shadow/libmisc/salt.c

/*
 * salt.c - generate a random salt string for crypt()
 *
 * Written by Marek Michalkiewicz <marekm@i17linuxb.ists.pwr.wroc.pl>,
 * public domain.
 *
 * l64a was Written by J.T. Conklin <jtc@netbsd.org>. Public domain.
 */

#include <config.h>

#ident "$Id$"

#include <sys/time.h>
#include <stdlib.h>
#include "prototypes.h"
#include "defines.h"
#include "getdef.h"

#ifndef HAVE_L64A
char *l64a(long value)
{
	static char buf[8];
	char *s = buf;
	int digit;
	int i;

	if (value < 0) {
		errno = EINVAL;
		return(NULL);
	}

	for (i = 0; value != 0 && i < 6; i++) {
		digit = value & 0x3f;

		if (digit < 2) 
			*s = digit + '.';
		else if (digit < 12)
			*s = digit + '0' - 2;
		else if (digit < 38)
			*s = digit + 'A' - 12;
		else
			*s = digit + 'a' - 38;

		value >>= 6;
		s++;
	}

	*s = '\0';

	return(buf);
}
#endif /* !HAVE_L64A */

/*
 * Generate 8 base64 ASCII characters of random salt.  If MD5_CRYPT_ENAB
 * in /etc/login.defs is "yes", the salt string will be prefixed by "$1$"
 * (magic) and pw_encrypt() will execute the MD5-based FreeBSD-compatible
 * version of crypt() instead of the standard one.
 */

#define MAGNUM(array,ch)	(array)[0]= (array)[2] = '$',\
				(array)[1]=(ch),\
				(array)[2]='\0'

char *crypt_make_salt (void)
{
	struct timeval tv;
	static char result[40];
	int max_salt_len = 8;
	char *method;

	result[0] = '\0';

#ifndef USE_PAM
#ifdef ENCRYPTMETHOD_SELECT
	if ((method = getdef_str ("ENCRYPT_METHOD")) == NULL) {
#endif
		if (getdef_bool ("MD5_CRYPT_ENAB")) {
			MAGNUM(result,'1');
			max_salt_len = 11;
		}
#ifdef ENCRYPTMETHOD_SELECT
	} else {
		if (!strncmp (method, "MD5", 3)) {
			MAGNUM(result, '1');
			max_salt_len = 11;
		} else if (!strncmp (method, "SHA256", 6)) {
			MAGNUM(result, '5');
			max_salt_len = 11; /* XXX: should not be fixed */
		} else if (!strncmp (method, "SHA512", 6)) {
			MAGNUM(result, '6');
			max_salt_len = 11; /* XXX: should not be fixed */
		} else if (0 != strncmp (method, "DES", 3)) {
			fprintf (stderr,
				 _("Invalid ENCRYPT_METHOD value: '%s'.\n"
				   "Defaulting to DES.\n"),
				 method);
			result[0] = '\0';
		}
	}
#endif				/* ENCRYPTMETHOD_SELECT */
#endif				/* USE_PAM */
	/*
	 * Generate 8 chars of salt, the old crypt() will use only first 2.
	 */
	gettimeofday (&tv, (struct timezone *) 0);
	strcat (result, l64a (tv.tv_usec));
	strcat (result, l64a (tv.tv_sec + getpid () + clock ()));

	if (strlen (result) > max_salt_len)	/* magic+salt */
		result[max_salt_len] = '\0';

	return result;
}
[svn-upgrade] Integrating new upstream version, shadow (19990709) 2007-10-07 17:14:02 +05:30			`/*`
			`* salt.c - generate a random salt string for crypt()`
			`*`
			`* Written by Marek Michalkiewicz <marekm@i17linuxb.ists.pwr.wroc.pl>,`
			`* public domain.`
Add support for uClibc with no l64a(). 2007-11-16 18:06:21 +05:30			`*`
			`* l64a was Written by J.T. Conklin <jtc@netbsd.org>. Public domain.`
[svn-upgrade] Integrating new upstream version, shadow (19990709) 2007-10-07 17:14:02 +05:30			`*/`

			`#include <config.h>`

Added the subversion svn:keywords property (Id) for proper identification. 2007-11-11 05:16:11 +05:30			`#ident "$Id$"`
[svn-upgrade] Integrating new upstream version, shadow (4.0.13) 2007-10-07 17:17:01 +05:30
[svn-upgrade] Integrating new upstream version, shadow (4.0.8) 2007-10-07 17:16:07 +05:30			`#include <sys/time.h>`
			`#include <stdlib.h>`
[svn-upgrade] Integrating new upstream version, shadow (19990709) 2007-10-07 17:14:02 +05:30			`#include "prototypes.h"`
			`#include "defines.h"`
			`#include "getdef.h"`
Add support for uClibc with no l64a(). 2007-11-16 18:06:21 +05:30
			`#ifndef HAVE_L64A`
			`char *l64a(long value)`
			`{`
			`static char buf[8];`
			`char *s = buf;`
			`int digit;`
			`int i;`

