Book a Demo!
CoCalc Logo Icon
StoreFeaturesDocsShareSupportNewsAboutPoliciesSign UpSign In
freebsd
GitHub Repository: freebsd/freebsd-src
 Path: blob/main/crypto/heimdal/kadmin/random_password.c
34865 views
1
/*

2
 * Copyright (c) 1998, 1999 Kungliga Tekniska Högskolan

3
 * (Royal Institute of Technology, Stockholm, Sweden).

4
 * All rights reserved.

5
 *

6
 * Redistribution and use in source and binary forms, with or without

7
 * modification, are permitted provided that the following conditions

8
 * are met:

9
 *

10
 * 1. Redistributions of source code must retain the above copyright

11
 *    notice, this list of conditions and the following disclaimer.

12
 *

13
 * 2. Redistributions in binary form must reproduce the above copyright

14
 *    notice, this list of conditions and the following disclaimer in the

15
 *    documentation and/or other materials provided with the distribution.

16
 *

17
 * 3. Neither the name of the Institute nor the names of its contributors

18
 *    may be used to endorse or promote products derived from this software

19
 *    without specific prior written permission.

20
 *

21
 * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND

22
 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

23
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

24
 * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE

25
 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

26
 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

27
 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

28
 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

29
 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

30
 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

31
 * SUCH DAMAGE.

32
 */

33


34
#include "kadmin_locl.h"

35


36
/* This file defines some a function that generates a random password,

37
   that can be used when creating a large amount of principals (such

38
   as for a batch of students). Since this is a political matter, you

39
   should think about how secure generated passwords has to be.

40


41
   Both methods defined here will give you at least 55 bits of

42
   entropy.

43
   */

44


45
/* If you want OTP-style passwords, define OTP_STYLE */

46


47
#ifdef OTP_STYLE

48
#include <otp.h>

49
#else

50
static void generate_password(char **pw, int num_classes, ...);

51
#endif

52


53
void

54
random_password(char *pw, size_t len)

55
{

56
#ifdef OTP_STYLE

57
    {

58
	OtpKey newkey;

59


60
	krb5_generate_random_block(&newkey, sizeof(newkey));

61
	otp_print_stddict (newkey, pw, len);

62
	strlwr(pw);

63
    }

64
#else

65
    char *pass;

66
    generate_password(&pass, 3,

67
		      "abcdefghijklmnopqrstuvwxyz", 7,

68
		      "ABCDEFGHIJKLMNOPQRSTUVWXYZ", 2,

69
		      "@$%&*()-+=:,/<>1234567890", 1);

70
    strlcpy(pw, pass, len);

71
    memset(pass, 0, strlen(pass));

72
    free(pass);

73
#endif

74
}

75


76
/* some helper functions */

77


78
#ifndef OTP_STYLE

79
/* return a random value in range 0-127 */

80
static int

81
RND(unsigned char *key, int keylen, int *left)

82
{

83
    if(*left == 0){

84
	krb5_generate_random_block(key, keylen);

85
	*left = keylen;

86
    }

87
    (*left)--;

88
    return ((unsigned char*)key)[*left];

89
}

90


91
/* This a helper function that generates a random password with a

92
   number of characters from a set of character classes.

93


94
   If there are n classes, and the size of each class is Pi, and the

95
   number of characters from each class is Ni, the number of possible

96
   passwords are (given that the character classes are disjoint):

97


98
     n             n

99
   -----        /  ----  \

100
   |   |  Ni    |  \     |

101
   |   | Pi     |   \  Ni| !

102
   |   | ---- * |   /    |

103
   |   | Ni!    |  /___  |

104
    i=1          \  i=1  /

105


106
    Since it uses the RND function above, neither the size of each

107
    class, nor the total length of the generated password should be

108
    larger than 127 (without fixing RND).

109


110
   */

111
static void

112
generate_password(char **pw, int num_classes, ...)

113
{

114
    struct {

115
	const char *str;

116
	int len;

117
	int freq;

118
    } *classes;

119
    va_list ap;

120
    int len, i;

121
    unsigned char rbuf[8]; /* random buffer */

122
    int rleft = 0;

123


124
    *pw = NULL;

125


126
    classes = malloc(num_classes * sizeof(*classes));

127
    if(classes == NULL)

128
	return;

129
    va_start(ap, num_classes);

130
    len = 0;

131
    for(i = 0; i < num_classes; i++){

132
	classes[i].str = va_arg(ap, const char*);

133
	classes[i].len = strlen(classes[i].str);

134
	classes[i].freq = va_arg(ap, int);

135
	len += classes[i].freq;

136
    }

137
    va_end(ap);

138
    *pw = malloc(len + 1);

139
    if(*pw == NULL) {

140
	free(classes);

141
	return;

142
    }

143
    for(i = 0; i < len; i++) {

144
	int j;

145
	int x = RND(rbuf, sizeof(rbuf), &rleft) % (len - i);

146
	int t = 0;

147
	for(j = 0; j < num_classes; j++) {

148
	    if(x < t + classes[j].freq) {

149
		(*pw)[i] = classes[j].str[RND(rbuf, sizeof(rbuf), &rleft)

150
					 % classes[j].len];

151
		classes[j].freq--;

152
		break;

153
	    }

154
	    t += classes[j].freq;

155
	}

156
    }

157
    (*pw)[len] = '\0';

158
    memset(rbuf, 0, sizeof(rbuf));

159
    free(classes);

160
}

161
#endif

162


163