upstream/illumos/illumos-gate: usr/src/lib/libc/port/gen/crypt.c@4afa820d78b9 (annotated)

0 68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1	/*
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2	* CDDL HEADER START
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	3	*
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	4	* The contents of this file are subject to the terms of the
1914 8a8c5f225b1b 4916205 libcmd should not use file operation routines from C library casper parents: 0 diff changeset	5	* Common Development and Distribution License (the "License").
8a8c5f225b1b 4916205 libcmd should not use file operation routines from C library casper parents: 0 diff changeset	6	* You may not use this file except in compliance with the License.
0 68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	7	*
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	8	* You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	9	* or http://www.opensolaris.org/os/licensing.
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	10	* See the License for the specific language governing permissions
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	11	* and limitations under the License.
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	12	*
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	13	* When distributing Covered Code, include this CDDL HEADER in each
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	14	* file and include the License file at usr/src/OPENSOLARIS.LICENSE.
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	15	* If applicable, add the following below this CDDL HEADER, with the
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	16	* fields enclosed by brackets "[]" replaced with your own identifying
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	17	* information: Portions Copyright [yyyy] [name of copyright owner]
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	18	*
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	19	* CDDL HEADER END
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	20	*/
3864 2ae506652d11 PSARC 2007/129 thr_keycreate_once raf parents: 1914 diff changeset	21
0 68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	22	/*
11411 c2fe1bf96826 6894056 libc is not clean Surya Prakki <Surya.Prakki@Sun.COM> parents: 6812 diff changeset	23	* Copyright 2009 Sun Microsystems, Inc. All rights reserved.
0 68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	24	* Use is subject to license terms.
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	25	*/
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	26
6812 febeba71273d PSARC 2008/309 expunge synonyms.h raf parents: 3864 diff changeset	27	#pragma weak _crypt = crypt
febeba71273d PSARC 2008/309 expunge synonyms.h raf parents: 3864 diff changeset	28	#pragma weak _encrypt = encrypt
febeba71273d PSARC 2008/309 expunge synonyms.h raf parents: 3864 diff changeset	29	#pragma weak _setkey = setkey
0 68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	30
6812 febeba71273d PSARC 2008/309 expunge synonyms.h raf parents: 3864 diff changeset	31	#include "lint.h"
0 68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	32	#include "mtlib.h"
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	33	#include <synch.h>
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	34	#include <thread.h>
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	35	#include <ctype.h>
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	36	#include <dlfcn.h>
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	37	#include <errno.h>
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	38	#include <stdio.h>
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	39	#include <strings.h>
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	40	#include <stdlib.h>
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	41	#include <sys/time.h>
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	42	#include <limits.h>
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	43	#include <sys/types.h>
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	44	#include <sys/stat.h>
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	45	#include <fcntl.h>
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	46	#include <syslog.h>
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	47	#include <unistd.h>
3864 2ae506652d11 PSARC 2007/129 thr_keycreate_once raf parents: 1914 diff changeset	48	#include <atomic.h>
0 68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	49
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	50	#include <crypt.h>
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	51	#include <libc.h>
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	52	#include "tsd.h"
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	53
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	54	#define CRYPT_ALGORITHMS_ALLOW "CRYPT_ALGORITHMS_ALLOW"
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	55	#define CRYPT_ALGORITHMS_DEPRECATE "CRYPT_ALGORITHMS_DEPRECATE"
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	56	#define CRYPT_DEFAULT "CRYPT_DEFAULT"
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	57	#define CRYPT_UNIX "__unix__"
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	58
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	59	#define CRYPT_CONFFILE "/etc/security/crypt.conf"
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	60	#define POLICY_CONF_FILE "/etc/security/policy.conf"
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	61
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	62	#define CRYPT_CONFLINELENGTH 1024
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	63
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	64	#define CRYPT_MODULE_ISA "/$ISA/"
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	65	#ifdef _LP64
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	66	#define CRYPT_MODULE_DIR "/usr/lib/security/64/"
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	67	#define CRYPT_ISA_DIR "/64/"
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	68	#else /* !_LP64 */
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	69	#define CRYPT_MODULE_DIR "/usr/lib/security/"
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	70	#define CRYPT_ISA_DIR "/"
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	71	#endif /* _LP64 */
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	72
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	73	/*
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	74	* MAX_ALGNAME_LEN:
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	75	*
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	76	* In practical terms this is probably never any bigger than about 10, but...
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	77	*
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	78	* It has to fix the encrypted password filed of struct spwd it is
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	79	* theoretically the maximum length of the cipher minus the magic $ sign.
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	80	* Though that would be unexpected.
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	81	* Since it also has to fit in crypt.conf it is CRYPT_CONFLINELENGTH
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	82	* minus the path to the module and the minimum white space.
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	83	*
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	84	* CRYPT_MAXCIPHERTEXTLEN is defined in crypt.h and is smaller than
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	85	* CRYPT_CONFLINELENGTH, and probably always will be.
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	86	*/
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	87	#define MAX_ALGNAME_LEN (CRYPT_MAXCIPHERTEXTLEN - 1)
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	88
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	89	struct crypt_alg_s {
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	90	void *a_libhandle;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	91	char (a_genhash)(char , const size_t, const char ,
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	92	const char , const char *);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	93	char (a_gensalt)(char *, const size_t,
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	94	const char , const struct passwd , const char **);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	95	char **a_params;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	96	int a_nparams;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	97	};
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	98
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	99	struct crypt_policy_s {
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	100	char *cp_default;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	101	char *cp_allow;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	102	char *cp_deny;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	103	};
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	104
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	105	enum crypt_policy_error_e {
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	106	CPE_BOTH = 1,
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	107	CPE_MULTI
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	108	};
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	109
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	110	static struct crypt_policy_s *getcryptpolicy(void);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	111	static void free_crypt_policy(struct crypt_policy_s *policy);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	112	static struct crypt_alg_s getalgbyname(const char algname, boolean_t *found);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	113	static void free_crypt_alg(struct crypt_alg_s *alg);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	114	static char getalgfromsalt(const char salt);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	115	static boolean_t alg_valid(const char *algname,
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	116	const struct crypt_policy_s *policy);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	117	static char isa_path(const char path);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	118
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	119	static char _unix_crypt(const char pw, const char salt, char iobuf);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	120	static char _unix_crypt_gensalt(char gsbuffer, size_t gsbufflen,
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	121	const char oldpuresalt, const struct passwd userinfo,
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	122	const char *params[]);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	123
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	124
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	125	/*
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	126	* crypt - string encoding function
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	127	*
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	128	* This function encodes strings in a suitable for for secure storage
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	129	* as passwords. It generates the password hash given the plaintext and salt.
