View | Details | Raw Unified | Return to bug 182518 | Differences between
and this patch

Collapse All | Expand All

(-)b/include/unistd.h (+3 lines)
Lines 290-295 typedef __useconds_t useconds_t; Link Here
290
#define	_SC_NPROCESSORS_CONF	57
290
#define	_SC_NPROCESSORS_CONF	57
291
#define	_SC_NPROCESSORS_ONLN	58
291
#define	_SC_NPROCESSORS_ONLN	58
292
#define	_SC_CPUSET_SIZE		122
292
#define	_SC_CPUSET_SIZE		122
293
#define CRYPT_FORMAT_MAX_LEN	20 /* currently strlen("$6$rounds=999999999$") == 20 */
294
#define CRYPT_SALT_MAX_LEN	37 /* currently strlen("$6$rounds=999999999$AAAABBBBCCCCDDDD$") == 37 */
293
#endif
295
#endif
294
296
295
/* Extensions found in Solaris and Linux. */
297
/* Extensions found in Solaris and Linux. */
Lines 490-495 int check_utility_compat(const char *); Link Here
490
const char *
492
const char *
491
	 crypt_get_format(void);
493
	 crypt_get_format(void);
492
int	 crypt_set_format(const char *);
494
int	 crypt_set_format(const char *);
495
int	 crypt_makesalt(char *, const char *, size_t *);
493
int	 des_cipher(const char *, char *, long, int);
496
int	 des_cipher(const char *, char *, long, int);
494
int	 des_setkey(const char *key);
497
int	 des_setkey(const char *key);
495
int	 dup3(int, int, int);
498
int	 dup3(int, int, int);
(-)b/lib/libcrypt/Makefile (-1 / +1 lines)
Lines 16-22 SRCS= crypt.c misc.c \ Link Here
16
		crypt-sha256.c sha256c.c \
16
		crypt-sha256.c sha256c.c \
17
		crypt-sha512.c sha512c.c
17
		crypt-sha512.c sha512c.c
18
MAN=		crypt.3
18
MAN=		crypt.3
19
MLINKS=		crypt.3 crypt_get_format.3 crypt.3 crypt_set_format.3
19
MLINKS=		crypt.3 crypt_makesalt.3 crypt.3 crypt_get_format.3 crypt.3 crypt_set_format.3
20
CFLAGS+=	-I${.CURDIR}/../libmd -I${.CURDIR}/../libutil
20
CFLAGS+=	-I${.CURDIR}/../libmd -I${.CURDIR}/../libutil
21
21
22
# Pull in the strong crypto, if it is present.
22
# Pull in the strong crypto, if it is present.
(-)b/lib/libcrypt/crypt.3 (-241 / +383 lines)
Lines 1-6 Link Here
1
.\" FreeSec: libcrypt for NetBSD
1
.\" FreeSec: libcrypt for NetBSD
2
.\"
2
.\"
3
.\" Copyright (c) 1994 David Burren
3
.\" Copyright (c) 1994 David Burren
4
.\" Copyright (c) 2015 Derek Marcotte
4
.\" All rights reserved.
5
.\" All rights reserved.
5
.\"
6
.\"
6
.\" Redistribution and use in source and binary forms, with or without
7
.\" Redistribution and use in source and binary forms, with or without
Lines 15-24 Link Here
15
.\"    may be used to endorse or promote products derived from this software
16
.\"    may be used to endorse or promote products derived from this software
16
.\"    without specific prior written permission.
17
.\"    without specific prior written permission.
17
.\"
18
.\"
18
.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
19
.\" THIS SOFTWARE IS PROVIDED BY THE AUTHORS AND CONTRIBUTORS ``AS IS'' AND
19
.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
20
.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
20
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
21
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
21
.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
22
.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHORS OR CONTRIBUTORS BE LIABLE
22
.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
23
.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
23
.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
24
.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
24
.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
25
.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
Lines 27-310 Link Here
27
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
28
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
28
.\" SUCH DAMAGE.
29
.\" SUCH DAMAGE.
29
.\"
30
.\"
30
.\" $FreeBSD: head/lib/libcrypt/crypt.3 267773 2014-06-23 08:23:05Z bapt $
31
.\" $FreeBSD: $
31
.\"
32
.\"
32
.Dd March 9, 2014
33
.Dd March 9, 2015
33
.Dt CRYPT 3
34
.Dt LIBCRYPT 3
34
.Os
35
.Os
35
.Sh NAME
36
.Sh NAME
36
.Nm crypt
37
.Nm crypt ,
37
.Nd Trapdoor encryption
38
.Nm crypt_makesalt ,
39
.Nm crypt_get_format ,
40
.Nm crypt_set_format
41
.Nd "library for password hashing"
38
.Sh LIBRARY
42
.Sh LIBRARY
39
.Lb libcrypt
43
.Lb libcrypt
40
.Sh SYNOPSIS
44
.Sh SYNOPSIS
41
.In unistd.h
45
.In unistd.h
42
.Ft char *
46
.Ft "char *"
43
.Fn crypt "const char *key" "const char *salt"
47
.Fn crypt "const char *key" "const char *salt"
44
.Ft const char *
48
.Ft "int"
49
.Fn crypt_makesalt "char *output" "const char *format" "size_t *out_len"
50
.Ft "const char *"
45
.Fn crypt_get_format "void"
51
.Fn crypt_get_format "void"
46
.Ft int
52
.Ft "int"
47
.Fn crypt_set_format "const char *string"
53
.Fn crypt_set_format "const char *string"
48
.Sh DESCRIPTION
54
.Sh DESCRIPTION
49
The
55
The 
50
.Fn crypt
56
.Nm libcrypt 
51
function performs password hashing with additional code added to
57
library covers functions related to password hashing.  
52
deter key search attempts.
58
.Pp
53
Different algorithms can be used to
59
Password hashing is different than a standard one way hash function.  Password hashing tries to make it difficult to recover a low-entropy key 
54
in the hash.
60
.Pq e.g. a typed password
55
.\"
61
from the resultant output hash.  Offline recovery by exhaustive key search 
56
.\" NOTICE:
62
.Pq brute-force and dictionary attacks
57
.\" If you add more algorithms, make sure to update this list
63
is stymied by the password hashing being one-way, and often computationally expensive.  Different algorithms can be selected to produce the password hash, with varying ability to effectively deter key search attempts.
58
.\" and the default used for the Traditional format, below.
64
.Pp
59
.\"
65
The hashing algorithm to be used for an invocation of crypt is chosen by supplying a salt parameter of a particular format.  The algorithms currently supported are: 
60
Currently these include the
66
.Sx bcrypt , 
61
.Tn NBS
67
.Sx sha512-crypt , 
62
.Tn Data Encryption Standard (DES) ,
68
.Sx sha256-crypt , 
63
.Tn MD5
69
.Sx md5-crypt , 
64
hash,
70
.Sx DES Extended Format , 
65
.Tn NT-Hash
71
.Sx Traditional DES Format , 
66
.Pq compatible with Microsoft's NT scheme
72
and 
67
and
73
.Sx NT-Hash .
68
.Tn Blowfish .
74
.Pp
69
The algorithm used will depend upon the format of the Salt
75
Current computational capabilities make all but the bcrypt and sha-crypt families known to be susceptible to exhaustive key searches.  The tuneable work factor of the bcrypt and sha-crypt families has allowed them to be set to be more computationally intensive over time.  The use of the other families is not recommended at this time, but are maintained for legacy compatibility.
70
.Po
76
.Pp
71
following
77
The first argument to 
72
the Modular Crypt Format
78
.Fn crypt 
73
.Pq MCF
79
is the 
74
.Pc ,
80
.Fa key 
75
if
81
to hash 
76
.Tn DES
82
.Pq usually a password , 
77
and/or
83
as a NUL-terminated string.  The second is the 
78
.Tn Blowfish
84
.Fa salt .  
79
is installed or not, and whether
85
A salt is a random value that assists in complicating offline recovery.  The length and format of the salt, and how it will be used is algorithm dependent.  For best results, specify at least sixteen characters of salt.
86
.Pp
87
If the salt begins with the string 
88
.Qq $digit , 
89
then the 
90
.Sx Modular Crypt Format 
91
is used.  If it begins with an underscore 
92
.Qq _ , 
93
then the 
94
.Sx DES Extended Format 
95
is used.  If the salt is 2 or 13 characters and includes only 0-9, a-z, A-Z a dot . or a slash /, then 
96
.Sx Traditional DES Format 
97
is used.  If none of these conditions are true, crypt will use the default hash function set by crypt_set_format, 
98
.Pq or Traditional DES Format if no default has been set, for systems with DES support .
99
.Pp
100
The 
101
.Fn crypt_makesalt
102
function populates an 
103
.Fa output 
104
buffer with a newly generated salt for the specified valid 
105
.Fa format .  
106
The size of the pre-allocated buffer is passed via 
107
.Fa out_len .
108
If the output buffer is too small, the required size is set in 
109
.Fa out_len .
110
.Pp
111
The 
112
.Fn crypt_get_format
113
function returns a constant string that represents the name of the algorithm set as the default.  Its use is deprecated.
114
.Pp
115
The 
80
.Fn crypt_set_format
116
.Fn crypt_set_format
81
has been called to change the default.
117
function sets the default encoding 
82
.Pp
118
.Fa format 
83
The first argument to
119
according to the supplied string.  Its use is deprecated.
84
.Nm
120
.Pp
85
is the data to hash
121
The salts, formats, and algorithms are outlined below.
86
.Pq usually a password ,
122
87
in a
123
.Sh Modular Crypt Format
88
.Dv NUL Ns -terminated
124
.Pp
89
string.
125
Modular Crypt Format is the current standard way to describe which algorithm and parameters to use for a particular crypt invocation.  Salts that are prefixed with $digit are using the modular crypt format.  The prefix selects the algorithm to use.  Valid prefixes are:
90
The second is the salt, in one of three forms:
126
.Bl -column -offset indent ".Sy Prefix" ".Sy Algorithm"
91
.Pp
127
.It Sy Prefix Ta Sy Algorithm
92
.Bl -tag -width Traditional -compact -offset indent
128
.It Li $1$       Ta 
93
.It Extended
129
.Sx md5-crypt
94
If it begins with an underscore
130
.It Li $2        Ta 
95
.Pq Dq _
131
.Sx bcrypt
96
then the
132
.It Li $3$       Ta 
97
.Tn DES
133
.Sx NT-Hash
98
Extended Format
134
.It Li $5$       Ta 
99
is used in interpreting both the key and the salt, as outlined below.
135
.Sx sha256-crypt
100
.It Modular
136
.It Li $6$       Ta 
101
If it begins with the string
137
.Sx sha512-crypt
102
.Dq $digit$
103
then the Modular Crypt Format is used, as outlined below.
104
.It Traditional
105
If neither of the above is true, it assumes the Traditional Format,
106
using the entire string as the salt
107
.Pq or the first portion .
108
.El
138
.El
109
.Pp
139
.Pp
110
All routines are designed to be time-consuming.
140
Everything following the prefix in the salt parameter is algorithm dependant, but includes things like work factor, and an actual salt 
111
.Ss DES Extended Format:
141
.Pq random value for that particular invocation .
112
The
142
113
.Ar key
143
.Ss md5-crypt
114
is divided into groups of 8 characters
144
.Bl -column ".Sy Output Hash Example:" ".Sy 8 characters from the set [a-zA-Z0-9./]"
115
.Pq the last group is NUL-padded
145
.It Li Format Strings:  Ta $1$, md5
116
and the low-order 7 bits of each character
146
.It Li Salt Format:     Ta 8 characters from the set [a-zA-Z0-9./]
117
.Pq 56 bits per group
147
.It Li Full Salt Example:       Ta $1$deadbeef$
118
are used to form the
148
.It Li Output Hash Example:     Ta $1$deadbeef$0Huu6KHrKLVWfqa4WljDE0
119
.Tn DES
149
.El
120
key as follows:
121
the first group of 56 bits becomes the initial
122
.Tn DES
123
key.
124
For each additional group, the XOR of the encryption of the current
125
.Tn DES
126
key with itself and the group bits becomes the next
127
.Tn DES
128
key.
129
.Pp
130
The salt is a 9-character array consisting of an underscore followed
131
by 4 bytes of iteration count and 4 bytes of salt.
132
These are encoded as printable characters, 6 bits per character,
133
