[irc/rqf/shadowircd.git] / tools / mkpasswd.c

/* simple password generator by Nelson Minar (minar@reed.edu)
** copyright 1991, all rights reserved.
** You can use this code as long as my name stays with it.
**
** md5 patch by W. Campbell <wcampbel@botbay.net>
** Modernization, getopt, etc for the Hybrid IRCD team
** by W. Campbell
** 
** /dev/random for salt generation added by 
** Aaron Sethman <androsyn@ratbox.org>
**
** $Id: mkpasswd.c 6 2005-09-10 01:02:21Z nenolod $
*/
#include <stdio.h>
#include <string.h>
#include <stdlib.h>
#include <time.h>
#include <unistd.h>
#include <fcntl.h>

#define FLAG_MD5     0x00000001
#define FLAG_DES     0x00000002
#define FLAG_SALT    0x00000004
#define FLAG_PASS    0x00000008
#define FLAG_LENGTH  0x00000010
#define FLAG_BLOWFISH 0x00000020
#define FLAG_ROUNDS  0x00000040
#define FLAG_EXT     0x00000080

extern char *getpass();
extern char *crypt();

static char *make_des_salt(void);
static char *make_ext_salt(int);
static char *make_ext_salt_para(int, char *);
static char *make_md5_salt(int);
static char *make_md5_salt_para(char *);
static char *make_bf_salt(int, int);
static char *make_bf_salt_para(int, char *);
static char *int_to_base64(int);
static char *generate_random_salt(char *, int);
static char *generate_poor_salt(char *, int);

static void full_usage(void);
static void brief_usage(void);

static char saltChars[] =
       "./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz";
       /* 0 .. 63, ascii - 64 */

extern char *optarg;

int main(int argc, char *argv[])
{
  char *plaintext = NULL;
  int c;
  char *saltpara = NULL;
  char *salt;
  int flag = 0;
  int length = 0; /* Not Set */
  int rounds = 0; /* Not set, since extended DES needs 25 and blowfish needs
                  ** 4 by default, a side effect of this being the encryption
                  ** type parameter must be specified before the rounds
                  ** parameter.
                  */

  while( (c=getopt(argc, argv, "mdber:h?l:s:p:")) != -1)
  {
    switch(c)
    {
      case 'm':
        flag |= FLAG_MD5;
        break;
      case 'd':
        flag |= FLAG_DES;
        break;
      case 'b':
        flag |= FLAG_BLOWFISH;
        rounds = 4;
        break;
      case 'e':
        flag |= FLAG_EXT;
        rounds = 25;
        break;
      case 'l':
        flag |= FLAG_LENGTH;
        length = atoi(optarg);
        break;
      case 'r':
        flag |= FLAG_ROUNDS;
        rounds = atoi(optarg);
        break;
      case 's':
        flag |= FLAG_SALT;
        saltpara = optarg;
        break;
      case 'p':
        flag |= FLAG_PASS;
        plaintext = optarg;
        break;
      case 'h':
        full_usage();
        /* NOT REACHED */
        break;
      case '?':
        brief_usage();
        /* NOT REACHED */
        break;
      default:
        printf("Invalid Option: -%c\n", c);
        break;
    }
  }

  if (flag & FLAG_MD5)
  {
    if (length == 0)
      length = 8;
    if (flag & FLAG_SALT)
      salt = make_md5_salt_para(saltpara);
    else
      salt = make_md5_salt(length);
  }
  else if (flag & FLAG_BLOWFISH)
  {
    if (length == 0)
      length = 22;
    if (flag & FLAG_SALT)
      salt = make_bf_salt_para(rounds, saltpara);
    else
      salt = make_bf_salt(rounds, length);
  }
  else if (flag & FLAG_EXT)
  {
    /* XXX - rounds needs to be done */
    if (flag & FLAG_SALT)
    {
      if ((strlen(saltpara) == 4))
      {
        salt = make_ext_salt_para(rounds, saltpara);
      }
      else
      {
        printf("Invalid salt, please enter 4 alphanumeric characters\n");
        exit(1);
      }
    }
    else
    {
      salt = make_ext_salt(rounds);
    }
  }
  else
  {
    if (flag & FLAG_SALT)
    {
      if ((strlen(saltpara) == 2))
      {
        salt = saltpara;
      }
      else
      {
        printf("Invalid salt, please enter 2 alphanumeric characters\n");
        exit(1);
      }
    }
    else
    {
      salt = make_des_salt();
    }
  }

