pwhash.c revision 1.8
1 /* $NetBSD: pwhash.c,v 1.8 2004/11/01 21:12:59 dsl Exp $ */ 2 /* $OpenBSD: encrypt.c,v 1.16 2002/02/16 21:27:45 millert Exp $ */ 3 4 /* 5 * Copyright (c) 1996, Jason Downs. All rights reserved. 6 * 7 * Redistribution and use in source and binary forms, with or without 8 * modification, are permitted provided that the following conditions 9 * are met: 10 * 1. Redistributions of source code must retain the above copyright 11 * notice, this list of conditions and the following disclaimer. 12 * 2. Redistributions in binary form must reproduce the above copyright 13 * notice, this list of conditions and the following disclaimer in the 14 * documentation and/or other materials provided with the distribution. 15 * 16 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR(S) ``AS IS'' AND ANY EXPRESS 17 * OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED 18 * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE 19 * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR(S) BE LIABLE FOR ANY DIRECT, 20 * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES 21 * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR 22 * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER 23 * CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 24 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 25 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 26 * SUCH DAMAGE. 27 */ 28 #include <sys/cdefs.h> 29 30 #ifndef lint 31 __RCSID("$NetBSD: pwhash.c,v 1.8 2004/11/01 21:12:59 dsl Exp $"); 32 #endif 33 34 #include <sys/types.h> 35 #include <ctype.h> 36 #include <err.h> 37 #include <errno.h> 38 #include <pwd.h> 39 #include <stdio.h> 40 #include <stdlib.h> 41 #include <string.h> 42 #include <unistd.h> 43 #include <login_cap.h> 44 45 #include <crypt.h> 46 47 /* 48 * Very simple little program, for encrypting passwords from the command 49 * line. Useful for scripts and such. 50 */ 51 52 #define DO_MAKEKEY 0 53 #define DO_DES 1 54 #define DO_MD5 2 55 #define DO_BLF 3 56 #define DO_SHA1 4 57 58 static void 59 usage(void) 60 { 61 62 (void)fprintf(stderr, 63 "usage: %s [-b rounds] [-k] [-m] [-S rounds] [-s salt] [-p | string]\n", 64 getprogname()); 65 exit(1); 66 } 67 68 static char * 69 trim(char *line) 70 { 71 char *ptr; 72 73 for (ptr = &line[strlen(line)-1]; ptr > line; ptr--) { 74 if (!isspace((unsigned char)*ptr)) 75 break; 76 } 77 ptr[1] = '\0'; 78 79 for (ptr = line; *ptr && isspace((unsigned char)*ptr); ptr++) 80 ; 81 82 return(ptr); 83 } 84 85 /* these are pulled from usr.bin/passwd/pwd_gensalt.c */ 86 int pwd_gensalt(char *, int, struct passwd *, login_cap_t *, char); 87 88 static void 89 print_passwd(char *string, int operation, void *extra) 90 { 91 char msalt[3], *salt; 92 struct passwd pwd; 93 login_cap_t *lc; 94 char buffer[_PASSWORD_LEN]; 95 96 switch(operation) { 97 case DO_MAKEKEY: 98 /* 99 * makekey mode: parse string into separate DES key and salt. 100 */ 101 if (strlen(string) != 10) { 102 /* To be compatible... */ 103 errx(1, "%s", strerror(EFTYPE)); 104 } 105 strlcpy(msalt, &string[8], sizeof(msalt)); 106 salt = msalt; 107 break; 108 109 case DO_MD5: 110 strlcpy(buffer, "$1$", sizeof(buffer)); 111 __crypt_to64(&buffer[3], arc4random(), 4); 112 __crypt_to64(&buffer[7], arc4random(), 4); 113 strlcpy(buffer + 11, "$", sizeof(buffer) - 