summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorTheo de Raadt <deraadt@cvs.openbsd.org>1999-07-04 01:07:44 +0000
committerTheo de Raadt <deraadt@cvs.openbsd.org>1999-07-04 01:07:44 +0000
commit8e68b36a929e0ad1721fd7f9eee6d57ade5db145 (patch)
tree4c0cdc44f52b08bc58e9c56e2db1f038d4d5ff8e
parent6be6c4507117cc31deefe654e7f597d63cfe1a31 (diff)
constrain token character set; worked out with hugh@openbsd.org
-rw-r--r--libexec/identd/parse.c38
1 files changed, 18 insertions, 20 deletions
diff --git a/libexec/identd/parse.c b/libexec/identd/parse.c
index 88740021a01..7a3d5e9eab7 100644
--- a/libexec/identd/parse.c
+++ b/libexec/identd/parse.c
@@ -30,6 +30,7 @@ static int check_noident __P((char *));
ssize_t timed_read __P((int, void *, size_t, time_t));
ssize_t timed_write __P((int, const void *, size_t, time_t));
int parse __P((int, struct in_addr *, struct in_addr *));
+void gentoken __P((char *, int));
/*
* A small routine to check for the existance of the ".noident"
@@ -51,21 +52,25 @@ check_noident(homedir)
return 0;
}
-static unsigned char itoa64[] = /* 0 ... 63 => ascii - 64 */
- "./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz";
+static char token0cnv[] = "abcdefghijklmnopqrstuvwxyz";
+static char tokencnv[] = "abcdefghijklmnopqrstuvwxyz0123456789";
-static void to64 __P((char *, u_int32_t, int));
-
-static void
-to64(s, v, n)
- char *s;
- u_int32_t v;
- int n;
+void
+gentoken(buf, len)
+ char *buf;
+ int len;
{
- while (--n >= 0) {
- *s++ = itoa64[v&0x3f];
- v >>= 6;
+ char *p;
+
+ if (len == 0)
+ return;
+ for (p = buf; len > 1; p++, len--) {
+ if (p == buf)
+ *p = token0cnv[arc4random() % (sizeof token0cnv-1)];
+ else
+ *p = tokencnv[arc4random() % (sizeof tokencnv-1)];
}
+ *p = '\0';
}
/*
@@ -259,15 +264,8 @@ parse(fd, laddr, faddr)
if (token_flag) {
char token[21];
- char *s = token;
-
- memset(token, 0, sizeof token);
- to64(s, arc4random(), 4);
- to64(s + 4, arc4random(), 4);
- to64(s + 8, arc4random(), 4);
- to64(s + 12, arc4random(), 4);
- to64(s + 16, arc4random(), 4);
+ gentoken(token, sizeof token);
syslog(LOG_NOTICE, "token %s == uid %u (%s)", token, uid,
pw->pw_name);
n = snprintf(buf, sizeof(buf),