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	130	*
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	131	* If the first character of salt is "$" then we use crypt.conf(4) to
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	132	* determine which plugin to use and run the crypt_genhash_impl(3c) function
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	133	* from it.
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	134	* Otherwise we use the old unix algorithm.
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	135	*
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	136	* RETURN VALUES
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	137	* On Success we return a pointer to the encoded string. The
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	138	* return value points to thread specific static data and should NOT
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	139	* be passed free(3c).
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	140	* On failure we return NULL and set errno to one of:
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	141	* EINVAL, ELIBACC, ENOMEM, ENOSYS.
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	142	*/
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	143	char *
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	144	crypt(const char plaintext, const char salt)
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	145	{
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	146	struct crypt_alg_s *alg;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	147	char *ctbuffer;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	148	char *ciphertext;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	149	char *algname;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	150	boolean_t found;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	151
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	152	ctbuffer = tsdalloc(_T_CRYPT, CRYPT_MAXCIPHERTEXTLEN, NULL);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	153	if (ctbuffer == NULL)
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	154	return (NULL);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	155	bzero(ctbuffer, CRYPT_MAXCIPHERTEXTLEN);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	156
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	157	/*
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	158	* '$' is never a possible salt char with the traditional unix
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	159	* algorithm. If the salt passed in is NULL or the first char
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	160	* of the salt isn't a $ then do the traditional thing.
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	161	* We also do the traditional thing if the salt is only 1 char.
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	162	*/
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	163	if (salt == NULL \|\| salt[0] != '$' \|\| strlen(salt) == 1) {
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	164	return (_unix_crypt(plaintext, salt, ctbuffer));
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	165	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	166
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	167	/*
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	168	* Find the algorithm name from the salt and look it up in
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	169	* crypt.conf(4) to find out what shared object to use.
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	170	* If we can't find it in crypt.conf then getalgbyname would
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	171	* have returned with found = B_FALSE so we use the unix algorithm.
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	172	* If alg is NULL but found = B_TRUE then there is a problem with
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	173	* the plugin so we fail leaving errno set to what getalgbyname()
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	174	* set it to or EINVAL it if wasn't set.
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	175	*/
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	176	if ((algname = getalgfromsalt(salt)) == NULL) {
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	177	return (NULL);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	178	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	179
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	180	errno = 0;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	181	alg = getalgbyname(algname, &found);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	182	if ((alg == NULL) \|\| !found) {
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	183	if (errno == 0)
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	184	errno = EINVAL;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	185	ciphertext = NULL;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	186	goto cleanup;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	187	} else if (!found) {
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	188	ciphertext = _unix_crypt(plaintext, salt, ctbuffer);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	189	} else {
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	190	ciphertext = alg->a_genhash(ctbuffer, CRYPT_MAXCIPHERTEXTLEN,
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	191	plaintext, salt, (const char **)alg->a_params);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	192	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	193
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	194	cleanup:
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	195	free_crypt_alg(alg);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	196	if (algname != NULL)
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	197	free(algname);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	198
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	199	return (ciphertext);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	200	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	201
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	202	/*
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	203	* crypt_gensalt - generate salt string for string encoding
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	204	*
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	205	* This function generates the salt string pased to crypt(3c).
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	206	* If oldsalt is NULL, the use the default algorithm.
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	207	* Other wise check the policy in policy.conf to ensure that it is
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	208	* either still allowed or not deprecated.
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	209	*
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	210	* RETURN VALUES
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	211	* Return a pointer to the new salt, the caller is responsible
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	212	* for using free(3c) on the return value.
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	213	* Returns NULL on error and sets errno to one of:
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	214	* EINVAL, ELIBACC, ENOMEM
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	215	*/
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	216	char *
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	217	crypt_gensalt(const char oldsalt, const struct passwd userinfo)
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	218	{
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	219	struct crypt_alg_s *alg = NULL;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	220	struct crypt_policy_s *policy = NULL;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	221	char *newsalt = NULL;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	222	char *gsbuffer;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	223	char *algname = NULL;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	224	boolean_t found;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	225
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	226	gsbuffer = calloc(CRYPT_MAXCIPHERTEXTLEN, sizeof (char *));
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	227	if (gsbuffer == NULL) {
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	228	errno = ENOMEM;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	229	goto cleanup;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	230	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	231
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	232	policy = getcryptpolicy();
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	233	if (policy == NULL) {
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	234	errno = EINVAL;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	235	goto cleanup;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	236	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	237
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	238	algname = getalgfromsalt(oldsalt);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	239	if (!alg_valid(algname, policy)) {
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	240	free(algname);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	241	algname = strdup(policy->cp_default);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	242	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	243
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	244	if (strcmp(algname, CRYPT_UNIX) == 0) {
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	245	newsalt = _unix_crypt_gensalt(gsbuffer, CRYPT_MAXCIPHERTEXTLEN,
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	246	oldsalt, userinfo, NULL);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	247	} else {
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	248	errno = 0;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	249	alg = getalgbyname(algname, &found);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	250	if (alg == NULL \|\| !found) {
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	251	if (errno == 0)
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	252	errno = EINVAL;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	253	goto cleanup;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	254	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	255	newsalt = alg->a_gensalt(gsbuffer, CRYPT_MAXCIPHERTEXTLEN,
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	256	oldsalt, userinfo, (const char **)alg->a_params);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	257	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	258
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	259	cleanup:
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	260	free_crypt_policy(policy);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	261	free_crypt_alg(alg);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	262	if (newsalt == NULL && gsbuffer != NULL)
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	263	free(gsbuffer);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	264	if (algname != NULL)
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	265	free(algname);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	266
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	267	return (newsalt);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	268	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	269
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	270	/*
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	271	* ===========================================================================
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	272	* The remainder of this file contains internal interfaces for
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	273	* the implementation of crypt(3c) and crypt_gensalt(3c)
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	274	* ===========================================================================
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	275	*/
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	276
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	277
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	278	/*
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	279	* getalgfromsalt - extract the algorithm name from the salt string
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	280	*/
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	281	static char *
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	282	getalgfromsalt(const char *salt)
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	283	{
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	284	char algname[CRYPT_MAXCIPHERTEXTLEN];
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	285	int i;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	286	int j;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	287
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	288	if (salt == NULL \|\| strlen(salt) > CRYPT_MAXCIPHERTEXTLEN)
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	289	return (NULL);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	290	/*
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	291	* Salts are in this format:
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	292	* $<algname>[,var=val,[var=val ...][$puresalt]$<ciphertext>
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	293	*
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	294	* The only bit we need to worry about here is extracting the
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	295	* name which is the string between the first "$" and the first
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	296	* of "," or second "$".
