aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--lib/lib.h3
-rw-r--r--lib/password.c76
-rw-r--r--lib/pending.h1
-rw-r--r--toys/pending/mkpasswd.c83
4 files changed, 70 insertions, 93 deletions
diff --git a/lib/lib.h b/lib/lib.h
index dfbe5e1c..9deacf22 100644
--- a/lib/lib.h
+++ b/lib/lib.h
@@ -165,6 +165,9 @@ int human_readable(char *buf, unsigned long long num);
// net.c
int xsocket(int domain, int type, int protocol);
+// password.c
+int get_salt(char *salt, char * algo);
+
// getmountlist.c
struct mtab_list {
struct mtab_list *next, *prev;
diff --git a/lib/password.c b/lib/password.c
index 930e9c36..76f00436 100644
--- a/lib/password.c
+++ b/lib/password.c
@@ -6,48 +6,48 @@
#include "toys.h"
#include <time.h>
+// generate appropriate random salt string for given encryption algorithm.
int get_salt(char *salt, char *algo)
{
- int i, len = 0, offset = 0;
- char buf[12];
-
- if (!strcmp(algo,"des")) len = 2;
- else {
- *salt++ = '$';
- if (!strcmp(algo,"md5")) {
- *salt++ = '1';
- len = 8;
- } else if (!strcmp(algo,"sha256")) {
- *salt++ = '5';
- len = 16;
- } else if (!strcmp(algo,"sha512")) {
- *salt++ = '6';
- len = 16;
- } else return -1;
-
- *salt++ = '$';
- offset = 3;
- }
-
- // Read appropriate number of random bytes for salt
- i = xopen("/dev/urandom", O_RDONLY);
- xreadall(i, buf, ((len*6)+7)/8);
- close(i);
-
- // Grab 6 bit chunks and convert to characters in ./0-9a-zA-Z
- for (i=0; i<len; i++) {
- int bitpos = i*6, bits = bitpos/8;
-
- bits = ((buf[i]+(buf[i+1]<<8)) >> (bitpos&7)) & 0x3f;
- bits += 46;
- if (bits > 57) bits += 7;
- if (bits > 90) bits += 6;
-
- salt[i] = bits;
+ struct {
+ char *type, id, len;
+ } al[] = {{"des", 0, 2}, {"md5", 1, 8}, {"sha256", 5, 16}, {"sha512", 6, 16}};
+ int i;
+
+ for (i = 0; i < ARRAY_LEN(al); i++) {
+ if (!strcmp(algo, al[i].type)) {
+ int len = al[i].len;
+ char *s = salt;
+
+ if (al[i].id) {
+ *s++ = '$';
+ *s++ = '0'+al[i].id;
+ }
+ *s++ = '$';
+
+ // Read appropriate number of random bytes for salt
+ i = xopen("/dev/urandom", O_RDONLY);
+ xreadall(i, libbuf, ((len*6)+7)/8);
+ close(i);
+
+ // Grab 6 bit chunks and convert to characters in ./0-9a-zA-Z
+ for (i=0; i<len; i++) {
+ int bitpos = i*6, bits = bitpos/8;
+
+ bits = ((libbuf[i]+(libbuf[i+1]<<8)) >> (bitpos&7)) & 0x3f;
+ bits += 46;
+ if (bits > 57) bits += 7;
+ if (bits > 90) bits += 6;
+
+ s[i] = bits;
+ }
+ salt[len] = 0;
+
+ return s-salt;
+ }
}
- salt[i] = 0;
- return offset;
+ return -1;
}
static void handle(int signo)
diff --git a/lib/pending.h b/lib/pending.h
index aa31ea9e..c99a9f17 100644
--- a/lib/pending.h
+++ b/lib/pending.h
@@ -4,7 +4,6 @@
#define MAX_SALT_LEN 20 //3 for id, 16 for key, 1 for '\0'
#define SYS_FIRST_ID 100
#define SYS_LAST_ID 999
-int get_salt(char *salt, char * algo);
void is_valid_username(const char *name);
int read_password(char * buff, int buflen, char* mesg);
int update_password(char *filename, char* username, char* encrypted);
diff --git a/toys/pending/mkpasswd.c b/toys/pending/mkpasswd.c
index a46c514c..4e6f063e 100644
--- a/toys/pending/mkpasswd.c
+++ b/toys/pending/mkpasswd.c
@@ -11,12 +11,12 @@ config MKPASSWD
bool "mkpasswd"
default n
help
- usage: mkpasswd [OPTIONS] [PASSWORD] [SALT]
+ usage: mkpasswd [-P FD] [-m TYPE] [-S SALT] [PASSWORD] [SALT]
Crypt PASSWORD using crypt(3)
- -P N Read password from fd N
- -m TYPE Encryption method, when TYPE='help', then show the methods available
+ -P FD Read password from file descriptor FD
+ -m TYPE Encryption method (des, md5, sha256, or sha512; default is des)
-S SALT
*/
@@ -29,74 +29,49 @@ GLOBALS(
char *salt;
)
-
-/*
- * validate the salt provided by user.
