From acfe7ab66f201773cd13f07bb97dafd5ecabdf8f Mon Sep 17 00:00:00 2001
From: Rob Landley <rob@landley.net>
Date: Sun, 27 Aug 2023 14:38:37 -0500
Subject: [PATCH] Add mkpasswd tests and allow -m sha* salt length range 8-16
 instead of just 16.

---
 tests/mkpasswd.test   | 23 +++++++++++++++++++++++
 toys/other/mkpasswd.c | 19 +++++++++++--------
 2 files changed, 34 insertions(+), 8 deletions(-)
 create mode 100755 tests/mkpasswd.test

diff --git a/tests/mkpasswd.test b/tests/mkpasswd.test
new file mode 100755
index 00000000..ce135bfa
--- /dev/null
+++ b/tests/mkpasswd.test
@@ -0,0 +1,23 @@
+#!/bin/bash
+
+[ -f testing.sh ] && . testing.sh
+
+#testing "name" "command" "result" "infile" "stdin"
+
+# TODO: migrate to internal hashes. Not sure I'm bothering with DES, so
+# this (currently) only tests md5, sha256, and sha512.
+# The -P0 is because debian's version misbehaves without it.
+testcmd 'md5' '-P0 -mmd5 -S abcdefgh' '$1$abcdefgh$G//4keteveJp0qb8z2DxG/\n' \
+  '' 'password'
+# No idea why debian's requires the dash in sha-256?
+testcmd 'sha256-8' '-P0 -msha-256 -S abcdefgh' \
+  '$5$abcdefgh$ZLdkj8mkc2XVSrPVjskDAgZPGjtj1VGVaa1aUkrMTU/\n' '' 'password'
+testcmd 'sha256-16' '-P0 -msha-256 -S ./Aa0Bb1Cc2Dd3Ee' \
+  '$5$./Aa0Bb1Cc2Dd3Ee$5iXcesTggTRGvAAa3cWlpxmUqNGOeQh/iO3Furo4y/D\n' '' \
+  'password'
+testcmd 'sha512-8' '-P0 -msha-512 -S abcdefgh' \
+  '$6$abcdefgh$yVfUwsw5T.JApa8POvClA1pQ5peiq97DUNyXCZN5IrF.BMSkiaLQ5kvpuEm/VQ1Tvh/KV2TcaWh8qinoW5dhA1\n' \
+  '' 'password'
+testcmd 'sha512-16' '-P0 -msha-512 -S ./Aa0Bb1Cc2Dd3Ee' \
+  '$6$./Aa0Bb1Cc2Dd3Ee$PvmedaPf329sM25Jn2jv3MsfK9DaDh6tyVtJucp35A/Lmrtp9g1Ab35Mr59pkuMU3QJlbXYoWJFaxyD4OwIZ60\n' \
+  '' 'password'
diff --git a/toys/other/mkpasswd.c b/toys/other/mkpasswd.c
index b27e8d0d..66d05a7d 100644
--- a/toys/other/mkpasswd.c
+++ b/toys/other/mkpasswd.c
@@ -31,24 +31,27 @@ GLOBALS(
 void mkpasswd_main(void)
 {
   char salt[32] = {0,};
-  int i;
+  int ii, jj, kk;
 
   if (toys.optc == 2) {
     if (TT.S) error_exit("duplicate salt");
     TT.S = toys.optargs[1];
   }
 
-  if (-1 == (i = get_salt(salt, TT.m ? : "des", !TT.S))) error_exit("bad -m");
+  if (-1 == get_salt(salt, TT.m ? : "des", !TT.S)) error_exit("bad -m");
   if (TT.S) {
     char *mirv = strrchr(salt, '$'), *s = TT.S;
 
     if (mirv) mirv++;
     else mirv = salt;
+    ii = strlen(mirv);
 
     // In C locale, isalnum() means [a-zA-Z0-9]
     while (isalnum(*s) || *s == '.' || *s == '/') s++;
-    if (*s || s-TT.S!=strlen(mirv))
-      error_exit("bad SALT (need [a-zA-Z0-9] len %d)", (int)strlen(mirv));
+    jj = s-TT.S;
+    kk = ii==16 ? 8 : ii;
+    if (*s || jj>ii || jj<kk)
+      error_exit("bad SALT (need [a-zA-Z0-9] len %d-%d)", ii, kk);
     strcpy(mirv, TT.S);
   }
 
@@ -65,11 +68,11 @@ void mkpasswd_main(void)
       if (read_password(toybuf, sizeof(toybuf), "Password: ")) 
         perror_exit("password read failed");
     } else {
-      for (i = 0; i<sizeof(toybuf)-1; i++) {
-        if (!xread(0, toybuf+i, 1)) break;
-        if (toybuf[i] == '\n' || toybuf[i] == '\r') break;
+      for (ii = 0; ii<sizeof(toybuf)-1; ii++) {
+        if (!xread(0, toybuf+ii, 1)) break;
+        if (toybuf[ii] == '\n' || toybuf[ii] == '\r') break;
       }
-      toybuf[i] = 0;
+      toybuf[ii] = 0;
     }
   }
 
-- 
2.39.2