			`if (value < 0) {`
			`errno = EINVAL;`
			`return(NULL);`
			`}`

			`for (i = 0; value != 0 && i < 6; i++) {`
			`digit = value & 0x3f;`

			`if (digit < 2)`
			`*s = digit + '.';`
			`else if (digit < 12)`
			`*s = digit + '0' - 2;`
			`else if (digit < 38)`
			`*s = digit + 'A' - 12;`
			`else`
			`*s = digit + 'a' - 38;`

			`value >>= 6;`
			`s++;`
			`}`

			`*s = '\0';`

			`return(buf);`
			`}`
			`#endif /* !HAVE_L64A */`

[svn-upgrade] Integrating new upstream version, shadow (19990709) 2007-10-07 17:14:02 +05:30			`/*`
			`* Generate 8 base64 ASCII characters of random salt. If MD5_CRYPT_ENAB`
			`* in /etc/login.defs is "yes", the salt string will be prefixed by "$1$"`
			`* (magic) and pw_encrypt() will execute the MD5-based FreeBSD-compatible`
			`* version of crypt() instead of the standard one.`
			`*/`
Add support for SHA256 and SHA512 encrypt methods. Apply RedHat's patch shadow-4.0.18.1-sha256.patch. Thanks to Peter Vrabec. Hardly no changes except re-indent and changes related to recent modifications (max_salt_len in crypt_make_salt). Changes in lib/defines.h not applied (definition of ENCRYPTMETHOD_SELECT). I will add a configure check or flag. 2007-11-20 03:44:19 +05:30
* libmisc/salt.c (MAGNUM): Terminate the array with nul (the array is then used with strcat). * libmisc/salt.c (crypt_make_salt): Initialize result[0] to nul at the beginning (was not initialized when USE_PAM). * libmisc/salt.c (crypt_make_salt): Check that ENCRYPT_METHOD is a valid crypt method. 2007-11-20 04:04:48 +05:30			`#define MAGNUM(array,ch) (array)[0]= (array)[2] = '$',\`
			`(array)[1]=(ch),\`
			`(array)[2]='\0'`
Add support for SHA256 and SHA512 encrypt methods. Apply RedHat's patch shadow-4.0.18.1-sha256.patch. Thanks to Peter Vrabec. Hardly no changes except re-indent and changes related to recent modifications (max_salt_len in crypt_make_salt). Changes in lib/defines.h not applied (definition of ENCRYPTMETHOD_SELECT). I will add a configure check or flag. 2007-11-20 03:44:19 +05:30
[svn-upgrade] Integrating new upstream version, shadow (4.0.4) 2007-10-07 17:15:23 +05:30			`char *crypt_make_salt (void)`
[svn-upgrade] Integrating new upstream version, shadow (19990709) 2007-10-07 17:14:02 +05:30			`{`
			`struct timeval tv;`
			`static char result[40];`
* libmisc/salt.c: Make sure the salt string is terminated at the right place (either 8th, or 11th position). * NEWS, src/chgpasswd.c, src/chpasswd.c: The protocol + salt does not need 15 chars. No need for a temporary buffer. This change the fix committed on 2007-11-10. The salt provided to pw_encrypt could have been too long. 2007-11-17 00:32:00 +05:30			`int max_salt_len = 8;`
Add support for SHA256 and SHA512 encrypt methods. Apply RedHat's patch shadow-4.0.18.1-sha256.patch. Thanks to Peter Vrabec. Hardly no changes except re-indent and changes related to recent modifications (max_salt_len in crypt_make_salt). Changes in lib/defines.h not applied (definition of ENCRYPTMETHOD_SELECT). I will add a configure check or flag. 2007-11-20 03:44:19 +05:30			`char *method;`
[svn-upgrade] Integrating new upstream version, shadow (19990709) 2007-10-07 17:14:02 +05:30
* libmisc/salt.c (MAGNUM): Terminate the array with nul (the array is then used with strcat). * libmisc/salt.c (crypt_make_salt): Initialize result[0] to nul at the beginning (was not initialized when USE_PAM). * libmisc/salt.c (crypt_make_salt): Check that ENCRYPT_METHOD is a valid crypt method. 2007-11-20 04:04:48 +05:30			`result[0] = '\0';`

