shadow/lib/encrypt.c

/*
 * Copyright (c) 1990 - 1993, Julianne Frances Haugh
 * Copyright (c) 1996 - 2000, Marek Michałkiewicz
 * Copyright (c) 2005       , Tomasz Kłoczko
 * Copyright (c) 2007 - 2010, Nicolas François
 * All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 * 1. Redistributions of source code must retain the above copyright
 *    notice, this list of conditions and the following disclaimer.
 * 2. Redistributions in binary form must reproduce the above copyright
 *    notice, this list of conditions and the following disclaimer in the
 *    documentation and/or other materials provided with the distribution.
 * 3. The name of the copyright holders or contributors may not be used to
 *    endorse or promote products derived from this software without
 *    specific prior written permission.
 *
 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
 * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
 * PARTICULAR PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE COPYRIGHT
 * HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
 * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 */

#include <config.h>

#ident "$Id$"

#include <unistd.h>
#include <stdio.h>

#include "prototypes.h"
#include "defines.h"

/*@exposed@*/char *pw_encrypt (const char *clear, const char *salt)
{
	static char cipher[128];
	char *cp;

	cp = crypt (clear, salt);
	if (!cp) {
		/*
		 * Single Unix Spec: crypt() may return a null pointer,
		 * and set errno to indicate an error.  The caller doesn't
		 * expect us to return NULL, so...
		 */
		perror ("crypt");
		exit (EXIT_FAILURE);
	}

	/* The GNU crypt does not return NULL if the algorithm is not
	 * supported, and return a DES encrypted password. */
	if ((NULL != salt) && (salt[0] == '$') && (strlen (cp) <= 13))
	{
		/*@observer@*/const char *method;
		switch (salt[1])
		{
			case '1':
				method = "MD5";
				break;
			case '5':
				method = "SHA256";
				break;
			case '6':
				method = "SHA512";
				break;
			default:
			{
				static char nummethod[4] = "$x$";
				nummethod[1] = salt[1];
				method = &nummethod[0];
			}
		}
		(void) fprintf (stderr,
		                _("crypt method not supported by libcrypt? (%s)\n"),
		                method);
		exit (EXIT_FAILURE);
	}

	if (strlen (cp) != 13) {
		return cp;	/* nonstandard crypt() in libc, better bail out */
	}

	strcpy (cipher, cp);

	return cipher;
}
[svn-upgrade] Integrating new upstream version, shadow (19990709) 2007-10-07 17:14:02 +05:30			`/*`
Make sure every source files are distributed with a copyright and license. Files with no license use the default 3-clauses BSD license. The copyright were mostly not recorded; they were updated according to the Changelog. "Julianne Frances Haugh and contributors" changed to "copyright holders and contributors". 2008-04-27 06:10:09 +05:30			`* Copyright (c) 1990 - 1993, Julianne Frances Haugh`
			`* Copyright (c) 1996 - 2000, Marek Michałkiewicz`
			`* Copyright (c) 2005 , Tomasz Kłoczko`
Updated copyrights. 2010-08-22 18:34:54 +05:30			`* Copyright (c) 2007 - 2010, Nicolas François`
[svn-upgrade] Integrating new upstream version, shadow (19990709) 2007-10-07 17:14:02 +05:30			`* All rights reserved.`
			`*`
			`* Redistribution and use in source and binary forms, with or without`
			`* modification, are permitted provided that the following conditions`
			`* are met:`
			`* 1. Redistributions of source code must retain the above copyright`
			`* notice, this list of conditions and the following disclaimer.`
			`* 2. Redistributions in binary form must reproduce the above copyright`
			`* notice, this list of conditions and the following disclaimer in the`
			`* documentation and/or other materials provided with the distribution.`
Make sure every source files are distributed with a copyright and license. Files with no license use the default 3-clauses BSD license. The copyright were mostly not recorded; they were updated according to the Changelog. "Julianne Frances Haugh and contributors" changed to "copyright holders and contributors". 2008-04-27 06:10:09 +05:30			`* 3. The name of the copyright holders or contributors may not be used to`
			`* endorse or promote products derived from this software without`
			`* specific prior written permission.`
[svn-upgrade] Integrating new upstream version, shadow (19990709) 2007-10-07 17:14:02 +05:30			`*`
Make sure every source files are distributed with a copyright and license. Files with no license use the default 3-clauses BSD license. The copyright were mostly not recorded; they were updated according to the Changelog. "Julianne Frances Haugh and contributors" changed to "copyright holders and contributors". 2008-04-27 06:10:09 +05:30			`* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS`
			* ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
			`* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A`
			`* PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT`
			`* HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,`
			`* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT`
			`* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,`
			`* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY`
			`* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT`
			`* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE`
			`* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.`
[svn-upgrade] Integrating new upstream version, shadow (19990709) 2007-10-07 17:14:02 +05:30			`*/`

