xref: /illumos-gate/usr/src/lib/libc/port/gen/crypt.c (revision 3d393ee6c37fa10ac512ed6d36109ad616dc7c1a)
1 /*
2  * CDDL HEADER START
3  *
4  * The contents of this file are subject to the terms of the
5  * Common Development and Distribution License (the "License").
6  * You may not use this file except in compliance with the License.
7  *
8  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9  * or http://www.opensolaris.org/os/licensing.
10  * See the License for the specific language governing permissions
11  * and limitations under the License.
12  *
13  * When distributing Covered Code, include this CDDL HEADER in each
14  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15  * If applicable, add the following below this CDDL HEADER, with the
16  * fields enclosed by brackets "[]" replaced with your own identifying
17  * information: Portions Copyright [yyyy] [name of copyright owner]
18  *
19  * CDDL HEADER END
20  */
21 
22 /*
23  * Copyright 2008 Sun Microsystems, Inc.  All rights reserved.
24  * Use is subject to license terms.
25  */
26 
27 #pragma ident	"%Z%%M%	%I%	%E% SMI"
28 
29 #pragma	weak _crypt = crypt
30 #pragma weak _encrypt = encrypt
31 #pragma weak _setkey = setkey
32 
33 #include "lint.h"
34 #include "mtlib.h"
35 #include <synch.h>
36 #include <thread.h>
37 #include <ctype.h>
38 #include <dlfcn.h>
39 #include <errno.h>
40 #include <stdio.h>
41 #include <strings.h>
42 #include <stdlib.h>
43 #include <sys/time.h>
44 #include <limits.h>
45 #include <sys/types.h>
46 #include <sys/stat.h>
47 #include <fcntl.h>
48 #include <syslog.h>
49 #include <unistd.h>
50 #include <atomic.h>
51 
52 #include <crypt.h>
53 #include <libc.h>
54 #include "tsd.h"
55 
56 #define	CRYPT_ALGORITHMS_ALLOW		"CRYPT_ALGORITHMS_ALLOW"
57 #define	CRYPT_ALGORITHMS_DEPRECATE	"CRYPT_ALGORITHMS_DEPRECATE"
58 #define	CRYPT_DEFAULT			"CRYPT_DEFAULT"
59 #define	CRYPT_UNIX			"__unix__"
60 
61 #define	CRYPT_CONFFILE		"/etc/security/crypt.conf"
62 #define	POLICY_CONF_FILE	"/etc/security/policy.conf"
63 
64 #define	CRYPT_CONFLINELENGTH	1024
65 
66 #define	CRYPT_MODULE_ISA	"/$ISA/"
67 #ifdef	_LP64
68 #define	CRYPT_MODULE_DIR	"/usr/lib/security/64/"
69 #define	CRYPT_ISA_DIR		"/64/"
70 #else	/* !_LP64 */
71 #define	CRYPT_MODULE_DIR	"/usr/lib/security/"
72 #define	CRYPT_ISA_DIR		"/"
73 #endif	/* _LP64 */
74 
75 /*
76  * MAX_ALGNAME_LEN:
77  *
78  * In practical terms this is probably never any bigger than about 10, but...
79  *
80  * It has to fix the encrypted password filed of struct spwd it is
81  * theoretically the maximum length of the cipher minus the magic $ sign.
82  * Though that would be unexpected.
83  * Since it also has to fit in crypt.conf it is CRYPT_CONFLINELENGTH
84  * minus the path to the module and the minimum white space.
85  *
86  * CRYPT_MAXCIPHERTEXTLEN is defined in crypt.h and is smaller than
87  * CRYPT_CONFLINELENGTH, and probably always will be.
88  */
89 #define	MAX_ALGNAME_LEN	(CRYPT_MAXCIPHERTEXTLEN - 1)
90 
91 struct crypt_alg_s {
92 	void	*a_libhandle;
93 	char	*(*a_genhash)(char *, const size_t, const char *,
94 		    const char *, const char **);
95 	char	*(*a_gensalt)(char *, const size_t,
96 		    const char *, const struct passwd *, const char **);
97 	char	**a_params;
98 	int	a_nparams;
99 };
100 
101 struct crypt_policy_s {
102 	char	*cp_default;
103 	char	*cp_allow;
104 	char	*cp_deny;
105 };
106 
107 enum crypt_policy_error_e {
108 	CPE_BOTH = 1,
109 	CPE_MULTI
110 };
111 
112 static struct crypt_policy_s *getcryptpolicy(void);
113 static void free_crypt_policy(struct crypt_policy_s *policy);
114 static struct crypt_alg_s  *getalgbyname(const char *algname, boolean_t *found);
115 static void free_crypt_alg(struct crypt_alg_s *alg);
116 static char *getalgfromsalt(const char *salt);
117 static boolean_t alg_valid(const char *algname,
118     const struct crypt_policy_s *policy);
119 static char *isa_path(const char *path);
120 
121 static char *_unix_crypt(const char *pw, const char *salt, char *iobuf);
122 static char *_unix_crypt_gensalt(char *gsbuffer, size_t gsbufflen,
123 	    const char *oldpuresalt, const struct passwd *userinfo,
124 	    const char *params[]);
125 
126 
127 /*
128  * crypt - string encoding function
129  *
130  * This function encodes strings in a suitable for for secure storage
131  * as passwords.  It generates the password hash given the plaintext and salt.
132  *
133  * If the first character of salt is "$" then we use crypt.conf(4) to
134  * determine which plugin to use and run the crypt_genhash_impl(3c) function
135  * from it.
