|
|
|
/*****************************************************************
|
|
|
|
*
|
|
|
|
* kcheckpass - Simple password checker
|
|
|
|
*
|
|
|
|
* This program is free software; you can redistribute it and/or
|
|
|
|
* modify it under the terms of the GNU General Public
|
|
|
|
* License as published by the Free Software Foundation; either
|
|
|
|
* version 2 of the License, or (at your option) any later version.
|
|
|
|
*
|
|
|
|
* This program is distributed in the hope that it will be useful,
|
|
|
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
|
|
|
* General Public License for more details.
|
|
|
|
*
|
|
|
|
* You should have received a copy of the GNU General Public
|
|
|
|
* License along with this program; if not, write to the Free
|
|
|
|
* Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
|
|
|
|
*
|
|
|
|
*
|
|
|
|
* kcheckpass is a simple password checker. Just invoke and
|
|
|
|
* send it the password on stdin.
|
|
|
|
*
|
|
|
|
* If the password was accepted, the program exits with 0;
|
|
|
|
* if it was rejected, it exits with 1. Any other exit
|
|
|
|
* code signals an error.
|
|
|
|
*
|
|
|
|
* It's hopefully simple enough to allow it to be setuid
|
|
|
|
* root.
|
|
|
|
*
|
|
|
|
* Compile with -DHAVE_VSYSLOG if you have vsyslog().
|
|
|
|
* Compile with -DHAVE_PAM if you have a PAM system,
|
|
|
|
* and link with -lpam -ldl.
|
|
|
|
* Compile with -DHAVE_SHADOW if you have a shadow
|
|
|
|
* password system.
|
|
|
|
*
|
|
|
|
* Copyright (C) 1998, Caldera, Inc.
|
|
|
|
* Released under the GNU General Public License
|
|
|
|
*
|
|
|
|
* Olaf Kirch <okir@caldera.de> General Framework and PAM support
|
|
|
|
* Christian Esken <esken@kde.org> Shadow and /etc/passwd support
|
|
|
|
* Roberto Teixeira <maragato@kde.org> other user (-U) support
|
|
|
|
* Oswald Buddenhagen <ossi@kde.org> Binary server mode
|
|
|
|
*
|
|
|
|
* Other parts were taken from kscreensaver's passwd.cpp.
|
|
|
|
*
|
|
|
|
*****************************************************************/
|
|
|
|
|
|
|
|
#include "kcheckpass.h"
|
|
|
|
|
|
|
|
#include <stdarg.h>
|
|
|
|
#include <stdio.h>
|
|
|
|
#include <string.h>
|
|
|
|
#include <unistd.h>
|
|
|
|
#include <fcntl.h>
|
|
|
|
#include <syslog.h>
|
|
|
|
#include <stdlib.h>
|
|
|
|
#include <errno.h>
|
|
|
|
#include <time.h>
|
|
|
|
|
|
|
|
/* Compatibility: accept some options from environment variables */
|
|
|
|
#define ACCEPT_ENV
|
|
|
|
|
|
|
|
#define THROTTLE 3
|
|
|
|
|
|
|
|
static int havetty, sfd = -1, nullpass;
|
|
|
|
|
|
|
|
static char *
|
|
|
|
conv_legacy (ConvRequest what, const char *prompt)
|
|
|
|
{
|
|
|
|
char *p, *p2;
|
|
|
|
int len;
|
|
|
|
char buf[1024];
|
|
|
|
|
|
|
|
switch (what) {
|
|
|
|
case ConvGetBinary:
|
|
|
|
break;
|
|
|
|
case ConvGetNormal:
|
|
|
|
/* there is no prompt == 0 case */
|
|
|
|
if (!havetty)
|
|
|
|
break;
|
|
|
|
/* i guess we should use /dev/tty ... */
|
|
|
|
fputs(prompt, stdout);
|
|
|
|
fflush(stdout);
|
|
|
|
if (!fgets(buf, sizeof(buf), stdin))
|
|
|
|
return 0;
|
|
|
|
len = strlen(buf);
|
|
|
|
if (len && buf[len - 1] == '\n')
|
|
|
|
buf[--len] = 0;
|
|
|
|
return strdup(buf);
|
|
|
|
case ConvGetHidden:
|
|
|
|
if (havetty) {
|
|
|
|
#ifdef HAVE_GETPASSPHRASE
|
|
|
|
p = getpassphrase(prompt ? prompt : "Password: ");
|
|
|
|
#else
|
|
|
|
p = getpass(prompt ? prompt : "Password: ");
|
|
|
|
#endif
|
|
|
|
p2 = strdup(p);
|
|
|
|
memset(p, 0, strlen(p));
|
|
|
|
return p2;
|
|
|
|
} else {
|
|
|
|
if (prompt)
|
|
|
|
break;
|
|
|
|
if ((len = read(0, buf, sizeof(buf) - 1)) < 0) {
|
|
|
|
message("Cannot read password\n");
|
|
|
|
return 0;
|
|
|
|
} else {
|
|
|
|
if (len && buf[len - 1] == '\n')
|
|
|
|