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	297	*/
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	298	if (salt[0] != '$') {
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	299	return (strdup(CRYPT_UNIX));
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	300	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	301
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	302	i = 1;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	303	j = 0;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	304	while (salt[i] != '\0' && salt[i] != '$' && salt[i] != ',') {
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	305	algname[j] = salt[i];
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	306	i++;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	307	j++;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	308	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	309	if (j == 0)
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	310	return (NULL);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	311
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	312	algname[j] = '\0';
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	313
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	314	return (strdup(algname));
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	315	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	316
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	317
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	318	/*
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	319	* log_invalid_policy - syslog helper
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	320	*/
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	321	static void
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	322	log_invalid_policy(enum crypt_policy_error_e error, char *value)
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	323	{
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	324	switch (error) {
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	325	case CPE_BOTH:
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	326	syslog(LOG_AUTH \| LOG_ERR,
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	327	"crypt(3c): %s contains both %s and %s; only one may be "
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	328	"specified, using first entry in file.", POLICY_CONF_FILE,
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	329	CRYPT_ALGORITHMS_ALLOW, CRYPT_ALGORITHMS_DEPRECATE);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	330	break;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	331	case CPE_MULTI:
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	332	syslog(LOG_AUTH \| LOG_ERR,
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	333	"crypt(3c): %s contains multiple %s entries;"
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	334	"using first entry file.", POLICY_CONF_FILE, value);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	335	break;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	336	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	337	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	338
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	339	static char *
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	340	getval(const char *ival)
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	341	{
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	342	char *tmp;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	343	char *oval;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	344	int off;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	345
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	346	if (ival == NULL)
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	347	return (NULL);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	348
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	349	if ((tmp = strchr(ival, '=')) == NULL)
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	350	return (NULL);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	351
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	352	oval = strdup(tmp + 1); /* everything after the "=" */
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	353	if (oval == NULL)
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	354	return (NULL);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	355	off = strlen(oval) - 1;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	356	if (off < 0) {
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	357	free(oval);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	358	return (NULL);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	359	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	360	if (oval[off] == '\n')
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	361	oval[off] = '\0';
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	362
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	363	return (oval);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	364	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	365
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	366	/*
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	367	* getcryptpolicy - read /etc/security/policy.conf into a crypt_policy_s
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	368	*/
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	369	static struct crypt_policy_s *
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	370	getcryptpolicy(void)
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	371	{
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	372	FILE *pconf;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	373	char line[BUFSIZ];
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	374	struct crypt_policy_s *policy;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	375
1914 8a8c5f225b1b 4916205 libcmd should not use file operation routines from C library casper parents: 0 diff changeset	376	if ((pconf = fopen(POLICY_CONF_FILE, "rF")) == NULL) {
0 68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	377	return (NULL);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	378	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	379
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	380	policy = malloc(sizeof (struct crypt_policy_s));
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	381	if (policy == NULL) {
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	382	return (NULL);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	383	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	384	policy->cp_default = NULL;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	385	policy->cp_allow = NULL;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	386	policy->cp_deny = NULL;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	387
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	388	while (!feof(pconf) &&
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	389	(fgets(line, sizeof (line), pconf) != NULL)) {
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	390	if (strncasecmp(CRYPT_DEFAULT, line,
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	391	strlen(CRYPT_DEFAULT)) == 0) {
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	392	if (policy->cp_default != NULL) {
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	393	log_invalid_policy(CPE_MULTI, CRYPT_DEFAULT);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	394	} else {
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	395	policy->cp_default = getval(line);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	396	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	397	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	398	if (strncasecmp(CRYPT_ALGORITHMS_ALLOW, line,
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	399	strlen(CRYPT_ALGORITHMS_ALLOW)) == 0) {
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	400	if (policy->cp_deny != NULL) {
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	401	log_invalid_policy(CPE_BOTH, NULL);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	402	} else if (policy->cp_allow != NULL) {
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	403	log_invalid_policy(CPE_MULTI,
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	404	CRYPT_ALGORITHMS_ALLOW);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	405	} else {
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	406	policy->cp_allow = getval(line);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	407	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	408	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	409	if (strncasecmp(CRYPT_ALGORITHMS_DEPRECATE, line,
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	410	strlen(CRYPT_ALGORITHMS_DEPRECATE)) == 0) {
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	411	if (policy->cp_allow != NULL) {
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	412	log_invalid_policy(CPE_BOTH, NULL);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	413	} else if (policy->cp_deny != NULL) {
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	414	log_invalid_policy(CPE_MULTI,
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	415	CRYPT_ALGORITHMS_DEPRECATE);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	416	} else {
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	417	policy->cp_deny = getval(line);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	418	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	419	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	420	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	421	(void) fclose(pconf);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	422
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	423	if (policy->cp_default == NULL) {
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	424	policy->cp_default = strdup(CRYPT_UNIX);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	425	if (policy->cp_default == NULL)
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	426	free_crypt_policy(policy);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	427	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	428
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	429	return (policy);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	430	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	431
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	432
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	433	/*
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	434	* alg_valid - is this algorithm valid given the policy ?