136  * Otherwise we use the old unix algorithm.
137  *
138  * RETURN VALUES
139  *	On Success we return a pointer to the encoded string.  The
140  *	return value points to thread specific static data and should NOT
141  *	be passed free(3c).
142  *	On failure we return NULL and set errno to one of:
143  *		EINVAL, ELIBACC, ENOMEM, ENOSYS.
144  */
145 char *
146 crypt(const char *plaintext, const char *salt)
147 {
148 	struct crypt_alg_s *alg;
149 	char *ctbuffer;
150 	char *ciphertext;
151 	char *algname;
152 	boolean_t found;
153 
154 	ctbuffer = tsdalloc(_T_CRYPT, CRYPT_MAXCIPHERTEXTLEN, NULL);
155 	if (ctbuffer == NULL)
156 		return (NULL);
157 	bzero(ctbuffer, CRYPT_MAXCIPHERTEXTLEN);
158 
159 	/*
160 	 * '$' is never a possible salt char with the traditional unix
161 	 * algorithm.  If the salt passed in is NULL or the first char
162 	 * of the salt isn't a $ then do the traditional thing.
163 	 * We also do the traditional thing if the salt is only 1 char.
164 	 */
165 	if (salt == NULL || salt[0] != '$' || strlen(salt) == 1) {
166 		return (_unix_crypt(plaintext, salt, ctbuffer));
167 	}
168 
169 	/*
170 	 * Find the algorithm name from the salt and look it up in
171 	 * crypt.conf(4) to find out what shared object to use.
172 	 * If we can't find it in crypt.conf then getalgbyname would
173 	 * have returned with found = B_FALSE so we use the unix algorithm.
174 	 * If alg is NULL but found = B_TRUE then there is a problem with
175 	 * the plugin so we fail leaving errno set to what getalgbyname()
176 	 * set it to or EINVAL it if wasn't set.
177 	 */
178 	if ((algname = getalgfromsalt(salt)) == NULL) {
179 		return (NULL);
180 	}
181 
182 	errno = 0;
183 	alg = getalgbyname(algname, &found);
184 	if ((alg == NULL) || !found) {
185 		if (errno == 0)
186 			errno = EINVAL;
187 		ciphertext = NULL;
188 		goto cleanup;
189 	} else if (!found) {
190 		ciphertext = _unix_crypt(plaintext, salt, ctbuffer);
191 	} else {
192 		ciphertext = alg->a_genhash(ctbuffer, CRYPT_MAXCIPHERTEXTLEN,
193 		    plaintext, salt, (const char **)alg->a_params);
194 	}
195 
196 cleanup:
197 	free_crypt_alg(alg);
198 	if (algname != NULL)
199 		free(algname);
200 
201 	return (ciphertext);
202 }
203 
204 /*
205  * crypt_gensalt - generate salt string for string encoding
206  *
207  * This function generates the salt string pased to crypt(3c).
208  * If oldsalt is NULL, the use the default algorithm.
209  * Other wise check the policy in policy.conf to ensure that it is
210  * either still allowed or not deprecated.
211  *
212  * RETURN VALUES
213  * 	Return a pointer to the new salt, the caller is responsible
214  * 	for using free(3c) on the return value.
215  * 	Returns NULL on error and sets errno to one of:
216  * 		EINVAL, ELIBACC, ENOMEM
217  */
218 char *
219 crypt_gensalt(const char *oldsalt, const struct passwd *userinfo)
220 {
221 	struct crypt_alg_s *alg = NULL;
222 	struct crypt_policy_s *policy = NULL;
223 	char *newsalt = NULL;
224 	char *gsbuffer;
225 	char *algname = NULL;
226 	boolean_t found;
227 
228 	gsbuffer = calloc(CRYPT_MAXCIPHERTEXTLEN, sizeof (char *));
229 	if (gsbuffer == NULL) {
230 		errno = ENOMEM;
231 		goto cleanup;
232 	}
233 
234 	policy = getcryptpolicy();
235 	if (policy == NULL) {
236 		errno = EINVAL;
237 		goto cleanup;
238 	}
239 
240 	algname = getalgfromsalt(oldsalt);
241 	if (!alg_valid(algname, policy)) {
242 		free(algname);
243 		algname = strdup(policy->cp_default);
244 	}
245 
246 	if (strcmp(algname, CRYPT_UNIX) == 0) {
247 		newsalt = _unix_crypt_gensalt(gsbuffer, CRYPT_MAXCIPHERTEXTLEN,
248 		    oldsalt, userinfo, NULL);
249 	} else {
250 		errno = 0;
251 		alg = getalgbyname(algname, &found);
252 		if (alg == NULL || !found) {
253 			if (errno == 0)
254 				errno = EINVAL;
255 			goto cleanup;
256 		}
257 		newsalt = alg->a_gensalt(gsbuffer, CRYPT_MAXCIPHERTEXTLEN,
258 		    oldsalt, userinfo, (const char **)alg->a_params);
259 	}
260 
261 cleanup:
262 	free_crypt_policy(policy);
263 	free_crypt_alg(alg);
264 	if (newsalt == NULL && gsbuffer != NULL)
265 		free(gsbuffer);
266 	if (algname != NULL)
267 		free(algname);
268 
269 	return (newsalt);
270 }
271 
272 /*
273  * ===========================================================================
274  * The remainder of this file contains internal interfaces for
275  * the implementation of crypt(3c) and crypt_gensalt(3c)
276  * ===========================================================================
277  */
278 
279 
280 /*
281  * getalgfromsalt - extract the algorithm name from the salt string
282  */
283 static char *
284 getalgfromsalt(const char *salt)
285 {
286 	char algname[CRYPT_MAXCIPHERTEXTLEN];
287 	int i;
288 	int j;
289 
290 	if (salt == NULL || strlen(salt) > CRYPT_MAXCIPHERTEXTLEN)
291 		return (NULL);
292 	/*
293 	 * Salts are in this format:
294 	 * $<algname>[,var=val,[var=val ...][$puresalt]$<ciphertext>
295 	 *
296 	 * The only bit we need to worry about here is extracting the
297 	 * name which is the string between the first "$" and the first
298 	 * of "," or second "$".
