[BACK]Return to pw_gensalt.c CVS log [TXT][DIR] Up to [cvs.NetBSD.org] / src / lib / libcrypt

Annotation of src/lib/libcrypt/pw_gensalt.c, Revision 1.7

1.7     ! lukem       1: /*     $NetBSD: pw_gensalt.c,v 1.6 2007/01/17 23:24:22 hubertf Exp $   */
1.1       christos    2:
                      3: /*
                      4:  * Copyright 1997 Niels Provos <provos@physnet.uni-hamburg.de>
                      5:  * All rights reserved.
                      6:  *
                      7:  * Redistribution and use in source and binary forms, with or without
                      8:  * modification, are permitted provided that the following conditions
                      9:  * are met:
                     10:  * 1. Redistributions of source code must retain the above copyright
                     11:  *    notice, this list of conditions and the following disclaimer.
                     12:  * 2. Redistributions in binary form must reproduce the above copyright
                     13:  *    notice, this list of conditions and the following disclaimer in the
                     14:  *    documentation and/or other materials provided with the distribution.
                     15:  * 3. All advertising materials mentioning features or use of this software
                     16:  *    must display the following acknowledgement:
                     17:  *      This product includes software developed by Niels Provos.
                     18:  * 4. The name of the author may not be used to endorse or promote products
                     19:  *    derived from this software without specific prior written permission.
                     20:  *
                     21:  * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
                     22:  * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
                     23:  * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
                     24:  * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
                     25:  * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
                     26:  * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
                     27:  * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
                     28:  * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
                     29:  * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
                     30:  * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
                     31:  *
                     32:  * from OpenBSD: pwd_gensalt.c,v 1.9 1998/07/05 21:08:32 provos Exp
                     33:  */
                     34:
                     35: #include <sys/cdefs.h>
                     36: #ifndef lint
1.7     ! lukem      37: __RCSID("$NetBSD: pw_gensalt.c,v 1.6 2007/01/17 23:24:22 hubertf Exp $");
1.1       christos   38: #endif /* not lint */
                     39:
                     40: #include <sys/syslimits.h>
                     41: #include <sys/types.h>
                     42:
                     43: #include <stdio.h>
                     44: #include <stdlib.h>
                     45: #include <string.h>
                     46: #include <limits.h>
                     47: #include <err.h>
                     48: #include <grp.h>
                     49: #include <pwd.h>
                     50: #include <util.h>
                     51: #include <time.h>
                     52: #include <errno.h>
                     53:
1.3       christos   54: #include "crypt.h"
1.1       christos   55:
                     56:
                     57: static const struct pw_salt {
                     58:        const char *name;
1.4       christos   59:        int (*gensalt)(char *, size_t, const char *);
1.1       christos   60: } salts[] = {
                     61:        { "old", __gensalt_old },
                     62:        { "new", __gensalt_new },
                     63:        { "newsalt", __gensalt_new },
                     64:        { "md5", __gensalt_md5 },
                     65:        { "sha1", __gensalt_sha1 },
                     66:        { "blowfish", __gensalt_blowfish },
                     67:        { NULL, NULL }
                     68: };
                     69:
1.4       christos   70: static int
                     71: getnum(const char *str, size_t *num)
                     72: {
                     73:        char *ep;
                     74:        unsigned long rv;
                     75:
                     76:        if (str == NULL) {
                     77:                *num = 0;
                     78:                return 0;
                     79:        }
                     80:
1.5       christos   81:        rv = strtoul(str, &ep, 0);
1.4       christos   82:
1.5       christos   83:        if (str == ep || *ep) {
1.4       christos   84:                errno = EINVAL;
