char *
genpasswd(char *pw)
{
char salt[10];
static char pwbuf[PASSLEN];
struct timeval tv;
if (strlen(pw) == 0)
return "";
srand(time(0) % getpid());
gettimeofday(&tv, 0);
#ifdef MD5 /* use MD5 salt */
strncpy(&salt[0], "$1$", 3);
to64(&salt[3], random(), 3);
to64(&salt[6], tv.tv_usec, 3);
salt[8] = '\0';
#endif
#ifdef DES /* use DES salt */
to64(&salt[0], random(), 3);
to64(&salt[3], tv.tv_usec, 3);
to64(&salt[6], tv.tv_sec, 2);
salt[8] = '\0';
#endif
strcpy(pwbuf, pw);
return crypt(pwbuf, salt);
}
static const char *test_to64(void) {
ASSERT(to64("0") == 0);
ASSERT(to64("") == 0);
ASSERT(to64("123") == 123);
ASSERT(to64("-34") == -34);
ASSERT(to64("3566626116") == 3566626116);
return NULL;
}
/* Return the number of cycles since the last call to start_counter. */
unsigned long get_counter()
{
unsigned ncyc_hi, ncyc_lo;
unsigned long now, before;
/* Get cycle counter */
access_counter(&ncyc_hi, &ncyc_lo);
now = to64(ncyc_hi, ncyc_lo);
before = to64(cyc_hi, cyc_lo);
return (now - before);
}
void
print_passwd(char *string, int operation, void *extra)
{
char msalt[3], *salt, *cryptstr;
login_cap_t *lc;
int pwd_gensalt(char *, int, login_cap_t *, char);
void to64(char *, u_int32_t, int n);
switch(operation) {
case DO_MAKEKEY:
/*
* makekey mode: parse string into separate DES key and salt.
*/
if (strlen(string) != 10) {
/* To be compatible... */
errx(1, "%s", strerror(EFTYPE));
}
strlcpy(msalt, &string[8], sizeof msalt);
salt = msalt;
break;
case DO_MD5:
strlcpy(buffer, "$1$", sizeof buffer);
to64(&buffer[3], arc4random(), 4);
to64(&buffer[7], arc4random(), 4);
strlcpy(buffer + 11, "$", sizeof buffer - 11);
salt = buffer;
break;
case DO_BLF:
strlcpy(buffer, bcrypt_gensalt(*(int *)extra), _PASSWORD_LEN);
salt = buffer;
break;
case DO_DES:
salt = extra;
break;
default:
if ((lc = login_getclass(extra)) == NULL)
errx(1, "unable to get login class `%s'",
extra ? (char *)extra : "default");
if (!pwd_gensalt(buffer, _PASSWORD_LEN, lc, 'l'))
errx(1, "can't generate salt");
salt = buffer;
break;
}
if ((cryptstr = crypt(string, salt)) == NULL)
errx(1, "crypt failed");
fputs(cryptstr, stdout);
}
static apr_status_t htdbm_make(htdbm_t *htdbm)
{
char cpw[MAX_STRING_LEN];
char salt[9];
#if (!(defined(WIN32) || defined(NETWARE)))
char *cbuf;
#endif
switch (htdbm->alg) {
case ALG_APSHA:
/* XXX cpw >= 28 + strlen(sha1) chars - fixed len SHA */
apr_sha1_base64(htdbm->userpass,strlen(htdbm->userpass),cpw);
break;
case ALG_APMD5:
(void) srand((int) time((time_t *) NULL));
to64(&salt[0], rand(), 8);
salt[8] = '\0';
apr_md5_encode((const char *)htdbm->userpass, (const char *)salt,
cpw, sizeof(cpw));
break;
case ALG_PLAIN:
/* XXX this len limitation is not in sync with any HTTPd len. */
apr_cpystrn(cpw,htdbm->userpass,sizeof(cpw));
#if (!(defined(WIN32) || defined(TPF) || defined(NETWARE)))
fprintf(stderr, "Warning: Plain text passwords aren't supported by the "
"server on this platform!\n");
#endif
break;
#if (!(defined(WIN32) || defined(TPF) || defined(NETWARE)))
case ALG_CRYPT:
(void) srand((int) time((time_t *) NULL));