299 	 */
300 	if (salt[0] != '$') {
301 		return (strdup(CRYPT_UNIX));
302 	}
303 
304 	i = 1;
305 	j = 0;
306 	while (salt[i] != '\0' && salt[i] != '$' && salt[i] != ',') {
307 		algname[j] = salt[i];
308 		i++;
309 		j++;
310 	}
311 	if (j == 0)
312 		return (NULL);
313 
314 	algname[j] = '\0';
315 
316 	return (strdup(algname));
317 }
318 
319 
320 /*
321  * log_invalid_policy - syslog helper
322  */
323 static void
324 log_invalid_policy(enum crypt_policy_error_e error, char *value)
325 {
326 	switch (error) {
327 	case CPE_BOTH:
328 		syslog(LOG_AUTH | LOG_ERR,
329 		    "crypt(3c): %s contains both %s and %s; only one may be "
330 		    "specified, using first entry in file.", POLICY_CONF_FILE,
331 		    CRYPT_ALGORITHMS_ALLOW, CRYPT_ALGORITHMS_DEPRECATE);
332 		break;
333 	case CPE_MULTI:
334 		syslog(LOG_AUTH | LOG_ERR,
335 		    "crypt(3c): %s contains multiple %s entries;"
336 		    "using first entry file.", POLICY_CONF_FILE, value);
337 		break;
338 	}
339 }
340 
341 static char *
342 getval(const char *ival)
343 {
344 	char *tmp;
345 	char *oval;
346 	int off;
347 
348 	if (ival == NULL)
349 		return (NULL);
350 
351 	if ((tmp = strchr(ival, '=')) == NULL)
352 		return (NULL);
353 
354 	oval = strdup(tmp + 1);	/* everything after the "=" */
355 	if (oval == NULL)
356 		return (NULL);
357 	off = strlen(oval) - 1;
358 	if (off < 0) {
359 		free(oval);
360 		return (NULL);
361 	}
362 	if (oval[off] == '\n')
363 		oval[off] = '\0';
364 
365 	return (oval);
366 }
367 
368 /*
369  * getcryptpolicy - read /etc/security/policy.conf into a crypt_policy_s
370  */
371 static struct crypt_policy_s *
372 getcryptpolicy(void)
373 {
374 	FILE	*pconf;
375 	char	line[BUFSIZ];
376 	struct crypt_policy_s *policy;
377 
378 	if ((pconf = fopen(POLICY_CONF_FILE, "rF")) == NULL) {
379 		return (NULL);
380 	}
381 
382 	policy = malloc(sizeof (struct crypt_policy_s));
383 	if (policy == NULL) {
384 		return (NULL);
385 	}
386 	policy->cp_default = NULL;
387 	policy->cp_allow = NULL;
388 	policy->cp_deny = NULL;
389 
390 	while (!feof(pconf) &&
391 	    (fgets(line, sizeof (line), pconf) != NULL)) {
392 		if (strncasecmp(CRYPT_DEFAULT, line,
393 		    strlen(CRYPT_DEFAULT)) == 0) {
394 			if (policy->cp_default != NULL) {
395 				log_invalid_policy(CPE_MULTI, CRYPT_DEFAULT);
396 			} else {
397 				policy->cp_default = getval(line);
398 			}
399 		}
400 		if (strncasecmp(CRYPT_ALGORITHMS_ALLOW, line,
401 		    strlen(CRYPT_ALGORITHMS_ALLOW)) == 0) {
402 			if (policy->cp_deny != NULL) {
403 				log_invalid_policy(CPE_BOTH, NULL);
404 			} else if (policy->cp_allow != NULL) {
405 				log_invalid_policy(CPE_MULTI,
406 				    CRYPT_ALGORITHMS_ALLOW);
407 			} else {
408 				policy->cp_allow = getval(line);
409 			}
410 		}
411 		if (strncasecmp(CRYPT_ALGORITHMS_DEPRECATE, line,
412 		    strlen(CRYPT_ALGORITHMS_DEPRECATE)) == 0) {
413 			if (policy->cp_allow != NULL) {
414 				log_invalid_policy(CPE_BOTH, NULL);
415 			} else if (policy->cp_deny != NULL) {
416 				log_invalid_policy(CPE_MULTI,
417 				    CRYPT_ALGORITHMS_DEPRECATE);
418 			} else {
419 				policy->cp_deny = getval(line);
420 			}
421 		}
422 	}
423 	(void) fclose(pconf);
424 
425 	if (policy->cp_default == NULL) {
426 		policy->cp_default = strdup(CRYPT_UNIX);
427 		if (policy->cp_default == NULL)
428 			free_crypt_policy(policy);
429 	}
430 
431 	return (policy);
432 }
433 
434 
435 /*
436  * alg_valid - is this algorithm valid given the policy ?
