lib/libcrypt/crypt.c

   1 /*
   2  * Copyright (c) 1999
   3  *      Mark Murray.  All rights reserved.
   4  *
   5  * Redistribution and use in source and binary forms, with or without
   6  * modification, are permitted provided that the following conditions
   7  * are met:
   8  * 1. Redistributions of source code must retain the above copyright
   9  *    notice, this list of conditions and the following disclaimer.
  10  * 2. Redistributions in binary form must reproduce the above copyright
  11  *    notice, this list of conditions and the following disclaimer in the
  12  *    documentation and/or other materials provided with the distribution.
  13  *
  14  * THIS SOFTWARE IS PROVIDED BY MARK MURRAY AND CONTRIBUTORS ``AS IS'' AND
  15  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  16  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
  17  * ARE DISCLAIMED.  IN NO EVENT SHALL MARK MURRAY OR CONTRIBUTORS BE LIABLE
  18  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
  19  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
  20  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
  21  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
  22  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  23  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  24  * SUCH DAMAGE.
  25  *
  26  * $FreeBSD: src/lib/libcrypt/crypt.c,v 1.14.2.2 2001/05/24 12:20:02 markm Exp $
  27  * $DragonFly: src/lib/libcrypt/crypt.c,v 1.3 2005/08/04 17:27:09 drhodus Exp $
  28  */
  29
  30 #include <sys/types.h>
  31 #include <string.h>
  32 #include <libutil.h>
  33 #include "crypt.h"
  34
  35 /*
  36  * XXX - NOTE:
  37  *
  38  * The deprecated sha256/512 functions are somehow sensitive to the
  39  * order of this crypt_types array as well as their respective "name" members.
  40  *
  41  * In order to ensure that both existing passwords will continue to work and
  42  * that new passwords will be more secure by using the new algorithms even
  43  * without updating the existing login.conf, this array is now scanned
  44  * backwards. This could be reverted in the future when the deprecated SHA
  45  * functionality is removed.
  46  */
  47 static const struct {
  48         const char *const name;
  49         char *(*const func)(const char *, const char *);
  50         const char *const magic;
  51 } crypt_types[] = {
  52 #ifdef HAS_DES
  53         {
  54                 "des",
  55                 crypt_des,
  56                 NULL
  57         },
  58 #endif
  59         {
  60                 "md5",
  61                 crypt_md5,
  62                 "$1$"
  63         },
  64 #ifdef HAS_BLOWFISH
  65         {
  66                 "blf",
  67                 crypt_blowfish,
  68                 "$2"
  69         },
  70 #endif
  71         {
  72                 "sha256",
  73                 crypt_deprecated_sha256,
  74                 "$3$"
  75         },
  76         {
  77                 "sha512",
  78                 crypt_deprecated_sha512,
  79                 "$4$"
  80         },
  81         {
  82                 "sha256",
  83                 crypt_sha256,
  84                 "$5$"
  85         },
  86         {
  87                 "sha512",
  88                 crypt_sha512,
  89                 "$6$"
  90         }
  91 };
  92
  93 static int crypt_type = -1;
  94
  95 static void
  96 crypt_setdefault(void)
  97 {
  98         char *def;
  99         int i;
 100
 101         if (crypt_type != -1)
 102                 return;
 103         def = auth_getval("crypt_default");
 104         if (def == NULL) {
 105                 crypt_type = 0;
 106                 return;
 107         }
 108         for (i = sizeof(crypt_types) / sizeof(crypt_types[0]) - 1; i >= 0; i--) {
 109                 if (strcmp(def, crypt_types[i].name) == 0) {
 110                         crypt_type = i;
 111                         return;
 112                 }
 113         }
 114         crypt_type = 0;
 115 }
 116
 117 const char *
 118 crypt_get_format(void)
 119 {
 120
 121         crypt_setdefault();
 122         return (crypt_types[crypt_type].name);
 123 }
 124
 125 int
 126 crypt_set_format(char *type)
 127 {
 128         int i;
 129
 130         crypt_setdefault();
 131         for (i = sizeof(crypt_types) / sizeof(crypt_types[0]) - 1; i >= 0; i--) {
 132                 if (strcmp(type, crypt_types[i].name) == 0) {
 133                         crypt_type = i;
 134                         return (1);
 135                 }
 136         }
 137         return (0);
 138 }
 139
 140 char *
 141 crypt(char *passwd, char *salt)
 142 {
 143         int i;
 144
 145         crypt_setdefault();
 146         for (i = sizeof(crypt_types) / sizeof(crypt_types[0]) - 1; i >= 0; i--) {
 147                 if (crypt_types[i].magic != NULL && strncmp(salt,
 148                     crypt_types[i].magic, strlen(crypt_types[i].magic)) == 0)
 149                         return (crypt_types[i].func(passwd, salt));
 150         }
 151         return (crypt_types[crypt_type].func(passwd, salt));
 152 }