TDE base libraries and programs
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

449 lines
10KB

  1. /*****************************************************************
  2. *
  3. * kcheckpass - Simple password checker
  4. *
  5. * This program is free software; you can redistribute it and/or
  6. * modify it under the terms of the GNU General Public
  7. * License as published by the Free Software Foundation; either
  8. * version 2 of the License, or (at your option) any later version.
  9. *
  10. * This program is distributed in the hope that it will be useful,
  11. * but WITHOUT ANY WARRANTY; without even the implied warranty of
  12. * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
  13. * General Public License for more details.
  14. *
  15. * You should have received a copy of the GNU General Public
  16. * License along with this program; if not, write to the Free
  17. * Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
  18. *
  19. *
  20. * kcheckpass is a simple password checker. Just invoke and
  21. * send it the password on stdin.
  22. *
  23. * If the password was accepted, the program exits with 0;
  24. * if it was rejected, it exits with 1. Any other exit
  25. * code signals an error.
  26. *
  27. * It's hopefully simple enough to allow it to be setuid
  28. * root.
  29. *
  30. * Compile with -DHAVE_VSYSLOG if you have vsyslog().
  31. * Compile with -DHAVE_PAM if you have a PAM system,
  32. * and link with -lpam -ldl.
  33. * Compile with -DHAVE_SHADOW if you have a shadow
  34. * password system.
  35. *
  36. * Copyright (C) 1998, Caldera, Inc.
  37. * Released under the GNU General Public License
  38. *
  39. * Olaf Kirch <okir@caldera.de> General Framework and PAM support
  40. * Christian Esken <esken@kde.org> Shadow and /etc/passwd support
  41. * Roberto Teixeira <maragato@kde.org> other user (-U) support
  42. * Oswald Buddenhagen <ossi@kde.org> Binary server mode
  43. *
  44. * Other parts were taken from tdescreensaver's passwd.cpp.
  45. *
  46. *****************************************************************/
  47. #include "kcheckpass.h"
  48. #include <stdarg.h>
  49. #include <stdio.h>
  50. #include <string.h>
  51. #include <unistd.h>
  52. #include <fcntl.h>
  53. #include <syslog.h>
  54. #include <stdlib.h>
  55. #include <errno.h>
  56. #include <time.h>
  57. /* Compatibility: accept some options from environment variables */
  58. #define ACCEPT_ENV
  59. #define THROTTLE 3
  60. static int havetty, sfd = -1, nullpass;
  61. static char *
  62. conv_legacy (ConvRequest what, const char *prompt)
  63. {
  64. char *p, *p2;
  65. int len;
  66. char buf[1024];
  67. switch (what) {
  68. case ConvGetBinary:
  69. break;
  70. case ConvGetNormal:
  71. /* there is no prompt == 0 case */
  72. if (!havetty)
  73. break;
  74. /* i guess we should use /dev/tty ... */
  75. fputs(prompt, stdout);
  76. fflush(stdout);
  77. if (!fgets(buf, sizeof(buf), stdin))
  78. return 0;
  79. len = strlen(buf);
  80. if (len && buf[len - 1] == '\n')
  81. buf[--len] = 0;
  82. return strdup(buf);
  83. case ConvGetHidden:
  84. if (havetty) {
  85. #ifdef HAVE_GETPASSPHRASE
  86. p = getpassphrase(prompt ? prompt : "Password: ");
  87. #else
  88. p = getpass(prompt ? prompt : "Password: ");
  89. #endif
  90. p2 = strdup(p);
  91. memset(p, 0, strlen(p));
  92. return p2;
  93. } else {
  94. if (prompt)
  95. break;
  96. if ((len = read(0, buf, sizeof(buf) - 1)) < 0) {
  97. message("Cannot read password\n");
  98. return 0;
  99. } else {
  100. if (len && buf[len - 1] == '\n')
  101. --len;
  102. buf[len] = 0;
  103. p2 = strdup(buf);
  104. memset(buf, 0, len);
  105. return p2;
  106. }
  107. }
  108. case ConvPutInfo:
  109. message("Information: %s\n", prompt);
  110. return 0;
  111. case ConvPutError:
  112. message("Error: %s\n", prompt);
  113. return 0;
  114. }
  115. message("Authentication backend requested data type which cannot be handled.\n");
  116. return 0;
