From 4fa1cd69e45dc29249e8abc413278a7982c996c5 Mon Sep 17 00:00:00 2001 From: Marco d'Itri Date: Sun, 14 Dec 2014 23:47:33 +0100 Subject: mkpasswd: use arc4random_buf where available --- config.h | 9 +++++++++ 1 file changed, 9 insertions(+) (limited to 'config.h') diff --git a/config.h b/config.h index 4492e4b..7e324f7 100644 --- a/config.h +++ b/config.h @@ -81,6 +81,15 @@ # define RANDOM_DEVICE "/dev/urandom" #endif +/* use arc4random_buf instead if it is available */ +#if (defined __FreeBSD__ && __FreeBSD__ >= 9) || \ + (defined __NetBSD__ && __NetBSD_Version__ >= 600000000) || \ + (defined OpenBSD && OpenBSD >= 200805) || \ + (defined __APPLE__ && defined __MACH__) +# define HAVE_ARC4RANDOM_BUF +# undef RANDOM_DEVICE +#endif + #ifdef ENABLE_NLS # ifndef NLS_CAT_NAME # define NLS_CAT_NAME "whois" -- cgit v1.2.3 From b1cf371706fbc90bc54817c1103d89f6505efaa7 Mon Sep 17 00:00:00 2001 From: Marco d'Itri Date: Sun, 26 Feb 2017 03:23:51 +0100 Subject: Do not use arc4random_buf on OS X v10.6 or erlier Because it had not been implemented yet. Patch from MacPorts. --- config.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'config.h') diff --git a/config.h b/config.h index 7e324f7..ee75c49 100644 --- a/config.h +++ b/config.h @@ -85,7 +85,7 @@ #if (defined __FreeBSD__ && __FreeBSD__ >= 9) || \ (defined __NetBSD__ && __NetBSD_Version__ >= 600000000) || \ (defined OpenBSD && OpenBSD >= 200805) || \ - (defined __APPLE__ && defined __MACH__) + (defined __APPLE__ && defined __MACH__ && MAC_OS_X_VERSION_MIN_REQUIRED >= 1070) # define HAVE_ARC4RANDOM_BUF # undef RANDOM_DEVICE #endif -- cgit v1.2.3 From a4815eb370626ec070b5be0fe4a901feb7c020fa Mon Sep 17 00:00:00 2001 From: Marco d'Itri Date: Sun, 26 Feb 2017 14:13:27 +0100 Subject: BSD portability fixes --- Makefile | 2 +- config.h | 4 ++++ mkpasswd.c | 1 + 3 files changed, 6 insertions(+), 1 deletion(-) (limited to 'config.h') diff --git a/Makefile b/Makefile index 2634a9a..28eb36f 100644 --- a/Makefile +++ b/Makefile @@ -15,7 +15,7 @@ mkpasswd_OBJECTS := mkpasswd.o utils.o # FreeBSD #whois_LDADD += -liconv #LIBS += -L/usr/local/lib -lintl -#INCLUDES += -I/usr/local/include +#DEFS += -I/usr/local/include # OS/2 EMX #whois_LDADD += -lsocket diff --git a/config.h b/config.h index ee75c49..2cd4636 100644 --- a/config.h +++ b/config.h @@ -13,6 +13,10 @@ /* autoconf in cpp macros */ +#if defined __NetBSD__ || __OpenBSD__ +# include +#endif + #ifdef linux # define ENABLE_NLS #endif diff --git a/mkpasswd.c b/mkpasswd.c index a872ae3..e2872c7 100644 --- a/mkpasswd.c +++ b/mkpasswd.c @@ -32,6 +32,7 @@ #endif #include #include +#include #include #include #ifdef HAVE_XCRYPT -- cgit v1.2.3 From 6557a52b3e461645caa2f5795e70b5560b5e4246 Mon Sep 17 00:00:00 2001 From: Marco d'Itri Date: Sun, 10 Dec 2017 17:04:36 +0100 Subject: mkpasswd: use getentropy(2) on recent Linux --- config.h | 5 +++++ mkpasswd.c | 9 ++++++--- 2 files changed, 11 insertions(+), 3 deletions(-) (limited to 'config.h') diff --git