changeset 1363:e65f9a9ba62d draft

Cleanup pass on mkpasswd.c
author Rob Landley <rob@landley.net>
date Wed, 25 Jun 2014 22:54:59 -0500
parents b9605ebd3af4
children 94677e7b6d97
files lib/lib.h lib/password.c lib/pending.h toys/pending/mkpasswd.c
diffstat 4 files changed, 67 insertions(+), 90 deletions(-) [+]
line wrap: on
line diff
--- a/lib/lib.h	Wed Jun 25 06:26:17 2014 -0500
+++ b/lib/lib.h	Wed Jun 25 22:54:59 2014 -0500
@@ -165,6 +165,9 @@
 // net.c
 int xsocket(int domain, int type, int protocol);
 
+// password.c
+int get_salt(char *salt, char * algo);
+
 // getmountlist.c
 struct mtab_list {
   struct mtab_list *next, *prev;
--- a/lib/password.c	Wed Jun 25 06:26:17 2014 -0500
+++ b/lib/password.c	Wed Jun 25 22:54:59 2014 -0500
@@ -6,48 +6,48 @@
 #include "toys.h"
 #include <time.h>
 
+// generate appropriate random salt string for given encryption algorithm.
 int get_salt(char *salt, char *algo)
 {      
-  int i, len = 0, offset = 0;
-  char buf[12];
+  struct {
+    char *type, id, len;
+  } al[] = {{"des", 0, 2}, {"md5", 1, 8}, {"sha256", 5, 16}, {"sha512", 6, 16}};
+  int i;
 
-  if (!strcmp(algo,"des")) len = 2;
-  else {
-    *salt++ = '$';
-    if (!strcmp(algo,"md5")) {
-      *salt++ = '1';
-      len = 8;
-    } else if (!strcmp(algo,"sha256")) {
-      *salt++ = '5';
-      len = 16;
-    } else if (!strcmp(algo,"sha512")) {
-      *salt++ = '6';
-      len = 16;
-    } else return -1;
+  for (i = 0; i < ARRAY_LEN(al); i++) {
+    if (!strcmp(algo, al[i].type)) {
+      int len = al[i].len;
+      char *s = salt;
+
+      if (al[i].id) {
+        *s++ = '$';
+        *s++ = '0'+al[i].id;
+      }
+      *s++ = '$';
 
-    *salt++ = '$';
-    offset = 3;
-  }    
+      // Read appropriate number of random bytes for salt
+      i = xopen("/dev/urandom", O_RDONLY);
+      xreadall(i, libbuf, ((len*6)+7)/8);
+      close(i);
 
-  // Read appropriate number of random bytes for salt
-  i = xopen("/dev/urandom", O_RDONLY);
-  xreadall(i, buf, ((len*6)+7)/8);
-  close(i);
+      // Grab 6 bit chunks and convert to characters in ./0-9a-zA-Z
+      for (i=0; i<len; i++) {
+        int bitpos = i*6, bits = bitpos/8;
 
-  // Grab 6 bit chunks and convert to characters in ./0-9a-zA-Z
-  for (i=0; i<len; i++) {
-    int bitpos = i*6, bits = bitpos/8;
+        bits = ((libbuf[i]+(libbuf[i+1]<<8)) >> (bitpos&7)) & 0x3f;
+        bits += 46;
+        if (bits > 57) bits += 7;
+        if (bits > 90) bits += 6;
 
-    bits = ((buf[i]+(buf[i+1]<<8)) >> (bitpos&7)) & 0x3f;
-    bits += 46;
-    if (bits > 57) bits += 7;
-    if (bits > 90) bits += 6;
+        s[i] = bits;
+      }
+      salt[len] = 0;
 
-    salt[i] = bits;
+      return s-salt;
+    }
   }
-  salt[i] = 0;
 
-  return offset;
+  return -1;
 }
 
 static void handle(int signo)
--- a/lib/pending.h	Wed Jun 25 06:26:17 2014 -0500
+++ b/lib/pending.h	Wed Jun 25 22:54:59 2014 -0500
@@ -4,7 +4,6 @@
 #define MAX_SALT_LEN  20 //3 for id, 16 for key, 1 for '\0'
 #define SYS_FIRST_ID  100
 #define SYS_LAST_ID   999
-int get_salt(char *salt, char * algo);
 void is_valid_username(const char *name);
 int read_password(char * buff, int buflen, char* mesg);
 int update_password(char *filename, char* username, char* encrypted);
--- a/toys/pending/mkpasswd.c	Wed Jun 25 06:26:17 2014 -0500
+++ b/toys/pending/mkpasswd.c	Wed Jun 25 22:54:59 2014 -0500
@@ -11,12 +11,12 @@
   bool "mkpasswd"
   default n
   help
-    usage: mkpasswd [OPTIONS] [PASSWORD] [SALT]
+    usage: mkpasswd [-P FD] [-m TYPE] [-S SALT] [PASSWORD] [SALT]
 
