Attachment #15619 for bug #28885

View | Details | Raw Unified | Return to bug 28885
Collapse All | Expand All

Lines 37-60 Link Here

(-)makekey/makekey.8 (-7 / +80 lines)
37	.Os	37	.Os
38	.Sh NAME	38	.Sh NAME
39	.Nm makekey	39	.Nm makekey
40	.Nd make encrypted keys or passwords	40	.Nd make and check encrypted keys or passwords
41	.Sh SYNOPSIS	41	.Sh SYNOPSIS
42	.Nm	42	.Nm
		43	.Op Fl m \| Fl d \| Fl u
		44	.Op Fl p Ar password
		45	.Op Fl s Ar salt
		46	.Op Fl n
43	.Sh DESCRIPTION	47	.Sh DESCRIPTION
44	.Nm Makekey	48	When called with no arguments,
45	encrypts a key and salt which it reads from the standard input	49	.Nm
46	and writes the result to the standard output.	50	runs in compatibility mode. It reads exactly 8 bytes of key and 2
47	The key is expected to be	51	bytes of salt from standard input, and produces exactly 13 bytes of
48	eight bytes; the salt is expected to be two bytes.	52	DES encrypted password on standard out (with no trailing newline).
		53	.Pp
		54	When called with arguments,
		55	.Nm
		56	encrypts a password and prints it on standard
		57	output, followed by a newline.
		58	.Pp
49	See	59	See
50	.Xr crypt 3	60	.Xr crypt 3
51	for more information on what characters the key and salt can contain	61	for more information on what characters the key and salt can contain
52	and how the encrypted value is calculated.	62	and how the encrypted value is calculated.
		63	.Sh OPTIONS
		64	.Bl -tag -width indent
		65	.It Fl m
		66	Encrypt the password using the MD5 password algorithm.
		67	.Pp
		68	.It Fl d
		69	Encrypt the password using the DES password algorithm (if available).
		70	.Pp
		71	.It Fl u
		72	Encrypt the password using the default algorithm as specified by the
		73	.Cm crypt_default
		74	entry in the
		75	.Pa /etc/auth.conf
		76	file. This is the default if neither
		77	.Fl m
		78	nor
		79	.Fl d
		80	are specified.
		81	.Pp
		82	.It Fl s Ar salt
		83	Use the supplied salt rather than a new randomly-generated salt.
		84	.Pp
		85	.It Fl n
		86	Rather than print the encrypted password on standard out, compare it
		87	to the version passed in via the
		88	.Fl s Ar salt
		89	argument, and exit with return status of 0 if they compare equal, else
		90	1.
		91	.Pp
		92	.It Fl p Ar password
		93	Use
		94	.Ar password
		95	as the plaintext password. If
		96	.Fl p
		97	is not specified,
		98	.Nm
		99	will prompt for a passord using the
		100	.Xr getpass 3
		101	function.
		102	.Sh EXAMPLES
		103	.Bd -literal -offset indent
		104	$ makekey -p secret -m
		105	$1$V6VfDBZZ$GM2ZBo0c5bh1HG0etveAq.
		106	$ makekey -p secret -d -s 3D
		107	3DzkIA460ybsA
		108	$ makekey -p secret -s 3DzkIA460ybsA -n
		109	$ echo $?
		110	0
		111	$ makekey -p wrong -s 3DzkIA460ybsA -n
		112	$ echo $?
		113	1
		114	$ makekey -u
		115	Enter password: <password>
		116	l9hDu91z3G1rY
		117	$
		118	.Ed
		119	.Sh FILES
		120	.Bl -tag -compact
		121	.It Pa /etc/auth.conf
53	.Sh SEE ALSO	122	.Sh SEE ALSO
54	.Xr login 1 ,	123	.Xr login 1 ,
55	.Xr crypt 3	124	.Xr crypt 3 ,
		125	.Xr getpass 3 ,
		126	.Xr auth.conf 5
56	.Sh HISTORY	127	.Sh HISTORY
57	A	128	A
58	.Nm	129	.Nm
59	command appeared in	130	command appeared in
60	.At v7 .	131	.At v7 .
		132	The handling of arguments was added in
		133	.Fx 4.4 .

Lines 55-63 Link Here

(-)makekey/makekey.c (-1 / +103 lines)
55	#include <unistd.h>	55	#include <unistd.h>
56		56
57	static void get __P((char *, int));	57	static void get __P((char *, int));
		58	static void olddes __P((void));
		59	static void usage __P((void));
58		60
		61	static char const saltchars[] = "0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ.";
		62
59	int	63	int
60	main()	64	main(argc, argv)
		65	int argc;
		66	char *argv[];
		67	{
		68	int c;
		69	int opt_d = 0;
		70	int opt_m = 0;
		71	int opt_n = 0;
		72	int opt_u = 0;
		73	char *sp = 0;
		74	char *pass = 0;
		75	char salt[256];
		76
		77	if (argc == 1)
		78	olddes();
		79
		80	while ((c = getopt(argc, argv, "dmnp:s:u")) != -1) {
		81	switch (c) {
		82	case 'd':
		83	opt_d = 1;
		84	break;
		85	case 'm':
		86	opt_m = 1;
		87	break;
		88	case 'n':
		89	opt_n = 1;
		90	break;
		91	case 'p':
		92	pass = optarg;
		93	break;
		94	case 's':
		95	sp = optarg;
		96	break;
		97	case 'u':
		98	opt_u = 1;
		99	break;
		100	case '?':
		101	default:
		102	warn("Unrecognised option %c\n", c);
		103	usage();
		104	}
		105	}
		106	if (optind != argc)
		107	usage();
		108	if (opt_m + opt_d + opt_u > 1)
		109	usage();
		110
		111	if (sp) {
		112	char p, q;
		113
		114	for (p = sp, q = salt; *p; p++, q++) {
		115	if (p != '$' && strchr(saltchars, p) == NULL)
		116	errx(2, "Illegal character in salt");
		117	if (q >= salt + sizeof(salt))
		118	errx(2, "Salt too long");
		119	q = p;
		120	}
		121	*q = 0;
		122	} else {
		123	int i;
		124
		125	srandomdev();
		126
		127	for (i = 0; i < 8; i++)
		128	salt[i] = saltchars[random() % 64];
129	salt[8] = 0;
130	}
131
132	if (pass == 0)
133	pass = getpass("Enter password:");
134
135	if (opt_d \|\| opt_m)
136	if (!crypt_set_format(opt_m ? "md5" : "des"))
137	warn("setting crypt(3) format");
138
139	if (opt_n) {
140	if (!sp)
141	errx(2, "No salt provided with -n");
142	exit(strcmp(salt, crypt(pass, salt)) != 0);
143	} else {
144	printf("%s\n", crypt(pass, salt));
145	exit(0);
146	}
147	}
148
149	static void
150	usage()
151	{
152	fprintf(stderr, "usage: makekey [-m\|-d\|-u] [-s salt] [-p passwd] [-n]\n");
153	exit(1);
154	}
155
156	/*
157	* Old behaviour for DES passwords
158	* read exactly 8 bytes of passwd and 2 bytes of salt and print the crypt
159	* output
160	*/
161	static void
162	olddes()
61	{	163	{
62	int len;	164	int len;
63	char *r, key[9], salt[3];	165	char *r, key[9], salt[3];

Return to bug 28885