  if (flag & FLAG_PASS)
  {
    if (!plaintext)
      printf("Please enter a valid password\n");
  }
  else
  {
    plaintext = getpass("plaintext: ");
  }

  printf("%s\n", crypt(plaintext, salt));
  return 0;
}

static char *make_des_salt()
{
  static char salt[3];
  generate_random_salt(salt, 2);
  salt[2] = '\0';
  return salt;
}

char *int_to_base64(int value)
{
  static char buf[5];
  int i;

  for (i = 0; i < 4; i++)
  {
    buf[i] = saltChars[value & 63];
    value >>= 6;  /* Right shifting 6 places is the same as dividing by 64 */
  }

  buf[i] = '\0';  /* not REALLY needed as it's static, and thus initialized
                  ** to \0.
                  */
  return buf;
}

char *make_ext_salt(int rounds)
{
  static char salt[10];

  sprintf(salt, "_%s", int_to_base64(rounds));
  generate_random_salt(&salt[5], 4);
  salt[9] = '\0';
  return salt;
}

char *make_ext_salt_para(int rounds, char *saltpara)
{
  static char salt[10];

  sprintf(salt, "_%s%s", int_to_base64(rounds), saltpara);
  return salt;
}

char *make_md5_salt_para(char *saltpara)
{
  static char salt[21];
  if (saltpara && (strlen(saltpara) <= 16))
  {
    /* sprintf used because of portability requirements, the length
    ** is checked above, so it should not be too much of a concern
    */
    sprintf(salt, "$1$%s$", saltpara);
    return salt;
  }
  printf("Invalid Salt, please use up to 16 random alphanumeric characters\n");
  exit(1);

  /* NOT REACHED */
  return NULL;
}
  
char *make_md5_salt(int length)
{
  static char salt[21];
  if (length > 16)
  {
    printf("MD5 salt length too long\n");
    exit(0);
  }
  salt[0] = '$';
  salt[1] = '1';
  salt[2] = '$';
  generate_random_salt(&salt[3], length);
  salt[length+3] = '$';
  salt[length+4] = '\0';
  return salt;
}

char *make_bf_salt_para(int rounds, char *saltpara)
{
  static char salt[31];
  char tbuf[3];
  if (saltpara && (strlen(saltpara) <= 22))
  {
    /* sprintf used because of portability requirements, the length
    ** is checked above, so it should not be too much of a concern
    */
    sprintf(tbuf, "%02d", rounds);
    sprintf(salt, "$2a$%s$%s$", tbuf, saltpara);
    return salt;
  }
  printf("Invalid Salt, please use up to 22 random alphanumeric characters\n");
  exit(1);

  /* NOT REACHED */
  return NULL;
}

char *make_bf_salt(int rounds, int length)
{
  static char salt[31];
  char tbuf[3];
  if (length > 22)
  {
    printf("BlowFish salt length too long\n");
    exit(0);
  }
  sprintf(tbuf, "%02d", rounds);
  sprintf(salt, "$2a$%s$", tbuf);
  generate_random_salt(&salt[7], length);
  salt[length+7] = '$';
  salt[length+8] = '\0';
  return salt;
}

char *generate_poor_salt(char *salt, int length)
{
  int i;
  srandom(time(NULL));
  for(i = 0; i < length; i++)
  {
    salt[i] = saltChars[random() % 64];
  }
  return(salt);
}

char *generate_random_salt(char *salt, int length)
{
  char *buf;
  int fd, i;
  if((fd = open("/dev/random", O_RDONLY)) < 0)
  {
    return(generate_poor_salt(salt, length));	
  }
  buf = calloc(1, length);
  if(read(fd, buf, length) != length)
  {
    free(buf);
    return(generate_poor_salt(salt, length));
  }
	
  for(i = 0; i < length; i++)
  {
    salt[i] = saltChars[abs(buf[i]) % 64];
  }
  free(buf);
  return(salt);
}

