2007-10-07 17:14:02 +05:30
|
|
|
/*
|
|
|
|
* salt.c - generate a random salt string for crypt()
|
|
|
|
*
|
|
|
|
* Written by Marek Michalkiewicz <marekm@i17linuxb.ists.pwr.wroc.pl>,
|
2008-04-27 06:10:09 +05:30
|
|
|
* it is in the public domain.
|
2007-11-16 18:06:21 +05:30
|
|
|
*
|
|
|
|
* l64a was Written by J.T. Conklin <jtc@netbsd.org>. Public domain.
|
2007-10-07 17:14:02 +05:30
|
|
|
*/
|
|
|
|
|
|
|
|
#include <config.h>
|
|
|
|
|
2007-11-11 05:16:11 +05:30
|
|
|
#ident "$Id$"
|
2007-10-07 17:17:01 +05:30
|
|
|
|
2007-10-07 17:16:07 +05:30
|
|
|
#include <sys/time.h>
|
|
|
|
#include <stdlib.h>
|
2008-01-26 23:11:20 +05:30
|
|
|
#include <stdio.h>
|
2007-11-24 02:21:43 +05:30
|
|
|
#include <assert.h>
|
2007-10-07 17:14:02 +05:30
|
|
|
#include "prototypes.h"
|
|
|
|
#include "defines.h"
|
|
|
|
#include "getdef.h"
|
2007-11-16 18:06:21 +05:30
|
|
|
|
2008-01-06 20:20:26 +05:30
|
|
|
/* local function prototypes */
|
2008-02-03 22:53:58 +05:30
|
|
|
static void seedRNG (void);
|
* libmisc/xgetXXbyYY.c, libmisc/myname.c, libmisc/getgr_nam_gid.c,
libmisc/salt.c, libmisc/list.c, libmisc/cleanup.c, src/login.c,
lib/getdef.h, lib/groupio.c, lib/getlong.c, lib/gshadow_.h,
lib/sgroupio.c, lib/shadowio.c, lib/pwio.c, lib/commonio.h,
lib/fputsx.c, lib/prototypes.h: Added splint annotations.
* lib/groupio.c: Avoid implicit conversion of pointers to
booleans.
* lib/groupio.c: Free allocated buffers in case of failure.
2009-04-23 15:27:03 +05:30
|
|
|
static /*@observer@*/const char *gensalt (size_t salt_size);
|
2019-09-17 00:24:56 +05:30
|
|
|
#if defined(USE_SHA_CRYPT) || defined(USE_BCRYPT)
|
2013-08-13 22:46:24 +05:30
|
|
|
static long shadow_random (long min, long max);
|
2019-09-17 00:24:56 +05:30
|
|
|
#endif /* USE_SHA_CRYPT || USE_BCRYPT */
|
|
|
|
#ifdef USE_SHA_CRYPT
|
* libmisc/xgetXXbyYY.c, libmisc/myname.c, libmisc/getgr_nam_gid.c,
libmisc/salt.c, libmisc/list.c, libmisc/cleanup.c, src/login.c,
lib/getdef.h, lib/groupio.c, lib/getlong.c, lib/gshadow_.h,
lib/sgroupio.c, lib/shadowio.c, lib/pwio.c, lib/commonio.h,
lib/fputsx.c, lib/prototypes.h: Added splint annotations.
* lib/groupio.c: Avoid implicit conversion of pointers to
booleans.
* lib/groupio.c: Free allocated buffers in case of failure.
2009-04-23 15:27:03 +05:30
|
|
|
static /*@observer@*/const char *SHA_salt_rounds (/*@null@*/int *prefered_rounds);
|
2008-05-20 02:26:48 +05:30
|
|
|
#endif /* USE_SHA_CRYPT */
|
2019-09-17 00:24:56 +05:30
|
|
|
#ifdef USE_BCRYPT
|
|
|
|
static /*@observer@*/const char *gensalt_bcrypt (void);
|
|
|
|
static /*@observer@*/const char *BCRYPT_salt_rounds (/*@null@*/int *prefered_rounds);
|
|
|
|
#endif /* USE_BCRYPT */
|
2020-12-28 01:39:25 +05:30
|
|
|
#ifdef USE_YESCRYPT
|
|
|
|
static /*@observer@*/const char *gensalt_yescrypt (void);
|
|
|
|
static /*@observer@*/const char *YESCRYPT_salt_cost (/*@null@*/long *prefered_rounds);
|
|
|
|
#endif /* USE_YESCRYPT */
|
2008-01-06 20:20:26 +05:30
|
|
|
|
|
|
|
#ifndef HAVE_L64A
|
* libmisc/xgetXXbyYY.c, libmisc/myname.c, libmisc/getgr_nam_gid.c,
libmisc/salt.c, libmisc/list.c, libmisc/cleanup.c, src/login.c,
lib/getdef.h, lib/groupio.c, lib/getlong.c, lib/gshadow_.h,
lib/sgroupio.c, lib/shadowio.c, lib/pwio.c, lib/commonio.h,
lib/fputsx.c, lib/prototypes.h: Added splint annotations.
