diff options
-rw-r--r-- | lib/lib.h | 3 | ||||
-rw-r--r-- | lib/password.c | 76 | ||||
-rw-r--r-- | lib/pending.h | 1 | ||||
-rw-r--r-- | toys/pending/mkpasswd.c | 83 |
4 files changed, 70 insertions, 93 deletions
@@ -165,6 +165,9 @@ int human_readable(char *buf, unsigned long long num); // net.c int xsocket(int domain, int type, int protocol); +// password.c +int get_salt(char *salt, char * algo); + // getmountlist.c struct mtab_list { struct mtab_list *next, *prev; diff --git a/lib/password.c b/lib/password.c index 930e9c36..76f00436 100644 --- a/lib/password.c +++ b/lib/password.c @@ -6,48 +6,48 @@ #include "toys.h" #include <time.h> +// generate appropriate random salt string for given encryption algorithm. int get_salt(char *salt, char *algo) { - int i, len = 0, offset = 0; - char buf[12]; - - if (!strcmp(algo,"des")) len = 2; - else { - *salt++ = '$'; - if (!strcmp(algo,"md5")) { - *salt++ = '1'; - len = 8; - } else if (!strcmp(algo,"sha256")) { - *salt++ = '5'; - len = 16; - } else if (!strcmp(algo,"sha512")) { - *salt++ = '6'; - len = 16; - } else return -1; - - *salt++ = '$'; - offset = 3; - } - - // Read appropriate number of random bytes for salt - i = xopen("/dev/urandom", O_RDONLY); - xreadall(i, buf, ((len*6)+7)/8); - close(i); - - // Grab 6 bit chunks and convert to characters in ./0-9a-zA-Z - for (i=0; i<len; i++) { - int bitpos = i*6, bits = bitpos/8; - - bits = ((buf[i]+(buf[i+1]<<8)) >> (bitpos&7)) & 0x3f; - bits += 46; - if (bits > 57) bits += 7; - if (bits > 90) bits += 6; - - salt[i] = bits; + struct { + char *type, id, len; + } al[] = {{"des", 0, 2}, {"md5", 1, 8}, {"sha256", 5, 16}, {"sha512", 6, 16}}; + int i; + + for (i = 0; i < ARRAY_LEN(al); i++) { + if (!strcmp(algo, al[i].type)) { + int len = al[i].len; + char *s = salt; + + if (al[i].id) { + *s++ = '$'; + *s++ = '0'+al[i].id; + } + *s++ = '$'; + + // Read appropriate number of random bytes for salt + i = xopen("/dev/urandom", O_RDONLY); + xreadall(i, libbuf, ((len*6)+7)/8); + close(i); + + // Grab 6 bit chunks and convert to characters in ./0-9a-zA-Z + for (i=0; i<len; i++) { + int bitpos = i*6, bits = bitpos/8; + + bits = ((libbuf[i]+(libbuf[i+1]<<8)) >> (bitpos&7)) & 0x3f; + bits += 46; + if (bits > 57) bits += 7; + if (bits > 90) bits += 6; + + s[i] = bits; + } + salt[len] = 0; + + return s-salt; + } } - salt[i] = 0; - return offset; + return -1; } static void handle(int signo) diff --git a/lib/pending.h b/lib/pending.h index aa31ea9e..c99a9f17 100644 --- a/lib/pending.h +++ b/lib/pending.h @@ -4,7 +4,6 @@ #define MAX_SALT_LEN 20 //3 for id, 16 for key, 1 for '\0' #define SYS_FIRST_ID 100 #define SYS_LAST_ID 999 -int get_salt(char *salt, char * algo); void is_valid_username(const char *name); int read_password(char * buff, int buflen, char* mesg); int update_password(char *filename, char* username, char* encrypted); diff --git a/toys/pending/mkpasswd.c b/toys/pending/mkpasswd.c index a46c514c..4e6f063e 100644 --- a/toys/pending/mkpasswd.c +++ b/toys/pending/mkpasswd.c @@ -11,12 +11,12 @@ config MKPASSWD bool "mkpasswd" default n help - usage: mkpasswd [OPTIONS] [PASSWORD] [SALT] + usage: mkpasswd [-P FD] [-m