--len;
|
|
|
|
buf[len] = 0;
|
|
|
|
p2 = strdup(buf);
|
|
|
|
memset(buf, 0, len);
|
|
|
|
return p2;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
case ConvPutInfo:
|
|
|
|
message("Information: %s\n", prompt);
|
|
|
|
return 0;
|
|
|
|
case ConvPutError:
|
|
|
|
message("Error: %s\n", prompt);
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
message("Authentication backend requested data type which cannot be handled.\n");
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
static int
|
|
|
|
Reader (void *buf, int count)
|
|
|
|
{
|
|
|
|
int ret, rlen;
|
|
|
|
|
|
|
|
for (rlen = 0; rlen < count; ) {
|
|
|
|
dord:
|
|
|
|
ret = read (sfd, (void *)((char *)buf + rlen), count - rlen);
|
|
|
|
if (ret < 0) {
|
|
|
|
if (errno == EINTR)
|
|
|
|
goto dord;
|
|
|
|
if (errno == EAGAIN)
|
|
|
|
break;
|
|
|
|
return -1;
|
|
|
|
}
|
|
|
|
if (!ret)
|
|
|
|
break;
|
|
|
|
rlen += ret;
|
|
|
|
}
|
|
|
|
return rlen;
|
|
|
|
}
|
|
|
|
|
|
|
|
static void
|
|
|
|
GRead (void *buf, int count)
|
|
|
|
{
|
|
|
|
if (Reader (buf, count) != count) {
|
|
|
|
message ("Communication breakdown on read\n");
|
|
|
|
exit(15);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
static void
|
|
|
|
GWrite (const void *buf, int count)
|
|
|
|
{
|
|
|
|
if (write (sfd, buf, count) != count) {
|
|
|
|
message ("Communication breakdown on write\n");
|
|
|
|
exit(15);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
static void
|
|
|
|
GSendInt (int val)
|
|
|
|
{
|
|
|
|
GWrite (&val, sizeof(val));
|
|
|
|
}
|
|
|
|
|
|
|
|
static void
|
|
|
|
GSendStr (const char *buf)
|
|
|
|
{
|
|
|
|
unsigned len = buf ? strlen (buf) + 1 : 0;
|
|
|
|
GWrite (&len, sizeof(len));
|
|
|
|
GWrite (buf, len);
|
|
|
|
}
|
|
|
|
|
|
|
|
static void
|
|
|
|
GSendArr (int len, const char *buf)
|
|
|
|
{
|
|
|
|
GWrite (&len, sizeof(len));
|
|
|
|
GWrite (buf, len);
|
|
|
|
}
|
|
|
|
|
|
|
|
static int
|
|
|
|
GRecvInt (void)
|
|
|
|
{
|
|
|
|
int val;
|
|
|
|
|
|
|
|
GRead (&val, sizeof(val));
|
|
|
|
return val;
|
|
|
|
}
|
|
|
|
|
|
|
|
static char *
|
|
|
|
GRecvStr (void)
|
|
|
|
{
|
|
|
|
unsigned len;
|
|
|
|
char *buf;
|
|
|
|
|
|
|
|
if (!(len = GRecvInt()))
|
|
|
|
return (char *)0;
|
|
|
|
if (len > 0x1000 || !(buf = malloc (len))) {
|
|
|
|
message ("No memory for read buffer\n");
|
|
|
|
exit(15);
|
|
|
|
}
|
|
|
|
GRead (buf, len);
|
|
|
|
buf[len - 1] = 0; /* we're setuid ... don't trust "them" */
|
|
|
|
return buf;
|
|
|
|
}
|
|
|
|
|
|
|
|
static char *
|
|
|
|
GRecvArr (void)
|
|
|
|
{
|
|
|
|
unsigned len;
|
|
|
|
char *arr;
|
|
|
|
|
|
|
|
if (!(len = (unsigned) GRecvInt()))
|
|
|
|
return (char *)0;
|
|
|
|
if (len > 0x10000 || !(arr = malloc (len))) {
|
|
|
|
message ("No memory for read buffer\n");
|
|
|
|
exit(15);
|
|
|
|
}
|
|
|
|
GRead (arr, len);
|
|
|
|
return arr;
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
static char *
|
|
|
|
conv_server (ConvRequest what, const char *prompt)
|
|
|
|
{
|
|
|
|
GSendInt (what);
|
|
|
|
switch (what) {
|
|
|
|
case ConvGetBinary:
|
|
|
|
{
|
|
|
|
unsigned const char *up = (unsigned const char *)prompt;
|
|
|
|
int len = up[3] | (up[2] << 8) | (up[1] << 16) | (up[0] << 24);
|
|
|
|
GSendArr (len, prompt);
|
|
|
|
return GRecvArr ();
|
|
|
|
}
|
|
|
|
case ConvGetNormal:
|
|
|
|
case ConvGetHidden:
|
|
|
|
{
|
|
|
|
char *msg;
|
|
|
|
GSendStr (prompt);
|
|
|
|
msg = GRecvStr ();
|
|
|
|
if (msg && (GRecvInt() & IsPassword) && !*msg)
|
|
|
|
nullpass = 1;
|
|
|
|
return msg;
|
|
|
|
}
|
|
|
|
case ConvPutInfo:
|
|
|
|
case ConvPutError:
|
|
|
|
default:
|
|
|
|
GSendStr (prompt);
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
void
|
|
|
|
message(const char *fmt, ...)
