# HG changeset patch # User Rob Landley # Date 1403754899 18000 # Node ID e65f9a9ba62dfc95d990bdfca6ca4ced3a737bd5 # Parent b9605ebd3af42d813a224a5f3b78723904f82572 Cleanup pass on mkpasswd.c diff -r b9605ebd3af4 -r e65f9a9ba62d lib/lib.h --- a/lib/lib.h Wed Jun 25 06:26:17 2014 -0500 +++ b/lib/lib.h Wed Jun 25 22:54:59 2014 -0500 @@ -165,6 +165,9 @@ // net.c int xsocket(int domain, int type, int protocol); +// password.c +int get_salt(char *salt, char * algo); + // getmountlist.c struct mtab_list { struct mtab_list *next, *prev; diff -r b9605ebd3af4 -r e65f9a9ba62d lib/password.c --- a/lib/password.c Wed Jun 25 06:26:17 2014 -0500 +++ b/lib/password.c Wed Jun 25 22:54:59 2014 -0500 @@ -6,48 +6,48 @@ #include "toys.h" #include +// generate appropriate random salt string for given encryption algorithm. int get_salt(char *salt, char *algo) { - int i, len = 0, offset = 0; - char buf[12]; + struct { + char *type, id, len; + } al[] = {{"des", 0, 2}, {"md5", 1, 8}, {"sha256", 5, 16}, {"sha512", 6, 16}}; + int i; - if (!strcmp(algo,"des")) len = 2; - else { - *salt++ = '$'; - if (!strcmp(algo,"md5")) { - *salt++ = '1'; - len = 8; - } else if (!strcmp(algo,"sha256")) { - *salt++ = '5'; - len = 16; - } else if (!strcmp(algo,"sha512")) { - *salt++ = '6'; - len = 16; - } else return -1; + for (i = 0; i < ARRAY_LEN(al); i++) { + if (!strcmp(algo, al[i].type)) { + int len = al[i].len; + char *s = salt; + + if (al[i].id) { + *s++ = '$'; + *s++ = '0'+al[i].id; + } + *s++ = '$'; - *salt++ = '$'; - offset = 3; - } + // Read appropriate number of random bytes for salt + i = xopen("/dev/urandom", O_RDONLY); + xreadall(i, libbuf, ((len*6)+7)/8); + close(i); - // Read appropriate number of random bytes for salt - i = xopen("/dev/urandom", O_RDONLY); - xreadall(i, buf, ((len*6)+7)/8); - close(i); + // Grab 6 bit chunks and convert to characters in ./0-9a-zA-Z + for (i=0; i> (bitpos&7)) & 0x3f; + bits += 46; + if (bits > 57) bits += 7; + if (bits > 90) bits += 6; - bits = ((buf[i]+(buf[i+1]<<8)) >> (bitpos&7)) & 0x3f; - bits += 46; - if (bits > 57) bits += 7; - if (bits > 90) bits += 6; + s[i] = bits; + } + salt[len] = 0; - salt[i] = bits; + return s-salt; + } } - salt[i] = 0; - return offset; + return -1; } static void handle(int signo) diff -r b9605ebd3af4 -r e65f9a9ba62d lib/pending.h --- a/lib/pending.h Wed Jun 25 06:26:17 2014 -0500 +++ b/lib/pending.h Wed Jun 25 22:54:59 2014 -0500 @@ -4,7 +4,6 @@ #define MAX_SALT_LEN 20 //3 for id, 16 for key, 1 for '\0' #define SYS_FIRST_ID 100 #define SYS_LAST_ID 999 -int get_salt(char *salt, char * algo); void is_valid_username(const char *name); int read_password(char * buff, int buflen, char* mesg); int update_password(char *filename, char* username, char* encrypted); diff -r b9605ebd3af4 -r e65f9a9ba62d toys/pending/mkpasswd.c --- a/toys/pending/mkpasswd.c Wed Jun 25 06:26:17 2014 -0500 +++ b/toys/pending/mkpasswd.c Wed Jun 25 22:54:59 2014 -0500 @@ -11,12 +11,12 @@ bool "mkpasswd" default n help - usage: mkpasswd [OPTIONS] [PASSWORD] [SALT] + usage: mkpasswd [-P FD] [-m TYPE] [-S SALT] [PASSWORD] [SALT] Crypt PASSWORD using crypt(3) - -P N Read password from fd N - -m TYPE Encryption method, when TYPE='help', then show the methods available + -P FD Read password from file descriptor FD + -m TYPE Encryption method (des, md5, sha256, or sha512; default is des) -S SALT */ @@ -29,74 +29,49 @@ char *salt; ) - -/* - * validate the salt provided by user. - * the allowed character set for salt is [./A-Za-z0-9] - */ -static void is_salt_valid(char *salt) -{ - regex_t rp; - regmatch_t rm[1]; - char *regex = "[./A-Za-z0-9]*"; //salt REGEX - - xregcomp(&rp, regex, REG_NEWLINE); - - /* compare string against pattern -- remember that patterns - are anchored to the beginning of the line */ - if (regexec(&rp, salt, 1, rm, 0) == 0 && rm[0].rm_so == 0 - && rm[0].rm_eo == strlen(salt)) - return; - - error_exit("salt should be in character set [./A-Za-z0-9]"); -} - void mkpasswd_main(void) { - int offset = 0; char salt[MAX_SALT_LEN] = {0,}; + int i; - if (!(toys.optflags & FLAG_m)) TT.method = "des"; - else if (!strcmp(TT.method, "help")) { - xprintf("Available encryption methods are:\n" - " des\n md5\n sha256\n sha512\n"); - return; - } - // If arguments are there, then the second argument is Salt, can be NULL also - if ((toys.optc == 2) && !(toys.optflags & FLAG_S)) TT.salt = toys.optargs[1]; - - offset= get_salt(salt, TT.method); - if (offset == -1) error_exit("unknown encryption method"); - if (TT.salt) { - is_salt_valid(TT.salt); - snprintf(salt + offset, MAX_SALT_LEN - offset, "%s", TT.salt); + if (!TT.method) TT.method = "des"; + if (toys.optc == 2) { + if (TT.salt) error_exit("duplicate salt"); + TT.salt = toys.optargs[1]; } - if (toys.optflags & FLAG_P) { - if (dup2(TT.pfd, STDIN_FILENO) == -1) perror_exit("fd"); + if (-1 == (i = get_salt(salt, TT.method))) error_exit("bad -m"); + if (TT.salt) { + char *s = TT.salt; + + // In C locale, isalnum() means [A-Za-Z0-0] + while (isalnum(*s) || *s == '.' || *s == '/') s++; + if (*s) error_exit("salt not in [./A-Za-z0-9]"); + + snprintf(salt+i, sizeof(salt)-i, "%s", TT.salt); + } + + // Because read_password() doesn't have an fd argument + if (TT.pfd) { + if (dup2(TT.pfd, 0) == -1) perror_exit("fd"); close(TT.pfd); } - if (!toys.optc) { - if (isatty(STDIN_FILENO)) { + // If we haven't got a password on the command line, read it from tty or FD + if (!*toys.optargs) { + // Prompt and read interactively? + if (isatty(0)) { if (read_password(toybuf, sizeof(toybuf), "Password: ")) perror_exit("password read failed"); } else { - // read from the given FD - int i = 0; - while (1) { - int ret = read(0, &toybuf[i], 1); - if ( ret < 0 ) perror_exit("password read failed"); - else if (ret == 0 || toybuf[i] == '\n' || toybuf[i] == '\r' || - sizeof(toybuf) == i+1) { - toybuf[i] = '\0'; - break; - } - i++; + for (i = 0; i