437  */
438 static boolean_t
439 alg_valid(const char *algname, const struct crypt_policy_s *policy)
440 {
441 	char *lasts;
442 	char *list;
443 	char *entry;
444 	boolean_t allowed = B_FALSE;
445 
446 	if ((algname == NULL) || (policy == NULL)) {
447 		return (B_FALSE);
448 	}
449 
450 	if (strcmp(algname, policy->cp_default) == 0) {
451 		return (B_TRUE);
452 	}
453 
454 	if (policy->cp_deny != NULL) {
455 		list = policy->cp_deny;
456 		allowed = B_FALSE;
457 	} else if (policy->cp_allow != NULL) {
458 		list = policy->cp_allow;
459 		allowed = B_TRUE;
460 	} else {
461 		/*
462 		 * Neither of allow or deny policies are set so anything goes.
463 		 */
464 		return (B_TRUE);
465 	}
466 	lasts = list;
467 	while ((entry = strtok_r(NULL, ",", &lasts)) != NULL) {
468 		if (strcmp(entry, algname) == 0) {
469 			return (allowed);
470 		}
471 	}
472 
473 	return (!allowed);
474 }
475 
476 /*
477  * getalgbyname - read crypt.conf(4) looking for algname
478  *
479  * RETURN VALUES
480  *	On error NULL and errno is set
481  *	On success the alg details including an open handle to the lib
482  *	If crypt.conf(4) is okay but algname doesn't exist in it then
483  *	return NULL the caller should then use the default algorithm
484  *	as per the policy.
485  */
486 static struct crypt_alg_s *
487 getalgbyname(const char *algname, boolean_t *found)
488 {
489 	struct stat	stb;
490 	int		configfd;
491 	FILE		*fconf = NULL;
492 	struct crypt_alg_s *alg = NULL;
493 	char		line[CRYPT_CONFLINELENGTH];
494 	int		linelen = 0;
495 	int		lineno = 0;
496 	char		*pathname = NULL;
497 	char		*lasts = NULL;
498 	char		*token = NULL;
499 
500 	*found = B_FALSE;
501 	if ((algname == NULL) || (strcmp(algname, CRYPT_UNIX) == 0)) {
502 		return (NULL);
503 	}
504 
505 	if ((configfd = open(CRYPT_CONFFILE, O_RDONLY)) == -1) {
506 		syslog(LOG_ALERT, "crypt: open(%s) failed: %s",
507 		    CRYPT_CONFFILE, strerror(errno));
508 		return (NULL);
509 	}
510 
511 	/*
512 	 * Stat the file so we can check modes and ownerships
513 	 */
514 	if (fstat(configfd, &stb) < 0) {
515 		syslog(LOG_ALERT, "crypt: stat(%s) failed: %s",
516 		    CRYPT_CONFFILE, strerror(errno));
517 		goto cleanup;
518 	}
519 
520 	/*
521 	 * Check the ownership of the file
522 	 */
523 	if (stb.st_uid != (uid_t)0) {
524 		syslog(LOG_ALERT,
525 		    "crypt: Owner of %s is not root", CRYPT_CONFFILE);
526 		goto cleanup;
527 	}
528 
529 	/*
530 	 * Check the modes on the file
531 	 */
532 	if (stb.st_mode & S_IWGRP) {
533 		syslog(LOG_ALERT,
534 		    "crypt: %s writable by group", CRYPT_CONFFILE);
535 		goto cleanup;
536 	}
537 	if (stb.st_mode & S_IWOTH) {
538 		syslog(LOG_ALERT,
539 		    "crypt: %s writable by world", CRYPT_CONFFILE);
540 		goto cleanup;
541 	}
542 
543 	if ((fconf = fdopen(configfd, "rF")) == NULL) {
544 		syslog(LOG_ALERT, "crypt: fdopen(%d) failed: %s",
545 		    configfd, strerror(errno));
546 		goto cleanup;
547 	}
548 
549 	/*
550 	 * /etc/security/crypt.conf has 3 fields:
551 	 * <algname>	<pathname>	[<name[=val]>[<name[=val]>]]
552 	 */
553 	errno = 0;
554 	while (!(*found) &&
555 	    ((fgets(line, sizeof (line), fconf) != NULL) && !feof(fconf))) {
556 		lineno++;
557 		/*
558 		 * Skip over comments
559 		 */
560 		if ((line[0] == '#') || (line[0] == '\n')) {
561 			continue;
562 		}
563 
564 		linelen = strlen(line);
565 		line[--linelen] = '\0';	/* chop the trailing \n */
566 
567 		token = strtok_r(line, " \t", &lasts);
568 		if (token == NULL) {
569 			continue;
570 		}
571 		if (strcmp(token, algname) == 0) {
572 			*found = B_TRUE;
573 		}
574 	}
575 	if (!found) {
576 		errno = EINVAL;
577 		goto cleanup;
578 	}
579 
580 	token = strtok_r(NULL, " \t", &lasts);
581 	if (token == NULL) {
582 		/*
583 		 * Broken config file
584 		 */
585 		syslog(LOG_ALERT, "crypt(3c): %s may be corrupt at line %d",
586 		    CRYPT_CONFFILE, lineno);
587 		*found = B_FALSE;
588 		errno = EINVAL;
589 		goto cleanup;
590 	}
591 
592 	if ((pathname = isa_path(token)) == NULL) {
593 		if (errno != ENOMEM)
594 			errno = EINVAL;
595 		*found = B_FALSE;
596 		goto cleanup;
597 	}
598 
599 	if ((alg = malloc(sizeof (struct crypt_alg_s))) == NULL) {
600 		*found = B_FALSE;
601 		goto cleanup;
602 	}
603 	alg->a_libhandle = NULL;
604 	alg->a_genhash = NULL;
605 	alg->a_gensalt = NULL;
606 	alg->a_params = NULL;
607 	alg->a_nparams = 0;
608 
609 	/*
610 	 * The rest of the line is module specific params, space
611 	 * seprated. We wait until after we have checked the module is
612 	 * valid before parsing them into a_params, this saves us
613 	 * having to free them later if there is a problem.
