From owner-svn-src-head@FreeBSD.ORG Sat Apr 26 11:50:25 2014 Return-Path: Delivered-To: svn-src-head@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id ECB5CE07; Sat, 26 Apr 2014 11:50:25 +0000 (UTC) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:1900:2254:2068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id CCE25134B; Sat, 26 Apr 2014 11:50:25 +0000 (UTC) Received: from svn.freebsd.org ([127.0.1.70]) by svn.freebsd.org (8.14.8/8.14.8) with ESMTP id s3QBoPqt011761; Sat, 26 Apr 2014 11:50:25 GMT (envelope-from des@svn.freebsd.org) Received: (from des@localhost) by svn.freebsd.org (8.14.8/8.14.8/Submit) id s3QBoP2v011760; Sat, 26 Apr 2014 11:50:25 GMT (envelope-from des@svn.freebsd.org) Message-Id: <201404261150.s3QBoP2v011760@svn.freebsd.org> From: Dag-Erling Smørgrav Date: Sat, 26 Apr 2014 11:50:25 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r264964 - head/lib/libcrypt X-SVN-Group: head MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-head@freebsd.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: SVN commit messages for the src tree for head/-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 26 Apr 2014 11:50:26 -0000 Author: des Date: Sat Apr 26 11:50:25 2014 New Revision: 264964 URL: http://svnweb.freebsd.org/changeset/base/264964 Log: r261913 broke DES passwords, because the only way they could work, since they don't have an easily recognizable signature, was if they were the default. This commit rewrites crypt_set_format(3) etc to address this: - Use a pointer instead of an index to identify the default format. This pointer is initialized at compile time to point to the first first element in the list of supported formats, eliminating the need for crypt_setdefault(). Using a pointer also simplifies iterating through the list. - Associate DES with the magic string "_", which takes care of the Extended DES format. - Finally, as a special case, if the salt does not match any known magic string but matches ^[./0-9A-Za-z]{13}$, it is assumed to be a DES password and is passed on to crypt_des(). MFC after: 1 week Modified: head/lib/libcrypt/crypt.c Modified: head/lib/libcrypt/crypt.c ============================================================================== --- head/lib/libcrypt/crypt.c Sat Apr 26 08:05:16 2014 (r264963) +++ head/lib/libcrypt/crypt.c Sat Apr 26 11:50:25 2014 (r264964) @@ -1,6 +1,7 @@ -/* - * Copyright (c) 1999 - * Mark Murray. All rights reserved. +/*- + * Copyright (c) 1999 Mark Murray + * Copyright (c) 2014 Dag-Erling Smørgrav + * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -28,110 +29,88 @@ __FBSDID("$FreeBSD$"); #include -#include + #include +#include #include + #include "crypt.h" -static const struct { +/* + * List of supported crypt(3) formats. The first element in the list will + * be the default. + */ +static const struct crypt_format { const char *const name; char *(*const func)(const char *, const char *); const char *const magic; -} crypt_types[] = { -#ifdef HAS_DES - { - "des", - crypt_des, - NULL - }, -#endif - { - "md5", - crypt_md5, - "$1$" - }, +} crypt_formats[] = { + /* default format */ + { "sha512", crypt_sha512, "$6$" }, + + /* other supported formats */ + { "md5", crypt_md5, "$1$" }, #ifdef HAS_BLOWFISH - { - "blf", - crypt_blowfish, - "$2" - }, + { "blf", crypt_blowfish, "$2" }, +#endif + { "nth", crypt_nthash, "$3$" }, + { "sha256", crypt_sha256, "$5$" }, +#ifdef HAS_DES + { "des", crypt_des, "_" }, #endif - { - "nth", - crypt_nthash, - "$3$" - }, - { - "sha256", - crypt_sha256, - "$5$" - }, - { - "sha512", - crypt_sha512, - "$6$" - }, - { - NULL, - NULL, - NULL - } -}; - -#define CRYPT_DEFAULT "sha512" -static int crypt_type = -1; + /* sentinel */ + { NULL, NULL, NULL } +}; -static void -crypt_setdefault(void) -{ - size_t i; +static const struct crypt_format *crypt_format = &crypt_formats[0]; - if (crypt_type != -1) - return; - for (i = 0; i < sizeof(crypt_types) / sizeof(crypt_types[0]) - 1; i++) { - if (strcmp(CRYPT_DEFAULT, crypt_types[i].name) == 0) { - crypt_type = (int)i; - return; - } - } - crypt_type = 0; -} +#define DES_SALT_ALPHABET \ + "./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz" +/* + * Returns the name of the currently selected format. + */ const char * crypt_get_format(void) { - crypt_setdefault(); - return (crypt_types[crypt_type].name); + return (crypt_format->name); } +/* + * Selects the format to use for subsequent crypt(3) invocations. + */ int -crypt_set_format(const char *type) +crypt_set_format(const char *format) { - size_t i; + const struct crypt_format *cf; - crypt_setdefault(); - for (i = 0; i < sizeof(crypt_types) / sizeof(crypt_types[0]) - 1; i++) { - if (strcmp(type, crypt_types[i].name) == 0) { - crypt_type = (int)i; + for (cf = crypt_formats; cf->name != NULL; ++cf) { + if (strcasecmp(cf->name, format) == 0) { + crypt_format = cf; return (1); } } return (0); } +/* + * Hash the given password with the given salt. If the salt begins with a + * magic string (e.g. "$6$" for sha512), the corresponding format is used; + * otherwise, the currently selected format is used. + */ char * crypt(const char *passwd, const char *salt) { - size_t i; + const struct crypt_format *cf; - crypt_setdefault(); - for (i = 0; i < sizeof(crypt_types) / sizeof(crypt_types[0]) - 1; i++) { - if (crypt_types[i].magic != NULL && strncmp(salt, - crypt_types[i].magic, strlen(crypt_types[i].magic)) == 0) - return (crypt_types[i].func(passwd, salt)); - } - return (crypt_types[crypt_type].func(passwd, salt)); + for (cf = crypt_formats; cf->name != NULL; ++cf) + if (cf->magic != NULL && strstr(salt, cf->magic) == salt) + return (cf->func(passwd, salt)); +#ifdef HAS_DES + if (strlen(salt) == 13 && strspn(salt, DES_SALT_ALPHABET) == 13) + return (crypt_des(passwd, salt)); +#endif + return (crypt_format->func(passwd, salt)); }