]> git.ipfire.org Git - thirdparty/systemd.git/blob - src/basic/user-util.c
projects / thirdparty / systemd.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
shared/user-util: emit a warning on names with dots
[thirdparty/systemd.git] / src / basic / user-util.c
1 /* SPDX-License-Identifier: LGPL-2.1+ */
2
3 #include <alloca.h>
4 #include <errno.h>
5 #include <fcntl.h>
6 #include <grp.h>
7 #include <pwd.h>
8 #include <stddef.h>
9 #include <stdint.h>
10 #include <stdio.h>
11 #include <stdlib.h>
12 #include <string.h>
13 #include <sys/stat.h>
14 #include <unistd.h>
15 #include <utmp.h>
16
17 #include "alloc-util.h"
18 #include "errno-util.h"
19 #include "fd-util.h"
20 #include "fileio.h"
21 #include "format-util.h"
22 #include "macro.h"
23 #include "missing.h"
24 #include "parse-util.h"
25 #include "path-util.h"
26 #include "random-util.h"
27 #include "string-util.h"
28 #include "strv.h"
29 #include "user-util.h"
30 #include "utf8.h"
31
32 bool uid_is_valid(uid_t uid) {
33
34 /* Also see POSIX IEEE Std 1003.1-2008, 2016 Edition, 3.436. */
35
36 /* Some libc APIs use UID_INVALID as special placeholder */
37 if (uid == (uid_t) UINT32_C(0xFFFFFFFF))
38 return false;
39
40 /* A long time ago UIDs where 16bit, hence explicitly avoid the 16bit -1 too */
41 if (uid == (uid_t) UINT32_C(0xFFFF))
42 return false;
43
44 return true;
45 }
46
47 int parse_uid(const char *s, uid_t *ret) {
48 uint32_t uid = 0;
49 int r;
50
51 assert(s);
52
53 assert_cc(sizeof(uid_t) == sizeof(uint32_t));
54 r = safe_atou32(s, &uid);
55 if (r < 0)
56 return r;
57
58 if (!uid_is_valid(uid))
59 return -ENXIO; /* we return ENXIO instead of EINVAL
60 * here, to make it easy to distinguish
61 * invalid numeric uids from invalid
62 * strings. */
63
64 if (ret)
65 *ret = uid;
66
67 return 0;
68 }
69
70 char* getlogname_malloc(void) {
71 uid_t uid;
72 struct stat st;
73
74 if (isatty(STDIN_FILENO) && fstat(STDIN_FILENO, &st) >= 0)
75 uid = st.st_uid;
76 else
77 uid = getuid();
78
79 return uid_to_name(uid);
80 }
81
82 char *getusername_malloc(void) {
83 const char *e;
84
85 e = secure_getenv("USER");
86 if (e)
87 return strdup(e);
88
89 return uid_to_name(getuid());
90 }
91
92 static bool is_nologin_shell(const char *shell) {
93
94 return PATH_IN_SET(shell,
95 /* 'nologin' is the friendliest way to disable logins for a user account. It prints a nice
96 * message and exits. Different distributions place the binary at different places though,
97 * hence let's list them all. */
98 "/bin/nologin",
99 "/sbin/nologin",
100 "/usr/bin/nologin",
101 "/usr/sbin/nologin",
102 /* 'true' and 'false' work too for the same purpose, but are less friendly as they don't do
103 * any message printing. Different distributions place the binary at various places but at
104 * least not in the 'sbin' directory. */
105 "/bin/false",
106 "/usr/bin/false",
107 "/bin/true",
108 "/usr/bin/true");
109 }
110
111 static int synthesize_user_creds(
112 const char **username,
