After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.
Bug 756315 - [PATCH] Add crypt() binding to Posix VAPI
[PATCH] Add crypt() binding to Posix VAPI
Status: RESOLVED FIXED
Product: vala
Classification: Core
Component: Bindings
unspecified
Other Linux
: Normal normal
: ---
Assigned To: Vala maintainers
Vala maintainers
Depends on:
Blocks:
 
 
Reported: 2015-10-09 20:01 UTC by Al Thomas
Modified: 2015-10-27 16:29 UTC
See Also:
GNOME target: ---
GNOME version: ---

Attachments
Patch to add crypt() to Posix VAPI (1.19 KB, patch)
2015-10-09 20:01 UTC, Al Thomas 		none Details | Review
Add binding for crypt() and deprecated getpass() in Posix VAPI (1.34 KB, patch)
2015-10-27 15:13 UTC, Al Thomas 		none Details | Review

Description Al Thomas 2015-10-09 20:01:05 UTC 
Created attachment 312975 [details] [review]
Patch to add crypt() to Posix VAPI

Example program that reads a password typed in at the terminal and prints out the crypt() salt and hash as used in /etc/shadow The salt is 16 characters long in base64 for SHA-512:

void main (string[] args) {
    var random_numbers = new uchar[20];
    for (int a = 0; a < 20; a++) {
        random_numbers[a] = (uchar)Random.next_int();
    }
    string salt = Base64.encode (random_numbers);
    try	{
   	salt = /\+/.replace( salt, -1, 0, "." );
    }
    catch {
    }
    salt = salt[0:16];
    salt = "$6$" + salt;
    Posix.getpass( "Enter password: " );
    print (Posix.crypt( "test", salt ) + "\n");
}

Compile with:
valac --pkg posix -X -lcrypt -X -D_XOPEN_SOURCE

A feature test macro, _XOPEN_SOURCE, needs to be set for glibc to expose the function definition. Other C libraries are similar, e.g musl requires _XOPEN_SOURCE or _GNU_SOURCE or _BSD_SOURCE. This is why the binding has been marked as experimental.

glibc also requires crypt to be passed to the linker with -X -lcrypt
Comment 1 Al Thomas 2015-10-12 15:19:34 UTC 
The example program should be:

void main (string[] args) {
    var random_numbers = new uchar[20];
    for (int a = 0; a < 20; a++) {
        random_numbers[a] = (uchar)Random.next_int();
    }
    string salt = Base64.encode (random_numbers);
    try {
        salt = /\+/.replace( salt, -1, 0, "." );
    }
    catch {
    }
    salt = salt[0:16];
    salt = "$6$" + salt;
    string password = Posix.getpass( "Enter password: " );
    print (Posix.crypt( password, salt ) + "\n");
}

The original example had the password hard coded.
Comment 2 Luca Bruno 2015-10-17 13:24:29 UTC 
Thanks. It's not necessary to mark the binding experimental, I don't think it will be changed anyway.
But why has it unowned return?
Comment 3 Al Thomas 2015-10-27 15:13:35 UTC 
Created attachment 314235 [details] [review]
Add binding for crypt() and deprecated getpass() in Posix VAPI

This second version of the patch removes the experimental flag from crypt() and deprecates getpass(). getpass() has been deprecated since POSIX.2. See:

http://pubs.opengroup.org/onlinepubs/7908799/xsh/getpass.html
http://man7.org/linux/man-pages/man3/getpass.3.html
Comment 4 Al Thomas 2015-10-27 15:17:50 UTC 
The reason crypt() is unowned return is from the POSIX standard[1]:
"The return value of crypt() points to static data that is overwritten by each call."
This must be the main reason the function is not threadsafe. It is similar for getpass()

[1] - http://pubs.opengroup.org/onlinepubs/9699919799/functions/crypt.html
Comment 5 Luca Bruno 2015-10-27 16:29:39 UTC 
commit 33fb6fb5b719e9d64968ea87e0b19fdfab313fd6
Author: Al Thomas <astavale@yahoo.co.uk>
Date:   Tue Oct 27 17:28:36 2015 +0100

    posix: add crypt(), deprecate getpass()
    
    Fixes bug 756315

This problem has been fixed in the unstable development version. The fix will be available in the next major software release. You may need to upgrade your Linux distribution to obtain that newer version.