diff options
Diffstat (limited to '')
| -rw-r--r-- | src/usr.bin/openssl/passwd.c | 270 | 
1 files changed, 151 insertions, 119 deletions
| diff --git a/src/usr.bin/openssl/passwd.c b/src/usr.bin/openssl/passwd.c index c29cccf6cf..6267328e62 100644 --- a/src/usr.bin/openssl/passwd.c +++ b/src/usr.bin/openssl/passwd.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: passwd.c,v 1.2 2014/10/22 13:54:03 jsing Exp $ */ | 1 | /* $OpenBSD: passwd.c,v 1.3 2015/01/05 15:25:39 jsing Exp $ */ | 
| 2 | 2 | ||
| 3 | #if defined OPENSSL_NO_MD5 | 3 | #if defined OPENSSL_NO_MD5 | 
| 4 | #define NO_MD5CRYPT_1 | 4 | #define NO_MD5CRYPT_1 | 
| @@ -40,140 +40,166 @@ do_passwd(int passed_salt, char **salt_p, char **salt_malloc_p, | |||
| 40 | char *passwd, BIO * out, int quiet, int table, int reverse, | 40 | char *passwd, BIO * out, int quiet, int table, int reverse, | 
| 41 | size_t pw_maxlen, int usecrypt, int use1, int useapr1); | 41 | size_t pw_maxlen, int usecrypt, int use1, int useapr1); | 
| 42 | 42 | ||
| 43 | /* -crypt - standard Unix password algorithm (default) | 43 | static struct { | 
| 44 | * -1 - MD5-based password algorithm | 44 | char *infile; | 
| 45 | * -apr1 - MD5-based password algorithm, Apache variant | 45 | int in_stdin; | 
| 46 | * -salt string - salt | 46 | int noverify; | 
| 47 | * -in file - read passwords from file | 47 | int quiet; | 
| 48 | * -stdin - read passwords from stdin | 48 | int reverse; | 
| 49 | * -noverify - never verify when reading password from terminal | 49 | char *salt; | 
| 50 | * -quiet - no warnings | 50 | int table; | 
| 51 | * -table - format output as table | 51 | int use1; | 
| 52 | * -reverse - switch table columns | 52 | int useapr1; | 
| 53 | */ | 53 | int usecrypt; | 
| 54 | } passwd_config; | ||
| 55 | |||
| 56 | static struct option passwd_options[] = { | ||
| 57 | #ifndef NO_MD5CRYPT_1 | ||
| 58 | { | ||
| 59 | .name = "1", | ||
| 60 | .desc = "Use MD5 based BSD password algorithm 1", | ||
| 61 | .type = OPTION_FLAG, | ||
| 62 | .opt.flag = &passwd_config.use1, | ||
| 63 | }, | ||
| 64 | { | ||
| 65 | .name = "apr1", | ||
| 66 | .desc = "Use apr1 algorithm (Apache variant of BSD algorithm)", | ||
| 67 | .type = OPTION_FLAG, | ||
| 68 | .opt.flag = &passwd_config.useapr1, | ||
| 69 | }, | ||
| 70 | #endif | ||
| 71 | #ifndef OPENSSL_NO_DES | ||
| 72 | { | ||
| 73 | .name = "crypt", | ||
| 74 | .desc = "Use crypt algorithm (default)", | ||
| 75 | .type = OPTION_FLAG, | ||
| 76 | .opt.flag = &passwd_config.usecrypt, | ||
| 77 | }, | ||
| 78 | #endif | ||
| 79 | { | ||
| 80 | .name = "in", | ||
| 81 | .argname = "file", | ||
| 82 | .desc = "Read passwords from specified file", | ||
| 83 | .type = OPTION_ARG, | ||
| 84 | .opt.arg = &passwd_config.infile, | ||
| 85 | }, | ||
| 86 | { | ||
| 87 | .name = "noverify", | ||
| 88 | .desc = "Do not verify password", | ||
| 89 | .type = OPTION_FLAG, | ||
| 90 | .opt.flag = &passwd_config.noverify, | ||
| 91 | }, | ||