a/config.h b/config.h index 2cd4636..df4fed6 100644 --- a/config.h +++ b/config.h @@ -94,6 +94,11 @@ # undef RANDOM_DEVICE #endif +/* or else getentropy(2) on Linux */ +#if defined __GLIBC__ && __GLIBC__ >= 2 && __GLIBC_MINOR__ >= 25 +# define HAVE_GETENTROPY +#endif + #ifdef ENABLE_NLS # ifndef NLS_CAT_NAME # define NLS_CAT_NAME "whois" diff --git a/mkpasswd.c b/mkpasswd.c index 620121b..32e719e 100644 --- a/mkpasswd.c +++ b/mkpasswd.c @@ -360,7 +360,7 @@ int main(int argc, char *argv[]) exit(0); } -#if defined RANDOM_DEVICE || defined HAVE_ARC4RANDOM_BUF +#if defined RANDOM_DEVICE || defined HAVE_ARC4RANDOM_BUF || defined HAVE_GETENTROPY void* get_random_bytes(const unsigned int count) { @@ -371,6 +371,9 @@ void* get_random_bytes(const unsigned int count) buf = NOFAIL(malloc(count)); #if defined HAVE_ARC4RANDOM_BUF arc4random_buf(buf, count); +#elif defined HAVE_GETENTROPY + if (getentropy(buf, count) < 0) + perror("getentropy"); #else fd = open(RANDOM_DEVICE, O_RDONLY); if (fd < 0) { @@ -405,7 +408,7 @@ void generate_salt(char *const buf, const unsigned int len) free(entropy); } -#else /* RANDOM_DEVICE || HAVE_ARC4RANDOM_BUF */ +#else /* RANDOM_DEVICE || HAVE_ARC4RANDOM_BUF || HAVE_GETENTROPY */ void generate_salt(char *const buf, const unsigned int len) { @@ -433,7 +436,7 @@ void generate_salt(char *const buf, const unsigned int len) buf[i] = '\0'; } -#endif /* RANDOM_DEVICE || HAVE_ARC4RANDOM_BUF */ +#endif /* RANDOM_DEVICE || HAVE_ARC4RANDOM_BUF || HAVE_GETENTROPY*/ void NORETURN display_help(int error) { -- cgit v1.2.3 From 4be183d651072d459295881d0ed09dba575d0687 Mon Sep 17 00:00:00 2001 From: Marco d'Itri Date: Wed, 20 Dec 2017 15:43:44 +0100 Subject: Remove the inet_pton(3)-based parser It has never worked and never will. --- config.h | 4 ---- whois.c | 37 ------------------------------------- 2 files changed, 41 deletions(-) (limited to 'config.h') diff --git a/config.h b/config.h index df4fed6..112d14c 100644 --- a/config.h +++ b/config.h @@ -60,10 +60,6 @@ /* FIXME: which systems lack this? */ #define HAVE_GETTIMEOFDAY -/* FIXME: disabled because it does not parse addresses with a netmask length. - * The code using it needs to be either fixed or removed. -#define HAVE_INET_PTON -*/ /* * Please send patches to correctly ignore old releases which lack a RNG diff --git a/whois.c b/whois.c index 365d618..8b91c7a 100644 --- a/whois.c +++ b/whois.c @@ -36,9 +36,6 @@ #elif defined HAVE_LIBIDN #include #endif -#ifdef HAVE_INET_PTON -#include -#endif /* Application-specific */ #include "version.h" @@ -541,12 +538,7 @@ char *guess_server(const char *s) return strdup(whereas32(as32)); /* smells like an IP? */ -#ifdef HAVE_INET_PTON - if (inet_pton(AF_INET, s, &ip) > 0) { - ip = ntohl(ip); -#else if ((ip = myinet_aton(s))) { -#endif for (i = 0; ip_assign[i].serv; i++) if ((ip & ip_assign[i].mask) == ip_assign[i].net) return strdup(ip_assign[i].serv); @@ -1260,18 +1252,6 @@ void split_server_port(const char *const input, char *convert_6to4(const char *s) { char *new; - -#ifdef HAVE_INET_PTON - struct in6_addr ipaddr; - unsigned char *ip; - - if (inet_pton(AF_INET6, s, &ipaddr) <= 0) - return strdup("0.0.0.0"); - - ip = (unsigned char *)&ipaddr; - new = malloc(sizeof("255.255.255.255")); - sprintf(new, "%d.