search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
wmbiff: Remove #define _GNU_SOURCE; already defined in CFLAGS.
[dockapps.git] / wmbiff / wmbiff / passwordMgr.c
blob28b6e3015762f40fb2e4f57029f5ad6a5803c748
1 /* passwordMgr.c
2 * Author: Neil Spring
3 */
4 /* this module implements a password cache: the goal is to
5 allow multiple wmbiff mailboxes that are otherwise
6 independent get all their passwords while only asking the
7 user for an account's password once. */
8 /* NOTE: it will fail if a user has different passwords for
9 pop vs. imap on the same server; this seems too far
10 fetched to be worth complexity */
11
12 /* NOTE: it verifies that the askpass program, which, if
13 given with a full path, must be owned either by the user
14 or by root. There may be decent reasons not to do
15 this. */
16
17 /* Intended properties: 1) exit()s if the user presses
18 cancel from askpass - this is detected by no output from
19 askpass. 2) allows the caller to remove a cached entry
20 if it turns out to be wrong, and prompt the user
21 again. This might be poor if the askpass program is
22 replaced with something non-interactive. */
23
24 #ifdef HAVE_CONFIG_H
25 #include <config.h>
26 #endif
27
28
29 #include "passwordMgr.h"
30 #include "Client.h"
31 #include "charutil.h" /* chomp */
32 #include <unistd.h>
33 #include <sys/types.h>
34 #include <stdlib.h>
35 #include <errno.h>
36 #include <string.h>
37 #include <strings.h> /* index */
38 #include <sys/stat.h>
39 #include "assert.h"
40
41 #ifdef HAVE_MEMFROB
42 #define DEFROB(x) memfrob(x, x ## _len)
43 #define ENFROB(x) memfrob(x, x ## _len)
44 #else
45 #define DEFROB(x)
46 #define ENFROB(x)
47 #endif
48
49 typedef struct password_binding_struct {
50 struct password_binding_struct *next;
51 char user[BUF_SMALL];
52 char server[BUF_BIG];
53 char password[BUF_SMALL]; /* may be frobnicated */
54 unsigned char password_len; /* frobnicated *'s are nulls */
55 } *password_binding;
56
57 static password_binding pass_list = NULL;
58
59 /* verifies that askpass_fname, if it has no spaces, exists as
60 a file, is owned by the user or by root, and is not world
61 writeable. This is just a sanity check, and is not intended
62 to ensure the integrity of the password-asking program. */
63 /* would be static, but used in test_wmbiff */
64 int permissions_ok(Pop3 pc, const char *askpass_fname)
65 {
66 struct stat st;
67 if (index(askpass_fname, ' ')) {
68 DM(pc, DEBUG_INFO,
69 "askpass has a space in it; not verifying ownership/permissions on '%s'\n",
70 askpass_fname);
71 return (1);
72 }
73 if (stat(askpass_fname, &st)) {
74 DM(pc, DEBUG_ERROR, "Can't stat askpass program: '%s'\n",
75 askpass_fname);
76 if (askpass_fname[0] != '/') {
77 DM(pc, DEBUG_ERROR,
78 "For your own good, use a full pathname.\n");
79 }
80 return (0);
81 }
82 if (st.st_uid != 0 && st.st_uid != getuid()) {
83 DM(pc, DEBUG_ERROR,
84 "askpass program isn't owned by you or root: '%s'\n",
85 askpass_fname);
86 return (0);
87 }
88 if (st.st_mode & S_IWOTH) {
89 DM(pc, DEBUG_ERROR,
90 "askpass program is world writable: '%s'\n", askpass_fname);
91 return (0);
92 }
93 return (1);
94 }
95
96 #ifdef HAVE_CORESERVICES_CORESERVICES_H
97 #ifdef HAVE_SECURITY_SECURITY_H
98 #define HAVE_APPLE_KEYCHAIN
99 #endif
100 #endif
101
102
103 #ifdef HAVE_APPLE_KEYCHAIN
104 /* routines to use apple's keychain to get a password
105 without a user having to type. this avoids some damage
106 where although ssh-askpass can grab focus within X, it
107 may not have a particularly secure keyboard. */
108
109 #include<CoreServices/CoreServices.h>
110 #include<Security/Security.h>
111
112 static void
113 get_password_from_keychain(Pop3 pc, const char *username,
114 const char *servername,
115 /*@out@ */ char *password,
116 /*@out@ */
117 unsigned char *password_len)
118 {
119 SecKeychainRef kc;
120 OSStatus rc;
121 char *secpwd;
122 UInt32 pwdlen;
123 rc = SecKeychainCopyDefault(&kc);
124 if (rc != noErr) {
125 DM(pc, DEBUG_ERROR, "passmgr: unable to open keychain, exiting\n");
126 exit(EXIT_FAILURE);
127 }
128 rc = SecKeychainFindInternetPassword(kc, strlen(servername),
129 servername, 0, NULL,
130 strlen(username), username, 0,
131 NULL, 0, NULL,
132 kSecAuthenticationTypeDefault,
133 &pwdlen, (void **) &secpwd, NULL);
134 if (rc != noErr) {
135 DM(pc, DEBUG_ERROR,
136 "passmgr: keychain password grab for %s at %s failed, exiting\n", username, servername);
137 DM(pc, DEBUG_ERROR, "passmgr: (perhaps you pressed 'deny')\n");
138 /* this seems like the sanest thing to do, for now */
139 exit(EXIT_FAILURE);
140 }
