xref: /illumos-gate/usr/src/lib/pam_modules/authtok_check/fascist.c (revision cbea7aca3fd7787405cbdbd93752998f03dfc25f)
1 /*
2  * Copyright 2009 Sun Microsystems, Inc.  All rights reserved.
3  * Use is subject to license terms.
4  * Copyright 2024 OmniOS Community Edition (OmniOSce) Association.
5  */
6 
7 /*
8  * This program is copyright Alec Muffett 1993. The author disclaims all
9  * responsibility or liability with respect to it's usage or its effect
10  * upon hardware or computer systems, and maintains copyright as set out
11  * in the "LICENCE" document which accompanies distributions of Crack v4.0
12  * and upwards.
13  */
14 
15 #include "packer.h"
16 
17 
18 static char *r_destructors[] = {
19 	":",			/* noop - must do this to test raw word. */
20 	"[",			/* trimming leading/trailing junk */
21 	"]",
22 	"[[",
23 	"]]",
24 	"[[[",
25 	"]]]",
26 
27 	"/?p@?p",		/* purging out punctuation/symbols/junk */
28 	"/?s@?s",
29 	"/?X@?X",
30 	/* attempt reverse engineering of password strings */
31 	"/$s$s",
32 	"/$s$s/0s0o",
33 	"/$s$s/0s0o/2s2a",
34 	"/$s$s/0s0o/2s2a/3s3e",
35 	"/$s$s/0s0o/2s2a/3s3e/5s5s",
36 	"/$s$s/0s0o/2s2a/3s3e/5s5s/1s1i",
37 	"/$s$s/0s0o/2s2a/3s3e/5s5s/1s1l",
38 	"/$s$s/0s0o/2s2a/3s3e/5s5s/1s1i/4s4a",
39 	"/$s$s/0s0o/2s2a/3s3e/5s5s/1s1i/4s4h",
40 	"/$s$s/0s0o/2s2a/3s3e/5s5s/1s1l/4s4a",
41 	"/$s$s/0s0o/2s2a/3s3e/5s5s/1s1l/4s4h",
42 	"/$s$s/0s0o/2s2a/3s3e/5s5s/4s4a",
43 	"/$s$s/0s0o/2s2a/3s3e/5s5s/4s4h",
44 	"/$s$s/0s0o/2s2a/3s3e/5s5s/4s4a",
45 	"/$s$s/0s0o/2s2a/3s3e/5s5s/4s4h",
46 	"/$s$s/0s0o/2s2a/3s3e/1s1i",
47 	"/$s$s/0s0o/2s2a/3s3e/1s1l",
48 	"/$s$s/0s0o/2s2a/3s3e/1s1i/4s4a",
49 	"/$s$s/0s0o/2s2a/3s3e/1s1i/4s4h",
50 	"/$s$s/0s0o/2s2a/3s3e/1s1l/4s4a",
51 	"/$s$s/0s0o/2s2a/3s3e/1s1l/4s4h",
52 	"/$s$s/0s0o/2s2a/3s3e/4s4a",
53 	"/$s$s/0s0o/2s2a/3s3e/4s4h",
54 	"/$s$s/0s0o/2s2a/3s3e/4s4a",
55 	"/$s$s/0s0o/2s2a/3s3e/4s4h",
56 	"/$s$s/0s0o/2s2a/5s5s",
57 	"/$s$s/0s0o/2s2a/5s5s/1s1i",
58 	"/$s$s/0s0o/2s2a/5s5s/1s1l",
59 	"/$s$s/0s0o/2s2a/5s5s/1s1i/4s4a",
60 	"/$s$s/0s0o/2s2a/5s5s/1s1i/4s4h",