| 92 | { | ||
| 93 | .name = "quiet", | ||
| 94 | .desc = "Do not output warnings", | ||
| 95 | .type = OPTION_FLAG, | ||
| 96 | .opt.flag = &passwd_config.quiet, | ||
| 97 | }, | ||
| 98 | { | ||
| 99 | .name = "reverse", | ||
| 100 | .desc = "Reverse table columns (requires -table)", | ||
| 101 | .type = OPTION_FLAG, | ||
| 102 | .opt.flag = &passwd_config.reverse, | ||
| 103 | }, | ||
| 104 | { | ||
| 105 | .name = "salt", | ||
| 106 | .argname = "string", | ||
| 107 | .desc = "Use specified salt", | ||
| 108 | .type = OPTION_ARG, | ||
| 109 | .opt.arg = &passwd_config.salt, | ||
| 110 | }, | ||
| 111 | { | ||
| 112 | .name = "stdin", | ||
| 113 | .desc = "Read passwords from stdin", | ||
| 114 | .type = OPTION_FLAG, | ||
| 115 | .opt.flag = &passwd_config.in_stdin, | ||
| 116 | }, | ||
| 117 | { | ||
| 118 | .name = "table", | ||
| 119 | .desc = "Output cleartext and hashed passwords (tab separated)", | ||
| 120 | .type = OPTION_FLAG, | ||
| 121 | .opt.flag = &passwd_config.table, | ||
| 122 | }, | ||
| 123 | { NULL }, | ||
| 124 | }; | ||
| 125 | |||
| 126 | static void | ||
| 127 | passwd_usage(void) | ||
| 128 | { | ||
| 129 | fprintf(stderr, "usage: passwd [-1 | -apr1 | -crypt] [-in file] " | ||
| 130 | "[-noverify] [-quiet]\n" | ||
| 131 | " [-reverse] [-salt string] [-stdin] [-table] [password]\n\n"); | ||
| 132 | options_usage(passwd_options); | ||
| 133 | } | ||
| 54 | 134 | ||
| 55 | int passwd_main(int, char **); | 135 | int passwd_main(int, char **); | 
| 56 | 136 | ||
| 57 | int | 137 | int | 
| 58 | passwd_main(int argc, char **argv) | 138 | passwd_main(int argc, char **argv) | 
| 59 | { | 139 | { | 
| 60 | int ret = 1; | 140 | char *passwd = NULL, **passwds = NULL; | 
| 61 | char *infile = NULL; | ||
| 62 | int in_stdin = 0; | ||
| 63 | int in_noverify = 0; | ||
| 64 | char *salt = NULL, *passwd = NULL, **passwds = NULL; | ||
| 65 | char *salt_malloc = NULL, *passwd_malloc = NULL; | 141 | char *salt_malloc = NULL, *passwd_malloc = NULL; | 
| 66 | size_t passwd_malloc_size = 0; | 142 | size_t passwd_malloc_size = 0; | 
| 67 | int pw_source_defined = 0; | ||
| 68 | BIO *in = NULL, *out = NULL; | 143 | BIO *in = NULL, *out = NULL; | 
| 69 | int i, badopt, opt_done; | 144 | int badopt = 0; | 
| 70 | int passed_salt = 0, quiet = 0, table = 0, reverse = 0; | 145 | int passed_salt = 0; | 
| 71 | int usecrypt = 0, use1 = 0, useapr1 = 0; | ||
| 72 | size_t pw_maxlen = 0; | 146 | size_t pw_maxlen = 0; | 
| 147 | int argsused; | ||
| 148 | int ret = 1; | ||
| 73 | 149 | ||
| 74 | out = BIO_new(BIO_s_file()); | 150 | memset(&passwd_config, 0, sizeof(passwd_config)); | 
| 75 | if (out == NULL) | ||
| 76 | goto err; | ||
| 77 | BIO_set_fp(out, stdout, BIO_NOCLOSE | BIO_FP_TEXT); | ||
| 78 | 151 | ||
| 79 | badopt = 0, opt_done = 0; | 152 | if (options_parse(argc, argv, passwd_options, NULL, &argsused) != 0) { | 
| 80 | i = 0; | 153 | passwd_usage(); | 
| 81 | while (!badopt && !opt_done && argv[++i] != NULL) { | 154 | goto err; | 