614 	 */
615 	if ((alg->a_libhandle = dlopen(pathname, RTLD_NOW)) == NULL) {
616 		syslog(LOG_ERR, "crypt(3c) unable to dlopen %s: %s",
617 		    pathname, dlerror());
618 		errno = ELIBACC;
619 		*found = B_FALSE;
620 		goto cleanup;
621 	}
622 
623 	alg->a_genhash =
624 	    (char *(*)())dlsym(alg->a_libhandle, "crypt_genhash_impl");
625 	if (alg->a_genhash == NULL) {
626 		syslog(LOG_ERR, "crypt(3c) unable to find cryp_genhash_impl"
627 		    "symbol in %s: %s", pathname, dlerror());
628 		errno = ELIBACC;
629 		*found = B_FALSE;
630 		goto cleanup;
631 	}
632 	alg->a_gensalt =
633 	    (char *(*)())dlsym(alg->a_libhandle, "crypt_gensalt_impl");
634 	if (alg->a_gensalt == NULL) {
635 		syslog(LOG_ERR, "crypt(3c) unable to find crypt_gensalt_impl"
636 		    "symbol in %s: %s", pathname, dlerror());
637 		errno = ELIBACC;
638 		*found = B_FALSE;
639 		goto cleanup;
640 	}
641 
642 	/*
643 	 * We have a good module so build the a_params if we have any.
644 	 * Count how much space we need first and then allocate an array
645 	 * to hold that many module params.
646 	 */
647 	if (lasts != NULL) {
648 		int nparams = 0;
649 		char *tparams;
650 		char *tplasts;
651 
652 		if ((tparams = strdup(lasts)) == NULL) {
653 			*found = B_FALSE;
654 			goto cleanup;
655 		}
656 
657 		(void) strtok_r(tparams, " \t", &tplasts);
658 		do {
659 			nparams++;
660 		} while (strtok_r(NULL, " \t", &tplasts) != NULL);
661 		free(tparams);
662 
663 		alg->a_params = calloc(nparams + 1, sizeof (char *));
664 		if (alg->a_params == NULL) {
665 			*found = B_FALSE;
666 			goto cleanup;
667 		}
668 
669 		while ((token = strtok_r(NULL, " \t", &lasts)) != NULL) {
670 			alg->a_params[alg->a_nparams++] = token;
671 		}
672 	}
673 
674 cleanup:
675 	if (*found == B_FALSE) {
676 		free_crypt_alg(alg);
677 		alg = NULL;
678 	}
679 
680 	if (pathname != NULL) {
681 		free(pathname);
682 	}
683 
684 	if (fconf != NULL) {
685 		(void) fclose(fconf);
686 	} else {
687 		(void) close(configfd);
688 	}
689 
690 	return (alg);
691 }
692 
693 static void
694 free_crypt_alg(struct crypt_alg_s *alg)
695 {
696 	if (alg == NULL)
697 		return;
698 
699 	if (alg->a_libhandle != NULL) {
700 		(void) dlclose(alg->a_libhandle);
701 	}
702 	if (alg->a_nparams != NULL) {
703 		free(alg->a_params);
704 	}
705 	free(alg);
706 }
707 
708 static void
709 free_crypt_policy(struct crypt_policy_s *policy)
710 {
711 	if (policy == NULL)
712 		return;
713 
714 	if (policy->cp_default != NULL) {
715 		bzero(policy->cp_default, strlen(policy->cp_default));
716 		free(policy->cp_default);
717 		policy->cp_default = NULL;
718 	}
719 
720 	if (policy->cp_allow != NULL) {
721 		bzero(policy->cp_allow, strlen(policy->cp_allow));
722 		free(policy->cp_allow);
723 		policy->cp_allow = NULL;
724 	}
725 
726 	if (policy->cp_deny != NULL) {
727 		bzero(policy->cp_deny, strlen(policy->cp_deny));
728 		free(policy->cp_deny);
729 		policy->cp_deny = NULL;
730 	}
731 
732 	free(policy);
733 }
734 
735 
736 /*
737  * isa_path - prepend the default dir or patch up the $ISA in path
738  * 	Caller is responsible for calling free(3c) on the result.
