aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorDuncaen <mail@duncano.de>2017-06-16 00:32:18 +0200
committerDuncaen <mail@duncano.de>2017-06-16 00:32:18 +0200
commit1d9cb5421f1fe6eb4d9763ed301867ed3e90bd44 (patch)
tree273ca22291e6c81807bdcd5d3e569b69d593e033
parent0bf865f90eb58776bf8903caa2ec8897bb1f5e3c (diff)
downloadlobase-1d9cb5421f1fe6eb4d9763ed301867ed3e90bd44.tar.gz
usr.bin/encrypt: import
-rw-r--r--usr.bin/Makefile12
-rw-r--r--usr.bin/encrypt/Makefile8
-rw-r--r--usr.bin/encrypt/encrypt.187
-rw-r--r--usr.bin/encrypt/encrypt.c180
4 files changed, 281 insertions, 6 deletions
diff --git a/usr.bin/Makefile b/usr.bin/Makefile
index b8c151a..90cb7dc 100644
--- a/usr.bin/Makefile
+++ b/usr.bin/Makefile
@@ -1,10 +1,10 @@
TOPDIR?=..
SUBDIR= apply awk basename bc biff cal calendar cmp colrm col column comm \
- cut dc dirname du diff3 diff env expand false file fmt fold ftp getopt \
- grep head hexdump id indent join jot lam lndir logger logname look \
- mktemp nice nl nohup paste patch printenv printf readlink renice rev \
- rs sed shar sort spell split stat tee time touch tr true tsort tty ul \
- units uname unexpand uniq unvis uudecode uuencode vis wc what which \
- xinstall htpasswd cu newsyslog sdiff banner
+ cut dc dirname du diff3 diff encrypt env expand false file fmt fold \
+ ftp getopt grep head hexdump id indent join jot lam lndir logger \
+ logname look mktemp nice nl nohup paste patch printenv printf readlink \
+ renice rev rs sed shar sort spell split stat tee time touch tr true \
+ tsort tty ul units uname unexpand uniq unvis uudecode uuencode vis wc \
+ what which xinstall htpasswd cu newsyslog sdiff banner
SKIPDIR=file ftp cu
include ${.TOPDIR}/mk/bsd.subdir.mk
diff --git a/usr.bin/encrypt/Makefile b/usr.bin/encrypt/Makefile
new file mode 100644
index 0000000..769c339
--- /dev/null
+++ b/usr.bin/encrypt/Makefile
@@ -0,0 +1,8 @@
+# $OpenBSD: Makefile,v 1.9 2015/10/12 13:53:40 deraadt Exp $
+
+.TOPDIR?=../..
+
+PROG= encrypt
+SRCS= encrypt.c
+
+include ${.TOPDIR}/mk/bsd.prog.mk
diff --git a/usr.bin/encrypt/encrypt.1 b/usr.bin/encrypt/encrypt.1
new file mode 100644
index 0000000..053f6ee
--- /dev/null
+++ b/usr.bin/encrypt/encrypt.1
@@ -0,0 +1,87 @@
+.\" $OpenBSD: encrypt.1,v 1.25 2014/12/24 22:04:26 tedu Exp $
+.\"
+.\" Copyright (c) 1996, Jason Downs. All rights reserved.
+.\"
+.\" Redistribution and use in source and binary forms, with or without
+.\" modification, are permitted provided that the following conditions
+.\" are met:
+.\" 1. Redistributions of source code must retain the above copyright
+.\" notice, this list of conditions and the following disclaimer.
+.\" 2. Redistributions in binary form must reproduce the above copyright
+.\" notice, this list of conditions and the following disclaimer in the
+.\" documentation and/or other materials provided with the distribution.
+.\"
+.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR(S) ``AS IS'' AND ANY EXPRESS
+.\" OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+.\" WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+.\" DISCLAIMED. IN NO EVENT SHALL THE AUTHOR(S) BE LIABLE FOR ANY DIRECT,
+.\" INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+.\" (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+.\" SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
+.\" CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+.\" SUCH DAMAGE.
+.\"
+.Dd $Mdocdate: December 24 2014 $
+.Dt ENCRYPT 1
+.Os
+.Sh NAME
+.Nm encrypt
+.Nd encrypt passwords from the command line or standard input
+.Sh SYNOPSIS
+.Nm encrypt
+.Op Fl b Ar rounds
+.Op Fl c Ar class
+.Op Fl p | Ar string
+.Sh DESCRIPTION
+.Nm
+prints the encrypted form of
+.Ar string
+to the standard output.
+This is mostly useful for encrypting passwords from within scripts.
+.Pp
+The options are as follows:
+.Bl -tag -width Ds
+.It Fl b Ar rounds
+Encrypt the string using Blowfish hashing with the specified number of
+.Ar rounds .
+May also specify 'a' to request a variable number of rounds scaled to the
+machine's CPU capabilities.
+.It Fl c Ar class
+Use the cipher type specified in the given user login class.
+See
+.Xr login.conf 5
+for more information.
+.It Fl p
+Prompt for a single string with echo turned off.
+.El
+.Pp
+If no
+.Ar string
+is specified,
+.Nm
+reads one string per line from standard input, encrypting each one.
+In the case where no specific algorithm or specific user login class was given
+as a command line option, the algorithm specified in the default class in
+.Pa /etc/login.conf
+will be used.