61 	"/$s$s/0s0o/2s2a/5s5s/1s1l/4s4a",
62 	"/$s$s/0s0o/2s2a/5s5s/1s1l/4s4h",
63 	"/$s$s/0s0o/2s2a/5s5s/4s4a",
64 	"/$s$s/0s0o/2s2a/5s5s/4s4h",
65 	"/$s$s/0s0o/2s2a/5s5s/4s4a",
66 	"/$s$s/0s0o/2s2a/5s5s/4s4h",
67 	"/$s$s/0s0o/2s2a/1s1i",
68 	"/$s$s/0s0o/2s2a/1s1l",
69 	"/$s$s/0s0o/2s2a/1s1i/4s4a",
70 	"/$s$s/0s0o/2s2a/1s1i/4s4h",
71 	"/$s$s/0s0o/2s2a/1s1l/4s4a",
72 	"/$s$s/0s0o/2s2a/1s1l/4s4h",
73 	"/$s$s/0s0o/2s2a/4s4a",
74 	"/$s$s/0s0o/2s2a/4s4h",
75 	"/$s$s/0s0o/2s2a/4s4a",
76 	"/$s$s/0s0o/2s2a/4s4h",
77 	"/$s$s/0s0o/3s3e",
78 	"/$s$s/0s0o/3s3e/5s5s",
79 	"/$s$s/0s0o/3s3e/5s5s/1s1i",
80 	"/$s$s/0s0o/3s3e/5s5s/1s1l",
81 	"/$s$s/0s0o/3s3e/5s5s/1s1i/4s4a",
82 	"/$s$s/0s0o/3s3e/5s5s/1s1i/4s4h",
83 	"/$s$s/0s0o/3s3e/5s5s/1s1l/4s4a",
84 	"/$s$s/0s0o/3s3e/5s5s/1s1l/4s4h",
85 	"/$s$s/0s0o/3s3e/5s5s/4s4a",
86 	"/$s$s/0s0o/3s3e/5s5s/4s4h",
87 	"/$s$s/0s0o/3s3e/5s5s/4s4a",
88 	"/$s$s/0s0o/3s3e/5s5s/4s4h",
89 	"/$s$s/0s0o/3s3e/1s1i",
90 	"/$s$s/0s0o/3s3e/1s1l",
91 	"/$s$s/0s0o/3s3e/1s1i/4s4a",
92 	"/$s$s/0s0o/3s3e/1s1i/4s4h",
93 	"/$s$s/0s0o/3s3e/1s1l/4s4a",
94 	"/$s$s/0s0o/3s3e/1s1l/4s4h",
95 	"/$s$s/0s0o/3s3e/4s4a",
96 	"/$s$s/0s0o/3s3e/4s4h",
97 	"/$s$s/0s0o/3s3e/4s4a",
98 	"/$s$s/0s0o/3s3e/4s4h",
99 	"/$s$s/0s0o/5s5s",
100 	"/$s$s/0s0o/5s5s/1s1i",
101 	"/$s$s/0s0o/5s5s/1s1l",
102 	"/$s$s/0s0o/5s5s/1s1i/4s4a",
103 	"/$s$s/0s0o/5s5s/1s1i/4s4h",
104 	"/$s$s/0s0o/5s5s/1s1l/4s4a",
105 	"/$s$s/0s0o/5s5s/1s1l/4s4h",
106 	"/$s$s/0s0o/5s5s/4s4a",
107 	"/$s$s/0s0o/5s5s/4s4h",
108 	"/$s$s/0s0o/5s5s/4s4a",
109 	"/$s$s/0s0o/5s5s/4s4h",
110 	"/$s$s/0s0o/1s1i",
111 	"/$s$s/0s0o/1s1l",
112 	"/$s$s/0s0o/1s1i/4s4a",
113 	"/$s$s/0s0o/1s1i/4s4h",
114 	"/$s$s/0s0o/1s1l/4s4a",
115 	"/$s$s/0s0o/1s1l/4s4h",
116 	"/$s$s/0s0o/4s4a",
117 	"/$s$s/0s0o/4s4h",
118 	"/$s$s/0s0o/4s4a",
119 	"/$s$s/0s0o/4s4h",
120 	"/$s$s/2s2a",
121 	"/$s$s/2s2a/3s3e",
122 	"/$s$s/2s2a/3s3e/5s5s",
123 	"/$s$s/2s2a/3s3e/5s5s/1s1i",
124 	"/$s$s/2s2a/3s3e/5s5s/1s1l",
125 	"/$s$s/2s2a/3s3e/5s5s/1s1i/4s4a",
126 	"/$s$s/2s2a/3s3e/5s5s/1s1i/4s4h",
127 	"/$s$s/2s2a/3s3e/5s5s/1s1l/4s4a",
