diff options
| author |   tedu <tedu@openbsd.org> | 2014-11-21 05:13:44 +0000 |
|---|---|---|
| committer | tedu <tedu@openbsd.org> | 2014-11-21 05:13:44 +0000 |
| commit | 817d1ee3be5cd45876f490c81c585e5b57bf1fb5 (patch) | |
| tree | a0d18c82c4ace5d9bbd0d81089cfee81a6977435 | |
| parent | We repeatedly observed assertion crashes in the low-level terminal (diff) | |
| download | wireguard-openbsd-817d1ee3be5cd45876f490c81c585e5b57bf1fb5.tar.xz wireguard-openbsd-817d1ee3be5cd45876f490c81c585e5b57bf1fb5.zip | |
change prototype for crypt_newhash. the login_cap_t is a holdover from its
pwd_gensalt origins, but a string argument works equally work and is more
friendly to consumers beyond local user accounts.
ok deraadt
| -rw-r--r-- | include/login_cap.h | 4 | ||||
| -rw-r--r-- | include/unistd.h | 3 | ||||
| -rw-r--r-- | lib/libc/crypt/crypt_checkpass.3 | 13 | ||||
| -rw-r--r-- | lib/libc/crypt/cryptutil.c | 12 | ||||
| -rw-r--r-- | usr.bin/passwd/local_passwd.c | 8 | ||||
| -rw-r--r-- | usr.bin/passwd/yp_passwd.c | 8 |
6 files changed, 23 insertions, 25 deletions
diff --git a/include/login_cap.h b/include/login_cap.h index 5c816bd56d5..910d78b5dd9 100644 --- a/include/login_cap.h +++ b/include/login_cap.h @@ -1,4 +1,4 @@ -/* $OpenBSD: login_cap.h,v 1.14 2014/11/19 22:59:50 tedu Exp $ */ +/* $OpenBSD: login_cap.h,v 1.15 2014/11/21 05:13:44 tedu Exp $ */ /*- * Copyright (c) 1995,1997 Berkeley Software Design, Inc. All rights reserved. @@ -104,8 +104,6 @@ int secure_path(char *); int setclasscontext(char *, unsigned int); int setusercontext(login_cap_t *, struct passwd *, uid_t, unsigned int); -int crypt_newhash(const char *pass, login_cap_t *lc, char *hash, size_t hashlen); - __END_DECLS #endif /* _LOGIN_CAP_H_ */ diff --git a/include/unistd.h b/include/unistd.h index 4022932efc8..0a8bca39edd 100644 --- a/include/unistd.h +++ b/include/unistd.h @@ -1,4 +1,4 @@ -/* $OpenBSD: unistd.h,v 1.93 2014/09/18 04:37:56 guenther Exp $ */ +/* $OpenBSD: unistd.h,v 1.94 2014/11/21 05:13:44 tedu Exp $ */ /* $NetBSD: unistd.h,v 1.26.4.1 1996/05/28 02:31:51 mrg Exp $ */ /*- @@ -489,6 +489,7 @@ int pipe2(int [2], int); int acct(const char *); int closefrom(int); int crypt_checkpass(const char *, const char *); +int crypt_newhash(const char *, const char *, char *, size_t); int des_cipher(const char *, char *, int32_t, int); int des_setkey(const char *); void endusershell(void); diff --git a/lib/libc/crypt/crypt_checkpass.3 b/lib/libc/crypt/crypt_checkpass.3 index 3a360fb8998..479a78647b9 100644 --- a/lib/libc/crypt/crypt_checkpass.3 +++ b/lib/libc/crypt/crypt_checkpass.3 @@ -1,4 +1,4 @@ -.\" $OpenBSD: crypt_checkpass.3,v 1.1 2014/11/20 19:18:25 tedu Exp $ +.\" $OpenBSD: crypt_checkpass.3,v 1.2 2014/11/21 05:13:44 tedu Exp $ .\" .\" Copyright (c) Ted Unangst <tedu@openbsd.org> .\" @@ -14,7 +14,7 @@ .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. .\" -.Dd $Mdocdate: November 20 2014 $ +.Dd $Mdocdate: November 21 2014 $ .Dt CRYPT_CHECKPASS 3 .Os .Sh NAME @@ -25,9 +25,8 @@ .In unistd.h .Ft int .Fn crypt_checkpass "const char *password" "const char *hash" -.In login_cap.h .Ft int -.Fn crypt_newhash "const char *password" "login_cap_t *lc" "char *hash" "size_t hashsize" +.Fn crypt_newhash "const char *password" "const char *pref" "char *hash" "size_t hashsize" .Sh DESCRIPTION The .Fn crypt_checkpass @@ -47,9 +46,9 @@ The provided .Fa password is randomly salted and hashed and stored in .Fa hash . -The login class argument -.Fa lc -is