This plugs several possible security holes git-svn-id: svn://anonsvn.kde.org/home/kde/branches/trinity/applications/smartcardauth@1254687 283d02a7-25f6-0310-bc7c-ecb5cbfe19dav3.5.13-sru
tpearson
13 years ago
parent
125b13c176
commit
32b6f4c4ae
@ -0,0 +1,284 @@
|
||||
/* $Id: ckpasswd.c 7565 2006-08-28 02:42:54Z eagle $
|
||||
**
|
||||
** The default username/password authenticator.
|
||||
**
|
||||
** This program is intended to be run by nnrpd and handle usernames and
|
||||
** passwords. It can authenticate against a regular flat file (the type
|
||||
** managed by htpasswd), a DBM file, the system password file or shadow file,
|
||||
** or PAM.
|
||||
*/
|
||||
|
||||
/* Used for unused parameters to silence gcc warnings. */
|
||||
#define UNUSED __attribute__((__unused__))
|
||||
|
||||
/* Make available the bool type. */
|
||||
#if INN_HAVE_STDBOOL_H
|
||||
# include <stdbool.h>
|
||||
#else
|
||||
# undef true
|
||||
# undef false
|
||||
# define true (1)
|
||||
# define false (0)
|
||||
# ifndef __cplusplus
|
||||
# define bool int
|
||||
# endif
|
||||
#endif /* INN_HAVE_STDBOOL_H */
|
||||
|
||||
#include <stdlib.h>
|
||||
#include <string.h>
|
||||
#include <crypt.h>
|
||||
#include <fcntl.h>
|
||||
#include <pwd.h>
|
||||
#include <grp.h>
|
||||
|
||||
#define DB_DBM_HSEARCH 1
|
||||
#include <db.h>
|
||||
#define OPT_DBM "d:"
|
||||
|
||||
#if HAVE_GETSPNAM
|
||||
# include <shadow.h>
|
||||
# define OPT_SHADOW "s"
|
||||
#else
|
||||
# define OPT_SHADOW ""
|
||||
#endif
|
||||
|
||||
/* The functions are actually macros so that we can pick up the file and line
|
||||
number information for debugging error messages without the user having to
|
||||
pass those in every time. */
|
||||
#define xcalloc(n, size) x_calloc((n), (size), __FILE__, __LINE__)
|
||||
#define xmalloc(size) x_malloc((size), __FILE__, __LINE__)
|
||||
#define xrealloc(p, size) x_realloc((p), (size), __FILE__, __LINE__)
|
||||
#define xstrdup(p) x_strdup((p), __FILE__, __LINE__)
|
||||
#define xstrndup(p, size) x_strndup((p), (size), __FILE__, __LINE__)
|
||||
|
||||
#include <security/pam_appl.h>
|
||||
|
||||
/* Holds the authentication information from nnrpd. */
|
||||
struct auth_info {
|
||||
char *username;
|
||||
char *password;
|
||||
};