739  */
740 static char *
741 isa_path(const char *path)
742 {
743 	char *ret = NULL;
744 
745 	if ((path == NULL) || (strlen(path) > PATH_MAX)) {
746 		return (NULL);
747 	}
748 
749 	ret = calloc(PATH_MAX, sizeof (char));
750 
751 	/*
752 	 * Module path doesn't start with "/" then prepend
753 	 * the default search path CRYPT_MODULE_DIR (/usr/lib/security/$ISA)
754 	 */
755 	if (path[0] != '/') {
756 		if (snprintf(ret, PATH_MAX, "%s%s", CRYPT_MODULE_DIR,
757 		    path) > PATH_MAX) {
758 			free(ret);
759 			return (NULL);
760 		}
761 	} else { /* patch up $ISA */
762 		char *isa;
763 
764 		if ((isa = strstr(path, CRYPT_MODULE_ISA)) != NULL) {
765 			*isa = '\0';
766 			isa += strlen(CRYPT_MODULE_ISA);
767 			if (snprintf(ret, PATH_MAX, "%s%s%s", path,
768 			    CRYPT_ISA_DIR, isa) > PATH_MAX) {
769 				free(ret);
770 				return (NULL);
771 			}
772 		} else {
773 			free(ret);
774 			ret = strdup(path);
775 		}
776 	}
777 
778 	return (ret);
779 }
780 
781 
782 /*ARGSUSED*/
783 static char *
784 _unix_crypt_gensalt(char *gsbuffer,
785 	    size_t gsbufflen,
786 	    const char *oldpuresalt,
787 	    const struct passwd *userinfo,
788 	    const char *argv[])
789 {
790 	static const char saltchars[] =
791 	    "./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz";
792 	struct timeval tv;
793 
794 	gettimeofday(&tv, (void *) 0);
795 	srand48(tv.tv_sec ^ tv.tv_usec);
796 	gsbuffer[0] = saltchars[lrand48() % 64]; /* lrand48() is MT-SAFE */
797 	gsbuffer[1] = saltchars[lrand48() % 64]; /* lrand48() is MT-SAFE */
798 	gsbuffer[2] = '\0';
799 
800 	return (gsbuffer);
801 }
802 
803 /*
804  * The rest of the code below comes from the old crypt.c and is the
805  * implementation of the hardwired/fallback traditional algorithm
806  * It has been otimized to take better advantage of MT features.
807  *
808  * It is included here to reduce the overhead of dlopen()
809  * for the common case.
810  */
811 
812 
813 /*	Copyright (c) 1988 AT&T	*/
814 /*	  All Rights Reserved  	*/
815 
816 
817 
818 /*
819  * This program implements a data encryption algorithm to encrypt passwords.
820  */
821 
822 static mutex_t crypt_lock = DEFAULTMUTEX;
823 #define	TSDBUFSZ	(66 + 16)
824 
825 static const char IP[] = {
826 	58, 50, 42, 34, 26, 18, 10, 2,
827 	60, 52, 44, 36, 28, 20, 12, 4,
828 	62, 54, 46, 38, 30, 22, 14, 6,
829 	64, 56, 48, 40, 32, 24, 16, 8,
830 	57, 49, 41, 33, 25, 17, 9, 1,
831 	59, 51, 43, 35, 27, 19, 11, 3,
832 	61, 53, 45, 37, 29, 21, 13, 5,
833 	63, 55, 47, 39, 31, 23, 15, 7,
834 };
835 
836 static const char FP[] = {
837 	40, 8, 48, 16, 56, 24, 64, 32,
838 	39, 7, 47, 15,  55, 23, 63, 31,
839 	38, 6, 46, 14, 54, 22, 62, 30,
840 	37, 5, 45, 13, 53, 21, 61, 29,
841 	36, 4, 44, 12, 52, 20, 60, 28,
842 	35, 3, 43, 11, 51, 19, 59, 27,
843 	34, 2, 42, 10, 50, 18, 58, 26,
844 	33, 1, 41, 9, 49, 17, 57, 25,
845 };
846 
847 static const char PC1_C[] = {
848 	57, 49, 41, 33, 25, 17, 9,
849 	1, 58, 50, 42, 34, 26, 18,
850 	10, 2, 59, 51, 43, 35, 27,
851 	19, 11, 3, 60, 52, 44, 36,
852 };
853 
854 static const char PC1_D[] = {
855 	63, 55, 47, 39, 31, 23, 15,
856 	7, 62, 54, 46, 38, 30, 22,
857 	14, 6, 61, 53, 45, 37, 29,
858 	21, 13, 5, 28, 20, 12, 4,
859 };
860 
861 static const char shifts[] = {
862 	1, 1, 2, 2, 2, 2, 2, 2, 1, 2, 2, 2, 2, 2, 2, 1,
863 };
864 
865 static const char PC2_C[] = {
866 	14, 17, 11, 24, 1, 5,
867 	3, 28, 15, 6, 21, 10,
868 	23, 19, 12, 4, 26, 8,
869 	16, 7, 27, 20, 13, 2,
870 };
871 
872 static const char PC2_D[] = {
873 	41, 52, 31, 37, 47, 55,
874 	30, 40, 51, 45, 33, 48,
875 	44, 49, 39, 56, 34, 53,
876 	46, 42, 50, 36, 29, 32,
877 };
878 
879 static char C[28];
880 static char D[28];
881 static char *KS;
882 
883 static char E[48];
884 static const char e2[] = {
885 	32, 1, 2, 3, 4, 5,
886 	4, 5, 6, 7, 8, 9,
887 	8, 9, 10, 11, 12, 13,
888 	12, 13, 14, 15, 16, 17,
889 	16, 17, 18, 19, 20, 21,
890 	20, 21, 22, 23, 24, 25,
891 	24, 25, 26, 27, 28, 29,
892 	28, 29, 30, 31, 32, 1,
893 };
894 
895 /*
896  * The KS array (768 bytes) is allocated once, and only if
897  * one of _unix_crypt(), encrypt() or setkey() is called.
898  * The complexity below is due to the fact that calloc()
899  * must not be called while holding any locks.
