php-src/ext/standard/crypt.c

/*
   +----------------------------------------------------------------------+
   | PHP Version 5                                                        |
   +----------------------------------------------------------------------+
   | Copyright (c) 1997-2004 The PHP Group                                |
   +----------------------------------------------------------------------+
   | This source file is subject to version 3.0 of the PHP license,       |
   | that is bundled with this package in the file LICENSE, and is        |
   | available through the world-wide-web at the following url:           |
   | http://www.php.net/license/3_0.txt.                                  |
   | If you did not receive a copy of the PHP license and are unable to   |
   | obtain it through the world-wide-web, please send a note to          |
   | license@php.net so we can mail you a copy immediately.               |
   +----------------------------------------------------------------------+
   | Authors: Stig Bakken <ssb@php.net>                                   |
   |          Zeev Suraski <zeev@zend.com>                                |
   |          Rasmus Lerdorf <rasmus@php.net>                             |
   +----------------------------------------------------------------------+
 */
/* $Id$ */
#include <stdlib.h>

#include "php.h"

#if HAVE_CRYPT

#if HAVE_UNISTD_H
#include <unistd.h>
#endif
#if HAVE_CRYPT_H
#include <crypt.h>
#endif
#if TM_IN_SYS_TIME
#include <sys/time.h>
#else
#include <time.h>
#endif
#if HAVE_STRING_H
#include <string.h>
#else
#include <strings.h>
#endif

#ifdef PHP_WIN32
#include <process.h>
extern char *crypt(char *__key, char *__salt);
#endif

#include "php_lcg.h"
#include "php_crypt.h"
#include "php_rand.h"

/* 
   The capabilities of the crypt() function is determined by the test programs
   run by configure from aclocal.m4.  They will set PHP_STD_DES_CRYPT,
   PHP_EXT_DES_CRYPT, PHP_MD5_CRYPT and PHP_BLOWFISH_CRYPT as appropriate 
   for the target platform
*/
#if PHP_STD_DES_CRYPT
#define PHP_MAX_SALT_LEN 2
#endif

#if PHP_EXT_DES_CRYPT
#undef PHP_MAX_SALT_LEN
#define PHP_MAX_SALT_LEN 9
#endif

#if PHP_MD5_CRYPT
#undef PHP_MAX_SALT_LEN
#define PHP_MAX_SALT_LEN 12
#endif

#if PHP_BLOWFISH_CRYPT
#undef PHP_MAX_SALT_LEN
#define PHP_MAX_SALT_LEN 60
#endif

 /*
  * If the configure-time checks fail, we provide DES.
  * XXX: This is a hack. Fix the real problem
  */

#ifndef PHP_MAX_SALT_LEN
#define PHP_MAX_SALT_LEN 2
#undef PHP_STD_DES_CRYPT
#define PHP_STD_DES_CRYPT 1
#endif


#define PHP_CRYPT_RAND php_rand(TSRMLS_C)

PHP_MINIT_FUNCTION(crypt)
{
	REGISTER_LONG_CONSTANT("CRYPT_SALT_LENGTH", PHP_MAX_SALT_LEN, CONST_CS | CONST_PERSISTENT);
	REGISTER_LONG_CONSTANT("CRYPT_STD_DES", PHP_STD_DES_CRYPT, CONST_CS | CONST_PERSISTENT);
	REGISTER_LONG_CONSTANT("CRYPT_EXT_DES", PHP_EXT_DES_CRYPT, CONST_CS | CONST_PERSISTENT);
	REGISTER_LONG_CONSTANT("CRYPT_MD5", PHP_MD5_CRYPT, CONST_CS | CONST_PERSISTENT);
	REGISTER_LONG_CONSTANT("CRYPT_BLOWFISH", PHP_BLOWFISH_CRYPT, CONST_CS | CONST_PERSISTENT);

	return SUCCESS;
}


static unsigned char itoa64[] = "./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz";

static void php_to64(char *s, long v, int n)
{
	while (--n >= 0) {
		*s++ = itoa64[v&0x3f]; 		
		v >>= 6;
	} 
} 

