char * xcrypt(const char *password, const char *salt) { char *crypted; /* * If we don't have a salt we are encrypting a fake password for * for timing purposes. Pick an appropriate salt. */ if (salt == NULL) salt = pick_salt(); # ifdef HAVE_MD5_PASSWORDS if (is_md5_salt(salt)) crypted = md5_crypt(password, salt); else crypted = crypt(password, salt); # elif defined(__hpux) && !defined(HAVE_SECUREWARE) if (iscomsec()) crypted = bigcrypt(password, salt); else crypted = crypt(password, salt); # elif defined(HAVE_SECUREWARE) crypted = bigcrypt(password, salt); # else crypted = crypt(password, salt); # endif return crypted; }
/** * Validate sequrity hashes * * @param __s - hash to validate to * @param __unique - unique */ static void validate_security (char *__s, long __unique) { char tmp[128], dummy[128], key[128]; snprintf (tmp, BUF_SIZE (tmp), "##%s@%ld##", __s, __unique); md5_crypt (tmp, SECURITY_MAGICK, dummy); strcpy (key, dummy + 8); strcpy (__s, key); }
static void prepare_password(void) { switch(auth_type) { case EAD_AUTH_DEFAULT: break; case EAD_AUTH_MD5: md5_crypt(pw_md5, (unsigned char *) password, (unsigned char *) pw_salt); strncpy(password, pw_md5, sizeof(password)); break; } }
char *passwd_hash(const char *password, const char *salt) { char *passwd = md5_crypt(password, salt); if (passwd == NULL) { return 0; } passwd = strdup(passwd + strlen(salt) + 1); return passwd; }
/* my_crypt returns malloc'ed data */ static char *my_crypt(const char *key, const char *salt) { /* First, check if we are supposed to be using the MD5 replacement * instead of DES... */ if (salt[0] == '$' && salt[1] == '1' && salt[2] == '$') { return md5_crypt(xzalloc(MD5_OUT_BUFSIZE), (unsigned char*)key, (unsigned char*)salt); } { if (!des_cctx) des_cctx = const_des_init(); des_ctx = des_init(des_ctx, des_cctx); return des_crypt(des_ctx, xzalloc(DES_OUT_BUFSIZE), (unsigned char*)key, (unsigned char*)salt); } }
/* my_crypt returns malloc'ed data */ static char *my_crypt(const char *key, const char *salt) { /* MD5 or SHA? */ if (salt[0] == '$' && salt[1] && salt[2] == '$') { if (salt[1] == '1') return md5_crypt(xzalloc(MD5_OUT_BUFSIZE), (unsigned char*)key, (unsigned char*)salt); #if ENABLE_USE_BB_CRYPT_SHA if (salt[1] == '5' || salt[1] == '6') return sha_crypt((char*)key, (char*)salt); #endif } if (!des_cctx) des_cctx = const_des_init(); des_ctx = des_init(des_ctx, des_cctx); return des_crypt(des_ctx, xzalloc(DES_OUT_BUFSIZE), (unsigned char*)key, (unsigned char*)salt); }
EFI_STATUS password_crypt (const char *password, UINT32 pw_length, const PASSWORD_CRYPT *pw_crypt, UINT8 *hash) { EFI_STATUS efi_status; if (!pw_crypt) return EFI_INVALID_PARAMETER; switch (pw_crypt->method) { case TRADITIONAL_DES: case EXTEND_BSDI_DES: efi_status = EFI_UNSUPPORTED; break; case MD5_BASED: efi_status = md5_crypt (password, pw_length, (char *)pw_crypt->salt, pw_crypt->salt_size, hash); break; case SHA256_BASED: efi_status = sha256_crypt(password, pw_length, (char *)pw_crypt->salt, pw_crypt->salt_size, pw_crypt->iter_count, hash); break; case SHA512_BASED: efi_status = sha512_crypt(password, pw_length, (char *)pw_crypt->salt, pw_crypt->salt_size, pw_crypt->iter_count, hash); break; case BLOWFISH_BASED: if (pw_crypt->salt_size != (7 + 22 + 1)) { efi_status = EFI_INVALID_PARAMETER; break; } efi_status = blowfish_crypt(password, (char *)pw_crypt->salt, hash); break; default: return EFI_INVALID_PARAMETER; } return efi_status; }
