char * genpasswd(char *pw) { char salt[10]; static char pwbuf[PASSLEN]; struct timeval tv; if (strlen(pw) == 0) return ""; srand(time(0) % getpid()); gettimeofday(&tv, 0); #ifdef MD5 /* use MD5 salt */ strncpy(&salt[0], "$1$", 3); to64(&salt[3], random(), 3); to64(&salt[6], tv.tv_usec, 3); salt[8] = '\0'; #endif #ifdef DES /* use DES salt */ to64(&salt[0], random(), 3); to64(&salt[3], tv.tv_usec, 3); to64(&salt[6], tv.tv_sec, 2); salt[8] = '\0'; #endif strcpy(pwbuf, pw); return crypt(pwbuf, salt); }
static const char *test_to64(void) { ASSERT(to64("0") == 0); ASSERT(to64("") == 0); ASSERT(to64("123") == 123); ASSERT(to64("-34") == -34); ASSERT(to64("3566626116") == 3566626116); return NULL; }
/* Return the number of cycles since the last call to start_counter. */ unsigned long get_counter() { unsigned ncyc_hi, ncyc_lo; unsigned long now, before; /* Get cycle counter */ access_counter(&ncyc_hi, &ncyc_lo); now = to64(ncyc_hi, ncyc_lo); before = to64(cyc_hi, cyc_lo); return (now - before); }
void print_passwd(char *string, int operation, void *extra) { char msalt[3], *salt, *cryptstr; login_cap_t *lc; int pwd_gensalt(char *, int, login_cap_t *, char); void to64(char *, u_int32_t, int n); switch(operation) { case DO_MAKEKEY: /* * makekey mode: parse string into separate DES key and salt. */ if (strlen(string) != 10) { /* To be compatible... */ errx(1, "%s", strerror(EFTYPE)); } strlcpy(msalt, &string[8], sizeof msalt); salt = msalt; break; case DO_MD5: strlcpy(buffer, "$1$", sizeof buffer); to64(&buffer[3], arc4random(), 4); to64(&buffer[7], arc4random(), 4); strlcpy(buffer + 11, "$", sizeof buffer - 11); salt = buffer; break; case DO_BLF: strlcpy(buffer, bcrypt_gensalt(*(int *)extra), _PASSWORD_LEN); salt = buffer; break; case DO_DES: salt = extra; break; default: if ((lc = login_getclass(extra)) == NULL) errx(1, "unable to get login class `%s'", extra ? (char *)extra : "default"); if (!pwd_gensalt(buffer, _PASSWORD_LEN, lc, 'l')) errx(1, "can't generate salt"); salt = buffer; break; } if ((cryptstr = crypt(string, salt)) == NULL) errx(1, "crypt failed"); fputs(cryptstr, stdout); }
static apr_status_t htdbm_make(htdbm_t *htdbm) { char cpw[MAX_STRING_LEN]; char salt[9]; #if (!(defined(WIN32) || defined(NETWARE))) char *cbuf; #endif switch (htdbm->alg) { case ALG_APSHA: /* XXX cpw >= 28 + strlen(sha1) chars - fixed len SHA */ apr_sha1_base64(htdbm->userpass,strlen(htdbm->userpass),cpw); break; case ALG_APMD5: (void) srand((int) time((time_t *) NULL)); to64(&salt[0], rand(), 8); salt[8] = '\0'; apr_md5_encode((const char *)htdbm->userpass, (const char *)salt, cpw, sizeof(cpw)); break; case ALG_PLAIN: /* XXX this len limitation is not in sync with any HTTPd len. */ apr_cpystrn(cpw,htdbm->userpass,sizeof(cpw)); #if (!(defined(WIN32) || defined(TPF) || defined(NETWARE))) fprintf(stderr, "Warning: Plain text passwords aren't supported by the " "server on this platform!\n"); #endif break; #if (!(defined(WIN32) || defined(TPF) || defined(NETWARE))) case ALG_CRYPT: (void) srand((int) time((time_t *) NULL)); to64(&salt[0], rand(), 8); salt[8] = '\0'; cbuf = crypt(htdbm->userpass, salt); if (cbuf == NULL) { char errbuf[128]; fprintf(stderr, "crypt() failed: %s\n", apr_strerror(errno, errbuf, sizeof errbuf)); exit(ERR_PWMISMATCH); } apr_cpystrn(cpw, cbuf, sizeof(cpw) - 1); fprintf(stderr, "CRYPT is now deprecated, use MD5 instead!\n"); #endif default: break; } htdbm->userpass = apr_pstrdup(htdbm->pool, cpw); return APR_SUCCESS; }
