emo/shadow
1
0
Fork 0
Code Issues Pull Requests Packages Releases Activity

* lib/prototypes.h, libmisc/salt.c: Add parameters to

Browse Source 
crypt_make_salt to force the crypt method and number of rounds.
* libmisc/salt.c: Add parameter to SHA_salt_rounds to force the
  number of rounds.
* libmisc/salt.c, lib/getdef.c: ENCRYPT_METHOD and MD5_CRYPT_ENAB
  are needed also when USE_PAM (e.g. for chpasswd).
* src/newusers.c, src/gpasswd.c: Use the new crypt_make_salt prototype.
* src/chpasswd.c, src/chgpasswd.c: Add option -c, --crypt-method
  and -s, --sha-rounds to specify the crypt method and number of
  rounds in case of one of the SHA methods. The new prototype of
  crypt_make_salt simplifies the handling of -m, --md5.
This commit is contained in:
nekral-guest
2007-11-20 09:33:52 +00:00
parent eb23bbfd98
commit 0b695f5a76
8 changed files with 233 additions and 82 deletions
Download Patch File Download Diff File Expand all files Collapse all files

89
src/chgpasswd.c
View File

@ -50,8 +50,13 @@
* Global variables
*/
static char *Prog;
static int cflg = 0;
static int eflg = 0;
static int md5flg = 0;
static int sflg = 0;
static char *crypt_method = NULL;
static int sha_rounds = 5000;
#ifdef SHADOWGRP
static int is_shadow_grp;
@ -68,14 +73,36 @@ static void usage (void)
fprintf (stderr, _("Usage: chgpasswd [options]\n"
"\n"
"Options:\n"
" -c, --crypt-method the crypt method (one of %s)\n"
" -e, --encrypted supplied passwords are encrypted\n"
" -h, --help display this help message and exit\n"
" -m, --md5 use MD5 encryption instead DES when the supplied\n"
" passwords are not encrypted\n"
"\n"));
"\n"),
#ifndef ENCRYPTMETHOD_SELECT
"DES MD5"
#else
"DES MD5 SHA256 SHA512"
#endif
);
exit (1);
}
static long getnumber (const char *numstr)
{
long val;
char *errptr;
val = strtol (numstr, &errptr, 10);
if (*errptr || errno == ERANGE) {
fprintf (stderr, _("%s: invalid numeric argument '%s'\n"), Prog,
numstr);
exit (1);
}
return val;
}
int main (int argc, char **argv)
{
char buf[BUFSIZ];
@ -111,16 +138,22 @@ int main (int argc, char **argv)
int option_index = 0;
int c;
static struct option long_options[] = {
{"crypt-method", required_argument, NULL, 'c'},
{"encrypted", no_argument, NULL, 'e'},
{"help", no_argument, NULL, 'h'},
{"md5", no_argument, NULL, 'm'},
{"sha-rounds", required_argument, NULL, 's'},
{NULL, 0, NULL, '\0'}
};
while ((c =
getopt_long (argc, argv, "ehm", long_options,
getopt_long (argc, argv, "c:ehms:", long_options,
&option_index)) != -1) {
switch (c) {
case 'c':
cflg = 1;
crypt_method = optarg;
break;
case 'e':
eflg = 1;
break;
@ -130,6 +163,10 @@ int main (int argc, char **argv)
case 'm':
md5flg = 1;
break;
case 's':
sflg = 1;
sha_rounds = getnumber(optarg);
break;
case 0:
/* long option */
break;
@ -140,6 +177,34 @@ int main (int argc, char **argv)
}
}
/* validate options */
if (sflg && !cflg) {
fprintf (stderr,
_("%s: %s flag is ONLY allowed with the %s flag\n"),
Prog, "-s", "-c");
usage ();
}
if (md5flg && cflg) {
fprintf (stderr,
_("%s: the -m and -c flags are exclusive\n"),
Prog);
usage ();
}
if (cflg) {
if (0 != strcmp (method, "DES") &&
0 != strcmp (method, "MD5") &&
#ifdef ENCRYPTMETHOD_SELECT
0 != strcmp (method, "SHA256") &&
0 != strcmp (method, "SHA512")
#endif
) {
fprintf (stderr,
_("%s: unsupported crypt method: %s\n"),
Prog, method);
usage ();
}
}
#ifdef USE_PAM
retval = PAM_SUCCESS;
@ -245,18 +310,16 @@ int main (int argc, char **argv)
}
newpwd = cp;
if (!eflg) {
if (md5flg) {
char md5salt[12] = "$1$";
char *salt = crypt_make_salt ();
if (strncmp (salt, "$1$", 3) == 0) {
strncpy (md5salt, salt, 11);
} else {
strncat (md5salt, salt, 8);
}
cp = pw_encrypt (newpwd, md5salt);
void *arg = NULL;
if (md5flg)
crypt_method = "MD5";
else if (crypt_method != NULL) {
if (sflg)
arg = &sha_rounds;
} else
cp = pw_encrypt (newpwd, crypt_make_salt ());
crypt_method = "DES";
cp = pw_encrypt (newpwd,
crypt_make_salt(crypt_method, arg));
}
/*