least significant character first.
134
The values 0 to 63 are encoded as
135
.Dq ./0-9A-Za-z .
136
This allows 24 bits for both
137
.Fa count
138
and
139
.Fa salt .
140
.Pp
150
.Pp
141
The
151
md5-crypt was the default crypt format in FreeBSD for many years, developed by Poul-Henning Kamp.  
142
.Fa salt
143
introduces disorder in the
144
.Tn DES
145
algorithm in one of 16777216 or 4096 possible ways
146
.Po
147
i.e., with 24 or 12 bits: if bit
148
.Em i
149
of the
150
.Ar salt
151
is set, then bits
152
.Em i
153
and
154
.Em i+24
155
are swapped in the
156
.Tn DES
157
E-box output
158
.Pc .
159
.Pp
152
.Pp
160
The
153
It has seen widespread use in many commercial products, and for a long time was good enough.  It has a fixed work factor, which means that as computers became faster, the ability to attack it has increased proportionally.
161
.Tn DES
154
.Pp
162
key is used to encrypt a 64-bit constant using
155
Its use is no longer recommended.
163
.Ar count
156
164
iterations of
157
.Ss bcrypt
165
.Tn DES .
158
.Bl -column ".Sy Output Hash Example:" ".Sy $2a$05$CCCCCCCCCCCCCCCCCCCCC.VGOzA784oUp/Z0DY336zx7pLYAy0lwK"
166
The value returned is a
159
.It Li Format Strings:  Ta $2$[rounds]$, $2a$[rounds]$, $2b$[rounds]$, blf
167
.Dv NUL Ns -terminated
160
.It Li Salt Format:     Ta 16 bytes then base-64 encoded from the set [a-zA-Z0-9./]
168
string, 20 or 13 bytes
161
.It Li Full Salt Example:       Ta $2a$05$CCCCCCCCCCCCCCCCCCCCC.
169
.Pq plus NUL
162
.It Li Output Hash Example:     Ta $2a$05$CCCCCCCCCCCCCCCCCCCCC.VGOzA784oUp/Z0DY336zx7pLYAy0lwK
170
in length, consisting of the
171
.Ar salt
172
followed by the encoded 64-bit encryption.
173
.Ss Modular crypt:
174
If the salt begins with the string
175
.Fa $digit$
176
then the Modular Crypt Format is used.
177
The
178
.Fa digit
179
represents which algorithm is used in encryption.
180
Following the token is
181
the actual salt to use in the encryption.
182
The maximum length of the salt used depends upon the module.
183
The salt must be terminated with the end of the string character
184
.Pq NUL
185
or a dollar sign.
186
Any characters after the dollar sign are ignored.
187
.Pp
188
Currently supported algorithms are:
189
.Pp
190
.Bl -enum -compact -offset indent
191
.It
192
MD5
193
.It
194
Blowfish
195
.It
196
NT-Hash
197
.It
198
(unused)
199
.It
200
SHA-256
201
.It
202
SHA-512
203
.El
163
.El
204
.Pp
164
.Pp
205
Other crypt formats may be easily added.
165
bcrypt is the first algorithm to support a tuneable work factor.  It was initially introduced in OpenBSD, by Niels Provos, based on the Usenix paper "A Future-Adaptable Password Scheme" by Niels Provos and David Mazières. 
206
An example salt would be:
166
.Pp
207
.Bl -tag -width 6n -offset indent
167
There are three variations supported, each with minor bug fixes.  2b is the recommended variation.  
208
.It Cm "$4$thesalt$rest"
168
.Pp
169
The work factor is specified by the rounds parameter in the format string.  These rounds are logarithmic.  That is, 
170
.Qq $2b$08$ 
171
will take approximately twice as long as 
172
.Qq $2b$07$ 
173
for the same salt and key.  04 is the lowest supported work factor, and 31 is the highest.
174
.Pp
175
When the format string 
176
.Qq blf 
177
is specified, it is equivalent to specifying 
178
.Qq $2b$04$ .
179
180
.Ss NT-Hash
181
.Bl -column ".Sy Output Hash Example:" ".Sy $3$sdlksjfdlksjdlfk"
182
.It Li Format Strings:  Ta $3$, nth
183
.It Li Salt Format:  Ta no salt
184
.It Li Full Salt Example:  Ta $3$
185
.It Li Output Hash Example:  Ta $3$$cc0fb8a290eebbfe74e7207f2ace5927
209
.El
186
.El
210
.Ss Traditional crypt:
211
The algorithm used will depend upon whether
212
.Fn crypt_set_format
213
has been called and whether a global default format has been specified.
214
Unless a global default has been specified or
215
.Fn crypt_set_format
216
has set the format to something else, the built-in default format is
217
used.
218
This is currently
219
.\"
220
.\" NOTICE: Also make sure to update this
221
.\"
222
DES
223
if it is available, or MD5 if not.
224
.Pp
187
.Pp
225
How the salt is used will depend upon the algorithm for the hash.
188
nt-hash is supported for compatibility reasons only.  It is strongly discouraged for any production uses.
226
For
189
227
best results, specify at least eight characters of salt.
190
.Ss sha256-crypt
191
.Bl -column ".Sy Output Hash Example:" ".Sy $5$saltstring$5B8vYYiY.CVt1RlTTf8KbXBH3hsxY/GNooZaBBGWEc5, $5$rounds=10000$saltstringsaltst$3xv.VbSHBb41AL9AvLeujZkZRBAwqFMz2.opqey6IcA "
192
.It Li Format Strings:  Ta $5$, $5$rounds=[rounds]$, sha256
193
.It Li Salt Format:     Ta 16 characters from the set [a-zA-Z0-9./]
194
.It Li Full Salt Examples:      Ta $5$saltstring$, $5$rounds=10000$saltstringsaltst$
195
.It Li Output Hash Examples:     Ta $5$saltstring$5B8vYYiY.CVt1RlTTf8KbXBH3hsxY/GNooZaBBGWEc5, $5$rounds=10000$saltstringsaltst$3xv.VbSHBb41AL9AvLeujZkZRBAwqFMz2.opqey6IcA 
196
.El
228
.Pp
197
.Pp
229
The
198
sha256 supports a tunable work factor.  It was developed by Ulrich Drepper of Red Hat, and is detailed in 
230
.Fn crypt_get_format
199
.Qq Unix crypt using SHA-256 and SHA-512 .
231
function returns a constant string that represents the name of the
232
algorithm currently used.
233
Valid values are
234
.\"
235
.\" NOTICE: Also make sure to update this, too, as well
236
.\"
237
.Ql des ,
238
.Ql blf ,
239
.Ql md5 ,
240
.Ql sha256 ,
241
.Ql sha512
242
and
243
.Ql nth .
244
.Pp
200
.Pp
245
The
201
From that document:
202
.Pp
203
.Qo
204
Security departments in companies are trying to phase out all uses of MD5.  They demand a method which is officially sanctioned.  For US-based users this means tested by the NIST.
205
.Pp
206
This rules out the use of another already implemented method with limited spread: the use of the Blowfish encryption method.  The choice comes down to tested encryption 
207
.Pq 3DES, AES
208
or hash sums 
209
.Pq the SHA family .
210
.Qc
211
.Pp
212
The prepositions in the above statement are misleading.  Blowfish as a primitive, like 3DES or AES, has stood up to years of scrutinty by the cryptographic communinty.  bcrypt, the password hashing function, is ubiquitous.  It also currently provides greater resilience against pipe-lined or GPU-based attacks for the approximate same CPU workload as the sha-crypt family, based on its limited memory requirements.  This is not expected to remain true with future improvements to GPUs.  An additional subtle difference between bcrypt and the sha families is that bcrypt's salt is 2^128 bits, while the sha family is 2^96 bits.
213
.Pp
214
If you require a algorithm that includes NIST sanctioned primitives, choose one of the sha-crypt methods.
215
.Pp
216
The work factor is specified by the rounds parameter in the format string.  These rounds are linear.  That is, 
217
.Qq $5$rounds=20000$ 
218
will take approximately twice as long as 
219
.Qq $5$rounds=10000$ 
220
for the same salt and key. 1000 is the minimum number of rounds, 999999999 is the maximum.
221
.Pp
222
When the format string 
223
.Qq sha256 ,
224
or 
225
.Qq $5$ 
226
is specified, it is equivalent to specifying 
227
.Qq $5$rounds=5000$ .
228
229
230
.Ss sha512-crypt
231
.Bl -column ".Sy Output Hash Example:" ".Sy $6$saltstring$svn8UoSVapNtMuq1ukKS4tPQd8iKwSMHWjl/O817G3uBnIFNjnQJuesI68u4OTLiBFdcbYEdFCoEOfaS35inz1, $6$rounds=10000$saltstringsaltst$OW1/O6BYHV6BcXZu8QVeXbDWra3Oeqh0sbHbbMCVNSnCM/UrjmM0Dp8vOuZeHBy/YTBmSK6H9qs/y3RnOaw5v."
232
.It Li Format Strings:  Ta $6$, $6$rounds=[rounds]$, sha512
233
.It Li Salt Format:     Ta 16 characters from the set [a-zA-Z0-9./]
234
.It Li Full Salt Examples:      Ta $6$saltstring$, $6$rounds=10000$saltstringsaltst$
235
.It Li Output Hash Examples:     Ta $6$saltstring$svn8UoSVapNtMuq1ukKS4tPQd8iKwSMHWjl/O817G3uBnIFNjnQJuesI68u4OTLiBFdcbYEdFCoEOfaS35inz1, $6$rounds=10000$saltstringsaltst$OW1/O6BYHV6BcXZu8QVeXbDWra3Oeqh0sbHbbMCVNSnCM/UrjmM0Dp8vOuZeHBy/YTBmSK6H9qs/y3RnOaw5v. 
236
.El
237
sha512 is nearly equivalent to sha256, except that it uses SHA512 as a primitive.  See Unix crypt using SHA-256 and SHA-512 for more details.
238
239
The details provided in sha256 apply here as well.
240
241
When the format string 
242
.Qq sha512 , 
243
or 
244
.Qq $6$ 
245
is specified, it is equivalent to specifying 
246
.Qq $6$rounds=5000$ .
247
248
.Sh DES Extended Format:
249
.Pp
250
The key is divided into groups of 8 characters 
251
.Pq the last group is NUL-padded 
252
and the low-order 7 bits of each character 
253
.Pq 56 bits per group
254
are used to form the DES key as follows: the first group of 56 bits becomes the initial DES key.  For each additional group, the XOR of the encryption of the current DES key with itself and the group bits becomes the next DES key.
255
.Pp
256
The salt is a 9-character array consisting of an underscore followed by 4 bytes of iteration count and 4 bytes of salt.  These are encoded as printable characters, 6 bits per character, least significant character first.  The values 0 to 63 are encoded as 
257
.Qq ./0-9A-Za-z .  
258
This allows 24 bits for both count and salt.
259
.Pp
260
The salt introduces disorder in the DES algorithm in one of 16777216 or 4096 possible ways 
261
.Pq i.e., with 24 or 12 bits: if bit i of the salt is set, then bits i and i+24 are swapped in the DES E-box output .
262
.Pp
263
The DES key is used to encrypt a 64-bit constant using count iterations of DES.  The value returned is a NUL-terminated string, 20 or 13 bytes 
264
.Pq plus NUL
265
in length, consisting of the salt followed by the encoded 64-bit encryption.
266
267
.Sh Traditional DES Format:
268
.Pp
269
The algorithm used will depend upon whether 
246
.Fn crypt_set_format
270
.Fn crypt_set_format
247
function sets the default encoding format according to the supplied
271
has been called to set the global default.  The built-in default format is used, if no default is set.  This is currently 
248
.Fa string .
272
.Qq des
273
if it is available, or 
274
.Qq sha512
275
if not.
276
249
.Sh RETURN VALUES
277
.Sh RETURN VALUES
250
The
278
.Pp
279
The 
251
.Fn crypt
280
.Fn crypt
252
function returns a pointer to the encrypted value on success, and NULL on
281
function returns a pointer to the encrypted value on success,
253
failure.
282
and NULL on failure.  Note: this is not a standard behaviour, AT&T
254
Note: this is not a standard behaviour, AT&T
255
.Fn crypt
283
.Fn crypt
256
will always return a pointer to a string.
284
will always return a pointer to a string.
257
.Pp
285
.Pp
258
The
286
The
287
.Fn crypt_makesalt
288
function will return a 1 on success, or 0 on failure.  It may fail in one of two
289
ways.  If 
290
.Fa out_len
291
has changed, the
292
.Fa output
293
buffer was not large enough to store the salt.  The required size will be stored
294
in
295
.Fa out_len .
296
If
297
.Fa out_len 
298
has not changed, then the
299
.Fa format
300
passed was invalid.  
301
.Pp
302
The 
259
.Fn crypt_set_format
303
.Fn crypt_set_format
260
function will return 1 if the supplied encoding format was valid.
304
function will return 1 if the supplied encoding format was valid.  Otherwise, a value of 0 is returned.
261
Otherwise, a value of 0 is returned.
305
306
     
