Accueil Explorer Aide
Connexion
trn
/
j-hpn-ssh
miroir de git://github.com/johnsonjh/j-hpn-ssh
Suivre 1
Voter 1
Fork 0
Fichiers
Aborescence: e677f121eb
Branches Tags
j-hpn-ssh
/
openbsd-compat
/
xcrypt.c

xcrypt.c 4.3 KB
Historique Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164 
  1. /*
    2. 

  2.  * Copyright (c) 2003 Ben Lindstrom.  All rights reserved.
    3. 

  3.  *
    4. 

  4.  * Redistribution and use in source and binary forms, with or without
    5. 

  5.  * modification, are permitted provided that the following conditions
    6. 

  6.  * are met:
    7. 

  7.  * 1. Redistributions of source code must retain the above copyright
    8. 

  8.  *    notice, this list of conditions and the following disclaimer.
    9. 

  9.  * 2. Redistributions in binary form must reproduce the above copyright
    10. 

  10.  *    notice, this list of conditions and the following disclaimer in the
    11. 

  11.  *    documentation and/or other materials provided with the distribution.
    12. 

  12.  *
    13. 

  13.  * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
    14. 

  14.  * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
    15. 

  15.  * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
    16. 

  16.  * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
    17. 

  17.  * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
    18. 

  18.  * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
    19. 

  19.  * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
    20. 

  20.  * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
    21. 

  21.  * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
    22. 

  22.  * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
    23. 

  23.  */
    24. 

  24. 

  25. #include "includes.h"
    26. 

  26. 

  27. #include <sys/types.h>
    28. 

  28. #include <string.h>
    29. 

  29. #include <unistd.h>
    30. 

  30. #include <pwd.h>
    31. 

  31. 

  32. # if defined(HAVE_CRYPT_H) && !defined(HAVE_SECUREWARE)
    33. 

  33. #  include <crypt.h>
    34. 

  34. # endif
    35. 

  35. 

  36. # ifdef __hpux
    37. 

  37. #  include <hpsecurity.h>
    38. 

  38. #  include <prot.h>
    39. 

  39. # endif
    40. 

  40. 

  41. # ifdef HAVE_SECUREWARE
    42. 

  42. #  include <sys/security.h>
    43. 

  43. #  include <sys/audit.h>
    44. 

  44. #  include <prot.h>
    45. 

  45. # endif
    46. 

  46. 

  47. # if defined(HAVE_SHADOW_H) && !defined(DISABLE_SHADOW)
    48. 

  48. #  include <shadow.h>
    49. 

  49. # endif
    50. 

  50. 

  51. # if defined(HAVE_GETPWANAM) && !defined(DISABLE_SHADOW)
    52. 

  52. #  include <sys/label.h>
    53. 

  53. #  include <sys/audit.h>
    54. 

  54. #  include <pwdadj.h>
    55. 

  55. # endif
    56. 

  56. 

  57. # if defined(HAVE_MD5_PASSWORDS) && !defined(HAVE_MD5_CRYPT)
    58. 

  58. #  include "md5crypt.h"
    59. 

  59. # endif
    60. 

  60. 

  61. # if defined(WITH_OPENSSL) && !defined(HAVE_CRYPT) && defined(HAVE_DES_CRYPT)
    62. 

  62. #  include <openssl/des.h>
    63. 

  63. #  define crypt DES_crypt
    64. 

  64. # endif
    65. 

  65. 

  66. /*
    67. 

  67.  * Pick an appropriate password encryption type and salt for the running
    68. 

  68.  * system by searching through accounts until we find one that has a valid
    69. 

  69.  * salt.  Usually this will be root unless the root account is locked out.
    70. 

  70.  * If we don't find one we return a traditional DES-based salt.
    71. 

  71.  */
    72. 

  72. static const char *
    73. 

  73. pick_salt(void)
    74. 

  74. {
    75. 

  75. 	struct passwd *pw;
    76. 

  76. 	char *passwd, *p;
    77. 

  77. 	size_t typelen;
    78. 

  78. 	static char salt[32];
    79. 

  79. 

  80. 	if (salt[0] != '\0')
    81. 