11); 114 salt = buffer; 115 break; 116 117 case DO_SHA1: 118 { 119 int n; 120 121 n = snprintf(buffer, sizeof(buffer), 122 "%s%u$", SHA1_MAGIC, 123 __crypt_sha1_iterations(*(int *)extra)); 124 __crypt_to64(&buffer[n], arc4random(), 4); 125 __crypt_to64(&buffer[n + 4], arc4random(), 4); 126 buffer[n + 8] = '$'; 127 buffer[n + 9] = '\0'; 128 salt = buffer; 129 } 130 break; 131 case DO_BLF: 132 strlcpy(buffer, bcrypt_gensalt(*(int *)extra), _PASSWORD_LEN); 133 salt = buffer; 134 break; 135 136 case DO_DES: 137 salt = extra; 138 break; 139 140 default: 141 pwd.pw_name = "default"; 142 if ((lc = login_getclass(NULL)) == NULL) 143 errx(1, "unable to get default login class."); 144 if (!pwd_gensalt(buffer, _PASSWORD_LEN, &pwd, lc, 'l')) 145 errx(1, "can't generate salt"); 146 salt = buffer; 147 break; 148 } 149 150 (void)fputs(crypt(string, salt), stdout); 151 } 152 153 int 154 main(int argc, char **argv) 155 { 156 int opt; 157 int operation = -1; 158 int prompt = 0; 159 int rounds; 160 void *extra; /* Store salt or number of rounds */ 161 162 setprogname(argv[0]); 163 164 if (strcmp(getprogname(), "makekey") == 0) 165 operation = DO_MAKEKEY; 166 167 while ((opt = getopt(argc, argv, "kmpS:s:b:")) != -1) { 168 switch (opt) { 169 case 'k': /* Stdin/Stdout Unix crypt */ 170 if (operation != -1 || prompt) 171 usage(); 172 operation = DO_MAKEKEY; 173 break; 174 175 case 'm': /* MD5 password hash */ 176 if (operation != -1) 177 usage(); 178 operation = DO_MD5; 179 break; 180 181 case 'p': 182 if (operation == DO_MAKEKEY) 183 usage(); 184 prompt = 1; 185 break; 186 187 case 'S': /* SHA1 password hash */ 188 if (operation != -1) 189 usage(); 190 operation = DO_SHA1; 191 rounds = atoi(optarg); 192 extra = &rounds; 193 break; 194 195 case 's': /* Unix crypt (DES) */ 196 if (operation != -1 || optarg[0] == '$') 197 usage(); 198 operation = DO_DES; 199 extra = optarg; 200 break; 201 202 case 'b': /* Blowfish password hash */ 203 if (operation != -1) 204 usage(); 205 operation = DO_BLF; 206 rounds = atoi(optarg); 207 extra = &rounds; 208 break; 209 210 default: 211 usage(); 212 } 213 } 214 215 if (((argc - optind) < 1) || operation == DO_MAKEKEY) { 216 char line[BUFSIZ], *string; 217 218 if (prompt) { 219 string = getpass("Enter string: "); 220 print_passwd(string, operation, extra); 221 (void)fputc('\n', stdout); 222 } else { 223 /* Encrypt stdin to stdout. */ 224 while (!feof(stdin) && 225 (fgets(line, sizeof(line), stdin) != NULL)) { 226 /* Kill the whitesapce. */ 227 string = trim(line); 228 if (*string == '\0') 229 continue; 230 231 print_passwd(string, operation, extra); 232 233 if (operation == DO_MAKEKEY) { 234 fflush(stdout); 235 break; 236 } 237 (void)fputc('\n', stdout); 238 } 239 } 240 } else { 241 char *string; 242 243 /* can't combine -p with a supplied string */ 244 if (prompt) 245 usage(); 246 247 /* Perhaps it isn't worth worrying about, but... */ 248 if ((string = strdup(argv[optind])) == NULL) 249 err(1, NULL); 250 /* Wipe the argument. */ 251 memset(argv[optind], 0, strlen(argv[optind])); 252 253 print_passwd(string, operation, extra); 254 255 (void)fputc('\n', stdout); 256 257 /* Wipe our copy, before we free it. */ 258 memset(string, 0, strlen(string)); 259 free(string); 260 } 261 exit(0); 262 } 263
Indexes created Thu Oct 02 01:09:59 GMT 2025