search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
not quite so much needs to be delayed to the init() function
[personal-kdebase.git] / workspace / kcheckpass / kcheckpass.c
blob444b21ae4659311253a7575b316b4899133efdad
1 /*****************************************************************
2 *
3 * kcheckpass - Simple password checker
4 *
5 * This program is free software; you can redistribute it and/or
6 * modify it under the terms of the GNU General Public
7 * License as published by the Free Software Foundation; either
8 * version 2 of the License, or (at your option) any later version.
9 *
10 * This program is distributed in the hope that it will be useful,
11 * but WITHOUT ANY WARRANTY; without even the implied warranty of
12 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
13 * General Public License for more details.
14 *
15 * You should have received a copy of the GNU General Public
16 * License along with this program; if not, write to the Free
17 * Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
18 *
19 *
20 * kcheckpass is a simple password checker. Just invoke and
21 * send it the password on stdin.
22 *
23 * If the password was accepted, the program exits with 0;
24 * if it was rejected, it exits with 1. Any other exit
25 * code signals an error.
26 *
27 * It's hopefully simple enough to allow it to be setuid
28 * root.
29 *
30 * Compile with -DHAVE_VSYSLOG if you have vsyslog().
31 * Compile with -DHAVE_PAM if you have a PAM system,
32 * and link with -lpam -ldl.
33 * Compile with -DHAVE_SHADOW if you have a shadow
34 * password system.
35 *
36 * Copyright (C) 1998, Caldera, Inc.
37 * Released under the GNU General Public License
38 *
39 * Olaf Kirch <okir@caldera.de> General Framework and PAM support
40 * Christian Esken <esken@kde.org> Shadow and /etc/passwd support
41 * Roberto Teixeira <maragato@kde.org> other user (-U) support
42 * Oswald Buddenhagen <ossi@kde.org> Binary server mode
43 *
44 * Other parts were taken from kscreensaver's passwd.cpp.
45 *
46 *****************************************************************/
47
48 #include "kcheckpass.h"
49
50 #include <stdarg.h>
51 #include <stdio.h>
52 #include <string.h>
53 #include <unistd.h>
54 #include <fcntl.h>
55 #include <syslog.h>
56 #include <stdlib.h>
57 #include <errno.h>
58 #include <time.h>
59
60 /* Compatibility: accept some options from environment variables */
61 #define ACCEPT_ENV
62
63 #define THROTTLE 3
64
65 static int havetty, sfd = -1, nullpass;
66
67 static char *
68 conv_legacy (ConvRequest what, const char *prompt)
69 {
70 char *p, *p2;
71 int len;
72 char buf[1024];
73
74 switch (what) {
75 case ConvGetBinary:
76 break;
77 case ConvGetNormal:
78 /* there is no prompt == 0 case */
79 if (!havetty)
80 break;
81 /* i guess we should use /dev/tty ... */
82 fputs(prompt, stdout);
83 fflush(stdout);
84 if (!fgets(buf, sizeof(buf), stdin))
85 return 0;
86 len = strlen(buf);
87 if (len && buf[len - 1] == '\n')
88 buf[--len] = 0;
89 return strdup(buf);
90 case ConvGetHidden:
91 if (havetty) {
92 #ifdef HAVE_GETPASSPHRASE
93 p = getpassphrase(prompt ? prompt : "Password: ");
94 #else
95 p = getpass(prompt ? prompt : "Password: ");
96 #endif
97 p2 = strdup(p);
98 memset(p, 0, strlen(p));
99 return p2;
100 } else {
101 if (prompt)
102 break;
103 if ((len = read(0, buf, sizeof(buf) - 1)) < 0) {
104 message("Cannot read password\n");