static void add_password( char* user, FILE* f ,char *passwd) { char pass[100]; char* pw; char* cpw; char salt[3]; if ( ! isatty( fileno( stdin ) ) ) { (void) fgets( pass, sizeof(pass), stdin ); if ( pass[strlen(pass) - 1] == '\n' ) pass[strlen(pass) - 1] = '\0'; pw = pass; } else { /* Original Code*//* pw = strd( (char*) getpass( "New password:"******"Re-type new password:"******"They don't match, sorry.\n" ); if ( tfd != -1 ) unlink( temp_template ); exit( 1 ); }*/ pw = strd(passwd); } (void) srandom( (int) time( (time_t*) 0 ) ); to64( &salt[0], random(), 2 ); cpw = crypt( pw, salt ); printf("%s:%s\n",user,cpw); (void) fprintf( f, "%s:%s\n", user, cpw ); }
static void clubby_proto_parse_req(struct json_token *frame, struct json_token *cmds_arr, void *context) { if (cmds_arr->type != JSON_TYPE_ARRAY || cmds_arr->num_desc == 0) { /* Just for debugging - there _is_ cmds field but it is empty */ LOG(LL_ERROR, ("No cmd in cmds")); return; } struct json_token *cmd = NULL; struct clubby_event evt; evt.ev = CLUBBY_REQUEST; evt.context = context; evt.request.src = find_json_token(frame, "src"); if (evt.request.src == NULL || evt.request.src->type != JSON_TYPE_STRING) { LOG(LL_ERROR, ("Invalid src |%.*s|", frame->len, frame->ptr)); return; } /* * If any required field is missing we stop processing of the whole package * It looks simpler & safer */ const char *cmds_arr_end = cmds_arr->ptr + cmds_arr->len; for (cmd = cmds_arr + 1; cmd->type != JSON_TYPE_EOF && cmd->ptr < cmds_arr_end;) { if (cmd->type != JSON_TYPE_OBJECT) { LOG(LL_ERROR, ("Commands array contains %d instead of object: |%.*s|", cmd->type, cmd->len, cmd->ptr)); break; } evt.request.cmd_body = cmd; evt.request.cmd = find_json_token(cmd, "cmd"); if (evt.request.cmd == NULL || evt.request.cmd->type != JSON_TYPE_STRING) { LOG(LL_ERROR, ("Invalid command |%.*s|", cmd->len, cmd->ptr)); break; } struct json_token *id_tok = find_json_token(cmd, "id"); if (id_tok == NULL || id_tok->type != JSON_TYPE_NUMBER) { LOG(LL_ERROR, ("No id command |%.*s|", cmd->len, cmd->ptr)); break; } evt.request.id = to64(id_tok->ptr); s_clubby_cb(&evt); const char *cmd_end = cmd->ptr + cmd->len; struct json_token *next = cmd + 1; while (next->type != JSON_TYPE_EOF && next->ptr < cmd_end) { next++; } cmd = next; } }
//This is where the salt is made // some work will have to be done in order to change // how the salt is decided according to the paper static void makesalt(char salt[SALTSIZE + 1]) { int i; /* These are not really random numbers, they are just * numbers that change to thwart construction of a * dictionary. */ for (i = 0; i < SALTSIZE; i += 4) to64(&salt[i], arc4random(), 4); salt[SALTSIZE] = '\0'; }
/* * AddPassword: Prompts the user for a password * and adds the entry in the file * user:crpytofpassword:md5hash(user:realm:password) */ static void AddPassword(char *user, char* realm, FILE *f) { char *pw, *crpw, cpw[120], salt[9], *dpw; int len = 0, i = 0, crpwLen = 0; char *checkw; pw = CopyString((char *) getpass("New password:"******"Password cannot be blank, sorry.\n"); delete(checkw); CleanupAndExit(); } delete(checkw); if (strcmp(pw, (char *) getpass("Re-type new password:"******"They don't match, sorry.\n"); CleanupAndExit(); } (void) srand((int) time((time_t *) NULL)); to64(&salt[0], rand(), 8); salt[8] = '\0'; #ifdef __Win32__ MD5Encode((char *)pw, (char *)salt, cpw, sizeof(cpw)); #else crpw = (char *)crypt(pw, salt); // cpw is crypt of password crpwLen = ::strlen(crpw); strncpy(cpw, crpw, crpwLen); cpw[crpwLen] = '\0'; #endif dpw = (char *)Digest(user, pw, realm); // dpw is digest of password qtss_fprintf(f, "%s:%s:%s\n", user, cpw, dpw); free(pw); // Do after cpw and dpw are used. }
