linux用户密码生成

linux账户保存在/etc/passwd，密码保存在/etc/shadow。

通过man 5 passwd，man 5 shadow可查看文件中各字段含义。

encrypted password
           Refer to crypt(3) for details on how this string is interpreted.
密码是通过库函数crypt生成的。

1. 函数

#define _XOPEN_SOURCE       /* See feature_test_macros(7) */
       #include <unistd.h>

char *crypt(const char *key, const char *salt);
输入参数：key为密码，salt本意为盐，为增加密码难度，加把盐。salt有新旧两种方式：

       key is a user's typed password.
       salt  is  a two-character string chosen from the set [a–zA–Z0–./].  This string is used to perturb
       the algorithm in one of  different ways.

The glibc2 version of this function supports additional encryption algorithms.

       If salt is a character string starting with the characters "$id$" followed by a  string  terminated
       by "$":

              $id$salt$encrypted

       then  instead  of  using  the  DES  machine, id identifies the encryption method used and this then determines how the rest of the password string is interpreted.  The following values of id are supported:

              ID  | Method
              ─────────────────────────────────────────────────────────
                 | MD5
              2a  | Blowfish (not in mainline glibc; added in some
                  | Linux distributions)
                 | SHA- (since glibc 2.7)
                 | SHA- (since glibc 2.7)

       So  $$salt$encrypted  is  an  SHA- encoded password and $$salt$encrypted is an SHA- encoded
       one.

       "salt" stands for the up to  characters following "$id$" in the salt.  The encrypted part of  the password string is the actual computed password.  The size of this string is fixed:
       MD5     |  characters
       SHA- |  characters
       SHA- |  characters

       The  characters in "salt" and "encrypted" are drawn from the set [a–zA–Z0–./].  In the MD5 and SHA implementations the entire key is significant (instead of only the first  bytes in DES).

现在linux都实现的是第二中方式的salt。

2. coding

#define _XOPEN_SOURCE

#include <stdio.h>
#include <unistd.h>

int main(int argc, char*argv[])
{
    if(argc != ){
        return ;
    }   

    printf("%s==%s==%s==\n", argv[], argv[], argv[]);

    printf("%s\n", crypt(argv[], argv[]));

    return ;
}

创建test用户，密码test123

test:$$BJIQmFkQ$TnJMVbBoWvE4fBkJ30iJlQwDLxV3wLaZ8pVqrh7N5m0mTWD.vNdRw/uEs8Wu7IB.sfvzBYZUweM6Rd0M43bm61:::::::

程序测试

~$gcc crypt.c -lcrypt
~$./a.out test $$BJIQmFkQ$
./a.out==test==$==
Segmentation fault (core dumped)
~$./a.out test "\$6\$BJIQmFkQ\$"
./a.out==test==$$BJIQmFkQ$==
$$BJIQmFkQ$uIMnVVN/FUac.VGm0Ie6g.gWjIRsE0PSNX8ufDcekvmGZ7PtrLVJbrZTlhYplfyEbonrBYpwvHIWGQx9XxeQG/
~$./a.out test "BJIQmFkQ"
./a.out==test==BJIQmFkQ==
BJp/Gyj8SpEnI
~$./a.out test123 "\$6\$BJIQmFkQ\$"
./a.out==test123==$6$BJIQmFkQ$==
$6$BJIQmFkQ$TnJMVbBoWvE4fBkJ30iJlQwDLxV3wLaZ8pVqrh7N5m0mTWD.vNdRw/uEs8Wu7IB.sfvzBYZUweM6Rd0M43bm61