[asterisk-commits] dlee: trunk r393675 - in /trunk/main: Makefile crypt.c utils.c
SVN commits to the Asterisk project
asterisk-commits at lists.digium.com
Thu Jul 4 08:06:18 CDT 2013
Author: dlee
Date: Thu Jul 4 08:06:15 2013
New Revision: 393675
URL: http://svnview.digium.com/svn/asterisk?view=rev&rev=393675
Log:
Fix utils directory breakage.
Added:
trunk/main/crypt.c (with props)
Modified:
trunk/main/Makefile
trunk/main/utils.c
Modified: trunk/main/Makefile
URL: http://svnview.digium.com/svn/asterisk/trunk/main/Makefile?view=diff&rev=393675&r1=393674&r2=393675
==============================================================================
--- trunk/main/Makefile (original)
+++ trunk/main/Makefile Thu Jul 4 08:06:15 2013
@@ -154,7 +154,7 @@
asterisk.o: _ASTCFLAGS+=$(LIBEDIT_INCLUDE)
cli.o: _ASTCFLAGS+=$(LIBEDIT_INCLUDE)
json.o: _ASTCFLAGS+=$(JANSSON_INCLUDE)
-util.o: _ASTCFLAGS+=$(CRYPT_INCLUDE)
+crypt.o: _ASTCFLAGS+=$(CRYPT_INCLUDE)
uuid.o: _ASTCFLAGS+=$(UUID_INCLUDE)
ifneq ($(findstring ENABLE_UPLOADS,$(MENUSELECT_CFLAGS)),)
Added: trunk/main/crypt.c
URL: http://svnview.digium.com/svn/asterisk/trunk/main/crypt.c?view=auto&rev=393675
==============================================================================
--- trunk/main/crypt.c (added)
+++ trunk/main/crypt.c Thu Jul 4 08:06:15 2013
@@ -1,0 +1,202 @@
+/*
+ * Asterisk -- An open source telephony toolkit.
+ *
+ * Copyright (C) 2012 - 2013, Digium, Inc.
+ *
+ * David M. Lee, II <dlee at digium.com>
+ *
+ * See http://www.asterisk.org for more information about
+ * the Asterisk project. Please do not directly contact
+ * any of the maintainers of this project for assistance;
+ * the project provides a web site, mailing lists and IRC
+ * channels for your use.
+ *
+ * This program is free software, distributed under the terms of
+ * the GNU General Public License Version 2. See the LICENSE file
+ * at the top of the source tree.
+ */
+
+/*! \file
+ *
+ * \brief Asterisk wrapper for crypt(3)
+ * \author David M. Lee, II <dlee at digium.com>
+ */
+
+/*** MODULEINFO
+ <support_level>core</support_level>
+ ***/
+
+#include "asterisk.h"
+
+ASTERISK_FILE_VERSION(__FILE__, "$Revision$")
+
+#include <unistd.h>
+#if defined(HAVE_CRYPT_R)
+#include <crypt.h>
+#endif
+
+#include "asterisk/utils.h"
+
+/*!
+ * \brief Max length of a salt string.
+ *
+ * $[1,5,6]$[aâzAâZ0â9./]{1,16}$, plus null terminator
+ */
+#define MAX_SALT_LEN 21
+
+static char salt_chars[] =
+ "abcdefghijklmnopqrstuvwxyz"
+ "ABCDEFGHIJKLMNOPQRSTUVWXYZ"
+ "0123456789"
+ "./";
+
+/*! Randomly select a character for a salt string */
+static char gen_salt_char(void)
+{
+ int which = ast_random_double() * 64;
+ return salt_chars[which];
+}
+
+/*!
+ * \brief Generates a salt to try with crypt.
+ *
+ * If given an empty string, will generate a salt for the most secure algorithm
+ * to try with crypt(). If given a previously generated salt, the algorithm will
+ * be lowered by one level of security.
+ *
+ * \param[out] current_salt Output string in which to generate the salt.
+ * This can be an empty string, or the results of a
+ * prior gen_salt call.
+ * \param max_len Length of \a current_salt.
+ * \return 0 on success.
+ * \return Non-zero on error.
