| 1 | /***************************************************************** |
|---|---|
| 2 | * |
| 3 | * kcheckpass - Simple password checker |
| 4 | * |
| 5 | * This program is free software; you can redistribute it and/or |
| 6 | * modify it under the terms of the GNU General Public |
| 7 | * License as published by the Free Software Foundation; either |
| 8 | * version 2 of the License, or (at your option) any later version. |
| 9 | * |
| 10 | * This program is distributed in the hope that it will be useful, |
| 11 | * but WITHOUT ANY WARRANTY; without even the implied warranty of |
| 12 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU |
| 13 | * General Public License for more details. |
| 14 | * |
| 15 | * You should have received a copy of the GNU General Public |
| 16 | * License along with this program; if not, write to the Free |
| 17 | * Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. |
| 18 | * |
| 19 | * |
| 20 | * kcheckpass is a simple password checker. Just invoke and |
| 21 | * send it the password on stdin. |
| 22 | * |
| 23 | * If the password was accepted, the program exits with 0; |
| 24 | * if it was rejected, it exits with 1. Any other exit |
| 25 | * code signals an error. |
| 26 | * |
| 27 | * It's hopefully simple enough to allow it to be setuid |
| 28 | * root. |
| 29 | * |
| 30 | * Compile with -DHAVE_VSYSLOG if you have vsyslog(). |
| 31 | * Compile with -DHAVE_PAM if you have a PAM system, |
| 32 | * and link with -lpam -ldl. |
| 33 | * Compile with -DHAVE_SHADOW if you have a shadow |
| 34 | * password system. |
| 35 | * |
| 36 | * Copyright (C) 1998, Caldera, Inc. |
| 37 | * Released under the GNU General Public License |
| 38 | * |
| 39 | * Olaf Kirch <okir@caldera.de> General Framework and PAM support |
| 40 | * Christian Esken <esken@kde.org> Shadow and /etc/passwd support |
| 41 | * Roberto Teixeira <maragato@kde.org> other user (-U) support |
| 42 | * Oswald Buddenhagen <ossi@kde.org> Binary server mode |
| 43 | * |
| 44 | * Other parts were taken from kscreensaver's passwd.cpp. |
| 45 | * |
| 46 | *****************************************************************/ |
| 47 | |
| 48 | #include "kcheckpass.h" |
| 49 | |
| 50 | #include <stdarg.h> |
| 51 | #include <stdio.h> |
| 52 | #include <string.h> |
| 53 | #include <unistd.h> |
| 54 | #include <fcntl.h> |
| 55 | #include <syslog.h> |
| 56 | #include <stdlib.h> |
| 57 | #include <errno.h> |
| 58 | #include <time.h> |
| 59 | |
| 60 | /* Compatibility: accept some options from environment variables */ |
| 61 | #define ACCEPT_ENV |
| 62 | |
| 63 | #define THROTTLE 3 |
| 64 | |
| 65 | static int havetty, sfd = -1, nullpass; |
| 66 | |
| 67 | static char * |
| 68 | conv_legacy (ConvRequest what, const char *prompt) |
| 69 | { |
| 70 | char *p, *p2; |
| 71 | int len; |
| 72 | char buf[1024]; |
| 73 | |
| 74 | switch (what) { |
| 75 | case ConvGetBinary: |
| 76 | break; |
| 77 | case ConvGetNormal: |
| 78 | /* there is no prompt == 0 case */ |
| 79 | if (!havetty) |
| 80 | break; |
| 81 | /* i guess we should use /dev/tty ... */ |
| 82 | fputs(prompt, stdout); |
| 83 | fflush(stdout); |
| 84 | if (!fgets(buf, sizeof(buf), stdin)) |
| 85 | return 0; |
| 86 | len = strlen(buf); |
| 87 | if (len && buf[len - 1] == |
| 88 | buf[--len] = 0; |
| 89 | return strdup(buf); |
| 90 | case ConvGetHidden: |
| 91 | if (havetty) { |
| 92 | #ifdef HAVE_GETPASSPHRASE |
| 93 | p = getpassphrase(prompt ? prompt : "Password: "); |
| 94 | #else |
| 95 | p = getpass(prompt ? prompt : "Password: "); |