			`#include <config.h>`

Added the subversion svn:keywords property (Id) for proper identification. 2007-11-11 05:16:11 +05:30			`#ident "$Id$"`
[svn-upgrade] Integrating new upstream version, shadow (4.0.13) 2007-10-07 17:17:01 +05:30
[svn-upgrade] Integrating new upstream version, shadow (4.0.8) 2007-10-07 17:16:07 +05:30			`#include <unistd.h>`
Fix build failures with --disable-shadowgrp. Thanks to Jürgen Daubert for the patch. * libmisc/salt.c: Include <stdio.h>, needed for stderr and printf functions. * lib/encrypt.c: Include <stdio.h>, needed for perror, stderr and printf functions * src/usermod.c: sgr_locked exists only if SHADOWGRP is defined. * src/chgpasswd.c: Only check is the gshadow file exists if SHADOWGRP is defined. 2008-01-26 23:11:20 +05:30			`#include <stdio.h>`

[svn-upgrade] Integrating new upstream version, shadow (19990709) 2007-10-07 17:14:02 +05:30			`#include "prototypes.h"`
			`#include "defines.h"`
Fix build failures with --disable-shadowgrp. Thanks to Jürgen Daubert for the patch. * libmisc/salt.c: Include <stdio.h>, needed for stderr and printf functions. * lib/encrypt.c: Include <stdio.h>, needed for perror, stderr and printf functions * src/usermod.c: sgr_locked exists only if SHADOWGRP is defined. * src/chgpasswd.c: Only check is the gshadow file exists if SHADOWGRP is defined. 2008-01-26 23:11:20 +05:30
* libmisc/obscure.c, lib/prototypes.h (obscure): Return a bool instead of an int. * libmisc/obscure.c, libmisc/tz.c, src/passwd.c, lib/encrypt.c, libmisc/copydir.c, lib/prototypes.h: Add splint annotations. * libmisc/tz.c: Fix some const issues. * libmisc/tz.c: Avoid multi-statements lines. * libmisc/tz.c: Add brackets. * libmisc/copydir.c: Do not check printf/puts return value. * libmisc/copydir.c: Fail if we cannot set or reset the SELinux fscreate context. * libmisc/copydir.c: Use xmalloc instead of malloc. * libmisc/copydir.c: Do not check lutimes return value * src/vipw.c: Avoid implicit conversion of integer to boolean. * src/su.c (iswheel): Return a bool instead of an int. * src/passwd.c: Remove insert_crypt_passwd(). Use xstrdup instead. * src/passwd.c: Return constant strings when sufficient. * src/passwd.c: Do not check printf/puts return value. * src/passwd.c: Avoid implicit conversion of character to boolean. * src/passwd.c: Do not check sleep return value. * src/sulogin.c: Do not check printf/puts return value. * lib/encrypt.c: Do not check fprintf return value. 2010-08-22 18:19:07 +05:30			`/@exposed@/char pw_encrypt (const char clear, const char *salt)`
[svn-upgrade] Integrating new upstream version, shadow (19990709) 2007-10-07 17:14:02 +05:30			`{`
[svn-upgrade] Integrating new upstream version, shadow (4.0.8) 2007-10-07 17:16:07 +05:30			`static char cipher[128];`
			`char *cp;`
[svn-upgrade] Integrating new upstream version, shadow (19990709) 2007-10-07 17:14:02 +05:30
[svn-upgrade] Integrating new upstream version, shadow (4.0.9) 2007-10-07 17:16:16 +05:30			`cp = crypt (clear, salt);`
[svn-upgrade] Integrating new upstream version, shadow (19990709) 2007-10-07 17:14:02 +05:30			`if (!cp) {`
			`/*`
			`* Single Unix Spec: crypt() may return a null pointer,`
			`* and set errno to indicate an error. The caller doesn't`
			`* expect us to return NULL, so...`
			`*/`
[svn-upgrade] Integrating new upstream version, shadow (4.0.8) 2007-10-07 17:16:07 +05:30			`perror ("crypt");`
* lib/exitcodes.h: Define E_SUCCESS as EXIT_SUCCESS. Added FIXMEs. * libmisc/chowntty.c, libmisc/rlogin.c, libmisc/sub.c, src/newusers.c, libmisc/sulog.c, libmisc/system.c, src/logoutd.c, src/groups.c, src/id.c, lib/encrypt.c, libmisc/audit_help.c, libmisc/limits.c: Return EXIT_FAILURE instead of 1, and EXIT_SUCCESS instead of 0. * libmisc/audit_help.c: Replace an fprintf() by fputs(). * libmisc/audit_help.c: Remove documentation of the audit_logger returned values. The function returns void. * libmisc/system.c: Only return status if waitpid succeeded. Return -1 otherwise. 2009-05-01 02:38:49 +05:30			`exit (EXIT_FAILURE);`
[svn-upgrade] Integrating new upstream version, shadow (19990709) 2007-10-07 17:14:02 +05:30			`}`
If we requested a non DES encryption, make sure crypt returned a encrypted password longer than 13 chars. This protects against the GNU crypt() which does not return NULL if the algorithm is not supported, and return a DES encrypted password. 2007-11-24 06:07:37 +05:30
			`/* The GNU crypt does not return NULL if the algorithm is not`
			`* supported, and return a DES encrypted password. */`