105 return 0;
106 } else {
107 if (len && buf[len - 1] == '\n')
108 --len;
109 buf[len] = 0;
110 p2 = strdup(buf);
111 memset(buf, 0, len);
112 return p2;
113 }
114 }
115 case ConvPutInfo:
116 message("Information: %s\n", prompt);
117 return 0;
118 case ConvPutError:
119 message("Error: %s\n", prompt);
120 return 0;
121 }
122 message("Authentication backend requested data type which cannot be handled.\n");
123 return 0;
124 }
125
126
127 static int
128 Reader (void *buf, int count)
129 {
130 int ret, rlen;
131
132 for (rlen = 0; rlen < count; ) {
133 dord:
134 ret = read (sfd, (void *)((char *)buf + rlen), count - rlen);
135 if (ret < 0) {
136 if (errno == EINTR)
137 goto dord;
138 if (errno == EAGAIN)
139 break;
140 return -1;
141 }
142 if (!ret)
143 break;
144 rlen += ret;
145 }
146 return rlen;
147 }
148
149 static void
150 GRead (void *buf, int count)
151 {
152 if (Reader (buf, count) != count) {
153 message ("Communication breakdown on read\n");
154 exit(15);
155 }
156 }
157
158 static void
159 GWrite (const void *buf, int count)
160 {
161 if (write (sfd, buf, count) != count) {
162 message ("Communication breakdown on write\n");
163 exit(15);
164 }
165 }
166
167 static void
168 GSendInt (int val)
169 {
170 GWrite (&val, sizeof(val));
171 }
172
173 static void
174 GSendStr (const char *buf)
175 {
176 unsigned len = buf ? strlen (buf) + 1 : 0;
177 GWrite (&len, sizeof(len));
178 GWrite (buf, len);
179 }
180
181 static void
182 GSendArr (int len, const char *buf)
183 {
184 GWrite (&len, sizeof(len));
185 GWrite (buf, len);
186 }
187
188 static int
189 GRecvInt (void)
190 {
191 int val;
192
193 GRead (&val, sizeof(val));
194 return val;
195 }
196
197 static char *
198 GRecvStr (void)
199 {
200 unsigned len;
201 char *buf;
202
203 if (!(len = GRecvInt()))
204 return (char *)0;
205 if (len > 0x1000 || !(buf = malloc (len))) {
206 message ("No memory for read buffer\n");
207 exit(15);
208 }
209 GRead (buf, len);
210 buf[len - 1] = 0; /* we're setuid ... don't trust "them" */
211 return buf;
212 }
213
214 static char *
215 GRecvArr (void)
216 {
217 unsigned len;
218 char *arr;
219 unsigned const char *up;
220
221 if (!(len = (unsigned) GRecvInt()))
222 return (char *)0;
223 if (len < 4) {
224 message ("Too short binary authentication data block\n");
225 exit(15);
226 }
227 if (len > 0x10000 || !(arr = malloc (len))) {
228 message ("No memory for read buffer\n");
229 exit(15);
230 }
231 GRead (arr, len);
232 up = (unsigned const char *)arr;
233 if (len != (unsigned)(up[3] | (up[2] << 8) | (up[1] << 16) | (up[0] << 24))) {
234 message ("Mismatched binary authentication data block size\n");
235 exit(15);
236 }
237 return arr;
238 }
239
240
241 static char *
242 conv_server (ConvRequest what, const char *prompt)
243 {
244 GSendInt (what);
245 switch (what) {
246 case ConvGetBinary:
247 {
248 unsigned const char *up = (unsigned const char *)prompt;
249 int len = up[3] | (up[2] << 8) | (up[1] << 16) | (up[0] << 24);
250 GSendArr (len, prompt);
251 return GRecvArr ();
252 }
253 case ConvGetNormal:
254 case ConvGetHidden:
255 {
256 char *msg;
257 GSendStr (prompt);
258 msg = GRecvStr ();
259 if (msg && (GRecvInt() & IsPassword) && !*msg)
260 nullpass = 1;
261 return msg;
262 }
263 case ConvPutInfo:
264 case ConvPutError:
265 default:
266 GSendStr (prompt);
267 return 0;
268 }
269 }
270
271 void
272 message(const char *fmt, ...)