|
|
|
|
{
|
|
|
|
va_list ap;
|
|
|
|
|
|
|
|
va_start(ap, fmt);
|
|
|
|
vfprintf(stderr, fmt, ap);
|
|
|
|
va_end(ap);
|
|
|
|
}
|
|
|
|
|
|
|
|
#ifndef O_NOFOLLOW
|
|
|
|
# define O_NOFOLLOW 0
|
|
|
|
#endif
|
|
|
|
|
|
|
|
static void ATTR_NORETURN
|
|
|
|
usage(int exitval)
|
|
|
|
{
|
|
|
|
message(
|
|
|
|
"usage: kcheckpass {-h|[-c caller] [-m method] [-U username|-S handle]}\n"
|
|
|
|
" options:\n"
|
|
|
|
" -h this help message\n"
|
|
|
|
" -U username authenticate the specified user instead of current user\n"
|
|
|
|
" -S handle operate in binary server mode on file descriptor handle\n"
|
|
|
|
" -c caller the calling application, effectively the PAM service basename\n"
|
|
|
|
" -m method use the specified authentication method (default: \"classic\")\n"
|
|
|
|
" exit codes:\n"
|
|
|
|
" 0 success\n"
|
|
|
|
" 1 invalid password\n"
|
|
|
|
" 2 cannot read password database\n"
|
|
|
|
" Anything else tells you something's badly hosed.\n"
|
|
|
|
);
|
|
|
|
exit(exitval);
|
|
|
|
}
|
|
|
|
|
|
|
|
int
|
|
|
|
main(int argc, char **argv)
|
|
|
|
{
|
|
|
|
#ifdef HAVE_PAM
|
|
|
|
const char *caller = KCHECKPASS_PAM_SERVICE;
|
|
|
|
#endif
|
|
|
|
const char *method = "classic";
|
|
|
|
const char *username = 0;
|
|
|
|
#ifdef ACCEPT_ENV
|
|
|
|
char *p;
|
|
|
|
#endif
|
|
|
|
struct passwd *pw;
|
|
|
|
int c, nfd, lfd;
|
|
|
|
uid_t uid;
|
|
|
|
time_t nexttime;
|
|
|
|
AuthReturn ret;
|
|
|
|
struct flock lk;
|
|
|
|
char fname[64], fcont[64];
|
|
|
|
|
|
|
|
#ifdef HAVE_OSF_C2_PASSWD
|
|
|
|
initialize_osf_security(argc, argv);
|
|
|
|
#endif
|
|
|
|
|
|
|
|
/* Make sure stdout/stderr are open */
|
|
|
|
for (c = 1; c <= 2; c++) {
|
|
|
|
if (fcntl(c, F_GETFL) == -1) {
|
|
|
|
if ((nfd = open("/dev/null", O_WRONLY)) < 0) {
|
|
|
|
message("cannot open /dev/null: %s\n", strerror(errno));
|
|
|
|
exit(10);
|
|
|
|
}
|
|
|
|
if (c != nfd) {
|
|
|
|
dup2(nfd, c);
|
|
|
|
close(nfd);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
havetty = isatty(0);
|
|
|
|
|
|
|
|
while ((c = getopt(argc, argv, "hc:m:U:S:")) != -1) {
|
|
|
|
switch (c) {
|
|
|
|
case 'h':
|
|
|
|
usage(0);
|
|
|
|
break;
|
|
|
|
case 'c':
|
|
|
|
#ifdef HAVE_PAM
|
|
|
|
caller = optarg;
|
|
|
|
#endif
|
|
|
|
break;
|
|
|
|
case 'm':
|
|
|
|
method = optarg;
|
|
|
|
break;
|
|
|
|
case 'U':
|
|
|
|
username = optarg;
|
|
|
|
break;
|
|
|
|
case 'S':
|
|
|
|
sfd = atoi(optarg);
|
|
|
|
break;
|
|
|
|
default:
|
|
|
|
message("Command line option parsing error\n");
|
|
|
|
usage(10);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
#ifdef ACCEPT_ENV
|
|
|
|
# ifdef HAVE_PAM
|
|
|
|
if ((p = getenv("TDE_PAM_ACTION")))
|
|
|
|
caller = p;
|
|
|
|
# endif
|
|
|
|
if ((p = getenv("TCHECKPASS_USER")))