* lib/groupio.c: Avoid implicit conversion of pointers to
booleans.
* lib/groupio.c: Free allocated buffers in case of failure.
2009-04-23 15:27:03 +05:30
|
|
|
static /*@observer@*/char *l64a(long value)
|
2007-11-16 18:06:21 +05:30
|
|
|
{
|
|
|
|
static char buf[8];
|
|
|
|
char *s = buf;
|
|
|
|
int digit;
|
|
|
|
int i;
|
|
|
|
|
|
|
|
if (value < 0) {
|
|
|
|
errno = EINVAL;
|
|
|
|
return(NULL);
|
|
|
|
}
|
|
|
|
|
|
|
|
for (i = 0; value != 0 && i < 6; i++) {
|
|
|
|
digit = value & 0x3f;
|
|
|
|
|
2008-06-14 01:07:15 +05:30
|
|
|
if (digit < 2) {
|
2007-11-16 18:06:21 +05:30
|
|
|
*s = digit + '.';
|
2008-06-14 01:07:15 +05:30
|
|
|
} else if (digit < 12) {
|
2007-11-16 18:06:21 +05:30
|
|
|
*s = digit + '0' - 2;
|
2008-06-14 01:07:15 +05:30
|
|
|
} else if (digit < 38) {
|
2007-11-16 18:06:21 +05:30
|
|
|
*s = digit + 'A' - 12;
|
2008-06-14 01:07:15 +05:30
|
|
|
} else {
|
2007-11-16 18:06:21 +05:30
|
|
|
*s = digit + 'a' - 38;
|
2008-06-14 01:07:15 +05:30
|
|
|
}
|
2007-11-16 18:06:21 +05:30
|
|
|
|
|
|
|
value >>= 6;
|
|
|
|
s++;
|
|
|
|
}
|
|
|
|
|
|
|
|
*s = '\0';
|
|
|
|
|
|
|
|
return(buf);
|
|
|
|
}
|
|
|
|
#endif /* !HAVE_L64A */
|
|
|
|
|
2008-02-03 22:53:58 +05:30
|
|
|
static void seedRNG (void)
|
|
|
|
{
|
|
|
|
struct timeval tv;
|
|
|
|
static int seeded = 0;
|
|
|
|
|
|
|
|
if (0 == seeded) {
|
2009-04-25 04:19:20 +05:30
|
|
|
(void) gettimeofday (&tv, NULL);
|
|
|
|
srandom (tv.tv_sec ^ tv.tv_usec ^ getpid ());
|
2008-02-03 22:53:58 +05:30
|
|
|
seeded = 1;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2007-10-07 17:14:02 +05:30
|
|
|
/*
|
2007-11-20 05:35:54 +05:30
|
|
|
* Add the salt prefix.
|
2007-10-07 17:14:02 +05:30
|
|
|
*/
|
2007-11-24 02:21:43 +05:30
|
|
|
#define MAGNUM(array,ch) (array)[0]=(array)[2]='$',(array)[1]=(ch),(array)[3]='\0'
|
2019-09-17 00:24:56 +05:30
|
|
|
#ifdef USE_BCRYPT
|
|
|
|
/*
|
|
|
|
* Using the Prefix $2a$ to enable an anti-collision safety measure in musl libc.
|
|
|
|
* Negatively affects a subset of passwords containing the '\xff' character,
|
|
|
|
* which is not valid UTF-8 (so "unlikely to cause much annoyance").
|
|
|
|
*/
|
|
|
|
#define BCRYPTMAGNUM(array) (array)[0]=(array)[3]='$',(array)[1]='2',(array)[2]='a',(array)[4]='\0'
|
|
|
|
#endif /* USE_BCRYPT */
|
2007-11-20 03:44:19 +05:30
|
|
|
|
2019-09-17 00:24:56 +05:30
|
|
|
#if defined(USE_SHA_CRYPT) || defined(USE_BCRYPT)
|
2013-08-05 17:49:23 +05:30
|
|
|
/* It is not clear what is the maximum value of random().