307
.Sh EXAMPLES
308
.Bd -literal
309
#include <stdio.h>
310
#include <string.h>
311
#include <pthread.h>
312
313
#include <pwd.h>
314
#include <unistd.h>
315
316
#include <sys/param.h>
317
318
int
319
main()
320
{
321
	char *global_static_buffer;
322
	char final[_PASSWORD_LEN + 1];
323
	char test[_PASSWORD_LEN + 1];
324
	char salt[CRYPT_SALT_MAX_LEN + 1];
325
	size_t salt_sz = sizeof(salt);
326
327
	int exit_code = 0;
328
329
	/* threaded implementations should use a mutex around crypt */
330
	pthread_mutex_t mtx;
331
	if (pthread_mutex_init(&mtx, NULL) ) {
332
		exit_code = 1;
333
		goto exit1;
334
	}
335
336
	if (crypt_makesalt(salt, "$2b$08$", &salt_sz) ) {
337
		if ( salt_sz != sizeof(salt) ) {
338
			printf("Destination buffer too small for algorithm salt\\n");
339
			exit_code = 2;
340
			goto exit;
341
		}
342
343
		printf("Invalid format specified\\n");
344
		exit_code = 3;
345
		goto exit;
346
	}
347
	printf("crypt_makesalt result: %s\\n", salt);
348
349
	/*
350
	 * Generate a crypt for storage
351
	 */
352
353
	/* crypt buffer is global static */
354
	pthread_mutex_lock(&mtx);
355
	global_static_buffer = crypt("you'll never guess me!", salt);
356
	strncpy(final, global_static_buffer, sizeof(final) );
357
	pthread_mutex_unlock(&mtx);
358
	
359
	if (global_static_buffer == NULL) { 
360
		printf("crypt failed\\n");
361
		exit_code = 4;
362
		goto exit;
363
	}
364
365
	printf("crypt result: %s\\n", final);
366
367
	/*
368
	 * Compare a string against a stored crypt
369
	 */
370
371
	pthread_mutex_lock(&mtx);
372
	global_static_buffer = crypt("is this it?", final);
373
	strncpy(test, global_static_buffer, sizeof(test) );
374
	pthread_mutex_unlock(&mtx);
375
	
376
	if (global_static_buffer == NULL) { 
377
		printf("second crypt failed\\n");
378
		exit_code = 5;
379
		goto exit;
380
	}
381
	