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	435	*/
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	436	static boolean_t
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	437	alg_valid(const char algname, const struct crypt_policy_s policy)
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	438	{
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	439	char *lasts;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	440	char *list;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	441	char *entry;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	442	boolean_t allowed = B_FALSE;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	443
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	444	if ((algname == NULL) \|\| (policy == NULL)) {
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	445	return (B_FALSE);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	446	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	447
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	448	if (strcmp(algname, policy->cp_default) == 0) {
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	449	return (B_TRUE);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	450	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	451
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	452	if (policy->cp_deny != NULL) {
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	453	list = policy->cp_deny;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	454	allowed = B_FALSE;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	455	} else if (policy->cp_allow != NULL) {
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	456	list = policy->cp_allow;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	457	allowed = B_TRUE;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	458	} else {
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	459	/*
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	460	* Neither of allow or deny policies are set so anything goes.
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	461	*/
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	462	return (B_TRUE);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	463	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	464	lasts = list;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	465	while ((entry = strtok_r(NULL, ",", &lasts)) != NULL) {
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	466	if (strcmp(entry, algname) == 0) {
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	467	return (allowed);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	468	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	469	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	470
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	471	return (!allowed);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	472	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	473
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	474	/*
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	475	* getalgbyname - read crypt.conf(4) looking for algname
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	476	*
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	477	* RETURN VALUES
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	478	* On error NULL and errno is set
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	479	* On success the alg details including an open handle to the lib
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	480	* If crypt.conf(4) is okay but algname doesn't exist in it then
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	481	* return NULL the caller should then use the default algorithm
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	482	* as per the policy.
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	483	*/
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	484	static struct crypt_alg_s *
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	485	getalgbyname(const char algname, boolean_t found)
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	486	{
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	487	struct stat stb;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	488	int configfd;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	489	FILE *fconf = NULL;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	490	struct crypt_alg_s *alg = NULL;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	491	char line[CRYPT_CONFLINELENGTH];
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	492	int linelen = 0;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	493	int lineno = 0;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	494	char *pathname = NULL;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	495	char *lasts = NULL;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	496	char *token = NULL;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	497
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	498	*found = B_FALSE;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	499	if ((algname == NULL) \|\| (strcmp(algname, CRYPT_UNIX) == 0)) {
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	500	return (NULL);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	501	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	502
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	503	if ((configfd = open(CRYPT_CONFFILE, O_RDONLY)) == -1) {
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	504	syslog(LOG_ALERT, "crypt: open(%s) failed: %s",
6812 febeba71273d PSARC 2008/309 expunge synonyms.h raf parents: 3864 diff changeset	505	CRYPT_CONFFILE, strerror(errno));
0 68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	506	return (NULL);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	507	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	508
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	509	/*
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	510	* Stat the file so we can check modes and ownerships
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	511	*/
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	512	if (fstat(configfd, &stb) < 0) {
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	513	syslog(LOG_ALERT, "crypt: stat(%s) failed: %s",
6812 febeba71273d PSARC 2008/309 expunge synonyms.h raf parents: 3864 diff changeset	514	CRYPT_CONFFILE, strerror(errno));
0 68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	515	goto cleanup;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	516	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	517
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	518	/*
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	519	* Check the ownership of the file
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	520	*/
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	521	if (stb.st_uid != (uid_t)0) {
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	522	syslog(LOG_ALERT,
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	523	"crypt: Owner of %s is not root", CRYPT_CONFFILE);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	524	goto cleanup;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	525	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	526
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	527	/*
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	528	* Check the modes on the file
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	529	*/
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	530	if (stb.st_mode & S_IWGRP) {
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	531	syslog(LOG_ALERT,
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	532	"crypt: %s writable by group", CRYPT_CONFFILE);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	533	goto cleanup;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	534	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	535	if (stb.st_mode & S_IWOTH) {
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	536	syslog(LOG_ALERT,
6812 febeba71273d PSARC 2008/309 expunge synonyms.h raf parents: 3864 diff changeset	537	"crypt: %s writable by world", CRYPT_CONFFILE);
0 68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	538	goto cleanup;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	539	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	540
1914 8a8c5f225b1b 4916205 libcmd should not use file operation routines from C library casper parents: 0 diff changeset	541	if ((fconf = fdopen(configfd, "rF")) == NULL) {
0 68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	542	syslog(LOG_ALERT, "crypt: fdopen(%d) failed: %s",
6812 febeba71273d PSARC 2008/309 expunge synonyms.h raf parents: 3864 diff changeset	543	configfd, strerror(errno));
0 68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	544	goto cleanup;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	545	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	546
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	547	/*
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	548	* /etc/security/crypt.conf has 3 fields:
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	549	* <algname> <pathname> [<name[=val]>[<name[=val]>]]
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	550	*/
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	551	errno = 0;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	552	while (!(*found) &&
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	553	((fgets(line, sizeof (line), fconf) != NULL) && !feof(fconf))) {
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	554	lineno++;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	555	/*
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	556	* Skip over comments
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	557	*/
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	558	if ((line[0] == '#') \|\| (line[0] == '\n')) {
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	559	continue;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	560	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	561
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	562	linelen = strlen(line);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	563	line[--linelen] = '\0'; /* chop the trailing \n */
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	564
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	565	token = strtok_r(line, " \t", &lasts);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	566	if (token == NULL) {
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	567	continue;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	568	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	569	if (strcmp(token, algname) == 0) {
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	570	*found = B_TRUE;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	571	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	572	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	573	if (!found) {
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	574	errno = EINVAL;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	575	goto cleanup;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	576	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	577
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	578	token = strtok_r(NULL, " \t", &lasts);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	579	if (token == NULL) {
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	580	/*
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	581	* Broken config file
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	582	*/
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	583	syslog(LOG_ALERT, "crypt(3c): %s may be corrupt at line %d",
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	584	CRYPT_CONFFILE, lineno);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	585	*found = B_FALSE;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	586	errno = EINVAL;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	587	goto cleanup;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	588	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	589
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	590	if ((pathname = isa_path(token)) == NULL) {
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	591	if (errno != ENOMEM)
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	592	errno = EINVAL;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	593	*found = B_FALSE;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	594	goto cleanup;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	595	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	596
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	597	if ((alg = malloc(sizeof (struct crypt_alg_s))) == NULL) {
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	598	*found = B_FALSE;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	599	goto cleanup;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	600	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	601	alg->a_libhandle = NULL;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	602	alg->a_genhash = NULL;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	603	alg->a_gensalt = NULL;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	604	alg->a_params = NULL;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	605	alg->a_nparams = 0;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	606
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	607	/*
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	608	* The rest of the line is module specific params, space
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	609	* seprated. We wait until after we have checked the module is
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	610	* valid before parsing them into a_params, this saves us
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	611	* having to free them later if there is a problem.
