Source-Changes-HG archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

[src/trunk]: src adding full scheme comparison to libcrypt:crypt and pwhash t...



details:   https://anonhg.NetBSD.org/src/rev/72e5987f387e
branches:  trunk
changeset: 460049:72e5987f387e
user:      jhigh <jhigh%NetBSD.org@localhost>
date:      Sat Oct 05 18:06:16 2019 +0000

description:
adding full scheme comparison to libcrypt:crypt and pwhash tests

diffstat:

 distrib/sets/lists/tests/mi      |   6 ++-
 etc/mtree/NetBSD.dist.tests      |   3 +-
 lib/libcrypt/crypt.c             |  72 ++++++++++++++++++++++++++++++++++++---
 tests/usr.bin/Makefile           |   4 +-
 tests/usr.bin/pwhash/Makefile    |   8 ++++
 tests/usr.bin/pwhash/t_pwhash.sh |  47 ++++++++++++++++++++++++++
 6 files changed, 129 insertions(+), 11 deletions(-)

diffs (237 lines):

diff -r 9c2eb84e68c6 -r 72e5987f387e distrib/sets/lists/tests/mi
--- a/distrib/sets/lists/tests/mi       Sat Oct 05 18:01:52 2019 +0000
+++ b/distrib/sets/lists/tests/mi       Sat Oct 05 18:06:16 2019 +0000
@@ -1,4 +1,4 @@
-# $NetBSD: mi,v 1.821 2019/09/15 16:58:11 christos Exp $
+# $NetBSD: mi,v 1.822 2019/10/05 18:06:16 jhigh Exp $
 #
 # Note: don't delete entries from here - mark them as "obsolete" instead.
 #
@@ -4208,6 +4208,10 @@
 ./usr/tests/usr.bin/pr/d_basic.in              tests-usr.bin-tests     compattestfile,atf
 ./usr/tests/usr.bin/pr/d_basic.out             tests-usr.bin-tests     compattestfile,atf
 ./usr/tests/usr.bin/pr/t_basic                 tests-usr.bin-tests     compattestfile,atf
+./usr/tests/usr.bin/pwhash                     tests-usr.bin-tests     compattestfile,atf
+./usr/tests/usr.bin/pwhash/Atffile             tests-usr.bin-tests     compattestfile,atf
+./usr/tests/usr.bin/pwhash/Kyuafile            tests-usr.bin-tests     compattestfile,atf,kyua
+./usr/tests/usr.bin/pwhash/t_pwhash            tests-usr.bin-tests     compattestfile,atf
 ./usr/tests/usr.bin/printf                     tests-usr.bin-tests     compattestfile,atf
 ./usr/tests/usr.bin/printf/Atffile             tests-usr.bin-tests     compattestfile,atf
 ./usr/tests/usr.bin/printf/Kyuafile            tests-usr.bin-tests     compattestfile,atf,kyua
diff -r 9c2eb84e68c6 -r 72e5987f387e etc/mtree/NetBSD.dist.tests
--- a/etc/mtree/NetBSD.dist.tests       Sat Oct 05 18:01:52 2019 +0000
+++ b/etc/mtree/NetBSD.dist.tests       Sat Oct 05 18:06:16 2019 +0000
@@ -1,4 +1,4 @@
-#      $NetBSD: NetBSD.dist.tests,v 1.158 2019/04/04 19:50:47 kamil Exp $
+#      $NetBSD: NetBSD.dist.tests,v 1.159 2019/10/05 18:06:16 jhigh Exp $
 