382
	printf("test result: %s\\n", test);
383
	
384
	/* a timing-safe string compare would be better */
385
	if ( strncmp(test, final, MAX(sizeof(test), sizeof(final) ) ) == 0 ) {
386
		printf("The two buffers match.\\n");
387
	} else {
388
		printf("The two buffers do not match.\\n");
389
	}
390
391
exit:
392
	pthread_mutex_destroy(&mtx);
393
exit1:
394
	return exit_code;
395
}
396
.Ed
262
.Sh SEE ALSO
397
.Sh SEE ALSO
263
.Xr login 1 ,
398
.Xr login 1 , 
264
.Xr passwd 1 ,
399
.Xr passwd 1 , 
265
.Xr getpass 3 ,
400
.Xr getpass 3 , 
266
.Xr passwd 5
401
.Xr login_getcapstr 3 , 
402
.Xr passwd 5 ,
403
267
.Sh HISTORY
404
.Sh HISTORY
268
A rotor-based
405
.Pp
406
A rotor-based 
269
.Fn crypt
407
.Fn crypt
270
function appeared in
408
function appeared in Version 6 AT&T UNIX.  The
271
.At v6 .
409
current style 
272
The current style
273
.Fn crypt
410
.Fn crypt
274
first appeared in
411
first appeared in Version 7 AT&T UNIX.
275
.At v7 .
276
.Pp
412
.Pp
277
The
413
The DES section of the code 
278
.Tn DES
414
.Pq FreeSec 1.0
279
section of the code (FreeSec 1.0) was developed outside the United
415
was developed outside the
280
States of America as an unencumbered replacement for the U.S.-only
416
United States of America as an unencumbered replacement for the U.S.-only
281
.Nx
417
NetBSD libcrypt encryption library.
282
libcrypt encryption library.
418
283
.Sh AUTHORS
419
.Sh AUTHORS
284
.An -nosplit
420
Originally written by David Burren 
285
Originally written by
421
.Mt davidb@werj.com.au , 
286
.An David Burren Aq Mt davidb@werj.com.au ,
422
later additions and changes by Poul-Henning Kamp, Mark R V Murray, Michael
287
later additions and changes by
423
Bretterklieber, Kris Kennaway, Brian Feldman, Paul Herman, Niels Provos, and 
288
.An Poul-Henning Kamp ,
424
Derek Marcotte.
289
.An Mark R V Murray ,
425
290
.An Michael Bretterklieber ,
291
.An Kris Kennaway ,
292
.An Brian Feldman ,
293
.An Paul Herman
294
and
295
.An Niels Provos .
296
.Sh BUGS
426
.Sh BUGS
297
The
427
The 
298
.Fn crypt
428
.Fn crypt
299
function returns a pointer to static data, and subsequent calls to
429
function returns a pointer to static data, and subsequent
430
calls to 
300
.Fn crypt
431
.Fn crypt
301
will modify the same data.
432
will modify the same data.  Likewise, 
302
Likewise,
303
.Fn crypt_set_format
433
.Fn crypt_set_format
304
modifies static data.
434
modifies static data.
435
436
.Sh SECURITY CONSIDERATIONS
437
The following algorithms are considered insecure, and are not recommended 
438
for new implementations: 
439
.Sx md5-crypt , 
440
.Sx DES Extended Format , 
441
.Sx Traditional DES Format , 
442
and 
443
.Sx NT-Hash .
305
.Pp
444
.Pp
306
The NT-hash scheme does not use a salt,
445
.Sx bcrypt 
307
and is not hard
446
is preferred over 
308
for a competent attacker
447
.Sx sha512-crypt ,
309
to break.
448
or 
310
Its use is not recommended.
449
.Sx sha256-crypt , 
450
because of 
451
its resiliance to pipelined, and GPU based attacks - unless having a
452
NIST-approved algorithm is a requirement.
(-)b/lib/libcrypt/crypt.c (-25 / +181 lines)
Lines 1-6 Link Here
1
/*-
1
/*-
2
 * Copyright (c) 1999 Mark Murray
2
 * Copyright (c) 1999 Mark Murray
3
 * Copyright (c) 2014 Dag-Erling Smørgrav
3
 * Copyright (c) 2014 Dag-Erling Smørgrav
4
 * Copyright (c) 2015 Derek Marcotte
4
 * All rights reserved.
5
 * All rights reserved.
5
 *
6
 *
6
 * Redistribution and use in source and binary forms, with or without
7
 * Redistribution and use in source and binary forms, with or without
Lines 29-84 Link Here
29
__FBSDID("$FreeBSD: head/lib/libcrypt/crypt.c 272830 2014-10-09 16:45:11Z des $");
30
__FBSDID("$FreeBSD: head/lib/libcrypt/crypt.c 272830 2014-10-09 16:45:11Z des $");
30
31
31
#include <sys/types.h>
32
#include <sys/types.h>
33
#include <sys/param.h>
32
34
33
#include <libutil.h>
35
#include <libutil.h>
34
#include <string.h>
36
#include <string.h>
35
#include <unistd.h>
37
#include <unistd.h>
38
#include <regex.h>
39
#include <stdbool.h>
40
#include <stdlib.h>
36
41
37
#include "crypt.h"
42
#include "crypt.h"
38
43
39
/*
44
/*
40
 * List of supported crypt(3) formats.
45
 * List of supported crypt(3) formats.
41
 *
46
 *
42
 * The default algorithm is the last entry in the list (second-to-last
47
 * Ordered from most probable to least probable[1], for the find algorithm to 
43
 * array element since the last is a sentinel).  The reason for placing
48
 * preform a little better in some cases.  Generally, order is not important.
44
 * the default last rather than first is that DES needs to be at the
49
 *
45
 * bottom for the algorithm guessing logic in crypt(3) to work correctly,
50
 * 1. as guessed by a random person
46
 * and it needs to be the default for backward compatibility.
51
 *
47
 */
52
 */
48
static const struct crypt_format {
53
static const struct crypt_format {
49
	const char *const name;
54
	const char *const name;
50
	char *(*const func)(const char *, const char *);
55
	char *(*const func)(const char *, const char *);
51
	const char *const magic;
56
	const char *const magic;
57
	const char *const default_format;
58
	const char *const format_regex;
59
	
60
	const uint8_t salt_bytes;
61
	const bool salt_trailing_sign;	/* do we tack on a $ at the end of the salt */
52
} crypt_formats[] = {
62
} crypt_formats[] = {
53
	{ "md5",	crypt_md5,		"$1$"	},
63
	{ "md5",	crypt_md5,	"$1$",	"$1$",		"^\\$1\\$$",				8,	true	},
64
	{ "sha512",	crypt_sha512,	"$6$",	"$6$",		"^\\$6\\$(rounds=[0-9]{0,9}\\$)?$",	16,	true	},
54
#ifdef HAS_BLOWFISH
65
#ifdef HAS_BLOWFISH
55
	{ "blf",	crypt_blowfish,		"$2"	},
66
	{ "blf",	crypt_blowfish,	"$2",	"$2b$04$",	"^\\$2[ab]?\\$[0-9]{2}\\$$",		22 /* 16 * 1.333 */,	false	},
56
#endif
67
#endif
57
	{ "nth",	crypt_nthash,		"$3$"	},
58
	{ "sha256",	crypt_sha256,		"$5$"	},
59
	{ "sha512",	crypt_sha512,		"$6$"	},
60
#ifdef HAS_DES
68
#ifdef HAS_DES
61
	{ "des",	crypt_des,		"_"	},
69
	{ "des",	crypt_des,	NULL,	"",		NULL,					2,	false	},
70
	{ "des-ext",	crypt_des,	"_",	"_..T.",	"^_[A-Za-z0-9./]{4}$",			4,	false	},
62
#endif
71
#endif
63
72
	{ "nth",	crypt_nthash,	"$3$",	"$3$",		"^\\$3\\$$",				0,	false	},
73
	{ "sha256",	crypt_sha256,	"$5$",	"$5$",		"^\\$5\\$(rounds=[0-9]{0,9}\\$)?$",	16,	true	},
74
	
64
	/* sentinel */
75
	/* sentinel */
65
	{ NULL,		NULL,			NULL	}
76
	{ NULL,		NULL,		NULL,	NULL,		NULL,	0,	NULL	}
66
};
77
};
67
78
68
static const struct crypt_format *crypt_format =
79
#ifdef HAS_DES
69
    &crypt_formats[(sizeof crypt_formats / sizeof *crypt_formats) - 2];
80
/* must be des if system has des */
81
static char default_format[CRYPT_FORMAT_MAX_LEN + 1] = "des";
82
#else 
83
static char default_format[CRYPT_FORMAT_MAX_LEN + 1] = "sha512";
84
#endif
85
86
/* local-scope only */
87
static const struct crypt_format *crypt_find_format(const char *);
88
static bool crypt_validate_format_regex(const char *, const char *);
89
static bool crypt_format_is_modular(const char*);
70
90
71
#define DES_SALT_ALPHABET \
91
#define DES_SALT_ALPHABET \
72
	"./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz"
92
	"./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz"
73
93
74
/*
94
/*
95
 * Fill a buffer with a new salt conforming to a particular crypt format
96
 *
97
 * We're breaking the API convention established by crypt_set_format (return 0 
98
 * on success)  * because it might be nice to behave like the rest of C 
99
 * libraries, rather than the one deprecated function.
100
 *
101
 */
102
int
103
crypt_makesalt(char *out, const char *format, size_t *outlen)
104
{
105
	const struct crypt_format *cf;
106
	uint8_t rand_buf[4];
107
	size_t reqsz;
108
	const char *prefix;
109
	size_t prefix_len;
110
	
111
	/* diff really is a size, but keeping it api compatible with b64_from_24bit.  
112
	 * Only up to 4 bytes anyways, shouldn't be a problem, right? 
113
	 */
114
	int diff;
115
	unsigned int i;
116
	
117
	/* find the appropriate format entry */
118
	cf = crypt_find_format(format);
119
	if (cf == NULL )
120
		return (-1);
121
	
122
	/* calculate required output size */
123
	if (crypt_format_is_modular(format) ) {
124
		prefix = format;
125
	} else {
126
		prefix = cf->default_format;
127
	}
128
	prefix_len = strlen(prefix);
129
	reqsz = prefix_len + (size_t) cf->salt_bytes;
130
	
131
	if (cf->salt_trailing_sign)
132
		reqsz++;
133
	
134
	/* trailing '\0' */
135
	reqsz++;
136
	
137
	/* does the output buff have enough */
138
	if (reqsz > *outlen) {
139
		*outlen = reqsz;
140
		return (-2);
141
	}
142
	
143
	/* start building our output */
144
	strncpy(out, prefix, *outlen);
145
	out += prefix_len;
146
	
147
	for (i = 0; i < cf->salt_bytes; i += 4 ) {
148
		arc4random_buf(rand_buf, 3);
149
		
150
		diff = MIN(cf->salt_bytes - i, 4);
151
		b64_from_24bit(rand_buf[2], rand_buf[1], rand_buf[0], diff, &diff, &out);
152
	}
153
	
154
	/* cleanup */
155
	bzero(rand_buf, sizeof(rand_buf) );
156
	
157
	if (cf->salt_trailing_sign) {
158
		out[0] = '$';
159
		out++;
160
	}
161
	
162
	/* don't need to add trailing '\0', strncpy above will have set it already */
163
	return (0);
164
}
165
166
/*
75
 * Returns the name of the currently selected format.
167
 * Returns the name of the currently selected format.
76
 */
168
 */
77
const char *
169
const char *
78
crypt_get_format(void)
170
crypt_get_format(void)
79
{
171
{
80
172
	return default_format;
81
	return (crypt_format->name);
82
}
173
}
83
174
84
/*
175
/*
Lines 87-101 crypt_get_format(void) Link Here
87
int
178
int
88
crypt_set_format(const char *format)
179
crypt_set_format(const char *format)
89
{
180
{
90
	const struct crypt_format *cf;
181
	if (crypt_find_format(format) == NULL) {
182
		return (0);
183
	}
184
	
185
	strncpy(default_format, format, sizeof(default_format) );
186
	return (1);
187
}
188
189
/*
190
 * is the crypt format a recognized as valid
191
 */
192
static bool
193
crypt_format_validate_regex(const char* regex, const char *format) 
194
{
195
	regex_t regex_c;
196
	int res = 0;
197
	
198
	/* We could cache these, but they are simple, and this function won't be
199
	 * called often.
200
	 */
201
	if (regcomp(&regex_c, regex, REG_EXTENDED) != 0) {
202
		return false;
203
	}
204
	
205
	res = regexec(&regex_c, format, 0, NULL, 0);
206
	regfree(&regex_c);
207
	
208
	return !res;
209
}
210
211
/*
212
 * is the crypt format a fancy-dancy modular format
213
 */
214
static bool
215
crypt_format_is_modular(const char* format) 
216
{
217
	/* we'll treat 'new des' as modular, because they can set 24 bits of count via salt */
218
	return (format[0] == '$' || format[0] == '_');
219
}
91
220
92
	for (cf = crypt_formats; cf->name != NULL; ++cf) {
221
/*
93
		if (strcasecmp(cf->name, format) == 0) {
222
 * lookup our format in our internal table for a matching crypt_format structure
94
			crypt_format = cf;
223
 */
95
			return (1);
224
static const struct crypt_format *
225
crypt_find_format(const char *format)
226
{
227
	const struct crypt_format *cf;
228
	
