1 | /***************************************************************** |
2 | * |
3 | * kcheckpass - Simple password checker |
4 | * |
5 | * This program is free software; you can redistribute it and/or |
6 | * modify it under the terms of the GNU General Public |
7 | * License as published by the Free Software Foundation; either |
8 | * version 2 of the License, or (at your option) any later version. |
9 | * |
10 | * This program is distributed in the hope that it will be useful, |
11 | * but WITHOUT ANY WARRANTY; without even the implied warranty of |
12 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU |
13 | * General Public License for more details. |
14 | * |
15 | * You should have received a copy of the GNU General Public |
16 | * License along with this program; if not, write to the Free |
17 | * Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. |
18 | * |
19 | * |
20 | * kcheckpass is a simple password checker. Just invoke and |
21 | * send it the password on stdin. |
22 | * |
23 | * If the password was accepted, the program exits with 0; |
24 | * if it was rejected, it exits with 1. Any other exit |
25 | * code signals an error. |
26 | * |
27 | * It's hopefully simple enough to allow it to be setuid |
28 | * root. |
29 | * |
30 | * Compile with -DHAVE_VSYSLOG if you have vsyslog(). |
31 | * Compile with -DHAVE_PAM if you have a PAM system, |
32 | * and link with -lpam -ldl. |
33 | * Compile with -DHAVE_SHADOW if you have a shadow |
34 | * password system. |
35 | * |
36 | * Copyright (C) 1998, Caldera, Inc. |
37 | * Released under the GNU General Public License |
38 | * |
39 | * Olaf Kirch <okir@caldera.de> General Framework and PAM support |
40 | * Christian Esken <esken@kde.org> Shadow and /etc/passwd support |
41 | * Roberto Teixeira <maragato@kde.org> other user (-U) support |
42 | * Oswald Buddenhagen <ossi@kde.org> Binary server mode |
43 | * |
44 | * Other parts were taken from kscreensaver's passwd.cpp. |
45 | * |
46 | *****************************************************************/ |
47 | |
48 | #include "kcheckpass.h" |
49 | |
50 | #include <stdarg.h> |
51 | #include <stdio.h> |
52 | #include <string.h> |
53 | #include <unistd.h> |
54 | #include <fcntl.h> |
55 | #include <syslog.h> |
56 | #include <stdlib.h> |
57 | #include <errno.h> |
58 | #include <time.h> |
59 | |
60 | /* Compatibility: accept some options from environment variables */ |
61 | #define ACCEPT_ENV |
62 | |
63 | #define THROTTLE 3 |
64 | |
65 | static int havetty, sfd = -1, nullpass; |
66 | |
67 | static char * |
68 | conv_legacy (ConvRequest what, const char *prompt) |
69 | { |
70 | char *p, *p2; |
71 | int len; |
72 | char buf[1024]; |
73 | |
74 | switch (what) { |
75 | case ConvGetBinary: |
76 | break; |
77 | case ConvGetNormal: |
78 | /* there is no prompt == 0 case */ |
79 | if (!havetty) |
80 | break; |
81 | /* i guess we should use /dev/tty ... */ |
82 | fputs(prompt, stdout); |
83 | fflush(stdout); |
84 | if (!fgets(buf, sizeof(buf), stdin)) |
85 | return 0; |
86 | len = strlen(buf); |
87 | if (len && buf[len - 1] == '\n') |
88 | buf[--len] = 0; |
89 | return strdup(buf); |
90 | case ConvGetHidden: |
91 | if (havetty) { |
92 | #ifdef HAVE_GETPASSPHRASE |
93 | p = getpassphrase(prompt ? prompt : "Password: " ); |