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	612	*/
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	613	if ((alg->a_libhandle = dlopen(pathname, RTLD_NOW)) == NULL) {
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	614	syslog(LOG_ERR, "crypt(3c) unable to dlopen %s: %s",
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	615	pathname, dlerror());
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	616	errno = ELIBACC;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	617	*found = B_FALSE;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	618	goto cleanup;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	619	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	620
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	621	alg->a_genhash =
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	622	(char ()())dlsym(alg->a_libhandle, "crypt_genhash_impl");
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	623	if (alg->a_genhash == NULL) {
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	624	syslog(LOG_ERR, "crypt(3c) unable to find cryp_genhash_impl"
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	625	"symbol in %s: %s", pathname, dlerror());
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	626	errno = ELIBACC;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	627	*found = B_FALSE;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	628	goto cleanup;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	629	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	630	alg->a_gensalt =
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	631	(char ()())dlsym(alg->a_libhandle, "crypt_gensalt_impl");
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	632	if (alg->a_gensalt == NULL) {
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	633	syslog(LOG_ERR, "crypt(3c) unable to find crypt_gensalt_impl"
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	634	"symbol in %s: %s", pathname, dlerror());
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	635	errno = ELIBACC;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	636	*found = B_FALSE;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	637	goto cleanup;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	638	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	639
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	640	/*
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	641	* We have a good module so build the a_params if we have any.
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	642	* Count how much space we need first and then allocate an array
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	643	* to hold that many module params.
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	644	*/
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	645	if (lasts != NULL) {
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	646	int nparams = 0;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	647	char *tparams;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	648	char *tplasts;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	649
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	650	if ((tparams = strdup(lasts)) == NULL) {
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	651	*found = B_FALSE;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	652	goto cleanup;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	653	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	654
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	655	(void) strtok_r(tparams, " \t", &tplasts);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	656	do {
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	657	nparams++;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	658	} while (strtok_r(NULL, " \t", &tplasts) != NULL);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	659	free(tparams);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	660
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	661	alg->a_params = calloc(nparams + 1, sizeof (char *));
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	662	if (alg->a_params == NULL) {
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	663	*found = B_FALSE;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	664	goto cleanup;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	665	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	666
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	667	while ((token = strtok_r(NULL, " \t", &lasts)) != NULL) {
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	668	alg->a_params[alg->a_nparams++] = token;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	669	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	670	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	671
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	672	cleanup:
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	673	if (*found == B_FALSE) {
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	674	free_crypt_alg(alg);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	675	alg = NULL;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	676	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	677
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	678	if (pathname != NULL) {
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	679	free(pathname);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	680	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	681
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	682	if (fconf != NULL) {
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	683	(void) fclose(fconf);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	684	} else {
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	685	(void) close(configfd);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	686	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	687
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	688	return (alg);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	689	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	690
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	691	static void
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	692	free_crypt_alg(struct crypt_alg_s *alg)
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	693	{
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	694	if (alg == NULL)
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	695	return;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	696
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	697	if (alg->a_libhandle != NULL) {
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	698	(void) dlclose(alg->a_libhandle);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	699	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	700	if (alg->a_nparams != NULL) {
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	701	free(alg->a_params);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	702	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	703	free(alg);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	704	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	705
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	706	static void
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	707	free_crypt_policy(struct crypt_policy_s *policy)
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	708	{
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	709	if (policy == NULL)
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	710	return;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	711
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	712	if (policy->cp_default != NULL) {
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	713	bzero(policy->cp_default, strlen(policy->cp_default));
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	714	free(policy->cp_default);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	715	policy->cp_default = NULL;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	716	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	717
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	718	if (policy->cp_allow != NULL) {
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	719	bzero(policy->cp_allow, strlen(policy->cp_allow));
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	720	free(policy->cp_allow);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	721	policy->cp_allow = NULL;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	722	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	723
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	724	if (policy->cp_deny != NULL) {
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	725	bzero(policy->cp_deny, strlen(policy->cp_deny));
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	726	free(policy->cp_deny);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	727	policy->cp_deny = NULL;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	728	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	729
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	730	free(policy);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	731	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	732
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	733
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	734	/*
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	735	* isa_path - prepend the default dir or patch up the $ISA in path
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	736	* Caller is responsible for calling free(3c) on the result.