/* {{{ proto string crypt(string str [, string salt])
   Encrypt a string */
PHP_FUNCTION(crypt)
{
	char salt[PHP_MAX_SALT_LEN+1];
	char *str, *salt_in = NULL;
	int str_len, salt_in_len;

	salt[0]=salt[PHP_MAX_SALT_LEN]='\0';
	/* This will produce suitable results if people depend on DES-encryption
	   available (passing always 2-character salt). At least for glibc6.1 */
	memset(&salt[1], '$', PHP_MAX_SALT_LEN-1);

	if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "s|s", &str, &str_len,
							  &salt_in, &salt_in_len) == FAILURE) {
		return;
	}

	if (salt_in) {
		memcpy(salt, salt_in, MIN(PHP_MAX_SALT_LEN, salt_in_len));
	}

	/* The automatic salt generation only covers standard DES and md5-crypt */
	if(!*salt) {
#if PHP_MD5_CRYPT
		strcpy(salt, "$1$");
		php_to64(&salt[3], PHP_CRYPT_RAND, 4);
		php_to64(&salt[7], PHP_CRYPT_RAND, 4);
		strcpy(&salt[11], "$");
#elif PHP_STD_DES_CRYPT
		php_to64(&salt[0], PHP_CRYPT_RAND, 2);
		salt[2] = '\0';
#endif
	}

	RETVAL_STRING(crypt(str, salt), 1);
}
/* }}} */
#endif

/*
 * Local variables:
 * tab-width: 4
 * c-basic-offset: 4
 * End:
 * vim600: sw=4 ts=4 fdm=marker
 * vim<600: sw=4 ts=4
 */
moved fdf, hyperwave, informix and some smaller files 1999-04-22 08:25:57 +08:00			`/*`
			`+----------------------------------------------------------------------+`
- A belated happy holidays and PHP 5 2004-01-08 16:18:22 +08:00			`\| PHP Version 5 \|`
moved fdf, hyperwave, informix and some smaller files 1999-04-22 08:25:57 +08:00			`+----------------------------------------------------------------------+`
- A belated happy holidays and PHP 5 2004-01-08 16:18:22 +08:00			`\| Copyright (c) 1997-2004 The PHP Group \|`
moved fdf, hyperwave, informix and some smaller files 1999-04-22 08:25:57 +08:00			`+----------------------------------------------------------------------+`
updating license information in the headers. 2003-06-11 04:04:29 +08:00			`\| This source file is subject to version 3.0 of the PHP license, \|`
License update 1999-07-16 21:13:16 +08:00			`\| that is bundled with this package in the file LICENSE, and is \|`
updating license information in the headers. 2003-06-11 04:04:29 +08:00			`\| available through the world-wide-web at the following url: \|`
			`\| http://www.php.net/license/3_0.txt. \|`
License update 1999-07-16 21:13:16 +08:00			`\| If you did not receive a copy of the PHP license and are unable to \|`
			`\| obtain it through the world-wide-web, please send a note to \|`
			`\| license@php.net so we can mail you a copy immediately. \|`
moved fdf, hyperwave, informix and some smaller files 1999-04-22 08:25:57 +08:00			`+----------------------------------------------------------------------+`
* email address update 2004-02-13 03:05:41 +08:00			`\| Authors: Stig Bakken <ssb@php.net> \|`
License update 1999-07-16 21:13:16 +08:00			`\| Zeev Suraski <zeev@zend.com> \|`
Maintain headers. 2002-02-28 16:29:35 +08:00			`\| Rasmus Lerdorf <rasmus@php.net> \|`
moved fdf, hyperwave, informix and some smaller files 1999-04-22 08:25:57 +08:00			`+----------------------------------------------------------------------+`
			`*/`
			`/* $Id$ */`
			`#include <stdlib.h>`

			`#include "php.h"`

			`#if HAVE_CRYPT`

			`#if HAVE_UNISTD_H`
			`#include <unistd.h>`
			`#endif`
			`#if HAVE_CRYPT_H`
			`#include <crypt.h>`
			`#endif`
			`#if TM_IN_SYS_TIME`
			`#include <sys/time.h>`
			`#else`
			`#include <time.h>`
			`#endif`
			`#if HAVE_STRING_H`
			`#include <string.h>`
			`#else`
			`#include <strings.h>`
			`#endif`