113 uid_t *uid, gid_t *gid,
114 const char **home,
115 const char **shell,
116 UserCredsFlags flags) {
117
118 /* We enforce some special rules for uid=0 and uid=65534: in order to avoid NSS lookups for root we hardcode
119 * their user record data. */
120
121 if (STR_IN_SET(*username, "root", "0")) {
122 *username = "root";
123
124 if (uid)
125 *uid = 0;
126 if (gid)
127 *gid = 0;
128
129 if (home)
130 *home = "/root";
131
132 if (shell)
133 *shell = "/bin/sh";
134
135 return 0;
136 }
137
138 if (synthesize_nobody() &&
139 STR_IN_SET(*username, NOBODY_USER_NAME, "65534")) {
140 *username = NOBODY_USER_NAME;
141
142 if (uid)
143 *uid = UID_NOBODY;
144 if (gid)
145 *gid = GID_NOBODY;
146
147 if (home)
148 *home = FLAGS_SET(flags, USER_CREDS_CLEAN) ? NULL : "/";
149
150 if (shell)
151 *shell = FLAGS_SET(flags, USER_CREDS_CLEAN) ? NULL : NOLOGIN;
152
153 return 0;
154 }
155
156 return -ENOMEDIUM;
157 }
158
159 int get_user_creds(
160 const char **username,
161 uid_t *uid, gid_t *gid,
162 const char **home,
163 const char **shell,
164 UserCredsFlags flags) {
165
166 uid_t u = UID_INVALID;
167 struct passwd *p;
168 int r;
169
170 assert(username);
171 assert(*username);
172
173 if (!FLAGS_SET(flags, USER_CREDS_PREFER_NSS) ||
174 (!home && !shell)) {
175
176 /* So here's the deal: normally, we'll try to synthesize all records we can synthesize, and override
177 * the user database with that. However, if the user specifies USER_CREDS_PREFER_NSS then the
178 * user database will override the synthetic records instead — except if the user is only interested in
179 * the UID and/or GID (but not the home directory, or the shell), in which case we'll always override
180 * the user database (i.e. the USER_CREDS_PREFER_NSS flag has no effect in this case). Why?
181 * Simply because there are valid usecase where the user might change the home directory or the shell
182 * of the relevant users, but changing the UID/GID mappings for them is something we explicitly don't
183 * support. */
184
185 r = synthesize_user_creds(username, uid, gid, home, shell, flags);
186 if (r >= 0)
187 return 0;
188 if (r != -ENOMEDIUM) /* not a username we can synthesize */
189 return r;
190 }
191
192 if (parse_uid(*username, &u) >= 0) {
193 errno = 0;
194 p = getpwuid(u);
195
196 /* If there are multiple users with the same id, make sure to leave $USER to the configured value
197 * instead of the first occurrence in the database. However if the uid was configured by a numeric uid,
198 * then let's pick the real username from /etc/passwd. */
199 if (p)
200 *username = p->pw_name;
201 else if (FLAGS_SET(flags, USER_CREDS_ALLOW_MISSING) && !gid && !home && !shell) {
202
203 /* If the specified user is a numeric UID and it isn't in the user database, and the caller
204 * passed USER_CREDS_ALLOW_MISSING and was only interested in the UID, then juts return that
205 * and don't complain. */
206
207 if (uid)
208 *uid = u;
209
210 return 0;
211 }
212 } else {