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	737	*/
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	738	static char *
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	739	isa_path(const char *path)
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	740	{
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	741	char *ret = NULL;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	742
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	743	if ((path == NULL) \|\| (strlen(path) > PATH_MAX)) {
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	744	return (NULL);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	745	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	746
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	747	ret = calloc(PATH_MAX, sizeof (char));
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	748
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	749	/*
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	750	* Module path doesn't start with "/" then prepend
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	751	* the default search path CRYPT_MODULE_DIR (/usr/lib/security/$ISA)
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	752	*/
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	753	if (path[0] != '/') {
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	754	if (snprintf(ret, PATH_MAX, "%s%s", CRYPT_MODULE_DIR,
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	755	path) > PATH_MAX) {
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	756	free(ret);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	757	return (NULL);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	758	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	759	} else { /* patch up $ISA */
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	760	char *isa;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	761
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	762	if ((isa = strstr(path, CRYPT_MODULE_ISA)) != NULL) {
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	763	*isa = '\0';
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	764	isa += strlen(CRYPT_MODULE_ISA);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	765	if (snprintf(ret, PATH_MAX, "%s%s%s", path,
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	766	CRYPT_ISA_DIR, isa) > PATH_MAX) {
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	767	free(ret);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	768	return (NULL);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	769	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	770	} else {
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	771	free(ret);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	772	ret = strdup(path);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	773	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	774	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	775
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	776	return (ret);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	777	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	778
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	779
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	780	/ARGSUSED/
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	781	static char *
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	782	_unix_crypt_gensalt(char *gsbuffer,
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	783	size_t gsbufflen,
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	784	const char *oldpuresalt,
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	785	const struct passwd *userinfo,
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	786	const char *argv[])
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	787	{
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	788	static const char saltchars[] =
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	789	"./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz";
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	790	struct timeval tv;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	791
11411 c2fe1bf96826 6894056 libc is not clean Surya Prakki <Surya.Prakki@Sun.COM> parents: 6812 diff changeset	792	(void) gettimeofday(&tv, (void *) 0);
0 68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	793	srand48(tv.tv_sec ^ tv.tv_usec);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	794	gsbuffer[0] = saltchars[lrand48() % 64]; /* lrand48() is MT-SAFE */
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	795	gsbuffer[1] = saltchars[lrand48() % 64]; /* lrand48() is MT-SAFE */
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	796	gsbuffer[2] = '\0';
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	797
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	798	return (gsbuffer);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	799	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	800
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	801	/*
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	802	* The rest of the code below comes from the old crypt.c and is the
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	803	* implementation of the hardwired/fallback traditional algorithm
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	804	* It has been otimized to take better advantage of MT features.
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	805	*
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	806	* It is included here to reduce the overhead of dlopen()
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	807	* for the common case.
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	808	*/
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	809
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	810
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	811	/* Copyright (c) 1988 AT&T */
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	812	/* All Rights Reserved */
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	813
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	814
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	815
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	816	/*
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	817	* This program implements a data encryption algorithm to encrypt passwords.
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	818	*/
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	819
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	820	static mutex_t crypt_lock = DEFAULTMUTEX;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	821	#define TSDBUFSZ (66 + 16)
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	822
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	823	static const char IP[] = {
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	824	58, 50, 42, 34, 26, 18, 10, 2,
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	825	60, 52, 44, 36, 28, 20, 12, 4,
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	826	62, 54, 46, 38, 30, 22, 14, 6,
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	827	64, 56, 48, 40, 32, 24, 16, 8,
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	828	57, 49, 41, 33, 25, 17, 9, 1,
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	829	59, 51, 43, 35, 27, 19, 11, 3,
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	830	61, 53, 45, 37, 29, 21, 13, 5,
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	831	63, 55, 47, 39, 31, 23, 15, 7,
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	832	};
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	833
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	834	static const char FP[] = {
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	835	40, 8, 48, 16, 56, 24, 64, 32,
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	836	39, 7, 47, 15, 55, 23, 63, 31,
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	837	38, 6, 46, 14, 54, 22, 62, 30,
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	838	37, 5, 45, 13, 53, 21, 61, 29,
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	839	36, 4, 44, 12, 52, 20, 60, 28,
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	840	35, 3, 43, 11, 51, 19, 59, 27,
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	841	34, 2, 42, 10, 50, 18, 58, 26,
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	842	33, 1, 41, 9, 49, 17, 57, 25,
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	843	};
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	844
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	845	static const char PC1_C[] = {
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	846	57, 49, 41, 33, 25, 17, 9,
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	847	1, 58, 50, 42, 34, 26, 18,
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	848	10, 2, 59, 51, 43, 35, 27,
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	849	19, 11, 3, 60, 52, 44, 36,
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	850	};
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	851
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	852	static const char PC1_D[] = {
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	853	63, 55, 47, 39, 31, 23, 15,
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	854	7, 62, 54, 46, 38, 30, 22,
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	855	14, 6, 61, 53, 45, 37, 29,
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	856	21, 13, 5, 28, 20, 12, 4,
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	857	};
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	858
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	859	static const char shifts[] = {
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	860	1, 1, 2, 2, 2, 2, 2, 2, 1, 2, 2, 2, 2, 2, 2, 1,
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	861	};
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	862
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	863	static const char PC2_C[] = {
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	864	14, 17, 11, 24, 1, 5,
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	865	3, 28, 15, 6, 21, 10,
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	866	23, 19, 12, 4, 26, 8,
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	867	16, 7, 27, 20, 13, 2,
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	868	};
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	869
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	870	static const char PC2_D[] = {
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	871	41, 52, 31, 37, 47, 55,
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	872	30, 40, 51, 45, 33, 48,
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	873	44, 49, 39, 56, 34, 53,
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	874	46, 42, 50, 36, 29, 32,
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	875	};
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	876
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	877	static char C[28];
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	878	static char D[28];
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	879	static char *KS;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	880
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	881	static char E[48];
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	882	static const char e2[] = {
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	883	32, 1, 2, 3, 4, 5,
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	884	4, 5, 6, 7, 8, 9,
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	885	8, 9, 10, 11, 12, 13,
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	886	12, 13, 14, 15, 16, 17,
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	887	16, 17, 18, 19, 20, 21,
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	888	20, 21, 22, 23, 24, 25,
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	889	24, 25, 26, 27, 28, 29,
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	890	28, 29, 30, 31, 32, 1,
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	891	};
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	892
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	893	/*
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	894	* The KS array (768 bytes) is allocated once, and only if
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	895	* one of _unix_crypt(), encrypt() or setkey() is called.
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	896	* The complexity below is due to the fact that calloc()
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	897	* must not be called while holding any locks.
