]> git.ipfire.org Git - thirdparty/systemd.git/blob - src/basic/user-util.c
projects / thirdparty / systemd.git / blob
? search:


d127b0c107282562e6a6d41cb077eae45765a908
[thirdparty/systemd.git] / src / basic / user-util.c
1 /* SPDX-License-Identifier: LGPL-2.1+ */
2
3 #include <alloca.h>
4 #include <errno.h>
5 #include <fcntl.h>
6 #include <grp.h>
7 #include <pwd.h>
8 #include <stddef.h>
9 #include <stdint.h>
10 #include <stdio.h>
11 #include <stdlib.h>
12 #include <string.h>
13 #include <sys/stat.h>
14 #include <unistd.h>
15 #include <utmp.h>
16
17 #include "alloc-util.h"
18 #include "errno-util.h"
19 #include "fd-util.h"
20 #include "fileio.h"
21 #include "format-util.h"
22 #include "macro.h"
23 #include "missing.h"
24 #include "parse-util.h"
25 #include "path-util.h"
26 #include "random-util.h"
27 #include "string-util.h"
28 #include "strv.h"
29 #include "user-util.h"
30 #include "utf8.h"
31
32 bool uid_is_valid(uid_t uid) {
33
34 /* Also see POSIX IEEE Std 1003.1-2008, 2016 Edition, 3.436. */
35
36 /* Some libc APIs use UID_INVALID as special placeholder */
37 if (uid == (uid_t) UINT32_C(0xFFFFFFFF))
38 return false;
39
40 /* A long time ago UIDs where 16bit, hence explicitly avoid the 16bit -1 too */
41 if (uid == (uid_t) UINT32_C(0xFFFF))
42 return false;
43
44 return true;
45 }
46
47 int parse_uid(const char *s, uid_t *ret) {
48 uint32_t uid = 0;
49 int r;
50
51 assert(s);
52
53 assert_cc(sizeof(uid_t) == sizeof(uint32_t));
54 r = safe_atou32(s, &uid);
55 if (r < 0)
56 return r;
57
58 if (!uid_is_valid(uid))
59 return -ENXIO; /* we return ENXIO instead of EINVAL
60 * here, to make it easy to distinguish
61 * invalid numeric uids from invalid
62 * strings. */
63
64 if (ret)
65 *ret = uid;
66
67 return 0;
68 }
69
70 char* getlogname_malloc(void) {
71 uid_t uid;
72 struct stat st;
73
74 if (isatty(STDIN_FILENO) && fstat(STDIN_FILENO, &st) >= 0)
75 uid = st.st_uid;
76 else
77 uid = getuid();
78
79 return uid_to_name(uid);
80 }
81
82 char *getusername_malloc(void) {
83 const char *e;
84
85 e = secure_getenv("USER");
86 if (e)
87 return strdup(e);
88
89 return uid_to_name(getuid());
90 }
91
92 static bool is_nologin_shell(const char *shell) {
93
94 return PATH_IN_SET(shell,
95 /* 'nologin' is the friendliest way to disable logins for a user account. It prints a nice
96 * message and exits. Different distributions place the binary at different places though,
97 * hence let's list them all. */
98 "/bin/nologin",
99 "/sbin/nologin",
100 "/usr/bin/nologin",
101 "/usr/sbin/nologin",
102 /* 'true' and 'false' work too for the same purpose, but are less friendly as they don't do
103 * any message printing. Different distributions place the binary at various places but at
104 * least not in the 'sbin' directory. */
105 "/bin/false",
106 "/usr/bin/false",
107 "/bin/true",
108 "/usr/bin/true");
109 }
110
111 static int synthesize_user_creds(
112 const char **username,
113 uid_t *uid, gid_t *gid,
114 const char **home,
115 const char **shell,
116 UserCredsFlags flags) {
117
118 /* We enforce some special rules for uid=0 and uid=65534: in order to avoid NSS lookups for root we hardcode
119 * their user record data. */
120
121 if (STR_IN_SET(*username, "root", "0")) {
122 *username = "root";
123
124 if (uid)
125 *uid = 0;
126 if (gid)
127 *gid = 0;
128
129 if (home)