|
|
|
|
* We assume 2^31-1.*/
|
|
|
|
#define RANDOM_MAX 0x7FFFFFFF
|
|
|
|
|
2007-11-20 05:35:54 +05:30
|
|
|
/*
|
2013-08-05 17:49:23 +05:30
|
|
|
* Return a random number between min and max (both included).
|
|
|
|
*
|
|
|
|
* It favors slightly the higher numbers.
|
2007-11-20 05:35:54 +05:30
|
|
|
*/
|
2013-08-13 22:46:24 +05:30
|
|
|
static long shadow_random (long min, long max)
|
2007-11-20 05:35:54 +05:30
|
|
|
{
|
2013-08-05 17:49:23 +05:30
|
|
|
double drand;
|
2013-08-13 22:46:24 +05:30
|
|
|
long ret;
|
*** security:
- generation of SHA encrypted passwords (chpasswd, gpasswd, newusers,
chgpasswd; and also passwd if configured without PAM support).
The number of rounds and number of salt bytes was fixed to their lower
allowed values (resp. configurable and 8), hence voiding some of the
advantages of this encryption method. Dictionary attacks with
precomputed tables were easier than expected, but still harder than with
the MD5 (or DES) methods.
* NEWS, libmisc/salt.c (SHA_salt_size): Seed the RNG, and fix a
overflow. These caused the SHA salt size to always be 8 bytes,
instead of being in the 8-16 range. Thanks to Peter Vrabec
pvrabec@redhat.com for noticing.
* NEWS, libmisc/salt.c (SHA_salt_rounds): Seed the RNG with
seedRNG instead of srand, and fix the same overflow. This caused
the number of rounds to always be the smallest one.
2008-05-20 19:04:06 +05:30
|
|
|
seedRNG ();
|
2013-08-05 17:49:23 +05:30
|
|
|
drand = (double) (max - min + 1) * random () / RANDOM_MAX;
|
|
|
|
/* On systems were this is not random() range is lower, we favor
|
|
|
|
* higher numbers of salt. */
|
2013-08-13 22:46:24 +05:30
|
|
|
ret = (long) (max + 1 - drand);
|
2013-08-05 17:49:23 +05:30
|
|
|
/* And we catch limits, and use the highest number */
|
|
|
|
if ((ret < min) || (ret > max)) {
|
|
|
|
ret = max;
|
|
|
|
}
|
|
|
|
return ret;
|
2007-11-20 05:35:54 +05:30
|
|
|
}
|
2019-09-17 00:24:56 +05:30
|
|
|
#endif /* USE_SHA_CRYPT || USE_BCRYPT */
|
2007-11-20 05:35:54 +05:30
|
|
|
|
2019-09-17 00:24:56 +05:30
|
|
|
#ifdef USE_SHA_CRYPT
|
2007-11-20 05:35:54 +05:30
|
|
|
/* Default number of rounds if not explicitly specified. */
|
|
|
|
#define ROUNDS_DEFAULT 5000
|
|
|
|
/* Minimum number of rounds. */
|
|
|
|
#define ROUNDS_MIN 1000
|
|
|
|
/* Maximum number of rounds. */
|
|
|
|
#define ROUNDS_MAX 999999999
|
|
|
|
/*
|
|
|
|
* Return a salt prefix specifying the rounds number for the SHA crypt methods.
|
|
|
|
*/
|
* libmisc/xgetXXbyYY.c, libmisc/myname.c, libmisc/getgr_nam_gid.c,
libmisc/salt.c, libmisc/list.c, libmisc/cleanup.c, src/login.c,
lib/getdef.h, lib/groupio.c, lib/getlong.c, lib/gshadow_.h,
lib/sgroupio.c, lib/shadowio.c, lib/pwio.c, lib/commonio.h,
lib/fputsx.c, lib/prototypes.h: Added splint annotations.
* lib/groupio.c: Avoid implicit conversion of pointers to
booleans.
* lib/groupio.c: Free allocated buffers in case of failure.
