diff options
author | Theo de Raadt <deraadt@cvs.openbsd.org> | 1999-07-04 01:07:44 +0000 |
---|---|---|
committer | Theo de Raadt <deraadt@cvs.openbsd.org> | 1999-07-04 01:07:44 +0000 |
commit | 8e68b36a929e0ad1721fd7f9eee6d57ade5db145 (patch) | |
tree | 4c0cdc44f52b08bc58e9c56e2db1f038d4d5ff8e | |
parent | 6be6c4507117cc31deefe654e7f597d63cfe1a31 (diff) |
constrain token character set; worked out with hugh@openbsd.org
-rw-r--r-- | libexec/identd/parse.c | 38 |
1 files changed, 18 insertions, 20 deletions
diff --git a/libexec/identd/parse.c b/libexec/identd/parse.c index 88740021a01..7a3d5e9eab7 100644 --- a/libexec/identd/parse.c +++ b/libexec/identd/parse.c @@ -30,6 +30,7 @@ static int check_noident __P((char *)); ssize_t timed_read __P((int, void *, size_t, time_t)); ssize_t timed_write __P((int, const void *, size_t, time_t)); int parse __P((int, struct in_addr *, struct in_addr *)); +void gentoken __P((char *, int)); /* * A small routine to check for the existance of the ".noident" @@ -51,21 +52,25 @@ check_noident(homedir) return 0; } -static unsigned char itoa64[] = /* 0 ... 63 => ascii - 64 */ - "./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz"; +static char token0cnv[] = "abcdefghijklmnopqrstuvwxyz"; +static char tokencnv[] = "abcdefghijklmnopqrstuvwxyz0123456789"; -static void to64 __P((char *, u_int32_t, int)); - -static void -to64(s, v, n) - char *s; - u_int32_t v; - int n; +void +gentoken(buf, len) + char *buf; + int len; { - while (--n >= 0) { - *s++ = itoa64[v&0x3f]; - v >>= 6; + char *p; + + if (len == 0) + return; + for (p = buf; len > 1; p++, len--) { + if (p == buf) + *p = token0cnv[arc4random() % (sizeof token0cnv-1)]; + else + *p = tokencnv[arc4random() % (sizeof tokencnv-1)]; } + *p = '\0'; } /* @@ -259,15 +264,8 @@ parse(fd, laddr, faddr) if (token_flag) { char token[21]; - char *s = token; - - memset(token, 0, sizeof token); - to64(s, arc4random(), 4); - to64(s + 4, arc4random(), 4); - to64(s + 8, arc4random(), 4); - to64(s + 12, arc4random(), 4); - to64(s + 16, arc4random(), 4); + gentoken(token, sizeof token); syslog(LOG_NOTICE, "token %s == uid %u (%s)", token, uid, pw->pw_name); n = snprintf(buf, sizeof(buf), |