Fine tune Andi's patch 2000-02-11 23:59:30 +08:00			`#ifdef PHP_WIN32`
moved fdf, hyperwave, informix and some smaller files 1999-04-22 08:25:57 +08:00			`#include <process.h>`
Whitespace 2001-08-12 01:03:37 +08:00			`extern char crypt(char __key, char *__salt);`
moved fdf, hyperwave, informix and some smaller files 1999-04-22 08:25:57 +08:00			`#endif`

Use the lcg as another entropy source for seeding the PRNG when creating a salt for crypt(). 2000-07-27 00:35:32 +08:00			`#include "php_lcg.h"`
Clean up php3.\.h files. The files itself are renamed, and references in all .\.[ch] files were changed. There is a slight chance that my script missed a few changes, please correct them manually. 1999-12-05 03:19:57 +08:00			`#include "php_crypt.h"`
The php_rand() and php_srand() functions added in the previous commit require the inclusion of php_rand.h. 2001-02-22 11:37:32 +08:00			`#include "php_rand.h"`
moved fdf, hyperwave, informix and some smaller files 1999-04-22 08:25:57 +08:00
			`/*`
			`The capabilities of the crypt() function is determined by the test programs`
- Convert 'PHP3' to 'PHP' - Avoid declaring crypt() related salt types twice 2000-02-26 11:20:55 +08:00			`run by configure from aclocal.m4. They will set PHP_STD_DES_CRYPT,`
			`PHP_EXT_DES_CRYPT, PHP_MD5_CRYPT and PHP_BLOWFISH_CRYPT as appropriate`
moved fdf, hyperwave, informix and some smaller files 1999-04-22 08:25:57 +08:00			`for the target platform`
			`*/`
- Convert 'PHP3' to 'PHP' - Avoid declaring crypt() related salt types twice 2000-02-26 11:20:55 +08:00			`#if PHP_STD_DES_CRYPT`
			`#define PHP_MAX_SALT_LEN 2`
moved fdf, hyperwave, informix and some smaller files 1999-04-22 08:25:57 +08:00			`#endif`
Get rid of unnecessary preprocessor constructs. 2000-07-27 00:42:04 +08:00
- Convert 'PHP3' to 'PHP' - Avoid declaring crypt() related salt types twice 2000-02-26 11:20:55 +08:00			`#if PHP_EXT_DES_CRYPT`
			`#undef PHP_MAX_SALT_LEN`
			`#define PHP_MAX_SALT_LEN 9`
moved fdf, hyperwave, informix and some smaller files 1999-04-22 08:25:57 +08:00			`#endif`
Get rid of unnecessary preprocessor constructs. 2000-07-27 00:42:04 +08:00
- Convert 'PHP3' to 'PHP' - Avoid declaring crypt() related salt types twice 2000-02-26 11:20:55 +08:00			`#if PHP_MD5_CRYPT`
			`#undef PHP_MAX_SALT_LEN`
			`#define PHP_MAX_SALT_LEN 12`
moved fdf, hyperwave, informix and some smaller files 1999-04-22 08:25:57 +08:00			`#endif`
Get rid of unnecessary preprocessor constructs. 2000-07-27 00:42:04 +08:00
- Convert 'PHP3' to 'PHP' - Avoid declaring crypt() related salt types twice 2000-02-26 11:20:55 +08:00			`#if PHP_BLOWFISH_CRYPT`
			`#undef PHP_MAX_SALT_LEN`
- Fix for bug 7035, regarding PHP_MAX_SALT_LENGTH for OpenBsd 2001-01-08 01:22:17 +08:00			`#define PHP_MAX_SALT_LEN 60`
Put in a hack, so that users can compile PHP, even if the configure-time checks failed to detect the capabilities of crypt(). 2000-05-05 18:36:00 +08:00			`#endif`

			`/*`
			`* If the configure-time checks fail, we provide DES.`
			`* XXX: This is a hack. Fix the real problem`
			`*/`