2009-04-23 15:27:03 +05:30
|
|
|
static /*@observer@*/const char *SHA_salt_rounds (/*@null@*/int *prefered_rounds)
|
2007-11-20 05:35:54 +05:30
|
|
|
{
|
2011-09-19 02:10:50 +05:30
|
|
|
static char rounds_prefix[18]; /* Max size: rounds=999999999$ */
|
2007-11-20 05:35:54 +05:30
|
|
|
long rounds;
|
|
|
|
|
2007-11-20 15:03:52 +05:30
|
|
|
if (NULL == prefered_rounds) {
|
|
|
|
long min_rounds = getdef_long ("SHA_CRYPT_MIN_ROUNDS", -1);
|
|
|
|
long max_rounds = getdef_long ("SHA_CRYPT_MAX_ROUNDS", -1);
|
2007-11-20 05:35:54 +05:30
|
|
|
|
2008-06-14 01:07:15 +05:30
|
|
|
if ((-1 == min_rounds) && (-1 == max_rounds)) {
|
2007-11-20 15:03:52 +05:30
|
|
|
return "";
|
2008-06-14 01:07:15 +05:30
|
|
|
}
|
2007-11-20 05:35:54 +05:30
|
|
|
|
2008-06-14 01:07:15 +05:30
|
|
|
if (-1 == min_rounds) {
|
2007-11-20 15:03:52 +05:30
|
|
|
min_rounds = max_rounds;
|
2008-06-14 01:07:15 +05:30
|
|
|
}
|
2007-11-20 05:35:54 +05:30
|
|
|
|
2008-06-14 01:07:15 +05:30
|
|
|
if (-1 == max_rounds) {
|
2007-11-20 15:03:52 +05:30
|
|
|
max_rounds = min_rounds;
|
2008-06-14 01:07:15 +05:30
|
|
|
}
|
2007-11-20 05:35:54 +05:30
|
|
|
|
2008-06-14 01:07:15 +05:30
|
|
|
if (min_rounds > max_rounds) {
|
2007-11-20 15:03:52 +05:30
|
|
|
max_rounds = min_rounds;
|
2008-06-14 01:07:15 +05:30
|
|
|
}
|
2007-11-20 15:03:52 +05:30
|
|
|
|
2013-08-05 17:49:23 +05:30
|
|
|
rounds = shadow_random (min_rounds, max_rounds);
|
2008-06-14 01:07:15 +05:30
|
|
|
} else if (0 == *prefered_rounds) {
|
2007-11-20 15:03:52 +05:30
|
|
|
return "";
|
2008-06-14 01:07:15 +05:30
|
|
|
} else {
|
2007-11-21 01:30:16 +05:30
|
|
|
rounds = *prefered_rounds;
|
2008-06-14 01:07:15 +05:30
|
|
|
}
|
2007-11-20 05:35:54 +05:30
|
|
|
|
|
|
|
/* Sanity checks. The libc should also check this, but this
|
|
|
|
* protects against a rounds_prefix overflow. */
|
2008-06-14 01:07:15 +05:30
|
|
|
if (rounds < ROUNDS_MIN) {
|
2007-11-20 05:35:54 +05:30
|
|
|
rounds = ROUNDS_MIN;
|
2008-06-14 01:07:15 +05:30
|
|
|
}
|
2007-11-20 05:35:54 +05:30
|
|
|
|
2008-06-14 01:07:15 +05:30
|
|
|
if (rounds > ROUNDS_MAX) {
|
2007-11-20 05:35:54 +05:30
|
|
|
rounds = ROUNDS_MAX;
|
2008-06-14 01:07:15 +05:30
|
|
|
}
|
2007-11-20 05:35:54 +05:30
|
|
|
|
2011-09-19 02:10:50 +05:30
|
|
|
(void) snprintf (rounds_prefix, sizeof rounds_prefix,
|
|
|
|
"rounds=%ld$", rounds);
|
2007-11-20 05:35:54 +05:30
|
|
|
|
|
|
|
return rounds_prefix;
|
|
|
|
}
|
2008-05-20 02:26:48 +05:30
|
|
|
#endif /* USE_SHA_CRYPT */
|
2007-11-20 05:35:54 +05:30
|
|
|
|
2019-09-17 00:24:56 +05:30
|
|
|
#ifdef USE_BCRYPT
|
|
|
|
/* Default number of rounds if not explicitly specified. */
|
|
|
|
#define B_ROUNDS_DEFAULT 13
|
|
|
|
/* Minimum number of rounds. */
|
|
|
|
#define B_ROUNDS_MIN 4
|
|
|
|
/* Maximum number of rounds. */
|
|
|
|
#define B_ROUNDS_MAX 31
|
|
|
|
/*
|
|
|
|
* Return a salt prefix specifying the rounds number for the BCRYPT method.
