1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
|
/*
* ----------------------------------------------------------------------------
* "THE BEER-WARE LICENSE" (Revision 42):
* <phk@login.dknet.dk> wrote this file. As long as you retain this notice you
* can do whatever you want with this stuff. If we meet some day, and you think
* this stuff is worth it, you can buy me a beer in return. Poul-Henning Kamp
* ----------------------------------------------------------------------------
*/
/*
* It has since been changed by Brandon Gillespie, the end result is not
* too clean, but it is clear and modular; there is no need for crypt()
* to be optimized (and actually a desire for the opposite) so I am not
* overly concerned.
*/
/*
* Assumptions made with the format of passwords:
*
* + Any password beginning with a dollar-sign is assumed to be in
* the Modular Crypt Format (MCF), namely: $tag$salt$hash. Any
* algorithms added will also use this format. Other MCF assumptions:
* + The algorithm tag (field 1) will be less than five characters
* long (yay, arbitrary limits). Anything longer is ignored.
* New algorithm names are not allowed to be fully numeric as
* anything fully numeric is mapped from other OS's not following
* our standard, and from older versions of this standard (such as
* $1$ for MD5 passwords, rather than $MD5$).
* + The salt can be up to 16 characters in length (more arbitrary
* limits).
* + An invalid or unrecognized algorithm tag will default to use the
* 'best' encryption method--whatever that may be at the time.
* + If the MCF is not specified, use the 'best' method, unless DES
* is installed--then use DES.
* + Any password beginning with an underscore '_' is assumed to be
* the Extended DES Format, which has its own salt requirements,
* and is not the same as the MCF.
* + Salt must be limited to the same ascii64 character set the hash
* is encoded in (namely "./0-9A-Za-z").
*/
#include <unistd.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <ctype.h>
#define _CRYPT_C_
#include "crypt.h"
#ifndef TRUE
#define TRUE 1
#endif
#ifndef FALSE
#define FALSE 0
#endif
/*
* commonly used througout all algorithms
*/
static unsigned char ascii64[] = /* 0 ... 63 => ascii - 64 */
"./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz";
void
to64(s, v, n)
char *s;
unsigned long v;
int n;
{
while (--n >= 0) {
*s++ = ascii64[v&0x3f];
v >>= 6;
}
}
static char * hash_word(password, salt, output)
const char *password;
const char *salt;
char *output;
{
unsigned char spbuf[_CRYPT_MAX_SALT_LEN+1],
pwbuf[_CRYPT_OUTPUT_SIZE+1],
* ep, * sp, * pw;
unsigned int sl, pl,
tag = _CRYPT_DEFAULT_VERSION,
mcf = FALSE;
memset(spbuf, 0, _CRYPT_MAX_SALT_LEN+1);
memset(pwbuf, 0, _CRYPT_MAX_SALT_LEN+1);
strncpy((char *) spbuf, (unsigned char *) salt, _CRYPT_MAX_SALT_LEN);
strncpy((char *) pwbuf, (unsigned char *) password, _CRYPT_OUTPUT_SIZE);
sp = &spbuf[0];
pw = &pwbuf[0];
pl = strlen((char *) pw);
/* figure out what type of crypt is wanted */
if (sp && sp[0] == '$') {
mcf = TRUE;
sp++;
if (strncasecmp((char *) sp, "MD5$", 4)==0) {
tag = _MD5_CRYPT;
sp += 4;
} else if (strncasecmp((char *) sp, "1$", 2)==0) {
tag = _MD5_CRYPT_OLD;
sp += 2;
} else if (strncasecmp((char *) sp, "SHA1$", 5)==0) {
tag = _SHS_CRYPT;
sp += 5;
} else {
tag = _CRYPT_DEFAULT_VERSION;
while (*sp && *sp != '$')
sp++;
if (*sp == '$')
sp++;
}
}
/* Refine the salt. Go to the end, it stops at the first '$' or NULL */
for (ep=sp; *ep && *ep != '$'; ep++)
continue;
/* we have to do this so we dont overflow _PASSWORD_LEN */
if ((ep - sp) > 16) {
sl = 16;
sp[16] = (char) NULL;
} else {
sl = ep - sp;
}
switch (tag) {
case _MD5_CRYPT_OLD:
return crypt_md5(pw, pl, sp, sl, output, "$1$");
case _MD5_CRYPT:
return crypt_md5(pw, pl, sp, sl, output, "$MD5$");
#ifdef DES_CRYPT
case _DES_CRYPT:
return crypt_des(pw, pl, sp, sl, output, "");
#endif
/* dropping a DES password through will likely cause problems,
but at least crypt() will return as it says it will (we cannot
return an error condition) */
case _SHS_CRYPT:
default:
return crypt_shs(pw, pl, sp, sl, output, "$SHA1$");
}
}
char *
crypt(password, salt)
const char *password;
const char *salt;
{
static char output[_CRYPT_OUTPUT_SIZE];
return hash_word(password, salt, output);
}
char *
malloc_crypt(password, salt)
const char *password;
const char *salt;
{
char * output;
output = (char *) malloc(sizeof(char) * _CRYPT_OUTPUT_SIZE);
return hash_word(password, salt, output);
}
int
match_crypted(possible, crypted)
const char * possible,
* crypted;
{
char * pc;
int match;
pc = malloc_crypt(possible, crypted);
match = !strcmp(pc, crypted);
free(pc);
return match;
}
#undef _CRYPT_C_
|