130 *home = "/root";
131
132 if (shell)
133 *shell = "/bin/sh";
134
135 return 0;
136 }
137
138 if (synthesize_nobody() &&
139 STR_IN_SET(*username, NOBODY_USER_NAME, "65534")) {
140 *username = NOBODY_USER_NAME;
141
142 if (uid)
143 *uid = UID_NOBODY;
144 if (gid)
145 *gid = GID_NOBODY;
146
147 if (home)
148 *home = FLAGS_SET(flags, USER_CREDS_CLEAN) ? NULL : "/";
149
150 if (shell)
151 *shell = FLAGS_SET(flags, USER_CREDS_CLEAN) ? NULL : NOLOGIN;
152
153 return 0;
154 }
155
156 return -ENOMEDIUM;
157 }
158
159 int get_user_creds(
160 const char **username,
161 uid_t *uid, gid_t *gid,
162 const char **home,
163 const char **shell,
164 UserCredsFlags flags) {
165
166 uid_t u = UID_INVALID;
167 struct passwd *p;
168 int r;
169
170 assert(username);
171 assert(*username);
172
173 if (!FLAGS_SET(flags, USER_CREDS_PREFER_NSS) ||
174 (!home && !shell)) {
175
176 /* So here's the deal: normally, we'll try to synthesize all records we can synthesize, and override
177 * the user database with that. However, if the user specifies USER_CREDS_PREFER_NSS then the
178 * user database will override the synthetic records instead — except if the user is only interested in
179 * the UID and/or GID (but not the home directory, or the shell), in which case we'll always override
180 * the user database (i.e. the USER_CREDS_PREFER_NSS flag has no effect in this case). Why?
181 * Simply because there are valid usecase where the user might change the home directory or the shell
182 * of the relevant users, but changing the UID/GID mappings for them is something we explicitly don't
183 * support. */
184
185 r = synthesize_user_creds(username, uid, gid, home, shell, flags);
186 if (r >= 0)
187 return 0;
188 if (r != -ENOMEDIUM) /* not a username we can synthesize */
189 return r;
190 }
191
192 if (parse_uid(*username, &u) >= 0) {
193 errno = 0;
194 p = getpwuid(u);
195
196 /* If there are multiple users with the same id, make sure to leave $USER to the configured value
197 * instead of the first occurrence in the database. However if the uid was configured by a numeric uid,
198 * then let's pick the real username from /etc/passwd. */
199 if (p)
200 *username = p->pw_name;
201 else if (FLAGS_SET(flags, USER_CREDS_ALLOW_MISSING) && !gid && !home && !shell) {
202
203 /* If the specified user is a numeric UID and it isn't in the user database, and the caller
204 * passed USER_CREDS_ALLOW_MISSING and was only interested in the UID, then juts return that
205 * and don't complain. */
206
207 if (uid)
208 *uid = u;
209
210 return 0;
211 }
212 } else {
213 errno = 0;
214 p = getpwnam(*username);
215 }
216 if (!p) {
217 r = errno_or_else(ESRCH);
218
219 /* If the user requested that we only synthesize as fallback, do so now */
220 if (FLAGS_SET(flags, USER_CREDS_PREFER_NSS)) {
221 if (synthesize_user_creds(username, uid, gid, home, shell, flags) >= 0)
222 return 0;
223 }
224
225 return r;
226 }
227
228 if (uid) {
229 if (!uid_is_valid(p->pw_uid))
230 return -EBADMSG;
231
232 *uid = p->pw_uid;
233 }
234
235 if (gid) {
236 if (!gid_is_valid(p->pw_gid))
237 return -EBADMSG;
238
239 *gid = p->pw_gid;
240 }
241
242 if (home) {
243 if (FLAGS_SET(flags, USER_CREDS_CLEAN) &&
244 (empty_or_root(p->pw_dir) ||
245 !path_is_valid(p->pw_dir) ||
246 !path_is_absolute(p->pw_dir)))