|
|
|
|
*/
|
|
|
|
static /*@observer@*/const char *BCRYPT_salt_rounds (/*@null@*/int *prefered_rounds)
|
|
|
|
{
|
|
|
|
static char rounds_prefix[4]; /* Max size: 31$ */
|
|
|
|
long rounds;
|
|
|
|
|
|
|
|
if (NULL == prefered_rounds) {
|
|
|
|
long min_rounds = getdef_long ("BCRYPT_MIN_ROUNDS", -1);
|
|
|
|
long max_rounds = getdef_long ("BCRYPT_MAX_ROUNDS", -1);
|
|
|
|
|
|
|
|
if (((-1 == min_rounds) && (-1 == max_rounds)) || (0 == *prefered_rounds)) {
|
|
|
|
rounds = B_ROUNDS_DEFAULT;
|
|
|
|
}
|
|
|
|
else {
|
|
|
|
if (-1 == min_rounds) {
|
|
|
|
min_rounds = max_rounds;
|
|
|
|
}
|
|
|
|
|
|
|
|
if (-1 == max_rounds) {
|
|
|
|
max_rounds = min_rounds;
|
|
|
|
}
|
|
|
|
|
|
|
|
if (min_rounds > max_rounds) {
|
|
|
|
max_rounds = min_rounds;
|
|
|
|
}
|
|
|
|
|
|
|
|
rounds = shadow_random (min_rounds, max_rounds);
|
|
|
|
}
|
|
|
|
} else {
|
|
|
|
rounds = *prefered_rounds;
|
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Sanity checks.
|
|
|
|
* Use 19 as an upper bound for now,
|
|
|
|
* because musl doesn't allow rounds >= 20.
|
|
|
|
*/
|
|
|
|
if (rounds < B_ROUNDS_MIN) {
|
|
|
|
rounds = B_ROUNDS_MIN;
|
|
|
|
}
|
|
|
|
|
|
|
|
if (rounds > 19) {
|
|
|
|
/* rounds = B_ROUNDS_MAX; */
|
|
|
|
rounds = 19;
|
|
|
|
}
|
|
|
|
|
|
|
|
(void) snprintf (rounds_prefix, sizeof rounds_prefix,
|
|
|
|
"%2.2ld$", rounds);
|
|
|
|
|
|
|
|
return rounds_prefix;
|
|
|
|
}
|
|
|
|
|
|
|
|
#define BCRYPT_SALT_SIZE 22
|
|
|
|
/*
|
|
|
|
* Generate a 22 character salt string for bcrypt.
|
|
|
|
*/
|
|
|
|
static /*@observer@*/const char *gensalt_bcrypt (void)
|
|
|
|
{
|
|
|
|
static char salt[32];
|
|
|
|
|
|
|
|
salt[0] = '\0';
|
|
|
|
|
|
|
|
seedRNG ();
|
|
|
|
strcat (salt, l64a (random()));
|
|
|
|
do {
|
|
|
|
strcat (salt, l64a (random()));
|
|
|
|
} while (strlen (salt) < BCRYPT_SALT_SIZE);
|
|
|
|
|
|
|
|
salt[BCRYPT_SALT_SIZE] = '\0';
|
|
|
|
|
|
|
|
return salt;
|
|
|
|
}
|
|
|
|
#endif /* USE_BCRYPT */
|
|
|
|
|
2020-12-28 01:39:25 +05:30
|
|
|
#ifdef USE_YESCRYPT
|
|
|
|
/* Default cost if not explicitly specified. */
|
|
|
|
#define Y_COST_DEFAULT 5
|
|
|
|
/* Minimum cost. */
|
|
|
|
#define Y_COST_MIN 1
|
|
|
|
/* Maximum cost. */
|
|
|
|
#define Y_COST_MAX 11
|
|
|
|
/*
|
|
|
|
* Return a salt prefix specifying the cost for the YESCRYPT method.
