Correctly use salt
This commit is contained in:
@@ -14,6 +14,10 @@ path = "src/bin/id.rs"
|
||||
name = "login"
|
||||
path = "src/bin/login.rs"
|
||||
|
||||
[[bin]]
|
||||
name = "passwd"
|
||||
path = "src/bin/passwd.rs"
|
||||
|
||||
[[bin]]
|
||||
name = "su"
|
||||
path = "src/bin/su.rs"
|
||||
|
||||
+1
-3
@@ -17,8 +17,6 @@ pub fn main() {
|
||||
let _ = syscall::open(&tty, syscall::flag::O_RDWR);
|
||||
let _ = syscall::open(&tty, syscall::flag::O_RDWR);
|
||||
|
||||
env::set_current_dir("file:").unwrap();
|
||||
|
||||
env::set_var("TTY", &tty);
|
||||
{
|
||||
let mut path = [0; 4096];
|
||||
@@ -37,7 +35,7 @@ pub fn main() {
|
||||
loop {
|
||||
//stdout.write(b"\x1Bc").unwrap();
|
||||
let _ = stdout.flush();
|
||||
match Command::new("file:bin/login").spawn() {
|
||||
match Command::new("login").spawn() {
|
||||
Ok(mut child) => match child.wait() {
|
||||
Ok(_status) => (), //println!("getty: waited for login: {:?}", status.code()),
|
||||
Err(err) => panic!("getty: failed to wait for login: {}", err)
|
||||
|
||||
+1
-3
@@ -48,11 +48,9 @@ pub fn main() {
|
||||
stdout.write(b"\n").unwrap();
|
||||
let _ = stdout.flush();
|
||||
|
||||
let password_hash = Passwd::encode(&password);
|
||||
|
||||
for line in passwd_string.lines() {
|
||||
if let Ok(passwd) = Passwd::parse(line) {
|
||||
if user == passwd.user && password_hash == passwd.hash {
|
||||
if user == passwd.user && passwd.verify(&password) {
|
||||
passwd_option = Some(passwd);
|
||||
break;
|
||||
}
|
||||
|
||||
@@ -0,0 +1,10 @@
|
||||
extern crate termion;
|
||||
extern crate userutils;
|
||||
|
||||
use std::env;
|
||||
|
||||
fn main() {
|
||||
let passwd = env::args().nth(1).unwrap();
|
||||
let salt = env::args().nth(2).unwrap();
|
||||
println!("{}", userutils::Passwd::encode(&passwd, &salt));
|
||||
}
|
||||
+2
-4
@@ -26,7 +26,7 @@ pub fn main() {
|
||||
let uid = syscall::getuid().unwrap();
|
||||
|
||||
let mut passwd_string = String::new();
|
||||
File::open("file:etc/passwd").unwrap().read_to_string(&mut passwd_string).unwrap();
|
||||
File::open("/etc/passwd").unwrap().read_to_string(&mut passwd_string).unwrap();
|
||||
|
||||
let mut passwd_option = None;
|
||||
for line in passwd_string.lines() {
|
||||
@@ -46,11 +46,9 @@ pub fn main() {
|
||||
stdout.write(b"\n").unwrap();
|
||||
let _ = stdout.flush();
|
||||
|
||||
let password_hash = Passwd::encode(&password);
|
||||
|
||||
for line in passwd_string.lines() {
|
||||
if let Ok(passwd) = Passwd::parse(line) {
|
||||
if user == passwd.user && password_hash == passwd.hash {
|
||||
if user == passwd.user && passwd.verify(&password) {
|
||||
passwd_option = Some(passwd);
|
||||
break;
|
||||
}
|
||||
|
||||
+2
-2
@@ -17,7 +17,7 @@ pub fn main() {
|
||||
|
||||
if uid != 0 {
|
||||
let mut passwd_string = String::new();
|
||||
File::open("file:etc/passwd").unwrap().read_to_string(&mut passwd_string).unwrap();
|
||||
File::open("/etc/passwd").unwrap().read_to_string(&mut passwd_string).unwrap();
|
||||
|
||||
let mut passwd_option = None;
|
||||
for line in passwd_string.lines() {
|
||||
@@ -32,7 +32,7 @@ pub fn main() {
|
||||
let passwd = passwd_option.expect("sudo: user not found in passwd");
|
||||
|
||||
let mut group_string = String::new();
|
||||
File::open("file:etc/group").unwrap().read_to_string(&mut group_string).unwrap();
|
||||
File::open("/etc/group").unwrap().read_to_string(&mut group_string).unwrap();
|
||||
|
||||
let mut group_option = None;
|
||||
for line in group_string.lines() {
|
||||
|
||||
+14
-9
@@ -1,5 +1,8 @@
|
||||
extern crate argon2rs;
|
||||
|
||||
use argon2rs::verifier::Encoded;
|
||||
use argon2rs::{Argon2, Variant};
|
||||
|
||||
pub struct Passwd<'a> {
|
||||
pub user: &'a str,
|
||||
pub hash: &'a str,
|
||||
@@ -11,15 +14,6 @@ pub struct Passwd<'a> {
|
||||
}
|
||||
|
||||
impl<'a> Passwd<'a> {
|
||||
//TODO: SALT
|
||||
pub fn encode(password: &str) -> String {
|
||||
let mut encoded = String::new();
|
||||
for b in argon2rs::argon2i_simple(password, "saltsalt").iter() {
|
||||
encoded.push_str(&format!("{:X}", b));
|
||||
}
|
||||
encoded
|
||||
}
|
||||
|
||||
pub fn parse(line: &'a str) -> Result<Passwd<'a>, ()> {
|
||||
let mut parts = line.split(';');
|
||||
|
||||
@@ -41,6 +35,17 @@ impl<'a> Passwd<'a> {
|
||||
shell: shell
|
||||
})
|
||||
}
|
||||
|
||||
pub fn encode(password: &str, salt: &str) -> String {
|
||||
let a2 = Argon2::new(10, 1, 4096, Variant::Argon2i).unwrap();
|
||||
let e = Encoded::new(a2, password.as_bytes(), salt.as_bytes(), &[], &[]);
|
||||
String::from_utf8(e.to_u8()).unwrap()
|
||||
}
|
||||
|
||||
pub fn verify(&self, password: &str) -> bool {
|
||||
let e = Encoded::from_u8(self.hash.as_bytes()).unwrap();
|
||||
e.verify(password.as_bytes())
|
||||
}
|
||||
}
|
||||
|
||||
pub struct Group<'a> {
|
||||
|
||||
Reference in New Issue
Block a user