char *userdb_mkmd5pw(const char *buf) { int i; char salt[9]; salt[8]=0; #ifdef RANDOM userdb_get_random(salt, 8); for (i=0; i<8; i++) salt[i] = userdb_hex64[salt[i] & 63 ]; #else { struct { #if HAVE_GETTIMEOFDAY struct timeval tv; #else time_t tv; #endif pid_t p; } s; MD5_DIGEST d; #if HAVE_GETTIMEOFDAY struct timezone tz; gettimeofday(&s.tv, &tz); #else time(&s.tv); #endif s.p=getpid(); md5_digest(&s, sizeof(s), d); for (i=0; i<8; i++) salt[i]=userdb_hex64[ ((unsigned char *)d)[i] ]; } #endif return (md5_crypt(buf, salt)); }
static const char *crypt_md5_wrapper(const char *pw) { struct timeval tv; char salt[10]; int i; gettimeofday(&tv, NULL); tv.tv_sec |= tv.tv_usec; tv.tv_sec ^= getpid(); strcpy(salt, "$1$"); for (i=3; i<8; i++) { salt[i]=crypt_salt[ tv.tv_sec % 64 ]; tv.tv_sec /= 64; } strcpy(salt+i, "$"); return (md5_crypt(pw, salt)); }
gchar *get_peer_token ( peer *p ) { char *n; int carry = 1; int len = sizeof(p->token) - 1; g_assert( p != NULL ); if (! *(p->token)) strrand(p->token, len); for (n = p->token + len - 1; carry && n >= p->token; n--) switch (*n) { case '9': *n = '0'; carry = 1; break; case 'Z': *n = 'A'; carry = 1; break; case 'z': *n = 'a'; carry = 1; break; default : (*n)++; carry = 0; } n = md5_crypt( p->token, p->token + len - 8 ); strncpy( p->token, n, len ); p->token[len - 1] = '\0'; g_free(n); return p->token; }
static foreign_t pl_crypt(term_t passwd, term_t encrypted) { char *pw, *e; char salt[20]; if ( !PL_get_chars(passwd, &pw, CVT_ATOM|CVT_STRING|CVT_LIST|BUF_RING) ) return pl_error("crypt", 2, NULL, ERR_ARGTYPE, 1, passwd, "text"); if ( PL_get_chars(encrypted, &e, CVT_ATOM|CVT_STRING|CVT_LIST|BUF_RING) ) { char *s2; if ( strncmp(e, "$1$", 3) == 0 ) /* MD5 Hash */ { char *p = strchr(e+3, '$'); size_t slen; if ( p && (slen=(size_t)(p-e-3)) < sizeof(salt) ) { strncpy(salt, e+3, slen); salt[slen] = 0; s2 = md5_crypt(pw, salt); return (strcmp(s2, e) == 0) ? TRUE : FALSE; } else { Sdprintf("No salt???\n"); return FALSE; } } else { int rval; salt[0] = e[0]; salt[1] = e[1]; salt[2] = '\0'; LOCK(); s2 = crypt(pw, salt); rval = (strcmp(s2, e) == 0 ? TRUE : FALSE); UNLOCK(); return rval; } } else { term_t tail = PL_copy_term_ref(encrypted); term_t head = PL_new_term_ref(); int slen = 2; int n; int (*unify)(term_t t, const char *s) = PL_unify_list_codes; char *s2; int rval; for(n=0; n<slen; n++) { if ( PL_get_list(tail, head, tail) ) { int i; char *t; if ( PL_get_integer(head, &i) && i>=0 && i<=255 ) { salt[n] = i; } else if ( PL_get_atom_chars(head, &t) && t[1] == '\0' ) { salt[n] = t[0]; unify = PL_unify_list_chars; } else { return pl_error("crypt", 2, NULL, ERR_ARGTYPE, 2, head, "character"); } if ( n == 1 && salt[0] == '$' && salt[1] == '1' ) slen = 3; else if ( n == 2 && salt[2] == '$' ) slen = 8+3; } else break; } for( ; n < slen; n++ ) { int c = 'a'+(int)(26.0*rand()/(RAND_MAX+1.0)); if ( rand() & 0x1 ) c += 'A' - 'a'; salt[n] = c; } salt[n] = 0; LOCK(); if ( slen > 2 ) { s2 = md5_crypt(pw, salt); } else { s2 = crypt(pw, salt); } rval = (*unify)(encrypted, s2); UNLOCK(); return rval; } }