|
|
|
|
*/
|
|
|
|
static /*@observer@*/const char *YESCRYPT_salt_cost (/*@null@*/long *prefered_cost)
|
|
|
|
{
|
|
|
|
static char cost_prefix[5];
|
|
|
|
long cost;
|
|
|
|
|
|
|
|
if (NULL == prefered_cost) {
|
|
|
|
cost = getdef_num ("YESCRYPT_COST_FACTOR", Y_COST_DEFAULT);
|
|
|
|
} else {
|
|
|
|
cost = *prefered_cost;
|
|
|
|
}
|
|
|
|
|
|
|
|
if (cost < Y_COST_MIN) {
|
|
|
|
cost = Y_COST_MIN;
|
|
|
|
}
|
|
|
|
if (cost > Y_COST_MAX) {
|
|
|
|
cost = Y_COST_MAX;
|
|
|
|
}
|
|
|
|
|
|
|
|
cost_prefix[0] = 'j';
|
|
|
|
if (cost < 3) {
|
|
|
|
cost_prefix[1] = 0x36 + cost;
|
|
|
|
} else if (cost < 6) {
|
|
|
|
cost_prefix[1] = 0x34 + cost;
|
|
|
|
} else {
|
|
|
|
cost_prefix[1] = 0x3b + cost;
|
|
|
|
}
|
|
|
|
cost_prefix[2] = cost >= 3 ? 'T' : '5';
|
|
|
|
cost_prefix[3] = '$';
|
|
|
|
cost_prefix[4] = 0;
|
|
|
|
|
|
|
|
return cost_prefix;
|
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Default number of base64 characters used for the salt.
|
|
|
|
* 24 characters gives a 144 bits (18 bytes) salt. Unlike the more
|
|
|
|
* traditional 128 bits (16 bytes) salt, this 144 bits salt is always
|
|
|
|
* represented by the same number of base64 characters without padding
|
|
|
|
* issue, even with a non-standard base64 encoding scheme.
|
|
|
|
*/
|
|
|
|
#define YESCRYPT_SALT_SIZE 24
|
|
|
|
/*
|
|
|
|
* Generate a 22 character salt string for yescrypt.
|
|
|
|
*/
|
|
|
|
static /*@observer@*/const char *gensalt_yescrypt (void)
|
|
|
|
{
|
|
|
|
static char salt[32];
|
|
|
|
|
|
|
|
salt[0] = '\0';
|
|
|
|
|
|
|
|
seedRNG ();
|
|
|
|
strcat (salt, l64a (random()));
|
|
|
|
do {
|
|
|
|
strcat (salt, l64a (random()));
|
|
|
|
} while (strlen (salt) < YESCRYPT_SALT_SIZE);
|
|
|
|
|
|
|
|
salt[YESCRYPT_SALT_SIZE] = '\0';
|
|
|
|
|
|
|
|
return salt;
|
|
|
|
}
|
|
|
|
#endif /* USE_YESCRYPT */
|
|
|
|
|
2007-11-24 02:21:43 +05:30
|
|
|
/*
|
|
|
|
* Generate salt of size salt_size.
|
|
|
|
*/
|
|
|
|
#define MAX_SALT_SIZE 16
|
|
|
|
#define MIN_SALT_SIZE 8
|
|
|
|
|
* libmisc/xgetXXbyYY.c, libmisc/myname.c, libmisc/getgr_nam_gid.c,
libmisc/salt.c, libmisc/list.c, libmisc/cleanup.c, src/login.c,
lib/getdef.h, lib/groupio.c, lib/getlong.c, lib/gshadow_.h,
lib/sgroupio.c, lib/shadowio.c, lib/pwio.c, lib/commonio.h,
lib/fputsx.c, lib/prototypes.h: Added splint annotations.
* lib/groupio.c: Avoid implicit conversion of pointers to
booleans.
* lib/groupio.c: Free allocated buffers in case of failure.
2009-04-23 15:27:03 +05:30
|
|
|
static /*@observer@*/const char *gensalt (size_t salt_size)
|
2008-01-06 20:20:26 +05:30
|
|
|
{
|
2007-11-24 05:30:12 +05:30
|
|
|
static char salt[32];
|
|
|
|
|
|
|
|
salt[0] = '\0';
|
|
|
|
|
2007-11-24 02:34:43 +05:30
|
|
|
assert (salt_size >= MIN_SALT_SIZE &&
|
|
|
|
salt_size <= MAX_SALT_SIZE);
|
2008-02-03 22:53:58 +05:30
|
|
|
seedRNG ();
|
2007-11-24 05:30:12 +05:30
|
|
|
strcat (salt, l64a (random()));
|
|
|
|
do {
|
|
|
|
strcat (salt, l64a (random()));
|
|
|
|
} while (strlen (salt) < salt_size);
|
2008-06-14 01:07:15 +05:30
|
|
|
|
2007-11-24 05:30:12 +05:30
|
|
|
salt[salt_size] = '\0';
|
|
|
|
|
|
|
|
return salt;
|
2007-11-24 02:21:43 +05:30
|
|
|
}
|
|
|
|
|
2007-11-20 05:35:54 +05:30
|
|
|
/*
|
|
|
|
* Generate 8 base64 ASCII characters of random salt. If MD5_CRYPT_ENAB
|
|
|
|
* in /etc/login.defs is "yes", the salt string will be prefixed by "$1$"
|
|
|
|
* (magic) and pw_encrypt() will execute the MD5-based FreeBSD-compatible
|
|
|
|
* version of crypt() instead of the standard one.