94 | #else |
95 | p = getpass(prompt ? prompt : "Password: " ); |
96 | #endif |
97 | p2 = strdup(p); |
98 | memset(p, 0, strlen(p)); |
99 | return p2; |
100 | } else { |
101 | if (prompt) |
102 | break; |
103 | if ((len = read(0, buf, sizeof(buf) - 1)) < 0) { |
104 | message("Cannot read password\n" ); |
105 | return 0; |
106 | } else { |
107 | if (len && buf[len - 1] == '\n') |
108 | --len; |
109 | buf[len] = 0; |
110 | p2 = strdup(buf); |
111 | memset(buf, 0, len); |
112 | return p2; |
113 | } |
114 | } |
115 | case ConvPutInfo: |
116 | message("Information: %s\n" , prompt); |
117 | return 0; |
118 | case ConvPutError: |
119 | message("Error: %s\n" , prompt); |
120 | return 0; |
121 | } |
122 | message("Authentication backend requested data type which cannot be handled.\n" ); |
123 | return 0; |
124 | } |
125 | |
126 | |
127 | static int |
128 | Reader (void *buf, int count) |
129 | { |
130 | int ret, rlen; |
131 | |
132 | for (rlen = 0; rlen < count; ) { |
133 | dord: |
134 | ret = read (sfd, (void *)((char *)buf + rlen), count - rlen); |
135 | if (ret < 0) { |
136 | if (errno == EINTR) |
137 | goto dord; |
138 | if (errno == EAGAIN) |
139 | break; |
140 | return -1; |
141 | } |
142 | if (!ret) |
143 | break; |
144 | rlen += ret; |
145 | } |
146 | return rlen; |
147 | } |
148 | |
149 | static void |
150 | GRead (void *buf, int count) |
151 | { |
152 | if (Reader (buf, count) != count) { |
153 | message ("Communication breakdown on read\n" ); |
154 | exit(15); |
155 | } |
156 | } |
157 | |
158 | static void |
159 | GWrite (const void *buf, int count) |
160 | { |
161 | if (write (sfd, buf, count) != count) { |
162 | message ("Communication breakdown on write\n" ); |
163 | exit(15); |
164 | } |
165 | } |
166 | |
167 | static void |
168 | GSendInt (int val) |
169 | { |
170 | GWrite (&val, sizeof(val)); |
171 | } |
172 | |
173 | static void |
174 | GSendStr (const char *buf) |
175 | { |
176 | unsigned len = buf ? strlen (buf) + 1 : 0; |
177 | GWrite (&len, sizeof(len)); |
178 | GWrite (buf, len); |
179 | } |
180 | |
181 | static void |
182 | GSendArr (int len, const char *buf) |
183 | { |
184 | GWrite (&len, sizeof(len)); |
185 | GWrite (buf, len); |
186 | } |
187 | |
188 | static int |
189 | GRecvInt (void) |
190 | { |
191 | int val; |
192 | |
193 | GRead (&val, sizeof(val)); |
194 | return val; |
195 | } |
196 | |
197 | static char * |
198 | GRecvStr (void) |
199 | { |
200 | unsigned len; |
201 | char *buf; |
202 | |
203 | if (!(len = GRecvInt())) |
204 | return (char *)0; |
205 | if (len > 0x1000 || !(buf = malloc (len))) { |
206 | message ("No memory for read buffer\n" ); |
207 | exit(15); |
208 | } |
209 | GRead (buf, len); |
210 | buf[len - 1] = 0; /* we're setuid ... don't trust "them" */ |
211 | return buf; |
212 | } |
213 | |
214 | static char * |
215 | GRecvArr (void) |
216 | { |
217 | unsigned len; |
218 | char *arr; |
219 | unsigned const char *up; |
220 | |
221 | if (!(len = (unsigned) GRecvInt())) |
222 | return (char *)0; |
223 | if (len < 4) { |
224 | message ("Too short binary authentication data block\n" ); |
225 | exit(15); |
226 | } |
227 | if (len > 0x10000 || !(arr = malloc (len))) { |
228 | message ("No memory for read buffer\n" ); |
229 | exit(15); |
230 | } |
231 | GRead (arr, len); |