| 82 | if (strcmp(argv[i], "-crypt") == 0) | ||
| 83 | usecrypt = 1; | ||
| 84 | else if (strcmp(argv[i], "-1") == 0) | ||
| 85 | use1 = 1; | ||
| 86 | else if (strcmp(argv[i], "-apr1") == 0) | ||
| 87 | useapr1 = 1; | ||
| 88 | else if (strcmp(argv[i], "-salt") == 0) { | ||
| 89 | if ((argv[i + 1] != NULL) && (salt == NULL)) { | ||
| 90 | passed_salt = 1; | ||
| 91 | salt = argv[++i]; | ||
| 92 | } else | ||
| 93 | badopt = 1; | ||
| 94 | } else if (strcmp(argv[i], "-in") == 0) { | ||
| 95 | if ((argv[i + 1] != NULL) && !pw_source_defined) { | ||
| 96 | pw_source_defined = 1; | ||
| 97 | infile = argv[++i]; | ||
| 98 | } else | ||
| 99 | badopt = 1; | ||
| 100 | } else if (strcmp(argv[i], "-stdin") == 0) { | ||
| 101 | if (!pw_source_defined) { | ||
| 102 | pw_source_defined = 1; | ||
| 103 | in_stdin = 1; | ||
| 104 | } else | ||
| 105 | badopt = 1; | ||
| 106 | } else if (strcmp(argv[i], "-noverify") == 0) | ||
| 107 | in_noverify = 1; | ||
| 108 | else if (strcmp(argv[i], "-quiet") == 0) | ||
| 109 | quiet = 1; | ||
| 110 | else if (strcmp(argv[i], "-table") == 0) | ||
| 111 | table = 1; | ||
| 112 | else if (strcmp(argv[i], "-reverse") == 0) | ||
| 113 | reverse = 1; | ||
| 114 | else if (argv[i][0] == '-') | ||
| 115 | badopt = 1; | ||
| 116 | else if (!pw_source_defined) | ||
| 117 | /* non-option arguments, use as passwords */ | ||
| 118 | { | ||
| 119 | pw_source_defined = 1; | ||
| 120 | passwds = &argv[i]; | ||
| 121 | opt_done = 1; | ||
| 122 | } else | ||
| 123 | badopt = 1; | ||
| 124 | } | 155 | } | 
| 125 | 156 | ||
| 126 | if (!usecrypt && !use1 && !useapr1) /* use default */ | 157 | if (argsused < argc) | 
| 127 | usecrypt = 1; | 158 | passwds = &argv[argsused]; | 
| 128 | if (usecrypt + use1 + useapr1 > 1) /* conflict */ | 159 | if (passwd_config.salt != NULL) | 
| 129 | badopt = 1; | 160 | passed_salt = 1; | 
| 130 | 161 | ||
| 131 | /* reject unsupported algorithms */ | 162 | if (!passwd_config.usecrypt && !passwd_config.use1 && | 
| 163 | !passwd_config.useapr1) | ||
| 164 | passwd_config.usecrypt = 1; /* use default */ | ||
| 165 | if (passwd_config.usecrypt + passwd_config.use1 + | ||
| 166 | passwd_config.useapr1 > 1) | ||
| 167 | badopt = 1; /* conflicting options */ | ||
| 168 | |||
| 169 | /* Reject unsupported algorithms */ | ||
| 132 | #ifdef OPENSSL_NO_DES | 170 | #ifdef OPENSSL_NO_DES | 
| 133 | if (usecrypt) | 171 | if (passwd_config.usecrypt) | 
| 134 | badopt = 1; | 172 | badopt = 1; | 
| 135 | #endif | 173 | #endif | 
| 136 | #ifdef NO_MD5CRYPT_1 | 174 | #ifdef NO_MD5CRYPT_1 | 
| 137 | if (use1 || useapr1) | 175 | if (passwd_config.use1 || passwd_config.useapr1) | 
| 138 | badopt = 1; | 176 | badopt = 1; | 
| 139 | #endif | 177 | #endif | 
| 140 | 178 | ||
| 141 | if (badopt) { | 179 | if (badopt) { | 
| 142 | BIO_printf(bio_err, "Usage: passwd [options] [passwords]\n"); | 180 | passwd_usage(); | 
| 143 | BIO_printf(bio_err, "where options are\n"); | ||