%d.%d.%d", *(ip + 2), *(ip + 3), *(ip + 4), *(ip + 5)); -#else int items; unsigned int a, b; char c; @@ -1290,7 +1270,6 @@ char *convert_6to4(const char *s) new = malloc(sizeof("255.255.255.255")); sprintf(new, "%u.%u.%u.%u", a >> 8, a & 0xff, b >> 8, b & 0xff); -#endif return new; } @@ -1298,19 +1277,6 @@ char *convert_6to4(const char *s) char *convert_teredo(const char *s) { char *new; - -#ifdef HAVE_INET_PTON - struct in6_addr ipaddr; - unsigned char *ip; - - if (inet_pton(AF_INET6, s, &ipaddr) <= 0) - return strdup("0.0.0.0"); - - ip = (unsigned char *)&ipaddr; - new = malloc(sizeof("255.255.255.255")); - sprintf(new, "%d.%d.%d.%d", *(ip + 12) ^ 0xff, *(ip + 13) ^ 0xff, - *(ip + 14) ^ 0xff, *(ip + 15) ^ 0xff); -#else unsigned int a, b; if (sscanf(s, "2001:%*[^:]:%*[^:]:%*[^:]:%*[^:]:%*[^:]:%x:%x", &a, &b) != 2) @@ -1320,7 +1286,6 @@ char *convert_teredo(const char *s) b ^= 0xffff; new = malloc(sizeof("255.255.255.255")); sprintf(new, "%u.%u.%u.%u", a >> 8, a & 0xff, b >> 8, b & 0xff); -#endif return new; } @@ -1361,7 +1326,6 @@ char *convert_inaddr(const char *s) return new; } -#ifndef HAVE_INET_PTON unsigned long myinet_aton(const char *s) { unsigned long a, b, c, d; @@ -1377,7 +1341,6 @@ unsigned long myinet_aton(const char *s) return 0; return (a << 24) + (b << 16) + (c << 8) + d; } -#endif unsigned long asn32_to_long(const char *s) { -- cgit v1.2.3 From 8392fd349dfc25080fcd022a0bbd32e6590c85a8 Mon Sep 17 00:00:00 2001 From: Marco d'Itri Date: Sun, 9 Sep 2018 01:10:59 +0200 Subject: mkpasswd: use perror with crypt and crypt_gensalt Only some implementations of crypt(3) set errno on errors. --- config.h | 7 +++++++ mkpasswd.c | 13 ++++++++----- 2 files changed, 15 insertions(+), 5 deletions(-) (limited to 'config.h') diff --git a/config.h b/config.h index 112d14c..66f7e71 100644 --- a/config.h +++ b/config.h @@ -95,6 +95,13 @@ # define HAVE_GETENTROPY #endif +/* some versions of crypt(3) set errno on error */ +#if defined __GLIBC__ || (defined __SVR4 && defined __sun) || defined OpenBSD || AIX +# define CRYPT_SETS_ERRNO 1 +#else +# define CRYPT_SETS_ERRNO 0 +#endif + #ifdef ENABLE_NLS # ifndef NLS_CAT_NAME # define NLS_CAT_NAME "whois" diff --git a/mkpasswd.c b/mkpasswd.c index 0eb89f3..558624c 100644 --- a/mkpasswd.c +++ b/mkpasswd.c @@ -283,16 +283,16 @@ int main(int argc, char *argv[]) #ifdef HAVE_SOLARIS_CRYPT_GENSALT salt = crypt_gensalt(salt_prefix, NULL); if (!salt) { - perror("crypt_gensalt"); - exit(2); + perror("crypt_gensalt"); + exit(2); } #elif defined HAVE_LINUX_CRYPT_GENSALT void *entropy = get_random_bytes(64); salt = crypt_gensalt(salt_prefix, rounds, entropy, 64); if (!salt) { - fprintf(stderr, "crypt_gensalt failed.