TYPE] [-S SALT] [PASSWORD] [SALT] Crypt PASSWORD using crypt(3) - -P N Read password from fd N - -m TYPE Encryption method, when TYPE='help', then show the methods available + -P FD Read password from file descriptor FD + -m TYPE Encryption method (des, md5, sha256, or sha512; default is des) -S SALT */ @@ -29,74 +29,49 @@ GLOBALS( char *salt; ) - -/* - * validate the salt provided by user. - * the allowed character set for salt is [./A-Za-z0-9] - */ -static void is_salt_valid(char *salt) -{ - regex_t rp; - regmatch_t rm[1]; - char *regex = "[./A-Za-z0-9]*"; //salt REGEX - - xregcomp(&rp, regex, REG_NEWLINE); - - /* compare string against pattern -- remember that patterns - are anchored to the beginning of the line */ - if (regexec(&rp, salt, 1, rm, 0) == 0 && rm[0].rm_so == 0 - && rm[0].rm_eo == strlen(salt)) - return; - - error_exit("salt should be in character set [./A-Za-z0-9]"); -} - void mkpasswd_main(void) { - int offset = 0; char salt[MAX_SALT_LEN] = {0,}; + int i; - if (!(toys.optflags & FLAG_m)) TT.method = "des"; - else if (!strcmp(TT.method, "help")) { - xprintf("Available encryption methods are:\n" - " des\n md5\n sha256\n sha512\n"); - return; + if (!TT.method) TT.method = "des"; + if (toys.optc == 2) { + if (TT.salt) error_exit("duplicate salt"); + TT.salt = toys.optargs[1]; } - // If arguments are there, then the second argument is Salt, can be NULL also - if ((toys.optc == 2) && !(toys.optflags & FLAG_S)) TT.salt = toys.optargs[1]; - offset= get_salt(salt, TT.method); - if (offset == -1) error_exit("unknown encryption method"); + if (-1 == (i = get_salt(salt, TT.method))) error_exit("bad -m"); if (TT.salt) { - is_salt_valid(TT.salt); - snprintf(salt + offset, MAX_SALT_LEN - offset, "%s", TT.salt); + char *s = TT.salt; + + // In C locale, isalnum() means [A-Za-Z0-0] + while (isalnum(*s) || *s == '.' || *s == '/') s++; + if (*s) error_exit("salt not in [./A-Za-z0-9]"); + + snprintf(salt+i, sizeof(salt)-i, "%s", TT.salt); } - if (toys.optflags & FLAG_P) { - if (dup2(TT.pfd, STDIN_FILENO) == -1) perror_exit("fd"); + // Because read_password() doesn't have an fd argument + if (TT.pfd) { + if (dup2(TT.pfd, 0) == -1) perror_exit("fd"); close(TT.pfd); } - if (!toys.optc) { - if (isatty(STDIN_FILENO)) { + // If we haven't got a password on the command line, read it from tty or FD + if (!*toys.optargs) { + // Prompt and read interactively? + if (isatty(0)) { if (read_password(toybuf, sizeof(toybuf), "Password: ")) perror_exit("password read failed"); } else { - // read from the given FD - int i = 0; - while (1) { - int ret = read(0, &toybuf[i], 1); - if ( ret < 0 ) perror_exit("password read failed"); - else if (ret == 0 || toybuf[i] == '\n' || toybuf[i] == '\r' || - sizeof(toybuf) == i+1) { - toybuf[i] = '\0'; - break; - } - i++; + for (i = 0; i<sizeof(toybuf)-1; i++) { + if (!xread(0, toybuf+i, 1)) break; + if (toybuf[i] == '\n' || toybuf[i] == '\r') break; } + toybuf[i] = 0; } - } else snprintf(toybuf, sizeof(toybuf), "%s", toys.optargs[0]); + } // encrypt & print the password - xprintf("%s\n",crypt(toybuf, salt)); + xprintf("%s\n",crypt(*toys.optargs ? *toys.optargs : toybuf, salt)); } |