247 *home = NULL; /* Note: we don't insist on normalized paths, since there are setups that have /./ in the path */
248 else
249 *home = p->pw_dir;
250 }
251
252 if (shell) {
253 if (FLAGS_SET(flags, USER_CREDS_CLEAN) &&
254 (isempty(p->pw_shell) ||
255 !path_is_valid(p->pw_dir) ||
256 !path_is_absolute(p->pw_shell) ||
257 is_nologin_shell(p->pw_shell)))
258 *shell = NULL;
259 else
260 *shell = p->pw_shell;
261 }
262
263 return 0;
264 }
265
266 int get_group_creds(const char **groupname, gid_t *gid, UserCredsFlags flags) {
267 struct group *g;
268 gid_t id;
269
270 assert(groupname);
271
272 /* We enforce some special rules for gid=0: in order to avoid NSS lookups for root we hardcode its data. */
273
274 if (STR_IN_SET(*groupname, "root", "0")) {
275 *groupname = "root";
276
277 if (gid)
278 *gid = 0;
279
280 return 0;
281 }
282
283 if (synthesize_nobody() &&
284 STR_IN_SET(*groupname, NOBODY_GROUP_NAME, "65534")) {
285 *groupname = NOBODY_GROUP_NAME;
286
287 if (gid)
288 *gid = GID_NOBODY;
289
290 return 0;
291 }
292
293 if (parse_gid(*groupname, &id) >= 0) {
294 errno = 0;
295 g = getgrgid(id);
296
297 if (g)
298 *groupname = g->gr_name;
299 else if (FLAGS_SET(flags, USER_CREDS_ALLOW_MISSING)) {
300 if (gid)
301 *gid = id;
302
303 return 0;
304 }
305 } else {
306 errno = 0;
307 g = getgrnam(*groupname);
308 }
309
310 if (!g)
311 return errno_or_else(ESRCH);
312
313 if (gid) {
314 if (!gid_is_valid(g->gr_gid))
315 return -EBADMSG;
316
317 *gid = g->gr_gid;
318 }
319
320 return 0;
321 }
322
323 char* uid_to_name(uid_t uid) {
324 char *ret;
325 int r;
326
327 /* Shortcut things to avoid NSS lookups */
328 if (uid == 0)
329 return strdup("root");
330 if (synthesize_nobody() &&
331 uid == UID_NOBODY)
332 return strdup(NOBODY_USER_NAME);
333
334 if (uid_is_valid(uid)) {
335 long bufsize;
336
337 bufsize = sysconf(_SC_GETPW_R_SIZE_MAX);
338 if (bufsize <= 0)
339 bufsize = 4096;
340
341 for (;;) {
342 struct passwd pwbuf, *pw = NULL;
343 _cleanup_free_ char *buf = NULL;
344
345 buf = malloc(bufsize);
346 if (!buf)
347 return NULL;
348
349 r = getpwuid_r(uid, &pwbuf, buf, (size_t) bufsize, &pw);
350 if (r == 0 && pw)
351 return strdup(pw->pw_name);
352 if (r != ERANGE)
353 break;
354
355 if (bufsize > LONG_MAX/2) /* overflow check */
356 return NULL;
357
358 bufsize *= 2;
359 }
360 }
361
362 if (asprintf(&ret, UID_FMT, uid) < 0)
363 return NULL;
364
365 return ret;
366 }
367
368 char* gid_to_name(gid_t gid) {
369 char *ret;
370 int r;
371
372 if (gid == 0)
373 return strdup("root");
374 if (synthesize_nobody() &&
375 gid == GID_NOBODY)
376 return strdup(NOBODY_GROUP_NAME);
377
378 if (gid_is_valid(gid)) {
379 long bufsize;
380
381 bufsize = sysconf(_SC_GETGR_R_SIZE_MAX);
382 if (bufsize <= 0)
383 bufsize = 4096;
384
385 for (;;) {
386 struct group grbuf, *gr = NULL;
387 _cleanup_free_ char *buf = NULL;
388
389 buf = malloc(bufsize);
390 if (!buf)
391 return NULL;
392
393 r = getgrgid_r(gid, &grbuf, buf, (size_t) bufsize, &gr);
394 if (r == 0 && gr)
395 return strdup(gr->gr_name);
396 if (r != ERANGE)
397 break;
398
399 if (bufsize > LONG_MAX/2) /* overflow check */
400 return NULL;
401
402 bufsize *= 2;
403 }
404 }
405
406 if (asprintf(&ret, GID_FMT, gid) < 0)
407 return NULL;
408
409 return ret;
410 }
411
412 int in_gid(gid_t gid) {
413 long ngroups_max;
414 gid_t *gids;
415 int r, i;
416
