diff options
author | toma <toma@283d02a7-25f6-0310-bc7c-ecb5cbfe19da> | 2009-11-25 17:56:58 +0000 |
---|---|---|
committer | toma <toma@283d02a7-25f6-0310-bc7c-ecb5cbfe19da> | 2009-11-25 17:56:58 +0000 |
commit | 4aed2c8219774f5d797760606b8489a92ddc5163 (patch) | |
tree | 3f8c130f7d269626bf6a9447407ef6c35954426a /kcheckpass/kcheckpass.c | |
download | tdebase-4aed2c8219774f5d797760606b8489a92ddc5163.tar.gz tdebase-4aed2c8219774f5d797760606b8489a92ddc5163.zip |
Copy the KDE 3.5 branch to branches/trinity for new KDE 3.5 features.
BUG:215923
git-svn-id: svn://anonsvn.kde.org/home/kde/branches/trinity/kdebase@1054174 283d02a7-25f6-0310-bc7c-ecb5cbfe19da
Diffstat (limited to 'kcheckpass/kcheckpass.c')
-rw-r--r-- | kcheckpass/kcheckpass.c | 448 |
1 files changed, 448 insertions, 0 deletions
diff --git a/kcheckpass/kcheckpass.c b/kcheckpass/kcheckpass.c new file mode 100644 index 000000000..6a0550969 --- /dev/null +++ b/kcheckpass/kcheckpass.c @@ -0,0 +1,448 @@ +/***************************************************************** + * + * kcheckpass - Simple password checker + * + * This program is free software; you can redistribute it and/or + * modify it under the terms of the GNU General Public + * License as published by the Free Software Foundation; either + * version 2 of the License, or (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU General Public + * License along with this program; if not, write to the Free + * Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. + * + * + * kcheckpass is a simple password checker. Just invoke and + * send it the password on stdin. + * + * If the password was accepted, the program exits with 0; + * if it was rejected, it exits with 1. Any other exit + * code signals an error. + * + * It's hopefully simple enough to allow it to be setuid + * root. + * + * Compile with -DHAVE_VSYSLOG if you have vsyslog(). + * Compile with -DHAVE_PAM if you have a PAM system, + * and link with -lpam -ldl. + * Compile with -DHAVE_SHADOW if you have a shadow + * password system. + * + * Copyright (C) 1998, Caldera, Inc. + * Released under the GNU General Public License + * + * Olaf Kirch <[email protected]> General Framework and PAM support + * Christian Esken <[email protected]> Shadow and /etc/passwd support + * Roberto Teixeira <[email protected]> other user (-U) support + * Oswald Buddenhagen <[email protected]> Binary server mode + * + * Other parts were taken from kscreensaver's passwd.cpp. + * + *****************************************************************/ + +#include "kcheckpass.h" + +#include <stdarg.h> +#include <stdio.h> +#include <string.h> +#include <unistd.h> +#include <fcntl.h> +#include <syslog.h> +#include <stdlib.h> +#include <errno.h> +#include <time.h> + +/* Compatibility: accept some options from environment variables */ +#define ACCEPT_ENV + +#define THROTTLE 3 + +static int havetty, sfd = -1, nullpass; + +static char * +conv_legacy (ConvRequest what, const char *prompt) +{ + char *p, *p2; + int len; + char buf[1024]; + + switch (what) { + case ConvGetBinary: + break; + case ConvGetNormal: + /* there is no prompt == 0 case */ + if (!havetty) + break; + /* i guess we should use /dev/tty ... */ + fputs(prompt, stdout); + fflush(stdout); + if (!fgets(buf, sizeof(buf), stdin)) + return 0; + len = strlen(buf); + if (len && buf[len - 1] == '\n') + buf[--len] = 0; + return strdup(buf); + case ConvGetHidden: + if (havetty) { +#ifdef HAVE_GETPASSPHRASE + p = getpassphrase(prompt ? prompt : "Password: "); +#else + p = getpass(prompt ? prompt : "Password: "); +#endif + p2 = strdup(p); + memset(p, 0, strlen(p)); + return p2; + } else { + if (prompt) + break; + if ((len = read(0, buf, sizeof(buf) - 1)) < 0) { + message("Cannot read password\n"); + return 0; + } else { + if (len && buf[len - 1] == '\n') + --len; + buf[len] = 0; + p2 = strdup(buf); + memset(buf, 0, len); + return p2; + } + } + case ConvPutInfo: + message("Information: %s\n", prompt); + return 0; + case ConvPutError: + message("Error: %s\n", prompt); + return 0; + } + message("Authentication backend requested data type which cannot be handled.\n"); + return 0; +} + + +static int +Reader (void *buf, int count) +{ + int ret, rlen; + + for (rlen = 0; rlen < count; ) { + dord: + ret = read (sfd, (void *)((char *)buf + rlen), count - rlen); + if (ret < 0) { + if (errno == EINTR) + goto dord; + if (errno == EAGAIN) + break; + return -1; + } + if (!ret) + break; + rlen += ret; + } + return rlen; +} + +static void +GRead (void *buf, int count) +{ + if (Reader (buf, count) != count) { + message ("Communication breakdown on read\n"); + exit(15); + } +} + +static void +GWrite (const void *buf, int count) +{ + if (write (sfd, buf, count) != count) { + message ("Communication breakdown on write\n"); + exit(15); + } +} + +static void +GSendInt (int val) +{ + GWrite (&val, sizeof(val)); +} + +static void +GSendStr (const char *buf) +{ + unsigned len = buf ? strlen (buf) + 1 : 0; + GWrite (&len, sizeof(len)); + GWrite (buf, len); +} + +static void +GSendArr (int len, const char *buf) +{ + GWrite (&len, sizeof(len)); + GWrite (buf, len); +} + +static int +GRecvInt (void) +{ + int val; + + GRead (&val, sizeof(val)); + return val; +} + +static char * +GRecvStr (void) +{ + unsigned len; + char *buf; + + if (!(len = GRecvInt())) + return (char *)0; + if (len > 0x1000 || !(buf = malloc (len))) { + message ("No memory for read buffer\n"); + exit(15); + } + GRead (buf, len); + buf[len - 1] = 0; /* we're setuid ... don't trust "them" */ + return buf; +} + +static char * +GRecvArr (void) +{ + unsigned len; + char *arr; + + if (!(len = (unsigned) GRecvInt())) + return (char *)0; + if (len > 0x10000 || !(arr = malloc (len))) { + message ("No memory for read buffer\n"); + exit(15); + } + GRead (arr, len); + return arr; +} + + +static char * +conv_server (ConvRequest what, const char *prompt) +{ + GSendInt (what); + switch (what) { + case ConvGetBinary: + { + unsigned const char *up = (unsigned const char *)prompt; + int len = up[3] | (up[2] << 8) | (up[1] << 16) | (up[0] << 24); + GSendArr (len, prompt); + return GRecvArr (); + } + case ConvGetNormal: + case ConvGetHidden: + { + char *msg; + GSendStr (prompt); + msg = GRecvStr (); + if (msg && (GRecvInt() & IsPassword) && !*msg) + nullpass = 1; + return msg; + } + case ConvPutInfo: + case ConvPutError: + default: + GSendStr (prompt); + return 0; + } +} + +void +message(const char *fmt, ...) +{ + va_list ap; + + va_start(ap, fmt); + vfprintf(stderr, fmt, ap); + va_end(ap); +} + +#ifndef O_NOFOLLOW +# define O_NOFOLLOW 0 +#endif + +static void ATTR_NORETURN +usage(int exitval) +{ + message( + "usage: kcheckpass {-h|[-c caller] [-m method] [-U username|-S handle]}\n" + " options:\n" + " -h this help message\n" + " -U username authenticate the specified user instead of current user\n" + " -S handle operate in binary server mode on file descriptor handle\n" + " -c caller the calling application, effectively the PAM service basename\n" + " -m method use the specified authentication method (default: \"classic\")\n" + " exit codes:\n" + " 0 success\n" + " 1 invalid password\n" + " 2 cannot read password database\n" + " Anything else tells you something's badly hosed.