  117. }
  118. static int
  119. Reader (void *buf, int count)
  120. {
  121. int ret, rlen;
  122. for (rlen = 0; rlen < count; ) {
  123. dord:
  124. ret = read (sfd, (void *)((char *)buf + rlen), count - rlen);
  125. if (ret < 0) {
  126. if (errno == EINTR)
  127. goto dord;
  128. if (errno == EAGAIN)
  129. break;
  130. return -1;
  131. }
  132. if (!ret)
  133. break;
  134. rlen += ret;
  135. }
  136. return rlen;
  137. }
  138. static void
  139. GRead (void *buf, int count)
  140. {
  141. if (Reader (buf, count) != count) {
  142. message ("Communication breakdown on read\n");
  143. exit(15);
  144. }
  145. }
  146. static void
  147. GWrite (const void *buf, int count)
  148. {
  149. if (write (sfd, buf, count) != count) {
  150. message ("Communication breakdown on write\n");
  151. exit(15);
  152. }
  153. }
  154. static void
  155. GSendInt (int val)
  156. {
  157. GWrite (&val, sizeof(val));
  158. }
  159. static void
  160. GSendStr (const char *buf)
  161. {
  162. unsigned len = buf ? strlen (buf) + 1 : 0;
  163. GWrite (&len, sizeof(len));
  164. GWrite (buf, len);
  165. }
  166. static void
  167. GSendArr (int len, const char *buf)
  168. {
  169. GWrite (&len, sizeof(len));
  170. GWrite (buf, len);
  171. }
  172. static int
  173. GRecvInt (void)
  174. {
  175. int val;
  176. GRead (&val, sizeof(val));
  177. return val;
  178. }
  179. static char *
  180. GRecvStr (void)
  181. {
  182. unsigned len;
  183. char *buf;
  184. if (!(len = GRecvInt()))
  185. return (char *)0;
  186. if (len > 0x1000 || !(buf = malloc (len))) {
  187. message ("No memory for read buffer\n");
  188. exit(15);
  189. }
  190. GRead (buf, len);
  191. buf[len - 1] = 0; /* we're setuid ... don't trust "them" */
  192. return buf;
  193. }
  194. static char *
  195. GRecvArr (void)
  196. {
  197. unsigned len;
  198. char *arr;
  199. if (!(len = (unsigned) GRecvInt()))
  200. return (char *)0;
  201. if (len > 0x10000 || !(arr = malloc (len))) {
  202. message ("No memory for read buffer\n");
  203. exit(15);
  204. }
  205. GRead (arr, len);
  206. return arr;
  207. }
  208. static char *
  209. conv_server (ConvRequest what, const char *prompt)
  210. {
  211. GSendInt (what);
  212. switch (what) {
  213. case ConvGetBinary:
  214. {
  215. unsigned const char *up = (unsigned const char *)prompt;
  216. int len = up[3] | (up[2] << 8) | (up[1] << 16) | (up[0] << 24);
  217. GSendArr (len, prompt);
  218. return GRecvArr ();
  219. }
  220. case ConvGetNormal:
  221. case ConvGetHidden:
  222. {
  223. char *msg;
  224. GSendStr (prompt);
  225. msg = GRecvStr ();
  226. if (msg && (GRecvInt() & IsPassword) && !*msg)
  227. nullpass = 1;
  228. return msg;
  229. }
  230. case ConvPutInfo:
  231. case ConvPutError:
  232. default:
  233. GSendStr (prompt);
  234. return 0;
  235. }
  236. }
  237. void
  238. message(const char *fmt, ...)
  239. {
  240. va_list ap;
  241. va_start(ap, fmt);
  242. vfprintf(stderr, fmt, ap);
  243. va_end(ap);
  244. }
  245. #ifndef O_NOFOLLOW
  246. # define O_NOFOLLOW 0
  247. #endif
  248. static void ATTR_NORETURN
  249. usage(int exitval)
  250. {
  251. message(
  252. "usage: kcheckpass {-h|[-c caller] [-m method] [-U username|-S handle]}\n"
  253. " options:\n"
  254. " -h this help message\n"
  255. " -U username authenticate the specified user instead of current user\n"
  256. " -S handle operate in binary server mode on file descriptor handle\n"
  257. " -c caller the calling application, effectively the PAM service basename\n"
  258. " -m method use the specified authentication method (default: \"classic\")\n"
  259. " exit codes:\n"
  260. " 0 success\n"
  261. " 1 invalid password\n"
  262. " 2 cannot read password database\n"
  263. " Anything else tells you something's badly hosed.\n"
  264. );
  265. exit(exitval);
  266. }
  267. int
  268. main(int argc, char **argv)
  269. {
  270. #ifdef HAVE_PAM
  271. const char *caller = KCHECKPASS_PAM_SERVICE;