| 96 | #endif |
| 97 | p2 = strdup(p); |
| 98 | memset(p, 0, strlen(p)); |
| 99 | return p2; |
| 100 | } else { |
| 101 | if (prompt) |
| 102 | break; |
| 103 | if ((len = read(0, buf, sizeof(buf) - 1)) < 0) { |
| 104 | message("Cannot read password\n"); |
| 105 | return 0; |
| 106 | } else { |
| 107 | if (len && buf[len - 1] == |
| 108 | --len; |
| 109 | buf[len] = 0; |
| 110 | p2 = strdup(buf); |
| 111 | memset(buf, 0, len); |
| 112 | return p2; |
| 113 | } |
| 114 | } |
| 115 | case ConvPutInfo: |
| 116 | message("Information: %s\n", prompt); |
| 117 | return 0; |
| 118 | case ConvPutError: |
| 119 | message("Error: %s\n", prompt); |
| 120 | return 0; |
| 121 | } |
| 122 | message("Authentication backend requested data type which cannot be handled.\n"); |
| 123 | return 0; |
| 124 | } |
| 125 | |
| 126 | |
| 127 | static int |
| 128 | Reader (void *buf, int count) |
| 129 | { |
| 130 | int ret, rlen; |
| 131 | |
| 132 | for (rlen = 0; rlen < count; ) { |
| 133 | dord: |
| 134 | ret = read (sfd, (void *)((char *)buf + rlen), count - rlen); |
| 135 | if (ret < 0) { |
| 136 | if (errno == EINTR) |
| 137 | goto dord; |
| 138 | if (errno == EAGAIN) |
| 139 | break; |
| 140 | return -1; |
| 141 | } |
| 142 | if (!ret) |
| 143 | break; |
| 144 | rlen += ret; |
| 145 | } |
| 146 | return rlen; |
| 147 | } |
| 148 | |
| 149 | static void |
| 150 | GRead (void *buf, int count) |
| 151 | { |
| 152 | if (Reader (buf, count) != count) { |
| 153 | message ("Communication breakdown on read\n"); |
| 154 | exit(15); |
| 155 | } |
| 156 | } |
| 157 | |
| 158 | static void |
| 159 | GWrite (const void *buf, int count) |
| 160 | { |
| 161 | if (write (sfd, buf, count) != count) { |
| 162 | message ("Communication breakdown on write\n"); |
| 163 | exit(15); |
| 164 | } |
| 165 | } |
| 166 | |
| 167 | static void |
| 168 | GSendInt (int val) |
| 169 | { |
| 170 | GWrite (&val, sizeof(val)); |
| 171 | } |
| 172 | |
| 173 | static void |
| 174 | GSendStr (const char *buf) |
| 175 | { |
| 176 | unsigned len = buf ? strlen (buf) + 1 : 0; |
| 177 | GWrite (&len, sizeof(len)); |
| 178 | GWrite (buf, len); |
| 179 | } |
| 180 | |
| 181 | static void |
| 182 | GSendArr (int len, const char *buf) |
| 183 | { |
| 184 | GWrite (&len, sizeof(len)); |
| 185 | GWrite (buf, len); |
| 186 | } |
| 187 | |
| 188 | static int |
| 189 | GRecvInt (void) |
| 190 | { |
| 191 | int val; |
| 192 | |
| 193 | GRead (&val, sizeof(val)); |
| 194 | return val; |
| 195 | } |
| 196 | |
| 197 | static char * |
| 198 | GRecvStr (void) |
| 199 | { |
| 200 | unsigned len; |
| 201 | char *buf; |
| 202 | |
| 203 | if (!(len = GRecvInt())) |
| 204 | return (char *)0; |
| 205 | if (len > 0x1000 || !(buf = malloc (len))) { |
| 206 | message ("No memory for read buffer\n"); |
| 207 | exit(15); |
| 208 | } |
| 209 | GRead (buf, len); |
| 210 | buf[len - 1] = 0; /* we're setuid ... don't trust "them" */ |
| 211 | return buf; |
| 212 | } |
| 213 | |
| 214 | static char * |
| 215 | GRecvArr (void) |
| 216 | { |
| 217 | unsigned len; |
| 218 | char *arr; |
| 219 | unsigned const char *up; |
| 220 | |
| 221 | if (!(len = (unsigned) GRecvInt())) |
| 222 | return (char *)0; |
| 223 | if (len < 4) { |
| 224 | message ("Too short binary authentication data block\n"); |
| 225 | exit(15); |
| 226 | } |
| 227 | if (len > 0x10000 || !(arr = malloc (len))) { |
| 228 | message ("No memory for read buffer\n"); |
| 229 | exit(15); |
| 230 | } |
| 231 | GRead (arr, len); |
| 232 | up = (unsigned const char *)arr; |