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	898	*/
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	899	static int
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	900	allocate_KS(void)
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	901	{
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	902	char *ks;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	903	int failed;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	904	int assigned;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	905
3864 2ae506652d11 PSARC 2007/129 thr_keycreate_once raf parents: 1914 diff changeset	906	if (KS != NULL) { /* already allocated */
2ae506652d11 PSARC 2007/129 thr_keycreate_once raf parents: 1914 diff changeset	907	membar_consumer();
0 68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	908	return (0);
3864 2ae506652d11 PSARC 2007/129 thr_keycreate_once raf parents: 1914 diff changeset	909	}
0 68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	910
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	911	ks = calloc(16, 48 * sizeof (char));
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	912	failed = 0;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	913	lmutex_lock(&crypt_lock);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	914	if (KS != NULL) { /* someone else got here first */
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	915	assigned = 0;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	916	} else {
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	917	assigned = 1;
3864 2ae506652d11 PSARC 2007/129 thr_keycreate_once raf parents: 1914 diff changeset	918	membar_producer();
0 68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	919	if ((KS = ks) == NULL) /* calloc() failed */
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	920	failed = 1;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	921	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	922	lmutex_unlock(&crypt_lock);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	923	if (!assigned)
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	924	free(ks);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	925	return (failed);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	926	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	927
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	928	static void
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	929	unlocked_setkey(const char *key)
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	930	{
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	931	int i, j, k;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	932	char t;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	933
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	934	for (i = 0; i < 28; i++) {
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	935	C[i] = key[PC1_C[i]-1];
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	936	D[i] = key[PC1_D[i]-1];
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	937	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	938	for (i = 0; i < 16; i++) {
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	939	for (k = 0; k < shifts[i]; k++) {
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	940	t = C[0];
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	941	for (j = 0; j < 28-1; j++)
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	942	C[j] = C[j+1];
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	943	C[27] = t;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	944	t = D[0];
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	945	for (j = 0; j < 28-1; j++)
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	946	D[j] = D[j+1];
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	947	D[27] = t;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	948	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	949	for (j = 0; j < 24; j++) {
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	950	int index = i * 48;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	951
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	952	*(KS+index+j) = C[PC2_C[j]-1];
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	953	*(KS+index+j+24) = D[PC2_D[j]-28-1];
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	954	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	955	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	956	for (i = 0; i < 48; i++)
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	957	E[i] = e2[i];
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	958	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	959
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	960	static const char S[8][64] = {
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	961	14, 4, 13, 1, 2, 15, 11, 8, 3, 10, 6, 12, 5, 9, 0, 7,
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	962	0, 15, 7, 4, 14, 2, 13, 1, 10, 6, 12, 11, 9, 5, 3, 8,
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	963	4, 1, 14, 8, 13, 6, 2, 11, 15, 12, 9, 7, 3, 10, 5, 0,
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	964	15, 12, 8, 2, 4, 9, 1, 7, 5, 11, 3, 14, 10, 0, 6, 13,
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	965
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	966	15, 1, 8, 14, 6, 11, 3, 4, 9, 7, 2, 13, 12, 0, 5, 10,
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	967	3, 13, 4, 7, 15, 2, 8, 14, 12, 0, 1, 10, 6, 9, 11, 5,
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	968	0, 14, 7, 11, 10, 4, 13, 1, 5, 8, 12, 6, 9, 3, 2, 15,
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	969	13, 8, 10, 1, 3, 15, 4, 2, 11, 6, 7, 12, 0, 5, 14, 9,
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	970
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	971	10, 0, 9, 14, 6, 3, 15, 5, 1, 13, 12, 7, 11, 4, 2, 8,
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	972	13, 7, 0, 9, 3, 4, 6, 10, 2, 8, 5, 14, 12, 11, 15, 1,
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	973	13, 6, 4, 9, 8, 15, 3, 0, 11, 1, 2, 12, 5, 10, 14, 7,
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	974	1, 10, 13, 0, 6, 9, 8, 7, 4, 15, 14, 3, 11, 5, 2, 12,
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	975
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	976	7, 13, 14, 3, 0, 6, 9, 10, 1, 2, 8, 5, 11, 12, 4, 15,
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	977	13, 8, 11, 5, 6, 15, 0, 3, 4, 7, 2, 12, 1, 10, 14, 9,
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	978	10, 6, 9, 0, 12, 11, 7, 13, 15, 1, 3, 14, 5, 2, 8, 4,
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	979	3, 15, 0, 6, 10, 1, 13, 8, 9, 4, 5, 11, 12, 7, 2, 14,
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	980
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	981	2, 12, 4, 1, 7, 10, 11, 6, 8, 5, 3, 15, 13, 0, 14, 9,
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	982	14, 11, 2, 12, 4, 7, 13, 1, 5, 0, 15, 10, 3, 9, 8, 6,
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	983	4, 2, 1, 11, 10, 13, 7, 8, 15, 9, 12, 5, 6, 3, 0, 14,
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	984	11, 8, 12, 7, 1, 14, 2, 13, 6, 15, 0, 9, 10, 4, 5, 3,
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	985
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	986	12, 1, 10, 15, 9, 2, 6, 8, 0, 13, 3, 4, 14, 7, 5, 11,
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	987	10, 15, 4, 2, 7, 12, 9, 5, 6, 1, 13, 14, 0, 11, 3, 8,
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	988	9, 14, 15, 5, 2, 8, 12, 3, 7, 0, 4, 10, 1, 13, 11, 6,
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	989	4, 3, 2, 12, 9, 5, 15, 10, 11, 14, 1, 7, 6, 0, 8, 13,
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	990
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	991	4, 11, 2, 14, 15, 0, 8, 13, 3, 12, 9, 7, 5, 10, 6, 1,
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	992	13, 0, 11, 7, 4, 9, 1, 10, 14, 3, 5, 12, 2, 15, 8, 6,
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	993	1, 4, 11, 13, 12, 3, 7, 14, 10, 15, 6, 8, 0, 5, 9, 2,
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	994	6, 11, 13, 8, 1, 4, 10, 7, 9, 5, 0, 15, 14, 2, 3, 12,
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	995
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	996	13, 2, 8, 4, 6, 15, 11, 1, 10, 9, 3, 14, 5, 0, 12, 7,
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	997	1, 15, 13, 8, 10, 3, 7, 4, 12, 5, 6, 11, 0, 14, 9, 2,
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	998	7, 11, 4, 1, 9, 12, 14, 2, 0, 6, 10, 13, 15, 3, 5, 8,
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	999	2, 1, 14, 7, 4, 10, 8, 13, 15, 12, 9, 0, 3, 5, 6, 11,
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1000	};
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1001
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1002	static const char P[] = {
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1003	16, 7, 20, 21,
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1004	29, 12, 28, 17,
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1005	1, 15, 23, 26,
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1006	5, 18, 31, 10,
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1007	2, 8, 24, 14,
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1008	32, 27, 3, 9,
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1009	19, 13, 30, 6,
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1010	22, 11, 4, 25,
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1011	};
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1012
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1013	static char L[64];
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1014	static char tempL[32];
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1015	static char f[32];
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1016
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1017	static char preS[48];
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1018
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1019	/ARGSUSED/
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1020	static void
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1021	unlocked_encrypt(char *block, int fake)