128 	"/$s$s/2s2a/3s3e/5s5s/1s1l/4s4h",
129 	"/$s$s/2s2a/3s3e/5s5s/4s4a",
130 	"/$s$s/2s2a/3s3e/5s5s/4s4h",
131 	"/$s$s/2s2a/3s3e/5s5s/4s4a",
132 	"/$s$s/2s2a/3s3e/5s5s/4s4h",
133 	"/$s$s/2s2a/3s3e/1s1i",
134 	"/$s$s/2s2a/3s3e/1s1l",
135 	"/$s$s/2s2a/3s3e/1s1i/4s4a",
136 	"/$s$s/2s2a/3s3e/1s1i/4s4h",
137 	"/$s$s/2s2a/3s3e/1s1l/4s4a",
138 	"/$s$s/2s2a/3s3e/1s1l/4s4h",
139 	"/$s$s/2s2a/3s3e/4s4a",
140 	"/$s$s/2s2a/3s3e/4s4h",
141 	"/$s$s/2s2a/3s3e/4s4a",
142 	"/$s$s/2s2a/3s3e/4s4h",
143 	"/$s$s/2s2a/5s5s",
144 	"/$s$s/2s2a/5s5s/1s1i",
145 	"/$s$s/2s2a/5s5s/1s1l",
146 	"/$s$s/2s2a/5s5s/1s1i/4s4a",
147 	"/$s$s/2s2a/5s5s/1s1i/4s4h",
148 	"/$s$s/2s2a/5s5s/1s1l/4s4a",
149 	"/$s$s/2s2a/5s5s/1s1l/4s4h",
150 	"/$s$s/2s2a/5s5s/4s4a",
151 	"/$s$s/2s2a/5s5s/4s4h",
152 	"/$s$s/2s2a/5s5s/4s4a",
153 	"/$s$s/2s2a/5s5s/4s4h",
154 	"/$s$s/2s2a/1s1i",
155 	"/$s$s/2s2a/1s1l",
156 	"/$s$s/2s2a/1s1i/4s4a",
157 	"/$s$s/2s2a/1s1i/4s4h",
158 	"/$s$s/2s2a/1s1l/4s4a",
159 	"/$s$s/2s2a/1s1l/4s4h",
160 	"/$s$s/2s2a/4s4a",
161 	"/$s$s/2s2a/4s4h",
162 	"/$s$s/2s2a/4s4a",
163 	"/$s$s/2s2a/4s4h",
164 	"/$s$s/3s3e",
165 	"/$s$s/3s3e/5s5s",
166 	"/$s$s/3s3e/5s5s/1s1i",
167 	"/$s$s/3s3e/5s5s/1s1l",
168 	"/$s$s/3s3e/5s5s/1s1i/4s4a",
169 	"/$s$s/3s3e/5s5s/1s1i/4s4h",
170 	"/$s$s/3s3e/5s5s/1s1l/4s4a",
171 	"/$s$s/3s3e/5s5s/1s1l/4s4h",
172 	"/$s$s/3s3e/5s5s/4s4a",
173 	"/$s$s/3s3e/5s5s/4s4h",
174 	"/$s$s/3s3e/5s5s/4s4a",
175 	"/$s$s/3s3e/5s5s/4s4h",
176 	"/$s$s/3s3e/1s1i",
177 	"/$s$s/3s3e/1s1l",
178 	"/$s$s/3s3e/1s1i/4s4a",
179 	"/$s$s/3s3e/1s1i/4s4h",
180 	"/$s$s/3s3e/1s1l/4s4a",
181 	"/$s$s/3s3e/1s1l/4s4h",
182 	"/$s$s/3s3e/4s4a",
183 	"/$s$s/3s3e/4s4h",
184 	"/$s$s/3s3e/4s4a",
185 	"/$s$s/3s3e/4s4h",
186 	"/$s$s/5s5s",
187 	"/$s$s/5s5s/1s1i",
188 	"/$s$s/5s5s/1s1l",
189 	"/$s$s/5s5s/1s1i/4s4a",
190 	"/$s$s/5s5s/1s1i/4s4h",
191 	"/$s$s/5s5s/1s1l/4s4a",
192 	"/$s$s/5s5s/1s1l/4s4h",
193 	"/$s$s/5s5s/4s4a",
194 	"/$s$s/5s5s/4s4h",
195 	"/$s$s/5s5s/4s4a",
196 	"/$s$s/5s5s/4s4h",
197 	"/$s$s/1s1i",
198 	"/$s$s/1s1l",
199 	"/$s$s/1s1i/4s4a",
200 	"/$s$s/1s1i/4s4h",