                     85:                return -1;
                     86:        }
                     87:
                     88:        if (errno == ERANGE && rv == ULONG_MAX)
                     89:                return -1;
                     90:        *num = (size_t)rv;
                     91:        return 0;
                     92: }
                     93:
1.1       christos   94: int
1.3       christos   95: /*ARGSUSED2*/
1.4       christos   96: __gensalt_old(char *salt, size_t saltsiz, const char *option)
1.1       christos   97: {
                     98:        if (saltsiz < 3) {
                     99:                errno = ENOSPC;
                    100:                return -1;
                    101:        }
                    102:        __crypt_to64(&salt[0], arc4random(), 2);
                    103:        salt[2] = '\0';
                    104:        return 0;
                    105: }
                    106:
                    107: int
1.3       christos  108: /*ARGSUSED2*/
1.4       christos  109: __gensalt_new(char *salt, size_t saltsiz, const char* option)
1.1       christos  110: {
1.4       christos  111:        size_t nrounds;
                    112:
1.1       christos  113:        if (saltsiz < 10) {
                    114:                errno = ENOSPC;
                    115:                return -1;
                    116:        }
1.4       christos  117:
                    118:        if (getnum(option, &nrounds) == -1)
                    119:                return -1;
                    120:
1.1       christos  121:        /* Check rounds, 24 bit is max */
                    122:        if (nrounds < 7250)
                    123:                nrounds = 7250;
                    124:        else if (nrounds > 0xffffff)
                    125:                nrounds = 0xffffff;
                    126:        salt[0] = _PASSWORD_EFMT1;
                    127:        __crypt_to64(&salt[1], (uint32_t)nrounds, 4);
                    128:        __crypt_to64(&salt[5], arc4random(), 4);
                    129:        salt[9] = '\0';
                    130:        return 0;
                    131: }
                    132:
                    133: int
1.3       christos  134: /*ARGSUSED2*/
1.4       christos  135: __gensalt_md5(char *salt, size_t saltsiz, const char *option)
1.1       christos  136: {
                    137:        if (saltsiz < 13) {  /* $1$8salt$\0 */
                    138:                errno = ENOSPC;
                    139:                return -1;
                    140:        }
                    141:        salt[0] = _PASSWORD_NONDES;
                    142:        salt[1] = '1';
                    143:        salt[2] = '$';
                    144:        __crypt_to64(&salt[3], arc4random(), 4);
                    145:        __crypt_to64(&salt[7], arc4random(), 4);
                    146:        salt[11] = '$';
                    147:        salt[12] = '\0';
                    148:        return 0;
                    149: }
                    150:
                    151: int
1.4       christos  152: __gensalt_sha1(char *salt, size_t saltsiz, const char *option)
1.1       christos  153: {
                    154:        int n;
1.4       christos  155:        size_t nrounds;
1.1       christos  156:
1.4       christos  157:        if (getnum(option, &nrounds) == -1)
                    158:                return -1;
1.1       christos  159:        n = snprintf(salt, saltsiz, "%s%u$", SHA1_MAGIC,
                    160:            __crypt_sha1_iterations(nrounds));
                    161:        /*
                    162:         * The salt can be up to 64 bytes, but 8
                    163:         * is considered enough for now.
                    164:         */
1.7     ! lukem     165:        if ((size_t)n + 9 >= saltsiz)
1.1       christos  166:                return 0;
                    167:        __crypt_to64(&salt[n], arc4random(), 4);
                    168:        __crypt_to64(&salt[n + 4], arc4random(), 4);
                    169:        salt[n + 8] = '$';
                    170:        salt[n + 9] = '\0';
                    171:        return 0;
                    172: }
                    173:
                    174: int
1.4       christos  175: pw_gensalt(char *salt, size_t saltlen, const char *type, const char *option)
1.1       christos  176: {
1.5       christos  177:        const struct pw_salt *sp;
                    178:
1.1       christos  179:        for (sp = salts; sp->name; sp++)
1.4       christos  180:                if (strcmp(sp->name, type) == 0)
                    181:                        return (*sp->gensalt)(salt, saltlen, option);
1.1       christos  182:
                    183:        errno = EINVAL;
                    184:        return -1;
                    185: }

CVSweb <webmaster@jp.NetBSD.org>