  81. 		return salt;
    82. 

  82. 	strlcpy(salt, "xx", sizeof(salt));
    83. 

  83. 	setpwent();
    84. 

  84. 	while ((pw = getpwent()) != NULL) {
    85. 

  85. 		if ((passwd = shadow_pw(pw)) == NULL)
    86. 

  86. 			continue;
    87. 

  87. 		if (passwd[0] == '$' && (p = strrchr(passwd+1, '$')) != NULL) {
    88. 

  88. 			typelen = p - passwd + 1;
    89. 

  89. 			strlcpy(salt, passwd, MIN(typelen, sizeof(salt)));
    90. 

  90. 			explicit_bzero(passwd, strlen(passwd));
    91. 

  91. 			goto out;
    92. 

  92. 		}
    93. 

  93. 	}
    94. 

  94.  out:
    95. 

  95. 	endpwent();
    96. 

  96. 	return salt;
    97. 

  97. }
    98. 

  98. 

  99. char *
    100. 

  100. xcrypt(const char *password, const char *salt)
    101. 

  101. {
    102. 

  102. 	char *crypted;
    103. 

  103. 

  104. 	/*
    105. 

  105. 	 * If we don't have a salt we are encrypting a fake password for
    106. 

  106. 	 * for timing purposes.  Pick an appropriate salt.
    107. 

  107. 	 */
    108. 

  108. 	if (salt == NULL)
    109. 

  109. 		salt = pick_salt();
    110. 

  110. 

  111. # ifdef HAVE_MD5_PASSWORDS
    112. 

  112. 	if (is_md5_salt(salt))
    113. 

  113. 		crypted = md5_crypt(password, salt);
    114. 

  114. 	else
    115. 

  115. 		crypted = crypt(password, salt);
    116. 

  116. # elif defined(__hpux) && !defined(HAVE_SECUREWARE)
    117. 

  117. 	if (iscomsec())
    118. 

  118. 		crypted = bigcrypt(password, salt);
    119. 

  119. 	else
    120. 

  120. 		crypted = crypt(password, salt);
    121. 

  121. # elif defined(HAVE_SECUREWARE)
    122. 

  122. 	crypted = bigcrypt(password, salt);
    123. 

  123. # else
    124. 

  124. 	crypted = crypt(password, salt);
    125. 

  125. # endif
    126. 

  126. 

  127. 	return crypted;
    128. 

  128. }
    129. 

  129. 

  130. /*
    131. 

  131.  * Handle shadowed password systems in a cleaner way for portable
    132. 

  132.  * version.
    133. 

  133.  */
    134. 

  134. 

  135. char *
    136. 

  136. shadow_pw(struct passwd *pw)
    137. 

  137. {
    138. 

  138. 	char *pw_password = pw->pw_passwd;
    139. 

  139. 

  140. # if defined(HAVE_SHADOW_H) && !defined(DISABLE_SHADOW)
    141. 

  141. 	struct spwd *spw = getspnam(pw->pw_name);
    142. 

  142. 

  143. 	if (spw != NULL)
    144. 

  144. 		pw_password = spw->sp_pwdp;
    145. 

  145. # endif
    146. 

  146. 

  147. #ifdef USE_LIBIAF
    148. 

  148. 	return(get_iaf_password(pw));
    149. 

  149. #endif
    150. 

  150. 

  151. # if defined(HAVE_GETPWANAM) && !defined(DISABLE_SHADOW)
    152. 

  152. 	struct passwd_adjunct *spw;
    153. 

  153. 	if (issecure() && (spw = getpwanam(pw->pw_name)) != NULL)
    154. 

  154. 		pw_password = spw->pwa_passwd;
    155. 

  155. # elif defined(HAVE_SECUREWARE)
    156. 

  156. 	struct pr_passwd *spw = getprpwnam(pw->pw_name);
    157. 

  157. 

  158. 	if (spw != NULL)
    159. 

  159. 		pw_password = spw->ufld.fd_encrypt;
    160. 

  160. # endif
    161. 

  161. 

  162. 	return pw_password;
    163. 

  163. }
    164. 

  164.