\n" + ); + exit(exitval); +} + +int +main(int argc, char **argv) +{ +#ifdef HAVE_PAM + const char *caller = KCHECKPASS_PAM_SERVICE; +#endif + const char *method = "classic"; + const char *username = 0; +#ifdef ACCEPT_ENV + char *p; +#endif + struct passwd *pw; + int c, nfd, lfd; + uid_t uid; + time_t nexttime; + AuthReturn ret; + struct flock lk; + char fname[64], fcont[64]; + +#ifdef HAVE_OSF_C2_PASSWD + initialize_osf_security(argc, argv); +#endif + + /* Make sure stdout/stderr are open */ + for (c = 1; c <= 2; c++) { + if (fcntl(c, F_GETFL) == -1) { + if ((nfd = open("/dev/null", O_WRONLY)) < 0) { + message("cannot open /dev/null: %s\n", strerror(errno)); + exit(10); + } + if (c != nfd) { + dup2(nfd, c); + close(nfd); + } + } + } + + havetty = isatty(0); + + while ((c = getopt(argc, argv, "hc:m:U:S:")) != -1) { + switch (c) { + case 'h': + usage(0); + break; + case 'c': +#ifdef HAVE_PAM + caller = optarg; +#endif + break; + case 'm': + method = optarg; + break; + case 'U': + username = optarg; + break; + case 'S': + sfd = atoi(optarg); + break; + default: + message("Command line option parsing error\n"); + usage(10); + } + } + +#ifdef ACCEPT_ENV +# ifdef HAVE_PAM + if ((p = getenv("KDE_PAM_ACTION"))) + caller = p; +# endif + if ((p = getenv("KCHECKPASS_USER"))) + username = p; +#endif + + uid = getuid(); + if (!username) { + if (!(p = getenv("LOGNAME")) || !(pw = getpwnam(p)) || pw->pw_uid != uid) + if (!(p = getenv("USER")) || !(pw = getpwnam(p)) || pw->pw_uid != uid) + if (!(pw = getpwuid(uid))) { + message("Cannot determinate current user\n"); + return AuthError; + } + if (!(username = strdup(pw->pw_name))) { + message("Out of memory\n"); + return AuthError; + } + } + + /* + * Throttle kcheckpass invocations to avoid abusing it for bruteforcing + * the password. This delay belongs to the *previous* invocation, where + * we can't enforce it reliably (without risking giving away the result + * before it is due). We don't differentiate between success and failure - + * it's not expected to have a noticable adverse effect. + */ + if ( uid != geteuid() ) { + sprintf(fname, "/var/run/kcheckpass.%d", uid); + if ((lfd = open(fname, O_RDWR | O_CREAT | O_NOFOLLOW, 0600)) < 0) { + message("Cannot open lockfile\n"); + return AuthError; + } + + lk.l_type = F_WRLCK; + lk.l_whence = SEEK_SET; + lk.l_start = lk.l_len = 0; + if (fcntl(lfd, F_SETLKW, &lk)) { + message("Cannot obtain lock\n"); + return AuthError; + } + + if ((c = read(lfd, fcont, sizeof(fcont)-1)) > 0 && + (fcont[c] = '\0', sscanf(fcont, "%ld", &nexttime) == 1)) + { + time_t ct = time(0); + if (nexttime > ct && nexttime < ct + THROTTLE) + sleep(nexttime - ct); + } + + lseek(lfd, 0, SEEK_SET); + write(lfd, fcont, sprintf(fcont, "%lu\n", time(0) + THROTTLE)); + + close(lfd); + } + + /* Now do the fandango */ + ret = Authenticate( +#ifdef HAVE_PAM + caller, +#endif + method, + username, + sfd < 0 ? conv_legacy : conv_server); + + if (ret == AuthBad) { + message("Authentication failure\n"); + if (!nullpass) { + openlog("kcheckpass", LOG_PID, LOG_AUTH); + syslog(LOG_NOTICE, "Authentication failure for %s (invoked by uid %d)", username, uid); + } + } + + return ret; +} + +void +dispose(char *str) +{ + memset(str, 0, strlen(str)); + free(str); +} + +/***************************************************************** + The real authentication methods are in separate source files. + Look in checkpass_*.c +*****************************************************************/ |