apps/passwd.c

   1 /* apps/passwd.c */
   2
   3 #if !defined(NO_DES) /* && !defined(prerequisites of other algorithms) */
   4
   5 #include <assert.h>
   6 #include <string.h>
   7
   8 #include "apps.h"
   9
  10 #include <openssl/bio.h>
  11 #include <openssl/err.h>
  12 #include <openssl/evp.h>
  13 #include <openssl/rand.h>
  14
  15 #ifndef NO_DES
  16 # include <openssl/des.h>
  17 #endif
  18
  19 #undef PROG
  20 #define PROG passwd_main
  21
  22
  23 static unsigned const char cov_2char[64]={
  24         /* from crypto/des/fcrypt.c */
  25         0x2E,0x2F,0x30,0x31,0x32,0x33,0x34,0x35,
  26         0x36,0x37,0x38,0x39,0x41,0x42,0x43,0x44,
  27         0x45,0x46,0x47,0x48,0x49,0x4A,0x4B,0x4C,
  28         0x4D,0x4E,0x4F,0x50,0x51,0x52,0x53,0x54,
  29         0x55,0x56,0x57,0x58,0x59,0x5A,0x61,0x62,
  30         0x63,0x64,0x65,0x66,0x67,0x68,0x69,0x6A,
  31         0x6B,0x6C,0x6D,0x6E,0x6F,0x70,0x71,0x72,
  32         0x73,0x74,0x75,0x76,0x77,0x78,0x79,0x7A
  33 };
  34
  35 /* -crypt        - standard Unix password algorithm (default, only choice)
  36  * -salt string  - salt
  37  * -quiet        - no warnings
  38  * -table        - format output as table
  39  */
  40
  41 int MAIN(int argc, char **argv)
  42         {
  43         int ret = 1;
  44         char *salt = NULL, *passwd, **passwds = NULL;
  45         char *salt_malloc = NULL, *passwd_malloc = NULL;
  46         BIO *out = NULL;
  47         int i, badopt, opt_done;
  48         int passed_salt = 0, quiet = 0, table = 0;
  49         int usecrypt = 0;
  50         size_t pw_maxlen = 0;
  51
  52         apps_startup();
  53
  54         if (bio_err == NULL)
  55                 if ((bio_err=BIO_new(BIO_s_file())) != NULL)
  56                         BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
  57         out = BIO_new(BIO_s_file());
  58         if (out == NULL)
  59                 goto err;
  60         BIO_set_fp(out, stdout, BIO_NOCLOSE | BIO_FP_TEXT);
  61
  62         badopt = 0, opt_done = 0;
  63         i = 0;
  64         while (!badopt && !opt_done && argv[++i] != NULL)
  65                 {
  66                 if (strcmp(argv[i], "-crypt") == 0)
  67                         usecrypt = 1;
  68                 else if (strcmp(argv[i], "-salt") == 0)
  69                         {
  70                         if ((argv[i+1] != NULL) && (salt == NULL))
  71                                 {
  72                                 passed_salt = 1;
  73                                 salt = argv[++i];
  74                                 }
  75                         else badopt = 1;
  76                         }
  77                 else if (strcmp(argv[i], "-quiet") == 0)
  78                         quiet = 1;
  79                 else if (strcmp(argv[i], "-table") == 0)
  80                         table = 1;
  81                 else if (argv[i][0] == '-')
  82                         badopt = 1;
  83                 else
  84                         /* non-option argument */
  85                         {
  86                         passwds = &argv[i];
  87                         opt_done = 1;
  88                         }
  89                 }
  90
  91         if (usecrypt /* + algo2 + algo3 + ... */ == 0) /* use default */
  92                 usecrypt = 1;
  93         if (usecrypt /* + algo2 + algo3 */ > 1) /* conflict */
  94                 badopt = 1;
  95
  96         if (badopt)
  97                 {
  98                 BIO_printf(bio_err, "Usage: passwd [options] [passwords]\n");
  99                 BIO_printf(bio_err, "where options are\n");
 100                 BIO_printf(bio_err, "-crypt             standard Unix password algorithm (default)\n");
 101                 BIO_printf(bio_err, "-salt string       use provided salt\n");
 102                 BIO_printf(bio_err, "-quiet             no warnings\n");
 103                 BIO_printf(bio_err, "-table             format output as table\n");
 104
 105                 goto err;
 106                 }
 107
 108         if (usecrypt)
 109                 pw_maxlen = 8;
 110         /* else if ... */
 111
 112         if (passwds == NULL)
 113                 {
 114                 /* build a null-terminated list */
 115                 static char *passwds_static[2] = {NULL, NULL};
 116
 117                 passwds = passwds_static;
 118                 passwd_malloc = Malloc(pw_maxlen + 1);
 119                 if (passwd_malloc == NULL)
 120                         goto err;
 121                 if (EVP_read_pw_string(passwd_malloc, pw_maxlen + 1, "Password: ", 0) != 0)
 122                         goto err;
 123                 passwds[0] = passwd_malloc;
 124                 }
 125
 126         assert(passwds != NULL);
 127         assert(*passwds != NULL);
 128
 129         do /* loop over list of passwords */
 130                 {
 131                 /* first make sure we have a salt */
 132                 if (!passed_salt)
 133                         {
 134                         if (usecrypt)
 135                                 {
 136                                 if (salt_malloc == NULL)
 137                                         {
 138                                         salt = salt_malloc = Malloc(3);
 139                                         if (salt_malloc == NULL)
 140                                                 goto err;
 141                                         }
 142                                 if (RAND_pseudo_bytes((unsigned char *)salt, 2) < 0)
 143                                         goto err;
 144                                 salt[0] = cov_2char[salt[0] & 0x3f]; /* 6 bits */
 145                                 salt[1] = cov_2char[salt[1] & 0x3f]; /* 6 bits */
 146                                 salt[2] = 0;
 147 #ifdef CHARSET_EBCDIC
 148                                 ascii2ebcdic(salt, salt, 2); /* des_crypt will convert
 149                                                               * back to ASCII */
 150 #endif
 151                                 }
 152                         /* else if (algo2) ... */
 153                         }
 154
 155                 assert(salt != NULL);
 156
 157                 /* truncate password if necessary */
 158                 passwd = *passwds++;
 159                 if ((strlen(passwd) > pw_maxlen))
 160                         {
 161                         if (!quiet)
 162                                 BIO_printf(bio_err, "Warning: truncating password to %u characters\n", pw_maxlen);
 163                         passwd[pw_maxlen] = 0;
 164                         }
 165                 assert(strlen(passwd) <= pw_maxlen);
 166
 167                 /* now compute password hash */
 168                 if (usecrypt)
 169                         {
 170                         char *hash = des_crypt(passwd, salt);
 171                         if (table)
 172                                 BIO_printf(out, "%s\t%s\n", passwd, hash);
 173                         else
 174                                 BIO_printf(out, "%s\n", hash);
 175                         }
 176                 /* else if (algo2) { ... } else if (algo3) { ... } */
 177                 else
 178                         assert(0);
 179                 }
 180         while (*passwds != NULL);
 181
 182 err:
 183         ERR_print_errors(bio_err);
 184         if (salt_malloc)
 185                 Free(salt_malloc);
 186         if (passwd_malloc)
 187                 Free(passwd_malloc);
 188         if (out)
 189                 BIO_free(out);
 190         EXIT(ret);
 191         }
 192 #endif