1 /* Licensed to the Apache Software Foundation (ASF) under one or more
2 * contributor license agreements. See the NOTICE file distributed with
3 * this work for additional information regarding copyright ownership.
4 * The ASF licenses this file to You under the Apache License, Version 2.0
5 * (the "License"); you may not use this file except in compliance with
6 * the License. You may obtain a copy of the License at
8 * http://www.apache.org/licenses/LICENSE-2.0
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
17 #include "passwd_common.h"
18 #include "apr_strings.h"
19 #include "apr_errno.h"
53 int abort_on_oom(int rc)
55 const char *buf = "Error: out of memory\n";
56 int written, count = strlen(buf);
58 written = write(STDERR_FILENO, buf, count);
65 } while (written >= 0 || errno == EINTR);
71 static int generate_salt(char *s, size_t size, const char **errstr,
74 unsigned char rnd[32];
75 static const char itoa64[] =
76 "./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz";
78 unsigned int val = 0, bits = 0;
82 if (n > sizeof(rnd)) {
83 apr_file_printf(errfile, "generate_salt(): BUG: Buffer too small");
86 rv = apr_generate_random_bytes(rnd, n);
88 *errstr = apr_psprintf(pool, "Unable to generate random bytes: %pm",
95 val |= (rnd[n++] << bits);
98 *s++ = itoa64[val & 0x3f];
107 void putline(apr_file_t *f, const char *l)
112 rv = apr_file_puts(l, f);
113 if (rv != APR_SUCCESS) {
114 apr_file_printf(errfile, "Error writing temp file: %pm", &rv);
120 int get_password(struct passwd_ctx *ctx)
122 char buf[MAX_STRING_LEN + 1];
123 if (ctx->passwd_src == PW_STDIN) {
124 apr_file_t *file_stdin;
126 if (apr_file_open_stdin(&file_stdin, ctx->pool) != APR_SUCCESS) {
127 ctx->errstr = "Unable to read from stdin.";
130 if (apr_file_read_full(file_stdin, buf, sizeof(buf) - 1,
132 || nread == sizeof(buf) - 1) {
136 if (nread >= 1 && buf[nread-1] == '\n') {
138 if (nread >= 2 && buf[nread-2] == '\r')
141 apr_file_close(file_stdin);
142 ctx->passwd = apr_pstrdup(ctx->pool, buf);
144 else if (ctx->passwd_src == PW_PROMPT_VERIFY) {
145 apr_size_t bufsize = sizeof(buf);
146 if (apr_password_get("Enter password: ", buf, &bufsize) != 0)
148 ctx->passwd = apr_pstrdup(ctx->pool, buf);
151 apr_size_t bufsize = sizeof(buf);
152 if (apr_password_get("New password: ", buf, &bufsize) != 0)
154 ctx->passwd = apr_pstrdup(ctx->pool, buf);
155 bufsize = sizeof(buf);
157 apr_password_get("Re-type new password: ", buf, &bufsize);
158 if (strcmp(ctx->passwd, buf) != 0) {
159 ctx->errstr = "password verification error";
160 memset(ctx->passwd, '\0', strlen(ctx->passwd));
161 memset(buf, '\0', sizeof(buf));
162 return ERR_PWMISMATCH;
165 memset(buf, '\0', sizeof(buf));
169 ctx->errstr = apr_psprintf(ctx->pool,
170 "password too long (>%" APR_SIZE_T_FMT ")",
176 * Make a password record from the given information. A zero return
177 * indicates success; on failure, ctx->errstr points to the error message.