to64(&salt[0], rand(), 8);
salt[8] = '\0';
cbuf = crypt(htdbm->userpass, salt);
if (cbuf == NULL) {
char errbuf[128];
fprintf(stderr, "crypt() failed: %s\n",
apr_strerror(errno, errbuf, sizeof errbuf));
exit(ERR_PWMISMATCH);
}
apr_cpystrn(cpw, cbuf, sizeof(cpw) - 1);
fprintf(stderr, "CRYPT is now deprecated, use MD5 instead!\n");
#endif
default:
break;
}
htdbm->userpass = apr_pstrdup(htdbm->pool, cpw);
return APR_SUCCESS;
}
static void
add_password( char* user, FILE* f ,char *passwd)
{
char pass[100];
char* pw;
char* cpw;
char salt[3];
if ( ! isatty( fileno( stdin ) ) )
{
(void) fgets( pass, sizeof(pass), stdin );
if ( pass[strlen(pass) - 1] == '\n' )
pass[strlen(pass) - 1] = '\0';
pw = pass;
}
else
{
/* Original Code*//*
pw = strd( (char*) getpass( "New password:"******"Re-type new password:"******"They don't match, sorry.\n" );
if ( tfd != -1 )
unlink( temp_template );
exit( 1 );
}*/
pw = strd(passwd);
}
(void) srandom( (int) time( (time_t*) 0 ) );
to64( &salt[0], random(), 2 );
cpw = crypt( pw, salt );
printf("%s:%s\n",user,cpw);
(void) fprintf( f, "%s:%s\n", user, cpw );
}
static void clubby_proto_parse_req(struct json_token *frame,
struct json_token *cmds_arr, void *context) {
if (cmds_arr->type != JSON_TYPE_ARRAY || cmds_arr->num_desc == 0) {
/* Just for debugging - there _is_ cmds field but it is empty */
LOG(LL_ERROR, ("No cmd in cmds"));
return;
}
struct json_token *cmd = NULL;
struct clubby_event evt;
evt.ev = CLUBBY_REQUEST;
evt.context = context;
evt.request.src = find_json_token(frame, "src");
if (evt.request.src == NULL || evt.request.src->type != JSON_TYPE_STRING) {
LOG(LL_ERROR, ("Invalid src |%.*s|", frame->len, frame->ptr));
return;
}
/*
* If any required field is missing we stop processing of the whole package
* It looks simpler & safer
*/
const char *cmds_arr_end = cmds_arr->ptr + cmds_arr->len;
for (cmd = cmds_arr + 1;
cmd->type != JSON_TYPE_EOF && cmd->ptr < cmds_arr_end;) {
if (cmd->type != JSON_TYPE_OBJECT) {
LOG(LL_ERROR, ("Commands array contains %d instead of object: |%.*s|",
cmd->type, cmd->len, cmd->ptr));
break;
}
evt.request.cmd_body = cmd;
evt.request.cmd = find_json_token(cmd, "cmd");
if (evt.request.cmd == NULL || evt.request.cmd->type != JSON_TYPE_STRING) {
LOG(LL_ERROR, ("Invalid command |%.*s|", cmd->len, cmd->ptr));
break;
}
struct json_token *id_tok = find_json_token(cmd, "id");
if (id_tok == NULL || id_tok->type != JSON_TYPE_NUMBER) {
LOG(LL_ERROR, ("No id command |%.*s|", cmd->len, cmd->ptr));
break;
}
evt.request.id = to64(id_tok->ptr);
s_clubby_cb(&evt);
const char *cmd_end = cmd->ptr + cmd->len;
struct json_token *next = cmd + 1;
while (next->type != JSON_TYPE_EOF && next->ptr < cmd_end) {
next++;
}
cmd = next;
}
}
//This is where the salt is made
// some work will have to be done in order to change
// how the salt is decided according to the paper
static void
makesalt(char salt[SALTSIZE + 1])
{
int i;
/* These are not really random numbers, they are just
* numbers that change to thwart construction of a
* dictionary.
