*
* Licensed under GPLv2, see file LICENSE in this source tree.
*/
+//config:config CRYPTPW
+//config: bool "cryptpw (14 kb)"
+//config: default y
+//config: help
+//config: Encrypts the given password with the crypt(3) libc function
+//config: using the given salt.
+//config:
+//config:config MKPASSWD
+//config: bool "mkpasswd (15 kb)"
+//config: default y
+//config: help
+//config: Encrypts the given password with the crypt(3) libc function
+//config: using the given salt. Debian has this utility under mkpasswd
+//config: name. Busybox provides mkpasswd as an alias for cryptpw.
+
+//applet:IF_CRYPTPW( APPLET_NOEXEC(cryptpw, cryptpw, BB_DIR_USR_BIN, BB_SUID_DROP, cryptpw))
+// APPLET_NOEXEC:name main location suid_type help
+//applet:IF_MKPASSWD(APPLET_NOEXEC(mkpasswd, cryptpw, BB_DIR_USR_BIN, BB_SUID_DROP, cryptpw))
+
+//kbuild:lib-$(CONFIG_CRYPTPW) += cryptpw.o
+//kbuild:lib-$(CONFIG_MKPASSWD) += cryptpw.o
//usage:#define cryptpw_trivial_usage
//usage: "[OPTIONS] [PASSWORD] [SALT]"
/* We do support -s, we just don't mention it */
//usage:#define cryptpw_full_usage "\n\n"
-//usage: "Crypt the PASSWORD using crypt(3)\n"
-//usage: "\nOptions:"
+//usage: "Print crypt(3) hashed PASSWORD\n"
//usage: IF_LONG_OPTS(
-//usage: "\n -P,--password-fd=N Read password from fd N"
+//usage: "\n -P,--password-fd N Read password from fd N"
/* //usage: "\n -s,--stdin Use stdin; like -P0" */
-//usage: "\n -m,--method=TYPE Encryption method TYPE"
-//usage: "\n -S,--salt=SALT"
+//usage: "\n -m,--method TYPE "CRYPT_METHODS_HELP_STR
+//usage: "\n -S,--salt SALT"
//usage: )
//usage: IF_NOT_LONG_OPTS(
//usage: "\n -P N Read password from fd N"
/* //usage: "\n -s Use stdin; like -P0" */
-//usage: "\n -m TYPE Encryption method TYPE"
-//usage: "\n -S SALT"
-//usage: )
-
-/* mkpasswd is an alias to cryptpw */
-//usage:#define mkpasswd_trivial_usage
-//usage: "[OPTIONS] [PASSWORD] [SALT]"
-/* We do support -s, we just don't mention it */
-//usage:#define mkpasswd_full_usage "\n\n"
-//usage: "Crypt the PASSWORD using crypt(3)\n"
-//usage: "\nOptions:"
-//usage: IF_LONG_OPTS(
-//usage: "\n -P,--password-fd=N Read password from fd N"
-/* //usage: "\n -s,--stdin Use stdin; like -P0" */
-//usage: "\n -m,--method=TYPE Encryption method TYPE"
-//usage: "\n -S,--salt=SALT"
-//usage: )
-//usage: IF_NOT_LONG_OPTS(
-//usage: "\n -P N Read password from fd N"
-/* //usage: "\n -s Use stdin; like -P0" */
-//usage: "\n -m TYPE Encryption method TYPE"
+//usage: "\n -m TYPE "CRYPT_METHODS_HELP_STR
//usage: "\n -S SALT"
//usage: )
$1$.
-R, --rounds=NUMBER
Use NUMBER rounds. This argument is ignored if the method
- choosen does not support variable rounds. For the OpenBSD Blowfish
+ chosen does not support variable rounds. For the OpenBSD Blowfish
method this is the logarithm of the number of rounds.
-m, --method=TYPE
Compute the password using the TYPE method. If TYPE is 'help'
int cryptpw_main(int argc, char **argv) MAIN_EXTERNALLY_VISIBLE;
int cryptpw_main(int argc UNUSED_PARAM, char **argv)
{
- /* $N$ + sha_salt_16_bytes + NUL */
- char salt[3 + 16 + 1];
+ /* Supports: cryptpw -m sha256 PASS 'rounds=999999999$SALT' */
+ char salt[MAX_PW_SALT_LEN + sizeof("rounds=999999999$")];
char *salt_ptr;
+ char *password;
const char *opt_m, *opt_S;
- int len;
int fd;
#if ENABLE_LONG_OPTS
"salt\0" Required_argument "S"
"method\0" Required_argument "m"
;
- applet_long_options = mkpasswd_longopts;
#endif
fd = STDIN_FILENO;
- opt_m = "d";
+ opt_m = CONFIG_FEATURE_DEFAULT_PASSWD_ALGO;
opt_S = NULL;
/* at most two non-option arguments; -P NUM */
- opt_complementary = "?2:P+";
- getopt32(argv, "sP:S:m:a:", &fd, &opt_S, &opt_m, &opt_m);
+ getopt32long(argv, "^" "sP:+S:m:a:" "\0" "?2",
+ mkpasswd_longopts,
+ &fd, &opt_S, &opt_m, &opt_m
+ );
argv += optind;
/* have no idea how to handle -s... */
if (argv[0] && !opt_S)
opt_S = argv[1];
- len = 2/2;
- salt_ptr = salt;
- if (opt_m[0] != 'd') { /* not des */
- len = 8/2; /* so far assuming md5 */
- *salt_ptr++ = '$';
- *salt_ptr++ = '1';
- *salt_ptr++ = '$';
-#if !ENABLE_USE_BB_CRYPT || ENABLE_USE_BB_CRYPT_SHA
- if (opt_m[0] == 's') { /* sha */
- salt[1] = '5' + (strcmp(opt_m, "sha512") == 0);
- len = 16/2;
- }
-#endif
- }
+ salt_ptr = crypt_make_pw_salt(salt, opt_m);
if (opt_S)
- safe_strncpy(salt_ptr, opt_S, sizeof(salt) - 3);
- else
- crypt_make_salt(salt_ptr, len, 0);
+ /* put user's data after the "$N$" prefix */
+ safe_strncpy(salt_ptr, opt_S, sizeof(salt) - (sizeof("$N$")-1));
xmove_fd(fd, STDIN_FILENO);
- puts(pw_encrypt(
- argv[0] ? argv[0] : (
- /* Only mkpasswd, and only from tty, prompts.
- * Otherwise it is a plain read. */
- (isatty(STDIN_FILENO) && applet_name[0] == 'm')
+ password = argv[0];
+ if (!password) {
+ /* Only mkpasswd, and only from tty, prompts.
+ * Otherwise it is a plain read. */
+ password = (ENABLE_MKPASSWD && isatty(STDIN_FILENO) && applet_name[0] == 'm')
? bb_ask_stdin("Password: ")
: xmalloc_fgetline(stdin)
- ),
- salt, 1));
+ ;
+ /* may still be NULL on EOF/error */
+ }
+
+ if (password)
+ puts(pw_encrypt(password, salt, 1));
return EXIT_SUCCESS;
}