summaryrefslogtreecommitdiffstats
path: root/contrib/pwdauth.c
diff options
context:
space:
mode:
authorDaniel Baumann <daniel.baumann@progress-linux.org>2024-05-06 02:22:06 +0000
committerDaniel Baumann <daniel.baumann@progress-linux.org>2024-05-06 02:22:06 +0000
commit741c1ef7a4f2ac316ad6e557ddbe03023413478d (patch)
tree38890f681daa26c57e865b4feca10d0ca53e1046 /contrib/pwdauth.c
parentInitial commit. (diff)
downloadshadow-741c1ef7a4f2ac316ad6e557ddbe03023413478d.tar.xz
shadow-741c1ef7a4f2ac316ad6e557ddbe03023413478d.zip
Adding upstream version 1:4.5.upstream/1%4.5upstream
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'contrib/pwdauth.c')
-rw-r--r--contrib/pwdauth.c308
1 files changed, 308 insertions, 0 deletions
diff --git a/contrib/pwdauth.c b/contrib/pwdauth.c
new file mode 100644
index 0000000..ca15495
--- /dev/null
+++ b/contrib/pwdauth.c
@@ -0,0 +1,308 @@
+/*
+ * pwdauth.c - program to verify a given username/password pair.
+ *
+ * Run it with username in argv[1] (may be omitted - default is the
+ * current user), and send it the password over a pipe on stdin.
+ * Exit status: 0 - correct password, 1 - wrong password, >1 - other
+ * errors. For use with shadow passwords, this program should be
+ * installed setuid root.
+ *
+ * This can be used, for example, by xlock - you don't have to install
+ * this large and complex (== possibly insecure) program setuid root,
+ * just modify it to run this simple program to do the authentication.
+ *
+ * Recent versions (xlockmore-3.9) are cleaner, and drop privileges as
+ * soon as possible after getting the user's encrypted password.
+ * Using this program probably doesn't make it more secure, and has one
+ * disadvantage: since we don't get the encrypted user's password at
+ * startup (but at the time the user is authenticated), it is not clear
+ * how we should handle errors (like getpwnam() returning NULL).
+ * - fail the authentication? Problem: no way to unlock (other than kill
+ * the process from somewhere else) if the NIS server stops responding.
+ * - succeed and unlock? Problem: it's too easy to unlock by unplugging
+ * the box from the network and waiting until NIS times out...
+ *
+ * This program is Copyright (C) 1996 Marek Michalkiewicz
+ * <marekm@i17linuxb.ists.pwr.wroc.pl>.
+ *
+ * It may be used and distributed freely for any purposes. There is no
+ * warranty - use at your own risk. I am not liable for any damages etc.
+ * If you improve it, please send me your changes.
+ */
+
+static char rcsid[] = "$Id$";
+
+/*
+ * Define USE_SYSLOG to use syslog() to log successful and failed
+ * authentication. This should be safe even if your system has
+ * the infamous syslog buffer overrun security problem...
+ */
+#define USE_SYSLOG
+
+/*
+ * Define HAVE_GETSPNAM to get shadow passwords using getspnam().
+ * Some systems don't have getspnam(), but getpwnam() returns
+ * encrypted passwords only if running as root.
+ *
+ * According to the xlock source (not tested, except Linux) -
+ * define: Linux, Solaris 2.x, SVR4, ...
+ * undef: HP-UX with Secured Passwords, FreeBSD, NetBSD, QNX.
+ * Known not supported (yet): Ultrix, OSF/1, SCO.
+ */
+#define HAVE_GETSPNAM
+
+/*
+ * Define HAVE_PW_ENCRYPT to use pw_encrypt() instead of crypt().
+ * pw_encrypt() is like the standard crypt(), except that it may
+ * support better password hashing algorithms.
+ *
+ * Define if linking with libshadow.a from the shadow password
+ * suite (Linux, SunOS 4.x?).
+ */
+#undef HAVE_PW_ENCRYPT
+
+/*
+ * Define HAVE_AUTH_METHODS to support the shadow suite specific
+ * extension: the encrypted password field contains a list of
+ * administrator defined authentication methods, separated by
+ * semicolons. This program only supports the standard password
+ * authentication method (a string that doesn't start with '@').
+ */
+#undef HAVE_AUTH_METHODS
+
+/*
+ * FAIL_DELAY - number of seconds to sleep before exiting if the
+ * password was wrong, to slow down password guessing attempts.
