134 1.1 christos return 0; 135 1.1 christos __crypt_to64(&salt[n], arc4random(), 4); 136 1.1 christos __crypt_to64(&salt[n + 4], arc4random(), 4); 137 1.1 christos salt[n + 8] = '$'; 138 1.1 christos salt[n + 9] = '\0'; 139 1.1 christos return 0; 140 1.1 christos } 141 1.1 christos 142 1.1 christos int 143 1.1 christos pw_gensalt(char *salt, size_t saltlen, const struct passwd *pwd, char type) 144 1.1 christos { 145 1.1 christos char option[LINE_MAX], *next, *now, *cipher, *ep, grpkey[LINE_MAX]; 146 1.2 christos unsigned long rounds = 0; 147 1.1 christos struct group *grp; 148 1.1 christos const struct pw_salt *sp; 149 1.1 christos 150 1.1 christos switch (type) { 151 1.1 christos case 'y': 152 1.1 christos cipher = "ypcipher"; 153 1.1 christos break; 154 1.1 christos case 'l': 155 1.1 christos default: 156 1.1 christos cipher = "localcipher"; 157 1.1 christos break; 158 1.1 christos } 159 1.1 christos 160 1.1 christos pw_getconf(option, sizeof(option), pwd->pw_name, cipher); 161 1.1 christos 162 1.1 christos /* Try to find an entry for the group */ 163 1.1 christos if (*option == '\0') { 164 1.1 christos if ((grp = getgrgid(pwd->pw_gid)) != NULL) { 165 1.1 christos snprintf(grpkey, sizeof(grpkey), ":%s", grp->gr_name); 166 1.1 christos pw_getconf(option, sizeof(option), grpkey, cipher); 167 1.1 christos } 168 1.1 christos if (*option == '\0') 169 1.1 christos pw_getconf(option, sizeof(option), "default", cipher); 170 1.1 christos } 171 1.1 christos 172 1.1 christos next = option; 173 1.1 christos now = strsep(&next, ","); 174 1.2 christos if (next) { 175 1.2 christos rounds = strtoul(next, &ep, 0); 176 1.1 christos 177 1.2 christos if (next == ep || *ep) { 178 1.2 christos errno = EINVAL; 179 1.2 christos return -1; 180 1.2 christos } 181 1.2 christos 182 1.2 christos if (errno == ERANGE && rounds == ULONG_MAX) 183 1.2 christos return -1; 184 1.1 christos } 185 1.1 christos 186 1.1 christos for (sp = salts; sp->name; sp++) 187 1.1 christos if (strcmp(sp->name, now) == 0) 188 1.1 christos return (*sp->gensalt)(salt, saltlen, (size_t)rounds); 189 1.1 christos 190 1.1 christos errno = EINVAL; 191 1.1 christos return -1; 192 1.1 christos } 193
Indexes created Wed Sep 24 14:09:57 GMT 2025