*/
for (i = 0; i < SALTSIZE; i += 4)
to64(&salt[i], arc4random(), 4);
salt[SALTSIZE] = '\0';
}
/*
* AddPassword: Prompts the user for a password
* and adds the entry in the file
* user:crpytofpassword:md5hash(user:realm:password)
*/
static void AddPassword(char *user, char* realm, FILE *f)
{
char *pw, *crpw, cpw[120], salt[9], *dpw;
int len = 0, i = 0, crpwLen = 0;
char *checkw;
pw = CopyString((char *) getpass("New password:"******"Password cannot be blank, sorry.\n");
delete(checkw);
CleanupAndExit();
}
delete(checkw);
if (strcmp(pw, (char *) getpass("Re-type new password:"******"They don't match, sorry.\n");
CleanupAndExit();
}
(void) srand((int) time((time_t *) NULL));
to64(&salt[0], rand(), 8);
salt[8] = '\0';
#ifdef __Win32__
MD5Encode((char *)pw, (char *)salt, cpw, sizeof(cpw));
#else
crpw = (char *)crypt(pw, salt); // cpw is crypt of password
crpwLen = ::strlen(crpw);
strncpy(cpw, crpw, crpwLen);
cpw[crpwLen] = '\0';
#endif
dpw = (char *)Digest(user, pw, realm); // dpw is digest of password
qtss_fprintf(f, "%s:%s:%s\n", user, cpw, dpw);
free(pw); // Do after cpw and dpw are used.
}
static void clubby_proto_parse_resp(struct json_token *result_tok,
struct json_token *error_tok,
struct clubby_event *evt) {
evt->ev = CLUBBY_RESPONSE;
evt->response.result = result_tok;
if (error_tok != NULL) {
evt->response.error.error_obj = error_tok;
struct json_token *error_code_tok = find_json_token(error_tok, "code");
if (error_code_tok == NULL) {
LOG(LL_ERROR, ("No error code in error object"));
return;
}
evt->response.error.error_code = to64(error_code_tok->ptr);
evt->response.error.error_message = find_json_token(error_tok, "message");
}
}
/*
* AddPasswordWithoutPrompt: Adds the entry in the file
* user:crpytofpassword:md5hash(user:realm:password)
*/
static void AddPasswordWithoutPrompt(char *user, char* password, char* realm, FILE *f)
{
char salt[9];
(void) srand((int) time((time_t *) NULL));
to64(&salt[0], rand(), 8);
salt[8] = '\0';
char cpw[120], *dpw;
int crpwLen = 0;
#ifdef __Win32__
MD5Encode((char *)password, (char *)salt, cpw, sizeof(cpw));
#else
char *crpw = (char *)crypt(password, salt); // cpw is crypt of password
crpwLen = ::strlen(crpw);
strncpy(cpw, crpw, crpwLen);
cpw[crpwLen] = '\0';
#endif
dpw = (char *)Digest(user, password, realm); // dpw is digest of password
qtss_fprintf(f, "%s:%s:%s\n", user, cpw, dpw);
}
static GimpPDBStatusType
save_image (const gchar *filename,
gint32 image_ID,
gint32 drawable_ID,
gint32 run_mode)
{
GimpPDBStatusType status = GIMP_PDB_SUCCESS;
gchar *ext;
gchar *tmpname;
gchar *mailcmd[3];
GPid mailpid;
FILE *mailpipe;
GError *error = NULL;
ext = find_extension (filename);
if (ext == NULL)
return GIMP_PDB_CALLING_ERROR;
/* get a temp name with the right extension and save into it. */
tmpname = gimp_temp_name (ext + 1);
/* construct the "sendmail user@location" line */
mailcmd[0] = SENDMAIL;
mailcmd[1] = mail_info.receipt;
mailcmd[2] = NULL;
/* create a pipe to sendmail */
mailpipe = sendmail_pipe (mailcmd, &mailpid);
if (mailpipe == NULL)
return GIMP_PDB_EXECUTION_ERROR;
create_headers (mailpipe);
fflush (mailpipe);
if (! (gimp_file_save (run_mode,
image_ID,
drawable_ID,
tmpname,
tmpname) && valid_file (tmpname)))
{
goto error;
}
if (! to64 (tmpname, mailpipe, &error))
{
g_message ("%s", error->message);
g_error_free (error);
goto error;
}
fprintf (mailpipe, "\n--GUMP-MIME-boundary--\n");
goto cleanup;
error:
/* stop sendmail from doing anything */
kill (mailpid, SIGINT);
status = GIMP_PDB_EXECUTION_ERROR;
cleanup:
/* close out the sendmail process */
fclose (mailpipe);
waitpid (mailpid, NULL, 0);
g_spawn_close_pid (mailpid);
/* delete the tmpfile that was generated */
g_unlink (tmpname);
g_free (tmpname);
return status;
}
static void clubby_proto_parse_resp(struct json_token *resp_arr,
void *context) {
struct clubby_event evt;
evt.ev = CLUBBY_RESPONSE;
evt.context = context;
if (resp_arr->type != JSON_TYPE_ARRAY || resp_arr->num_desc == 0) {
LOG(LL_ERROR, ("No resp in resp"));
return;
}
/*
* Frozen's API for working with arrays is nonexistent, so what we do here
* looks kinda funny.