213 errno = 0;
214 p = getpwnam(*username);
215 }
216 if (!p) {
217 r = errno_or_else(ESRCH);
218
219 /* If the user requested that we only synthesize as fallback, do so now */
220 if (FLAGS_SET(flags, USER_CREDS_PREFER_NSS)) {
221 if (synthesize_user_creds(username, uid, gid, home, shell, flags) >= 0)
222 return 0;
223 }
224
225 return r;
226 }
227
228 if (uid) {
229 if (!uid_is_valid(p->pw_uid))
230 return -EBADMSG;
231
232 *uid = p->pw_uid;
233 }
234
235 if (gid) {
236 if (!gid_is_valid(p->pw_gid))
237 return -EBADMSG;
238
239 *gid = p->pw_gid;
240 }
241
242 if (home) {
243 if (FLAGS_SET(flags, USER_CREDS_CLEAN) &&
244 (empty_or_root(p->pw_dir) ||
245 !path_is_valid(p->pw_dir) ||
246 !path_is_absolute(p->pw_dir)))
247 *home = NULL; /* Note: we don't insist on normalized paths, since there are setups that have /./ in the path */
248 else
249 *home = p->pw_dir;
250 }
251
252 if (shell) {
253 if (FLAGS_SET(flags, USER_CREDS_CLEAN) &&
254 (isempty(p->pw_shell) ||
255 !path_is_valid(p->pw_dir) ||
256 !path_is_absolute(p->pw_shell) ||
257 is_nologin_shell(p->pw_shell)))
258 *shell = NULL;
259 else
260 *shell = p->pw_shell;
261 }
262
263 return 0;
264 }
265
266 int get_group_creds(const char **groupname, gid_t *gid, UserCredsFlags flags) {
267 struct group *g;
268 gid_t id;
269
270 assert(groupname);
271
272 /* We enforce some special rules for gid=0: in order to avoid NSS lookups for root we hardcode its data. */
273
274 if (STR_IN_SET(*groupname, "root", "0")) {
275 *groupname = "root";
276
277 if (gid)
278 *gid = 0;
279
280 return 0;
281 }
282
283 if (synthesize_nobody() &&
284 STR_IN_SET(*groupname, NOBODY_GROUP_NAME, "65534")) {
285 *groupname = NOBODY_GROUP_NAME;
286
287 if (gid)
288 *gid = GID_NOBODY;
289
290 return 0;
291 }
292
293 if (parse_gid(*groupname, &id) >= 0) {
294 errno = 0;
295 g = getgrgid(id);
296
297 if (g)
298 *groupname = g->gr_name;
299 else if (FLAGS_SET(flags, USER_CREDS_ALLOW_MISSING)) {
300 if (gid)
301 *gid = id;
302
303 return 0;
304 }
305 } else {
306 errno = 0;
307 g = getgrnam(*groupname);
308 }
309
310 if (!g)
311 return errno_or_else(ESRCH);
312
313 if (gid) {
314 if (!gid_is_valid(g->gr_gid))
315 return -EBADMSG;
316
317 *gid = g->gr_gid;
318 }
319
320 return 0;
321 }
322
323 char* uid_to_name(uid_t uid) {
324 char *ret;
325 int r;
326
327 /* Shortcut things to avoid NSS lookups */
328 if (uid == 0)
329 return strdup("root");
330 if (synthesize_nobody() &&
331 uid == UID_NOBODY)
332 return strdup(NOBODY_USER_NAME);
333
334 if (uid_is_valid(uid)) {
335 long bufsize;
336
337 bufsize = sysconf(_SC_GETPW_R_SIZE_MAX);
338 if (bufsize <= 0)
339 bufsize = 4096;
340
341 for (;;) {
342 struct passwd pwbuf, *pw = NULL;
343 _cleanup_free_ char *buf = NULL;
344
345 buf = malloc(bufsize);
346 if (!buf)
347 return NULL;
348
349 r = getpwuid_r(uid, &pwbuf, buf, (size_t) bufsize, &pw);
350 if (r == 0 && pw)
351 return strdup(pw->pw_name);
352 if (r != ERANGE)
353 break;
354