229
	if (strcmp(format, "default") == 0 ) {
230
		format = default_format;
231
	}
232
	
233
	if (crypt_format_is_modular(format) ) {
234
		/* modular crypt magic lookup, force full syntax */
235
		for (cf = crypt_formats; cf->name != NULL; ++cf) {
236
			if (cf->magic != NULL && strstr(format, cf->magic) == format && crypt_format_validate_regex(cf->format_regex, format) ) {
237
				return cf;
238
			}
239
		}
240
	} else {
241
		/* name lookup */
242
		for (cf = crypt_formats; cf->name != NULL; ++cf) {
243
			if (strcasecmp(cf->name, format) == 0) {
244
				return cf;
245
			}
96
		}
246
		}
97
	}
247
	}
98
	return (0);
248
	
249
	return NULL;
99
}
250
}
100
251
101
/*
252
/*
Lines 110-123 crypt(const char *passwd, const char *salt) Link Here
110
#ifdef HAS_DES
261
#ifdef HAS_DES
111
	int len;
262
	int len;
112
#endif
263
#endif
113
264
	
265
	/* use the magic in the salt for lookup */
114
	for (cf = crypt_formats; cf->name != NULL; ++cf)
266
	for (cf = crypt_formats; cf->name != NULL; ++cf)
115
		if (cf->magic != NULL && strstr(salt, cf->magic) == salt)
267
		if (cf->magic != NULL && strstr(salt, cf->magic) == salt)
116
			return (cf->func(passwd, salt));
268
			return (cf->func(passwd, salt));
269
117
#ifdef HAS_DES
270
#ifdef HAS_DES
271
	/* check if it's standard des */
118
	len = strlen(salt);
272
	len = strlen(salt);
119
	if ((len == 13 || len == 2) && strspn(salt, DES_SALT_ALPHABET) == len)
273
	if ((len == 13 || len == 2) && strspn(salt, DES_SALT_ALPHABET) == len)
120
		return (crypt_des(passwd, salt));
274
		return (crypt_des(passwd, salt));
121
#endif
275
#endif
122
	return (crypt_format->func(passwd, salt));
276
277
	cf = crypt_find_format(default_format);
278
	return (cf->func(passwd, salt));
123
}
279
}
(-)b/lib/libcrypt/tests/Makefile (+5 lines)
Lines 9-12 ATF_TESTS_C= crypt_tests Link Here
9
CFLAGS+= -I${.CURDIR:H}
9
CFLAGS+= -I${.CURDIR:H}
10
LIBADD=	crypt
10
LIBADD=	crypt
11
11
12
# Pull in the strong crypto, if it is present.
13
.if exists(${.CURDIR}/../../../secure/lib/libcrypt)
14
CFLAGS+=        -DHAS_DES -DHAS_BLOWFISH
15
.endif
16
12
.include <bsd.test.mk>
17
.include <bsd.test.mk>
(-)b/lib/libcrypt/tests/crypt_tests.c (-8 / +389 lines)
Lines 4-9 __FBSDID("$FreeBSD: head/lib/libcrypt/tests/crypt_tests.c 256365 2013-10-12 06:0 Link Here
4
#include <sys/types.h>
4
#include <sys/types.h>
5
#include <crypt.h>
5
#include <crypt.h>
6
#include <unistd.h>
6
#include <unistd.h>
7
#include <stdio.h>
7
8
8
#include <atf-c.h>
9
#include <atf-c.h>
9
10
Lines 12-18 __FBSDID("$FreeBSD: head/lib/libcrypt/tests/crypt_tests.c 256365 2013-10-12 06:0 Link Here
12
ATF_TC(md5);
13
ATF_TC(md5);
13
ATF_TC_HEAD(md5, tc)
14
ATF_TC_HEAD(md5, tc)
14
{
15
{
15
16
	atf_tc_set_md_var(tc, "descr", "Tests the MD5 based password hash");
16
	atf_tc_set_md_var(tc, "descr", "Tests the MD5 based password hash");
17
}
17
}
18
18
Lines 25-38 ATF_TC_BODY(md5, tc) Link Here
25
	ATF_CHECK_STREQ(pw, want);
25
	ATF_CHECK_STREQ(pw, want);
26
}
26
}
27
27
28
ATF_TC(invalid);
28
ATF_TC(md5invalid);
29
ATF_TC_HEAD(invalid, tc)
29
ATF_TC_HEAD(md5invalid, tc)
30
{
30
{
31
31
	atf_tc_set_md_var(tc, "descr", "Tests that md5invalid password fails");
32
	atf_tc_set_md_var(tc, "descr", "Tests that invalid password fails");
33
}
32
}
34
33
35
ATF_TC_BODY(invalid, tc)
34
ATF_TC_BODY(md5invalid, tc)
36
{
35
{
37
	const char want[] = "$1$cafebabe$0Huu6KHrKLVWfqa4WljDE0";
36
	const char want[] = "$1$cafebabe$0Huu6KHrKLVWfqa4WljDE0";
38
	char *pw;
37
	char *pw;
Lines 41-54 ATF_TC_BODY(invalid, tc) Link Here
41
	ATF_CHECK(strcmp(pw, want) != 0);
40
	ATF_CHECK(strcmp(pw, want) != 0);
42
}
41
}
43
42
43
ATF_TC(sha256_vector_1);
44
ATF_TC_HEAD(sha256_vector_1, tc)
45
{
46
	atf_tc_set_md_var(tc, "descr", "Test vector from crypt-sha256.c");
47
}
48
49
ATF_TC_BODY(sha256_vector_1, tc)
50
{
51
	const char want[] = "$5$saltstring$5B8vYYiY.CVt1RlTTf8KbXBH3hsxY/GNooZaBBGWEc5";
52
	char *pw;
53
54
	pw = crypt("Hello world!", "$5$saltstring");
55
	ATF_CHECK_STREQ(pw, want);
56
}
57
58
ATF_TC(sha256_invalid);
59
ATF_TC_HEAD(sha256_invalid, tc)
60
{
61
	atf_tc_set_md_var(tc, "descr", "Tests that an invalid password fails");
62
}
63
64
ATF_TC_BODY(sha256_invalid, tc)
65
{
66
	const char want[] = "$5$saltstring$5B8vYYiY.CVt1RlTTf8KbXBH3hsxY/GNooZaBBGWEc5";
67
	char *pw;
68
69
	pw = crypt("Goodbye cruel world!", "$5$saltstring");
70
	ATF_CHECK(strcmp(pw, want) != 0);
71
}
72
73
ATF_TC(sha256_vector_2);
74
ATF_TC_HEAD(sha256_vector_2, tc)
75
{
76
	atf_tc_set_md_var(tc, "descr", "Test vector from crypt-sha256.c");
77
}
78
79
ATF_TC_BODY(sha256_vector_2, tc)
80
{
81
	const char want[] = "$5$rounds=10000$saltstringsaltst$3xv.VbSHBb41AL9AvLeujZkZRBAwqFMz2."
82
		"opqey6IcA";
83
	char *pw;
84
85
	pw = crypt("Hello world!", "$5$rounds=10000$saltstringsaltstring");
86
	ATF_CHECK_STREQ(pw, want);
87
}
88
89
ATF_TC(sha256_vector_3);
90
ATF_TC_HEAD(sha256_vector_3, tc)
91
{
92
	atf_tc_set_md_var(tc, "descr", "Test vector from crypt-sha256.c");
93
}
94
95
ATF_TC_BODY(sha256_vector_3, tc)
96
{
97
	const char want[] = "$5$rounds=5000$toolongsaltstrin$Un/5jzAHMgOGZ5.mWJpuVolil07guHPvOW8"
98
		"mGRcvxa5";
99
	char *pw;
100
101
	pw = crypt("This is just a test", "$5$rounds=5000$toolongsaltstring");
102
	ATF_CHECK_STREQ(pw, want);
103
}
104
105
ATF_TC(sha256_vector_4);
106
ATF_TC_HEAD(sha256_vector_4, tc)
107
{
108
	atf_tc_set_md_var(tc, "descr", "Test vector from crypt-sha256.c");
109
}
110
111
ATF_TC_BODY(sha256_vector_4, tc)
112
{
113
	const char want[] = "$5$rounds=1400$anotherlongsalts$Rx.j8H.h8HjEDGomFU8bDkXm3XIUnzyxf12"
114
		"oP84Bnq1";
115
	char *pw;
116
117
	pw = crypt("a very much longer text to encrypt.  This one even stretches over more"
118
		"than one line.", "$5$rounds=1400$anotherlongsaltstring");
119
	ATF_CHECK_STREQ(pw, want);
120
}
121
122
ATF_TC(sha256_vector_5);
123
ATF_TC_HEAD(sha256_vector_5, tc)
124
{
125
	atf_tc_set_md_var(tc, "descr", "Test vector from crypt-sha256.c");
126
}
127
128
ATF_TC_BODY(sha256_vector_5, tc)
129
{
130
	const char want[] = "$5$rounds=77777$short$JiO1O3ZpDAxGJeaDIuqCoEFysAe1mZNJRs3pw0KQRd/";
131
	char *pw;
132
133
	pw = crypt("we have a short salt string but not a short password", "$5$rounds=77777$short");
134
	ATF_CHECK_STREQ(pw, want);
135
}
136
137
ATF_TC(sha256_vector_6);
138
ATF_TC_HEAD(sha256_vector_6, tc)
139
{
140
	atf_tc_set_md_var(tc, "descr", "Test vector from crypt-sha256.c");
141
}
142
143
ATF_TC_BODY(sha256_vector_6, tc)
144
{
145
	const char want[] = "$5$rounds=123456$asaltof16chars..$gP3VQ/6X7UUEW3HkBn2w1/Ptq2jxPyzV/"
146
		"cZKmF/wJvD";
147
	char *pw;
148
149
	pw = crypt("a short string", "$5$rounds=123456$asaltof16chars..");
150
	ATF_CHECK_STREQ(pw, want);
151
}
152
153
ATF_TC(sha256_vector_7);
154
ATF_TC_HEAD(sha256_vector_7, tc)
155
{
156
	atf_tc_set_md_var(tc, "descr", "Test vector from crypt-sha256.c");
157
}
158
159
ATF_TC_BODY(sha256_vector_7, tc)
160
{
161
	const char want[] = "$5$rounds=1000$roundstoolow$yfvwcWrQ8l/K0DAWyuPMDNHpIVlTQebY9l/gL97"
162
		"2bIC";
163
	char *pw;
164
165
	pw = crypt("the minimum number is still observed", "$5$rounds=10$roundstoolow");
166
	ATF_CHECK_STREQ(pw, want);
167
}
168
169
ATF_TC(sha512_vector_1);
170
ATF_TC_HEAD(sha512_vector_1, tc)
171
{
172
	atf_tc_set_md_var(tc, "descr", "Test vector from crypt-sha512.c");
173
}
174
175
ATF_TC_BODY(sha512_vector_1, tc)
176
{
177
	const char want[] = "$6$saltstring$svn8UoSVapNtMuq1ukKS4tPQd8iKwSMHWjl/O817G3uBnIFNjnQJu"
178
		"esI68u4OTLiBFdcbYEdFCoEOfaS35inz1";
179
	char *pw;
180
181
	pw = crypt("Hello world!", "$6$saltstring");
182
	ATF_CHECK_STREQ(pw, want);
183
}
184
185
ATF_TC(sha512_invalid);
186
ATF_TC_HEAD(sha512_invalid, tc)
187
{
188
	atf_tc_set_md_var(tc, "descr", "Test vector from crypt-sha512.c");
189
}
190
191
ATF_TC_BODY(sha512_invalid, tc)
192
{
193
	const char want[] = "$6$saltstring$svn8UoSVapNtMuq1ukKS4tPQd8iKwSMHWjl/O817G3uBnIFNjnQJu"
194
		"esI68u4OTLiBFdcbYEdFCoEOfaS35inz1";
195
	char *pw;
196
197
	pw = crypt("Goodbye cruel world!", "$6$saltstring");
198
	ATF_CHECK(strcmp(pw, want) != 0);
199
}
200
201
ATF_TC(sha512_vector_2);
202
ATF_TC_HEAD(sha512_vector_2, tc)
203
{
204
	atf_tc_set_md_var(tc, "descr", "Test vector from crypt-sha512.c");
205
}
206
207
ATF_TC_BODY(sha512_vector_2, tc)
208
{
209
	const char want[] = "$6$rounds=10000$saltstringsaltst$OW1/O6BYHV6BcXZu8QVeXbDWra3Oeqh0sb"
210
		"HbbMCVNSnCM/UrjmM0Dp8vOuZeHBy/YTBmSK6H9qs/y3RnOaw5v.";
211
	char *pw;
212
213
	pw = crypt("Hello world!", "$6$rounds=10000$saltstringsaltstring");
214
	ATF_CHECK_STREQ(pw, want);
215
}
216
217
ATF_TC(sha512_vector_3);
218
ATF_TC_HEAD(sha512_vector_3, tc)
219
{
220
	atf_tc_set_md_var(tc, "descr", "Test vector from crypt-sha512.c");
221
}
222
223
ATF_TC_BODY(sha512_vector_3, tc)
224
{
225
	const char want[] = "$6$rounds=5000$toolongsaltstrin$lQ8jolhgVRVhY4b5pZKaysCLi0QBxGoNeKQ"
226
		"zQ3glMhwllF7oGDZxUhx1yxdYcz/e1JSbq3y6JMxxl8audkUEm0";
227
	char *pw;
228
229
	pw = crypt("This is just a test", "$6$rounds=5000$toolongsaltstring");
230
	ATF_CHECK_STREQ(pw, want);
231
}
232
233
ATF_TC(sha512_vector_4);
234
ATF_TC_HEAD(sha512_vector_4, tc)
235
{
236
	atf_tc_set_md_var(tc, "descr", "Test vector from crypt-sha512.c");
237
}
238
239
ATF_TC_BODY(sha512_vector_4, tc)
240
{
241
	const char want[] = "$6$rounds=1400$anotherlongsalts$POfYwTEok97VWcjxIiSOjiykti.o/pQs.wP"
242
		"vMxQ6Fm7I6IoYN3CmLs66x9t0oSwbtEW7o7UmJEiDwGqd8p4ur1";
243
	char *pw;
244
245
	pw = crypt("a very much longer text to encrypt.  This one even stretches over more"
246
		"than one line.", "$6$rounds=1400$anotherlongsaltstring");
247
	ATF_CHECK_STREQ(pw, want);
248
}
249
250
ATF_TC(sha512_vector_5);
251
ATF_TC_HEAD(sha512_vector_5, tc)
252
{
253
	atf_tc_set_md_var(tc, "descr", "Test vector from crypt-sha512.c");
254
}
255
256
ATF_TC_BODY(sha512_vector_5, tc)
257
{
258
	const char want[] = "$6$rounds=77777$short$WuQyW2YR.hBNpjjRhpYD/ifIw05xdfeEyQoMxIXbkvr0g"
259
		"ge1a1x3yRULJ5CCaUeOxFmtlcGZelFl5CxtgfiAc0";
260
	char *pw;
261
262
	pw = crypt("we have a short salt string but not a short password", "$6$rounds=77777$short");
263
	ATF_CHECK_STREQ(pw, want);
264
}
265
266
ATF_TC(sha512_vector_6);
267
ATF_TC_HEAD(sha512_vector_6, tc)
268
{
269
	atf_tc_set_md_var(tc, "descr", "Test vector from crypt-sha512.c");
270
}
271
272
ATF_TC_BODY(sha512_vector_6, tc)
273
{
274
	const char want[] = "$6$rounds=123456$asaltof16chars..$BtCwjqMJGx5hrJhZywWvt0RLE8uZ4oPwc"
275
		"elCjmw2kSYu.Ec6ycULevoBK25fs2xXgMNrCzIMVcgEJAstJeonj1";
276
	char *pw;
277
278
	pw = crypt("a short string", "$6$rounds=123456$asaltof16chars..");
279
	ATF_CHECK_STREQ(pw, want);
280
}
281
282
ATF_TC(sha512_vector_7);
283
ATF_TC_HEAD(sha512_vector_7, tc)
284
{
285
	atf_tc_set_md_var(tc, "descr", "Test vector from crypt-sha512.c");
286
}
287
288
ATF_TC_BODY(sha512_vector_7, tc)
289
{
290
	const char want[] = "$6$rounds=1000$roundstoolow$kUMsbe306n21p9R.FRkW3IGn.S9NPN0x50YhH1x"
291
		"hLsPuWGsUSklZt58jaTfF4ZEQpyUNGc0dqbpBYYBaHHrsX.";
292
	char *pw;
293
294
	pw = crypt("the minimum number is still observed", "$6$rounds=10$roundstoolow");
295
	ATF_CHECK_STREQ(pw, want);
296
}
297
298
#ifdef HAS_BLOWFISH	
299
ATF_TC(blf_vector_1);
300
ATF_TC_HEAD(blf_vector_1, tc)
301
{
302
	atf_tc_set_md_var(tc, "descr", "Solar Designer wrapper.c test vector 1");
303
}
304
305
ATF_TC_BODY(blf_vector_1, tc)
306
{
307
	const char want[] = "$2a$05$CCCCCCCCCCCCCCCCCCCCC.E5YPO9kmyuRGyh0XouQYb4YMJKvyOeW";
308
	char *pw;
309
	