void full_usage()
{
  printf("mkpasswd [-m|-d|-b|-e] [-l saltlength] [-r rounds] [-s salt] [-p plaintext]\n");
  printf("-m Generate an MD5 password\n");
  printf("-d Generate a DES password\n");
  printf("-b Generate a BlowFish password\n");
  printf("-e Generate an Extended DES password\n");
  printf("-l Specify a length for a random MD5 or BlowFish salt\n");
  printf("-r Specify a number of rounds for a BlowFish or Extended DES password\n");
  printf("   BlowFish:  default 4, no more than 6 recommended\n");
  printf("   Extended DES:  default 25\n");
  printf("-s Specify a salt, 2 alphanumeric characters for DES, up to 16 for MD5,\n");
  printf("   up to 22 for BlowFish, and 4 for Extended DES\n");
  printf("-p Specify a plaintext password to use\n");
  printf("Example: mkpasswd -m -s 3dr -p test\n");
  exit(0);
}

void brief_usage()
{
  printf("mkpasswd - password hash generator\n");
  printf("Standard DES:  mkpasswd [-d] [-s salt] [-p plaintext]\n");
  printf("Extended DES:  mkpasswd -e [-r rounds] [-s salt] [-p plaintext]\n");
  printf("         MD5:  mkpasswd -m [-l saltlength] [-s salt] [-p plaintext]\n");
  printf("    BlowFish:  mkpasswd -b [-r rounds] [-l saltlength] [-s salt]\n");
  printf("                           [-p plaintext]\n");
  printf("Use -h for full usage\n");
  exit(0);
}
Commit	Line	Data
212380e3	1	/* simple password generator by Nelson Minar (minar@reed.edu)
	2	** copyright 1991, all rights reserved.
	3	** You can use this code as long as my name stays with it.
	4	**
	5	** md5 patch by W. Campbell <wcampbel@botbay.net>
	6	** Modernization, getopt, etc for the Hybrid IRCD team
	7	** by W. Campbell
	8	**
	9	** /dev/random for salt generation added by
	10	** Aaron Sethman <androsyn@ratbox.org>
	11	**
	12	** $Id: mkpasswd.c 6 2005-09-10 01:02:21Z nenolod $
	13	*/
	14	#include <stdio.h>
	15	#include <string.h>
	16	#include <stdlib.h>
	17	#include <time.h>
	18	#include <unistd.h>
	19	#include <fcntl.h>
	20
	21	#define FLAG_MD5 0x00000001
	22	#define FLAG_DES 0x00000002
	23	#define FLAG_SALT 0x00000004
	24	#define FLAG_PASS 0x00000008
	25	#define FLAG_LENGTH 0x00000010
	26	#define FLAG_BLOWFISH 0x00000020
	27	#define FLAG_ROUNDS 0x00000040
	28	#define FLAG_EXT 0x00000080
	29
	30	extern char *getpass();
	31	extern char *crypt();
	32
	33	static char *make_des_salt(void);
	34	static char *make_ext_salt(int);
	35	static char make_ext_salt_para(int, char );
	36	static char *make_md5_salt(int);
	37	static char make_md5_salt_para(char );
	38	static char *make_bf_salt(int, int);
	39	static char make_bf_salt_para(int, char );
	40	static char *int_to_base64(int);
	41	static char generate_random_salt(char , int);
	42	static char generate_poor_salt(char , int);
	43
	44	static void full_usage(void);
	45	static void brief_usage(void);
	46
	47	static char saltChars[] =
	48	"./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz";
	49	/* 0 .. 63, ascii - 64 */
	50
	51	extern char *optarg;
	52
	53	int main(int argc, char *argv[])
	54	{
	55	char *plaintext = NULL;
	56	int c;
	57	char *saltpara = NULL;
	58	char *salt;
	59	int flag = 0;
	60	int length = 0; /* Not Set */
	61	int rounds = 0; /* Not set, since extended DES needs 25 and blowfish needs
	62	** 4 by default, a side effect of this being the encryption
	63	** type parameter must be specified before the rounds
	64	** parameter.
65	*/
66