141
142 if (pwdlen < *password_len) {
143 strncpy(password, secpwd, pwdlen);
144 password[pwdlen] = '\0';
145 *password_len = pwdlen;
146 } else {
147 DM(pc, DEBUG_ERROR,
148 "passmgr: warning: your password appears longer (%lu) than expected (%d)\n",
149 strlen(secpwd), *password_len - 1);
150 }
151 rc = SecKeychainItemFreeContent(NULL, secpwd);
152 return;
153 }
154 #endif /* apple keychain */
155
156
157 static void
158 get_password_from_command(Pop3 pc, const char *username,
159 const char *servername,
160 /*@out@ */ char *password,
161 /*@out@ */
162 unsigned char *password_len)
163 {
164 password[*password_len - 1] = '\0';
165 password[0] = '\0';
166 /* check that the executed file is a good one. */
167 if (permissions_ok(pc, pc->askpass)) {
168 char *command;
169 char *password_ptr;
170 int len =
171 strlen(pc->askpass) + strlen(username) +
172 strlen(servername) + 40;
173 command = malloc(len);
174 snprintf(command, len, "%s 'password for wmbiff: %s@%s'",
175 pc->askpass, username, servername);
176
177 (void) grabCommandOutput(pc, command, &password_ptr, NULL);
178 /* it's not clear what to do with the exit
179 status, though we can get it from
180 grabCommandOutput if needed to deal with some
181 programs that will print a message but exit
182 non-zero on error */
183 free(command);
184
185 if (password_ptr == NULL) {
186 /* this likely means that the user cancelled, and doesn't
187 want us to keep asking about the password. */
188 DM(pc, DEBUG_ERROR,
189 "passmgr: fgets password failed, exiting\n");
190 DM(pc, DEBUG_ERROR,
191 "passmgr: (it looks like you pressed 'cancel')\n");
192 /* this seems like the sanest thing to do, for now */
193 exit(EXIT_FAILURE);
194 }
195 strncpy(password, password_ptr, *password_len);
196 if (password[*password_len - 1] != '\0') {
197 DM(pc, DEBUG_ERROR,
198 "passmgr: warning: your password appears longer (%lu) than expected (%d)\n",
199 (unsigned long) strlen(password_ptr), *password_len - 1);
200 }
201 free(password_ptr);
202 password[*password_len - 1] = '\0';
203 *password_len = strlen(password);
204 } else {
205 /* consider this error to be particularly troublesome */
206 DM(pc, DEBUG_ERROR,
207 "passmgr: permissions check of '%s' failed.", pc->askpass);
208 exit(EXIT_FAILURE);
209 }
210 }
211
212 char *passwordFor(const char *username,
213 const char *servername, Pop3 pc, int bFlushCache)
214 {
215
216 password_binding p;
217
218 assert(username != NULL);
219 assert(username[0] != '\0');
220
221 /* find the binding */
222 for (p = pass_list;
223 p != NULL
224 && (strcmp(username, p->user) != 0 ||
225 strcmp(servername, p->server) != 0); p = p->next);
226
227 /* if so, return the password */
228 if (p != NULL) {
229 if (p->password[0] != '\0') {
230 if (bFlushCache == 0) {
231 char *ret = strdup(p->password);
232 #ifdef HAVE_MEMFROB
233 unsigned short ret_len = p->password_len;
234 DEFROB(ret);
235 #endif
236 return (ret);
237 }
238 /* else fall through, overwrite */
239 } else if (pc) {
240 /* if we've asked, but received nothing, disable this box */
241 pc->checkMail = NULL;
242 return (NULL);
243 }
244 } else {
245 p = (password_binding)
246 malloc(sizeof(struct password_binding_struct));
247 }
248
249 /* else, try to get it. */
250 if (pc->askpass != NULL) {
251 char *retval;
252
253 p->password_len = 32;
254 #ifdef HAVE_APPLE_KEYCHAIN
255 if (strcmp(pc->askpass, "internal:apple:keychain") == 0) {
256 get_password_from_keychain(pc, username, servername,
257 p->password, &p->password_len);
258 } else {
259 DM(pc, DEBUG_ERROR,
260 "you could change your askpass line to:\n"
261 " askpass = internal:apple:keychain\n"
262 "to use the OS X keychain instead of running a command\n");
263 #endif
264 get_password_from_command(pc, username, servername,
265 p->password, &p->password_len);
266 #ifdef HAVE_APPLE_KEYCHAIN
267 }
268 #endif
269 retval = strdup(p->password);
270 if (strlen(username) + 1 > BUF_SMALL) {
271 DM(pc, DEBUG_ERROR, "username is too long.\n");
272 memset(p->user, 0, BUF_SMALL);
273 } else {
274 strncpy(p->user, username, BUF_SMALL - 1);
275 }
276 if (strlen(servername) + 1 > BUF_BIG) {
277 DM(pc, DEBUG_ERROR, "servername is too long.\n");
278 memset(p->server, 0, BUF_BIG);
279 } else {
280 strncpy(p->server, servername, BUF_BIG - 1);
281 }
282 ENFROB(p->password);
283 p->next = pass_list;
284 pass_list = p;
285 return (retval);
286 }
287
288 return (NULL);
289 }
290
291 /* vim:set ts=4: */
292 /*
293 * Local Variables:
294 * tab-width: 4
295 * c-indent-level: 4
296 * c-basic-offset: 4
297 * End:
298 */
Window Maker dockapps collection