* lib/encrypt.c: Avoid implicit conversion of pointers to booleans. * lib/encrypt.c: Add parenthesis. 2008-05-26 06:37:13 +05:30			`if ((NULL != salt) && (salt[0] == '$') && (strlen (cp) <= 13))`
If we requested a non DES encryption, make sure crypt returned a encrypted password longer than 13 chars. This protects against the GNU crypt() which does not return NULL if the algorithm is not supported, and return a DES encrypted password. 2007-11-24 06:07:37 +05:30			`{`
* libmisc/obscure.c, lib/prototypes.h (obscure): Return a bool instead of an int. * libmisc/obscure.c, libmisc/tz.c, src/passwd.c, lib/encrypt.c, libmisc/copydir.c, lib/prototypes.h: Add splint annotations. * libmisc/tz.c: Fix some const issues. * libmisc/tz.c: Avoid multi-statements lines. * libmisc/tz.c: Add brackets. * libmisc/copydir.c: Do not check printf/puts return value. * libmisc/copydir.c: Fail if we cannot set or reset the SELinux fscreate context. * libmisc/copydir.c: Use xmalloc instead of malloc. * libmisc/copydir.c: Do not check lutimes return value * src/vipw.c: Avoid implicit conversion of integer to boolean. * src/su.c (iswheel): Return a bool instead of an int. * src/passwd.c: Remove insert_crypt_passwd(). Use xstrdup instead. * src/passwd.c: Return constant strings when sufficient. * src/passwd.c: Do not check printf/puts return value. * src/passwd.c: Avoid implicit conversion of character to boolean. * src/passwd.c: Do not check sleep return value. * src/sulogin.c: Do not check printf/puts return value. * lib/encrypt.c: Do not check fprintf return value. 2010-08-22 18:19:07 +05:30			`/@observer@/const char *method;`
If we requested a non DES encryption, make sure crypt returned a encrypted password longer than 13 chars. This protects against the GNU crypt() which does not return NULL if the algorithm is not supported, and return a DES encrypted password. 2007-11-24 06:07:37 +05:30			`switch (salt[1])`
			`{`
			`case '1':`
			`method = "MD5";`
			`break;`
			`case '5':`
			`method = "SHA256";`
			`break;`
			`case '6':`
			`method = "SHA512";`
			`break;`
			`default:`
Set the method string as a constant string. 2008-01-06 19:19:00 +05:30			`{`
			`static char nummethod[4] = "$x$";`
			`nummethod[1] = salt[1];`
			`method = &nummethod[0];`
			`}`
If we requested a non DES encryption, make sure crypt returned a encrypted password longer than 13 chars. This protects against the GNU crypt() which does not return NULL if the algorithm is not supported, and return a DES encrypted password. 2007-11-24 06:07:37 +05:30			`}`
* libmisc/obscure.c, lib/prototypes.h (obscure): Return a bool instead of an int. * libmisc/obscure.c, libmisc/tz.c, src/passwd.c, lib/encrypt.c, libmisc/copydir.c, lib/prototypes.h: Add splint annotations. * libmisc/tz.c: Fix some const issues. * libmisc/tz.c: Avoid multi-statements lines. * libmisc/tz.c: Add brackets. * libmisc/copydir.c: Do not check printf/puts return value. * libmisc/copydir.c: Fail if we cannot set or reset the SELinux fscreate context. * libmisc/copydir.c: Use xmalloc instead of malloc. * libmisc/copydir.c: Do not check lutimes return value * src/vipw.c: Avoid implicit conversion of integer to boolean. * src/su.c (iswheel): Return a bool instead of an int. * src/passwd.c: Remove insert_crypt_passwd(). Use xstrdup instead. * src/passwd.c: Return constant strings when sufficient. * src/passwd.c: Do not check printf/puts return value. * src/passwd.c: Avoid implicit conversion of character to boolean. * src/passwd.c: Do not check sleep return value. * src/sulogin.c: Do not check printf/puts return value. * lib/encrypt.c: Do not check fprintf return value. 2010-08-22 18:19:07 +05:30			`(void) fprintf (stderr,`
			`_("crypt method not supported by libcrypt? (%s)\n"),`
			`method);`
* lib/exitcodes.h: Define E_SUCCESS as EXIT_SUCCESS. Added FIXMEs. * libmisc/chowntty.c, libmisc/rlogin.c, libmisc/sub.c, src/newusers.c, libmisc/sulog.c, libmisc/system.c, src/logoutd.c, src/groups.c, src/id.c, lib/encrypt.c, libmisc/audit_help.c, libmisc/limits.c: Return EXIT_FAILURE instead of 1, and EXIT_SUCCESS instead of 0. * libmisc/audit_help.c: Replace an fprintf() by fputs(). * libmisc/audit_help.c: Remove documentation of the audit_logger returned values. The function returns void. * libmisc/system.c: Only return status if waitpid succeeded. Return -1 otherwise. 2009-05-01 02:38:49 +05:30			`exit (EXIT_FAILURE);`
If we requested a non DES encryption, make sure crypt returned a encrypted password longer than 13 chars. This protects against the GNU crypt() which does not return NULL if the algorithm is not supported, and return a DES encrypted password. 2007-11-24 06:07:37 +05:30			`}`