355 if (bufsize > LONG_MAX/2) /* overflow check */
356 return NULL;
357
358 bufsize *= 2;
359 }
360 }
361
362 if (asprintf(&ret, UID_FMT, uid) < 0)
363 return NULL;
364
365 return ret;
366 }
367
368 char* gid_to_name(gid_t gid) {
369 char *ret;
370 int r;
371
372 if (gid == 0)
373 return strdup("root");
374 if (synthesize_nobody() &&
375 gid == GID_NOBODY)
376 return strdup(NOBODY_GROUP_NAME);
377
378 if (gid_is_valid(gid)) {
379 long bufsize;
380
381 bufsize = sysconf(_SC_GETGR_R_SIZE_MAX);
382 if (bufsize <= 0)
383 bufsize = 4096;
384
385 for (;;) {
386 struct group grbuf, *gr = NULL;
387 _cleanup_free_ char *buf = NULL;
388
389 buf = malloc(bufsize);
390 if (!buf)
391 return NULL;
392
393 r = getgrgid_r(gid, &grbuf, buf, (size_t) bufsize, &gr);
394 if (r == 0 && gr)
395 return strdup(gr->gr_name);
396 if (r != ERANGE)
397 break;
398
399 if (bufsize > LONG_MAX/2) /* overflow check */
400 return NULL;
401
402 bufsize *= 2;
403 }
404 }
405
406 if (asprintf(&ret, GID_FMT, gid) < 0)
407 return NULL;
408
409 return ret;
410 }
411
412 int in_gid(gid_t gid) {
413 long ngroups_max;
414 gid_t *gids;
415 int r, i;
416
417 if (getgid() == gid)
418 return 1;
419
420 if (getegid() == gid)
421 return 1;
422
423 if (!gid_is_valid(gid))
424 return -EINVAL;
425
426 ngroups_max = sysconf(_SC_NGROUPS_MAX);
427 assert(ngroups_max > 0);
428
429 gids = newa(gid_t, ngroups_max);
430
431 r = getgroups(ngroups_max, gids);
432 if (r < 0)
433 return -errno;
434
435 for (i = 0; i < r; i++)
436 if (gids[i] == gid)
437 return 1;
438
439 return 0;
440 }
441
442 int in_group(const char *name) {
443 int r;
444 gid_t gid;
445
446 r = get_group_creds(&name, &gid, 0);
447 if (r < 0)
448 return r;
449
450 return in_gid(gid);
451 }
452
453 int get_home_dir(char **_h) {
454 struct passwd *p;
455 const char *e;
456 char *h;
457 uid_t u;
458
459 assert(_h);
460
461 /* Take the user specified one */
462 e = secure_getenv("HOME");
463 if (e && path_is_valid(e) && path_is_absolute(e)) {
464 h = strdup(e);
465 if (!h)
466 return -ENOMEM;
467
468 *_h = path_simplify(h, true);
469 return 0;
470 }
471
472 /* Hardcode home directory for root and nobody to avoid NSS */
473 u = getuid();
474 if (u == 0) {
475 h = strdup("/root");
476 if (!h)
477 return -ENOMEM;
478
479 *_h = h;
480 return 0;
481 }
482 if (synthesize_nobody() &&
483 u == UID_NOBODY) {
484 h = strdup("/");
485 if (!h)
486 return -ENOMEM;
487
488 *_h = h;
489 return 0;
490 }
491
492 /* Check the database... */
493 errno = 0;
494 p = getpwuid(u);
495 if (!p)
496 return errno_or_else(ESRCH);
497
498 if (!path_is_valid(p->pw_dir) ||
499 !path_is_absolute(p->pw_dir))
500 return -EINVAL;
501
502 h = strdup(p->pw_dir);
503 if (!h)
504 return -ENOMEM;
505
506 *_h = path_simplify(h, true);
507 return 0;
508 }
509
510 int get_shell(char **_s) {
511 struct passwd *p;
512 const char *e;
513 char *s;
514 uid_t u;
515
516 assert(_s);
517
518 /* Take the user specified one */
519 e = secure_getenv("SHELL");