| 233 | if (len != (unsigned)(up[3] | (up[2] << 8) | (up[1] << 16) | (up[0] << 24))) { |
| 234 | message ("Mismatched binary authentication data block size\n"); |
| 235 | exit(15); |
| 236 | } |
| 237 | return arr; |
| 238 | } |
| 239 | |
| 240 | |
| 241 | static char * |
| 242 | conv_server (ConvRequest what, const char *prompt) |
| 243 | { |
| 244 | GSendInt (what); |
| 245 | switch (what) { |
| 246 | case ConvGetBinary: |
| 247 | { |
| 248 | unsigned const char *up = (unsigned const char *)prompt; |
| 249 | int len = up[3] | (up[2] << 8) | (up[1] << 16) | (up[0] << 24); |
| 250 | GSendArr (len, prompt); |
| 251 | return GRecvArr (); |
| 252 | } |
| 253 | case ConvGetNormal: |
| 254 | case ConvGetHidden: |
| 255 | { |
| 256 | char *msg; |
| 257 | GSendStr (prompt); |
| 258 | msg = GRecvStr (); |
| 259 | if (msg && (GRecvInt() & IsPassword) && !*msg) |
| 260 | nullpass = 1; |
| 261 | return msg; |
| 262 | } |
| 263 | case ConvPutInfo: |
| 264 | case ConvPutError: |
| 265 | default: |
| 266 | GSendStr (prompt); |
| 267 | return 0; |
| 268 | } |
| 269 | } |
| 270 | |
| 271 | void |
| 272 | message(const char *fmt, ...) |
| 273 | { |
| 274 | va_list ap; |
| 275 | |
| 276 | va_start(ap, fmt); |
| 277 | vfprintf(stderr, fmt, ap); |
| 278 | va_end(ap); |
| 279 | } |
| 280 | |
| 281 | #ifndef O_NOFOLLOW |
| 282 | # define O_NOFOLLOW 0 |
| 283 | #endif |
| 284 | |
| 285 | static void ATTR_NORETURN |
| 286 | usage(int exitval) |
| 287 | { |
| 288 | message( |
| 289 | "usage: kcheckpass {-h|[-c caller] [-m method] [-U username|-S handle]}\n" |
| 290 | " options:\n" |
| 291 | " -h this help message\n" |
| 292 | " -U username authenticate the specified user instead of current user\n" |
| 293 | " -S handle operate in binary server mode on file descriptor handle\n" |
| 294 | " -c caller the calling application, effectively the PAM service basename\n" |
| 295 | " -m method use the specified authentication method (default: \"classic\")\n" |
| 296 | " exit codes:\n" |
| 297 | " 0 success\n" |
| 298 | " 1 invalid password\n" |
| 299 | " 2 cannot read password database\n" |
| 300 | " Anything else tells you something's badly hosed.\n" |
| 301 | ); |
| 302 | exit(exitval); |
| 303 | } |
| 304 | |
| 305 | int |
| 306 | main(int argc, char **argv) |
| 307 | { |
| 308 | #ifdef HAVE_PAM |
| 309 | const char *caller = KSCREENSAVER_PAM_SERVICE; |
| 310 | #endif |
| 311 | const char *method = "classic"; |
| 312 | const char *username = 0; |
| 313 | #ifdef ACCEPT_ENV |
| 314 | char *p; |
| 315 | #endif |
| 316 | struct passwd *pw; |
| 317 | int c, nfd, lfd; |
| 318 | uid_t uid; |
| 319 | time_t nexttime; |
| 320 | AuthReturn ret; |
| 321 | struct flock lk; |
| 322 | char fname[64], fcont[64]; |
| 323 | |
| 324 | #ifdef HAVE_OSF_C2_PASSWD |
| 325 | initialize_osf_security(argc, argv); |
| 326 | #endif |
| 327 | |
| 328 | /* Make sure stdout/stderr are open */ |
| 329 | for (c = 1; c <= 2; c++) { |
| 330 | if (fcntl(c, F_GETFL) == -1) { |
| 331 | if ((nfd = open("/dev/null", O_WRONLY)) < 0) { |
| 332 | message("cannot open /dev/null: %s\n", strerror(errno)); |
| 333 | exit(10); |
| 334 | } |
| 335 | if (c != nfd) { |
| 336 | dup2(nfd, c); |
| 337 | close(nfd); |
| 338 | } |
| 339 | } |
| 340 | } |
| 341 | |
| 342 | havetty = isatty(0); |
| 343 | |
| 344 | while ((c = getopt(argc, argv, "hc:m:U:S:")) != -1) { |
| 345 | switch (c) { |
| 346 | case |
| 347 | usage(0); |
| 348 | break; |
| 349 | case |
| 350 | #ifdef HAVE_PAM |
| 351 | caller = optarg; |
