lobase

Linux port of OpenBSDs userland.
Log | Files | Refs | README

commit 1d9cb5421f1fe6eb4d9763ed301867ed3e90bd44
parent 0bf865f90eb58776bf8903caa2ec8897bb1f5e3c
Author: Duncaen <mail@duncano.de>
Date:   Fri, 16 Jun 2017 00:32:18 +0200

usr.bin/encrypt: import

Diffstat:
usr.bin/Makefile | 12++++++------
usr.bin/encrypt/Makefile | 8++++++++
usr.bin/encrypt/encrypt.1 | 87+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
usr.bin/encrypt/encrypt.c | 180+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
4 files changed, 281 insertions(+), 6 deletions(-)

diff --git a/usr.bin/Makefile b/usr.bin/Makefile @@ -1,10 +1,10 @@ TOPDIR?=.. SUBDIR= apply awk basename bc biff cal calendar cmp colrm col column comm \ - cut dc dirname du diff3 diff env expand false file fmt fold ftp getopt \ - grep head hexdump id indent join jot lam lndir logger logname look \ - mktemp nice nl nohup paste patch printenv printf readlink renice rev \ - rs sed shar sort spell split stat tee time touch tr true tsort tty ul \ - units uname unexpand uniq unvis uudecode uuencode vis wc what which \ - xinstall htpasswd cu newsyslog sdiff banner + cut dc dirname du diff3 diff encrypt env expand false file fmt fold \ + ftp getopt grep head hexdump id indent join jot lam lndir logger \ + logname look mktemp nice nl nohup paste patch printenv printf readlink \ + renice rev rs sed shar sort spell split stat tee time touch tr true \ + tsort tty ul units uname unexpand uniq unvis uudecode uuencode vis wc \ + what which xinstall htpasswd cu newsyslog sdiff banner SKIPDIR=file ftp cu include ${.TOPDIR}/mk/bsd.subdir.mk diff --git a/usr.bin/encrypt/Makefile b/usr.bin/encrypt/Makefile @@ -0,0 +1,8 @@ +# $OpenBSD: Makefile,v 1.9 2015/10/12 13:53:40 deraadt Exp $ + +.TOPDIR?=../.. + +PROG= encrypt +SRCS= encrypt.c + +include ${.TOPDIR}/mk/bsd.prog.mk diff --git a/usr.bin/encrypt/encrypt.1 b/usr.bin/encrypt/encrypt.1 @@ -0,0 +1,87 @@ +.\" $OpenBSD: encrypt.1,v 1.25 2014/12/24 22:04:26 tedu Exp $ +.\" +.\" Copyright (c) 1996, Jason Downs. All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR(S) ``AS IS'' AND ANY EXPRESS +.\" OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED +.\" WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE +.\" DISCLAIMED. IN NO EVENT SHALL THE AUTHOR(S) BE LIABLE FOR ANY DIRECT, +.\" INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES +.\" (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR +.\" SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER +.\" CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.Dd $Mdocdate: December 24 2014 $ +.Dt ENCRYPT 1 +.Os +.Sh NAME +.Nm encrypt +.Nd encrypt passwords from the command line or standard input +.Sh SYNOPSIS +.Nm encrypt +.Op Fl b Ar rounds +.Op Fl c Ar class +.Op Fl p | Ar string +.Sh DESCRIPTION +.Nm +prints the encrypted form of +.Ar string +to the standard output. +This is mostly useful for encrypting passwords from within scripts. +.Pp +The options are as follows: +.Bl -tag -width Ds +.It Fl b Ar rounds +Encrypt the string using Blowfish hashing with the specified number of +.Ar rounds . +May also specify 'a' to request a variable number of rounds scaled to the +machine's CPU capabilities. +.It Fl c Ar class +Use the cipher type specified in the given user login class. +See +.Xr login.conf 5 +for more information. +.It Fl p +Prompt for a single string with echo turned off. +.El +.Pp +If no +.Ar string +is specified, +.Nm +reads one string per line from standard input, encrypting each one. +In the case where no specific algorithm or specific user login class was given +as a command line option, the algorithm specified in the default class in +.Pa /etc/login.conf +will be used. +.Pp +For Blowfish, a new random salt is automatically generated for each +password. +.Pp +Specifying the +.Ar string +on the command line should be discouraged; using the +standard input is more secure. +.Sh FILES +.Bl -tag -width /etc/login.conf -compact +.It Pa /etc/login.conf +.El +.Sh SEE ALSO +.Xr crypt_newhash 3 , +.Xr login.conf 5 +.Sh HISTORY +.Nm +first appeared in +.Ox 1.2 . diff --git a/usr.bin/encrypt/encrypt.c b/usr.bin/encrypt/encrypt.c @@ -0,0 +1,180 @@ +/* $OpenBSD: encrypt.c,v 1.42 2015/10/10 18:14:20 doug Exp $ */ + +/* + * Copyright (c) 1996, Jason Downs. