pwhash.c revision 1.2
1 /* $NetBSD: pwhash.c,v 1.2 2002/10/02 07:35:30 wiz Exp $ */ 2 /* $OpenBSD: encrypt.c,v 1.16 2002/02/16 21:27:45 millert Exp $ */ 3 4 /* 5 * Copyright (c) 1996, Jason Downs. All rights reserved. 6 * 7 * Redistribution and use in source and binary forms, with or without 8 * modification, are permitted provided that the following conditions 9 * are met: 10 * 1. Redistributions of source code must retain the above copyright 11 * notice, this list of conditions and the following disclaimer. 12 * 2. Redistributions in binary form must reproduce the above copyright 13 * notice, this list of conditions and the following disclaimer in the 14 * documentation and/or other materials provided with the distribution. 15 * 16 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR(S) ``AS IS'' AND ANY EXPRESS 17 * OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED 18 * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE 19 * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR(S) BE LIABLE FOR ANY DIRECT, 20 * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES 21 * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR 22 * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER 23 * CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 24 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 25 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 26 * SUCH DAMAGE. 27 */ 28 29 #include <sys/types.h> 30 #include <ctype.h> 31 #include <err.h> 32 #include <errno.h> 33 #include <pwd.h> 34 #include <stdio.h> 35 #include <stdlib.h> 36 #include <string.h> 37 #include <unistd.h> 38 #include <login_cap.h> 39 40 /* 41 * Very simple little program, for encrypting passwords from the command 42 * line. Useful for scripts and such. 43 */ 44 45 #define DO_MAKEKEY 0 46 #define DO_DES 1 47 #define DO_MD5 2 48 #define DO_BLF 3 49 50 extern char *__progname; 51 char buffer[_PASSWORD_LEN]; 52 void print_passwd(char *, int , void *); 53 54 void usage(void); 55 char *trim(char *); 56 57 void 58 usage(void) 59 { 60 61 (void)fprintf(stderr, 62 "usage: %s [-b rounds] [-k] [-m] [-s salt] [-p | string]\n", 63 __progname); 64 exit(1); 65 } 66 67 char * 68 trim(char *line) 69 { 70 char *ptr; 71 72 for (ptr = &line[strlen(line)-1]; ptr > line; ptr--) { 73 if (!isspace(*ptr)) 74 break; 75 } 76 ptr[1] = '\0'; 77 78 for (ptr = line; *ptr && isspace(*ptr); ptr++) 79 ; 80 81 return(ptr); 82 } 83 84 void 85 print_passwd(char *string, int operation, void *extra) 86 { 87 char msalt[3], *salt; 88 struct passwd pwd; 89 login_cap_t *lc; 90 int pwd_gensalt(char *, int, struct passwd *, login_cap_t *, char); 91 void to64(char *, int32_t, int n); 92 93 switch(operation) { 94 case DO_MAKEKEY: 95 /* 96 * makekey mode: parse string into separate DES key and salt. 97 */ 98 if (strlen(string) != 10) { 99 /* To be compatible... */ 100 errx(1, "%s", strerror(EFTYPE)); 101 } 102 strcpy(msalt, &string[8]); 103 salt = msalt; 104 break; 105 106 case DO_MD5: 107 strcpy(buffer, "$1$"); 108 to64(&buffer[3], arc4random(), 4); 109 to64(&buffer[7], arc4random(), 4); 110 strcpy(buffer + 11, "$"); 111 salt = buffer; 112 break; 113 114 case DO_BLF: 115 strlcpy(buffer, bcrypt_gensalt(*(int *)extra), _PASSWORD_LEN); 116 salt = buffer; 117 break; 118 119 case DO_DES: 120 salt = extra; 121 break; 122 123 default: 124 pwd.pw_name = "default"; 125 if ((lc = login_getclass(NULL)) == NULL) 126 errx(1, "unable to get default login class."); 127 if (!pwd_gensalt(buffer, _PASSWORD_LEN, &pwd, lc, 'l')) 128 errx(1, "can't generate salt"); 129 salt = buffer; 130 break; 131 } 132 133 (void)fputs(crypt(string, salt), stdout); 134 } 135 136 int 137 main(int argc, char **argv) 138 { 139 int opt; 140 int operation = -1; 141 int prompt = 0; 142 int rounds; 143 void *extra; /* Store salt or number of rounds */ 144 145 if (strcmp(__progname, "makekey") == 0) 146 operation = DO_MAKEKEY; 147 148 while ((opt = getopt(argc, argv, "kmps:b:")) != -1) { 149 switch (opt) { 150 case 'k': /* Stdin/Stdout Unix crypt */ 151 if (operation != -1 || prompt) 152 usage(); 153 operation = DO_MAKEKEY; 154 break; 155 156 case 'm': /* MD5 password hash */ 157 if (operation != -1) 158 usage(); 159 operation = DO_MD5; 160 break; 161 162 case 'p': 163 if (operation == DO_MAKEKEY) 164 usage(); 165 prompt = 1; 166 break; 167 168 case 's': /* Unix crypt (DES) */ 169 if (operation != -1 || optarg[0] == '$') 170 usage(); 171 operation = DO_DES; 172 extra = optarg; 173 break; 174 175 case 'b': /* Blowfish password hash */ 176 if (operation != -1) 177 usage(); 178 operation = DO_BLF; 179 rounds = atoi(optarg); 180 extra = &rounds; 181 break; 182 183 default: 184 usage(); 185 } 186 } 187 188 if (((argc - optind) < 1) || operation == DO_MAKEKEY) { 189 char line[BUFSIZ], *string; 190 191 if (prompt) { 192 string = getpass("Enter string: "); 193 print_passwd(string, operation, extra); 194 (void)fputc('\n', stdout); 195 } else { 196 /* Encrypt stdin to stdout. */ 197 while (!feof(stdin) && 198 (fgets(line, sizeof(line), stdin) != NULL)) { 199 /* Kill the whitesapce. */ 200 string = trim(line); 201 if (*string == '\0') 202 continue; 203 204 print_passwd(string, operation, extra); 205 206 if (operation == DO_MAKEKEY) { 207 fflush(stdout); 208 break; 209 } 210 (void)fputc('\n', stdout); 211 } 212 } 213 } else { 214 char *string; 215 216 /* can't combine -p with a supplied string */ 217 if (prompt) 218 usage(); 219 220 /* Perhaps it isn't worth worrying about, but... */ 221 if ((string = strdup(argv[optind])) == NULL) 222 err(1, NULL); 223 /* Wipe the argument. */ 224 memset(argv[optind], 0, strlen(argv[optind])); 225 226 print_passwd(string, operation, extra); 227 228 (void)fputc('\n', stdout); 229 230 /* Wipe our copy, before we free it. */ 231 memset(string, 0, strlen(string)); 232 free(string); 233 } 234 exit(0); 235 } 236
Indexes created Thu Oct 02 10:09:58 GMT 2025