|
|
|
|
username = p;
|
|
|
|
#endif
|
|
|
|
|
|
|
|
uid = getuid();
|
|
|
|
if (!username) {
|
|
|
|
if (!(p = getenv("LOGNAME")) || !(pw = getpwnam(p)) || pw->pw_uid != uid)
|
|
|
|
if (!(p = getenv("USER")) || !(pw = getpwnam(p)) || pw->pw_uid != uid)
|
|
|
|
if (!(pw = getpwuid(uid))) {
|
|
|
|
message("Cannot determinate current user\n");
|
|
|
|
return AuthError;
|
|
|
|
}
|
|
|
|
if (!(username = strdup(pw->pw_name))) {
|
|
|
|
message("Out of memory\n");
|
|
|
|
return AuthError;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Throttle kcheckpass invocations to avoid abusing it for bruteforcing
|
|
|
|
* the password. This delay belongs to the *previous* invocation, where
|
|
|
|
* we can't enforce it reliably (without risking giving away the result
|
|
|
|
* before it is due). We don't differentiate between success and failure -
|
|
|
|
* it's not expected to have a noticable adverse effect.
|
|
|
|
*/
|
|
|
|
if ( uid != geteuid() ) {
|
|
|
|
sprintf(fname, "/var/run/kcheckpass.%d", uid);
|
|
|
|
if ((lfd = open(fname, O_RDWR | O_CREAT | O_NOFOLLOW, 0600)) < 0) {
|
|
|
|
message("Cannot open lockfile\n");
|
|
|
|
return AuthError;
|
|
|
|
}
|
|
|
|
|
|
|
|
lk.l_type = F_WRLCK;
|
|
|
|
lk.l_whence = SEEK_SET;
|
|
|
|
lk.l_start = lk.l_len = 0;
|
|
|
|
if (fcntl(lfd, F_SETLKW, &lk)) {
|
|
|
|
message("Cannot obtain lock\n");
|
|
|
|
return AuthError;
|
|
|
|
}
|
|
|
|
|
|
|
|
if ((c = read(lfd, fcont, sizeof(fcont)-1)) > 0 &&
|
|
|
|
(fcont[c] = '\0', sscanf(fcont, "%ld", &nexttime) == 1))
|
|
|
|
{
|
|
|
|
time_t ct = time(0);
|
|
|
|
if (nexttime > ct && nexttime < ct + THROTTLE)
|
|
|
|
sleep(nexttime - ct);
|
|
|
|
}
|
|
|
|
|
|
|
|
lseek(lfd, 0, SEEK_SET);
|
|
|
|
write(lfd, fcont, sprintf(fcont, "%lu\n", time(0) + THROTTLE));
|
|
|
|
|
|
|
|
close(lfd);
|
|
|
|
}
|
|
|
|
|
|
|
|
/* Now do the fandango */
|
|
|
|
ret = Authenticate(
|
|
|
|
#ifdef HAVE_PAM
|
|
|
|
caller,
|
|
|
|
#endif
|
|
|
|
method,
|
|
|
|
username,
|
|
|
|
sfd < 0 ? conv_legacy : conv_server);
|
|
|
|
|
|
|
|
if (ret == AuthBad) {
|
|
|
|
message("Authentication failure\n");
|
|
|
|
if (!nullpass) {
|
|
|
|
openlog("kcheckpass", LOG_PID, LOG_AUTH);
|
|
|
|
syslog(LOG_NOTICE, "Authentication failure for %s (invoked by uid %d)", username, uid);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
return ret;
|
|
|
|
}
|
|
|
|
|
|
|
|
void
|
|
|
|
dispose(char *str)
|
|
|
|
{
|
|
|
|
memset(str, 0, strlen(str));
|
|
|
|
free(str);
|
|
|
|
}
|
|
|
|
|
|
|
|
/*****************************************************************
|
|
|
|
The real authentication methods are in separate source files.
|
|
|
|
Look in checkpass_*.c
|
|
|
|
*****************************************************************/
|