workspace/kcheckpass/kcheckpass.c

   1 /*****************************************************************
   2  *
   3  *      kcheckpass - Simple password checker
   4  *
   5  * This program is free software; you can redistribute it and/or
   6  * modify it under the terms of the GNU General Public
   7  * License as published by the Free Software Foundation; either
   8  * version 2 of the License, or (at your option) any later version.
   9  *
  10  * This program is distributed in the hope that it will be useful,
  11  * but WITHOUT ANY WARRANTY; without even the implied warranty of
  12  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
  13  * General Public License for more details.
  14  *
  15  * You should have received a copy of the GNU General Public
  16  * License along with this program; if not, write to the Free
  17  * Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
  18  *
  19  *
  20  *      kcheckpass is a simple password checker. Just invoke and
  21  *      send it the password on stdin.
  22  *
  23  *      If the password was accepted, the program exits with 0;
  24  *      if it was rejected, it exits with 1. Any other exit
  25  *      code signals an error.
  26  *
  27  *      It's hopefully simple enough to allow it to be setuid
  28  *      root.
  29  *
  30  *      Compile with -DHAVE_VSYSLOG if you have vsyslog().
  31  *      Compile with -DHAVE_PAM if you have a PAM system,
  32  *      and link with -lpam -ldl.
  33  *      Compile with -DHAVE_SHADOW if you have a shadow
  34  *      password system.
  35  *
  36  *      Copyright (C) 1998, Caldera, Inc.
  37  *      Released under the GNU General Public License
  38  *
  39  *      Olaf Kirch <okir@caldera.de>         General Framework and PAM support
  40  *      Christian Esken <esken@kde.org>      Shadow and /etc/passwd support
  41  *      Roberto Teixeira <maragato@kde.org>  other user (-U) support
  42  *      Oswald Buddenhagen <ossi@kde.org>    Binary server mode
  43  *
  44  *      Other parts were taken from kscreensaver's passwd.cpp.
  45  *
  46  *****************************************************************/
  47
  48 #include "kcheckpass.h"
  49
  50 #include <stdarg.h>
  51 #include <stdio.h>
  52 #include <string.h>
  53 #include <unistd.h>
  54 #include <fcntl.h>
  55 #include <syslog.h>
  56 #include <stdlib.h>
  57 #include <errno.h>
  58 #include <time.h>
  59
  60 /* Compatibility: accept some options from environment variables */
  61 #define ACCEPT_ENV
  62
  63 #define THROTTLE 3
  64
  65 static int havetty, sfd = -1, nullpass;
  66
  67 static char *
  68 conv_legacy (ConvRequest what, const char *prompt)
  69 {
  70     char                *p, *p2;
  71     int                 len;
  72     char                buf[1024];
  73
  74     switch (what) {
  75     case ConvGetBinary:
  76         break;
  77     case ConvGetNormal:
  78         /* there is no prompt == 0 case */
  79         if (!havetty)
  80             break;
  81         /* i guess we should use /dev/tty ... */
  82         fputs(prompt, stdout);
  83         fflush(stdout);
  84         if (!fgets(buf, sizeof(buf), stdin))
  85             return 0;
  86         len = strlen(buf);
  87         if (len && buf[len - 1] == '\n')
  88             buf[--len] = 0;
  89         return strdup(buf);
  90     case ConvGetHidden:
  91         if (havetty) {
  92 #ifdef HAVE_GETPASSPHRASE
  93             p = getpassphrase(prompt ? prompt : "Password: ");
  94 #else
  95             p = getpass(prompt ? prompt : "Password: ");
  96 #endif
  97             p2 = strdup(p);
  98             memset(p, 0, strlen(p));
  99             return p2;
 100         } else {
 101             if (prompt)
 102                 break;
 103             if ((len = read(0, buf, sizeof(buf) - 1)) < 0) {
 104                 message("Cannot read password\n");
 105                 return 0;
 106             } else {
 107                 if (len && buf[len - 1] == '\n')
 108                     --len;
 109                 buf[len] = 0;
 110                 p2 = strdup(buf);
 111                 memset(buf, 0, len);
 112                 return p2;
 113             }
 114         }
 115     case ConvPutInfo:
 116         message("Information: %s\n", prompt);
 117         return 0;
 118     case ConvPutError:
 119         message("Error: %s\n", prompt);
 120         return 0;
 121     }
 122     message("Authentication backend requested data type which cannot be handled.\n");