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR(S) ``AS IS'' AND ANY EXPRESS + * OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED + * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR(S) BE LIABLE FOR ANY DIRECT, + * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR + * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER + * CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include <sys/types.h> +#include <ctype.h> +#include <err.h> +#include <errno.h> +#include <pwd.h> +#include <stdio.h> +#include <stdlib.h> +#include <string.h> +#include <unistd.h> +#ifdef HAVE_LOGIN_CAP_H +#include <login_cap.h> +#endif +#include <limits.h> + +/* + * Very simple little program, for encrypting passwords from the command + * line. Useful for scripts and such. + */ + +extern char *__progname; + +void usage(void); + +#define DO_BLF 0 + +void +usage(void) +{ + + (void)fprintf(stderr, + "usage: %s [-b rounds] [-c class] [-p | string]\n", + __progname); + exit(1); +} + +static void +print_passwd(char *string, int operation, char *extra) +{ + char buffer[_PASSWORD_LEN]; + const char *pref; + char prefbuf[64]; + + if (operation == DO_BLF) { + if (snprintf(prefbuf, sizeof(prefbuf), "blowfish,%s", extra) >= + sizeof(prefbuf)) + errx(1, "pref too long"); + pref = prefbuf; + } else { +#ifdef HAVE_LOGIN_CAP_H + login_cap_t *lc; + + if ((lc = login_getclass(extra)) == NULL) + errx(1, "unable to get login class `%s'", + extra ? (char *)extra : "default"); + + pref = login_getcapstr(lc, "localcipher", NULL, NULL); +#else + pref = extra; + if (extra == NULL) + pref = "blowfish,a"; +#endif + } + if (crypt_newhash(string, pref, buffer, sizeof(buffer)) != 0) + err(1, "can't generate hash"); + + fputs(buffer, stdout); +} + +int +main(int argc, char **argv) +{ + int opt; + int operation = -1; + int prompt = 0; + char *extra = NULL; /* Store login class or number of rounds */ + const char *errstr; + + if (pledge("stdio rpath wpath tty", NULL) == -1) + err(1, "pledge"); + + while ((opt = getopt(argc, argv, "pb:c:")) != -1) { + switch (opt) { + case 'p': + prompt = 1; + break; + case 'b': /* Blowfish password hash */ + if (operation != -1) + usage(); + operation = DO_BLF; + if (strcmp(optarg, "a") != 0) { + (void)strtonum(optarg, 4, 31, &errstr); + if (errstr != NULL) + errx(1, "rounds is %s: %s", errstr, + optarg); + } + extra = optarg; + break; + case 'c': /* user login class */ + extra = optarg; + operation = -1; + break; + default: + usage(); + } + } + + if (((argc - optind) < 1)) { + char line[BUFSIZ], *string; + + if (prompt) { + if ((string = getpass("Enter string: ")) == NULL) + err(1, "getpass"); + print_passwd(string, operation, extra); + (void)fputc('\n', stdout); + } else { + size_t len; + /* Encrypt stdin to stdout. */ + while (!feof(stdin) && + (fgets(line, sizeof(line), stdin) != NULL)) { + len = strlen(line); + if (len == 0 || line[0] == '\n') + continue; + if (line[len - 1] == '\n') + line[len - 1] = '\0'; + + print_passwd(line, operation, extra); + + (void)fputc('\n', stdout); + } + } + } else { + char *string; + + /* can't combine -p with a supplied string */ + if (prompt) + usage(); + + /* Perhaps it isn't worth worrying about, but... */ + if ((string = strdup(argv[optind])) == NULL) + err(1, NULL); + /* Wipe the argument. */ + explicit_bzero(argv[optind], strlen(argv[optind])); + + print_passwd(string, operation, extra); + + (void)fputc('\n', stdout); + + /* Wipe our copy, before we free it. */ + explicit_bzero(string, strlen(string)); + free(string); + } + exit(0); +}