310
	pw = crypt("U*U", want);
311
	ATF_CHECK_STREQ(pw, want);
312
}
313
314
	
315
ATF_TC(blf_invalid);
316
ATF_TC_HEAD(blf_invalid, tc)
317
{
318
	atf_tc_set_md_var(tc, "descr", "Solar Designer wrapper.c test vector 1 - invalid");
319
}
320
321
ATF_TC_BODY(blf_invalid, tc)
322
{
323
	const char want[] = "$2a$05$CCCCCCCCCCCCCCCCCCCCC.E5YPO9kmyuRGyh0XouQYb4YMJKvyOeW";
324
	char *pw;
325
	
326
	pw = crypt("ME*ME", want);
327
	ATF_CHECK(strcmp(pw, want) != 0);
328
}
329
330
ATF_TC(blf_vector_2);
331
ATF_TC_HEAD(blf_vector_2, tc)
332
{
333
	atf_tc_set_md_var(tc, "descr", "Solar Designer wrapper.c test vector 2");
334
}
335
336
ATF_TC_BODY(blf_vector_2, tc)
337
{
338
	const char want[] = "$2a$05$CCCCCCCCCCCCCCCCCCCCC.VGOzA784oUp/Z0DY336zx7pLYAy0lwK";
339
	char *pw;
340
	
341
	pw = crypt("U*U*", want);
342
	ATF_CHECK_STREQ(pw, want);
343
}
344
345
ATF_TC(blf_vector_3);
346
ATF_TC_HEAD(blf_vector_3, tc)
347
{
348
	atf_tc_set_md_var(tc, "descr", "Solar Designer wrapper.c test vector 3 - long password");
349
}
350
351
ATF_TC_BODY(blf_vector_3, tc)
352
{
353
	const char want[] = "$2a$05$abcdefghijklmnopqrstuu5s2v8.iXieOjg/.AySBTTZIIVFJeBui";
354
	char *pw;
355
	
356
	pw = crypt("0123456789abcdefghijklmnopqrstuvwxyz"
357
		"ABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789"
358
		"chars after 72 are ignored", want);
359
	ATF_CHECK_STREQ(pw, want);
360
}
361
362
ATF_TC(blf_vector_4);
363
ATF_TC_HEAD(blf_vector_4, tc)
364
{
365
	atf_tc_set_md_var(tc, "descr", "Solar Designer wrapper.c test vector 4");
366
}
367
368
ATF_TC_BODY(blf_vector_4, tc)
369
{
370
	const char want[] = "$2b$05$/OK.fbVrR/bpIqNJ5ianF.CE5elHaaO4EbggVDjb8P19RukzXSM3e";
371
	char *pw;
372
	