417 if (getgid() == gid)
418 return 1;
419
420 if (getegid() == gid)
421 return 1;
422
423 if (!gid_is_valid(gid))
424 return -EINVAL;
425
426 ngroups_max = sysconf(_SC_NGROUPS_MAX);
427 assert(ngroups_max > 0);
428
429 gids = newa(gid_t, ngroups_max);
430
431 r = getgroups(ngroups_max, gids);
432 if (r < 0)
433 return -errno;
434
435 for (i = 0; i < r; i++)
436 if (gids[i] == gid)
437 return 1;
438
439 return 0;
440 }
441
442 int in_group(const char *name) {
443 int r;
444 gid_t gid;
445
446 r = get_group_creds(&name, &gid, 0);
447 if (r < 0)
448 return r;
449
450 return in_gid(gid);
451 }
452
453 int get_home_dir(char **_h) {
454 struct passwd *p;
455 const char *e;
456 char *h;
457 uid_t u;
458
459 assert(_h);
460
461 /* Take the user specified one */
462 e = secure_getenv("HOME");
463 if (e && path_is_valid(e) && path_is_absolute(e)) {
464 h = strdup(e);
465 if (!h)
466 return -ENOMEM;
467
468 *_h = path_simplify(h, true);
469 return 0;
470 }
471
472 /* Hardcode home directory for root and nobody to avoid NSS */
473 u = getuid();
474 if (u == 0) {
475 h = strdup("/root");
476 if (!h)
477 return -ENOMEM;
478
479 *_h = h;
480 return 0;
481 }
482 if (synthesize_nobody() &&
483 u == UID_NOBODY) {
484 h = strdup("/");
485 if (!h)
486 return -ENOMEM;
487
488 *_h = h;
489 return 0;
490 }
491
492 /* Check the database... */
493 errno = 0;
494 p = getpwuid(u);
495 if (!p)
496 return errno_or_else(ESRCH);
497
498 if (!path_is_valid(p->pw_dir) ||
499 !path_is_absolute(p->pw_dir))
500 return -EINVAL;
501
502 h = strdup(p->pw_dir);
503 if (!h)
504 return -ENOMEM;
505
506 *_h = path_simplify(h, true);
507 return 0;
508 }
509
510 int get_shell(char **_s) {
511 struct passwd *p;
512 const char *e;
513 char *s;
514 uid_t u;
515
516 assert(_s);
517
518 /* Take the user specified one */
519 e = secure_getenv("SHELL");
520 if (e && path_is_valid(e) && path_is_absolute(e)) {
521 s = strdup(e);
522 if (!s)
523 return -ENOMEM;
524
525 *_s = path_simplify(s, true);
526 return 0;
527 }
528
529 /* Hardcode shell for root and nobody to avoid NSS */
530 u = getuid();
531 if (u == 0) {
532 s = strdup("/bin/sh");
533 if (!s)
534 return -ENOMEM;
535
536 *_s = s;
537 return 0;
538 }
539 if (synthesize_nobody() &&
540 u == UID_NOBODY) {
541 s = strdup(NOLOGIN);
542 if (!s)
543 return -ENOMEM;
544
545 *_s = s;
546 return 0;
547 }
548
549 /* Check the database... */
550 errno = 0;
551 p = getpwuid(u);
552 if (!p)
553 return errno_or_else(ESRCH);
554
555 if (!path_is_valid(p->pw_shell) ||
556 !path_is_absolute(p->pw_shell))
557 return -EINVAL;
558
559 s = strdup(p->pw_shell);
560 if (!s)
561 return -ENOMEM;
562
563 *_s = path_simplify(s, true);
564 return 0;
565 }
566
567 int reset_uid_gid(void) {
568 int r;
569
570 r = maybe_setgroups(0, NULL);
571 if (r < 0)
572 return r;
573
574 if (setresgid(0, 0, 0) < 0)
575 return -errno;
576
577 if (setresuid(0, 0, 0) < 0)
578 return -errno;
579
580 return 0;
581 }
582
583 int take_etc_passwd_lock(const char *root) {
584
585 struct flock flock = {
586 .l_type = F_WRLCK,
587 .l_whence = SEEK_SET,
588 .l_start = 0,
589 .l_len = 0,
590 };
591
592 const char *path;
593 int fd, r;
594
595 /* This is roughly the same as lckpwdf(), but not as awful. We
596 * don't want to use alarm() and signals, hence we implement
597 * our own trivial version of this.
