1 /* $OpenBSD: encrypt.c,v 1.19 2003/07/02 21:04:09 deraadt Exp $ */ 2 3 /* 4 * Copyright (c) 1996, Jason Downs. All rights reserved. 5 * 6 * Redistribution and use in source and binary forms, with or without 7 * modification, are permitted provided that the following conditions 8 * are met: 9 * 1. Redistributions of source code must retain the above copyright 10 * notice, this list of conditions and the following disclaimer. 11 * 2. Redistributions in binary form must reproduce the above copyright 12 * notice, this list of conditions and the following disclaimer in the 13 * documentation and/or other materials provided with the distribution. 14 * 15 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR(S) ``AS IS'' AND ANY EXPRESS 16 * OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED 17 * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE 18 * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR(S) BE LIABLE FOR ANY DIRECT, 19 * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES 20 * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR 21 * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER 22 * CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 23 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 24 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 25 * SUCH DAMAGE. 26 */ 27 28 #include <sys/types.h> 29 #include <ctype.h> 30 #include <err.h> 31 #include <errno.h> 32 #include <pwd.h> 33 #include <stdio.h> 34 #include <stdlib.h> 35 #include <string.h> 36 #include <unistd.h> 37 #include <login_cap.h> 38 39 /* 40 * Very simple little program, for encrypting passwords from the command 41 * line. Useful for scripts and such. 42 */ 43 44 #define DO_MAKEKEY 0 45 #define DO_DES 1 46 #define DO_MD5 2 47 #define DO_BLF 3 48 49 extern char *__progname; 50 char buffer[_PASSWORD_LEN]; 51 52 void usage(void); 53 char *trim(char *); 54 void print_passwd(char *, int, void *); 55 56 void 57 usage(void) 58 { 59 60 (void)fprintf(stderr, 61 "usage: %s [-k] [-b rounds] [-c class] [-m] [-s salt] [-p | string]\n", 62 __progname); 63 exit(1); 64 } 65 66 char * 67 trim(char *line) 68 { 69 char *ptr; 70 71 for (ptr = &line[strlen(line)-1]; ptr > line; ptr--) { 72 if (!isspace(*ptr)) 73 break; 74 } 75 ptr[1] = '\0'; 76 77 for (ptr = line; *ptr && isspace(*ptr); ptr++) 78 ; 79 80 return(ptr); 81 } 82 83 void 84 print_passwd(char *string, int operation, void *extra) 85 { 86 char msalt[3], *salt; 87 struct passwd pwd; 88 login_cap_t *lc; 89 int pwd_gensalt(char *, int, struct passwd *, login_cap_t *, char); 90 void to64(char *, int32_t, int n); 91 92 switch(operation) { 93 case DO_MAKEKEY: 94 /* 95 * makekey mode: parse string into separate DES key and salt. 96 */ 97 if (strlen(string) != 10) { 98 /* To be compatible... */ 99 errx(1, "%s", strerror(EFTYPE)); 100 } 101 strlcpy(msalt, &string[8], sizeof msalt); 102 salt = msalt; 103 break; 104 105 case DO_MD5: 106 strlcpy(buffer, "$1$", sizeof buffer); 107 to64(&buffer[3], arc4random(), 4); 108 to64(&buffer[7], arc4random(), 4); 109 strlcpy(buffer + 11, "$", sizeof buffer - 11); 110 salt = buffer; 111 break; 112 113 case DO_BLF: 114 strlcpy(buffer, bcrypt_gensalt(*(int *)extra), _PASSWORD_LEN); 115 salt = buffer; 116 break; 117 118 case DO_DES: 119 salt = extra; 120 break; 121 122 default: 123 pwd.pw_name = "default"; 124 if ((lc = login_getclass(extra)) == NULL) 125 errx(1, "unable to get login class `%s'", 126 extra ? (char *)extra : "default"); 127 if (!pwd_gensalt(buffer, _PASSWORD_LEN, &pwd, lc, 'l')) 128 errx(1, "can't generate salt"); 129 salt = buffer; 130 break; 131 } 132 133 (void)fputs(crypt(string, salt), stdout); 134 } 135 136 int 137 main(int argc, char **argv) 138 { 139 int opt; 140 int operation = -1; 141 int prompt = 0; 142 int rounds; 143 void *extra = NULL; /* Store salt or number of rounds */ 144 145 if (strcmp(__progname, "makekey") == 0) 146 operation = DO_MAKEKEY; 147 148 while ((opt = getopt(argc, argv, "kmps:b:c:")) != -1) { 149 switch (opt) { 150 case 'k': /* Stdin/Stdout Unix crypt */ 151 if (operation != -1 || prompt) 152 usage(); 153 operation = DO_MAKEKEY; 154 break; 155 156 case 'm': /* MD5 password hash */ 157 if (operation != -1) 158 usage(); 159 operation = DO_MD5; 160 break; 161 162 case 'p': 163 if (operation == DO_MAKEKEY) 164 usage(); 165 prompt = 1; 166 break; 167 168 case 's': /* Unix crypt (DES) */ 169 if (operation != -1 || optarg[0] == '$') 170 usage(); 171 operation = DO_DES; 172 extra = optarg; 173 break; 174 175 case 'b': /* Blowfish password hash */ 176 if (operation != -1) 177 usage(); 178 operation = DO_BLF; 179 rounds = atoi(optarg); 180 extra = &rounds; 181 break; 182 183 case 'c': /* user login class */ 184 extra = optarg; 185 operation = -1; 186 break; 187 188 default: 189 usage(); 190 } 191 } 192 193 if (((argc - optind) < 1) || operation == DO_MAKEKEY) { 194 char line[BUFSIZ], *string; 195 196 if (prompt) { 197 string = getpass("Enter string: "); 198 print_passwd(string, operation, extra); 199 (void)fputc('\n', stdout); 200 } else { 201 /* Encrypt stdin to stdout. */ 202 while (!feof(stdin) && 203 (fgets(line, sizeof(line), stdin) != NULL)) { 204 /* Kill the whitesapce. */ 205 string = trim(line); 206 if (*string == '\0') 207 continue; 208 209 print_passwd(string, operation, extra); 210 211 if (operation == DO_MAKEKEY) { 212 fflush(stdout); 213 break; 214 } 215 (void)fputc('\n', stdout); 216 } 217 } 218 } else { 219 char *string; 220 221 /* can't combine -p with a supplied string */ 222 if (prompt) 223 usage(); 224 225 /* Perhaps it isn't worth worrying about, but... */ 226 if ((string = strdup(argv[optind])) == NULL) 227 err(1, NULL); 228 /* Wipe the argument. */ 229 memset(argv[optind], 0, strlen(argv[optind])); 230 231 print_passwd(string, operation, extra); 232 233 (void)fputc('\n', stdout); 234 235 /* Wipe our copy, before we free it. */ 236 memset(string, 0, strlen(string)); 237 free(string); 238 } 239 exit(0); 240 } 241