373
	pw = crypt("\xff\xff\xa3", want);
374
	ATF_CHECK_STREQ(pw, want);
375
}
376
377
ATF_TC(blf_vector_5);
378
ATF_TC_HEAD(blf_vector_5, tc)
379
{
380
	atf_tc_set_md_var(tc, "descr", "Solar Designer wrapper.c test vector 5 - ensure our $2a$05$ matches the $2y$05$");
381
}
382
383
ATF_TC_BODY(blf_vector_5, tc)
384
{
385
	const char want[] = "$2a$05$/OK.fbVrR/bpIqNJ5ianF.nRht2l/HRhr6zmCp9vYUvvsqynflf9e";
386
	char *pw;
387
	
388
	pw = crypt("\xff\xa3" "345", want);
389
	ATF_CHECK_STREQ(pw, want);
390
}
391
392
#endif	
393
44
/*
394
/*
45
 * This function must not do anything except enumerate
395
 * This function must not do anything except enumerate
46
 * the test cases, per atf-c-api(3).
396
 * the test cases, per atf-c-api(3).
47
 */
397
 */
48
ATF_TP_ADD_TCS(tp)
398
ATF_TP_ADD_TCS(tp)
49
{
399
{
50
51
	ATF_TP_ADD_TC(tp, md5);
400
	ATF_TP_ADD_TC(tp, md5);
52
	ATF_TP_ADD_TC(tp, invalid);
401
	ATF_TP_ADD_TC(tp, md5invalid);
402
	
403
	ATF_TP_ADD_TC(tp, sha256_vector_1);
404
	ATF_TP_ADD_TC(tp, sha256_invalid);
405
	ATF_TP_ADD_TC(tp, sha256_vector_2);
406
	ATF_TP_ADD_TC(tp, sha256_vector_3);
407
	ATF_TP_ADD_TC(tp, sha256_vector_4);
408
/*
409
	ATF_TP_ADD_TC(tp, sha256_vector_5);
410
	ATF_TP_ADD_TC(tp, sha256_vector_6);
411
*/
412
	ATF_TP_ADD_TC(tp, sha256_vector_7);
413
	
414
	ATF_TP_ADD_TC(tp, sha512_vector_1);
415
	ATF_TP_ADD_TC(tp, sha512_invalid);
416
	ATF_TP_ADD_TC(tp, sha512_vector_2);
417
	ATF_TP_ADD_TC(tp, sha512_vector_3);
418
	ATF_TP_ADD_TC(tp, sha512_vector_4);
419
/*
420
	ATF_TP_ADD_TC(tp, sha512_vector_5);
421
	ATF_TP_ADD_TC(tp, sha512_vector_6);
422
*/
423
	ATF_TP_ADD_TC(tp, sha512_vector_7);
424
425
#ifdef HAS_BLOWFISH	
426
	ATF_TP_ADD_TC(tp, blf_vector_1);
427
	ATF_TP_ADD_TC(tp, blf_invalid);
428
	ATF_TP_ADD_TC(tp, blf_vector_2);
429
	ATF_TP_ADD_TC(tp, blf_vector_3);
430
	ATF_TP_ADD_TC(tp, blf_vector_4);
431
	ATF_TP_ADD_TC(tp, blf_vector_5);
432
#endif	
433
53
	return atf_no_error();
434
	return atf_no_error();
54
}
435
}
(-)b/lib/libpam/modules/pam_unix/pam_unix.c (-40 / +17 lines)
Lines 67-83 __FBSDID("$FreeBSD: head/lib/libpam/modules/pam_unix/pam_unix.c 249177 2013-04-0 Link Here
67
#include <security/pam_modules.h>
67
#include <security/pam_modules.h>
68
#include <security/pam_mod_misc.h>
68
#include <security/pam_mod_misc.h>
69
69
70
#define PASSWORD_HASH		"md5"
71
#define DEFAULT_WARN		(2L * 7L * 86400L)  /* Two weeks */
70
#define DEFAULT_WARN		(2L * 7L * 86400L)  /* Two weeks */
72
#define	SALTSIZE		32
73
71
74
#define	LOCKED_PREFIX		"*LOCKED*"
72
#define	LOCKED_PREFIX		"*LOCKED*"
75
#define	LOCKED_PREFIX_LEN	(sizeof(LOCKED_PREFIX) - 1)
73
#define	LOCKED_PREFIX_LEN	(sizeof(LOCKED_PREFIX) - 1)
76
74
77
static void makesalt(char []);
78
79
static char password_hash[] =		PASSWORD_HASH;
80
81
#define PAM_OPT_LOCAL_PASS	"local_pass"
75
#define PAM_OPT_LOCAL_PASS	"local_pass"
82
#define PAM_OPT_NIS_PASS	"nis_pass"
76
#define PAM_OPT_NIS_PASS	"nis_pass"
83
77
Lines 269-281 pam_sm_chauthtok(pam_handle_t *pamh, int flags, Link Here
269
	struct ypclnt *ypclnt;
263
	struct ypclnt *ypclnt;
270
	const void *yp_domain, *yp_server;
264
	const void *yp_domain, *yp_server;
271
#endif
265
#endif
272
	char salt[SALTSIZE + 1];
266
	char salt[CRYPT_SALT_MAX_LEN + 1];
267
	size_t salt_sz;
273
	login_cap_t *lc;
268
	login_cap_t *lc;
274
	struct passwd *pwd, *old_pwd;
269
	struct passwd *pwd, *old_pwd;
275
	const char *user, *old_pass, *new_pass;
270
	const char *user, *old_pass, *new_pass;
276
	char *encrypted;
271
	char *encrypted;
277
	time_t passwordtime;
272
	time_t passwordtime;
278
	int pfd, tfd, retval;
273
	int pfd, tfd, retval;
274
	const char *passwd_format;
279
275
280
	if (openpam_get_option(pamh, PAM_OPT_AUTH_AS_SELF))
276
	if (openpam_get_option(pamh, PAM_OPT_AUTH_AS_SELF))
281
		pwd = getpwnam(getlogin());
277
		pwd = getpwnam(getlogin());
Lines 378-387 pam_sm_chauthtok(pam_handle_t *pamh, int flags, Link Here
378
			return (PAM_BUF_ERR);
374
			return (PAM_BUF_ERR);
379
375
380
		lc = login_getclass(pwd->pw_class);
376
		lc = login_getclass(pwd->pw_class);
381
		if (login_setcryptfmt(lc, password_hash, NULL) == NULL)
382
			openpam_log(PAM_LOG_ERROR,
383
			    "can't set password cipher, relying on default");
384
		
377
		
378
		salt_sz = sizeof(salt);
379
		passwd_format = login_getcapstr(lc, "passwd_format", "", NULL);
380
		if (crypt_makesalt(salt, passwd_format, &salt_sz) ) {
381
			login_close(lc);
382
			
383
			if (salt_sz == sizeof(salt) ) {
384
				PAM_LOG("Unable to create salt for crypt(3) format: %s", passwd_format);
385
			} else {
386
				PAM_LOG("Not enough space in buffer to create salt for format: %s. CRYPT_SALT_MAX_LEN is wrong. Buffer size: %zu, required: %zu", passwd_format, sizeof(salt), salt_sz);
387
			}
388
			
389
			return (PAM_SERVICE_ERR);
390
		}
391
				
385
		/* set password expiry date */
392
		/* set password expiry date */
386
		pwd->pw_change = 0;
393
		pwd->pw_change = 0;
387
		passwordtime = login_getcaptime(lc, "passwordtime", 0, 0);
394
		passwordtime = login_getcaptime(lc, "passwordtime", 0, 0);
Lines 389-395 pam_sm_chauthtok(pam_handle_t *pamh, int flags, Link Here
389
			pwd->pw_change = time(NULL) + passwordtime;
396
			pwd->pw_change = time(NULL) + passwordtime;
390
		