+ */
+static int gen_salt(char *current_salt, size_t maxlen)
+{
+ int i;
+
+ if (maxlen < MAX_SALT_LEN || current_salt == NULL) {
+ return -1;
+ }
+
+ switch (current_salt[0]) {
+ case '\0':
+ /* Initial generation; $6$ = SHA-512 */
+ *current_salt++ = '$';
+ *current_salt++ = '6';
+ *current_salt++ = '$';
+ for (i = 0; i < 16; ++i) {
+ *current_salt++ = gen_salt_char();
+ }
+ *current_salt++ = '$';
+ *current_salt++ = '\0';
+ return 0;
+ case '$':
+ switch (current_salt[1]) {
+ case '6':
+ /* Downgrade to SHA-256 */
+ current_salt[1] = '5';
+ return 0;
+ case '5':
+ /* Downgrade to MD5 */
+ current_salt[1] = '1';
+ return 0;
+ case '1':
+ /* Downgrade to traditional crypt */
+ *current_salt++ = gen_salt_char();
+ *current_salt++ = gen_salt_char();
+ *current_salt++ = '\0';
+ return 0;
+ default:
+ /* Unrecognized algorithm */
+ return -1;
+ }
+ default:
+ /* Was already as insecure as it gets */
+ return -1;
+ }
+
+}
+
+#if defined(HAVE_CRYPT_R)
+
+char *ast_crypt(const char *key, const char *salt)
+{
+ struct crypt_data data = {};
+ const char *crypted = crypt_r(key, salt, &data);
+
+ /* Crypt may return success even if it doesn't recognize the salt. But
+ * in those cases it always mangles the salt in some way.
+ */
+ if (!crypted || !ast_begins_with(crypted, salt)) {
+ return NULL;
+ }
+
+ return ast_strdup(crypted);
+}
+
+int ast_crypt_validate(const char *key, const char *expected)
+{
+ struct crypt_data data = {};
+ return strcmp(expected, crypt_r(key, expected, &data)) == 0;
+}
+
+#elif defined(HAVE_CRYPT)
+
+/* crypt is not reentrant. A global mutex is neither ideal nor perfect, but good
+ * enough if crypt_r support is unavailable
+ */
+AST_MUTEX_DEFINE_STATIC(crypt_mutex);
+
+char *ast_crypt(const char *key, const char *salt)
+{
+ const char *crypted;
+ SCOPED_MUTEX(lock, &crypt_mutex);
+
+ crypted = crypt(key, salt);
+
+ /* Crypt may return success even if it doesn't recognize the salt. But
+ * in those cases it always mangles the salt in some way.
+ */
+ if (!crypted || !ast_begins_with(crypted, salt)) {
+ return NULL;
+ }
+
+ return ast_strdup(crypted);
+}
+
+int ast_crypt_validate(const char *key, const char *expected)
+{
+ SCOPED_MUTEX(lock, &crypt_mutex);
+ return strcmp(expected, crypt(key, expected)) == 0;
+}
+
+#else /* No crypt support */
+
+char *ast_crypt(const char *key, const char *salt)
+{
+ ast_log(LOG_WARNING,
+ "crypt() support not available; cannot encrypt password\n");
+ return NULL;
+}
+
+int ast_crypt_validate(const char *key, const char *expected)
+{
+ ast_log(LOG_WARNING,
+ "crypt() support not available; cannot validate password\n");
+ return 0;
+}
+
+#endif /* No crypt support */
+
+char *ast_crypt_encrypt(const char *key)
+{
+ char salt[MAX_SALT_LEN] = {};
+ while (gen_salt(salt, sizeof(salt)) == 0) {
+ char *crypted = ast_crypt(key, salt);
+ if (crypted) {
+ return crypted;
+ }
+ }
+ return NULL;
+}
Propchange: trunk/main/crypt.c
------------------------------------------------------------------------------
svn:eol-style = native
Propchange: trunk/main/crypt.c
------------------------------------------------------------------------------
svn:keywords = Author Date Id Revision
Propchange: trunk/main/crypt.c
------------------------------------------------------------------------------
svn:mime-type = text/plain
Modified: trunk/main/utils.c
URL: http://svnview.digium.com/svn/asterisk/trunk/main/utils.c?view=diff&rev=393675&r1=393674&r2=393675
==============================================================================
--- trunk/main/utils.c (original)
+++ trunk/main/utils.c Thu Jul 4 08:06:15 2013
@@ -37,9 +37,6 @@
#include <sys/stat.h>
#include <sys/syscall.h>
#include <unistd.h>
-#if defined(HAVE_CRYPT_R)
-#include <crypt.h>
-#endif
#if defined(__APPLE__)
#include <mach/mach.h>
#elif defined(HAVE_SYS_THR_H)
@@ -2367,171 +2364,6 @@
return ret;
}
-/*!
- * \brief Max length of a salt string.