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1022	{
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1023	int i;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1024	int t, j, k;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1025	char *R = &L[32];
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1026
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1027	for (j = 0; j < 64; j++)
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1028	L[j] = block[IP[j]-1];
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1029	for (i = 0; i < 16; i++) {
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1030	int index = i * 48;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1031
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1032	for (j = 0; j < 32; j++)
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1033	tempL[j] = R[j];
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1034	for (j = 0; j < 48; j++)
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1035	preS[j] = R[E[j]-1] ^ *(KS+index+j);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1036	for (j = 0; j < 8; j++) {
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1037	t = 6 * j;
6812 febeba71273d PSARC 2008/309 expunge synonyms.h raf parents: 3864 diff changeset	1038	k = S[j][(preS[t+0]<<5) +
febeba71273d PSARC 2008/309 expunge synonyms.h raf parents: 3864 diff changeset	1039	(preS[t+1]<<3) +
febeba71273d PSARC 2008/309 expunge synonyms.h raf parents: 3864 diff changeset	1040	(preS[t+2]<<2) +
febeba71273d PSARC 2008/309 expunge synonyms.h raf parents: 3864 diff changeset	1041	(preS[t+3]<<1) +
febeba71273d PSARC 2008/309 expunge synonyms.h raf parents: 3864 diff changeset	1042	(preS[t+4]<<0) +
febeba71273d PSARC 2008/309 expunge synonyms.h raf parents: 3864 diff changeset	1043	(preS[t+5]<<4)];
0 68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1044	t = 4*j;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1045	f[t+0] = (k>>3)&01;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1046	f[t+1] = (k>>2)&01;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1047	f[t+2] = (k>>1)&01;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1048	f[t+3] = (k>>0)&01;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1049	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1050	for (j = 0; j < 32; j++)
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1051	R[j] = L[j] ^ f[P[j]-1];
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1052	for (j = 0; j < 32; j++)
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1053	L[j] = tempL[j];
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1054	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1055	for (j = 0; j < 32; j++) {
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1056	t = L[j];
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1057	L[j] = R[j];
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1058	R[j] = (char)t;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1059	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1060	for (j = 0; j < 64; j++)
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1061	block[j] = L[FP[j]-1];
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1062	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1063
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1064	char *
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1065	_unix_crypt(const char pw, const char salt, char *iobuf)
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1066	{
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1067	int c, i, j;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1068	char temp;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1069	char *block;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1070
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1071	block = iobuf + 16;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1072
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1073	if (iobuf == 0) {
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1074	errno = ENOMEM;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1075	return (NULL);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1076	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1077	if (allocate_KS() != 0)
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1078	return (NULL);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1079	lmutex_lock(&crypt_lock);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1080	for (i = 0; i < 66; i++)
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1081	block[i] = 0;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1082	for (i = 0; (c = *pw) != '\0' && i < 64; pw++) {
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1083	for (j = 0; j < 7; j++, i++)
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1084	block[i] = (c>>(6-j)) & 01;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1085	i++;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1086	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1087
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1088	unlocked_setkey(block);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1089
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1090	for (i = 0; i < 66; i++)
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1091	block[i] = 0;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1092
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1093	for (i = 0; i < 2; i++) {
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1094	c = *salt++;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1095	iobuf[i] = (char)c;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1096	if (c > 'Z')
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1097	c -= 6;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1098	if (c > '9')
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1099	c -= 7;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1100	c -= '.';
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1101	for (j = 0; j < 6; j++) {
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1102	if ((c>>j) & 01) {
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1103	temp = E[6*i+j];
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1104	E[6i+j] = E[6i+j+24];
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1105	E[6*i+j+24] = temp;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1106	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1107	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1108	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1109
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1110	for (i = 0; i < 25; i++)
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1111	unlocked_encrypt(block, 0);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1112
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1113	lmutex_unlock(&crypt_lock);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1114	for (i = 0; i < 11; i++) {
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1115	c = 0;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1116	for (j = 0; j < 6; j++) {
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1117	c <<= 1;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1118	c \|= block[6*i+j];
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1119	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1120	c += '.';
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1121	if (c > '9')
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1122	c += 7;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1123	if (c > 'Z')
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1124	c += 6;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1125	iobuf[i+2] = (char)c;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1126	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1127	iobuf[i+2] = 0;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1128	if (iobuf[1] == 0)
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1129	iobuf[1] = iobuf[0];
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1130	return (iobuf);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1131	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1132
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1133
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1134	/ARGSUSED/
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1135	void
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1136	encrypt(char *block, int fake)
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1137	{
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1138	if (fake != 0) {
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1139	errno = ENOSYS;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1140	return;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1141	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1142	if (allocate_KS() != 0)
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1143	return;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1144	lmutex_lock(&crypt_lock);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1145	unlocked_encrypt(block, fake);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1146	lmutex_unlock(&crypt_lock);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1147	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1148
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1149
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1150	void
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1151	setkey(const char *key)
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1152	{
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1153	if (allocate_KS() != 0)
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1154	return;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1155	lmutex_lock(&crypt_lock);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1156	unlocked_setkey(key);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1157	lmutex_unlock(&crypt_lock);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1158	}

author	Jon Tibble <meths@btinternet.com>
	Thu, 09 Dec 2010 22:32:39 +0100
changeset 13255	4afa820d78b9
parent 11411	c2fe1bf96826
permissions	-rw-r--r--