|
|
|
|
* Other methods can be set with ENCRYPT_METHOD
|
2007-11-20 15:03:52 +05:30
|
|
|
*
|
|
|
|
* The method can be forced with the meth parameter.
|
|
|
|
* If NULL, the method will be defined according to the MD5_CRYPT_ENAB and
|
|
|
|
* ENCRYPT_METHOD login.defs variables.
|
|
|
|
*
|
|
|
|
* If meth is specified, an additional parameter can be provided.
|
|
|
|
* * For the SHA256 and SHA512 method, this specifies the number of rounds
|
|
|
|
* (if not NULL).
|
2020-12-28 01:39:25 +05:30
|
|
|
* * For the YESCRYPT method, this specifies the cost factor (if not NULL).
|
2007-11-20 05:35:54 +05:30
|
|
|
*/
|
2011-08-14 20:07:17 +05:30
|
|
|
/*@observer@*/const char *crypt_make_salt (/*@null@*//*@observer@*/const char *meth, /*@null@*/void *arg)
|
2007-10-07 17:14:02 +05:30
|
|
|
{
|
2007-11-20 05:35:54 +05:30
|
|
|
/* Max result size for the SHA methods:
|
|
|
|
* +3 $5$
|
|
|
|
* +17 rounds=999999999$
|
|
|
|
* +16 salt
|
|
|
|
* +1 \0
|
|
|
|
*/
|
2007-10-07 17:14:02 +05:30
|
|
|
static char result[40];
|
2007-11-24 02:21:43 +05:30
|
|
|
size_t salt_len = 8;
|
2008-01-06 20:20:26 +05:30
|
|
|
const char *method;
|
2007-10-07 17:14:02 +05:30
|
|
|
|
2007-11-20 04:04:48 +05:30
|
|
|
result[0] = '\0';
|
|
|
|
|
2007-11-20 15:03:52 +05:30
|
|
|
if (NULL != meth)
|
|
|
|
method = meth;
|
2007-11-24 05:27:47 +05:30
|
|
|
else {
|
2008-06-14 01:07:15 +05:30
|
|
|
method = getdef_str ("ENCRYPT_METHOD");
|
|
|
|
if (NULL == method) {
|
|
|
|
method = getdef_bool ("MD5_CRYPT_ENAB") ? "MD5" : "DES";
|
|
|
|
}
|
2007-11-24 05:27:47 +05:30
|
|
|
}
|
2007-11-20 15:03:52 +05:30
|
|
|
|
2008-05-24 18:38:58 +05:30
|
|
|
if (0 == strcmp (method, "MD5")) {
|
2007-11-20 15:03:52 +05:30
|
|
|
MAGNUM(result, '1');
|
2019-09-17 00:24:56 +05:30
|
|
|
#ifdef USE_BCRYPT
|
|
|
|
} else if (0 == strcmp (method, "BCRYPT")) {
|
|
|
|
BCRYPTMAGNUM(result);
|
|
|
|
strcat(result, BCRYPT_salt_rounds((int *)arg));
|
|
|
|
#endif /* USE_BCRYPT */
|
2020-12-28 01:39:25 +05:30
|
|
|
#ifdef USE_YESCRYPT
|
|
|
|
} else if (0 == strcmp (method, "YESCRYPT")) {
|
|
|
|
MAGNUM(result, 'y');
|
|
|
|
strcat(result, YESCRYPT_salt_cost((int *)arg));
|
|
|
|
#endif /* USE_YESCRYPT */
|
* configure.in: New configure option: --with-sha-crypt enabled by
default. Keeping the feature enabled is safe. Disabling it permits
to disable the references to the SHA256 and SHA512 password
encryption algorithms from the usage help and manuals (in addition
to the support for these algorithms in the code).