     Crypt PASSWORD using crypt(3)
 
-    -P N    Read password from fd N
-    -m TYPE Encryption method, when TYPE='help', then show the methods available
+    -P FD   Read password from file descriptor FD
+    -m TYPE Encryption method (des, md5, sha256, or sha512; default is des)
     -S SALT
 */
 
@@ -29,74 +29,49 @@
   char *salt;
 )
 
-
-/*
- * validate the salt provided by user.
- * the allowed character set for salt is [./A-Za-z0-9]
- */
-static void is_salt_valid(char *salt)
-{
-  regex_t rp;
-  regmatch_t rm[1];
-  char *regex = "[./A-Za-z0-9]*"; //salt REGEX
-
-  xregcomp(&rp, regex, REG_NEWLINE);
-
-  /* compare string against pattern --  remember that patterns 
-     are anchored to the beginning of the line */
-  if (regexec(&rp, salt, 1, rm, 0) == 0 && rm[0].rm_so == 0 
-      && rm[0].rm_eo == strlen(salt))
-      return;
-
-  error_exit("salt should be in character set [./A-Za-z0-9]");
-}
-
 void mkpasswd_main(void)
 {
-  int offset = 0;
   char salt[MAX_SALT_LEN] = {0,};
+  int i;
 
-  if (!(toys.optflags & FLAG_m)) TT.method = "des";
-  else if (!strcmp(TT.method, "help")) {
-    xprintf("Available encryption methods are:\n"
-        " des\n md5\n sha256\n sha512\n");
-    return;
-  }
-  // If arguments are there, then the second argument is Salt, can be NULL also
-  if ((toys.optc == 2) && !(toys.optflags & FLAG_S)) TT.salt = toys.optargs[1];
-
-  offset= get_salt(salt, TT.method);
-  if (offset == -1) error_exit("unknown encryption method");
-  if (TT.salt) {
-    is_salt_valid(TT.salt);
-    snprintf(salt + offset, MAX_SALT_LEN - offset, "%s", TT.salt);
+  if (!TT.method) TT.method = "des";
+  if (toys.optc == 2) {
+    if (TT.salt) error_exit("duplicate salt");
+    TT.salt = toys.optargs[1];
   }
 
-  if (toys.optflags & FLAG_P) {
-    if (dup2(TT.pfd, STDIN_FILENO) == -1) perror_exit("fd");
+  if (-1 == (i = get_salt(salt, TT.method))) error_exit("bad -m");
+  if (TT.salt) {
+    char *s = TT.salt;
+
+    // In C locale, isalnum() means [A-Za-Z0-0]
+    while (isalnum(*s) || *s == '.' || *s == '/') s++;
+    if (*s) error_exit("salt not in [./A-Za-z0-9]");
+
+    snprintf(salt+i, sizeof(salt)-i, "%s", TT.salt);
+  }
+
+  // Because read_password() doesn't have an fd argument
+  if (TT.pfd) {
+    if (dup2(TT.pfd, 0) == -1) perror_exit("fd");
     close(TT.pfd);
   }
 
-  if (!toys.optc) {
-    if (isatty(STDIN_FILENO)) {
+  // If we haven't got a password on the command line, read it from tty or FD
+  if (!*toys.optargs) {
+    // Prompt and read interactively?
+    if (isatty(0)) {
       if (read_password(toybuf, sizeof(toybuf), "Password: ")) 
         perror_exit("password read failed");
     } else {
-      // read from the given FD
-      int i = 0;
-      while (1) {
-        int ret = read(0, &toybuf[i], 1);
-        if ( ret < 0 ) perror_exit("password read failed");
-        else if (ret == 0 || toybuf[i] == '\n' || toybuf[i] == '\r' ||
-            sizeof(toybuf) == i+1) {
-          toybuf[i] = '\0';
-          break;
-        }
-        i++;
+      for (i = 0; i<sizeof(toybuf)-1; i++) {
+        if (!xread(0, toybuf+i, 1)) break;
+        if (toybuf[i] == '\n' || toybuf[i] == '\r') break;
       }
+      toybuf[i] = 0;
     }
-  } else snprintf(toybuf, sizeof(toybuf), "%s", toys.optargs[0]);
+  }
 
   // encrypt & print the password
-  xprintf("%s\n",crypt(toybuf, salt));
+  xprintf("%s\n",crypt(*toys.optargs ? *toys.optargs : toybuf, salt));
 }