89
src/chpasswd.c
View File

@ -49,8 +49,13 @@
* Global variables
*/
static char *Prog;
static int cflg = 0;
static int eflg = 0;
static int md5flg = 0;
static int sflg = 0;
static char *crypt_method = NULL;
static int sha_rounds = 5000;
static int is_shadow_pwd;
@ -65,14 +70,36 @@ static void usage (void)
fprintf (stderr, _("Usage: chpasswd [options]\n"
"\n"
"Options:\n"
" -c, --crypt-method the crypt method (one of %s)\n"
" -e, --encrypted supplied passwords are encrypted\n"
" -h, --help display this help message and exit\n"
" -m, --md5 use MD5 encryption instead DES when the supplied\n"
" passwords are not encrypted\n"
"\n"));
"\n"),
#ifndef ENCRYPTMETHOD_SELECT
"DES MD5"
#else
"DES MD5 SHA256 SHA512"
#endif
);
exit (E_USAGE);
}
static long getnumber (const char *numstr)
{
long val;
char *errptr;
val = strtol (numstr, &errptr, 10);
if (*errptr || errno == ERANGE) {
fprintf (stderr, _("%s: invalid numeric argument '%s'\n"), Prog,
numstr);
exit (1);
}
return val;
}
int main (int argc, char **argv)
{
char buf[BUFSIZ];
@ -105,16 +132,22 @@ int main (int argc, char **argv)
int option_index = 0;
int c;
static struct option long_options[] = {
{"crypt-method", required_argument, NULL, 'c'},
{"encrypted", no_argument, NULL, 'e'},
{"help", no_argument, NULL, 'h'},
{"md5", no_argument, NULL, 'm'},
{"sha-rounds", required_argument, NULL, 's'},
{NULL, 0, NULL, '\0'}
};
while ((c =
getopt_long (argc, argv, "ehm", long_options,
getopt_long (argc, argv, "c:ehms:", long_options,
&option_index)) != -1) {
switch (c) {
case 'c':
cflg = 1;
crypt_method = optarg;
break;
case 'e':
eflg = 1;
break;
@ -124,6 +157,10 @@ int main (int argc, char **argv)
case 'm':
md5flg = 1;
break;
case 's':
sflg = 1;
sha_rounds = getnumber(optarg);
break;
case 0:
/* long option */
break;
@ -134,6 +171,34 @@ int main (int argc, char **argv)
}
}
/* validate options */
if (sflg && !cflg) {
fprintf (stderr,
_("%s: %s flag is ONLY allowed with the %s flag\n"),
Prog, "-s", "-c");
usage ();
}
if (md5flg && cflg) {
fprintf (stderr,
_("%s: the -m and -c flags are exclusive\n"),
Prog);
usage ();
}
if (cflg) {
if (0 != strcmp (method, "DES") &&
0 != strcmp (method, "MD5") &&
#ifdef ENCRYPTMETHOD_SELECT
0 != strcmp (method, "SHA256") &&
0 != strcmp (method, "SHA512")
#endif
) {
fprintf (stderr,
_("%s: unsupported crypt method: %s\n"),
Prog, method);
usage ();
}
}
#ifdef USE_PAM
retval = PAM_SUCCESS;
@ -241,18 +306,16 @@ int main (int argc, char **argv)
}
newpwd = cp;
if (!eflg) {
if (md5flg) {
char md5salt[12] = "$1$";
char *salt = crypt_make_salt ();
if (strncmp (salt, "$1$", 3) == 0) {
strncpy (md5salt, salt, 11);
} else {
strncat (md5salt, salt, 8);
}
cp = pw_encrypt (newpwd, salt);
void *arg = NULL;
if (md5flg)
crypt_method = "MD5";
else if (crypt_method != NULL) {
if (sflg)
arg = &sha_rounds;
} else
cp = pw_encrypt (newpwd, crypt_make_salt ());
crypt_method = "DES";
cp = pw_encrypt (newpwd,
crypt_make_salt(crypt_method, arg));
}
/*

2
src/gpasswd.c
View File

@ -607,7 +607,7 @@ int main (int argc, char **argv)
exit (1);
}
cp = pw_encrypt (pass, crypt_make_salt ());
cp = pw_encrypt (pass, crypt_make_salt (NULL, NULL));
memzero (pass, sizeof pass);
#ifdef SHADOWGRP
if (is_shadowgrp)

7
src/newusers.c
View File

@ -214,7 +214,7 @@ static int add_user (const char *name, const char *uid, uid_t * nuid, gid_t gid)
static void update_passwd (struct passwd *pwd, const char *passwd)
{
pwd->pw_passwd = pw_encrypt (passwd, crypt_make_salt ());
pwd->pw_passwd = pw_encrypt (passwd, crypt_make_salt (NULL, NULL));
}
/*
@ -241,7 +241,8 @@ static int add_passwd (struct passwd *pwd, const char *passwd)
*/
if ((sp = spw_locate (pwd->pw_name))) {
spent = *sp;
spent.sp_pwdp = pw_encrypt (passwd, crypt_make_salt ());
spent.sp_pwdp = pw_encrypt (passwd,
crypt_make_salt (NULL, NULL));
return !spw_update (&spent);
}
@ -261,7 +262,7 @@ static int add_passwd (struct passwd *pwd, const char *passwd)
* shadow password file entry.
*/
spent.sp_namp = pwd->pw_name;
spent.sp_pwdp = pw_encrypt (passwd, crypt_make_salt ());
spent.sp_pwdp = pw_encrypt (passwd, crypt_make_salt (NULL, NULL));
spent.sp_lstchg = time ((time_t *) 0) / SCALE;
spent.sp_min = getdef_num ("PASS_MIN_DAYS", 0);
/* 10000 is infinity this week */