900  */
901 static int
902 allocate_KS(void)
903 {
904 	char *ks;
905 	int failed;
906 	int assigned;
907 
908 	if (KS != NULL) {		/* already allocated */
909 		membar_consumer();
910 		return (0);
911 	}
912 
913 	ks = calloc(16, 48 * sizeof (char));
914 	failed = 0;
915 	lmutex_lock(&crypt_lock);
916 	if (KS != NULL) {	/* someone else got here first */
917 		assigned = 0;
918 	} else {
919 		assigned = 1;
920 		membar_producer();
921 		if ((KS = ks) == NULL)	/* calloc() failed */
922 			failed = 1;
923 	}
924 	lmutex_unlock(&crypt_lock);
925 	if (!assigned)
926 		free(ks);
927 	return (failed);
928 }
929 
930 static void
931 unlocked_setkey(const char *key)
932 {
933 	int i, j, k;
934 	char t;
935 
936 	for (i = 0; i < 28; i++) {
937 		C[i] = key[PC1_C[i]-1];
938 		D[i] = key[PC1_D[i]-1];
939 	}
940 	for (i = 0; i < 16; i++) {
941 		for (k = 0; k < shifts[i]; k++) {
942 			t = C[0];
943 			for (j = 0; j < 28-1; j++)
944 				C[j] = C[j+1];
945 			C[27] = t;
946 			t = D[0];
947 			for (j = 0; j < 28-1; j++)
948 				D[j] = D[j+1];
949 			D[27] = t;
950 		}
951 		for (j = 0; j < 24; j++) {
952 			int index = i * 48;
953 
954 			*(KS+index+j) = C[PC2_C[j]-1];
955 			*(KS+index+j+24) = D[PC2_D[j]-28-1];
956 		}
957 	}
958 	for (i = 0; i < 48; i++)
959 		E[i] = e2[i];
960 }
961 
962 static const char S[8][64] = {
963 	14, 4, 13, 1, 2, 15, 11, 8, 3, 10, 6, 12, 5, 9, 0, 7,
964 	0, 15, 7, 4, 14, 2, 13, 1, 10, 6, 12, 11, 9, 5, 3, 8,
965 	4, 1, 14, 8, 13, 6, 2, 11, 15, 12, 9, 7, 3, 10, 5, 0,
966 	15, 12, 8, 2, 4, 9, 1, 7, 5, 11, 3, 14, 10, 0, 6, 13,
967 
968 	15, 1, 8, 14, 6, 11, 3, 4, 9, 7, 2, 13, 12, 0, 5, 10,
969 	3, 13, 4, 7, 15, 2, 8, 14, 12, 0, 1, 10, 6, 9, 11, 5,
970 	0, 14, 7, 11, 10, 4, 13, 1, 5, 8, 12, 6, 9, 3, 2, 15,
971 	13, 8, 10, 1, 3, 15, 4, 2, 11, 6, 7, 12, 0, 5, 14, 9,
972 
973 	10, 0, 9, 14, 6, 3, 15, 5, 1, 13, 12, 7, 11, 4, 2, 8,
974 	13, 7, 0, 9, 3, 4, 6, 10, 2, 8, 5, 14, 12, 11, 15, 1,
975 	13, 6, 4, 9, 8, 15, 3, 0, 11, 1, 2, 12, 5, 10, 14, 7,
976 	1, 10, 13, 0, 6, 9, 8, 7, 4, 15, 14, 3, 11, 5, 2, 12,
977 
978 	7, 13, 14, 3, 0, 6, 9, 10, 1, 2, 8, 5, 11, 12, 4, 15,
979 	13, 8, 11, 5, 6, 15, 0, 3, 4, 7, 2, 12, 1, 10, 14, 9,
980 	10, 6, 9, 0, 12, 11, 7, 13, 15, 1, 3, 14, 5, 2, 8, 4,
981 	3, 15, 0, 6, 10, 1, 13, 8, 9, 4, 5, 11, 12, 7, 2, 14,
982 
983 	2, 12, 4, 1, 7, 10, 11, 6, 8, 5, 3, 15, 13, 0, 14, 9,
984 	14, 11, 2, 12, 4, 7, 13, 1, 5, 0, 15, 10, 3, 9, 8, 6,
985 	4, 2, 1, 11, 10, 13, 7, 8, 15, 9, 12, 5, 6, 3, 0, 14,
986 	11, 8, 12, 7, 1, 14, 2, 13, 6, 15, 0, 9, 10, 4, 5, 3,
987 
988 	12, 1, 10, 15, 9, 2, 6, 8, 0, 13, 3, 4, 14, 7, 5, 11,
989 	10, 15, 4, 2, 7, 12, 9, 5, 6, 1, 13, 14, 0, 11, 3, 8,
990 	9, 14, 15, 5, 2, 8, 12, 3, 7, 0, 4, 10, 1, 13, 11, 6,
991 	4, 3, 2, 12, 9, 5, 15, 10, 11, 14, 1, 7, 6, 0, 8, 13,
992 
993 	4, 11, 2, 14, 15, 0, 8, 13, 3, 12, 9, 7, 5, 10, 6, 1,
994 	13, 0, 11, 7, 4, 9, 1, 10, 14, 3, 5, 12, 2, 15, 8, 6,
995 	1, 4, 11, 13, 12, 3, 7, 14, 10, 15, 6, 8, 0, 5, 9, 2,
996 	6, 11, 13, 8, 1, 4, 10, 7, 9, 5, 0, 15, 14, 2, 3, 12,
997 
998 	13, 2, 8, 4, 6, 15, 11, 1, 10, 9, 3, 14, 5, 0, 12, 7,
999 	1, 15, 13, 8, 10, 3, 7, 4, 12, 5, 6, 11, 0, 14, 9, 2,
1000 	7, 11, 4, 1, 9, 12, 14, 2, 0, 6, 10, 13, 15, 3, 5, 8,
1001 	2, 1, 14, 7, 4, 10, 8, 13, 15, 12, 9, 0, 3, 5, 6, 11,
1002 };
1003 
1004 static const char P[] = {
1005 	16, 7, 20, 21,
