static QByteArray encrypt( const QString& value ) { if ( value.isEmpty() ) return QByteArray(); QByteArray data = value.toUtf8(); #if defined( HAVE_WINCRYPT ) DATA_BLOB input; input.pbData = (BYTE*)data.data(); input.cbData = data.length(); DATA_BLOB output; if ( !CryptProtectData( &input, L"", NULL, NULL, NULL, 0, &output ) ) return QByteArray(); QByteArray result( (char*)output.pbData, output.cbData ); LocalFree( output.pbData ); return result; #else return obscure( data ); #endif }
static char* new_password(const struct passwd *pw, uid_t myuid, const char *algo) { char salt[MAX_PW_SALT_LEN]; char *orig = (char*)""; char *newp = NULL; char *cp = NULL; char *ret = NULL; /* failure so far */ if (myuid != 0 && pw->pw_passwd[0]) { char *encrypted; orig = bb_ask_stdin("Old password: "******"incorrect password for %s", pw->pw_name); bb_do_delay(LOGIN_FAIL_DELAY); puts("Incorrect password"); goto err_ret; } if (ENABLE_FEATURE_CLEAN_UP) free(encrypted); } orig = xstrdup(orig); /* or else bb_ask_stdin() will destroy it */ newp = bb_ask_stdin("New password: "******"Retype password: "******"Passwords don't match"); goto err_ret; } crypt_make_pw_salt(salt, algo); /* pw_encrypt returns malloced str */ ret = pw_encrypt(newp, salt, 1); /* whee, success! */ err_ret: nuke_str(orig); if (ENABLE_FEATURE_CLEAN_UP) free(orig); nuke_str(newp); if (ENABLE_FEATURE_CLEAN_UP) free(newp); nuke_str(cp); return ret; }
/* ** Remember the URL and password if requested. */ void url_remember(void){ if( g.url.flags & URL_REMEMBER ){ db_set("last-sync-url", g.url.canonical, 0); if( g.url.user!=0 && g.url.passwd!=0 && ( g.url.flags & URL_REMEMBER_PW ) ){ db_set("last-sync-pw", obscure(g.url.passwd), 0); } } }
static QString decrypt( const QByteArray& value ) { if ( value.isEmpty() ) return QString(); #if defined( HAVE_WINCRYPT ) DATA_BLOB input; input.pbData = (BYTE*)value.data(); input.cbData = value.length(); DATA_BLOB output; if ( !CryptUnprotectData( &input, NULL, NULL, NULL, NULL, 0, &output ) ) return QString(); QByteArray data( (char*)output.pbData, output.cbData ); LocalFree( output.pbData ); #else QByteArray data = obscure( value ); #endif return QString::fromUtf8( data ); }
/* * new_password - validate old password and replace with new (both old and * new in global "char crypt_passwd[128]") */ static int new_password (const struct passwd *pw) { char *clear; /* Pointer to clear text */ char *cipher; /* Pointer to cipher text */ char *cp; /* Pointer to getpass() response */ char orig[200]; /* Original password */ char pass[200]; /* New password */ int i; /* Counter for retries */ int warned; int pass_max_len = -1; char *method; #ifdef HAVE_LIBCRACK_HIST int HistUpdate (const char *, const char *); #endif /* HAVE_LIBCRACK_HIST */ /* * Authenticate the user. The user will be prompted for their own * password. */ if (!amroot && crypt_passwd[0]) { clear = getpass (_("Old password: "******"incorrect password for %s", pw->pw_name)); sleep (1); fprintf (stderr, _("Incorrect password for %s.\n"), pw->pw_name); return -1; } STRFCPY (orig, clear); strzero (clear); strzero (cipher); } else { orig[0] = '\0'; } /* * Get the new password. The user is prompted for the new password * and has five tries to get it right. The password will be tested * for strength, unless it is the root user. This provides an escape * for initial login passwords. */ if ((method = getdef_str ("ENCRYPT_METHOD")) == NULL) { if (!getdef_bool ("MD5_CRYPT_ENAB")) { pass_max_len = getdef_num ("PASS_MAX_LEN", 8); } } else { if ( (strcmp (method, "MD5") == 0) #ifdef USE_SHA_CRYPT || (strcmp (method, "SHA256") == 0) || (strcmp (method, "SHA512") == 0) #endif /* USE_SHA_CRYPT */ ) { pass_max_len = -1; } else { pass_max_len = getdef_num ("PASS_MAX_LEN", 8); } } if (!qflg) { if (pass_max_len == -1) { printf (_( "Enter the new password (minimum of %d characters)\n" "Please use a combination of upper and lower case letters and numbers.\n"), getdef_num ("PASS_MIN_LEN", 5)); } else { printf (_( "Enter the new password (minimum of %d, maximum of %d characters)\n" "Please use a combination of upper and lower case letters and numbers.\n"), getdef_num ("PASS_MIN_LEN", 5), pass_max_len); } } warned = 0; for (i = getdef_num ("PASS_CHANGE_TRIES", 5); i > 0; i--) { cp = getpass (_("New password: "******"Try again.")); continue; } /* * If enabled, warn about weak passwords even if you are * root (enter this password again to use it anyway). * --marekm */ if (amroot && !warned && getdef_bool ("PASS_ALWAYS_WARN") && (!obscure (orig, pass, pw) || reuse (pass, pw))) { puts (_("\nWarning: weak password (enter it again to use it anyway).")); warned++; continue; } cp = getpass (_("Re-enter new password: "******"They don't match; try again.\n"), stderr); } else { strzero (cp); break; } } memzero (orig, sizeof orig); if (i == 0) { memzero (pass, sizeof pass); return -1; } /* * Encrypt the password, then wipe the cleartext password. */ cp = pw_encrypt (pass, crypt_make_salt (NULL, NULL)); memzero (pass, sizeof pass); #ifdef HAVE_LIBCRACK_HIST HistUpdate (pw->pw_name, crypt_passwd); #endif /* HAVE_LIBCRACK_HIST */ STRFCPY (crypt_passwd, cp); return 0; }