1 /* $OpenBSD: encrypt.c,v 1.28 2007/07/14 21:26:38 krw Exp $ */ 2 3 /* 4 * Copyright (c) 1996, Jason Downs. All rights reserved. 5 * 6 * Redistribution and use in source and binary forms, with or without 7 * modification, are permitted provided that the following conditions 8 * are met: 9 * 1. Redistributions of source code must retain the above copyright 10 * notice, this list of conditions and the following disclaimer. 11 * 2. Redistributions in binary form must reproduce the above copyright 12 * notice, this list of conditions and the following disclaimer in the 13 * documentation and/or other materials provided with the distribution. 14 * 15 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR(S) ``AS IS'' AND ANY EXPRESS 16 * OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED 17 * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE 18 * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR(S) BE LIABLE FOR ANY DIRECT, 19 * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES 20 * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR 21 * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER 22 * CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 23 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 24 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 25 * SUCH DAMAGE. 26 */ 27 28 #include <sys/types.h> 29 #include <ctype.h> 30 #include <err.h> 31 #include <errno.h> 32 #include <pwd.h> 33 #include <stdio.h> 34 #include <stdlib.h> 35 #include <string.h> 36 #include <unistd.h> 37 #include <login_cap.h> 38 #include <limits.h> 39 40 /* 41 * Very simple little program, for encrypting passwords from the command 42 * line. Useful for scripts and such. 43 */ 44 45 #define DO_MAKEKEY 0 46 #define DO_DES 1 47 #define DO_MD5 2 48 #define DO_BLF 3 49 50 extern char *__progname; 51 char buffer[_PASSWORD_LEN]; 52 53 void usage(void); 54 void print_passwd(char *, int, void *); 55 56 void 57 usage(void) 58 { 59 60 (void)fprintf(stderr, 61 "usage: %s [-km] [-b rounds] [-c class] [-p | string] [-s salt]\n", 62 __progname); 63 exit(1); 64 } 65 66 void 67 print_passwd(char *string, int operation, void *extra) 68 { 69 char msalt[3], *salt, *cryptstr; 70 login_cap_t *lc; 71 int pwd_gensalt(char *, int, login_cap_t *, char); 72 void to64(char *, u_int32_t, int n); 73 74 switch(operation) { 75 case DO_MAKEKEY: 76 /* 77 * makekey mode: parse string into separate DES key and salt. 78 */ 79 if (strlen(string) != 10) { 80 /* To be compatible... */ 81 errx(1, "%s", strerror(EFTYPE)); 82 } 83 strlcpy(msalt, &string[8], sizeof msalt); 84 salt = msalt; 85 break; 86 87 case DO_MD5: 88 strlcpy(buffer, "$1$", sizeof buffer); 89 to64(&buffer[3], arc4random(), 4); 90 to64(&buffer[7], arc4random(), 4); 91 strlcpy(buffer + 11, "$", sizeof buffer - 11); 92 salt = buffer; 93 break; 94 95 case DO_BLF: 96 strlcpy(buffer, bcrypt_gensalt(*(int *)extra), _PASSWORD_LEN); 97 salt = buffer; 98 break; 99 100 case DO_DES: 101 salt = extra; 102 break; 103 104 default: 105 if ((lc = login_getclass(extra)) == NULL) 106 errx(1, "unable to get login class `%s'", 107 extra ? (char *)extra : "default"); 108 if (!pwd_gensalt(buffer, _PASSWORD_LEN, lc, 'l')) 109 errx(1, "can't generate salt"); 110 salt = buffer; 111 break; 112 } 113 114 if ((cryptstr = crypt(string, salt)) == NULL) 115 errx(1, "crypt failed"); 116 fputs(cryptstr, stdout); 117 } 118 119 int 120 main(int argc, char **argv) 121 { 122 int opt; 123 int operation = -1; 124 int prompt = 0; 125 int rounds; 126 void *extra = NULL; /* Store salt or number of rounds */ 127 const char *errstr; 128 129 if (strcmp(__progname, "makekey") == 0) 130 operation = DO_MAKEKEY; 131 132 while ((opt = getopt(argc, argv, "kmps:b:c:")) != -1) { 133 switch (opt) { 134 case 'k': /* Stdin/Stdout Unix crypt */ 135 if (operation != -1 || prompt) 136 usage(); 137 operation = DO_MAKEKEY; 138 break; 139 140 case 'm': /* MD5 password hash */ 141 if (operation != -1) 142 usage(); 143 operation = DO_MD5; 144 break; 145 146 case 'p': 147 if (operation == DO_MAKEKEY) 148 usage(); 149 prompt = 1; 150 break; 151 152 case 's': /* Unix crypt (DES) */ 153 if (operation != -1 || optarg[0] == '$') 154 usage(); 155 operation = DO_DES; 156 extra = optarg; 157 break; 158 159 case 'b': /* Blowfish password hash */ 160 if (operation != -1) 161 usage(); 162 operation = DO_BLF; 163 rounds = strtonum(optarg, 1, INT_MAX, &errstr); 164 if (errstr != NULL) 165 errx(1, "%s: %s", errstr, optarg); 166 extra = &rounds; 167 break; 168 169 case 'c': /* user login class */ 170 extra = optarg; 171 operation = -1; 172 break; 173 174 default: 175 usage(); 176 } 177 } 178 179 if (((argc - optind) < 1) || operation == DO_MAKEKEY) { 180 char line[BUFSIZ], *string; 181 182 if (prompt) { 183 if ((string = getpass("Enter string: ")) == NULL) 184 err(1, "getpass"); 185 print_passwd(string, operation, extra); 186 (void)fputc('\n', stdout); 187 } else { 188 size_t len; 189 /* Encrypt stdin to stdout. */ 190 while (!feof(stdin) && 191 (fgets(line, sizeof(line), stdin) != NULL)) { 192 len = strlen(line); 193 if (len == 0 || line[0] == '\n') 194 continue; 195 if (line[len - 1] == '\n') 196 line[len - 1] = '\0'; 197 198 print_passwd(line, operation, extra); 199 200 if (operation == DO_MAKEKEY) { 201 fflush(stdout); 202 break; 203 } 204 (void)fputc('\n', stdout); 205 } 206 } 207 } else { 208 char *string; 209 210 /* can't combine -p with a supplied string */ 211 if (prompt) 212 usage(); 213 214 /* Perhaps it isn't worth worrying about, but... */ 215 if ((string = strdup(argv[optind])) == NULL) 216 err(1, NULL); 217 /* Wipe the argument. */ 218 memset(argv[optind], 0, strlen(argv[optind])); 219 220 print_passwd(string, operation, extra); 221 222 (void)fputc('\n', stdout); 223 224 /* Wipe our copy, before we free it. */ 225 memset(string, 0, strlen(string)); 226 free(string); 227 } 228 exit(0); 229 } 230