diff options
| author | Andreas Henriksson <andreas@fatal.se> | 2019-12-05 13:29:31 +0100 |
|---|---|---|
| committer | Andreas Henriksson <andreas@fatal.se> | 2019-12-05 13:29:31 +0100 |
| commit | 69d932140c70455a282b6e7115d9caf0cc56d6ff (patch) | |
| tree | eda18bc82cc58e5d193e608f00543b2b5b537d49 /src/chpasswd.c | |
| parent | b28d45d2bd2462414b9dbbe38e6c7f3d5f7b462b (diff) | |
| download | shadow-69d932140c70455a282b6e7115d9caf0cc56d6ff.tar.gz | |
New upstream version 4.8upstream/4.8
Diffstat (limited to 'src/chpasswd.c')
| -rw-r--r-- | src/chpasswd.c | 86 |
1 files changed, 67 insertions, 19 deletions
diff --git a/src/chpasswd.c b/src/chpasswd.c index d1c1043a..be61e038 100644 --- a/src/chpasswd.c +++ b/src/chpasswd.c @@ -58,15 +58,18 @@ const char *Prog; static bool eflg = false; static bool md5flg = false; -#ifdef USE_SHA_CRYPT +#if defined(USE_SHA_CRYPT) || defined(USE_BCRYPT) static bool sflg = false; -#endif /* USE_SHA_CRYPT */ +#endif static /*@null@*//*@observer@*/const char *crypt_method = NULL; #define cflg (NULL != crypt_method) #ifdef USE_SHA_CRYPT static long sha_rounds = 5000; -#endif /* USE_SHA_CRYPT */ +#endif +#ifdef USE_BCRYPT +static long bcrypt_rounds = 13; +#endif static bool is_shadow_pwd; static bool pw_locked = false; @@ -118,11 +121,15 @@ static /*@noreturn@*/void usage (int status) Prog); (void) fprintf (usageout, _(" -c, --crypt-method METHOD the crypt method (one of %s)\n"), -#ifndef USE_SHA_CRYPT +#if !defined(USE_SHA_CRYPT) && !defined(USE_BCRYPT) "NONE DES MD5" -#else /* USE_SHA_CRYPT */ +#elif defined(USE_SHA_CRYPT) && defined(USE_BCRYPT) + "NONE DES MD5 SHA256 SHA512 BCRYPT" +#elif defined(USE_SHA_CRYPT) "NONE DES MD5 SHA256 SHA512" -#endif /* USE_SHA_CRYPT */ +#else + "NONE DES MD5 BCRYPT" +#endif ); (void) fputs (_(" -e, --encrypted supplied passwords are encrypted\n"), usageout); (void) fputs (_(" -h, --help display this help message and exit\n"), usageout); @@ -130,11 +137,11 @@ static /*@noreturn@*/void usage (int status) " the MD5 algorithm\n"), usageout); (void) fputs (_(" -R, --root CHROOT_DIR directory to chroot into\n"), usageout); -#ifdef USE_SHA_CRYPT - (void) fputs (_(" -s, --sha-rounds number of SHA rounds for the SHA*\n" +#if defined(USE_SHA_CRYPT) || defined(USE_BCRYPT) + (void) fputs (_(" -s, --sha-rounds number of rounds for the SHA or BCRYPT\n" " crypt algorithms\n"), usageout); -#endif /* USE_SHA_CRYPT */ +#endif /* USE_SHA_CRYPT || USE_BCRYPT */ (void) fputs ("\n", usageout); exit (status); @@ -154,18 +161,18 @@ static void process_flags (int argc, char **argv) {"help", no_argument, NULL, 'h'}, {"md5", no_argument, NULL, 'm'}, {"root", required_argument, NULL, 'R'}, -#ifdef USE_SHA_CRYPT +#if defined(USE_SHA_CRYPT) || defined(USE_BCRYPT) {"sha-rounds", required_argument, NULL, 's'}, -#endif /* USE_SHA_CRYPT */ +#endif /* USE_SHA_CRYPT || USE_BCRYPT */ {NULL, 0, NULL, '\0'} }; while ((c = getopt_long (argc, argv, -#ifdef USE_SHA_CRYPT +#if defined(USE_SHA_CRYPT) || defined(USE_BCRYPT) "c:ehmR:s:", -#else /* !USE_SHA_CRYPT */ +#else "c:ehmR:", -#endif /* !USE_SHA_CRYPT */ +#endif long_options, NULL)) != -1) { switch (c) { case 'c': @@ -182,17 +189,41 @@ static void process_flags (int argc, char **argv) break; case 'R': /* no-op, handled in process_root_flag () */ break; -#ifdef USE_SHA_CRYPT +#if defined(USE_SHA_CRYPT) && defined(USE_BCRYPT) case 's': sflg = true; - if (getlong(optarg, &sha_rounds) == 0) { + if ( ( ((0 == strcmp (crypt_method, "SHA256")) || (0 == strcmp (crypt_method, "SHA512"))) + && (0 == getlong(optarg, &sha_rounds))) + || ( (0 == strcmp (crypt_method, "BCRYPT")) + && (0 == getlong(optarg, &bcrypt_rounds)))) { fprintf (stderr, _("%s: invalid numeric argument '%s'\n"), Prog, optarg); usage (E_USAGE); } break; -#endif /* USE_SHA_CRYPT */ +#elif defined(USE_SHA_CRYPT) + case 's': + sflg = true; + if (0 == getlong(optarg, &sha_rounds)) { + fprintf (stderr, + _("%s: invalid numeric argument '%s'\n"), + Prog, optarg); + usage (E_USAGE); + } + break; +#elif defined(USE_BCRYPT) + case 's': + sflg = true; + if (0 == getlong(optarg, &bcrypt_rounds)) { + fprintf (stderr, + _("%s: invalid numeric argument '%s'\n"), + Prog, optarg); + usage (E_USAGE); + } + break; +#endif + default: usage (E_USAGE); /*@notreached@*/break; @@ -210,7 +241,7 @@ static void process_flags (int argc, char **argv) */ static void check_flags (void) { -#ifdef USE_SHA_CRYPT +#if defined(USE_SHA_CRYPT) || defined(USE_BCRYPT) if (sflg && !cflg) { fprintf (stderr, _("%s: %s flag is only allowed with the %s flag\n"), @@ -235,6 +266,9 @@ static void check_flags (void) && (0 != strcmp (crypt_method, "SHA256")) && (0 != strcmp (crypt_method, "SHA512")) #endif /* USE_SHA_CRYPT */ +#ifdef USE_BCRYPT + && (0 != strcmp (crypt_method, "BCRYPT")) +#endif /* USE_BCRYPT */ ) { fprintf (stderr, _("%s: unsupported crypt method: %s\n"), @@ -496,10 +530,24 @@ int main (int argc, char **argv) if (md5flg) { crypt_method = "MD5"; } -#ifdef USE_SHA_CRYPT +#if defined(USE_SHA_CRYPT) && defined(USE_BCRYPT) + if (sflg) { + if ( (0 == strcmp (crypt_method, "SHA256")) + || (0 == strcmp (crypt_method, "SHA512"))) { + arg = &sha_rounds; + } + else if (0 == strcmp (crypt_method, "BCRYPT")) { + arg = &bcrypt_rounds; + } + } +#elif defined(USE_SHA_CRYPT) if (sflg) { arg = &sha_rounds; } +#elif defined(USE_BCRYPT) + if (sflg) { + arg = &bcrypt_rounds; + } #endif salt = crypt_make_salt (crypt_method, arg); cp = pw_encrypt (newpwd, salt); |