lib/auth_psk_passwd.c

   1 /*
   2  * Copyright (C) 2005, 2007, 2008, 2010 Free Software Foundation, Inc.
   3  *
   4  * Author: Nikos Mavrogiannopoulos
   5  *
   6  * This file is part of GNUTLS.
   7  *
   8  * The GNUTLS library is free software; you can redistribute it and/or
   9  * modify it under the terms of the GNU Lesser General Public License
  10  * as published by the Free Software Foundation; either version 2.1 of
  11  * the License, or (at your option) any later version.
  12  *
  13  * This library is distributed in the hope that it will be useful, but
  14  * WITHOUT ANY WARRANTY; without even the implied warranty of
  15  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
  16  * Lesser General Public License for more details.
  17  *
  18  * You should have received a copy of the GNU Lesser General Public
  19  * License along with this library; if not, write to the Free Software
  20  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301,
  21  * USA
  22  *
  23  */
  24
  25 /* Functions for operating in an PSK passwd file are included here */
  26
  27 #include <gnutls_int.h>
  28
  29 #ifdef ENABLE_PSK
  30
  31 #include "x509_b64.h"
  32 #include "gnutls_errors.h"
  33 #include <auth_psk_passwd.h>
  34 #include "auth_psk.h"
  35 #include "gnutls_auth.h"
  36 #include "gnutls_dh.h"
  37 #include "debug.h"
  38 #include <gnutls_str.h>
  39 #include <gnutls_datum.h>
  40 #include <gnutls_num.h>
  41 #include <random.h>
  42
  43
  44 /* this function parses passwd.psk file. Format is:
  45  * string(username):hex(passwd)
  46  */
  47 static int
  48 pwd_put_values (gnutls_datum_t * psk, char *str)
  49 {
  50   char *p;
  51   int len, ret;
  52   size_t size;
  53
  54   p = strchr (str, ':');
  55   if (p == NULL)
  56     {
  57       gnutls_assert ();
  58       return GNUTLS_E_SRP_PWD_PARSING_ERROR;
  59     }
  60
  61   *p = '\0';
  62   p++;
  63
  64   /* skip username
  65    */
  66
  67   /* read the key
  68    */
  69   len = strlen (p);
  70   if (p[len - 1] == '\n' || p[len - 1] == ' ')
  71     len--;
  72
  73   size = psk->size = len / 2;
  74   psk->data = gnutls_malloc (size);
  75   if (psk->data == NULL)
  76     {
  77       gnutls_assert ();
  78       return GNUTLS_E_MEMORY_ERROR;
  79     }
  80
  81   ret = _gnutls_hex2bin ((opaque *) p, len, psk->data, &size);
  82   psk->size = (unsigned int) size;
  83   if (ret < 0)
  84     {
  85       gnutls_assert ();
  86       return ret;
  87     }
  88
  89
  90   return 0;
  91
  92 }
  93
  94
  95 /* Randomizes the given password entry. It actually sets a random password.
  96  * Returns 0 on success.
  97  */
  98 static int
  99 _randomize_psk (gnutls_datum_t * psk)
 100 {
 101   int ret;
 102
 103   psk->data = gnutls_malloc (16);
 104   if (psk->data == NULL)
 105     {
 106       gnutls_assert ();
 107       return GNUTLS_E_MEMORY_ERROR;
 108     }
 109
 110   psk->size = 16;
 111
 112   ret = _gnutls_rnd (GNUTLS_RND_NONCE, (char *) psk->data, 16);
 113   if (ret < 0)
 114     {
 115       gnutls_assert ();
 116       return ret;
 117     }
 118
 119   return 0;
 120 }
 121
 122 /* Returns the PSK key of the given user.
 123  * If the user doesn't exist a random password is returned instead.
 124  */
 125 int
 126 _gnutls_psk_pwd_find_entry (gnutls_session_t session, char *username,
 127                             gnutls_datum_t * psk)
 128 {
 129   gnutls_psk_server_credentials_t cred;
 130   FILE *fd;
 131   char line[2 * 1024];
 132   unsigned i, len;
 133   int ret;
 134
 135   cred = (gnutls_psk_server_credentials_t)
 136     _gnutls_get_cred (session->key, GNUTLS_CRD_PSK, NULL);
 137   if (cred == NULL)
 138     {
 139       gnutls_assert ();
 140       return GNUTLS_E_INSUFFICIENT_CREDENTIALS;
 141     }
 142
 143   /* if the callback which sends the parameters is
 144    * set, use it.
 145    */
 146   if (cred->pwd_callback != NULL)
 147     {
 148       ret = cred->pwd_callback (session, username, psk);
 149
 150       if (ret == 1)
 151         {                       /* the user does not exist */
 152           ret = _randomize_psk (psk);
 153           if (ret < 0)
 154             {
 155               gnutls_assert ();
 156               return ret;
 157             }
 158           return 0;
 159         }
 160
 161       if (ret < 0)
 162         {
 163           gnutls_assert ();
 164           return GNUTLS_E_SRP_PWD_ERROR;
 165         }
 166
 167       return 0;
 168     }
 169
 170   /* The callback was not set. Proceed.
 171    */
 172   if (cred->password_file == NULL)
 173     {
 174       gnutls_assert ();
 175       return GNUTLS_E_SRP_PWD_ERROR;
 176     }
 177
 178   /* Open the selected password file.
 179    */
 180   fd = fopen (cred->password_file, "r");
 181   if (fd == NULL)
 182     {
 183       gnutls_assert ();
 184       return GNUTLS_E_SRP_PWD_ERROR;
 185     }
 186
 187   len = strlen (username);
 188   while (fgets (line, sizeof (line), fd) != NULL)
 189     {
 190       /* move to first ':' */
 191       i = 0;
 192       while ((line[i] != ':') && (line[i] != '\0') && (i < sizeof (line)))
 193         {
 194           i++;
 195         }
 196
 197       if (strncmp (username, line, MAX (i, len)) == 0)
 198         {
 199           ret = pwd_put_values (psk, line);
 200           fclose (fd);
 201           if (ret < 0)
 202             {
 203               gnutls_assert ();
 204               return GNUTLS_E_SRP_PWD_ERROR;
 205             }
 206           return 0;
 207         }
 208     }
 209   fclose (fd);
 210
 211   /* user was not found. Fake him.
 212    * the last index found and randomize the entry.
 213    */
 214   ret = _randomize_psk (psk);
 215   if (ret < 0)
 216     {
 217       gnutls_assert ();
 218       return ret;
 219     }
 220
 221   return 0;
 222
 223 }
 224
 225
 226 #endif /* ENABLE PSK */