| 144 | #ifndef OPENSSL_NO_DES | ||
| 145 | BIO_printf(bio_err, "-crypt standard Unix password algorithm (default)\n"); | ||
| 146 | #endif | ||
| 147 | #ifndef NO_MD5CRYPT_1 | ||
| 148 | BIO_printf(bio_err, "-1 MD5-based password algorithm\n"); | ||
| 149 | BIO_printf(bio_err, "-apr1 MD5-based password algorithm, Apache variant\n"); | ||
| 150 | #endif | ||
| 151 | BIO_printf(bio_err, "-salt string use provided salt\n"); | ||
| 152 | BIO_printf(bio_err, "-in file read passwords from file\n"); | ||
| 153 | BIO_printf(bio_err, "-stdin read passwords from stdin\n"); | ||
| 154 | BIO_printf(bio_err, "-noverify never verify when reading password from terminal\n"); | ||
| 155 | BIO_printf(bio_err, "-quiet no warnings\n"); | ||
| 156 | BIO_printf(bio_err, "-table format output as table\n"); | ||
| 157 | BIO_printf(bio_err, "-reverse switch table columns\n"); | ||
| 158 | |||
| 159 | goto err; | 181 | goto err; | 
| 160 | } | 182 | } | 
| 161 | if ((infile != NULL) || in_stdin) { | 183 | |
| 162 | in = BIO_new(BIO_s_file()); | 184 | if ((out = BIO_new(BIO_s_file())) == NULL) | 
| 163 | if (in == NULL) | 185 | goto err; | 
| 186 | BIO_set_fp(out, stdout, BIO_NOCLOSE | BIO_FP_TEXT); | ||
| 187 | |||
| 188 | if (passwd_config.infile != NULL || passwd_config.in_stdin) { | ||
| 189 | if ((in = BIO_new(BIO_s_file())) == NULL) | ||
| 164 | goto err; | 190 | goto err; | 
| 165 | if (infile != NULL) { | 191 | if (passwd_config.infile != NULL) { | 
| 166 | assert(in_stdin == 0); | 192 | assert(passwd_config.in_stdin == 0); | 
| 167 | if (BIO_read_filename(in, infile) <= 0) | 193 | if (BIO_read_filename(in, passwd_config.infile) <= 0) | 
| 168 | goto err; | 194 | goto err; | 
| 169 | } else { | 195 | } else { | 
| 170 | assert(in_stdin); | 196 | assert(passwd_config.in_stdin); | 
| 171 | BIO_set_fp(in, stdin, BIO_NOCLOSE); | 197 | BIO_set_fp(in, stdin, BIO_NOCLOSE); | 
| 172 | } | 198 | } | 
| 173 | } | 199 | } | 
| 174 | if (usecrypt) | 200 | if (passwd_config.usecrypt) | 
| 175 | pw_maxlen = 8; | 201 | pw_maxlen = 8; | 
| 176 | else if (use1 || useapr1) | 202 | else if (passwd_config.use1 || passwd_config.useapr1) | 
| 177 | pw_maxlen = 256;/* arbitrary limit, should be enough for most | 203 | pw_maxlen = 256;/* arbitrary limit, should be enough for most | 
| 178 | * passwords */ | 204 | * passwords */ | 
| 179 | 205 | ||
| @@ -186,13 +212,15 @@ passwd_main(int argc, char **argv) | |||
| 186 | if (passwd_malloc == NULL) | 212 | if (passwd_malloc == NULL) | 
| 187 | goto err; | 213 | goto err; | 
| 188 | } | 214 | } | 
| 189 | if ((in == NULL) && (passwds == NULL)) { | 215 | if (in == NULL && passwds == NULL) { | 
| 190 | /* build a null-terminated list */ | 216 | /* build a null-terminated list */ | 
| 191 | static char *passwds_static[2] = {NULL, NULL}; | 217 | static char *passwds_static[2] = {NULL, NULL}; | 
| 192 | 218 | ||
| 193 | passwds = passwds_static; | 219 | passwds = passwds_static; | 