520 if (e && path_is_valid(e) && path_is_absolute(e)) {
521 s = strdup(e);
522 if (!s)
523 return -ENOMEM;
524
525 *_s = path_simplify(s, true);
526 return 0;
527 }
528
529 /* Hardcode shell for root and nobody to avoid NSS */
530 u = getuid();
531 if (u == 0) {
532 s = strdup("/bin/sh");
533 if (!s)
534 return -ENOMEM;
535
536 *_s = s;
537 return 0;
538 }
539 if (synthesize_nobody() &&
540 u == UID_NOBODY) {
541 s = strdup(NOLOGIN);
542 if (!s)
543 return -ENOMEM;
544
545 *_s = s;
546 return 0;
547 }
548
549 /* Check the database... */
550 errno = 0;
551 p = getpwuid(u);
552 if (!p)
553 return errno_or_else(ESRCH);
554
555 if (!path_is_valid(p->pw_shell) ||
556 !path_is_absolute(p->pw_shell))
557 return -EINVAL;
558
559 s = strdup(p->pw_shell);
560 if (!s)
561 return -ENOMEM;
562
563 *_s = path_simplify(s, true);
564 return 0;
565 }
566
567 int reset_uid_gid(void) {
568 int r;
569
570 r = maybe_setgroups(0, NULL);
571 if (r < 0)
572 return r;
573
574 if (setresgid(0, 0, 0) < 0)
575 return -errno;
576
577 if (setresuid(0, 0, 0) < 0)
578 return -errno;
579
580 return 0;
581 }
582
583 int take_etc_passwd_lock(const char *root) {
584
585 struct flock flock = {
586 .l_type = F_WRLCK,
587 .l_whence = SEEK_SET,
588 .l_start = 0,
589 .l_len = 0,
590 };
591
592 const char *path;
593 int fd, r;
594
595 /* This is roughly the same as lckpwdf(), but not as awful. We
596 * don't want to use alarm() and signals, hence we implement
597 * our own trivial version of this.
598 *
599 * Note that shadow-utils also takes per-database locks in
600 * addition to lckpwdf(). However, we don't given that they
601 * are redundant as they invoke lckpwdf() first and keep
602 * it during everything they do. The per-database locks are
603 * awfully racy, and thus we just won't do them. */
604
605 if (root)
606 path = prefix_roota(root, ETC_PASSWD_LOCK_PATH);
607 else
608 path = ETC_PASSWD_LOCK_PATH;
609
610 fd = open(path, O_WRONLY|O_CREAT|O_CLOEXEC|O_NOCTTY|O_NOFOLLOW, 0600);
611 if (fd < 0)
612 return log_debug_errno(errno, "Cannot open %s: %m", path);
613
614 r = fcntl(fd, F_SETLKW, &flock);
615 if (r < 0) {
616 safe_close(fd);
617 return log_debug_errno(errno, "Locking %s failed: %m", path);
618 }
619
620 return fd;
621 }
622
623 bool valid_user_group_name_full(const char *u, bool strict) {
624 const char *i;
625 long sz;
626
627 /* Checks if the specified name is a valid user/group name. Also see POSIX IEEE Std 1003.1-2008, 2016 Edition,
628 * 3.437. We are a bit stricter here however. Specifically we deviate from POSIX rules:
629 *
630 * - We require that names fit into the appropriate utmp field
631 * - We don't allow empty user names
632 * - No dots or digits in the first character
633 *
634 * If strict==true, additionally:
635 * - We don't allow any dots (this conflicts with chown syntax which permits dots as user/group name separator)
636 *
637 * Note that other systems are even more restrictive, and don't permit underscores or uppercase characters.
