lib/auth_psk_passwd.c

   1 /*
   2  * Copyright (C) 2005, 2007 Free Software Foundation
   3  *
   4  * Author: Nikos Mavroyanopoulos
   5  *
   6  * This file is part of GNUTLS.
   7  *
   8  * The GNUTLS library is free software; you can redistribute it and/or
   9  * modify it under the terms of the GNU Lesser General Public License
  10  * as published by the Free Software Foundation; either version 2.1 of
  11  * the License, or (at your option) any later version.
  12  *
  13  * This library is distributed in the hope that it will be useful, but
  14  * WITHOUT ANY WARRANTY; without even the implied warranty of
  15  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
  16  * Lesser General Public License for more details.
  17  *
  18  * You should have received a copy of the GNU Lesser General Public
  19  * License along with this library; if not, write to the Free Software
  20  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301,
  21  * USA
  22  *
  23  */
  24
  25 /* Functions for operating in an PSK passwd file are included here */
  26
  27 #include <gnutls_int.h>
  28
  29 #ifdef ENABLE_PSK
  30
  31 #include "x509_b64.h"
  32 #include "gnutls_errors.h"
  33 #include <auth_psk_passwd.h>
  34 #include "auth_psk.h"
  35 #include "gnutls_auth_int.h"
  36 #include "gnutls_dh.h"
  37 #include "debug.h"
  38 #include <gnutls_str.h>
  39 #include <gnutls_datum.h>
  40 #include <gnutls_num.h>
  41
  42
  43 /* this function parses passwd.psk file. Format is:
  44  * string(username):hex(passwd)
  45  */
  46 static int
  47 pwd_put_values (gnutls_datum_t * psk, char *str)
  48 {
  49   char *p;
  50   int len, ret;
  51   size_t size;
  52
  53   p = strchr (str, ':');
  54   if (p == NULL)
  55     {
  56       gnutls_assert ();
  57       return GNUTLS_E_SRP_PWD_PARSING_ERROR;
  58     }
  59
  60   *p = '\0';
  61   p++;
  62
  63   /* skip username
  64    */
  65
  66   /* read the key
  67    */
  68   len = strlen (p);
  69   if (p[len - 1] == '\n' || p[len - 1] == ' ')
  70     len--;
  71
  72   size = psk->size = len / 2;
  73   psk->data = gnutls_malloc (size);
  74   if (psk->data == NULL)
  75     {
  76       gnutls_assert ();
  77       return GNUTLS_E_MEMORY_ERROR;
  78     }
  79
  80   ret = _gnutls_hex2bin ((opaque *) p, len, psk->data, &size);
  81   psk->size = (unsigned int)size;
  82   if (ret < 0)
  83     {
  84       gnutls_assert ();
  85       return ret;
  86     }
  87
  88
  89   return 0;
  90
  91 }
  92
  93
  94 /* Randomizes the given password entry. It actually sets a random password.
  95  * Returns 0 on success.
  96  */
  97 static int
  98 _randomize_psk (gnutls_datum_t * psk)
  99 {
 100   psk->data = gnutls_malloc (16);
 101   if (psk->data == NULL)
 102     {
 103       gnutls_assert ();
 104       return GNUTLS_E_MEMORY_ERROR;
 105     }
 106
 107   psk->size = 16;
 108   if (gc_nonce ((char *) psk->data, 16) != GC_OK)
 109     {
 110       gnutls_assert ();
 111       return GNUTLS_E_RANDOM_FAILED;
 112     }
 113
 114   return 0;
 115 }
 116
 117 /* Returns the PSK key of the given user.
 118  * If the user doesn't exist a random password is returned instead.
 119  */
 120 int
 121 _gnutls_psk_pwd_find_entry (gnutls_session_t session, char *username,
 122                             gnutls_datum_t * psk)
 123 {
 124   gnutls_psk_server_credentials_t cred;
 125   FILE *fd;
 126   char line[2 * 1024];
 127   unsigned i, len;
 128   int ret;
 129
 130   cred = (gnutls_psk_server_credentials_t)
 131     _gnutls_get_cred (session->key, GNUTLS_CRD_PSK, NULL);
 132   if (cred == NULL)
 133     {
 134       gnutls_assert ();
 135       return GNUTLS_E_INSUFFICIENT_CREDENTIALS;
 136     }
 137
 138   /* if the callback which sends the parameters is
 139    * set, use it.
 140    */
 141   if (cred->pwd_callback != NULL)
 142     {
 143       ret = cred->pwd_callback (session, username, psk);
 144
 145       if (ret == 1)
 146         {                       /* the user does not exist */
 147           ret = _randomize_psk (psk);
 148           if (ret < 0)
 149             {
 150               gnutls_assert ();
 151               return ret;
 152             }
 153           return 0;
 154         }
 155
 156       if (ret < 0)
 157         {
 158           gnutls_assert ();
 159           return GNUTLS_E_SRP_PWD_ERROR;
 160         }
 161
 162       return 0;
 163     }
 164
 165   /* The callback was not set. Proceed.
 166    */
 167   if (cred->password_file == NULL)
 168     {
 169       gnutls_assert ();
 170       return GNUTLS_E_SRP_PWD_ERROR;
 171     }
 172
 173   /* Open the selected password file.
 174    */
 175   fd = fopen (cred->password_file, "r");
 176   if (fd == NULL)
 177     {
 178       gnutls_assert ();
 179       return GNUTLS_E_SRP_PWD_ERROR;
 180     }
 181
 182   len = strlen (username);
 183   while (fgets (line, sizeof (line), fd) != NULL)
 184     {
 185       /* move to first ':' */
 186       i = 0;
 187       while ((line[i] != ':') && (line[i] != '\0') && (i < sizeof (line)))
 188         {
 189           i++;
 190         }
 191
 192       if (strncmp (username, line, MAX (i, len)) == 0)
 193         {
 194           ret = pwd_put_values (psk, line);
 195           if (ret < 0)
 196             {
 197               gnutls_assert ();
 198               return GNUTLS_E_SRP_PWD_ERROR;
 199             }
 200           return 0;
 201         }
 202     }
 203
 204   /* user was not found. Fake him.
 205    * the last index found and randomize the entry.
 206    */
 207   ret = _randomize_psk (psk);
 208   if (ret < 0)
 209     {
 210       gnutls_assert ();
 211       return ret;
 212     }
 213
 214   return 0;
 215
 216 }
 217
 218
 219 #endif /* ENABLE PSK */