201 	"/$s$s/1s1l/4s4a",
202 	"/$s$s/1s1l/4s4h",
203 	"/$s$s/4s4a",
204 	"/$s$s/4s4h",
205 	"/$s$s/4s4a",
206 	"/$s$s/4s4h",
207 	"/0s0o",
208 	"/0s0o/2s2a",
209 	"/0s0o/2s2a/3s3e",
210 	"/0s0o/2s2a/3s3e/5s5s",
211 	"/0s0o/2s2a/3s3e/5s5s/1s1i",
212 	"/0s0o/2s2a/3s3e/5s5s/1s1l",
213 	"/0s0o/2s2a/3s3e/5s5s/1s1i/4s4a",
214 	"/0s0o/2s2a/3s3e/5s5s/1s1i/4s4h",
215 	"/0s0o/2s2a/3s3e/5s5s/1s1l/4s4a",
216 	"/0s0o/2s2a/3s3e/5s5s/1s1l/4s4h",
217 	"/0s0o/2s2a/3s3e/5s5s/4s4a",
218 	"/0s0o/2s2a/3s3e/5s5s/4s4h",
219 	"/0s0o/2s2a/3s3e/5s5s/4s4a",
220 	"/0s0o/2s2a/3s3e/5s5s/4s4h",
221 	"/0s0o/2s2a/3s3e/1s1i",
222 	"/0s0o/2s2a/3s3e/1s1l",
223 	"/0s0o/2s2a/3s3e/1s1i/4s4a",
224 	"/0s0o/2s2a/3s3e/1s1i/4s4h",
225 	"/0s0o/2s2a/3s3e/1s1l/4s4a",
226 	"/0s0o/2s2a/3s3e/1s1l/4s4h",
227 	"/0s0o/2s2a/3s3e/4s4a",
228 	"/0s0o/2s2a/3s3e/4s4h",
229 	"/0s0o/2s2a/3s3e/4s4a",
230 	"/0s0o/2s2a/3s3e/4s4h",
231 	"/0s0o/2s2a/5s5s",
232 	"/0s0o/2s2a/5s5s/1s1i",
233 	"/0s0o/2s2a/5s5s/1s1l",
234 	"/0s0o/2s2a/5s5s/1s1i/4s4a",
235 	"/0s0o/2s2a/5s5s/1s1i/4s4h",
236 	"/0s0o/2s2a/5s5s/1s1l/4s4a",
237 	"/0s0o/2s2a/5s5s/1s1l/4s4h",
238 	"/0s0o/2s2a/5s5s/4s4a",
239 	"/0s0o/2s2a/5s5s/4s4h",
240 	"/0s0o/2s2a/5s5s/4s4a",
241 	"/0s0o/2s2a/5s5s/4s4h",
242 	"/0s0o/2s2a/1s1i",
243 	"/0s0o/2s2a/1s1l",
244 	"/0s0o/2s2a/1s1i/4s4a",
245 	"/0s0o/2s2a/1s1i/4s4h",
246 	"/0s0o/2s2a/1s1l/4s4a",
247 	"/0s0o/2s2a/1s1l/4s4h",
248 	"/0s0o/2s2a/4s4a",
249 	"/0s0o/2s2a/4s4h",
250 	"/0s0o/2s2a/4s4a",
251 	"/0s0o/2s2a/4s4h",
252 	"/0s0o/3s3e",
253 	"/0s0o/3s3e/5s5s",
254 	"/0s0o/3s3e/5s5s/1s1i",
255 	"/0s0o/3s3e/5s5s/1s1l",
256 	"/0s0o/3s3e/5s5s/1s1i/4s4a",
257 	"/0s0o/3s3e/5s5s/1s1i/4s4h",
258 	"/0s0o/3s3e/5s5s/1s1l/4s4a",
259 	"/0s0o/3s3e/5s5s/1s1l/4s4h",
260 	"/0s0o/3s3e/5s5s/4s4a",
261 	"/0s0o/3s3e/5s5s/4s4h",
262 	"/0s0o/3s3e/5s5s/4s4a",
263 	"/0s0o/3s3e/5s5s/4s4h",
264 	"/0s0o/3s3e/1s1i",
265 	"/0s0o/3s3e/1s1l",
266 	"/0s0o/3s3e/1s1i/4s4a",
267 	"/0s0o/3s3e/1s1i/4s4h",
268 	"/0s0o/3s3e/1s1l/4s4a",
269 	"/0s0o/3s3e/1s1l/4s4h",
270 	"/0s0o/3s3e/4s4a",
271 	"/0s0o/3s3e/4s4h",