| 194 | if (in == NULL) | 220 | if (in == NULL) | 
| 195 | if (EVP_read_pw_string(passwd_malloc, passwd_malloc_size, "Password: ", !(passed_salt || in_noverify)) != 0) | 221 | if (EVP_read_pw_string(passwd_malloc, | 
| 222 | passwd_malloc_size, "Password: ", | ||
| 223 | !(passed_salt || passwd_config.noverify)) != 0) | ||
| 196 | goto err; | 224 | goto err; | 
| 197 | passwds[0] = passwd_malloc; | 225 | passwds[0] = passwd_malloc; | 
| 198 | } | 226 | } | 
| @@ -200,16 +228,16 @@ passwd_main(int argc, char **argv) | |||
| 200 | assert(passwds != NULL); | 228 | assert(passwds != NULL); | 
| 201 | assert(*passwds != NULL); | 229 | assert(*passwds != NULL); | 
| 202 | 230 | ||
| 203 | do { /* loop over list of passwords */ | 231 | do { /* loop over list of passwords */ | 
| 204 | passwd = *passwds++; | 232 | passwd = *passwds++; | 
| 205 | if (!do_passwd(passed_salt, &salt, &salt_malloc, passwd, out, | 233 | if (!do_passwd(passed_salt, &passwd_config.salt, | 
| 206 | quiet, table, reverse, pw_maxlen, usecrypt, use1, useapr1)) | 234 | &salt_malloc, passwd, out, passwd_config.quiet, | 
| 235 | passwd_config.table, passwd_config.reverse, | ||
| 236 | pw_maxlen, passwd_config.usecrypt, | ||
| 237 | passwd_config.use1, passwd_config.useapr1)) | ||
| 207 | goto err; | 238 | goto err; | 
| 208 | } | 239 | } while (*passwds != NULL); | 
| 209 | while (*passwds != NULL); | 240 | } else { | 
| 210 | } else | ||
| 211 | /* in != NULL */ | ||
| 212 | { | ||
| 213 | int done; | 241 | int done; | 
| 214 | 242 | ||
| 215 | assert(passwd != NULL); | 243 | assert(passwd != NULL); | 
| @@ -227,23 +255,27 @@ passwd_main(int argc, char **argv) | |||
| 227 | while ((r > 0) && (!strchr(trash, '\n'))); | 255 | while ((r > 0) && (!strchr(trash, '\n'))); | 
| 228 | } | 256 | } | 
| 229 | 257 | ||
| 230 | if (!do_passwd(passed_salt, &salt, &salt_malloc, passwd, out, | 258 | if (!do_passwd(passed_salt, &passwd_config.salt, | 
| 231 | quiet, table, reverse, pw_maxlen, usecrypt, use1, useapr1)) | 259 | &salt_malloc, passwd, out, | 
| 260 | passwd_config.quiet, passwd_config.table, | ||
| 261 | passwd_config.reverse, pw_maxlen, | ||
| 262 | passwd_config.usecrypt, passwd_config.use1, | ||
| 263 | passwd_config.useapr1)) | ||
| 232 | goto err; | 264 | goto err; | 
| 233 | } | 265 | } | 
| 234 | done = (r <= 0); | 266 | done = (r <= 0); | 
| 235 | } | 267 | } while (!done); | 
| 236 | while (!done); | ||
| 237 | } | 268 | } | 
| 238 | ret = 0; | 269 | ret = 0; | 
| 239 | 270 | ||
| 240 | err: | 271 | err: | 
| 241 | ERR_print_errors(bio_err); | 272 | ERR_print_errors(bio_err); | 
| 273 | |||
| 242 | free(salt_malloc); | 274 | free(salt_malloc); | 
| 243 | free(passwd_malloc); | 275 | free(passwd_malloc); | 
| 276 | |||
| 244 | BIO_free(in); | 277 | BIO_free(in); | 
| 245 | if (out) | 278 | BIO_free_all(out); | 
| 246 | BIO_free_all(out); | ||
| 247 | 279 | ||
| 248 | return (ret); | 280 | return (ret); | 
| 249 | } | 281 | } | 