67	while( (c=getopt(argc, argv, "mdber:h?l:s:p:")) != -1)
68	{
69	switch(c)
70	{
71	case 'm':
72	flag \|= FLAG_MD5;
73	break;
74	case 'd':
75	flag \|= FLAG_DES;
76	break;
77	case 'b':
78	flag \|= FLAG_BLOWFISH;
79	rounds = 4;
80	break;
81	case 'e':
82	flag \|= FLAG_EXT;
83	rounds = 25;
84	break;
85	case 'l':
86	flag \|= FLAG_LENGTH;
87	length = atoi(optarg);
88	break;
89	case 'r':
90	flag \|= FLAG_ROUNDS;
91	rounds = atoi(optarg);
92	break;
93	case 's':
94	flag \|= FLAG_SALT;
95	saltpara = optarg;
96	break;
97	case 'p':
98	flag \|= FLAG_PASS;
99	plaintext = optarg;
100	break;
101	case 'h':
102	full_usage();
103	/* NOT REACHED */
104	break;
105	case '?':
106	brief_usage();
107	/* NOT REACHED */
108	break;
109	default:
110	printf("Invalid Option: -%c\n", c);
111	break;
112	}
113	}
114
115	if (flag & FLAG_MD5)
116	{
117	if (length == 0)
118	length = 8;
119	if (flag & FLAG_SALT)
120	salt = make_md5_salt_para(saltpara);
121	else
122	salt = make_md5_salt(length);
123	}
124	else if (flag & FLAG_BLOWFISH)
125	{
126	if (length == 0)
127	length = 22;
128	if (flag & FLAG_SALT)
129	salt = make_bf_salt_para(rounds, saltpara);
130	else
131	salt = make_bf_salt(rounds, length);
132	}
133	else if (flag & FLAG_EXT)
134	{
135	/* XXX - rounds needs to be done */
136	if (flag & FLAG_SALT)
137	{
138	if ((strlen(saltpara) == 4))
139	{
140	salt = make_ext_salt_para(rounds, saltpara);
141	}
142	else
143	{
144	printf("Invalid salt, please enter 4 alphanumeric characters\n");
145	exit(1);
146	}
147	}
148	else
149	{
150	salt = make_ext_salt(rounds);
151	}
152	}
153	else
154	{
155	if (flag & FLAG_SALT)
156	{
157	if ((strlen(saltpara) == 2))
158	{
159	salt = saltpara;
160	}
161	else
162	{
163	printf("Invalid salt, please enter 2 alphanumeric characters\n");
164	exit(1);
165	}
166	}
167	else
168	{
169	salt = make_des_salt();
170	}
171	}
172
173	if (flag & FLAG_PASS)
174	{
175	if (!plaintext)
176	printf("Please enter a valid password\n");
177	}
178	else
179	{
180	plaintext = getpass("plaintext: ");
181	}
182
183	printf("%s\n", crypt(plaintext, salt));
184	return 0;
185	}
186
187	static char *make_des_salt()
188	{
189	static char salt[3];
190	generate_random_salt(salt, 2);
191	salt[2] = '\0';
192	return salt;
193	}
194
195	char *int_to_base64(int value)
196	{
197	static char buf[5];
198	int i;
199
200	for (i = 0; i < 4; i++)
201	{
202	buf[i] = saltChars[value & 63];
203	value >>= 6; /* Right shifting 6 places is the same as dividing by 64 */
204	}
205
206	buf[i] = '\0'; /* not REALLY needed as it's static, and thus initialized
207	** to \0.
208	*/
209	return buf;
210	}
211
212	char *make_ext_salt(int rounds)
213	{
214	static char salt[10];
215
216	sprintf(salt, "_%s", int_to_base64(rounds));
217	generate_random_salt(&salt[5], 4);
218	salt[9] = '\0';
219	return salt;
220	}
221
222	char make_ext_salt_para(int rounds, char saltpara)
223	{
224	static char salt[10];
225
226	sprintf(salt, "_%s%s", int_to_base64(rounds), saltpara);
227	return salt;
228	}
229
230	char make_md5_salt_para(char saltpara)
231	{
232	static char salt[21];
233	if (saltpara && (strlen(saltpara) <= 16))
234	{
235	/* sprintf used because of portability requirements, the length
236	** is checked above, so it should not be too much of a concern
237	*/
238	sprintf(salt, "$1$%s$", saltpara);
239	return salt;
240	}
241	printf("Invalid Salt, please use up to 16 random alphanumeric characters\n");