272 	"/0s0o/3s3e/4s4a",
273 	"/0s0o/3s3e/4s4h",
274 	"/0s0o/5s5s",
275 	"/0s0o/5s5s/1s1i",
276 	"/0s0o/5s5s/1s1l",
277 	"/0s0o/5s5s/1s1i/4s4a",
278 	"/0s0o/5s5s/1s1i/4s4h",
279 	"/0s0o/5s5s/1s1l/4s4a",
280 	"/0s0o/5s5s/1s1l/4s4h",
281 	"/0s0o/5s5s/4s4a",
282 	"/0s0o/5s5s/4s4h",
283 	"/0s0o/5s5s/4s4a",
284 	"/0s0o/5s5s/4s4h",
285 	"/0s0o/1s1i",
286 	"/0s0o/1s1l",
287 	"/0s0o/1s1i/4s4a",
288 	"/0s0o/1s1i/4s4h",
289 	"/0s0o/1s1l/4s4a",
290 	"/0s0o/1s1l/4s4h",
291 	"/0s0o/4s4a",
292 	"/0s0o/4s4h",
293 	"/0s0o/4s4a",
294 	"/0s0o/4s4h",
295 	"/2s2a",
296 	"/2s2a/3s3e",
297 	"/2s2a/3s3e/5s5s",
298 	"/2s2a/3s3e/5s5s/1s1i",
299 	"/2s2a/3s3e/5s5s/1s1l",
300 	"/2s2a/3s3e/5s5s/1s1i/4s4a",
301 	"/2s2a/3s3e/5s5s/1s1i/4s4h",
302 	"/2s2a/3s3e/5s5s/1s1l/4s4a",
303 	"/2s2a/3s3e/5s5s/1s1l/4s4h",
304 	"/2s2a/3s3e/5s5s/4s4a",
305 	"/2s2a/3s3e/5s5s/4s4h",
306 	"/2s2a/3s3e/5s5s/4s4a",
307 	"/2s2a/3s3e/5s5s/4s4h",
308 	"/2s2a/3s3e/1s1i",
309 	"/2s2a/3s3e/1s1l",
310 	"/2s2a/3s3e/1s1i/4s4a",
311 	"/2s2a/3s3e/1s1i/4s4h",
312 	"/2s2a/3s3e/1s1l/4s4a",
313 	"/2s2a/3s3e/1s1l/4s4h",
314 	"/2s2a/3s3e/4s4a",
315 	"/2s2a/3s3e/4s4h",
316 	"/2s2a/3s3e/4s4a",
317 	"/2s2a/3s3e/4s4h",
318 	"/2s2a/5s5s",
319 	"/2s2a/5s5s/1s1i",
320 	"/2s2a/5s5s/1s1l",
321 	"/2s2a/5s5s/1s1i/4s4a",
322 	"/2s2a/5s5s/1s1i/4s4h",
323 	"/2s2a/5s5s/1s1l/4s4a",
324 	"/2s2a/5s5s/1s1l/4s4h",
325 	"/2s2a/5s5s/4s4a",
326 	"/2s2a/5s5s/4s4h",
327 	"/2s2a/5s5s/4s4a",
328 	"/2s2a/5s5s/4s4h",
329 	"/2s2a/1s1i",
330 	"/2s2a/1s1l",
331 	"/2s2a/1s1i/4s4a",
332 	"/2s2a/1s1i/4s4h",
333 	"/2s2a/1s1l/4s4a",
334 	"/2s2a/1s1l/4s4h",
335 	"/2s2a/4s4a",
336 	"/2s2a/4s4h",
337 	"/2s2a/4s4a",
338 	"/2s2a/4s4h",
339 	"/3s3e",
340 	"/3s3e/5s5s",
341 	"/3s3e/5s5s/1s1i",
342 	"/3s3e/5s5s/1s1l",
343 	"/3s3e/5s5s/1s1i/4s4a",
344 	"/3s3e/5s5s/1s1i/4s4h",
345 	"/3s3e/5s5s/1s1l/4s4a",
346 	"/3s3e/5s5s/1s1l/4s4h",
347 	"/3s3e/5s5s/4s4a",
348 	"/3s3e/5s5s/4s4h",
349 	"/3s3e/5s5s/4s4a",
350 	"/3s3e/5s5s/4s4h",
351 	"/3s3e/1s1i",
352 	"/3s3e/1s1l",
353 	"/3s3e/1s1i/4s4a",
354 	"/3s3e/1s1i/4s4h",
355 	"/3s3e/1s1l/4s4a",