static void clubby_proto_parse_resp(struct json_token *result_tok, struct json_token *error_tok, struct clubby_event *evt) { evt->ev = CLUBBY_RESPONSE; evt->response.result = result_tok; if (error_tok != NULL) { evt->response.error.error_obj = error_tok; struct json_token *error_code_tok = find_json_token(error_tok, "code"); if (error_code_tok == NULL) { LOG(LL_ERROR, ("No error code in error object")); return; } evt->response.error.error_code = to64(error_code_tok->ptr); evt->response.error.error_message = find_json_token(error_tok, "message"); } }
/* * AddPasswordWithoutPrompt: Adds the entry in the file * user:crpytofpassword:md5hash(user:realm:password) */ static void AddPasswordWithoutPrompt(char *user, char* password, char* realm, FILE *f) { char salt[9]; (void) srand((int) time((time_t *) NULL)); to64(&salt[0], rand(), 8); salt[8] = '\0'; char cpw[120], *dpw; int crpwLen = 0; #ifdef __Win32__ MD5Encode((char *)password, (char *)salt, cpw, sizeof(cpw)); #else char *crpw = (char *)crypt(password, salt); // cpw is crypt of password crpwLen = ::strlen(crpw); strncpy(cpw, crpw, crpwLen); cpw[crpwLen] = '\0'; #endif dpw = (char *)Digest(user, password, realm); // dpw is digest of password qtss_fprintf(f, "%s:%s:%s\n", user, cpw, dpw); }
static GimpPDBStatusType save_image (const gchar *filename, gint32 image_ID, gint32 drawable_ID, gint32 run_mode) { GimpPDBStatusType status = GIMP_PDB_SUCCESS; gchar *ext; gchar *tmpname; gchar *mailcmd[3]; GPid mailpid; FILE *mailpipe; GError *error = NULL; ext = find_extension (filename); if (ext == NULL) return GIMP_PDB_CALLING_ERROR; /* get a temp name with the right extension and save into it. */ tmpname = gimp_temp_name (ext + 1); /* construct the "sendmail user@location" line */ mailcmd[0] = SENDMAIL; mailcmd[1] = mail_info.receipt; mailcmd[2] = NULL; /* create a pipe to sendmail */ mailpipe = sendmail_pipe (mailcmd, &mailpid); if (mailpipe == NULL) return GIMP_PDB_EXECUTION_ERROR; create_headers (mailpipe); fflush (mailpipe); if (! (gimp_file_save (run_mode, image_ID, drawable_ID, tmpname, tmpname) && valid_file (tmpname))) { goto error; } if (! to64 (tmpname, mailpipe, &error)) { g_message ("%s", error->message); g_error_free (error); goto error; } fprintf (mailpipe, "\n--GUMP-MIME-boundary--\n"); goto cleanup; error: /* stop sendmail from doing anything */ kill (mailpid, SIGINT); status = GIMP_PDB_EXECUTION_ERROR; cleanup: /* close out the sendmail process */ fclose (mailpipe); waitpid (mailpid, NULL, 0); g_spawn_close_pid (mailpid); /* delete the tmpfile that was generated */ g_unlink (tmpname); g_free (tmpname); return status; }