242	exit(1);
243
244	/* NOT REACHED */
245	return NULL;
246	}
247
248	char *make_md5_salt(int length)
249	{
250	static char salt[21];
251	if (length > 16)
252	{
253	printf("MD5 salt length too long\n");
254	exit(0);
255	}
256	salt[0] = '$';
257	salt[1] = '1';
258	salt[2] = '$';
259	generate_random_salt(&salt[3], length);
260	salt[length+3] = '$';
261	salt[length+4] = '\0';
262	return salt;
263	}
264
265	char make_bf_salt_para(int rounds, char saltpara)
266	{
267	static char salt[31];
268	char tbuf[3];
269	if (saltpara && (strlen(saltpara) <= 22))
270	{
271	/* sprintf used because of portability requirements, the length
272	** is checked above, so it should not be too much of a concern
273	*/
274	sprintf(tbuf, "%02d", rounds);
275	sprintf(salt, "$2a$%s$%s$", tbuf, saltpara);
276	return salt;
277	}
278	printf("Invalid Salt, please use up to 22 random alphanumeric characters\n");
279	exit(1);
280
281	/* NOT REACHED */
282	return NULL;
283	}
284
285	char *make_bf_salt(int rounds, int length)
286	{
287	static char salt[31];
288	char tbuf[3];
289	if (length > 22)
290	{
291	printf("BlowFish salt length too long\n");
292	exit(0);
293	}
294	sprintf(tbuf, "%02d", rounds);
295	sprintf(salt, "$2a$%s$", tbuf);
296	generate_random_salt(&salt[7], length);
297	salt[length+7] = '$';
298	salt[length+8] = '\0';
299	return salt;
300	}
301
302	char generate_poor_salt(char salt, int length)
303	{
304	int i;
305	srandom(time(NULL));
306	for(i = 0; i < length; i++)
307	{
308	salt[i] = saltChars[random() % 64];
309	}
310	return(salt);
311	}
312
313	char generate_random_salt(char salt, int length)
314	{
315	char *buf;
316	int fd, i;
317	if((fd = open("/dev/random", O_RDONLY)) < 0)
318	{
319	return(generate_poor_salt(salt, length));
320	}
321	buf = calloc(1, length);
322	if(read(fd, buf, length) != length)
323	{
324	free(buf);
325	return(generate_poor_salt(salt, length));
326	}
327
328	for(i = 0; i < length; i++)
329	{
330	salt[i] = saltChars[abs(buf[i]) % 64];
331	}
332	free(buf);
333	return(salt);
334	}
335
336	void full_usage()
337	{
338	printf("mkpasswd [-m\|-d\|-b\|-e] [-l saltlength] [-r rounds] [-s salt] [-p plaintext]\n");
339	printf("-m Generate an MD5 password\n");
340	printf("-d Generate a DES password\n");
341	printf("-b Generate a BlowFish password\n");
342	printf("-e Generate an Extended DES password\n");
343	printf("-l Specify a length for a random MD5 or BlowFish salt\n");
344	printf("-r Specify a number of rounds for a BlowFish or Extended DES password\n");
345	printf(" BlowFish: default 4, no more than 6 recommended\n");
346	printf(" Extended DES: default 25\n");
347	printf("-s Specify a salt, 2 alphanumeric characters for DES, up to 16 for MD5,\n");
348	printf(" up to 22 for BlowFish, and 4 for Extended DES\n");
349	printf("-p Specify a plaintext password to use\n");
350	printf("Example: mkpasswd -m -s 3dr -p test\n");
351	exit(0);
352	}
353
354	void brief_usage()
355	{
356	printf("mkpasswd - password hash generator\n");
357	printf("Standard DES: mkpasswd [-d] [-s salt] [-p plaintext]\n");
358	printf("Extended DES: mkpasswd -e [-r rounds] [-s salt] [-p plaintext]\n");
359	printf(" MD5: mkpasswd -m [-l saltlength] [-s salt] [-p plaintext]\n");
360	printf(" BlowFish: mkpasswd -b [-r rounds] [-l saltlength] [-s salt]\n");
361	printf(" [-p plaintext]\n");
362	printf("Use -h for full usage\n");
363	exit(0);
364	}