From 67c40ef892e23a375a1eeec51d343ef6be31f5d8 Mon Sep 17 00:00:00 2001 From: green Date: Tue, 22 Aug 2000 02:15:54 +0000 Subject: Add working and easy crypt(3)-switching. Yes, we need a whole new API for crypt(3) by now. In any case: Add crypt_set_format(3) + documentation to -lcrypt. Add login_setcryptfmt(3) + documentation to -lutil. Support for switching crypt formats in passwd(8). Support for switching crypt formats in pw(8). The simple synopsis is: edit login.conf; add a passwd_format field set to "des" or "md5"; go nuts :) Reviewed by: peter --- lib/libcrypt/Makefile | 3 ++- lib/libcrypt/crypt.3 | 51 +++++++++++++++++++++++++++++++++++++-------- lib/libcrypt/crypt.c | 57 ++++++++++++++++++++++++++++++++++++++++++++------- lib/libcrypt/crypt.h | 1 - 4 files changed, 95 insertions(+), 17 deletions(-) (limited to 'lib/libcrypt') diff --git a/lib/libcrypt/Makefile b/lib/libcrypt/Makefile index 17c978e..1c54fa6 100644 --- a/lib/libcrypt/Makefile +++ b/lib/libcrypt/Makefile @@ -17,9 +17,10 @@ SONAME= ${LCRYPTSO} .PATH: ${.CURDIR}/../libmd SRCS= crypt.c crypt-md5.c misc.c -STATICSRCS= md5c.c +STATICSRCS= md5c.c sha1c.c STATICOBJS= ${STATICSRCS:S/.c/.o/g} MAN3= crypt.3 +MLINKS= crypt.3 crypt_get_format.3 crypt.3 crypt_set_format.3 CFLAGS+= -I${.CURDIR}/../libmd CFLAGS+= -DLIBC_SCCS -Wall PRECIOUSLIB= yes diff --git a/lib/libcrypt/crypt.3 b/lib/libcrypt/crypt.3 index e9f98c1..81f6261 100644 --- a/lib/libcrypt/crypt.3 +++ b/lib/libcrypt/crypt.3 @@ -43,6 +43,10 @@ .Fd #include .Ft char * .Fn crypt "const char *key" "const char *salt" +.Ft const char * +.Fn crypt_get_format "void" +.Ft int +.Fn crypt_set_format "const char *string" .Sh DESCRIPTION The .Fn crypt @@ -59,10 +63,12 @@ Currently these include the .Tn Data Encryption Standard (DES) , and .Tn MD5 . -The algorithm used will depend upon the format of the Salt--following -the Modular Crypt Format (MCF)--and if +The algorithm used will depend upon the format of the Salt (following +the Modular Crypt Format (MCF)), if .Tn DES -is installed or not. +is installed or not, and whether +.Fn crypt_set_format +has been called to change the default. .Pp The first argument to .Nm @@ -177,10 +183,15 @@ Other crypt formats may be easilly added. An example salt would be: .Ss "Traditional" crypt: .Pp The algorithm used will depend upon whether +.Fn crypt_set_format +has been called and whether .Tn DES -is installed or not. If it is, +is installed or not. If .Tn DES -will be used. Otherwise, the best algorithm is used, which is currently +is installed and +.Fn crypt_set_format +has not set the format to something else, it will be used. +Otherwise, the best algorithm is used, which is currently .\" .\" NOTICE: Also make sure to update this .\" @@ -188,6 +199,23 @@ MD5. .Pp How the salt is used will depend upon the algorithm for the hash. For best results, specify at least two characters of salt. +.Pp +The +.Fn crypt_get_format +function returns a constant string that represents the name of the +algorithm currently used. +Valid values are +.\" +.\" NOTICE: Also make sure to update this, too, as well +.\" +.Ql des +and +.Ql md5 . +.Pp +The +.Fn crypt_set_format +function sets the default encoding format according to the supplied +.Fa string . .Sh RETURN VALUES .Pp .Fn crypt @@ -195,6 +223,10 @@ returns a pointer to the encrypted value on success, and NULL on failure. Note: this is not a standard behaviour, AT&T .Fn crypt will always return a pointer to a string. +.Pp +.Fn crypt_set_format +will return 1 if the supplied encoding format was valid. +Otherwise, a value of 0 is returned. .Sh SEE ALSO .Xr login 1 , .Xr passwd 1 , @@ -206,7 +238,9 @@ The .Fn crypt function returns a pointer to static data, and subsequent calls to .Fn crypt -will modify the same data. +will modify the same data. Likewise, +.Fn crypt_set_format +modifies static data. .Sh HISTORY A rotor-based .Fn crypt @@ -230,6 +264,7 @@ Originally written by .An David Burren Aq davidb@werj.com.au , later additions and changes by .An Poul-henning Kamp , -.An Mark R V Murray -and +.An Mark R V Murray , .An Kris Kennaway . +and +.An Brian Feldman . diff --git a/lib/libcrypt/crypt.c b/lib/libcrypt/crypt.c index e040be1..7a61b42 100644 --- a/lib/libcrypt/crypt.c +++ b/lib/libcrypt/crypt.c @@ -34,14 +34,57 @@ static char rcsid[] = "$FreeBSD$"; #include #include "crypt.h" +static const struct { + const char *const name; + char *(*const func)(const char *, const char *); + const char *const magic; +} crypt_types[] = { + { + "des", + crypt_des, + NULL + }, + { + "md5", + crypt_md5, + "$1$" + }, + { + NULL, + NULL + } +}; + +static int crypt_type = 0; + +const char * +crypt_get_format(void) { + + return (crypt_types[crypt_type].name); +} + +int +crypt_set_format(char *type) { + int i; + + for (i = 0; i < sizeof(crypt_types) / sizeof(crypt_types[0]) - 1; i++) { + if (strcmp(type, crypt_types[i].name) == 0) { + crypt_type = i; + return (1); + } + } + return (0); +} + char * crypt(char *passwd, char *salt) { - if (!strncmp(salt, "$1$", 3)) - return crypt_md5(passwd, salt); -#ifdef NONEXPORTABLE_CRYPT - return crypt_des(passwd, salt); -#else - return crypt_md5(passwd, salt); -#endif + int i; + + for (i = 0; i < sizeof(crypt_types) / sizeof(crypt_types[0]) - 1; i++) { + if (crypt_types[i].magic != NULL && strncmp(salt, + crypt_types[i].magic, strlen(crypt_types[i].magic)) == 0) + return (crypt_types[i].func(passwd, salt)); + } + return (crypt_types[crypt_type].func(passwd, salt)); } diff --git a/lib/libcrypt/crypt.h b/lib/libcrypt/crypt.h index 8920986c..3544f89 100644 --- a/lib/libcrypt/crypt.h +++ b/lib/libcrypt/crypt.h @@ -29,7 +29,6 @@ /* magic sizes */ #define MD5_SIZE 16 -#define SHS_SIZE 20 char *crypt_des(const char *pw, const char *salt); char *crypt_md5(const char *pw, const char *salt); -- cgit v1.1