1 /* 2 * Copyright (c) 1999 3 * Mark Murray. All rights reserved. 4 * 5 * Redistribution and use in source and binary forms, with or without 6 * modification, are permitted provided that the following conditions 7 * are met: 8 * 1. Redistributions of source code must retain the above copyright 9 * notice, this list of conditions and the following disclaimer. 10 * 2. Redistributions in binary form must reproduce the above copyright 11 * notice, this list of conditions and the following disclaimer in the 12 * documentation and/or other materials provided with the distribution. 13 * 14 * THIS SOFTWARE IS PROVIDED BY MARK MURRAY AND CONTRIBUTORS ``AS IS'' AND 15 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 16 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 17 * ARE DISCLAIMED. IN NO EVENT SHALL MARK MURRAY OR CONTRIBUTORS BE LIABLE 18 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 19 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 20 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 21 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 22 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 23 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 24 * SUCH DAMAGE. 25 * 26 * $FreeBSD: src/lib/libcrypt/crypt.c,v 1.14.2.2 2001/05/24 12:20:02 markm Exp $ 27 */ 28 29 #include <sys/types.h> 30 #include <string.h> 31 #include <libutil.h> 32 #include <unistd.h> 33 #include "crypt.h" 34 35 /* 36 * XXX - NOTE: 37 * 38 * The deprecated sha256/512 functions are somehow sensitive to the 39 * order of this crypt_types array as well as their respective "name" members. 40 * 41 * In order to ensure that both existing passwords will continue to work and 42 * that new passwords will be more secure by using the new algorithms even 43 * without updating the existing login.conf, this array is now scanned 44 * backwards. This could be reverted in the future when the deprecated SHA 45 * functionality is removed. 46 */ 47 static const struct { 48 const char *const name; 49 char *(*const func)(const char *, const char *); 50 const char *const magic; 51 } crypt_types[] = { 52 #ifdef HAS_DES 53 { 54 "des", 55 crypt_des, 56 NULL 57 }, 58 #endif 59 { 60 "md5", 61 crypt_md5, 62 "$1$" 63 }, 64 #ifdef HAS_BLOWFISH 65 { 66 "blf", 67 crypt_blowfish, 68 "$2" 69 }, 70 #endif 71 { 72 "sha256", 73 crypt_deprecated_sha256, 74 "$3$" 75 }, 76 { 77 "sha512", 78 crypt_deprecated_sha512, 79 "$4$" 80 }, 81 { 82 "sha256", 83 crypt_sha256, 84 "$5$" 85 }, 86 { 87 "sha512", 88 crypt_sha512, 89 "$6$" 90 } 91 }; 92 93 static int crypt_type = -1; 94 95 static void 96 crypt_setdefault(void) 97 { 98 char *def; 99 int i; 100 101 if (crypt_type != -1) 102 return; 103 def = auth_getval("crypt_default"); 104 if (def == NULL) { 105 crypt_type = 0; 106 return; 107 } 108 for (i = sizeof(crypt_types) / sizeof(crypt_types[0]) - 1; i >= 0; i--) { 109 if (strcmp(def, crypt_types[i].name) == 0) { 110 crypt_type = i; 111 return; 112 } 113 } 114 crypt_type = 0; 115 } 116 117 const char * 118 crypt_get_format(void) 119 { 120 121 crypt_setdefault(); 122 return (crypt_types[crypt_type].name); 123 } 124 125 int 126 crypt_set_format(const char *type) 127 { 128 int i; 129 130 crypt_setdefault(); 131 for (i = sizeof(crypt_types) / sizeof(crypt_types[0]) - 1; i >= 0; i--) { 132 if (strcmp(type, crypt_types[i].name) == 0) { 133 crypt_type = i; 134 return (1); 135 } 136 } 137 return (0); 138 } 139 140 char * 141 crypt(const char *passwd, const char *salt) 142 { 143 int i; 144 145 crypt_setdefault(); 146 for (i = sizeof(crypt_types) / sizeof(crypt_types[0]) - 1; i >= 0; i--) { 147 if (crypt_types[i].magic != NULL && strncmp(salt, 148 crypt_types[i].magic, strlen(crypt_types[i].magic)) == 0) 149 return (crypt_types[i].func(passwd, salt)); 150 } 151 return (crypt_types[crypt_type].func(passwd, salt)); 152 } 153