			`#ifndef PHP_MAX_SALT_LEN`
			`#define PHP_MAX_SALT_LEN 2`
			`#undef PHP_STD_DES_CRYPT`
			`#define PHP_STD_DES_CRYPT 1`
moved fdf, hyperwave, informix and some smaller files 1999-04-22 08:25:57 +08:00			`#endif`

Adding php_rand() and php_srand(seed) as a wrapper around random, lrand48 and rand. 2001-02-22 08:24:19 +08:00
Make rand thread safe when ZTS is defined. 2001-09-17 04:49:57 +08:00			`#define PHP_CRYPT_RAND php_rand(TSRMLS_C)`
Adding php_rand() and php_srand(seed) as a wrapper around random, lrand48 and rand. 2001-02-22 08:24:19 +08:00
More symbol work. I've defined a few macros to help with module/request init/startup function definitions. Basically: PHP_MINIT_FUNCTION(module) PHP_MSHUTDOWN_FUNCTION(module) PHP_RINIT_FUNCTION(module) PHP_RSHUTDOWN_FUNCTION(module) PHP_MINFO_FUNCTION(module) These will expand to proper function prototypes. Now to specify these in the module entry, use: PHP_MINIT(module) PHP_MSHUTDOWN(module) PHP_RINIT(module) PHP_RSHUTDOWN(module) PHP_MINFO(module) I've updated all modules in ext/standard and everything from ext/apache to ext/db. If you can, please update your module to use these macros. 1999-07-27 04:09:08 +08:00			`PHP_MINIT_FUNCTION(crypt)`
moved fdf, hyperwave, informix and some smaller files 1999-04-22 08:25:57 +08:00			`{`
- Fixed bug: #10822 - CRYPT_SALT_LENGTH is now set to the maximum length the system supports, like it has been in the documentation for ages. - The automatic salt is now also working like it should. 2001-08-05 07:58:56 +08:00			`REGISTER_LONG_CONSTANT("CRYPT_SALT_LENGTH", PHP_MAX_SALT_LEN, CONST_CS \| CONST_PERSISTENT);`
spaces to tabs 2001-04-06 02:48:03 +08:00			`REGISTER_LONG_CONSTANT("CRYPT_STD_DES", PHP_STD_DES_CRYPT, CONST_CS \| CONST_PERSISTENT);`
			`REGISTER_LONG_CONSTANT("CRYPT_EXT_DES", PHP_EXT_DES_CRYPT, CONST_CS \| CONST_PERSISTENT);`
			`REGISTER_LONG_CONSTANT("CRYPT_MD5", PHP_MD5_CRYPT, CONST_CS \| CONST_PERSISTENT);`
- Make the random generator work again. This patch seems to work. 2000-11-03 08:45:24 +08:00			`REGISTER_LONG_CONSTANT("CRYPT_BLOWFISH", PHP_BLOWFISH_CRYPT, CONST_CS \| CONST_PERSISTENT);`

Fix bug: #8834. Now there should be more random salts.. 2001-05-07 00:54:27 +08:00			`return SUCCESS;`
			`}`

- Make the random generator work again. This patch seems to work. 2000-11-03 08:45:24 +08:00
moved fdf, hyperwave, informix and some smaller files 1999-04-22 08:25:57 +08:00			`static unsigned char itoa64[] = "./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz";`

Make rand thread safe when ZTS is defined. 2001-09-17 04:49:57 +08:00			`static void php_to64(char *s, long v, int n)`
			`{`
moved fdf, hyperwave, informix and some smaller files 1999-04-22 08:25:57 +08:00			`while (--n >= 0) {`
			`*s++ = itoa64[v&0x3f];`
			`v >>= 6;`
			`}`
			`}`