| 352 | #endif |
| 353 | break; |
| 354 | case |
| 355 | method = optarg; |
| 356 | break; |
| 357 | case |
| 358 | username = optarg; |
| 359 | break; |
| 360 | case |
| 361 | sfd = atoi(optarg); |
| 362 | break; |
| 363 | default: |
| 364 | message("Command line option parsing error\n"); |
| 365 | usage(10); |
| 366 | } |
| 367 | } |
| 368 | |
| 369 | #ifdef ACCEPT_ENV |
| 370 | # ifdef HAVE_PAM |
| 371 | if ((p = getenv("KDE_PAM_ACTION"))) |
| 372 | caller = p; |
| 373 | # endif |
| 374 | if ((p = getenv("KCHECKPASS_USER"))) |
| 375 | username = p; |
| 376 | #endif |
| 377 | |
| 378 | uid = getuid(); |
| 379 | if (!username) { |
| 380 | if (!(p = getenv("LOGNAME")) || !(pw = getpwnam(p)) || pw->pw_uid != uid) |
| 381 | if (!(p = getenv("USER")) || !(pw = getpwnam(p)) || pw->pw_uid != uid) |
| 382 | if (!(pw = getpwuid(uid))) { |
| 383 | message("Cannot determinate current user\n"); |
| 384 | return AuthError; |
| 385 | } |
| 386 | if (!(username = strdup(pw->pw_name))) { |
| 387 | message("Out of memory\n"); |
| 388 | return AuthError; |
| 389 | } |
| 390 | } |
| 391 | |
| 392 | /* |
| 393 | * Throttle kcheckpass invocations to avoid abusing it for bruteforcing |
| 394 | * the password. This delay belongs to the *previous* invocation, where |
| 395 | * we can't enforce it reliably (without risking giving away the result |
| 396 | * before it is due). We don't differentiate between success and failure - |
| 397 | * it's not expected to have a noticeable adverse effect. |
| 398 | */ |
| 399 | if ( uid != geteuid() ) { |
| 400 | sprintf(fname, "/var/run/kcheckpass.%d", uid); |
| 401 | if ((lfd = open(fname, O_RDWR | O_CREAT | O_NOFOLLOW, 0600)) < 0) { |
| 402 | message("Cannot open lockfile\n"); |
| 403 | return AuthError; |
| 404 | } |
| 405 | |
| 406 | lk.l_type = F_WRLCK; |
| 407 | lk.l_whence = SEEK_SET; |
| 408 | lk.l_start = lk.l_len = 0; |
| 409 | if (fcntl(lfd, F_SETLKW, &lk)) { |
| 410 | message("Cannot obtain lock\n"); |
| 411 | return AuthError; |
| 412 | } |
| 413 | |
| 414 | if ((c = read(lfd, fcont, sizeof(fcont)-1)) > 0 && |
| 415 | (fcont[c] = "%ld", &nexttime) == 1)) |
| 416 | { |
| 417 | time_t ct = time(0); |
| 418 | if (nexttime > ct && nexttime < ct + THROTTLE) |
| 419 | sleep(nexttime - ct); |
| 420 | } |
| 421 | |
| 422 | lseek(lfd, 0, SEEK_SET); |
| 423 | write(lfd, fcont, sprintf(fcont, "%lu\n", time(0) + THROTTLE)); |
| 424 | |
| 425 | close(lfd); |
| 426 | } |
| 427 | |
| 428 | /* Now do the fandango */ |
| 429 | ret = Authenticate( |
| 430 | #ifdef HAVE_PAM |
| 431 | caller, |
| 432 | #endif |
| 433 | method, |
| 434 | username, |
| 435 | sfd < 0 ? conv_legacy : conv_server); |
| 436 | |
| 437 | if (ret == AuthBad) { |
| 438 | message("Authentication failure\n"); |
| 439 | if (!nullpass) { |
| 440 | openlog("kcheckpass", LOG_PID, LOG_AUTH); |
| 441 | syslog(LOG_NOTICE, "Authentication failure for %s (invoked by uid %d)", username, uid); |
| 442 | } |
| 443 | } |
| 444 | |
| 445 | return ret; |
| 446 | } |
| 447 | |
| 448 | void |
| 449 | dispose(char *str) |
| 450 | { |
| 451 | memset(str, 0, strlen(str)); |
| 452 | free(str); |
| 453 | } |
| 454 | |
| 455 | /***************************************************************** |
| 456 | The real authentication methods are in separate source files. |
| 457 | Look in checkpass_*.c |
| 458 | *****************************************************************/ |
| 459 |
Generated on 2014-Aug-04 from project kde-workspace revision v4.11.11-6-g8c223af
Powered by 
Code Browser 1.7