| blob | 82085184e82249920f774c97a367bf419e26cd9f |
1 /*
2 Unix SMB/CIFS implementation.
4 Functions to create reasonable random numbers for crypto use.
6 Copyright (C) Jeremy Allison 2001
8 This program is free software; you can redistribute it and/or modify
9 it under the terms of the GNU General Public License as published by
10 the Free Software Foundation; either version 3 of the License, or
11 (at your option) any later version.
13 This program is distributed in the hope that it will be useful,
14 but WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 GNU General Public License for more details.
18 You should have received a copy of the GNU General Public License
19 along with this program. If not, see <http://www.gnu.org/licenses/>.
20 */
25 /**
26 * @file
27 * @brief Random number generation
28 */
30 /**
31 generate a single random uint32_t
32 **/
34 {
38 }
40 /**
41 @brief generate a random uint64
42 **/
44 {
48 }
51 {
63 };
64 }
70 }
73 }
75 /**
76 Microsoft composed the following rules (among others) for quality
77 checks. This is an abridgment from
78 http://msdn.microsoft.com/en-us/subscriptions/cc786468%28v=ws.10%29.aspx:
80 Passwords must contain characters from three of the following five
81 categories:
83 - Uppercase characters of European languages (A through Z, with
84 diacritic marks, Greek and Cyrillic characters)
85 - Lowercase characters of European languages (a through z, sharp-s,
86 with diacritic marks, Greek and Cyrillic characters)
87 - Base 10 digits (0 through 9)
88 - Nonalphanumeric characters: ~!@#$%^&*_-+=`|\(){}[]:;"'<>,.?/
89 - Any Unicode character that is categorized as an alphabetic character
90 but is not uppercase or lowercase. This includes Unicode characters
91 from Asian languages.
93 Note: for now do not check if the unicode category is
94 alphabetic character
95 **/
97 {
109 }
114 codepoint_t c;
121 }
131 }
136 }
141 }
146 }
148 /*
149 * the rest does not belong to
150 * a category.
151 */
153 }
158 }
163 }
165 /*
166 * Note: for now do not check if the unicode category is
167 * alphabetic character
168 *
169 * We would have to import the details from
170 * ftp://ftp.unicode.org/Public/6.3.0/ucd/UnicodeData-6.3.0d1.txt
171 */
174 }
178 }
181 }
184 }
187 }
190 }
194 }
197 }
199 /**
200 Use the random number generator to generate a random string.
201 **/
204 {
214 }
218 }
220 /**
221 * Generate a random text string consisting of the specified length.
222 * The returned string will be allocated.
223 *
224 * Characters used are: ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+_-#.,
225 */
228 {
232 again:
236 /* we need to make sure the random string passes basic quality tests
237 or it might be rejected by windows as a password */
241 }
244 }
246 /**
247 * Generate a random text password (based on printable ascii characters).
248 */
251 {
253 /* This list does not include { or } because they cause
254 * problems for our provision (it can create a substring
255 * ${...}, and for Fedora DS (which treats {...} at the start
256 * of a stored password as special
257 * -- Andrew Bartlett 2010-03-11
258 */
259 const char *c_list = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+_-#.,@$%&!?:;<=>()[]~";
266 }
278 }
280 again:
284 /* we need to make sure the random string passes basic quality tests
285 or it might be rejected by windows as a password */
289 }
292 }
294 /**
295 * Generate a random machine password (based on random utf16 characters,
296 * converted to utf8). min must be at least 14, max must be at most 255.
297 *
298 * If 'unix charset' is not utf8, the password consist of random ascii
299 * values!
300 */
303 {
323 }
328 }
333 }
348 }
350 /*
351 * Create a random machine account password
352 * We create a random buffer and convert that to utf8.
353 * This is similar to what windows is doing.
354 *
355 * In future we may store the raw random buffer,
356 * but for now we need to pass the password as
357 * char pointer through some layers.
358 *
359 * As most kerberos keys are derived from the
360 * utf8 password we need to fallback to
361 * ASCII passwords if "unix charset" is not utf8.
362 */
368 /*
369 * both MIT krb5 and HEIMDAL only
370 * handle codepoints up to 0xffff.
371 *
372 * It means we need to avoid
373 * 0xD800 - 0xDBFF (high surrogate)
374 * and
375 * 0xDC00 - 0xDFFF (low surrogate)
376 * in the random utf16 data.
377 *
378 * 55296 0xD800 0154000 0b1101100000000000
379 * 57343 0xDFFF 0157777 0b1101111111111111
380 * 8192 0x2000 020000 0b10000000000000
381 *
382 * The above values show that we can check
383 * for 0xD800 and just add 0x2000 to avoid
384 * the surrogate ranges.
385 *
386 * The rest will be handled by CH_UTF16MUNGED
387 * see utf16_munged_pull().
388 */
392 }
394 }
401 __func__));
404 }
412 }
416 }
420 utf8_len);
423 }
429 }
434 ascii_fallback:
436 /*
437 * truncate to ascii
438 */
442 }
445 }
447 }
454 }
458 }
460 /**
461 * Generate an array of unique text strings all of the same length.
462 * The returned string will be allocated.
463 * Returns NULL if the number of unique combinations cannot be created.
464 *
465 * Characters used are: abcdefghijklmnopqrstuvwxyz0123456789+_-#.,
466 */
469 {
487 }
492 }
496 /* we were not able to fit the number of
497 * combinations asked for in the length
498 * specified */
504 }
505 }
508 }