* Things to note: resp_arr->len is length of the array in characters, not
* elements.
* tok->num_desc includes all the tokens inside array, not just elements.
* There is basically no way to tell number of elements upfront.
*/
struct json_token *resp = NULL;
const char *resp_arr_end = resp_arr->ptr + resp_arr->len;
for (resp = resp_arr + 1;
resp->type != JSON_TYPE_EOF && resp->ptr < resp_arr_end;) {
if (resp->type != JSON_TYPE_OBJECT) {
LOG(LL_ERROR, ("Response array contains %d instead of object: |%.*s|",
resp->type, resp->len, resp->ptr));
break;
}
evt.response.resp_body = resp;
struct json_token *id_tok = find_json_token(resp, "id");
if (id_tok == NULL || id_tok->type != JSON_TYPE_NUMBER) {
LOG(LL_ERROR, ("No id in response |%.*s|", resp->len, resp->ptr));
break;
}
/*
* Any number inside a JSON message will have non-number character.
* Hence, no need to have it explicitly nul-terminated.
*/
evt.response.id = to64(id_tok->ptr);
struct json_token *status_tok = find_json_token(resp, "status");
if (status_tok == NULL || status_tok->type != JSON_TYPE_NUMBER) {
LOG(LL_ERROR, ("No status in response |%.*s|", resp->len, resp->ptr));
break;
}
evt.response.status = strtol(status_tok->ptr, NULL, 10);
evt.response.status_msg = find_json_token(resp, "status_msg");
evt.response.resp = find_json_token(resp, "resp");
s_clubby_cb(&evt);
const char *resp_end = resp->ptr + resp->len;
struct json_token *next = resp + 1;
while (next->type != JSON_TYPE_EOF && next->ptr < resp_end) {
next++;
}
resp = next;
}
}
/*
* Make a password record from the given information. A zero return
* indicates success; failure means that the output buffer contains an
* error message instead.
*/
static int mkrecord(char *user, char *record, apr_size_t rlen, char *passwd,
int alg)
{
char *pw;
char cpw[120];
char pwin[MAX_STRING_LEN];
char pwv[MAX_STRING_LEN];
char salt[9];
apr_size_t bufsize;
if (passwd != NULL) {
pw = passwd;
}
else {
bufsize = sizeof(pwin);
if (apr_password_get("New password: "******"password too long (>%"
APR_SIZE_T_FMT ")", sizeof(pwin) - 1);
return ERR_OVERFLOW;
}
bufsize = sizeof(pwv);
apr_password_get("Re-type new password: "******"password verification error", (rlen - 1));
return ERR_PWMISMATCH;
}
pw = pwin;
memset(pwv, '\0', sizeof(pwin));
}
switch (alg) {
case ALG_APSHA:
/* XXX cpw >= 28 + strlen(sha1) chars - fixed len SHA */
apr_sha1_base64(pw,strlen(pw),cpw);
break;
case ALG_APMD5:
if (seed_rand()) {
break;
}
generate_salt(&salt[0], 8);
salt[8] = '\0';
apr_md5_encode((const char *)pw, (const char *)salt,
cpw, sizeof(cpw));
break;
case ALG_PLAIN:
/* XXX this len limitation is not in sync with any HTTPd len. */
apr_cpystrn(cpw,pw,sizeof(cpw));
break;
#if (!(defined(WIN32) || defined(NETWARE)))
case ALG_CRYPT:
default:
if (seed_rand()) {
break;
}
to64(&salt[0], rand(), 8);
salt[8] = '\0';
apr_cpystrn(cpw, crypt(pw, salt), sizeof(cpw) - 1);
if (strlen(pw) > 8) {
char *truncpw = strdup(pw);
truncpw[8] = '\0';
if (!strcmp(cpw, crypt(truncpw, salt))) {
apr_file_printf(errfile, "Warning: Password truncated to 8 characters "
"by CRYPT algorithm." NL);
}
free(truncpw);
}
break;
#endif
}
memset(pw, '\0', strlen(pw));
/*
* Check to see if the buffer is large enough to hold the username,
* hash, and delimiters.