 123     return 0;
 124 }
 125
 126
 127 static int
 128 Reader (void *buf, int count)
 129 {
 130     int ret, rlen;
 131
 132     for (rlen = 0; rlen < count; ) {
 133       dord:
 134         ret = read (sfd, (void *)((char *)buf + rlen), count - rlen);
 135         if (ret < 0) {
 136             if (errno == EINTR)
 137                 goto dord;
 138             if (errno == EAGAIN)
 139                 break;
 140             return -1;
 141         }
 142         if (!ret)
 143             break;
 144         rlen += ret;
 145     }
 146     return rlen;
 147 }
 148
 149 static void
 150 GRead (void *buf, int count)
 151 {
 152     if (Reader (buf, count) != count) {
 153         message ("Communication breakdown on read\n");
 154         exit(15);
 155     }
 156 }
 157
 158 static void
 159 GWrite (const void *buf, int count)
 160 {
 161     if (write (sfd, buf, count) != count) {
 162         message ("Communication breakdown on write\n");
 163         exit(15);
 164     }
 165 }
 166
 167 static void
 168 GSendInt (int val)
 169 {
 170     GWrite (&val, sizeof(val));
 171 }
 172
 173 static void
 174 GSendStr (const char *buf)
 175 {
 176     unsigned len = buf ? strlen (buf) + 1 : 0;
 177     GWrite (&len, sizeof(len));
 178     GWrite (buf, len);
 179 }
 180
 181 static void
 182 GSendArr (int len, const char *buf)
 183 {
 184     GWrite (&len, sizeof(len));
 185     GWrite (buf, len);
 186 }
 187
 188 static int
 189 GRecvInt (void)
 190 {
 191     int val;
 192
 193     GRead (&val, sizeof(val));
 194     return val;
 195 }
 196
 197 static char *
 198 GRecvStr (void)
 199 {
 200     unsigned len;
 201     char *buf;
 202
 203     if (!(len = GRecvInt()))
 204         return (char *)0;
 205     if (len > 0x1000 || !(buf = malloc (len))) {
 206         message ("No memory for read buffer\n");
 207         exit(15);
 208     }
 209     GRead (buf, len);
 210     buf[len - 1] = 0; /* we're setuid ... don't trust "them" */
 211     return buf;
 212 }
 213
 214 static char *
 215 GRecvArr (void)
 216 {
 217     unsigned len;
 218     char *arr;
 219
 220     if (!(len = (unsigned) GRecvInt()))
 221         return (char *)0;
 222     if (len > 0x10000 || !(arr = malloc (len))) {
 223         message ("No memory for read buffer\n");
 224         exit(15);
 225     }
 226     GRead (arr, len);
 227     return arr;
 228 }
 229
 230
 231 static char *
 232 conv_server (ConvRequest what, const char *prompt)
 233 {
 234     GSendInt (what);
 235     switch (what) {
 236     case ConvGetBinary:
 237       {
 238         unsigned const char *up = (unsigned const char *)prompt;
 239         int len = up[3] | (up[2] << 8) | (up[1] << 16) | (up[0] << 24);
 240         GSendArr (len, prompt);
 241         return GRecvArr ();
 242       }
 243     case ConvGetNormal:
 244     case ConvGetHidden:
 245       {
 246         char *msg;
 247         GSendStr (prompt);
 248         msg = GRecvStr ();
 249         if (msg && (GRecvInt() & IsPassword) && !*msg)
 250           nullpass = 1;
 251         return msg;
 252       }
 253     case ConvPutInfo:
 254     case ConvPutError:
 255     default:
 256         GSendStr (prompt);
 257         return 0;
 258     }
 259 }
 260
 261 void
 262 message(const char *fmt, ...)
 263 {
 264   va_list               ap;
 265
 266   va_start(ap, fmt);
 267   vfprintf(stderr, fmt, ap);
 268   va_end(ap);
 269 }
 270
 271 #ifndef O_NOFOLLOW
 272 # define O_NOFOLLOW 0
 273 #endif
 274
 275 static void ATTR_NORETURN
 276 usage(int exitval)
 277 {
 278   message(
 279           "usage: kcheckpass {-h|[-c caller] [-m method] [-U username|-S handle]}\n"
 280           "  options:\n"
 281           "    -h           this help message\n"
 282           "    -U username  authenticate the specified user instead of current user\n"
 283           "    -S handle    operate in binary server mode on file descriptor handle\n"
 284           "    -c caller    the calling application, effectively the PAM service basename\n"
 285           "    -m method    use the specified authentication method (default: \"classic\")\n"
 286           "  exit codes:\n"
 287           "    0 success\n"
 288           "    1 invalid password\n"
 289           "    2 cannot read password database\n"
 290           "    Anything else tells you something's badly hosed.\n"
 291         );
 292   exit(exitval);
 293 }
 294
 295 int
 296 main(int argc, char **argv)
 297 {
 298 #ifdef HAVE_PAM