|
||||
|
||||
/*
|
||||
** The PAM conversation function.
|
||||
**
|
||||
** Since we already have all the information and can't ask the user
|
||||
** questions, we can't quite follow the real PAM protocol. Instead, we just
|
||||
** return the password in response to every question that PAM asks. There
|
||||
** appears to be no generic way to determine whether the message in question
|
||||
** is indeed asking for the password....
|
||||
**
|
||||
** This function allocates an array of struct pam_response to return to the
|
||||
** PAM libraries that's never freed. For this program, this isn't much of an
|
||||
** issue, since it will likely only be called once and then the program will
|
||||
** exit. This function uses malloc and strdup instead of xmalloc and xstrdup
|
||||
** intentionally so that the PAM conversation will be closed cleanly if we
|
||||
** run out of memory rather than simply terminated.
|
||||
**
|
||||
** appdata_ptr contains the password we were given.
|
||||
*/
|
||||
static int pass_conv(int num_msg, const struct pam_message **msgm UNUSED, struct pam_response **response, void *appdata_ptr)
|
||||
{
|
||||
int i;
|
||||
|
||||
*response = malloc(num_msg * sizeof(struct pam_response));
|
||||
if (*response == NULL)
|
||||
return PAM_CONV_ERR;
|
||||
for (i = 0; i < num_msg; i++) {
|
||||
(*response)[i].resp = strdup((char *)appdata_ptr);
|
||||
(*response)[i].resp_retcode = 0;
|
||||
}
|
||||
return PAM_SUCCESS;
|
||||
}
|
||||
|
||||
|
||||
/*
|
||||
** Authenticate a user via PAM.
|
||||
**
|
||||
** Attempts to authenticate a user with PAM, returning true if the user
|
||||
** successfully authenticates and false otherwise. Note that this function
|
||||
** doesn't attempt to handle any remapping of the authenticated user by the
|
||||
** PAM stack, but just assumes that the authenticated user was the same as
|
||||
** the username given.
|
||||
**
|
||||
** Right now, all failures are handled via die. This may be worth revisiting
|
||||
** in case we want to try other authentication methods if this fails for a
|
||||
** reason other than the system not having PAM support.
|
||||
*/
|
||||
|
||||
static bool auth_pam(const char *username, char *password)
|
||||
{
|
||||
pam_handle_t *pamh;
|
||||
struct pam_conv conv;
|
||||
int status;
|
||||
|
||||
conv.conv = pass_conv;
|
||||
conv.appdata_ptr = password;
|
||||
status = pam_start("nnrpd", username, &conv, &pamh);
|
||||
if (status != PAM_SUCCESS)
|
||||
die("pam_start failed: %s", pam_strerror(pamh, status));
|
||||
status = pam_authenticate(pamh, PAM_SILENT);
|
||||
if (status != PAM_SUCCESS)
|
||||
die("pam_authenticate failed: %s", pam_strerror(pamh, status));
|
||||
status = pam_acct_mgmt(pamh, PAM_SILENT);
|
||||
if (status != PAM_SUCCESS)
|
||||
die("pam_acct_mgmt failed: %s", pam_strerror(pamh, status));
|
||||
status = pam_end(pamh, status);
|
||||
if (status != PAM_SUCCESS)
|
||||
die("pam_end failed: %s", pam_strerror(pamh, status));
|
||||
|
||||
/* If we get to here, the user successfully authenticated. */
|
||||
return true;
|
||||
}
|
||||
|
||||
|
||||
/*
|
||||
** Try to get a password out of a dbm file. The dbm file should have the
|
||||
** username for the key and the crypted password as the value. The crypted
|
||||
** password, if found, is returned as a newly allocated string; otherwise,
|
||||
** NULL is returned.
|
||||
*/
|
||||
#if !(defined(HAVE_DBM) || defined(HAVE_BDB_DBM))
|
||||
static char *
|
||||
password_dbm(char *user UNUSED, const char *file UNUSED)
|
||||
{
|
||||
return NULL;
|
||||
}
|
||||
#else
|
||||
static char *
|
||||
password_dbm(char *name, const char *file)
|
||||
{
|
||||
datum key, value;
|
||||
DBM *database;
|
||||
char *password;
|
||||
|
||||
database = dbm_open(file, O_RDONLY, 0600);
|
||||
if (database == NULL)
|
||||
return NULL;
|
||||
key.dptr = name;
|
||||
key.dsize = strlen(name);
|
||||
value = dbm_fetch(database, key);
|
||||
if (value.dptr == NULL) {
|
||||
dbm_close(database);
|
||||
return NULL;
|
||||
}
|
||||
password = xmalloc(value.dsize + 1);
|
||||
strlcpy(password, value.dptr, value.dsize + 1);
|
||||
dbm_close(database);
|
||||
return password;