- * the allowed character set for salt is [./A-Za-z0-9]
- */
-static void is_salt_valid(char *salt)
-{
- regex_t rp;
- regmatch_t rm[1];
- char *regex = "[./A-Za-z0-9]*"; //salt REGEX
-
- xregcomp(&rp, regex, REG_NEWLINE);
-
- /* compare string against pattern -- remember that patterns
- are anchored to the beginning of the line */
- if (regexec(&rp, salt, 1, rm, 0) == 0 && rm[0].rm_so == 0
- && rm[0].rm_eo == strlen(salt))
- return;
-
- error_exit("salt should be in character set [./A-Za-z0-9]");
-}
-
void mkpasswd_main(void)
{
- int offset = 0;
char salt[MAX_SALT_LEN] = {0,};
+ int i;
- if (!(toys.optflags & FLAG_m)) TT.method = "des";
- else if (!strcmp(TT.method, "help")) {
- xprintf("Available encryption methods are:\n"
- " des\n md5\n sha256\n sha512\n");
- return;
+ if (!TT.method) TT.method = "des";
+ if (toys.optc == 2) {
+ if (TT.salt) error_exit("duplicate salt");
+ TT.salt = toys.optargs[1];
}
- // If arguments are there, then the second argument is Salt, can be NULL also
- if ((toys.optc == 2) && !(toys.optflags & FLAG_S)) TT.salt = toys.optargs[1];
- offset= get_salt(salt, TT.method);
- if (offset == -1) error_exit("unknown encryption method");
+ if (-1 == (i = get_salt(salt, TT.method))) error_exit("bad -m");
if (TT.salt) {
- is_salt_valid(TT.salt);
- snprintf(salt + offset, MAX_SALT_LEN - offset, "%s", TT.salt);
+ char *s = TT.salt;
+
+ // In C locale, isalnum() means [A-Za-Z0-0]
+ while (isalnum(*s) || *s == '.' || *s == '/') s++;
+ if (*s) error_exit("salt not in [./A-Za-z0-9]");
+
+ snprintf(salt+i, sizeof(salt)-i, "%s", TT.salt);
}
- if (toys.optflags & FLAG_P) {
- if (dup2(TT.pfd, STDIN_FILENO) == -1) perror_exit("fd");
+ // Because read_password() doesn't have an fd argument
+ if (TT.pfd) {
+ if (dup2(TT.pfd, 0) == -1) perror_exit("fd");
close(TT.pfd);
}
- if (!toys.optc) {
- if (isatty(STDIN_FILENO)) {
+ // If we haven't got a password on the command line, read it from tty or FD
+ if (!*toys.optargs) {
+ // Prompt and read interactively?
+ if (isatty(0)) {
if (read_password(toybuf, sizeof(toybuf), "Password: "))
perror_exit("password read failed");
} else {
- // read from the given FD
- int i = 0;
- while (1) {
- int ret = read(0, &toybuf[i], 1);
- if ( ret < 0 ) perror_exit("password read failed");
- else if (ret == 0 || toybuf[i] == '\n' || toybuf[i] == '\r' ||
- sizeof(toybuf) == i+1) {
- toybuf[i] = '\0';
- break;
- }
- i++;
+ for (i = 0; i<sizeof(toybuf)-1; i++) {
+ if (!xread(0, toybuf+i, 1)) break;
+ if (toybuf[i] == '\n' || toybuf[i] == '\r') break;
}
+ toybuf[i] = 0;
}
- } else snprintf(toybuf, sizeof(toybuf), "%s", toys.optargs[0]);
+ }
// encrypt & print the password
- xprintf("%s\n",crypt(toybuf, salt));
+ xprintf("%s\n",crypt(*toys.optargs ? *toys.optargs : toybuf, salt));
}