638 */
639
640 if (isempty(u))
641 return false;
642
643 if (!(u[0] >= 'a' && u[0] <= 'z') &&
644 !(u[0] >= 'A' && u[0] <= 'Z') &&
645 u[0] != '_')
646 return false;
647
648 bool warned = false;
649
650 for (i = u+1; *i; i++) {
651 if (((*i >= 'a' && *i <= 'z') ||
652 (*i >= 'A' && *i <= 'Z') ||
653 (*i >= '0' && *i <= '9') ||
654 IN_SET(*i, '_', '-')))
655 continue;
656
657 if (*i == '.' && !strict) {
658 if (!warned) {
659 log_warning("Bad user or group name \"%s\", accepting for compatibility.", u);
660 warned = true;
661 }
662
663 continue;
664 }
665
666 return false;
667 }
668
669 sz = sysconf(_SC_LOGIN_NAME_MAX);
670 assert_se(sz > 0);
671
672 if ((size_t) (i-u) > (size_t) sz)
673 return false;
674
675 if ((size_t) (i-u) > UT_NAMESIZE - 1)
676 return false;
677
678 return true;
679 }
680
681 bool valid_user_group_name_or_id_full(const char *u, bool strict) {
682
683 /* Similar as above, but is also fine with numeric UID/GID specifications, as long as they are in the
684 * right range, and not the invalid user ids. */
685
686 if (isempty(u))
687 return false;
688
689 if (valid_user_group_name_full(u, strict))
690 return true;
691
692 return parse_uid(u, NULL) >= 0;
693 }
694
695 bool valid_gecos(const char *d) {
696
697 if (!d)
698 return false;
699
700 if (!utf8_is_valid(d))
701 return false;
702
703 if (string_has_cc(d, NULL))
704 return false;
705
706 /* Colons are used as field separators, and hence not OK */
707 if (strchr(d, ':'))
708 return false;
709
710 return true;
711 }
712
713 bool valid_home(const char *p) {
714 /* Note that this function is also called by valid_shell(), any
715 * changes must account for that. */
716
717 if (isempty(p))
718 return false;
719
720 if (!utf8_is_valid(p))
721 return false;
722
723 if (string_has_cc(p, NULL))
724 return false;
725
726 if (!path_is_absolute(p))
727 return false;
728
729 if (!path_is_normalized(p))
730 return false;
731
732 /* Colons are used as field separators, and hence not OK */
733 if (strchr(p, ':'))
734 return false;
735
736 return true;
737 }
738
739 int maybe_setgroups(size_t size, const gid_t *list) {
740 int r;
741
742 /* Check if setgroups is allowed before we try to drop all the auxiliary groups */
743 if (size == 0) { /* Dropping all aux groups? */
744 _cleanup_free_ char *setgroups_content = NULL;
745 bool can_setgroups;
746
747 r = read_one_line_file("/proc/self/setgroups", &setgroups_content);
748 if (r == -ENOENT)
749 /* Old kernels don't have /proc/self/setgroups, so assume we can use setgroups */
750 can_setgroups = true;
751 else if (r < 0)
752 return r;
753 else
754 can_setgroups = streq(setgroups_content, "allow");
755
756 if (!can_setgroups) {
757 log_debug("Skipping setgroups(), /proc/self/setgroups is set to 'deny'");
758 return 0;
759 }
760 }
761
762 if (setgroups(size, list) < 0)
763 return -errno;
764
765 return 0;
766 }
767
768 bool synthesize_nobody(void) {
769 /* Returns true when we shall synthesize the "nobody" user (which we do by default). This can be turned off by
770 * touching /etc/systemd/dont-synthesize-nobody in order to provide upgrade compatibility with legacy systems
771 * that used the "nobody" user name and group name for other UIDs/GIDs than 65534.