|
||||
}
|
||||
#endif /* HAVE_DBM || HAVE_BDB_DBM */
|
||||
|
||||
|
||||
/*
|
||||
** Try to get a password out of the system /etc/shadow file. The crypted
|
||||
** password, if found, is returned as a newly allocated string; otherwise,
|
||||
** NULL is returned.
|
||||
*/
|
||||
#if !HAVE_GETSPNAM
|
||||
static char *
|
||||
password_shadow(const char *user UNUSED)
|
||||
{
|
||||
return NULL;
|
||||
}
|
||||
#else
|
||||
static char *
|
||||
password_shadow(const char *user)
|
||||
{
|
||||
struct spwd *spwd;
|
||||
|
||||
spwd = getspnam(user);
|
||||
if (spwd != NULL)
|
||||
return xstrdup(spwd->sp_pwdp);
|
||||
return NULL;
|
||||
}
|
||||
#endif /* HAVE_GETSPNAM */
|
||||
|
||||
|
||||
/*
|
||||
** Try to get a password out of the system password file. The crypted
|
||||
** password, if found, is returned as a newly allocated string; otherwise,
|
||||
** NULL is returned.
|
||||
*/
|
||||
static char *
|
||||
password_system(const char *username)
|
||||
{
|
||||
struct passwd *pwd;
|
||||
|
||||
pwd = getpwnam(username);
|
||||
if (pwd != NULL)
|
||||
return xstrdup(pwd->pw_passwd);
|
||||
return NULL;
|
||||
}
|
||||
|
||||
|
||||
/*
|
||||
** Try to get the name of a user's primary group out of the system group
|
||||
** file. The group, if found, is returned as a newly allocated string;
|
||||
** otherwise, NULL is returned. If the username is not found, NULL is
|
||||
** returned.
|
||||
*/
|
||||
static char *
|
||||
group_system(const char *username)
|
||||
{
|
||||
struct passwd *pwd;
|
||||
struct group *gr;
|
||||
|
||||
pwd = getpwnam(username);
|
||||
if (pwd == NULL)
|
||||
return NULL;
|
||||
gr = getgrgid(pwd->pw_gid);
|
||||
if (gr == NULL)
|
||||
return NULL;
|
||||
return xstrdup(gr->gr_name);
|
||||
}
|
||||
|
||||
|
||||
/*
|
||||
** Output username (and group, if desired) in correct return format.
|
||||
*/
|
||||
static void
|
||||
output_user(const char *username, bool wantgroup)
|
||||
{
|
||||
if (wantgroup) {
|
||||
char *group = group_system(username);
|
||||
if (group == NULL)
|
||||
die("group info for user %s not available", username);
|
||||
printf("User:%s@%s\n", username, group);
|
||||
}
|
||||
else
|
||||
printf("User:%s\n", username);
|
||||
}
|
||||
|
||||
|
||||
/*
|
||||
** Main routines.
|
||||
**
|
||||
** We handle the variences between systems with #if blocks above, so that
|
||||
** this code can look fairly clean.
|
||||
*/
|
||||
|
||||
int
|
||||
check_password(const char* username, const char* password)
|
||||
{
|
||||
bool wantgroup = false;
|
||||
struct auth_info *authinfo = NULL;
|
||||
|
||||
authinfo = xmalloc(sizeof(struct auth_info));
|
||||
authinfo->username = username;
|
||||
authinfo->password = password;
|
||||
|
||||
if (auth_pam(authinfo->username, authinfo->password)) {
|
||||
output_user(authinfo->username, wantgroup);
|
||||
return 0;
|
||||
}
|
||||
password = password_system(authinfo->username);
|
||||
if (password == NULL)
|
||||
return 1;
|
||||
if (strcmp(password, crypt(authinfo->password, password)) != 0)
|
||||
return 1;
|
||||
|
||||
/* The password matched. */
|
||||
output_user(authinfo->username, wantgroup);
|
||||
return 0;
|
||||
}
|
||||
Loading…
Reference in new issue