[svn-upgrade] Integrating new upstream version, shadow (4.0.13) 2007-10-07 17:17:01 +05:30			`#ifndef USE_PAM`
Add support for SHA256 and SHA512 encrypt methods. Apply RedHat's patch shadow-4.0.18.1-sha256.patch. Thanks to Peter Vrabec. Hardly no changes except re-indent and changes related to recent modifications (max_salt_len in crypt_make_salt). Changes in lib/defines.h not applied (definition of ENCRYPTMETHOD_SELECT). I will add a configure check or flag. 2007-11-20 03:44:19 +05:30			`#ifdef ENCRYPTMETHOD_SELECT`
			`if ((method = getdef_str ("ENCRYPT_METHOD")) == NULL) {`
[svn-upgrade] Integrating new upstream version, shadow (4.0.13) 2007-10-07 17:17:01 +05:30			`#endif`
Add support for SHA256 and SHA512 encrypt methods. Apply RedHat's patch shadow-4.0.18.1-sha256.patch. Thanks to Peter Vrabec. Hardly no changes except re-indent and changes related to recent modifications (max_salt_len in crypt_make_salt). Changes in lib/defines.h not applied (definition of ENCRYPTMETHOD_SELECT). I will add a configure check or flag. 2007-11-20 03:44:19 +05:30			`if (getdef_bool ("MD5_CRYPT_ENAB")) {`
			`MAGNUM(result,'1');`
			`max_salt_len = 11;`
* libmisc/salt.c (MAGNUM): Terminate the array with nul (the array is then used with strcat). * libmisc/salt.c (crypt_make_salt): Initialize result[0] to nul at the beginning (was not initialized when USE_PAM). * libmisc/salt.c (crypt_make_salt): Check that ENCRYPT_METHOD is a valid crypt method. 2007-11-20 04:04:48 +05:30			`}`
Add support for SHA256 and SHA512 encrypt methods. Apply RedHat's patch shadow-4.0.18.1-sha256.patch. Thanks to Peter Vrabec. Hardly no changes except re-indent and changes related to recent modifications (max_salt_len in crypt_make_salt). Changes in lib/defines.h not applied (definition of ENCRYPTMETHOD_SELECT). I will add a configure check or flag. 2007-11-20 03:44:19 +05:30			`#ifdef ENCRYPTMETHOD_SELECT`
			`} else {`
			`if (!strncmp (method, "MD5", 3)) {`
			`MAGNUM(result, '1');`
			`max_salt_len = 11;`
			`} else if (!strncmp (method, "SHA256", 6)) {`
			`MAGNUM(result, '5');`
			`max_salt_len = 11; /* XXX: should not be fixed */`
			`} else if (!strncmp (method, "SHA512", 6)) {`
			`MAGNUM(result, '6');`
			`max_salt_len = 11; /* XXX: should not be fixed */`
* libmisc/salt.c (MAGNUM): Terminate the array with nul (the array is then used with strcat). * libmisc/salt.c (crypt_make_salt): Initialize result[0] to nul at the beginning (was not initialized when USE_PAM). * libmisc/salt.c (crypt_make_salt): Check that ENCRYPT_METHOD is a valid crypt method. 2007-11-20 04:04:48 +05:30			`} else if (0 != strncmp (method, "DES", 3)) {`
			`fprintf (stderr,`
			`_("Invalid ENCRYPT_METHOD value: '%s'.\n"`
			`"Defaulting to DES.\n"),`
			`method);`
Add support for SHA256 and SHA512 encrypt methods. Apply RedHat's patch shadow-4.0.18.1-sha256.patch. Thanks to Peter Vrabec. Hardly no changes except re-indent and changes related to recent modifications (max_salt_len in crypt_make_salt). Changes in lib/defines.h not applied (definition of ENCRYPTMETHOD_SELECT). I will add a configure check or flag. 2007-11-20 03:44:19 +05:30			`result[0] = '\0';`
* libmisc/salt.c (MAGNUM): Terminate the array with nul (the array is then used with strcat). * libmisc/salt.c (crypt_make_salt): Initialize result[0] to nul at the beginning (was not initialized when USE_PAM). * libmisc/salt.c (crypt_make_salt): Check that ENCRYPT_METHOD is a valid crypt method. 2007-11-20 04:04:48 +05:30			`}`
Add support for SHA256 and SHA512 encrypt methods. Apply RedHat's patch shadow-4.0.18.1-sha256.patch. Thanks to Peter Vrabec. Hardly no changes except re-indent and changes related to recent modifications (max_salt_len in crypt_make_salt). Changes in lib/defines.h not applied (definition of ENCRYPTMETHOD_SELECT). I will add a configure check or flag. 2007-11-20 03:44:19 +05:30			`}`
			`#endif /* ENCRYPTMETHOD_SELECT */`
			`#endif /* USE_PAM */`
[svn-upgrade] Integrating new upstream version, shadow (19990709) 2007-10-07 17:14:02 +05:30			`/*`
			`* Generate 8 chars of salt, the old crypt() will use only first 2.`
			`*/`
[svn-upgrade] Integrating new upstream version, shadow (4.0.4) 2007-10-07 17:15:23 +05:30			`gettimeofday (&tv, (struct timezone *) 0);`
			`strcat (result, l64a (tv.tv_usec));`
			`strcat (result, l64a (tv.tv_sec + getpid () + clock ()));`
[svn-upgrade] Integrating new upstream version, shadow (19990709) 2007-10-07 17:14:02 +05:30
* libmisc/salt.c: Make sure the salt string is terminated at the right place (either 8th, or 11th position). * NEWS, src/chgpasswd.c, src/chpasswd.c: The protocol + salt does not need 15 chars. No need for a temporary buffer. This change the fix committed on 2007-11-10. The salt provided to pw_encrypt could have been too long. 2007-11-17 00:32:00 +05:30			`if (strlen (result) > max_salt_len) /* magic+salt */`
			`result[max_salt_len] = '\0';`
[svn-upgrade] Integrating new upstream version, shadow (19990709) 2007-10-07 17:14:02 +05:30
			`return result;`
			`}`