\n"); - exit(2); + perror("crypt_gensalt"); + exit(2); } free(entropy); #else @@ -342,7 +342,10 @@ int main(int argc, char *argv[]) result = crypt(password, salt); /* xcrypt returns "*0" on errors */ if (!result || result[0] == '*') { - fprintf(stderr, "crypt failed.\n"); + if (CRYPT_SETS_ERRNO) + perror("crypt"); + else + fprintf(stderr, "crypt failed.\n"); exit(2); } /* yes, using strlen(salt_prefix) on salt. It's not -- cgit v1.2.3 From 3197cb7db4d5ce13f1d011cfa6f9e42164d9b091 Mon Sep 17 00:00:00 2001 From: Marco d'Itri Date: Tue, 11 Sep 2018 01:21:52 +0200 Subject: mkpasswd: support letting crypt_gensalt decide the prefix If crypt_gensalt (as implemented by Solaris and modern versions of libxcrypt) is passed a NULL prefix then it will decide by itself which algorithm should be used by default. --- config.h | 1 + mkpasswd.c | 13 ++++++++++--- 2 files changed, 11 insertions(+), 3 deletions(-) (limited to 'config.h') diff --git a/config.h b/config.h index 66f7e71..be20c33 100644 --- a/config.h +++ b/config.h @@ -56,6 +56,7 @@ #if defined __SVR4 && defined __sun # define HAVE_SHA_CRYPT # define HAVE_SOLARIS_CRYPT_GENSALT +# define CRYPT_GENSALT_IMPLEMENTS_DEFAULT_PREFIX #endif /* FIXME: which systems lack this? */ diff --git a/mkpasswd.c b/mkpasswd.c index 3b3406c..26f28d4 100644 --- a/mkpasswd.c +++ b/mkpasswd.c @@ -83,6 +83,9 @@ struct crypt_method { static const struct crypt_method methods[] = { /* method prefix minlen, maxlen rounds description */ +#ifdef CRYPT_GENSALT_IMPLEMENTS_DEFAULT_PREFIX + { "auto", NULL, 0, 0, 0, NULL }, +#endif { "des", "", 2, 2, 0, N_("standard 56 bit DES-based crypt(3)") }, { "md5", "$1$", 8, 8, 0, "MD5" }, @@ -229,14 +232,17 @@ int main(int argc, char *argv[]) display_help(EXIT_FAILURE); } - /* default: DES password */ + /* default: DES password, or else whatever crypt_gensalt chooses */ if (!salt_prefix) { salt_minlen = methods[0].minlen; salt_maxlen = methods[0].maxlen; salt_prefix = methods[0].prefix; + rounds_support = methods[0].rounds; } - if (streq(salt_prefix, "$2a$") || streq(salt_prefix, "$2y$")) { + if (!salt_prefix) { + /* NULL means that crypt_gensalt will choose one later */ + } else if (streq(salt_prefix, "$2a$") || streq(salt_prefix, "$2b$")) { /* OpenBSD Blowfish and derivatives */ if (rounds <= 5) rounds = 5; @@ -492,7 +498,8 @@ void display_methods(void) printf(_("Available methods:\n")); for (i = 0; methods[i].method != NULL; i++) - printf("%s\t%s\n", methods[i].method, methods[i].desc); + if (methods[i].desc) + printf("%s\t%s\n", methods[i].method, methods[i].desc); } char *read_line(FILE *fp) { -- cgit v1.2.3 From c12ad950fa1087acabc4056829cce73d9b29c4d8 Mon Sep 17 00:00:00 2001 From: Marco d'Itri Date: Sun, 16 Sep 2018 03:57:31 +0200 Subject: config.h: fix the usage of __GLIBC__ vs. linux gettext is a feature of the libc, while /dev/random is a feature of Linux. --- config.h | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'config.h') diff --git a/config.h b/config.h index be20c33..be0aba4 