 ./usr/libdata/debug/usr/tests
 ./usr/libdata/debug/usr/tests/atf
@@ -416,6 +416,7 @@
 ./usr/tests/usr.bin/pkill
 ./usr/tests/usr.bin/pr
 ./usr/tests/usr.bin/printf
+./usr/tests/usr.bin/pwhash
 ./usr/tests/usr.bin/rump_server
 ./usr/tests/usr.bin/sdiff
 ./usr/tests/usr.bin/sed
diff -r 9c2eb84e68c6 -r 72e5987f387e lib/libcrypt/crypt.c
--- a/lib/libcrypt/crypt.c      Sat Oct 05 18:01:52 2019 +0000
+++ b/lib/libcrypt/crypt.c      Sat Oct 05 18:06:16 2019 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: crypt.c,v 1.34 2015/06/17 00:15:26 christos Exp $      */
+/*     $NetBSD: crypt.c,v 1.35 2019/10/05 18:06:16 jhigh Exp $ */
 
 /*
  * Copyright (c) 1989, 1993
@@ -37,13 +37,14 @@
 #if 0
 static char sccsid[] = "@(#)crypt.c    8.1.1.1 (Berkeley) 8/18/93";
 #else
-__RCSID("$NetBSD: crypt.c,v 1.34 2015/06/17 00:15:26 christos Exp $");
+__RCSID("$NetBSD: crypt.c,v 1.35 2019/10/05 18:06:16 jhigh Exp $");
 #endif
 #endif /* not lint */
 
 #include <limits.h>
 #include <pwd.h>
 #include <stdlib.h>
+#include <string.h> /* for strcmp */
 #include <unistd.h>
 #if defined(DEBUG) || defined(MAIN) || defined(UNIT_TEST)
 #include <stdio.h>
@@ -498,6 +499,48 @@
 }
 
 /*
+ * We extract the scheme from setting str to allow for 
+ * full scheme name comparison
+ * Updated to reflect alc suggestion(s) 
+ *
+ * retuns boolean 0 on failure, 1 on success, 
+ */
+static int 
+nondes_scheme_substr(const char * setting,char * scheme, unsigned int len)
+{
+       const char * start;
+       const char * sep;
+
+       /* initialize head pointer */
+       start = setting;
+
+       /* clear out scheme buffer regardless of result */
+       memset(scheme, 0, len);
+
+       /* make sure we are working on non-des scheme string */
+       if (*start != _PASSWORD_NONDES) {
+               return 0;
+       }
+
+       /* increment passed initial _PASSWORD_NONDES */
+       start++;
+
+       if ((sep = memchr(start, _PASSWORD_NONDES,len-1)) == NULL) {
+               return 0;
+       }
+
+       /* if empty string, we are done */
+       if (sep == start) {
+               return 1;
+       }
+
+       /* copy scheme substr to buffer */
+       memcpy(scheme, start, (size_t)(sep - start));
+
+       return 1;
+}
+
+/*
  * Return a pointer to static data consisting of the "setting"
  * followed by an encryption produced by the "key" and "setting".
  */
@@ -505,24 +548,39 @@
 __crypt(const char *key, const char *setting)
 {
        char *encp;
+       char scheme[12]; 
        int32_t i;
        int t;
+       int r;
        int32_t salt;
        int num_iter, salt_size;
        C_block keyblock, rsltblock;
 
        /* Non-DES encryption schemes hook in here. */
        if (setting[0] == _PASSWORD_NONDES) {
-               switch (setting[1]) {
-               case '2':
+               r = nondes_scheme_substr(
+                       setting, scheme, sizeof(scheme));
+
+               /* return NULL if we are unable to extract substring */
+               if (!r) {
+                       return NULL;
+               }
+
+               /* $2a$ found in bcrypt.c:encode_salt  */
+               if (strcmp(scheme, "2a") == 0) {
                        return (__bcrypt(key, setting));
-               case 's':
+               } else if (strcmp(scheme, "sha1") == 0) {
+                    /* $sha1$ found in crypt.h:SHA1_MAGIC */
                        return (__crypt_sha1(key, setting));
-               case '1':
-               default:
+               } else if (strcmp(scheme, "1") == 0) {
+                    /* $1$ found in pw_gensalt.c:__gensalt_md5 */
                        return (__md5crypt(key, setting));
+               } else {
+                    /* invalid scheme, including empty string */
+                       return NULL;
                }
        }
+       /* End non-DES handling */
 