* lib/exitcodes.h: Define E_SUCCESS as EXIT_SUCCESS. Added FIXMEs. * libmisc/chowntty.c, libmisc/rlogin.c, libmisc/sub.c, src/newusers.c, libmisc/sulog.c, libmisc/system.c, src/logoutd.c, src/groups.c, src/id.c, lib/encrypt.c, libmisc/audit_help.c, libmisc/limits.c: Return EXIT_FAILURE instead of 1, and EXIT_SUCCESS instead of 0. * libmisc/audit_help.c: Replace an fprintf() by fputs(). * libmisc/audit_help.c: Remove documentation of the audit_logger returned values. The function returns void. * libmisc/system.c: Only return status if waitpid succeeded. Return -1 otherwise. 2009-05-01 02:38:49 +05:30			`if (strlen (cp) != 13) {`
[svn-upgrade] Integrating new upstream version, shadow (4.0.8) 2007-10-07 17:16:07 +05:30			`return cp; /* nonstandard crypt() in libc, better bail out */`
* lib/exitcodes.h: Define E_SUCCESS as EXIT_SUCCESS. Added FIXMEs. * libmisc/chowntty.c, libmisc/rlogin.c, libmisc/sub.c, src/newusers.c, libmisc/sulog.c, libmisc/system.c, src/logoutd.c, src/groups.c, src/id.c, lib/encrypt.c, libmisc/audit_help.c, libmisc/limits.c: Return EXIT_FAILURE instead of 1, and EXIT_SUCCESS instead of 0. * libmisc/audit_help.c: Replace an fprintf() by fputs(). * libmisc/audit_help.c: Remove documentation of the audit_logger returned values. The function returns void. * libmisc/system.c: Only return status if waitpid succeeded. Return -1 otherwise. 2009-05-01 02:38:49 +05:30			`}`

[svn-upgrade] Integrating new upstream version, shadow (4.0.8) 2007-10-07 17:16:07 +05:30			`strcpy (cipher, cp);`
[svn-upgrade] Integrating new upstream version, shadow (19990709) 2007-10-07 17:14:02 +05:30
			`return cipher;`
			`}`
* lib/encrypt.c: Avoid implicit conversion of pointers to booleans. * lib/encrypt.c: Add parenthesis. 2008-05-26 06:37:13 +05:30