xref: /dragonfly/lib/libcrypt/crypt.c (revision e0369600668aca82fea4c3901659ea23bc610fc0) 
1 /*
2  * Copyright (c) 1999
3  *      Mark Murray.  All rights reserved.
4  *
5  * Redistribution and use in source and binary forms, with or without
6  * modification, are permitted provided that the following conditions
7  * are met:
8  * 1. Redistributions of source code must retain the above copyright
9  *    notice, this list of conditions and the following disclaimer.
10  * 2. Redistributions in binary form must reproduce the above copyright
11  *    notice, this list of conditions and the following disclaimer in the
12  *    documentation and/or other materials provided with the distribution.
13  *
14  * THIS SOFTWARE IS PROVIDED BY MARK MURRAY AND CONTRIBUTORS ``AS IS'' AND
15  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
16  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
17  * ARE DISCLAIMED.  IN NO EVENT SHALL MARK MURRAY OR CONTRIBUTORS BE LIABLE
18  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
19  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
20  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
21  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
22  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
23  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
24  * SUCH DAMAGE.
25  *
26  * $FreeBSD: src/lib/libcrypt/crypt.c,v 1.14.2.2 2001/05/24 12:20:02 markm Exp $
27  */
28 
29 #include <sys/types.h>
30 #include <string.h>
31 #include <libutil.h>
32 #include <unistd.h>
33 #include "crypt.h"
34 
35 /*
36  * XXX - NOTE:
37  *
38  * The deprecated sha256/512 functions are somehow sensitive to the
39  * order of this crypt_types array as well as their respective "name" members.
40  *
41  * In order to ensure that both existing passwords will continue to work and
42  * that new passwords will be more secure by using the new algorithms even
43  * without updating the existing login.conf, this array is now scanned
44  * backwards. This could be reverted in the future when the deprecated SHA
45  * functionality is removed.
46  */
47 static const struct {
48           const char *const name;
49           char *(*const func)(const char *, const char *);
50           const char *const magic;
51 } crypt_types[] = {
52 #ifdef HAS_DES
53           {
54                     "des",
55                     crypt_des,
56                     NULL
57           },
58 #endif
59           {
60                     "md5",
61                     crypt_md5,
62                     "$1$"
63           },
64 #ifdef HAS_BLOWFISH
65           {
66                     "blf",
67                     crypt_blowfish,
68                     "$2"
69           },
70 #endif
71           {
72                     "sha256",
73                     crypt_deprecated_sha256,
74                     "$3$"
75           },
76           {
77                     "sha512",
78                     crypt_deprecated_sha512,
79                     "$4$"
80           },
81           {
82                     "sha256",
83                     crypt_sha256,
84                     "$5$"
85           },
86           {
87                     "sha512",
88                     crypt_sha512,
89                     "$6$"
90           }
91 };
92 
93 static int crypt_type = -1;
94 
95 static void
crypt_setdefault(void)96 crypt_setdefault(void)
97 {
98           char *def;
99           int i;
100 
101           if (crypt_type != -1)
102                     return;
103           def = auth_getval("crypt_default");
104           if (def == NULL) {
105                     crypt_type = 0;
106                     return;
107           }
108           for (i = sizeof(crypt_types) / sizeof(crypt_types[0]) - 1; i >= 0; i--) {
109                     if (strcmp(def, crypt_types[i].name) == 0) {
110                               crypt_type = i;
111                               return;
112                     }
113           }
114           crypt_type = 0;
115 }
116 
117 const char *
crypt_get_format(void)118 crypt_get_format(void)
119 {
120 
121           crypt_setdefault();
122           return (crypt_types[crypt_type].name);
123 }
124 
125 int
crypt_set_format(const char * type)126 crypt_set_format(const char *type)
127 {
128           int i;
129 
130           crypt_setdefault();
131           for (i = sizeof(crypt_types) / sizeof(crypt_types[0]) - 1; i >= 0; i--) {
132                     if (strcmp(type, crypt_types[i].name) == 0) {
133                               crypt_type = i;
134                               return (1);
135                     }
136           }
137           return (0);
138 }
139 
140 char *
crypt(const char * passwd,const char * salt)141 crypt(const char *passwd, const char *salt)
142 {
143           int i;
144 
145           crypt_setdefault();
146           for (i = sizeof(crypt_types) / sizeof(crypt_types[0]) - 1; i >= 0; i--) {
147                     if (crypt_types[i].magic != NULL && strncmp(salt,
148                         crypt_types[i].magic, strlen(crypt_types[i].magic)) == 0)
149                               return (crypt_types[i].func(passwd, salt));
150           }
151           return (crypt_types[crypt_type].func(passwd, salt));
152 }
153