598 *
599 * Note that shadow-utils also takes per-database locks in
600 * addition to lckpwdf(). However, we don't given that they
601 * are redundant as they invoke lckpwdf() first and keep
602 * it during everything they do. The per-database locks are
603 * awfully racy, and thus we just won't do them. */
604
605 if (root)
606 path = prefix_roota(root, ETC_PASSWD_LOCK_PATH);
607 else
608 path = ETC_PASSWD_LOCK_PATH;
609
610 fd = open(path, O_WRONLY|O_CREAT|O_CLOEXEC|O_NOCTTY|O_NOFOLLOW, 0600);
611 if (fd < 0)
612 return log_debug_errno(errno, "Cannot open %s: %m", path);
613
614 r = fcntl(fd, F_SETLKW, &flock);
615 if (r < 0) {
616 safe_close(fd);
617 return log_debug_errno(errno, "Locking %s failed: %m", path);
618 }
619
620 return fd;
621 }
622
623 bool valid_user_group_name(const char *u) {
624 const char *i;
625 long sz;
626
627 /* Checks if the specified name is a valid user/group name. Also see POSIX IEEE Std 1003.1-2008, 2016 Edition,
628 * 3.437. We are a bit stricter here however. Specifically we deviate from POSIX rules:
629 *
630 * - We don't allow any dots (this would break chown syntax which permits dots as user/group name separator)
631 * - We require that names fit into the appropriate utmp field
632 * - We don't allow empty user names
633 *
634 * Note that other systems are even more restrictive, and don't permit underscores or uppercase characters.
635 */
636
637 if (isempty(u))
638 return false;
639
640 if (!(u[0] >= 'a' && u[0] <= 'z') &&
641 !(u[0] >= 'A' && u[0] <= 'Z') &&
642 u[0] != '_')
643 return false;
644
645 for (i = u+1; *i; i++) {
646 if (!(*i >= 'a' && *i <= 'z') &&
647 !(*i >= 'A' && *i <= 'Z') &&
648 !(*i >= '0' && *i <= '9') &&
649 !IN_SET(*i, '_', '-'))
650 return false;
651 }
652
653 sz = sysconf(_SC_LOGIN_NAME_MAX);
654 assert_se(sz > 0);
655
656 if ((size_t) (i-u) > (size_t) sz)
657 return false;
658
659 if ((size_t) (i-u) > UT_NAMESIZE - 1)
660 return false;
661
662 return true;
663 }
664
665 bool valid_user_group_name_or_id(const char *u) {
666
667 /* Similar as above, but is also fine with numeric UID/GID specifications, as long as they are in the right
668 * range, and not the invalid user ids. */
669
670 if (isempty(u))
671 return false;
672
673 if (valid_user_group_name(u))
674 return true;
675
676 return parse_uid(u, NULL) >= 0;
677 }
678
679 bool valid_gecos(const char *d) {
680
681 if (!d)
682 return false;
683
684 if (!utf8_is_valid(d))
685 return false;
686
687 if (string_has_cc(d, NULL))
688 return false;
689
690 /* Colons are used as field separators, and hence not OK */
691 if (strchr(d, ':'))
692 return false;
693
694 return true;
695 }
696
697 bool valid_home(const char *p) {
698 /* Note that this function is also called by valid_shell(), any
699 * changes must account for that. */
700
701 if (isempty(p))
702 return false;
703
704 if (!utf8_is_valid(p))
705 return false;
706
707 if (string_has_cc(p, NULL))
708 return false;
709
710 if (!path_is_absolute(p))
711 return false;
712
713 if (!path_is_normalized(p))
714 return false;
715
716 /* Colons are used as field separators, and hence not OK */
717 if (strchr(p, ':'))
718 return false;
719
720 return true;
721 }
722
723 int maybe_setgroups(size_t size, const gid_t *list) {
724 int r;
725
726 /* Check if setgroups is allowed before we try to drop all the auxiliary groups */
727 if (size == 0) { /* Dropping all aux groups? */
728 _cleanup_free_ char *setgroups_content = NULL;
729 bool can_setgroups;
730
731 r = read_one_line_file("/proc/self/setgroups", &setgroups_content);
732 if (r == -ENOENT)
733 /* Old kernels don't have /proc/self/setgroups, so assume we can use setgroups */
734 can_setgroups = true;
735 else if (r < 0)
736 return r;
737 else
738 can_setgroups = streq(setgroups_content, "allow");
739
740 if (!can_setgroups) {
741 log_debug("Skipping setgroups(), /proc/self/setgroups is set to 'deny'");
742 return 0;
743 }
744 }
745
746 if (setgroups(size, list) < 0)
747 return -errno;
748
749 return 0;
750 }
751
752 bool synthesize_nobody(void) {
753 /* Returns true when we shall synthesize the "nobody" user (which we do by default). This can be turned off by
754 * touching /etc/systemd/dont-synthesize-nobody in order to provide upgrade compatibility with legacy systems
755 * that used the "nobody" user name and group name for other UIDs/GIDs than 65534.