  272. #endif
  273. const char *method = "classic";
  274. const char *username = 0;
  275. #ifdef ACCEPT_ENV
  276. char *p;
  277. #endif
  278. struct passwd *pw;
  279. int c, nfd, lfd;
  280. uid_t uid;
  281. time_t nexttime;
  282. AuthReturn ret;
  283. struct flock lk;
  284. char fname[64], fcont[64];
  285. #ifdef HAVE_OSF_C2_PASSWD
  286. initialize_osf_security(argc, argv);
  287. #endif
  288. /* Make sure stdout/stderr are open */
  289. for (c = 1; c <= 2; c++) {
  290. if (fcntl(c, F_GETFL) == -1) {
  291. if ((nfd = open("/dev/null", O_WRONLY)) < 0) {
  292. message("cannot open /dev/null: %s\n", strerror(errno));
  293. exit(10);
  294. }
  295. if (c != nfd) {
  296. dup2(nfd, c);
  297. close(nfd);
  298. }
  299. }
  300. }
  301. havetty = isatty(0);
  302. while ((c = getopt(argc, argv, "hc:m:U:S:")) != -1) {
  303. switch (c) {
  304. case 'h':
  305. usage(0);
  306. break;
  307. case 'c':
  308. #ifdef HAVE_PAM
  309. caller = optarg;
  310. #endif
  311. break;
  312. case 'm':
  313. method = optarg;
  314. break;
  315. case 'U':
  316. username = optarg;
  317. break;
  318. case 'S':
  319. sfd = atoi(optarg);
  320. break;
  321. default:
  322. message("Command line option parsing error\n");
  323. usage(10);
  324. }
  325. }
  326. #ifdef ACCEPT_ENV
  327. # ifdef HAVE_PAM
  328. if ((p = getenv("TDE_PAM_ACTION")))
  329. caller = p;
  330. # endif
  331. if ((p = getenv("TCHECKPASS_USER")))
  332. username = p;
  333. #endif
  334. uid = getuid();
  335. if (!username) {
  336. if (!(p = getenv("LOGNAME")) || !(pw = getpwnam(p)) || pw->pw_uid != uid)
  337. if (!(p = getenv("USER")) || !(pw = getpwnam(p)) || pw->pw_uid != uid)
  338. if (!(pw = getpwuid(uid))) {
  339. message("Cannot determinate current user\n");
  340. return AuthError;
  341. }
  342. if (!(username = strdup(pw->pw_name))) {
  343. message("Out of memory\n");
  344. return AuthError;
  345. }
  346. }
  347. /*
  348. * Throttle kcheckpass invocations to avoid abusing it for bruteforcing
  349. * the password. This delay belongs to the *previous* invocation, where
  350. * we can't enforce it reliably (without risking giving away the result
  351. * before it is due). We don't differentiate between success and failure -
  352. * it's not expected to have a noticable adverse effect.
  353. */
  354. if ( uid != geteuid() ) {
  355. sprintf(fname, "/var/run/kcheckpass.%d", uid);
  356. if ((lfd = open(fname, O_RDWR | O_CREAT | O_NOFOLLOW, 0600)) < 0) {
  357. message("Cannot open lockfile\n");
  358. return AuthError;
  359. }
  360. lk.l_type = F_WRLCK;
  361. lk.l_whence = SEEK_SET;
  362. lk.l_start = lk.l_len = 0;
  363. if (fcntl(lfd, F_SETLKW, &lk)) {
  364. message("Cannot obtain lock\n");
  365. return AuthError;
  366. }
  367. if ((c = read(lfd, fcont, sizeof(fcont)-1)) > 0 &&
  368. (fcont[c] = '\0', sscanf(fcont, "%ld", &nexttime) == 1))
  369. {
  370. time_t ct = time(0);
  371. if (nexttime > ct && nexttime < ct + THROTTLE)
  372. sleep(nexttime - ct);
  373. }
  374. lseek(lfd, 0, SEEK_SET);
  375. write(lfd, fcont, sprintf(fcont, "%lu\n", time(0) + THROTTLE));
  376. close(lfd);
  377. }
  378. /* Now do the fandango */
  379. ret = Authenticate(
  380. #ifdef HAVE_PAM
  381. caller,
  382. #endif
  383. method,
  384. username,
  385. sfd < 0 ? conv_legacy : conv_server);
  386. if (ret == AuthBad) {
  387. message("Authentication failure\n");
  388. if (!nullpass) {
  389. openlog("kcheckpass", LOG_PID, LOG_AUTH);
  390. syslog(LOG_NOTICE, "Authentication failure for %s (invoked by uid %d)", username, uid);
  391. }
  392. }
  393. return ret;
  394. }
  395. void
  396. dispose(char *str)
  397. {
  398. memset(str, 0, strlen(str));
  399. free(str);
  400. }
  401. /*****************************************************************
  402. The real authentication methods are in separate source files.
  403. Look in checkpass_*.c
  404. *****************************************************************/