used to identify the preferred hashing algorithm and parameters. +The +.Fa pref +argument identifies the preferred hashing algorithm and parameters. Refer to .Xr login.conf 5 . .Sh RETURN VALUES diff --git a/lib/libc/crypt/cryptutil.c b/lib/libc/crypt/cryptutil.c index 4a8c46be49d..f9045ed601d 100644 --- a/lib/libc/crypt/cryptutil.c +++ b/lib/libc/crypt/cryptutil.c @@ -1,4 +1,4 @@ -/* $OpenBSD: cryptutil.c,v 1.2 2014/11/17 16:47:28 tedu Exp $ */ +/* $OpenBSD: cryptutil.c,v 1.3 2014/11/21 05:13:44 tedu Exp $ */ /* * Copyright (c) 2014 Ted Unangst <tedu@openbsd.org> * @@ -55,16 +55,14 @@ fail: } int -crypt_newhash(const char *pass, login_cap_t *lc, char *hash, size_t hashlen) +crypt_newhash(const char *pass, const char *pref, char *hash, size_t hashlen) { int rv = -1; - char *pref; - char *defaultpref = "blowfish,8"; + const char *defaultpref = "blowfish,8"; const char *errstr; int rounds; - if (lc == NULL || - (pref = login_getcapstr(lc, "localcipher", NULL, NULL)) == NULL) + if (pref == NULL) pref = defaultpref; if (strncmp(pref, "blowfish,", 9) != 0) { errno = EINVAL; @@ -76,7 +74,5 @@ crypt_newhash(const char *pass, login_cap_t *lc, char *hash, size_t hashlen) rv = bcrypt_newhash(pass, rounds, hash, hashlen); err: - if (pref != defaultpref) - free(pref); return rv; } diff --git a/usr.bin/passwd/local_passwd.c b/usr.bin/passwd/local_passwd.c index 47d348c017d..cd20c7a1165 100644 --- a/usr.bin/passwd/local_passwd.c +++ b/usr.bin/passwd/local_passwd.c @@ -1,4 +1,4 @@ -/* $OpenBSD: local_passwd.c,v 1.43 2014/11/20 14:53:15 tedu Exp $ */ +/* $OpenBSD: local_passwd.c,v 1.44 2014/11/21 05:13:44 tedu Exp $ */ /*- * Copyright (c) 1990 The Regents of the University of California. @@ -147,7 +147,7 @@ char * getnewpasswd(struct passwd *pw, login_cap_t *lc, int authenticated) { static char hash[_PASSWORD_LEN]; - char *p; + char *p, *pref; int tries, pwd_tries; char buf[1024]; sig_t saveint, savequit; @@ -198,10 +198,12 @@ getnewpasswd(struct passwd *pw, login_cap_t *lc, int authenticated) (void)signal(SIGINT, saveint); (void)signal(SIGQUIT, savequit); - if (crypt_newhash(buf, lc, hash, sizeof(hash)) != 0) { + pref = login_getcapstr(lc, "localcipher", NULL, NULL); + if (crypt_newhash(buf, pref, hash, sizeof(hash)) != 0) { (void)printf("Couldn't generate hash.\n"); pw_error(NULL, 0, 0); } + free(pref); return hash; } diff --git a/usr.bin/passwd/yp_passwd.c b/usr.bin/passwd/yp_passwd.c index f37c817a794..2765eef00e2 100644 --- a/usr.bin/passwd/yp_passwd.c +++ b/usr.bin/passwd/yp_passwd.c @@ -1,4 +1,4 @@ -/* $OpenBSD: yp_passwd.c,v 1.33 2014/11/20 14:53:15 tedu Exp $ */ +/* $OpenBSD: yp_passwd.c,v 1.34 2014/11/21 05:13:44 tedu Exp $ */ /* * Copyright (c) 1988 The Regents of the University of California. @@ -192,7 +192,7 @@ ypgetnewpasswd(struct passwd *pw, login_cap_t *lc, char **old_pass) char buf[1024], hash[_PASSWORD_LEN]; sig_t saveint, savequit; int tries, pwd_tries; - char *p; + char *p, *pref; saveint = signal(SIGINT, kbintr); savequit = signal(SIGQUIT, kbintr); @@ -239,10 +239,12 @@ ypgetnewpasswd(struct passwd *pw, login_cap_t *lc, char **old_pass) (void)signal(SIGINT, saveint); (void)signal(SIGQUIT, savequit); - if (crypt_newhash(buf, lc, hash, sizeof(hash)) == -1) { + pref = login_getcapstr(lc, "localcipher", NULL, NULL); + if (crypt_newhash(buf, pref, hash, sizeof(hash)) == -1) { (void)printf("Couldn't generate hash.\n"); pw_error(NULL, 0, 0); } + free(pref); p = strdup(hash); if (p == NULL) pw_error(NULL, 1, 1); |