From: tedu Date: Wed, 24 Dec 2014 22:04:26 +0000 (+0000) Subject: simplify. bcrypt only support and use newer libc APIs. no makekey emul. X-Git-Url: http://artulab.com/gitweb/?a=commitdiff_plain;h=04b9d67f1af54a733090f034636f37e1234b084a;p=openbsd simplify. bcrypt only support and use newer libc APIs. no makekey emul. ok deraadt schwarze is a little sad to see the last 1/8 shared man page go, but we have a support program in place, called the attic. --- diff --git a/usr.bin/encrypt/Makefile b/usr.bin/encrypt/Makefile index 870ce900274..fdb03721fcd 100644 --- a/usr.bin/encrypt/Makefile +++ b/usr.bin/encrypt/Makefile @@ -1,17 +1,9 @@ -# $OpenBSD: Makefile,v 1.7 2002/06/27 19:56:03 art Exp $ +# $OpenBSD: Makefile,v 1.8 2014/12/24 22:04:26 tedu Exp $ # Must be static because the floppies use it through a chroot. LDSTATIC= ${STATIC} PROG= encrypt -SRCS= encrypt.c pwd_gensalt.c -.PATH: ${.CURDIR}/../passwd - -LDADD = -lutil -DPADD= ${LIBUTIL} -LIBEXEC?= /usr/libexec - -LINKS= ${BINDIR}/encrypt ${LIBEXEC}/makekey -MLINKS= encrypt.1 makekey.8 +SRCS= encrypt.c .include diff --git a/usr.bin/encrypt/encrypt.1 b/usr.bin/encrypt/encrypt.1 index 2197ff01aad..053f6eec613 100644 --- a/usr.bin/encrypt/encrypt.1 +++ b/usr.bin/encrypt/encrypt.1 @@ -1,4 +1,4 @@ -.\" $OpenBSD: encrypt.1,v 1.24 2014/09/03 07:47:50 giovanni Exp $ +.\" $OpenBSD: encrypt.1,v 1.25 2014/12/24 22:04:26 tedu Exp $ .\" .\" Copyright (c) 1996, Jason Downs. All rights reserved. .\" @@ -23,7 +23,7 @@ .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" -.Dd $Mdocdate: September 3 2014 $ +.Dd $Mdocdate: December 24 2014 $ .Dt ENCRYPT 1 .Os .Sh NAME @@ -31,12 +31,9 @@ .Nd encrypt passwords from the command line or standard input .Sh SYNOPSIS .Nm encrypt -.Op Fl k .Op Fl b Ar rounds .Op Fl c Ar class .Op Fl p | Ar string -.Op Fl s Ar salt -.Nm makekey .Sh DESCRIPTION .Nm prints the encrypted form of @@ -44,12 +41,6 @@ prints the encrypted form of to the standard output. This is mostly useful for encrypting passwords from within scripts. .Pp -When invoked as -.Nm makekey , -a single combined key and salt are read from standard -input and the DES encrypted result is written to standard output without a -terminating newline. -.Pp The options are as follows: .Bl -tag -width Ds .It Fl b Ar rounds @@ -62,23 +53,15 @@ Use the cipher type specified in the given user login class. See .Xr login.conf 5 for more information. -.It Fl k -Run in -.Nm makekey -compatible mode. .It Fl p Prompt for a single string with echo turned off. -.It Fl s Ar salt -Encrypt the string using DES, with the specified -.Ar salt . .El .Pp If no .Ar string is specified, .Nm -reads one string per line from standard input, encrypting each one -with the chosen algorithm from above. +reads one string per line from standard input, encrypting each one. In the case where no specific algorithm or specific user login class was given as a command line option, the algorithm specified in the default class in .Pa /etc/login.conf @@ -96,14 +79,9 @@ standard input is more secure. .It Pa /etc/login.conf .El .Sh SEE ALSO -.Xr crypt 3 , +.Xr crypt_newhash 3 , .Xr login.conf 5 .Sh HISTORY .Nm first appeared in .Ox 1.2 . -.Pp -A -.Nm makekey -command appeared in -.At v7 . diff --git a/usr.bin/encrypt/encrypt.c b/usr.bin/encrypt/encrypt.c index 800d190166e..0f302b5706b 100644 --- a/usr.bin/encrypt/encrypt.c +++ b/usr.bin/encrypt/encrypt.c @@ -1,4 +1,4 @@ -/* $OpenBSD: encrypt.c,v 1.33 2014/11/03 16:47:55 tedu Exp $ */ +/* $OpenBSD: encrypt.c,v 1.34 2014/12/24 22:04:26 tedu Exp $ */ /* * Copyright (c) 1996, Jason Downs. All rights reserved. @@ -42,23 +42,20 @@ * line. Useful for scripts and such. */ -#define DO_MAKEKEY 0 -#define DO_DES 1 -#define DO_BLF 2 - extern char *__progname; -char buffer[_PASSWORD_LEN]; void usage(void); int ideal_rounds(void); void print_passwd(char *, int, void *); +#define DO_BLF 0 + void usage(void) { (void)fprintf(stderr, - "usage: %s [-k] [-b rounds] [-c class] [-p | string] [-s salt]\n", + "usage: %s [-b rounds] [-c class] [-p | string]\n", __progname); exit(1); } @@ -100,49 +97,27 @@ ideal_rounds(void) void print_passwd(char *string, int operation, void *extra) { - char msalt[3], *salt, *cryptstr; - login_cap_t *lc; - int pwd_gensalt(char *, int, login_cap_t *, char); - void to64(char *, u_int32_t, int n); + char buffer[_PASSWORD_LEN]; if (operation == DO_BLF) { - if (bcrypt_newhash(string, *(int *)extra, buffer, - sizeof(buffer)) != 0) + int rounds = *(int *)extra; + if (bcrypt_newhash(string, rounds, buffer, sizeof(buffer)) != 0) errx(1, "bcrypt newhash failed"); fputs(buffer, stdout); return; - } - - switch(operation) { - case DO_MAKEKEY: - /* - * makekey mode: parse string into separate DES key and salt. - */ - if (strlen(string) != 10) { - /* To be compatible... */ - errx(1, "%s", strerror(EFTYPE)); - } - strlcpy(msalt, &string[8], sizeof msalt); - salt = msalt; - break; - - case DO_DES: - salt = extra; - break; + } else { + login_cap_t *lc; + const char *pref; - default: if ((lc = login_getclass(extra)) == NULL) errx(1, "unable to get login class `%s'", extra ? (char *)extra : "default"); - if (!pwd_gensalt(buffer, _PASSWORD_LEN, lc, 'l')) - errx(1, "can't generate salt"); - salt = buffer; - break; + pref = login_getcapstr(lc, "localcipher", NULL, NULL); + if (crypt_newhash(string, pref, buffer, sizeof(buffer)) != 0) + errx(1, "can't generate hash"); } - if ((cryptstr = crypt(string, salt)) == NULL) - errx(1, "crypt failed"); - fputs(cryptstr, stdout); + fputs(buffer, stdout); } int @@ -155,30 +130,11 @@ main(int argc, char **argv) void *extra = NULL; /* Store salt or number of rounds */ const char *errstr; - if (strcmp(__progname, "makekey") == 0) - operation = DO_MAKEKEY; - - while ((opt = getopt(argc, argv, "kps:b:c:")) != -1) { + while ((opt = getopt(argc, argv, "pb:c:")) != -1) { switch (opt) { - case 'k': /* Stdin/Stdout Unix crypt */ - if (operation != -1 || prompt) - usage(); - operation = DO_MAKEKEY; - break; - case 'p': - if (operation == DO_MAKEKEY) - usage(); prompt = 1; break; - - case 's': /* Unix crypt (DES) */ - if (operation != -1 || optarg[0] == '$') - usage(); - operation = DO_DES; - extra = optarg; - break; - case 'b': /* Blowfish password hash */ if (operation != -1) usage(); @@ -191,18 +147,16 @@ main(int argc, char **argv) errx(1, "%s: %s", errstr, optarg); extra = &rounds; break; - case 'c': /* user login class */ extra = optarg; operation = -1; break; - default: usage(); } } - if (((argc - optind) < 1) || operation == DO_MAKEKEY) { + if (((argc - optind) < 1)) { char line[BUFSIZ], *string; if (prompt) { @@ -223,10 +177,6 @@ main(int argc, char **argv) print_passwd(line, operation, extra); - if (operation == DO_MAKEKEY) { - fflush(stdout); - break; - } (void)fputc('\n', stdout); } }