273 {
274 va_list ap;
275
276 va_start(ap, fmt);
277 vfprintf(stderr, fmt, ap);
278 va_end(ap);
279 }
280
281 #ifndef O_NOFOLLOW
282 # define O_NOFOLLOW 0
283 #endif
284
285 static void ATTR_NORETURN
286 usage(int exitval)
287 {
288 message(
289 "usage: kcheckpass {-h|[-c caller] [-m method] [-U username|-S handle]}\n"
290 " options:\n"
291 " -h this help message\n"
292 " -U username authenticate the specified user instead of current user\n"
293 " -S handle operate in binary server mode on file descriptor handle\n"
294 " -c caller the calling application, effectively the PAM service basename\n"
295 " -m method use the specified authentication method (default: \"classic\")\n"
296 " exit codes:\n"
297 " 0 success\n"
298 " 1 invalid password\n"
299 " 2 cannot read password database\n"
300 " Anything else tells you something's badly hosed.\n"
301 );
302 exit(exitval);
303 }
304
305 int
306 main(int argc, char **argv)
307 {
308 #ifdef HAVE_PAM
309 const char *caller = KCHECKPASS_PAM_SERVICE;
310 #endif
311 const char *method = "classic";
312 const char *username = 0;
313 #ifdef ACCEPT_ENV
314 char *p;
315 #endif
316 struct passwd *pw;
317 int c, nfd, lfd;
318 uid_t uid;
319 time_t nexttime;
320 AuthReturn ret;
321 struct flock lk;
322 char fname[64], fcont[64];
323
324 #ifdef HAVE_OSF_C2_PASSWD
325 initialize_osf_security(argc, argv);
326 #endif
327
328 /* Make sure stdout/stderr are open */
329 for (c = 1; c <= 2; c++) {
330 if (fcntl(c, F_GETFL) == -1) {
331 if ((nfd = open("/dev/null", O_WRONLY)) < 0) {
332 message("cannot open /dev/null: %s\n", strerror(errno));
333 exit(10);
334 }
335 if (c != nfd) {
336 dup2(nfd, c);
337 close(nfd);
338 }
339 }
340 }
341
342 havetty = isatty(0);
343
344 while ((c = getopt(argc, argv, "hc:m:U:S:")) != -1) {
345 switch (c) {
346 case 'h':
347 usage(0);
348 break;
349 case 'c':
350 #ifdef HAVE_PAM
351 caller = optarg;
352 #endif
353 break;
354 case 'm':
355 method = optarg;
356 break;
357 case 'U':
358 username = optarg;
359 break;
360 case 'S':
361 sfd = atoi(optarg);
362 break;
363 default:
364 message("Command line option parsing error\n");
365 usage(10);
366 }
367 }
368
369 #ifdef ACCEPT_ENV
370 # ifdef HAVE_PAM
371 if ((p = getenv("KDE_PAM_ACTION")))
372 caller = p;
373 # endif
374 if ((p = getenv("KCHECKPASS_USER")))
375 username = p;
376 #endif
377
378 uid = getuid();
379 if (!username) {
380 if (!(p = getenv("LOGNAME")) || !(pw = getpwnam(p)) || pw->pw_uid != uid)
381 if (!(p = getenv("USER")) || !(pw = getpwnam(p)) || pw->pw_uid != uid)
382 if (!(pw = getpwuid(uid))) {
383 message("Cannot determinate current user\n");
384 return AuthError;
385 }
386 if (!(username = strdup(pw->pw_name))) {
387 message("Out of memory\n");
388 return AuthError;
389 }
390 }
391
392 /*
393 * Throttle kcheckpass invocations to avoid abusing it for bruteforcing
394 * the password. This delay belongs to the *previous* invocation, where
395 * we can't enforce it reliably (without risking giving away the result
396 * before it is due). We don't differentiate between success and failure -
397 * it's not expected to have a noticeable adverse effect.
398 */
399 if ( uid != geteuid() ) {
400 sprintf(fname, "/var/run/kcheckpass.%d", uid);
401 if ((lfd = open(fname, O_RDWR | O_CREAT | O_NOFOLLOW, 0600)) < 0) {
402 message("Cannot open lockfile\n");
403 return AuthError;
404 }
405
406 lk.l_type = F_WRLCK;
407 lk.l_whence = SEEK_SET;
408 lk.l_start = lk.l_len = 0;
409 if (fcntl(lfd, F_SETLKW, &lk)) {
410 message("Cannot obtain lock\n");
411 return AuthError;
412 }
413
414 if ((c = read(lfd, fcont, sizeof(fcont)-1)) > 0 &&
415 (fcont[c] = '\0', sscanf(fcont, "%ld", &nexttime) == 1))
416 {
417 time_t ct = time(0);
418 if (nexttime > ct && nexttime < ct + THROTTLE)
419 sleep(nexttime - ct);
420 }
421
422 lseek(lfd, 0, SEEK_SET);
423 write(lfd, fcont, sprintf(fcont, "%lu\n", time(0) + THROTTLE));
424
425 close(lfd);
426 }
427
428 /* Now do the fandango */
429 ret = Authenticate(
430 #ifdef HAVE_PAM
431 caller,
432 #endif
433 method,
434 username,
435 sfd < 0 ? conv_legacy : conv_server);
436
437 if (ret == AuthBad) {
438 message("Authentication failure\n");
439 if (!nullpass) {
440 openlog("kcheckpass", LOG_PID, LOG_AUTH);
441 syslog(LOG_NOTICE, "Authentication failure for %s (invoked by uid %d)", username, uid);
442 }
443 }
444
445 return ret;
446 }
447
448 void
449 dispose(char *str)
450 {
451 memset(str, 0, strlen(str));
452 free(str);
453 }
454
455 /*****************************************************************
456 The real authentication methods are in separate source files.
457 Look in checkpass_*.c
458 *****************************************************************/
My personal kdebase copy