From: Lennart Poettering <lennart@poettering.net>
Date: Tue, 23 Apr 2019 16:17:04 +0000 (+0200)
Subject: user-util: add generic make_salt() API
X-Git-Tag: v243-rc1~362^2~1
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=f2c5edbe5a5f601be5fe7c73fa4007a243b1d52e;p=thirdparty%2Fsystemd.git

user-util: add generic make_salt() API
---

diff --git a/src/basic/user-util.c b/src/basic/user-util.c
index 2090675b0d3..1dd8e11e9ee 100644
--- a/src/basic/user-util.c
+++ b/src/basic/user-util.c
@@ -22,6 +22,7 @@
 #include "missing.h"
 #include "parse-util.h"
 #include "path-util.h"
+#include "random-util.h"
 #include "string-util.h"
 #include "strv.h"
 #include "user-util.h"
@@ -870,3 +871,40 @@ int fgetsgent_sane(FILE *stream, struct sgrp **sg) {
         return !!s;
 }
 #endif
+
+int make_salt(char **ret) {
+        static const char table[] =
+                "abcdefghijklmnopqrstuvwxyz"
+                "ABCDEFGHIJKLMNOPQRSTUVWXYZ"
+                "0123456789"
+                "./";
+
+        uint8_t raw[16];
+        char *salt, *j;
+        size_t i;
+        int r;
+
+        /* This is a bit like crypt_gensalt_ra(), but doesn't require libcrypt, and doesn't do anything but
+         * SHA512, i.e. is legacy-free and minimizes our deps. */
+
+        assert_cc(sizeof(table) == 64U + 1U);
+
+        /* Insist on the best randomness by setting RANDOM_BLOCK, this is about keeping passwords secret after all. */
+        r = genuine_random_bytes(raw, sizeof(raw), RANDOM_BLOCK);
+        if (r < 0)
+                return r;
+
+        salt = new(char, 3+sizeof(raw)+1+1);
+        if (!salt)
+                return -ENOMEM;
+
+        /* We only bother with SHA512 hashed passwords, the rest is legacy, and we don't do legacy. */
+        j = stpcpy(salt, "$6$");
+        for (i = 0; i < sizeof(raw); i++)
+                j[i] = table[raw[i] & 63];
+        j[i++] = '$';
+        j[i] = 0;
+
+        *ret = salt;
+        return 0;
+}
diff --git a/src/basic/user-util.h b/src/basic/user-util.h
index cc899ee76f7..52f3df792d7 100644
--- a/src/basic/user-util.h
+++ b/src/basic/user-util.h
@@ -113,3 +113,5 @@ int putgrent_sane(const struct group *gr, FILE *stream);
 int fgetsgent_sane(FILE *stream, struct sgrp **sg);
 int putsgent_sane(const struct sgrp *sg, FILE *stream);
 #endif
+
+int make_salt(char **ret);