Página Principal Explorar Ajuda
Iniciar Sessão
SoftwareDesign
/
csu3_am335x
8
0
Fork 0
Ficheiros Problemas 0 Pull Requests 0 Wiki
Ramo: master
Ramos Etiquetas
csu3_am335x
/
EVSE
/
GPL
/
linux-pam-1.5.2
/
modules
/
pam_unix
/
bigcrypt.c

bigcrypt.c 4.3 KB
Link permanente Histórico Em bruto

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163 
  1. /*
    2. 

  2.  * This function implements the "bigcrypt" algorithm specifically for
    3. 

  3.  * Linux-PAM.
    4. 

  4.  *
    5. 

  5.  * This algorithm is algorithm 0 (default) shipped with the C2 secure
    6. 

  6.  * implementation of Digital UNIX.
    7. 

  7.  *
    8. 

  8.  * Disclaimer: This work is not based on the source code to Digital
    9. 

  9.  * UNIX, nor am I connected to Digital Equipment Corp, in any way
    10. 

  10.  * other than as a customer. This code is based on published
    11. 

  11.  * interfaces and reasonable guesswork.
    12. 

  12.  *
    13. 

  13.  * Description: The cleartext is divided into blocks of SEGMENT_SIZE=8
    14. 

  14.  * characters or less. Each block is encrypted using the standard UNIX
    15. 

  15.  * libc crypt function. The result of the encryption for one block
    16. 

  16.  * provides the salt for the succeeding block.
    17. 

  17.  *
    18. 

  18.  * Restrictions: The buffer used to hold the encrypted result is
    19. 

  19.  * statically allocated. (see MAX_PASS_LEN below).  This is necessary,
    20. 

  20.  * as the returned pointer points to "static data that are overwritten
    21. 

  21.  * by each call", (XPG3: XSI System Interface + Headers pg 109), and
    22. 

  22.  * this is a drop in replacement for crypt();
    23. 

  23.  *
    24. 

  24.  * Andy Phillips <atp@mssl.ucl.ac.uk>
    25. 

  25.  */
    26. 

  26. 

  27. #include "config.h"
    28. 

  28. 

  29. #include <string.h>
    30. 

  30. #include <stdlib.h>
    31. 

  31. #include <security/_pam_macros.h>
    32. 

  32. #ifdef HAVE_CRYPT_H
    33. 

  33. #include <crypt.h>
    34. 

  34. #endif
    35. 

  35. 

  36. #include "bigcrypt.h"
    37. 

  37. 

  38. /*
    39. 

  39.  * Max cleartext password length in segments of 8 characters this
    40. 

  40.  * function can deal with (16 segments of 8 chars= max 128 character
    41. 

  41.  * password).
    42. 

  42.  */
    43. 

  43. 

  44. #define MAX_PASS_LEN       16
    45. 

  45. #define SEGMENT_SIZE       8
    46. 

  46. #define SALT_SIZE          2
    47. 

  47. #define KEYBUF_SIZE        ((MAX_PASS_LEN*SEGMENT_SIZE)+SALT_SIZE)
    48. 

  48. #define ESEGMENT_SIZE      11
    49. 

  49. #define CBUF_SIZE          ((MAX_PASS_LEN*ESEGMENT_SIZE)+SALT_SIZE+1)
    50. 

  50. 

  51. char *bigcrypt(const char *key, const char *salt)
    52. 

  52. {
    53. 

  53. 	char *dec_c2_cryptbuf;
    54. 

  54. #ifdef HAVE_CRYPT_R
    55. 

  55. 	struct crypt_data *cdata;
    56. 

  56. #endif
    57. 

  57. 	unsigned long int keylen, n_seg, j;
    58. 

  58. 	char *cipher_ptr, *plaintext_ptr, *tmp_ptr, *salt_ptr;
    59. 

  59. 	char keybuf[KEYBUF_SIZE + 1];
    60. 

  60. 

  61. 	D(("called with key='%s', salt='%s'.", key, salt));
    62. 

  62. 

  63. 	/* reset arrays */
    64. 

  64. 	dec_c2_cryptbuf = malloc(CBUF_SIZE);
    65. 

  65. 	if (!dec_c2_cryptbuf) {
    66. 

  66. 		return NULL;
    67. 

  67. 	}
    68. 

  68. #ifdef HAVE_CRYPT_R
    69. 

  69. 	cdata = malloc(sizeof(*cdata));
    70. 

  70. 	if(!cdata) {
    71. 

  71. 		free(dec_c2_cryptbuf);
    72. 

  72. 		return NULL;
    73. 

  73. 	}
    74. 

  74. 	cdata->initialized = 0;
    75. 

  75. #endif
    76. 

  76. 	memset(keybuf, 0, KEYBUF_SIZE + 1);
    77. 

  77. 	memset(dec_c2_cryptbuf, 0, CBUF_SIZE);
    78. 

  78. 