* libmisc/obscure.c, libmisc/salt.c, src/newusers.c,
src/chpasswd.c, src/chgpasswd.c, src/passwd.c: ENCRYPT_METHOD is
always supported in login.defs. Remove the ENCRYPTMETHOD_SELECT
preprocessor condition.
* libmisc/obscure.c, libmisc/salt.c, src/newusers.c,
src/chpasswd.c, src/chgpasswd.c, src/passwd.c: Disable SHA256 and
SHA512 if USE_SHA_CRYPT is not defined (this corresponds to a
subset of the ENCRYPTMETHOD_SELECT sections).
2007-11-24 18:38:08 +05:30
|
|
|
#ifdef USE_SHA_CRYPT
|
2008-05-24 18:38:58 +05:30
|
|
|
} else if (0 == strcmp (method, "SHA256")) {
|
2007-11-20 15:03:52 +05:30
|
|
|
MAGNUM(result, '5');
|
|
|
|
strcat(result, SHA_salt_rounds((int *)arg));
|
2013-08-13 22:46:24 +05:30
|
|
|
salt_len = (size_t) shadow_random (8, 16);
|
2008-05-24 18:38:58 +05:30
|
|
|
} else if (0 == strcmp (method, "SHA512")) {
|
2007-11-20 15:03:52 +05:30
|
|
|
MAGNUM(result, '6');
|
|
|
|
strcat(result, SHA_salt_rounds((int *)arg));
|
2013-08-13 22:46:24 +05:30
|
|
|
salt_len = (size_t) shadow_random (8, 16);
|
2008-05-20 02:26:48 +05:30
|
|
|
#endif /* USE_SHA_CRYPT */
|
2007-11-21 01:30:16 +05:30
|
|
|
} else if (0 != strcmp (method, "DES")) {
|
2021-05-09 04:12:14 +05:30
|
|
|
fprintf (shadow_logfd,
|
2007-11-20 15:03:52 +05:30
|
|
|
_("Invalid ENCRYPT_METHOD value: '%s'.\n"
|
|
|
|
"Defaulting to DES.\n"),
|
|
|
|
method);
|
|
|
|
result[0] = '\0';
|
2007-11-20 03:44:19 +05:30
|
|
|
}
|
2007-11-20 05:35:54 +05:30
|
|
|
|
2007-10-07 17:14:02 +05:30
|
|
|
/*
|
2007-11-20 05:35:54 +05:30
|
|
|
* Concatenate a pseudo random salt.
|
2007-10-07 17:14:02 +05:30
|
|
|
*/
|
2007-11-24 02:21:43 +05:30
|
|
|
assert (sizeof (result) > strlen (result) + salt_len);
|
2019-09-17 00:24:56 +05:30
|
|
|
#ifdef USE_BCRYPT
|
|
|
|
if (0 == strcmp (method, "BCRYPT")) {
|
|
|
|
strncat (result, gensalt_bcrypt (),
|
|
|
|
sizeof (result) - strlen (result) - 1);
|
|
|
|
return result;
|
|
|
|
} else {
|
|
|
|
#endif /* USE_BCRYPT */
|
2020-12-28 01:39:25 +05:30
|
|
|
#ifdef USE_YESCRYPT
|
|
|
|
if (0 == strcmp (method, "YESCRYPT")) {
|
|
|
|
strncat (result, gensalt_yescrypt (),
|
|
|
|
sizeof (result) - strlen (result) - 1);
|
|
|
|
return result;
|
|
|
|
} else {
|
|
|
|
#endif /* USE_YESCRYPT */
|
2019-09-17 00:24:56 +05:30
|
|
|
strncat (result, gensalt (salt_len),
|
|
|
|
sizeof (result) - strlen (result) - 1);
|
2020-12-28 01:39:25 +05:30
|
|
|
#ifdef USE_YESCRYPT
|
|
|
|
}
|
|
|
|
#endif /* USE_YESCRYPT */
|
2019-09-17 00:24:56 +05:30
|
|
|
#ifdef USE_BCRYPT
|
|
|
|
}
|
2020-12-28 01:39:25 +05:30
|
|
|
#endif /* USE_BCRYPT */
|
2007-10-07 17:14:02 +05:30
|
|
|
|
|
|
|
return result;
|
|
|
|
}
|
2008-01-06 20:20:26 +05:30
|
|
|
|