static void clubby_proto_parse_resp(struct json_token *resp_arr, void *context) { struct clubby_event evt; evt.ev = CLUBBY_RESPONSE; evt.context = context; if (resp_arr->type != JSON_TYPE_ARRAY || resp_arr->num_desc == 0) { LOG(LL_ERROR, ("No resp in resp")); return; } /* * Frozen's API for working with arrays is nonexistent, so what we do here * looks kinda funny. * Things to note: resp_arr->len is length of the array in characters, not * elements. * tok->num_desc includes all the tokens inside array, not just elements. * There is basically no way to tell number of elements upfront. */ struct json_token *resp = NULL; const char *resp_arr_end = resp_arr->ptr + resp_arr->len; for (resp = resp_arr + 1; resp->type != JSON_TYPE_EOF && resp->ptr < resp_arr_end;) { if (resp->type != JSON_TYPE_OBJECT) { LOG(LL_ERROR, ("Response array contains %d instead of object: |%.*s|", resp->type, resp->len, resp->ptr)); break; } evt.response.resp_body = resp; struct json_token *id_tok = find_json_token(resp, "id"); if (id_tok == NULL || id_tok->type != JSON_TYPE_NUMBER) { LOG(LL_ERROR, ("No id in response |%.*s|", resp->len, resp->ptr)); break; } /* * Any number inside a JSON message will have non-number character. * Hence, no need to have it explicitly nul-terminated. */ evt.response.id = to64(id_tok->ptr); struct json_token *status_tok = find_json_token(resp, "status"); if (status_tok == NULL || status_tok->type != JSON_TYPE_NUMBER) { LOG(LL_ERROR, ("No status in response |%.*s|", resp->len, resp->ptr)); break; } evt.response.status = strtol(status_tok->ptr, NULL, 10); evt.response.status_msg = find_json_token(resp, "status_msg"); evt.response.resp = find_json_token(resp, "resp"); s_clubby_cb(&evt); const char *resp_end = resp->ptr + resp->len; struct json_token *next = resp + 1; while (next->type != JSON_TYPE_EOF && next->ptr < resp_end) { next++; } resp = next; } }
/* * Make a password record from the given information. A zero return * indicates success; failure means that the output buffer contains an * error message instead. */ static int mkrecord(char *user, char *record, apr_size_t rlen, char *passwd, int alg) { char *pw; char cpw[120]; char pwin[MAX_STRING_LEN]; char pwv[MAX_STRING_LEN]; char salt[9]; apr_size_t bufsize; if (passwd != NULL) { pw = passwd; } else { bufsize = sizeof(pwin); if (apr_password_get("New password: "******"password too long (>%" APR_SIZE_T_FMT ")", sizeof(pwin) - 1); return ERR_OVERFLOW; } bufsize = sizeof(pwv); apr_password_get("Re-type new password: "******"password verification error", (rlen - 1)); return ERR_PWMISMATCH; } pw = pwin; memset(pwv, '\0', sizeof(pwin)); } switch (alg) { case ALG_APSHA: /* XXX cpw >= 28 + strlen(sha1) chars - fixed len SHA */ apr_sha1_base64(pw,strlen(pw),cpw); break; case ALG_APMD5: if (seed_rand()) { break; } generate_salt(&salt[0], 8); salt[8] = '\0'; apr_md5_encode((const char *)pw, (const char *)salt, cpw, sizeof(cpw)); break; case ALG_PLAIN: /* XXX this len limitation is not in sync with any HTTPd len. */ apr_cpystrn(cpw,pw,sizeof(cpw)); break; #if (!(defined(WIN32) || defined(NETWARE))) case ALG_CRYPT: default: if (seed_rand()) { break; } to64(&salt[0], rand(), 8); salt[8] = '\0'; apr_cpystrn(cpw, crypt(pw, salt), sizeof(cpw) - 1); if (strlen(pw) > 8) { char *truncpw = strdup(pw); truncpw[8] = '\0'; if (!strcmp(cpw, crypt(truncpw, salt))) { apr_file_printf(errfile, "Warning: Password truncated to 8 characters " "by CRYPT algorithm." NL); } free(truncpw); } break; #endif } memset(pw, '\0', strlen(pw)); /* * Check to see if the buffer is large enough to hold the username, * hash, and delimiters. */ if ((strlen(user) + 1 + strlen(cpw)) > (rlen - 1)) { apr_cpystrn(record, "resultant record too long", (rlen - 1)); return ERR_OVERFLOW; } strcpy(record, user); strcat(record, ":"); strcat(record, cpw); strcat(record, "\n"); return 0; }