proto-takeover from php3 2000-05-18 03:40:10 +08:00			`/* {{{ proto string crypt(string str [, string salt])`
			`Encrypt a string */`
conv_proto *.[ch] 1999-05-16 19:19:26 +08:00			`PHP_FUNCTION(crypt)`
moved fdf, hyperwave, informix and some smaller files 1999-04-22 08:25:57 +08:00			`{`
- Convert 'PHP3' to 'PHP' - Avoid declaring crypt() related salt types twice 2000-02-26 11:20:55 +08:00			`char salt[PHP_MAX_SALT_LEN+1];`
Convert to use new parameter parsing API. 2001-10-27 05:07:59 +08:00			`char str, salt_in = NULL;`
			`int str_len, salt_in_len;`
moved fdf, hyperwave, informix and some smaller files 1999-04-22 08:25:57 +08:00
- Convert 'PHP3' to 'PHP' - Avoid declaring crypt() related salt types twice 2000-02-26 11:20:55 +08:00			`salt[0]=salt[PHP_MAX_SALT_LEN]='\0';`
Workaround for crypt() getting too few characters for salt. 1999-09-06 21:24:36 +08:00			`/* This will produce suitable results if people depend on DES-encryption`
			`available (passing always 2-character salt). At least for glibc6.1 */`
- Convert 'PHP3' to 'PHP' - Avoid declaring crypt() related salt types twice 2000-02-26 11:20:55 +08:00			`memset(&salt[1], '$', PHP_MAX_SALT_LEN-1);`
moved fdf, hyperwave, informix and some smaller files 1999-04-22 08:25:57 +08:00
Convert to use new parameter parsing API. 2001-10-27 05:07:59 +08:00			`if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "s\|s", &str, &str_len,`
			`&salt_in, &salt_in_len) == FAILURE) {`
			`return;`
			`}`

			`if (salt_in) {`
			`memcpy(salt, salt_in, MIN(PHP_MAX_SALT_LEN, salt_in_len));`
moved fdf, hyperwave, informix and some smaller files 1999-04-22 08:25:57 +08:00			`}`

			`/* The automatic salt generation only covers standard DES and md5-crypt */`
			`if(!*salt) {`
- Fixed bug: #10822 - CRYPT_SALT_LENGTH is now set to the maximum length the system supports, like it has been in the documentation for ages. - The automatic salt is now also working like it should. 2001-08-05 07:58:56 +08:00			`#if PHP_MD5_CRYPT`
moved fdf, hyperwave, informix and some smaller files 1999-04-22 08:25:57 +08:00			`strcpy(salt, "$1$");`
- Convert 'PHP3' to 'PHP' - Avoid declaring crypt() related salt types twice 2000-02-26 11:20:55 +08:00			`php_to64(&salt[3], PHP_CRYPT_RAND, 4);`
			`php_to64(&salt[7], PHP_CRYPT_RAND, 4);`
moved fdf, hyperwave, informix and some smaller files 1999-04-22 08:25:57 +08:00			`strcpy(&salt[11], "$");`
- Fixed bug: #10822 - CRYPT_SALT_LENGTH is now set to the maximum length the system supports, like it has been in the documentation for ages. - The automatic salt is now also working like it should. 2001-08-05 07:58:56 +08:00			`#elif PHP_STD_DES_CRYPT`
			`php_to64(&salt[0], PHP_CRYPT_RAND, 2);`
			`salt[2] = '\0';`
moved fdf, hyperwave, informix and some smaller files 1999-04-22 08:25:57 +08:00			`#endif`
			`}`

Convert to use new parameter parsing API. 2001-10-27 05:07:59 +08:00			`RETVAL_STRING(crypt(str, salt), 1);`
moved fdf, hyperwave, informix and some smaller files 1999-04-22 08:25:57 +08:00			`}`
proto-takeover from php3 2000-05-18 03:40:10 +08:00			`/* }}} */`
a second (cleaner?) try on warnings about unsupported functions 2000-05-28 03:27:20 +08:00			`#endif`
moved fdf, hyperwave, informix and some smaller files 1999-04-22 08:25:57 +08:00
			`/*`
			`* Local variables:`
			`* tab-width: 4`
			`* c-basic-offset: 4`
			`* End:`
- Don't wrap lines... this is annoying while coding. 2001-09-09 21:29:31 +08:00			`* vim600: sw=4 ts=4 fdm=marker`
			`* vim<600: sw=4 ts=4`
moved fdf, hyperwave, informix and some smaller files 1999-04-22 08:25:57 +08:00			`*/`