- *
- * $[1,5,6]$[aâzAâZ0â9./]{1,16}$, plus null terminator
- */
-#define MAX_SALT_LEN 21
-
-static char salt_chars[] =
- "abcdefghijklmnopqrstuvwxyz"
- "ABCDEFGHIJKLMNOPQRSTUVWXYZ"
- "0123456789"
- "./";
-
-/*! Randomly select a character for a salt string */
-static char gen_salt_char(void)
-{
- int which = ast_random_double() * 64;
- return salt_chars[which];
-}
-
-/*!
- * \brief Generates a salt to try with crypt.
- *
- * If given an empty string, will generate a salt for the most secure algorithm
- * to try with crypt(). If given a previously generated salt, the algorithm will
- * be lowered by one level of security.
- *
- * \param[out] current_salt Output string in which to generate the salt.
- * This can be an empty string, or the results of a
- * prior gen_salt call.
- * \param max_len Length of \a current_salt.
- * \return 0 on success.
- * \return Non-zero on error.
- */
-static int gen_salt(char *current_salt, size_t maxlen)
-{
- int i;
-
- if (maxlen < MAX_SALT_LEN || current_salt == NULL) {
- return -1;
- }
-
- switch (current_salt[0]) {
- case '\0':
- /* Initial generation; $6$ = SHA-512 */
- *current_salt++ = '$';
- *current_salt++ = '6';
- *current_salt++ = '$';
- for (i = 0; i < 16; ++i) {
- *current_salt++ = gen_salt_char();
- }
- *current_salt++ = '$';
- *current_salt++ = '\0';
- return 0;
- case '$':
- switch (current_salt[1]) {
- case '6':
- /* Downgrade to SHA-256 */
- current_salt[1] = '5';
- return 0;
- case '5':
- /* Downgrade to MD5 */
- current_salt[1] = '1';
- return 0;
- case '1':
- /* Downgrade to traditional crypt */
- *current_salt++ = gen_salt_char();
- *current_salt++ = gen_salt_char();
- *current_salt++ = '\0';
- return 0;
- default:
- /* Unrecognized algorithm */
- return -1;
- }
- default:
- /* Was already as insecure as it gets */
- return -1;
- }
-
-}
-
-#if defined(HAVE_CRYPT_R)
-
-char *ast_crypt(const char *key, const char *salt)
-{
- struct crypt_data data = {};
- const char *crypted = crypt_r(key, salt, &data);
-
- /* Crypt may return success even if it doesn't recognize the salt. But
- * in those cases it always mangles the salt in some way.
- */
- if (!crypted || !ast_begins_with(crypted, salt)) {
- return NULL;
- }
-
- return ast_strdup(crypted);
-}
-
-int ast_crypt_validate(const char *key, const char *expected)
-{
- struct crypt_data data = {};
- return strcmp(expected, crypt_r(key, expected, &data)) == 0;
-}
-
-#elif defined(HAVE_CRYPT)
-
-/* crypt is not reentrant. A global mutex is neither ideal nor perfect, but good
- * enough if crypt_r support is unavailable
- */
-AST_MUTEX_DEFINE_STATIC(crypt_mutex);
-
-char *ast_crypt(const char *key, const char *salt)
-{
- const char *crypted;
- SCOPED_MUTEX(lock, &crypt_mutex);
-
- crypted = crypt(key, salt);
-
- /* Crypt may return success even if it doesn't recognize the salt. But
- * in those cases it always mangles the salt in some way.
- */
- if (!crypted || !ast_begins_with(crypted, salt)) {
- return NULL;
- }
-
- return ast_strdup(crypted);
-}
-
-int ast_crypt_validate(const char *key, const char *expected)
-{
- SCOPED_MUTEX(lock, &crypt_mutex);
- return strcmp(expected, crypt(key, expected)) == 0;
-}
-
-#else /* No crypt support */
-
-char *ast_crypt(const char *key, const char *salt)
-{
- ast_log(LOG_WARNING,
- "crypt() support not available; cannot encrypt password\n");
- return NULL;
-}
-
-int ast_crypt_validate(const char *key, const char *expected)
-{
- ast_log(LOG_WARNING,
- "crypt() support not available; cannot validate password\n");
- return 0;
-}
-
-#endif /* No crypt support */
-
-char *ast_crypt_encrypt(const char *key)
-{
- char salt[MAX_SALT_LEN] = {};
- while (gen_salt(salt, sizeof(salt)) == 0) {
- char *crypted = ast_crypt(key, salt);
- if (crypted) {
- return crypted;
- }
- }
- return NULL;
-}
-
-
char *ast_utils_which(const char *binary, char *fullpath, size_t fullpath_size)
{
const char *envPATH = getenv("PATH");
More information about the asterisk-commits
mailing list