397
		
391
		login_close(lc);
398
		login_close(lc);
392
		makesalt(salt);
393
		pwd->pw_passwd = crypt(new_pass, salt);
399
		pwd->pw_passwd = crypt(new_pass, salt);
394
#ifdef YP
400
#ifdef YP
395
		switch (old_pwd->pw_fields & _PWF_SOURCE) {
401
		switch (old_pwd->pw_fields & _PWF_SOURCE) {
Lines 445-477 pam_sm_chauthtok(pam_handle_t *pamh, int flags, Link Here
445
	return (retval);
451
	return (retval);
446
}
452
}
447
453
448
/* Mostly stolen from passwd(1)'s local_passwd.c - markm */
449
450
static unsigned char itoa64[] =		/* 0 ... 63 => ascii - 64 */
451
	"./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz";
452
453
static void
454
to64(char *s, long v, int n)
455
{
456
	while (--n >= 0) {
457
		*s++ = itoa64[v&0x3f];
458
		v >>= 6;
459
	}
460
}
461
462
/* Salt suitable for traditional DES and MD5 */
463
static void
464
makesalt(char salt[SALTSIZE + 1])
465
{
466
	int i;
467
468
	/* These are not really random numbers, they are just
469
	 * numbers that change to thwart construction of a
470
	 * dictionary.
471
	 */
472
	for (i = 0; i < SALTSIZE; i += 4)
473
		to64(&salt[i], arc4random(), 4);
474
	salt[SALTSIZE] = '\0';
475
}
476
477
PAM_MODULE_ENTRY("pam_unix");
454
PAM_MODULE_ENTRY("pam_unix");
(-)b/lib/libutil/login.conf.5 (-1 / +8 lines)
Lines 277-283 multiplied by 5 seconds. Link Here
277
allowed before the login fails.
277
allowed before the login fails.
278
.It "passwd_format	string	sha512	The encryption format that new or"
278
.It "passwd_format	string	sha512	The encryption format that new or"
279
changed passwords will use.
279
changed passwords will use.
280
Valid values include "des", "md5", "blf", "sha256" and "sha512"; see
280
Valid values include Modular Crypt Format strings, 
281
.Qq des , 
282
.Qq md5 , 
283
.Qq blf , 
284
.Qq sha256
285
and 
286
.Qq sha512 ; 
287
see 
281
.Xr crypt 3
288
.Xr crypt 3
282
for details.
289
for details.
283
NIS clients using a
290
NIS clients using a
(-)b/lib/libutil/login_cap.3 (+7 lines)
Lines 569-574 If calling Link Here
569
on the specifier fails,
569
on the specifier fails,
570
.Fa error
570
.Fa error
571
is returned to indicate this.
571
is returned to indicate this.
572
.Fn login_setcryptfmt
573
and 
574
.Xr crypt_set_format 3
575
are both deprecated in favour of 
576
.Xr login_getcapstr 3
577
and 
578
.Xr crypt_makesalt 3 .
572
.El
579
.El
573
.Sh SEE ALSO
580
.Sh SEE ALSO
574
.Xr login 1 ,
581
.Xr login 1 ,
(-)b/usr.sbin/pw/pw.h (-1 / +1 lines)
Lines 119-125 char const *boolean_str(int val); Link Here
119
char *newstr(char const * p);
119
char *newstr(char const * p);
120
120
121
void pw_log(struct userconf * cnf, int mode, int which, char const * fmt,...) __printflike(4, 5);
121
void pw_log(struct userconf * cnf, int mode, int which, char const * fmt,...) __printflike(4, 5);
122
char *pw_pwcrypt(char *password);
122
char *pw_pwcrypt(const char *password, const char *format);
123
123
124
extern const char *Modes[];
124
extern const char *Modes[];
125
extern const char *Which[];
125
extern const char *Which[];
(-)b/usr.sbin/pw/pw_group.c (-1 / +1 lines)
Lines 215-221 pw_group(struct userconf * cnf, int mode, struct cargs * args) Link Here
215
					return EX_DATAERR;
215
					return EX_DATAERR;
216
				grp->gr_passwd = line;
216
				grp->gr_passwd = line;
217
			} else
217
			} else
218
				grp->gr_passwd = pw_pwcrypt(line);
218
				grp->gr_passwd = pw_pwcrypt(line, "default");
219
		}
219
		}
220
	}
220
	}
221
221
(-)b/usr.sbin/pw/pw_user.c (-29 / +27 lines)
Lines 59-65 static time_t pw_pwdpolicy(struct userconf * cnf, struct cargs * args); Link Here
59
static time_t   pw_exppolicy(struct userconf * cnf, struct cargs * args);
59
static time_t   pw_exppolicy(struct userconf * cnf, struct cargs * args);
60
static char    *pw_homepolicy(struct userconf * cnf, struct cargs * args, char const * user);
60
static char    *pw_homepolicy(struct userconf * cnf, struct cargs * args, char const * user);
61
static char    *pw_shellpolicy(struct userconf * cnf, struct cargs * args, char *newshell);
61
static char    *pw_shellpolicy(struct userconf * cnf, struct cargs * args, char *newshell);
62
static char    *pw_password(struct userconf * cnf, struct cargs * args, char const * user);
62
static char    *pw_password(struct userconf * cnf, struct cargs * args, char const * user, const char * format);
63
static char    *shell_path(char const * path, char *shells[], char *sh);
63
static char    *shell_path(char const * path, char *shells[], char *sh);
64
static void     rmat(uid_t uid);
64
static void     rmat(uid_t uid);
65
static void     rmopie(char const * name);
65
static void     rmopie(char const * name);
Lines 583-600 pw_user(struct userconf * cnf, int mode, struct cargs * args) Link Here
583
		if ((arg = getarg(args, 'w')) != NULL &&
583
		if ((arg = getarg(args, 'w')) != NULL &&
584
		    getarg(args, 'h') == NULL && getarg(args, 'H') == NULL) {
584
		    getarg(args, 'h') == NULL && getarg(args, 'H') == NULL) {
585
			login_cap_t *lc;
585
			login_cap_t *lc;
586
			char passwd_format[CRYPT_FORMAT_MAX_LEN + 1];
586
587
587
			lc = login_getpwclass(pwd);
588
			lc = login_getpwclass(pwd);
588
			if (lc == NULL ||
589
			strncpy(passwd_format, login_getcapstr(lc, "passwd_format", "", NULL), sizeof(passwd_format));
589
			    login_setcryptfmt(lc, "sha512", NULL) == NULL)
590
				warn("setting crypt(3) format");
591
			login_close(lc);
590
			login_close(lc);
592
			pwd->pw_passwd = pw_password(cnf, args, pwd->pw_name);
591
			
592
			pwd->pw_passwd = pw_password(cnf, args, pwd->pw_name, passwd_format);
593
			edited = 1;
593
			edited = 1;
594
		}
594
		}
595
595
596
	} else {
596
	} else {
597
		login_cap_t *lc;
597
		login_cap_t *lc;
598
		char passwd_format[CRYPT_FORMAT_MAX_LEN + 1];
598
599
599
		/*
600
		/*
600
		 * Add code
601
		 * Add code
Lines 618-627 pw_user(struct userconf * cnf, int mode, struct cargs * args) Link Here
618
		pwd->pw_dir = pw_homepolicy(cnf, args, pwd->pw_name);
619
		pwd->pw_dir = pw_homepolicy(cnf, args, pwd->pw_name);
619
		pwd->pw_shell = pw_shellpolicy(cnf, args, NULL);
620
		pwd->pw_shell = pw_shellpolicy(cnf, args, NULL);
620
		lc = login_getpwclass(pwd);
621
		lc = login_getpwclass(pwd);
621
		if (lc == NULL || login_setcryptfmt(lc, "sha512", NULL) == NULL)
622
		strncpy(passwd_format, login_getcapstr(lc, "passwd_format", "", NULL), sizeof(passwd_format) );
622
			warn("setting crypt(3) format");
623
		login_close(lc);
623
		login_close(lc);
624
		pwd->pw_passwd = pw_password(cnf, args, pwd->pw_name);
624
		pwd->pw_passwd = pw_password(cnf, args, pwd->pw_name, passwd_format);
625
		edited = 1;
625
		edited = 1;
626
626
627
		if (pwd->pw_uid == 0 && strcmp(pwd->pw_name, "root") != 0)
627
		if (pwd->pw_uid == 0 && strcmp(pwd->pw_name, "root") != 0)
Lines 653-658 pw_user(struct userconf * cnf, int mode, struct cargs * args) Link Here
653
			int             istty = isatty(fd);
653
			int             istty = isatty(fd);
654
			struct termios  t;
654
			struct termios  t;
655
			login_cap_t	*lc;
655
			login_cap_t	*lc;
656
			char passwd_format[CRYPT_FORMAT_MAX_LEN + 1];
656
657
657
			if (istty) {
658
			if (istty) {
658
				if (tcgetattr(fd, &t) == -1)
659
				if (tcgetattr(fd, &t) == -1)
Lines 692-702 pw_user(struct userconf * cnf, int mode, struct cargs * args) Link Here
692
				pwd->pw_passwd = line;
693
				pwd->pw_passwd = line;
693
			} else {
694
			} else {
694
				lc = login_getpwclass(pwd);
695
				lc = login_getpwclass(pwd);
695
				if (lc == NULL ||
696
				strncpy(passwd_format, login_getcapstr(lc, "passwd_format", "", NULL), sizeof(passwd_format));
696
				    login_setcryptfmt(lc, "sha512", NULL) == NULL)
697
					warn("setting crypt(3) format");
698
				login_close(lc);
697
				login_close(lc);
699
				pwd->pw_passwd = pw_pwcrypt(line);
698
				pwd->pw_passwd = pw_pwcrypt(line, passwd_format);
700
			}
699
			}
701
			edited = 1;
700
			edited = 1;
702
		}
701
		}
Lines 1082-1106 pw_shellpolicy(struct userconf * cnf, struct cargs * args, char *newshell) Link Here
1082
	return shell_path(cnf->shelldir, cnf->shells, sh ? sh : cnf->shell_default);
1081
	return shell_path(cnf->shelldir, cnf->shells, sh ? sh : cnf->shell_default);
1083
}
1082
}
1084
1083
1085
#define	SALTSIZE	32
1086
1087
static char const chars[] = "0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ./";
1088
1089
char           *
1084
char           *
1090
pw_pwcrypt(char *password)
1085
pw_pwcrypt(const char *password, const char *format)
1091
{
1086
{
1092
	int             i;
1087
	char            salt[CRYPT_SALT_MAX_LEN + 1];
1093
	char            salt[SALTSIZE + 1];
1088
	size_t		salt_sz = sizeof(salt);
1094
	char		*cryptpw;
1089
	char		*cryptpw;
1095
1090
1096
	static char     buf[256];
1091
	static char     buf[_PASSWORD_LEN + 1];
1097
1092
	
1098
	/*
1093
	if (crypt_makesalt(salt, format, &salt_sz) ) {
1099
	 * Calculate a salt value
1094
		if (salt_sz == sizeof(salt) ) {
1100
	 */
1095
			errx(EX_CONFIG, "Unable to create salt for crypt(3) format: %s", format);
1101
	for (i = 0; i < SALTSIZE; i++)
1096
		} else {
1102
		salt[i] = chars[arc4random_uniform(sizeof(chars) - 1)];
1097
			/* really shouldn't get here */
1103
	salt[SALTSIZE] = '\0';
1098
			errx(EX_CONFIG, "Not enough space to write salt to buffer.  CRYPT_SALT_MAX_LEN is wrong.");
1099
		}
1100
	}
1104
1101
1105
	cryptpw = crypt(password, salt);
1102
	cryptpw = crypt(password, salt);
1106
	if (cryptpw == NULL)
1103
	if (cryptpw == NULL)
Lines 1110-1117 pw_pwcrypt(char *password) Link Here
1110
1107
1111
1108
1112
static char    *
1109
static char    *
1113
pw_password(struct userconf * cnf, struct cargs * args, char const * user)
1110
pw_password(struct userconf * cnf, struct cargs * args, char const * user, const char * format)
1114
{
1111
{
1112
	static char const chars[] = "0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ./!@#$%^&*()-+=<>?";
1115
	int             i, l;
1113
	int             i, l;
1116
	char            pwbuf[32];
1114
	char            pwbuf[32];
1117
1115
Lines 1145-1151 pw_password(struct userconf * cnf, struct cargs * args, char const * user) Link Here
1145
		strlcpy(pwbuf, user, sizeof(pwbuf));
1143
		strlcpy(pwbuf, user, sizeof(pwbuf));
1146
		break;
1144
		break;
1147
	}
1145
	}
1148
	return pw_pwcrypt(pwbuf);
1146
	return pw_pwcrypt(pwbuf, format);
1149
}
1147
}
1150
1148
1151
1149

Return to bug 182518