756 *
757 * Note that we do not employ any kind of synchronization on the following caching variable. If the variable is
758 * accessed in multi-threaded programs in the worst case it might happen that we initialize twice, but that
759 * shouldn't matter as each initialization should come to the same result. */
760 static int cache = -1;
761
762 if (cache < 0)
763 cache = access("/etc/systemd/dont-synthesize-nobody", F_OK) < 0;
764
765 return cache;
766 }
767
768 int putpwent_sane(const struct passwd *pw, FILE *stream) {
769 assert(pw);
770 assert(stream);
771
772 errno = 0;
773 if (putpwent(pw, stream) != 0)
774 return errno_or_else(EIO);
775
776 return 0;
777 }
778
779 int putspent_sane(const struct spwd *sp, FILE *stream) {
780 assert(sp);
781 assert(stream);
782
783 errno = 0;
784 if (putspent(sp, stream) != 0)
785 return errno_or_else(EIO);
786
787 return 0;
788 }
789
790 int putgrent_sane(const struct group *gr, FILE *stream) {
791 assert(gr);
792 assert(stream);
793
794 errno = 0;
795 if (putgrent(gr, stream) != 0)
796 return errno_or_else(EIO);
797
798 return 0;
799 }
800
801 #if ENABLE_GSHADOW
802 int putsgent_sane(const struct sgrp *sg, FILE *stream) {
803 assert(sg);
804 assert(stream);
805
806 errno = 0;
807 if (putsgent(sg, stream) != 0)
808 return errno_or_else(EIO);
809
810 return 0;
811 }
812 #endif
813
814 int fgetpwent_sane(FILE *stream, struct passwd **pw) {
815 struct passwd *p;
816
817 assert(pw);
818 assert(stream);
819
820 errno = 0;
821 p = fgetpwent(stream);
822 if (!p && errno != ENOENT)
823 return errno_or_else(EIO);
824
825 *pw = p;
826 return !!p;
827 }
828
829 int fgetspent_sane(FILE *stream, struct spwd **sp) {
830 struct spwd *s;
831
832 assert(sp);
833 assert(stream);
834
835 errno = 0;
836 s = fgetspent(stream);
837 if (!s && errno != ENOENT)
838 return errno_or_else(EIO);
839
840 *sp = s;
841 return !!s;
842 }
843
844 int fgetgrent_sane(FILE *stream, struct group **gr) {
845 struct group *g;
846
847 assert(gr);
848 assert(stream);
849
850 errno = 0;
851 g = fgetgrent(stream);
852 if (!g && errno != ENOENT)
853 return errno_or_else(EIO);
854
855 *gr = g;
856 return !!g;
857 }
858
859 #if ENABLE_GSHADOW
860 int fgetsgent_sane(FILE *stream, struct sgrp **sg) {
861 struct sgrp *s;
862
863 assert(sg);
864 assert(stream);
865
866 errno = 0;
867 s = fgetsgent(stream);
868 if (!s && errno != ENOENT)
869 return errno_or_else(EIO);
870
871 *sg = s;
872 return !!s;
873 }
874 #endif
875
876 int make_salt(char **ret) {
877 static const char table[] =
878 "abcdefghijklmnopqrstuvwxyz"
879 "ABCDEFGHIJKLMNOPQRSTUVWXYZ"
880 "0123456789"
881 "./";
882
883 uint8_t raw[16];
884 char *salt, *j;
885 size_t i;
886 int r;
887
888 /* This is a bit like crypt_gensalt_ra(), but doesn't require libcrypt, and doesn't do anything but
889 * SHA512, i.e. is legacy-free and minimizes our deps. */
890
891 assert_cc(sizeof(table) == 64U + 1U);
892
893 /* Insist on the best randomness by setting RANDOM_BLOCK, this is about keeping passwords secret after all. */
894 r = genuine_random_bytes(raw, sizeof(raw), RANDOM_BLOCK);
895 if (r < 0)
896 return r;
897
898 salt = new(char, 3+sizeof(raw)+1+1);
899 if (!salt)
900 return -ENOMEM;
901
902 /* We only bother with SHA512 hashed passwords, the rest is legacy, and we don't do legacy. */
903 j = stpcpy(salt, "$6$");
904 for (i = 0; i < sizeof(raw); i++)
905 j[i] = table[raw[i] & 63];
906 j[i++] = '$';
907 j[i] = 0;
908
909 *ret = salt;
910 return 0;
911 }
Unnamed repository; edit this file 'description' to name the repository.