1006 	29, 12, 28, 17,
1007 	1, 15, 23, 26,
1008 	5, 18, 31, 10,
1009 	2, 8, 24, 14,
1010 	32, 27, 3, 9,
1011 	19, 13, 30, 6,
1012 	22, 11, 4, 25,
1013 };
1014 
1015 static char L[64];
1016 static char tempL[32];
1017 static char f[32];
1018 
1019 static char preS[48];
1020 
1021 /*ARGSUSED*/
1022 static void
1023 unlocked_encrypt(char *block, int fake)
1024 {
1025 	int	i;
1026 	int t, j, k;
1027 	char *R = &L[32];
1028 
1029 	for (j = 0; j < 64; j++)
1030 		L[j] = block[IP[j]-1];
1031 	for (i = 0; i < 16; i++) {
1032 		int index = i * 48;
1033 
1034 		for (j = 0; j < 32; j++)
1035 			tempL[j] = R[j];
1036 		for (j = 0; j < 48; j++)
1037 			preS[j] = R[E[j]-1] ^ *(KS+index+j);
1038 		for (j = 0; j < 8; j++) {
1039 			t = 6 * j;
1040 			k = S[j][(preS[t+0]<<5) +
1041 			    (preS[t+1]<<3) +
1042 			    (preS[t+2]<<2) +
1043 			    (preS[t+3]<<1) +
1044 			    (preS[t+4]<<0) +
1045 			    (preS[t+5]<<4)];
1046 			t = 4*j;
1047 			f[t+0] = (k>>3)&01;
1048 			f[t+1] = (k>>2)&01;
1049 			f[t+2] = (k>>1)&01;
1050 			f[t+3] = (k>>0)&01;
1051 		}
1052 		for (j = 0; j < 32; j++)
1053 			R[j] = L[j] ^ f[P[j]-1];
1054 		for (j = 0; j < 32; j++)
1055 			L[j] = tempL[j];
1056 	}
1057 	for (j = 0; j < 32; j++) {
1058 		t = L[j];
1059 		L[j] = R[j];
1060 		R[j] = (char)t;
1061 	}
1062 	for (j = 0; j < 64; j++)
1063 		block[j] = L[FP[j]-1];
1064 }
1065 
1066 char *
1067 _unix_crypt(const char *pw, const char *salt, char *iobuf)
1068 {
1069 	int c, i, j;
1070 	char temp;
1071 	char *block;
1072 
1073 	block = iobuf + 16;
1074 
1075 	if (iobuf == 0) {
1076 		errno = ENOMEM;
1077 		return (NULL);
1078 	}
1079 	if (allocate_KS() != 0)
1080 		return (NULL);
1081 	lmutex_lock(&crypt_lock);
1082 	for (i = 0; i < 66; i++)
1083 		block[i] = 0;
1084 	for (i = 0; (c = *pw) != '\0' && i < 64; pw++) {
1085 		for (j = 0; j < 7; j++, i++)
1086 			block[i] = (c>>(6-j)) & 01;
1087 		i++;
1088 	}
1089 
1090 	unlocked_setkey(block);
1091 
1092 	for (i = 0; i < 66; i++)
1093 		block[i] = 0;
1094 
1095 	for (i = 0; i < 2; i++) {
1096 		c = *salt++;
1097 		iobuf[i] = (char)c;
1098 		if (c > 'Z')
1099 			c -= 6;
1100 		if (c > '9')
1101 			c -= 7;
1102 		c -= '.';
1103 		for (j = 0; j < 6; j++) {
1104 			if ((c>>j) & 01) {
1105 				temp = E[6*i+j];
1106 				E[6*i+j] = E[6*i+j+24];
1107 				E[6*i+j+24] = temp;
1108 			}
1109 		}
1110 	}
1111 
1112 	for (i = 0; i < 25; i++)
1113 		unlocked_encrypt(block, 0);
1114 
1115 	lmutex_unlock(&crypt_lock);
1116 	for (i = 0; i < 11; i++) {
1117 		c = 0;
1118 		for (j = 0; j < 6; j++) {
1119 			c <<= 1;
1120 			c |= block[6*i+j];
1121 		}
1122 		c += '.';
1123 		if (c > '9')
1124 			c += 7;
1125 		if (c > 'Z')
1126 			c += 6;
1127 		iobuf[i+2] = (char)c;
1128 	}
1129 	iobuf[i+2] = 0;
1130 	if (iobuf[1] == 0)
1131 		iobuf[1] = iobuf[0];
1132 	return (iobuf);
1133 }
1134 
1135 
1136 /*ARGSUSED*/
1137 void
1138 encrypt(char *block, int fake)
1139 {
1140 	if (fake != 0) {
1141 		errno = ENOSYS;
1142 		return;
1143 	}
1144 	if (allocate_KS() != 0)
1145 		return;
1146 	lmutex_lock(&crypt_lock);
1147 	unlocked_encrypt(block, fake);
1148 	lmutex_unlock(&crypt_lock);
1149 }
1150 
1151 
1152 void
1153 setkey(const char *key)
1154 {
1155 	if (allocate_KS() != 0)
1156 		return;
1157 	lmutex_lock(&crypt_lock);
1158 	unlocked_setkey(key);
1159 	lmutex_unlock(&crypt_lock);
1160 }
1161