100644 --- a/config.h +++ b/config.h @@ -17,7 +17,7 @@ # include #endif -#ifdef linux +#ifdef __GLIBC__ # define ENABLE_NLS #endif @@ -67,7 +67,7 @@ * and add more systems which have one. */ #ifdef RANDOM_DEVICE -#elif defined __GLIBC__ \ +#elif defined linux \ || defined __FreeBSD__ || defined __NetBSD__ || defined __OpenBSD__ \ /* AIX >= 5.2? */ \ || defined _AIX52 \ -- cgit v1.2.3 From ae31f61a34ed52740fd45f6c3f7821e51caab521 Mon Sep 17 00:00:00 2001 From: Marco d'Itri Date: Sun, 16 Sep 2018 04:34:58 +0200 Subject: mkpasswd: include crypt.h on Solaris --- Makefile | 4 ++-- config.h | 1 + mkpasswd.c | 2 +- 3 files changed, 4 insertions(+), 3 deletions(-) (limited to 'config.h') diff --git a/Makefile b/Makefile index bd12220..0cd8cfa 100644 --- a/Makefile +++ b/Makefile @@ -52,14 +52,14 @@ DEFS += -DHAVE_ICONV endif ifeq ($(shell $(PKG_CONFIG) --exists 'libxcrypt >= 4.1' || echo NO),) -DEFS += -DHAVE_LINUX_CRYPT_GENSALT $(shell $(PKG_CONFIG) --cflags libcrypt) +DEFS += -DHAVE_CRYPT_H -DHAVE_LINUX_CRYPT_GENSALT $(shell $(PKG_CONFIG) --cflags libcrypt) mkpasswd_LDADD += $(shell $(PKG_CONFIG) --libs libcrypt) else ifdef HAVE_XCRYPT DEFS += -DHAVE_XCRYPT_H -DHAVE_LINUX_CRYPT_GENSALT mkpasswd_LDADD += -lxcrypt else ifdef HAVE_LIBOWCRYPT # owl and openSUSE have crypt_gensalt(3) in libowcrypt -DEFS += -DHAVE_LINUX_CRYPT_GENSALT -D_OW_SOURCE +DEFS += -DHAVE_CRYPT_H -DHAVE_LINUX_CRYPT_GENSALT -D_OW_SOURCE mkpasswd_LDADD += -lcrypt -lowcrypt else mkpasswd_LDADD += -lcrypt diff --git a/config.h b/config.h index be0aba4..254f496 100644 --- a/config.h +++ b/config.h @@ -55,6 +55,7 @@ /* Unknown versions of Solaris */ #if defined __SVR4 && defined __sun # define HAVE_SHA_CRYPT +# define HAVE_CRYPT_H # define HAVE_SOLARIS_CRYPT_GENSALT # define CRYPT_GENSALT_IMPLEMENTS_DEFAULT_PREFIX #endif diff --git a/mkpasswd.c b/mkpasswd.c index 2d474ff..b7a313d 100644 --- a/mkpasswd.c +++ b/mkpasswd.c @@ -39,7 +39,7 @@ #include #include #endif -#ifdef HAVE_LINUX_CRYPT_GENSALT +#ifdef HAVE_CRYPT_H #include #endif #ifdef HAVE_GETTIMEOFDAY -- cgit v1.2.3 From 388d5757c42af3b3a125dc193f5aca92252558a1 Mon Sep 17 00:00:00 2001 From: Marco d'Itri Date: Sun, 14 Oct 2018 02:38:36 +0200 Subject: mkpasswd: enable bcrypt if supported by the OS --- config.h | 6 ++++++ 1 file changed, 6 insertions(+) (limited to 'config.h') diff --git a/config.h b/config.h index 254f496..16524e3 100644 --- a/config.h +++ b/config.h @@ -52,6 +52,12 @@ # endif #endif +#if defined OpenBSD && OpenBSD < 201405 +# define HAVE_BCRYPT_OBSOLETE +#elif defined OpenBSD || defined __FreeBSD__ || (defined __SVR4 && defined __sun) || defined _OW_SOURCE +# define HAVE_BCRYPT +#endif + /* Unknown versions of Solaris */ #if defined __SVR4 && defined __sun # define HAVE_SHA_CRYPT -- cgit v1.2.3 From 88a7462301b584232937d3210748c1bad6b7ffd2 Mon Sep 17 00:00:00 2001 From: Marco d'Itri Date: Sun, 14 Oct 2018 03:13:07 +0200 Subject: mkpasswd: support the other hash types in libxcrypt Among them scrypt and