356 	"/3s3e/1s1l/4s4h",
357 	"/3s3e/4s4a",
358 	"/3s3e/4s4h",
359 	"/3s3e/4s4a",
360 	"/3s3e/4s4h",
361 	"/5s5s",
362 	"/5s5s/1s1i",
363 	"/5s5s/1s1l",
364 	"/5s5s/1s1i/4s4a",
365 	"/5s5s/1s1i/4s4h",
366 	"/5s5s/1s1l/4s4a",
367 	"/5s5s/1s1l/4s4h",
368 	"/5s5s/4s4a",
369 	"/5s5s/4s4h",
370 	"/5s5s/4s4a",
371 	"/5s5s/4s4h",
372 	"/1s1i",
373 	"/1s1l",
374 	"/1s1i/4s4a",
375 	"/1s1i/4s4h",
376 	"/1s1l/4s4a",
377 	"/1s1l/4s4h",
378 	"/4s4a",
379 	"/4s4h",
380 	"/4s4a",
381 	"/4s4h",
382 	/* done */
383 	(char *)0
384 };
385 
386 
387 int
FascistLook(PWDICT * pwp,const char * instring)388 FascistLook(PWDICT *pwp, const char *instring)
389 {
390 	int i;
391 	char *password;
392 	uint32_t notfound;
393 	char rpassword[PATH_MAX];
394 
395 	notfound = PW_WORDS(pwp);
396 
397 	(void) strlcpy(rpassword, instring, TRUNCSTRINGSIZE);
398 	password = rpassword;
399 
400 	(void) strcpy(password, Lowercase(password));
401 	(void) Trim(password);
402 
403 	/*
404 	 * it should be safe to use Mangle with its reliance on PATH_SIZE
405 	 * since password cannot be longer than TRUNCSTRINGSIZE;
406 	 * nonetheless this is not an elegant solution
407 	 */
408 
409 	for (i = 0; r_destructors[i]; i++) {
410 		char *a;
411 
412 		if (!(a = Mangle(password, r_destructors[i]))) {
413 			continue;
414 		}
415 
416 		if (FindPW(pwp, a) != notfound) {
417 			return (DICTIONARY_WORD);
418 		}
419 	}
420 
421 	(void) strlcpy(password, Reverse(password), PATH_MAX);
422 
423 	for (i = 0; r_destructors[i]; i++) {
424 		char *a;
425 
426 		if (!(a = Mangle(password, r_destructors[i]))) {
427 			continue;
428 		}
429 		if (FindPW(pwp, a) != notfound) {
430 			return (REVERSE_DICTIONARY_WORD);
431 		}
432 	}
433 
434 	return (0);
435 }
436 
437 int
DictCheck(const char * password,char * path)438 DictCheck(const char *password, char *path)
439 {
440 	PWDICT *pwp;
441 	int r;
442 
443 	if ((pwp = PWOpen(path, "rF")) == NULL)
444 		return (DATABASE_OPEN_FAIL);
445 
446 	r = FascistLook(pwp, password);
447 	(void) PWClose(pwp);
448 	return (r);
449 }
450