*/
if ((strlen(user) + 1 + strlen(cpw)) > (rlen - 1)) {
apr_cpystrn(record, "resultant record too long", (rlen - 1));
return ERR_OVERFLOW;
}
strcpy(record, user);
strcat(record, ":");
strcat(record, cpw);
strcat(record, "\n");
return 0;
}
static void clubby_proto_handle_frame(char *data, size_t len, void *context) {
struct clubby_event evt;
struct json_token *frame = parse_json2(data, len);
if (frame == NULL) {
LOG(LL_DEBUG, ("Error parsing clubby frame"));
return;
}
struct json_token *v_tok = find_json_token(frame, "v");
if (v_tok == NULL || *v_tok->ptr != '2') {
LOG(LL_ERROR, ("Only clubby v2 is supported (received: %.*s)",
v_tok ? 0 : v_tok->len, v_tok->ptr));
goto clean;
}
memset(&evt, 0, sizeof(evt));
evt.frame = frame;
evt.context = context;
struct json_token *id_tok = find_json_token(frame, "id");
if (id_tok == NULL) {
LOG(LL_ERROR, ("No id in frame"));
goto clean;
}
evt.id = to64(id_tok->ptr);
if (evt.id == 0) {
LOG(LL_ERROR, ("Wrong id"));
goto clean;
}
/* Allow empty dst */
evt.dst = find_json_token(frame, "dst");
evt.src = find_json_token(frame, "src");
if (evt.src == NULL) {
LOG(LL_ERROR, ("No src in frame"));
goto clean;
}
struct json_token *method_tok = find_json_token(frame, "method");
struct json_token *result_tok = find_json_token(frame, "result");
struct json_token *error_tok = find_json_token(frame, "error");
/*
* if none of required token exist - this is positive response
* if `method` and `error` (or `result`) are in the same
* frame - this is an error
*/
if (method_tok != NULL && (result_tok != NULL || error_tok != NULL)) {
LOG(LL_ERROR, ("Malformed frame"));
goto clean;
}
if (method_tok != NULL) {
clubby_proto_parse_req(method_tok, frame, &evt);
} else {
clubby_proto_parse_resp(result_tok, error_tok, &evt);
}
s_clubby_cb(&evt);
clean:
free(frame);
}
int
pwd_gensalt(char *salt, int saltlen, login_cap_t *lc, char type)
{
char *next, *now, *oldnext;
*salt = '\0';
switch (type) {
case 'y':
next = login_getcapstr(lc, "ypcipher", NULL, NULL);
if (next == NULL && (next = strdup(YPCIPHER_DEF)) == NULL) {
warn(NULL);
return 0;
}
break;
case 'l':
default:
next = login_getcapstr(lc, "localcipher", NULL, NULL);
if (next == NULL && (next = strdup(LOCALCIPHER_DEF)) == NULL) {
warn(NULL);
return 0;
}
break;
}
oldnext = next;
now = strsep(&next, ",");
if (!strcmp(now, "old")) {
if (saltlen < 3) {
free(oldnext);
return 0;
}
to64(&salt[0], arc4random(), 2);
salt[2] = '\0';
} else if (!strcmp(now, "newsalt")) {
u_int32_t rounds = 7250;
if (next)
rounds = atol(next);
if (saltlen < 10) {
free(oldnext);
return 0;
}
/* Check rounds, 24 bit is max */
if (rounds < 7250)
rounds = 7250;
else if (rounds > 0xffffff)
rounds = 0xffffff;
salt[0] = _PASSWORD_EFMT1;
to64(&salt[1], (u_int32_t)rounds, 4);
to64(&salt[5], arc4random(), 4);
salt[9] = '\0';
} else if (!strcmp(now, "md5")) {
if (saltlen < 13) { /* $1$8salt$\0 */
free(oldnext);
return 0;
}
strlcpy(salt, "$1$", saltlen);
to64(&salt[3], arc4random(), 4);
to64(&salt[7], arc4random(), 4);
strlcpy(&salt[11], "$", saltlen - 11);
} else if (!strcmp(now, "blowfish")) {
int rounds = 6;
if (next)
rounds = atoi(next);
if (rounds < 4)
rounds = 4;
if (rounds > 31)
rounds = 31;
strlcpy(salt, bcrypt_gensalt(rounds), saltlen);
} else {
warnx("Unknown option %s.", now);
free(oldnext);
return 0;
}
free(oldnext);
return 1;
}