        for (i = 0; i < 8; i++) {
                if ((t = 2*(unsigned char)(*key)) != 0)
diff -r 9c2eb84e68c6 -r 72e5987f387e tests/usr.bin/Makefile
--- a/tests/usr.bin/Makefile    Sat Oct 05 18:01:52 2019 +0000
+++ b/tests/usr.bin/Makefile    Sat Oct 05 18:06:16 2019 +0000
@@ -1,4 +1,4 @@
-#      $NetBSD: Makefile,v 1.27 2019/04/04 15:22:13 kamil Exp $
+#      $NetBSD: Makefile,v 1.28 2019/10/05 18:06:16 jhigh Exp $
 #
 
 .include <bsd.own.mk>
@@ -8,7 +8,7 @@
 TESTS_SUBDIRS= awk basename bzip2 cc cmp config cut \
                diff dirname find gdb grep gzip id indent \
                infocmp jot ld m4 make mixerctl mkdep nbperf netpgpverify \
-               pkill pr printf rump_server shmif_dumpbus sdiff \
+               pkill pr printf pwhash rump_server shmif_dumpbus sdiff \
                sed sort tmux tr unifdef uniq vmstat xlint
 
 .if ${MKCXX} != "no"
diff -r 9c2eb84e68c6 -r 72e5987f387e tests/usr.bin/pwhash/Makefile
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/tests/usr.bin/pwhash/Makefile     Sat Oct 05 18:06:16 2019 +0000
@@ -0,0 +1,8 @@
+# $NetBSD: Makefile,v 1.1 2019/10/05 18:06:17 jhigh Exp $
+
+.include <bsd.own.mk>
+
+TESTSDIR=      ${TESTSBASE}/usr.bin/pwhash
+TESTS_SH=      t_pwhash
+
+.include <bsd.test.mk>
diff -r 9c2eb84e68c6 -r 72e5987f387e tests/usr.bin/pwhash/t_pwhash.sh
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/tests/usr.bin/pwhash/t_pwhash.sh  Sat Oct 05 18:06:16 2019 +0000
@@ -0,0 +1,47 @@
+atf_test_case pwhash_blowfish_r12
+pwhash_blowfish_r12_head() {
+       atf_set "descr" "ATF test for pwhash using blowfish 12 rounds"
+}
+
+pwhash_blowfish_r12_body() {
+       atf_check -s exit:0 -o match:"^\\\$2a\\\$" -x \
+               'echo -n password | pwhash -b 12'
+}
+
+atf_test_case pwhash_md5
+pwhash_md5_head() {
+       atf_set "descr" "ATF test for pwhash using MD5"
+}
+
+pwhash_md5_body() {
+       atf_check -s exit:0 -o match:"^\\\$1\\\$" -x \
+               'echo -n password | pwhash -m'
+}
+
+atf_test_case pwhash_sha1
+pwhash_sha1_head() {
+       atf_set "descr" "ATF test for pwhash using SHA1"
+}
+
+pwhash_sha1_body() {
+       atf_check -s exit:0 -o match:"^\\\$sha1\\\$" -x \
+               'echo -n password | pwhash'
+}
+
+atf_test_case pwhash_des
+pwhash_des_head() {
+       atf_set "descr" "ATF test for pwhash using DES"
+}
+
+pwhash_des_body() {
+       atf_check -s exit:0 -o ignore -e ignore -x \
+               'echo -n password | pwhash -s somesalt'
+}
+
+atf_init_test_cases()
+{
+       atf_add_test_case pwhash_blowfish_r12
+       atf_add_test_case pwhash_md5
+       atf_add_test_case pwhash_sha1
+       atf_add_test_case pwhash_des
+}



Home | Main Index | Thread Index | Old Index