Correctly use salt

This commit is contained in:
Jeremy Soller
2016-10-24 13:12:58 -06:00
parent e0fe388ccf
commit d32f2dc10e
7 changed files with 34 additions and 21 deletions
+4
View File
@@ -14,6 +14,10 @@ path = "src/bin/id.rs"
name = "login"
path = "src/bin/login.rs"
[[bin]]
name = "passwd"
path = "src/bin/passwd.rs"
[[bin]]
name = "su"
path = "src/bin/su.rs"
+1 -3
View File
@@ -17,8 +17,6 @@ pub fn main() {
let _ = syscall::open(&tty, syscall::flag::O_RDWR);
let _ = syscall::open(&tty, syscall::flag::O_RDWR);
env::set_current_dir("file:").unwrap();
env::set_var("TTY", &tty);
{
let mut path = [0; 4096];
@@ -37,7 +35,7 @@ pub fn main() {
loop {
//stdout.write(b"\x1Bc").unwrap();
let _ = stdout.flush();
match Command::new("file:bin/login").spawn() {
match Command::new("login").spawn() {
Ok(mut child) => match child.wait() {
Ok(_status) => (), //println!("getty: waited for login: {:?}", status.code()),
Err(err) => panic!("getty: failed to wait for login: {}", err)
+1 -3
View File
@@ -48,11 +48,9 @@ pub fn main() {
stdout.write(b"\n").unwrap();
let _ = stdout.flush();
let password_hash = Passwd::encode(&password);
for line in passwd_string.lines() {
if let Ok(passwd) = Passwd::parse(line) {
if user == passwd.user && password_hash == passwd.hash {
if user == passwd.user && passwd.verify(&password) {
passwd_option = Some(passwd);
break;
}
+10
View File
@@ -0,0 +1,10 @@
extern crate termion;
extern crate userutils;
use std::env;
fn main() {
let passwd = env::args().nth(1).unwrap();
let salt = env::args().nth(2).unwrap();
println!("{}", userutils::Passwd::encode(&passwd, &salt));
}
+2 -4
View File
@@ -26,7 +26,7 @@ pub fn main() {
let uid = syscall::getuid().unwrap();
let mut passwd_string = String::new();
File::open("file:etc/passwd").unwrap().read_to_string(&mut passwd_string).unwrap();
File::open("/etc/passwd").unwrap().read_to_string(&mut passwd_string).unwrap();
let mut passwd_option = None;
for line in passwd_string.lines() {
@@ -46,11 +46,9 @@ pub fn main() {
stdout.write(b"\n").unwrap();
let _ = stdout.flush();
let password_hash = Passwd::encode(&password);
for line in passwd_string.lines() {
if let Ok(passwd) = Passwd::parse(line) {
if user == passwd.user && password_hash == passwd.hash {
if user == passwd.user && passwd.verify(&password) {
passwd_option = Some(passwd);
break;
}
+2 -2
View File
@@ -17,7 +17,7 @@ pub fn main() {
if uid != 0 {
let mut passwd_string = String::new();
File::open("file:etc/passwd").unwrap().read_to_string(&mut passwd_string).unwrap();
File::open("/etc/passwd").unwrap().read_to_string(&mut passwd_string).unwrap();
let mut passwd_option = None;
for line in passwd_string.lines() {
@@ -32,7 +32,7 @@ pub fn main() {
let passwd = passwd_option.expect("sudo: user not found in passwd");
let mut group_string = String::new();
File::open("file:etc/group").unwrap().read_to_string(&mut group_string).unwrap();
File::open("/etc/group").unwrap().read_to_string(&mut group_string).unwrap();
let mut group_option = None;
for line in group_string.lines() {
+14 -9
View File
@@ -1,5 +1,8 @@
extern crate argon2rs;
use argon2rs::verifier::Encoded;
use argon2rs::{Argon2, Variant};
pub struct Passwd<'a> {
pub user: &'a str,
pub hash: &'a str,
@@ -11,15 +14,6 @@ pub struct Passwd<'a> {
}
impl<'a> Passwd<'a> {
//TODO: SALT
pub fn encode(password: &str) -> String {
let mut encoded = String::new();
for b in argon2rs::argon2i_simple(password, "saltsalt").iter() {
encoded.push_str(&format!("{:X}", b));
}
encoded
}
pub fn parse(line: &'a str) -> Result<Passwd<'a>, ()> {
let mut parts = line.split(';');
@@ -41,6 +35,17 @@ impl<'a> Passwd<'a> {
shell: shell
})
}
pub fn encode(password: &str, salt: &str) -> String {
let a2 = Argon2::new(10, 1, 4096, Variant::Argon2i).unwrap();
let e = Encoded::new(a2, password.as_bytes(), salt.as_bytes(), &[], &[]);
String::from_utf8(e.to_u8()).unwrap()
}
pub fn verify(&self, password: &str) -> bool {
let e = Encoded::from_u8(self.hash.as_bytes()).unwrap();
e.verify(password.as_bytes())
}
}
pub struct Group<'a> {