179 int mkhash(struct passwd_ctx *ctx)
185 #if CRYPT_ALGO_SUPPORTED
189 if (ctx->cost != 0 && ctx->alg != ALG_BCRYPT) {
190 apr_file_printf(errfile,
191 "Warning: Ignoring -C argument for this algorithm." NL);
194 if (ctx->passwd == NULL) {
195 if ((ret = get_password(ctx)) != 0)
202 /* XXX out >= 28 + strlen(sha1) chars - fixed len SHA */
203 apr_sha1_base64(pw, strlen(pw), ctx->out);
207 ret = generate_salt(salt, 8, &ctx->errstr, ctx->pool);
210 rv = apr_md5_encode(pw, salt, ctx->out, ctx->out_len);
211 if (rv != APR_SUCCESS) {
212 ctx->errstr = apr_psprintf(ctx->pool,
213 "could not encode password: %pm", &rv);
219 /* XXX this len limitation is not in sync with any HTTPd len. */
220 apr_cpystrn(ctx->out, pw, ctx->out_len);
223 #if CRYPT_ALGO_SUPPORTED
225 ret = generate_salt(salt, 8, &ctx->errstr, ctx->pool);
228 cbuf = crypt(pw, salt);
230 rv = APR_FROM_OS_ERROR(errno);
231 ctx->errstr = apr_psprintf(ctx->pool, "crypt() failed: %pm", &rv);
232 ret = ERR_PWMISMATCH;
236 apr_cpystrn(ctx->out, cbuf, ctx->out_len - 1);
237 if (strlen(pw) > 8) {
238 char *truncpw = apr_pstrdup(ctx->pool, pw);
240 if (!strcmp(ctx->out, crypt(truncpw, salt))) {
241 apr_file_printf(errfile, "Warning: Password truncated to 8 "
242 "characters by CRYPT algorithm." NL);
244 memset(truncpw, '\0', strlen(pw));
247 #endif /* CRYPT_ALGO_SUPPORTED */
249 #if BCRYPT_ALGO_SUPPORTED
251 rv = apr_generate_random_bytes((unsigned char*)salt, 16);
252 if (rv != APR_SUCCESS) {
253 ctx->errstr = apr_psprintf(ctx->pool, "Unable to generate random "
260 ctx->cost = BCRYPT_DEFAULT_COST;
261 rv = apr_bcrypt_encode(pw, ctx->cost, (unsigned char*)salt, 16,
262 ctx->out, ctx->out_len);
263 if (rv != APR_SUCCESS) {
264 ctx->errstr = apr_psprintf(ctx->pool, "Unable to encode with "
266 ret = ERR_PWMISMATCH;
270 #endif /* BCRYPT_ALGO_SUPPORTED */
273 apr_file_printf(errfile, "mkhash(): BUG: invalid algorithm %d",
277 memset(pw, '\0', strlen(pw));
281 int parse_common_options(struct passwd_ctx *ctx, char opt,
286 ctx->passwd_src = PW_ARG;
289 ctx->passwd_src = PW_STDIN;
292 ctx->alg = ALG_APMD5;
295 ctx->alg = ALG_APSHA;
298 ctx->alg = ALG_PLAIN;
299 #if !PLAIN_ALGO_SUPPORTED
300 /* Backward compatible behavior: Just print a warning */
301 apr_file_printf(errfile,
302 "Warning: storing passwords as plain text might just "
303 "not work on this platform." NL);
307 #if CRYPT_ALGO_SUPPORTED
308 ctx->alg = ALG_CRYPT;
310 /* Backward compatible behavior: Use MD5. OK since MD5 is more secure */
311 apr_file_printf(errfile,
312 "Warning: CRYPT algorithm not supported on this "
314 "Automatically using MD5 format." NL);
315 ctx->alg = ALG_APMD5;
319 #if BCRYPT_ALGO_SUPPORTED
320 ctx->alg = ALG_BCRYPT;
322 /* Don't fall back to something less secure */
323 ctx->errstr = "BCRYPT algorithm not supported on this platform";
324 return ERR_ALG_NOT_SUPP;
329 long num = strtol(opt_arg, &endptr, 10);
330 if (*endptr != '\0' || num <= 0) {
331 ctx->errstr = "argument to -C must be a positive integer";
338 apr_file_printf(errfile,
339 "parse_common_options(): BUG: invalid option %c",