+.Pp
+For Blowfish, a new random salt is automatically generated for each
+password.
+.Pp
+Specifying the
+.Ar string
+on the command line should be discouraged; using the
+standard input is more secure.
+.Sh FILES
+.Bl -tag -width /etc/login.conf -compact
+.It Pa /etc/login.conf
+.El
+.Sh SEE ALSO
+.Xr crypt_newhash 3 ,
+.Xr login.conf 5
+.Sh HISTORY
+.Nm
+first appeared in
+.Ox 1.2 .
diff --git a/usr.bin/encrypt/encrypt.c b/usr.bin/encrypt/encrypt.c
new file mode 100644
index 0000000..2bed680
--- /dev/null
+++ b/usr.bin/encrypt/encrypt.c
@@ -0,0 +1,180 @@
+/* $OpenBSD: encrypt.c,v 1.42 2015/10/10 18:14:20 doug Exp $ */
+
+/*
+ * Copyright (c) 1996, Jason Downs. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR(S) ``AS IS'' AND ANY EXPRESS
+ * OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR(S) BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
+ * CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include <sys/types.h>
+#include <ctype.h>
+#include <err.h>
+#include <errno.h>
+#include <pwd.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <unistd.h>
+#ifdef HAVE_LOGIN_CAP_H
+#include <login_cap.h>
+#endif
+#include <limits.h>
+
+/*
+ * Very simple little program, for encrypting passwords from the command
+ * line. Useful for scripts and such.
+ */
+
+extern char *__progname;
+
+void usage(void);
+
+#define DO_BLF 0
+
+void
+usage(void)
+{
+
+ (void)fprintf(stderr,
+ "usage: %s [-b rounds] [-c class] [-p | string]\n",
+ __progname);
+ exit(1);
+}
+
+static void
+print_passwd(char *string, int operation, char *extra)
+{
+ char buffer[_PASSWORD_LEN];
+ const char *pref;
+ char prefbuf[64];
+
+ if (operation == DO_BLF) {
+ if (snprintf(prefbuf, sizeof(prefbuf), "blowfish,%s", extra) >=
+ sizeof(prefbuf))
+ errx(1, "pref too long");
+ pref = prefbuf;
+ } else {
+#ifdef HAVE_LOGIN_CAP_H
+ login_cap_t *lc;
+
+ if ((lc = login_getclass(extra)) == NULL)
+ errx(1, "unable to get login class `%s'",
+ extra ? (char *)extra : "default");
+
+ pref = login_getcapstr(lc, "localcipher", NULL, NULL);
+#else
+ pref = extra;
+ if (extra == NULL)
+ pref = "blowfish,a";
+#endif
+ }
+ if (crypt_newhash(string, pref, buffer, sizeof(buffer)) != 0)
+ err(1, "can't generate hash");
+
+ fputs(buffer, stdout);
+}
+
+int
+main(int argc, char **argv)
+{
+ int opt;
+ int operation = -1;
+ int prompt = 0;
+ char *extra = NULL; /* Store login class or number of rounds */
+ const char *errstr;
+
+ if (pledge("stdio rpath wpath tty", NULL) == -1)
+ err(1, "pledge");
+
+ while ((opt = getopt(argc, argv, "pb:c:")) != -1) {
+ switch (opt) {
+ case 'p':
+ prompt = 1;
+ break;
+ case 'b': /* Blowfish password hash */
+ if (operation != -1)
+ usage();
+ operation = DO_BLF;
+ if (strcmp(optarg, "a") != 0) {
+ (void)strtonum(optarg, 4, 31, &errstr);
+ if (errstr != NULL)
+ errx(1, "rounds is %s: %s", errstr,
+ optarg);
+ }
+ extra = optarg;
+ break;
+ case 'c': /* user login class */
+ extra = optarg;
+ operation = -1;
+ break;
+ default:
+ usage();
+ }
+ }
+
+ if (((argc - optind) < 1)) {
+ char line[BUFSIZ], *string;
+
+ if (prompt) {
+ if ((string = getpass("Enter string: ")) == NULL)
+ err(1, "getpass");
+ print_passwd(string, operation, extra);
+ (void)fputc('\n', stdout);
+ } else {
+ size_t len;
+ /* Encrypt stdin to stdout. */
+ while (!feof(stdin) &&
+ (fgets(line, sizeof(line), stdin) != NULL)) {
+ len = strlen(line);
+ if (len == 0 || line[0] == '\n')
+ continue;
+ if (line[len - 1] == '\n')
+ line[len - 1] = '\0';
+
+ print_passwd(line, operation, extra);
+
+ (void)fputc('\n', stdout);
+ }
+ }
+ } else {
+ char *string;
+
+ /* can't combine -p with a supplied string */
+ if (prompt)
+ usage();
+
+ /* Perhaps it isn't worth worrying about, but... */
+ if ((string = strdup(argv[optind])) == NULL)
+ err(1, NULL);
+ /* Wipe the argument. */
+ explicit_bzero(argv[optind], strlen(argv[optind]));
+
+ print_passwd(string, operation, extra);
+
+ (void)fputc('\n', stdout);
+
+ /* Wipe our copy, before we free it. */
+ explicit_bzero(string, strlen(string));
+ free(string);
+ }
+ exit(0);
+}