  79. 	/* fill KEYBUF_SIZE with key */
    80. 

  80. 	strncpy(keybuf, key, KEYBUF_SIZE);
    81. 

  81. 

  82. 	/* deal with case that we are doing a password check for a
    83. 

  83. 	   conventially encrypted password: the salt will be
    84. 

  84. 	   SALT_SIZE+ESEGMENT_SIZE long. */
    85. 

  85. 	if (strlen(salt) == (SALT_SIZE + ESEGMENT_SIZE))
    86. 

  86. 		keybuf[SEGMENT_SIZE] = '\0';	/* terminate password early(?) */
    87. 

  87. 

  88. 	keylen = strlen(keybuf);
    89. 

  89. 

  90. 	if (!keylen) {
    91. 

  91. 		n_seg = 1;
    92. 

  92. 	} else {
    93. 

  93. 		/* work out how many segments */
    94. 

  94. 		n_seg = 1 + ((keylen - 1) / SEGMENT_SIZE);
    95. 

  95. 	}
    96. 

  96. 

  97. 	if (n_seg > MAX_PASS_LEN)
    98. 

  98. 		n_seg = MAX_PASS_LEN;	/* truncate at max length */
    99. 

  99. 

  100. 	/* set up some pointers */
    101. 

  101. 	cipher_ptr = dec_c2_cryptbuf;
    102. 

  102. 	plaintext_ptr = keybuf;
    103. 

  103. 

  104. 	/* do the first block with supplied salt */
    105. 

  105. #ifdef HAVE_CRYPT_R
    106. 

  106. 	tmp_ptr = crypt_r(plaintext_ptr, salt, cdata);	/* libc crypt_r() */
    107. 

  107. #else
    108. 

  108. 	tmp_ptr = crypt(plaintext_ptr, salt);	/* libc crypt() */
    109. 

  109. #endif
    110. 

  110. 	if (tmp_ptr == NULL) {
    111. 

  111. 		free(dec_c2_cryptbuf);
    112. 

  112. #ifdef HAVE_CRYPT_R
    113. 

  113. 		free(cdata);
    114. 

  114. #endif
    115. 

  115. 		return NULL;
    116. 

  116. 	}
    117. 

  117. 	/* and place in the static area */
    118. 

  118. 	strncpy(cipher_ptr, tmp_ptr, 13);
    119. 

  119. 	cipher_ptr += ESEGMENT_SIZE + SALT_SIZE;
    120. 

  120. 	plaintext_ptr += SEGMENT_SIZE;	/* first block of SEGMENT_SIZE */
    121. 

  121. 

  122. 	/* change the salt (1st 2 chars of previous block) - this was found
    123. 

  123. 	   by dowsing */
    124. 

  124. 

  125. 	salt_ptr = cipher_ptr - ESEGMENT_SIZE;
    126. 

  126. 

  127. 	/* so far this is identical to "return crypt(key, salt);", if
    128. 

  128. 	   there is more than one block encrypt them... */
    129. 

  129. 

  130. 	if (n_seg > 1) {
    131. 

  131. 		for (j = 2; j <= n_seg; j++) {
    132. 

  132. 

  133. #ifdef HAVE_CRYPT_R
    134. 

  134. 			tmp_ptr = crypt_r(plaintext_ptr, salt_ptr, cdata);
    135. 

  135. #else
    136. 

  136. 			tmp_ptr = crypt(plaintext_ptr, salt_ptr);
    137. 

  137. #endif
    138. 

  138. 			if (tmp_ptr == NULL) {
    139. 

  139. 				_pam_overwrite(dec_c2_cryptbuf);
    140. 

  140. 				free(dec_c2_cryptbuf);
    141. 

  141. #ifdef HAVE_CRYPT_R
    142. 

  142. 				free(cdata);
    143. 

  143. #endif
    144. 

  144. 				return NULL;
    145. 

  145. 			}
    146. 

  146. 

  147. 			/* skip the salt for seg!=0 */
    148. 

  148. 			strncpy(cipher_ptr, (tmp_ptr + SALT_SIZE), ESEGMENT_SIZE);
    149. 

  149. 

  150. 			cipher_ptr += ESEGMENT_SIZE;
    151. 

  151. 			plaintext_ptr += SEGMENT_SIZE;
    152. 

  152. 			salt_ptr = cipher_ptr - ESEGMENT_SIZE;
    153. 

  153. 		}
    154. 

  154. 	}
    155. 

  155. 	D(("key=|%s|, salt=|%s|\nbuf=|%s|\n", key, salt, dec_c2_cryptbuf));
    156. 

  156. 

  157. #ifdef HAVE_CRYPT_R
    158. 

  158. 	free(cdata);
    159. 

  159. #endif
    160. 

  160. 

  161. 	/* this is the <NUL> terminated encrypted password */
    162. 

  162. 	return dec_c2_cryptbuf;
    163. 

  163. }
    164.