/* * Tries to authenticate the user using password. Returns true if * authentication succeeds. */ int auth_password(Authctxt *authctxt, const char *password) { #if defined(USE_PAM) if (*password == '\0' && options.permit_empty_passwd == 0) return 0; return auth_pam_password(authctxt, password); #elif defined(HAVE_OSF_SIA) if (*password == '\0' && options.permit_empty_passwd == 0) return 0; return auth_sia_password(authctxt, password); #else struct passwd * pw = authctxt->pw; char *encrypted_password; char *pw_password; char *salt; #if defined(HAVE_SHADOW_H) && !defined(DISABLE_SHADOW) struct spwd *spw; #endif #if defined(HAVE_GETPWANAM) && !defined(DISABLE_SHADOW) struct passwd_adjunct *spw; #endif #ifdef WITH_AIXAUTHENTICATE char *authmsg; int authsuccess; int reenter = 1; #endif /* deny if no user. */ if (pw == NULL) return 0; #ifndef HAVE_CYGWIN if (pw->pw_uid == 0 && options.permit_root_login != PERMIT_YES) return 0; #endif if (*password == '\0' && options.permit_empty_passwd == 0) return 0; #ifdef KRB5 if (options.kerberos_authentication == 1) { int ret = auth_krb5_password(authctxt, password); if (ret == 1 || ret == 0) return ret; /* Fall back to ordinary passwd authentication. */ } #endif #ifdef HAVE_CYGWIN if (is_winnt) { HANDLE hToken = cygwin_logon_user(pw, password); if (hToken == INVALID_HANDLE_VALUE) return 0; cygwin_set_impersonation_token(hToken); return 1; } #endif #ifdef WITH_AIXAUTHENTICATE authsuccess = (authenticate(pw->pw_name,password,&reenter,&authmsg) == 0); if (authsuccess) /* We don't have a pty yet, so just label the line as "ssh" */ if (loginsuccess(authctxt->user, get_canonical_hostname(options.verify_reverse_mapping), "ssh", &aixloginmsg) < 0) aixloginmsg = NULL; return(authsuccess); #endif #ifdef KRB4 if (options.kerberos_authentication == 1) { int ret = auth_krb4_password(authctxt, password); if (ret == 1 || ret == 0) return ret; /* Fall back to ordinary passwd authentication. */ } #endif #ifdef BSD_AUTH if (auth_userokay(pw->pw_name, authctxt->style, "auth-ssh", (char *)password) == 0) return 0; else return 1; #endif pw_password = pw->pw_passwd; /* * Various interfaces to shadow or protected password data */ #if defined(HAVE_SHADOW_H) && !defined(DISABLE_SHADOW) spw = getspnam(pw->pw_name); if (spw != NULL) pw_password = spw->sp_pwdp; #endif /* defined(HAVE_SHADOW_H) && !defined(DISABLE_SHADOW) */ #if defined(HAVE_GETPWANAM) && !defined(DISABLE_SHADOW) if (issecure() && (spw = getpwanam(pw->pw_name)) != NULL) pw_password = spw->pwa_passwd; #endif /* defined(HAVE_GETPWANAM) && !defined(DISABLE_SHADOW) */ /* Check for users with no password. */ if ((password[0] == '\0') && (pw_password[0] == '\0')) return 1; if (pw_password[0] != '\0') salt = pw_password; else salt = "xx"; #ifdef HAVE_MD5_PASSWORDS if (is_md5_salt(salt)) encrypted_password = md5_crypt(password, salt); else encrypted_password = crypt(password, salt); #else /* HAVE_MD5_PASSWORDS */ encrypted_password = crypt(password, salt); #endif /* HAVE_MD5_PASSWORDS */ /* Authentication is accepted if the encrypted passwords are identical. */ return (strcmp(encrypted_password, pw_password) == 0); #endif /* !USE_PAM && !HAVE_OSF_SIA */ }