772 *
773 * Note that we do not employ any kind of synchronization on the following caching variable. If the variable is
774 * accessed in multi-threaded programs in the worst case it might happen that we initialize twice, but that
775 * shouldn't matter as each initialization should come to the same result. */
776 static int cache = -1;
777
778 if (cache < 0)
779 cache = access("/etc/systemd/dont-synthesize-nobody", F_OK) < 0;
780
781 return cache;
782 }
783
784 int putpwent_sane(const struct passwd *pw, FILE *stream) {
785 assert(pw);
786 assert(stream);
787
788 errno = 0;
789 if (putpwent(pw, stream) != 0)
790 return errno_or_else(EIO);
791
792 return 0;
793 }
794
795 int putspent_sane(const struct spwd *sp, FILE *stream) {
796 assert(sp);
797 assert(stream);
798
799 errno = 0;
800 if (putspent(sp, stream) != 0)
801 return errno_or_else(EIO);
802
803 return 0;
804 }
805
806 int putgrent_sane(const struct group *gr, FILE *stream) {
807 assert(gr);
808 assert(stream);
809
810 errno = 0;
811 if (putgrent(gr, stream) != 0)
812 return errno_or_else(EIO);
813
814 return 0;
815 }
816
817 #if ENABLE_GSHADOW
818 int putsgent_sane(const struct sgrp *sg, FILE *stream) {
819 assert(sg);
820 assert(stream);
821
822 errno = 0;
823 if (putsgent(sg, stream) != 0)
824 return errno_or_else(EIO);
825
826 return 0;
827 }
828 #endif
829
830 int fgetpwent_sane(FILE *stream, struct passwd **pw) {
831 struct passwd *p;
832
833 assert(pw);
834 assert(stream);
835
836 errno = 0;
837 p = fgetpwent(stream);
838 if (!p && errno != ENOENT)
839 return errno_or_else(EIO);
840
841 *pw = p;
842 return !!p;
843 }
844
845 int fgetspent_sane(FILE *stream, struct spwd **sp) {
846 struct spwd *s;
847
848 assert(sp);
849 assert(stream);
850
851 errno = 0;
852 s = fgetspent(stream);
853 if (!s && errno != ENOENT)
854 return errno_or_else(EIO);
855
856 *sp = s;
857 return !!s;
858 }
859
860 int fgetgrent_sane(FILE *stream, struct group **gr) {
861 struct group *g;
862
863 assert(gr);
864 assert(stream);
865
866 errno = 0;
867 g = fgetgrent(stream);
868 if (!g && errno != ENOENT)
869 return errno_or_else(EIO);
870
871 *gr = g;
872 return !!g;
873 }
874
875 #if ENABLE_GSHADOW
876 int fgetsgent_sane(FILE *stream, struct sgrp **sg) {
877 struct sgrp *s;
878
879 assert(sg);
880 assert(stream);
881
882 errno = 0;
883 s = fgetsgent(stream);
884 if (!s && errno != ENOENT)
885 return errno_or_else(EIO);
886
887 *sg = s;
888 return !!s;
889 }
890 #endif
891
892 int make_salt(char **ret) {
893 static const char table[] =
894 "abcdefghijklmnopqrstuvwxyz"
895 "ABCDEFGHIJKLMNOPQRSTUVWXYZ"
896 "0123456789"
897 "./";
898
899 uint8_t raw[16];
900 char *salt, *j;
901 size_t i;
902 int r;
903
904 /* This is a bit like crypt_gensalt_ra(), but doesn't require libcrypt, and doesn't do anything but
905 * SHA512, i.e. is legacy-free and minimizes our deps. */
906
907 assert_cc(sizeof(table) == 64U + 1U);
908
909 /* Insist on the best randomness by setting RANDOM_BLOCK, this is about keeping passwords secret after all. */
910 r = genuine_random_bytes(raw, sizeof(raw), RANDOM_BLOCK);
911 if (r < 0)
912 return r;
913
914 salt = new(char, 3+sizeof(raw)+1+1);
915 if (!salt)
916 return -ENOMEM;
917
918 /* We only bother with SHA512 hashed passwords, the rest is legacy, and we don't do legacy. */
919 j = stpcpy(salt, "$6$");
920 for (i = 0; i < sizeof(raw); i++)
921 j[i] = table[raw[i] & 63];
922 j[i++] = '$';
923 j[i] = 0;
924
925 *ret = salt;
926 return 0;
927 }
Unnamed repository; edit this file 'description' to name the repository.