232 | up = (unsigned const char *)arr; |
233 | if (len != (unsigned)(up[3] | (up[2] << 8) | (up[1] << 16) | (up[0] << 24))) { |
234 | message ("Mismatched binary authentication data block size\n" ); |
235 | exit(15); |
236 | } |
237 | return arr; |
238 | } |
239 | |
240 | |
241 | static char * |
242 | conv_server (ConvRequest what, const char *prompt) |
243 | { |
244 | GSendInt (what); |
245 | switch (what) { |
246 | case ConvGetBinary: |
247 | { |
248 | unsigned const char *up = (unsigned const char *)prompt; |
249 | int len = up[3] | (up[2] << 8) | (up[1] << 16) | (up[0] << 24); |
250 | GSendArr (len, prompt); |
251 | return GRecvArr (); |
252 | } |
253 | case ConvGetNormal: |
254 | case ConvGetHidden: |
255 | { |
256 | char *msg; |
257 | GSendStr (prompt); |
258 | msg = GRecvStr (); |
259 | if (msg && (GRecvInt() & IsPassword) && !*msg) |
260 | nullpass = 1; |
261 | return msg; |
262 | } |
263 | case ConvPutInfo: |
264 | case ConvPutError: |
265 | default: |
266 | GSendStr (prompt); |
267 | return 0; |
268 | } |
269 | } |
270 | |
271 | void |
272 | message(const char *fmt, ...) |
273 | { |
274 | va_list ap; |
275 | |
276 | va_start(ap, fmt); |
277 | vfprintf(stderr, fmt, ap); |
278 | va_end(ap); |
279 | } |
280 | |
281 | #ifndef O_NOFOLLOW |
282 | # define O_NOFOLLOW 0 |
283 | #endif |
284 | |
285 | static void ATTR_NORETURN |
286 | usage(int exitval) |
287 | { |
288 | message( |
289 | "usage: kcheckpass {-h|[-c caller] [-m method] [-U username|-S handle]}\n" |
290 | " options:\n" |
291 | " -h this help message\n" |
292 | " -U username authenticate the specified user instead of current user\n" |
293 | " -S handle operate in binary server mode on file descriptor handle\n" |
294 | " -c caller the calling application, effectively the PAM service basename\n" |
295 | " -m method use the specified authentication method (default: \"classic\")\n" |
296 | " exit codes:\n" |
297 | " 0 success\n" |
298 | " 1 invalid password\n" |
299 | " 2 cannot read password database\n" |
300 | " Anything else tells you something's badly hosed.\n" |
301 | ); |
302 | exit(exitval); |
303 | } |
304 | |
305 | int |
306 | main(int argc, char **argv) |
307 | { |
308 | #ifdef HAVE_PAM |
309 | const char *caller = KSCREENSAVER_PAM_SERVICE; |
310 | #endif |
311 | const char *method = "classic" ; |
312 | const char *username = 0; |
313 | #ifdef ACCEPT_ENV |
314 | char *p; |
315 | #endif |
316 | struct passwd *pw; |
317 | int c, nfd, lfd; |
318 | uid_t uid; |
319 | time_t nexttime; |
320 | AuthReturn ret; |
321 | struct flock lk; |
322 | char fname[64], fcont[64]; |
323 | |
324 | #ifdef HAVE_OSF_C2_PASSWD |
325 | initialize_osf_security(argc, argv); |
326 | #endif |
327 | |
328 | /* Make sure stdout/stderr are open */ |
329 | for (c = 1; c <= 2; c++) { |
330 | if (fcntl(c, F_GETFL) == -1) { |
331 | if ((nfd = open("/dev/null" , O_WRONLY)) < 0) { |
332 | message("cannot open /dev/null: %s\n" , strerror(errno)); |
333 | exit(10); |
334 | } |
335 | if (c != nfd) { |
336 | dup2(nfd, c); |
337 | close(nfd); |
338 | } |
339 | } |
340 | } |
341 | |
342 | havetty = isatty(0); |
343 | |
344 | while ((c = getopt(argc, argv, "hc:m:U:S:" )) != -1) { |
345 | switch (c) { |
346 | case 'h': |
347 | usage(0); |
348 | break; |
349 | case 'c': |
350 | #ifdef HAVE_PAM |