bcrypt. --- config.h | 5 +++++ mkpasswd.c | 19 +++++++++++++++++-- 2 files changed, 22 insertions(+), 2 deletions(-) (limited to 'config.h') diff --git a/config.h b/config.h index 16524e3..19224f8 100644 --- a/config.h +++ b/config.h @@ -40,6 +40,7 @@ #if defined __APPLE__ && defined __MACH__ # define HAVE_GETOPT_LONG # define HAVE_GETADDRINFO +# define HAVE_BSDICRYPT #endif #if defined __GLIBC__ @@ -58,6 +59,10 @@ # define HAVE_BCRYPT #endif +#if defined OpenBSD || defined __FreeBSD__ || defined __NetBSD__ +# define HAVE_BSDICRYPT +#endif + /* Unknown versions of Solaris */ #if defined __SVR4 && defined __sun # define HAVE_SHA_CRYPT diff --git a/mkpasswd.c b/mkpasswd.c index 78bef2d..b2a4b95 100644 --- a/mkpasswd.c +++ b/mkpasswd.c @@ -81,6 +81,13 @@ struct crypt_method { const char *desc; /* long description for the methods list */ }; +/* XCRYPT_VERSION_NUM is defined in crypt.h from libxcrypt */ +#if defined XCRYPT_VERSION_NUM +# define HAVE_SHA_CRYPT +# define HAVE_BCRYPT +# define HAVE_BSDICRYPT +#endif + static const struct crypt_method methods[] = { /* method prefix minlen, maxlen rounds description */ #ifdef CRYPT_GENSALT_IMPLEMENTS_DEFAULT_PREFIX @@ -89,6 +96,10 @@ static const struct crypt_method methods[] = { /* compatibility aliases for mkpasswd versions < 5.4.0 */ { "des", "", 2, 2, 0, NULL }, { "md5", "$1$", 8, 8, 0, NULL }, +#if defined XCRYPT_VERSION_NUM + { "yescrypt", "$y$", 0, 0, 0, "Yescrypt" }, + { "scrypt", "$7$", 0, 0, 0, "scrypt" }, +#endif #ifdef HAVE_BCRYPT_OBSOLETE /* http://marc.info/?l=openbsd-misc&m=139320023202696 */ { "bf", "$2a$", 22, 22, 2, "bcrypt" }, @@ -105,13 +116,17 @@ static const struct crypt_method methods[] = { { "sha-256", "$5$", 8, 16, 1, NULL }, { "sha-512", "$6$", 8, 16, 1, NULL }, #endif -#if defined __SVR4 && defined __sun +#if (defined __SVR4 && defined __sun) || defined XCRYPT_VERSION_NUM { "sunmd5", "$md5$", 8, 8, 1, "SunMD5" }, #endif { "md5crypt", "$1$", 8, 8, 0, "MD5" }, +#ifdef HAVE_BSDICRYPT + { "bsdicrypt", "_", 0, 0, 0, + N_("BSDI extended DES-based crypt(3)") }, +#endif { "descrypt", "", 2, 2, 0, N_("standard 56 bit DES-based crypt(3)") }, -#if defined FreeBSD +#if defined FreeBSD || defined XCRYPT_VERSION_NUM { "nt", "$3$", 0, 0, 0, "NT-Hash" }, #endif /* http://www.crypticide.com/dropsafe/article/1389 */ -- cgit v1.2.3 From f9d3786461da6572d56501e9dfd7e48d105d66e2 Mon Sep 17 00:00:00 2001 From: Marco d'Itri Date: Mon, 26 Aug 2019 04:06:54 +0200 Subject: config.h: stop undefining RANDOM_DEVICE HAVE_GETENTROPY or HAVE_ARC4RANDOM_BUF will be preferred anyway. --- config.h | 1 - 1 file changed, 1 deletion(-) (limited to 'config.h') diff --git a/config.h b/config.h index 19224f8..d26ffb5 100644 --- a/config.h +++ b/config.h @@ -100,7 +100,6 @@ (defined OpenBSD && OpenBSD >= 200805) || \ (defined __APPLE__ && defined __MACH__ && MAC_OS_X_VERSION_MIN_REQUIRED >= 1070) # define HAVE_ARC4RANDOM_BUF -# undef RANDOM_DEVICE #endif /* or else getentropy(2) on Linux */ -- cgit v1.2.3