 299   const char    *caller = KCHECKPASS_PAM_SERVICE;
 300 #endif
 301   const char    *method = "classic";
 302   const char    *username = 0;
 303 #ifdef ACCEPT_ENV
 304   char          *p;
 305 #endif
 306   struct passwd *pw;
 307   int           c, nfd, lfd;
 308   uid_t         uid;
 309   time_t        nexttime;
 310   AuthReturn    ret;
 311   struct flock lk;
 312   char fname[64], fcont[64];
 313
 314 #ifdef HAVE_OSF_C2_PASSWD
 315   initialize_osf_security(argc, argv);
 316 #endif
 317
 318   /* Make sure stdout/stderr are open */
 319   for (c = 1; c <= 2; c++) {
 320     if (fcntl(c, F_GETFL) == -1) {
 321       if ((nfd = open("/dev/null", O_WRONLY)) < 0) {
 322         message("cannot open /dev/null: %s\n", strerror(errno));
 323         exit(10);
 324       }
 325       if (c != nfd) {
 326         dup2(nfd, c);
 327         close(nfd);
 328       }
 329     }
 330   }
 331
 332   havetty = isatty(0);
 333
 334   while ((c = getopt(argc, argv, "hc:m:U:S:")) != -1) {
 335     switch (c) {
 336     case 'h':
 337       usage(0);
 338       break;
 339     case 'c':
 340 #ifdef HAVE_PAM
 341       caller = optarg;
 342 #endif
 343       break;
 344     case 'm':
 345       method = optarg;
 346       break;
 347     case 'U':
 348       username = optarg;
 349       break;
 350     case 'S':
 351       sfd = atoi(optarg);
 352       break;
 353     default:
 354       message("Command line option parsing error\n");
 355       usage(10);
 356     }
 357   }
 358
 359 #ifdef ACCEPT_ENV
 360 # ifdef HAVE_PAM
 361   if ((p = getenv("KDE_PAM_ACTION")))
 362     caller = p;
 363 # endif
 364   if ((p = getenv("KCHECKPASS_USER")))
 365     username = p;
 366 #endif
 367
 368   uid = getuid();
 369   if (!username) {
 370     if (!(p = getenv("LOGNAME")) || !(pw = getpwnam(p)) || pw->pw_uid != uid)
 371       if (!(p = getenv("USER")) || !(pw = getpwnam(p)) || pw->pw_uid != uid)
 372         if (!(pw = getpwuid(uid))) {
 373           message("Cannot determinate current user\n");
 374           return AuthError;
 375         }
 376     if (!(username = strdup(pw->pw_name))) {
 377       message("Out of memory\n");
 378       return AuthError;
 379     }
 380   }
 381
 382   /*
 383    * Throttle kcheckpass invocations to avoid abusing it for bruteforcing
 384    * the password. This delay belongs to the *previous* invocation, where
 385    * we can't enforce it reliably (without risking giving away the result
 386    * before it is due). We don't differentiate between success and failure -
 387    * it's not expected to have a noticeable adverse effect.
 388    */
 389   if ( uid != geteuid() ) {
 390     sprintf(fname, "/var/run/kcheckpass.%d", uid);
 391     if ((lfd = open(fname, O_RDWR | O_CREAT | O_NOFOLLOW, 0600)) < 0) {
 392       message("Cannot open lockfile\n");
 393       return AuthError;
 394     }
 395
 396     lk.l_type = F_WRLCK;
 397     lk.l_whence = SEEK_SET;
 398     lk.l_start = lk.l_len = 0;
 399     if (fcntl(lfd, F_SETLKW, &lk)) {
 400       message("Cannot obtain lock\n");
 401       return AuthError;
 402     }
 403
 404     if ((c = read(lfd, fcont, sizeof(fcont)-1)) > 0 &&
 405         (fcont[c] = '\0', sscanf(fcont, "%ld", &nexttime) == 1))
 406     {
 407       time_t ct = time(0);
 408       if (nexttime > ct && nexttime < ct + THROTTLE)
 409         sleep(nexttime - ct);
 410     }
 411
 412     lseek(lfd, 0, SEEK_SET);
 413     write(lfd, fcont, sprintf(fcont, "%lu\n", time(0) + THROTTLE));
 414
 415     close(lfd);
 416   }
 417
 418   /* Now do the fandango */
 419   ret = Authenticate(
 420 #ifdef HAVE_PAM
 421                      caller,
 422 #endif
 423                      method,
 424                      username,
 425                      sfd < 0 ? conv_legacy : conv_server);
 426
 427     if (ret == AuthBad) {
 428       message("Authentication failure\n");
 429       if (!nullpass) {
 430         openlog("kcheckpass", LOG_PID, LOG_AUTH);
 431         syslog(LOG_NOTICE, "Authentication failure for %s (invoked by uid %d)", username, uid);
 432       }
 433     }
 434
 435   return ret;
 436 }
 437
 438 void
 439 dispose(char *str)
 440 {
 441     memset(str, 0, strlen(str));
 442     free(str);
 443 }
 444
 445 /*****************************************************************
 446   The real authentication methods are in separate source files.
 447   Look in checkpass_*.c
 448 *****************************************************************/