351 | caller = optarg; |
352 | #endif |
353 | break; |
354 | case 'm': |
355 | method = optarg; |
356 | break; |
357 | case 'U': |
358 | username = optarg; |
359 | break; |
360 | case 'S': |
361 | sfd = atoi(optarg); |
362 | break; |
363 | default: |
364 | message("Command line option parsing error\n" ); |
365 | usage(10); |
366 | } |
367 | } |
368 | |
369 | #ifdef ACCEPT_ENV |
370 | # ifdef HAVE_PAM |
371 | if ((p = getenv("KDE_PAM_ACTION" ))) |
372 | caller = p; |
373 | # endif |
374 | if ((p = getenv("KCHECKPASS_USER" ))) |
375 | username = p; |
376 | #endif |
377 | |
378 | uid = getuid(); |
379 | if (!username) { |
380 | if (!(p = getenv("LOGNAME" )) || !(pw = getpwnam(p)) || pw->pw_uid != uid) |
381 | if (!(p = getenv("USER" )) || !(pw = getpwnam(p)) || pw->pw_uid != uid) |
382 | if (!(pw = getpwuid(uid))) { |
383 | message("Cannot determinate current user\n" ); |
384 | return AuthError; |
385 | } |
386 | if (!(username = strdup(pw->pw_name))) { |
387 | message("Out of memory\n" ); |
388 | return AuthError; |
389 | } |
390 | } |
391 | |
392 | /* |
393 | * Throttle kcheckpass invocations to avoid abusing it for bruteforcing |
394 | * the password. This delay belongs to the *previous* invocation, where |
395 | * we can't enforce it reliably (without risking giving away the result |
396 | * before it is due). We don't differentiate between success and failure - |
397 | * it's not expected to have a noticeable adverse effect. |
398 | */ |
399 | if ( uid != geteuid() ) { |
400 | sprintf(fname, "/var/run/kcheckpass.%d" , uid); |
401 | if ((lfd = open(fname, O_RDWR | O_CREAT | O_NOFOLLOW, 0600)) < 0) { |
402 | message("Cannot open lockfile\n" ); |
403 | return AuthError; |
404 | } |
405 | |
406 | lk.l_type = F_WRLCK; |
407 | lk.l_whence = SEEK_SET; |
408 | lk.l_start = lk.l_len = 0; |
409 | if (fcntl(lfd, F_SETLKW, &lk)) { |
410 | message("Cannot obtain lock\n" ); |
411 | return AuthError; |
412 | } |
413 | |
414 | if ((c = read(lfd, fcont, sizeof(fcont)-1)) > 0 && |
415 | (fcont[c] = '\0', sscanf(fcont, "%ld" , &nexttime) == 1)) |
416 | { |
417 | time_t ct = time(0); |
418 | if (nexttime > ct && nexttime < ct + THROTTLE) |
419 | sleep(nexttime - ct); |
420 | } |
421 | |
422 | lseek(lfd, 0, SEEK_SET); |
423 | write(lfd, fcont, sprintf(fcont, "%lu\n" , time(0) + THROTTLE)); |
424 | |
425 | close(lfd); |
426 | } |
427 | |
428 | /* Now do the fandango */ |
429 | ret = Authenticate( |
430 | #ifdef HAVE_PAM |
431 | caller, |
432 | #endif |
433 | method, |
434 | username, |
435 | sfd < 0 ? conv_legacy : conv_server); |
436 | |
437 | if (ret == AuthBad) { |
438 | message("Authentication failure\n" ); |
439 | if (!nullpass) { |
440 | openlog("kcheckpass" , LOG_PID, LOG_AUTH); |
441 | syslog(LOG_NOTICE, "Authentication failure for %s (invoked by uid %d)" , username, uid); |
442 | } |
443 | } |
444 | |
445 | return ret; |
446 | } |
447 | |
448 | void |
449 | dispose(char *str) |
450 | { |
451 | memset(str, 0, strlen(str)); |
452 | free(str); |
453 | } |
454 | |
455 | /***************************************************************** |
456 | The real authentication methods are in separate source files. |
457 | Look in checkpass_*.c |
458 | *****************************************************************/ |
459 | |