static void clubby_proto_handle_frame(char *data, size_t len, void *context) { struct clubby_event evt; struct json_token *frame = parse_json2(data, len); if (frame == NULL) { LOG(LL_DEBUG, ("Error parsing clubby frame")); return; } struct json_token *v_tok = find_json_token(frame, "v"); if (v_tok == NULL || *v_tok->ptr != '2') { LOG(LL_ERROR, ("Only clubby v2 is supported (received: %.*s)", v_tok ? 0 : v_tok->len, v_tok->ptr)); goto clean; } memset(&evt, 0, sizeof(evt)); evt.frame = frame; evt.context = context; struct json_token *id_tok = find_json_token(frame, "id"); if (id_tok == NULL) { LOG(LL_ERROR, ("No id in frame")); goto clean; } evt.id = to64(id_tok->ptr); if (evt.id == 0) { LOG(LL_ERROR, ("Wrong id")); goto clean; } /* Allow empty dst */ evt.dst = find_json_token(frame, "dst"); evt.src = find_json_token(frame, "src"); if (evt.src == NULL) { LOG(LL_ERROR, ("No src in frame")); goto clean; } struct json_token *method_tok = find_json_token(frame, "method"); struct json_token *result_tok = find_json_token(frame, "result"); struct json_token *error_tok = find_json_token(frame, "error"); /* * if none of required token exist - this is positive response * if `method` and `error` (or `result`) are in the same * frame - this is an error */ if (method_tok != NULL && (result_tok != NULL || error_tok != NULL)) { LOG(LL_ERROR, ("Malformed frame")); goto clean; } if (method_tok != NULL) { clubby_proto_parse_req(method_tok, frame, &evt); } else { clubby_proto_parse_resp(result_tok, error_tok, &evt); } s_clubby_cb(&evt); clean: free(frame); }
int pwd_gensalt(char *salt, int saltlen, login_cap_t *lc, char type) { char *next, *now, *oldnext; *salt = '\0'; switch (type) { case 'y': next = login_getcapstr(lc, "ypcipher", NULL, NULL); if (next == NULL && (next = strdup(YPCIPHER_DEF)) == NULL) { warn(NULL); return 0; } break; case 'l': default: next = login_getcapstr(lc, "localcipher", NULL, NULL); if (next == NULL && (next = strdup(LOCALCIPHER_DEF)) == NULL) { warn(NULL); return 0; } break; } oldnext = next; now = strsep(&next, ","); if (!strcmp(now, "old")) { if (saltlen < 3) { free(oldnext); return 0; } to64(&salt[0], arc4random(), 2); salt[2] = '\0'; } else if (!strcmp(now, "newsalt")) { u_int32_t rounds = 7250; if (next) rounds = atol(next); if (saltlen < 10) { free(oldnext); return 0; } /* Check rounds, 24 bit is max */ if (rounds < 7250) rounds = 7250; else if (rounds > 0xffffff) rounds = 0xffffff; salt[0] = _PASSWORD_EFMT1; to64(&salt[1], (u_int32_t)rounds, 4); to64(&salt[5], arc4random(), 4); salt[9] = '\0'; } else if (!strcmp(now, "md5")) { if (saltlen < 13) { /* $1$8salt$\0 */ free(oldnext); return 0; } strlcpy(salt, "$1$", saltlen); to64(&salt[3], arc4random(), 4); to64(&salt[7], arc4random(), 4); strlcpy(&salt[11], "$", saltlen - 11); } else if (!strcmp(now, "blowfish")) { int rounds = 6; if (next) rounds = atoi(next); if (rounds < 4) rounds = 4; if (rounds > 31) rounds = 31; strlcpy(salt, bcrypt_gensalt(rounds), saltlen); } else { warnx("Unknown option %s.", now); free(oldnext); return 0; } free(oldnext); return 1; }