+ */
+#define FAIL_DELAY 2
+
+/* No user-serviceable parts below :-). */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <sys/types.h>
+#include <sys/wait.h>
+#include <unistd.h>
+#include <pwd.h>
+
+#ifdef USE_SYSLOG
+#include <syslog.h>
+#ifndef LOG_AUTHPRIV
+#define LOG_AUTHPRIV LOG_AUTH
+#endif
+#endif
+
+#ifdef HAVE_GETSPNAM
+#include <shadow.h>
+#endif
+
+#ifdef HAVE_PW_ENCRYPT
+extern char *pw_encrypt();
+#define crypt pw_encrypt
+#endif
+
+/*
+ * Read the password (one line) from fp. We don't turn off echo
+ * because we expect input from a pipe.
+ */
+static char *
+get_line(fp)
+ FILE *fp;
+{
+ static char buf[128];
+ char *cp;
+ int ch;
+
+ cp = buf;
+ while ((ch = getc(fp)) != EOF && ch != '\0' && ch != '\n') {
+ if (cp >= buf + sizeof buf - 1)
+ break;
+ *cp++ = ch;
+ }
+ *cp = '\0';
+ return buf;
+}
+
+/*
+ * Get the password file entry for the current user. If the name
+ * returned by getlogin() is correct (matches the current real uid),
+ * return the entry for that user. Otherwise, return the entry (if
+ * any) matching the current real uid. Return NULL on failure.
+ */
+static struct passwd *
+get_my_pwent()
+{
+ uid_t uid = getuid();
+ char *name = getlogin();
+
+ if (name && *name) {
+ struct passwd *pw = getpwnam(name);
+
+ if (pw && pw->pw_uid == uid)
+ return pw;
+ }
+ return getpwuid(uid);
+}
+
+/*
+ * Verify the password. The system-dependent shadow support is here.
+ */
+static int
+password_auth_ok(pw, pass)
+ const struct passwd *pw;
+ const char *pass;
+{
+ int result;
+ char *cp;
+#ifdef HAVE_AUTH_METHODS
+ char *buf;
+#endif
+#ifdef HAVE_GETSPNAM
+ struct spwd *sp;
+#endif
+
+ if (pw) {
+#ifdef HAVE_GETSPNAM
+ sp = getspnam(pw->pw_name);
+ if (sp)
+ cp = sp->sp_pwdp;
+ else
+#endif
+ cp = pw->pw_passwd;
+ } else
+ cp = "xx";
+
+#ifdef HAVE_AUTH_METHODS
+ buf = strdup(cp); /* will be modified by strtok() */
+ if (!buf) {
+ fprintf(stderr, "Out of memory.\n");
+ exit(13);
+ }
+ cp = strtok(buf, ";");
+ while (cp && *cp == '@')
+ cp = strtok(NULL, ";");
+
+ /* fail if no password authentication for this user */
+ if (!cp)
+ cp = "xx";
+#endif
+
+ if (*pass || *cp)
+ result = (strcmp(crypt(pass, cp), cp) == 0);
+ else
+ result = 1; /* user with no password */
+
+#ifdef HAVE_AUTH_METHODS
+ free(buf);
+#endif
+ return result;
+}
+
+/*
+ * Main program.
+ */
+int
+main(argc, argv)
+ int argc;
+ char **argv;
+{
+ struct passwd *pw;
+ char *pass, *name;
+ char myname[32];
+
+#ifdef USE_SYSLOG
+ openlog("pwdauth", LOG_PID | LOG_CONS, LOG_AUTHPRIV);
+#endif
+ pw = get_my_pwent();
+ if (!pw) {
+#ifdef USE_SYSLOG
+ syslog(LOG_ERR, "can't get login name for uid %d.\n",
+ (int) getuid());
+#endif
+ fprintf(stderr, "Who are you?\n");
+ exit(2);
+ }
+ strncpy(myname, pw->pw_name, sizeof myname - 1);
+ myname[sizeof myname - 1] = '\0';
+ name = myname;
+
+ if (argc > 1) {
+ name = argv[1];
+ pw = getpwnam(name);
+ }
+
+ pass = get_line(stdin);
+ if (password_auth_ok(pw, pass)) {
+#ifdef USE_SYSLOG
+ syslog(pw->pw_uid ? LOG_INFO : LOG_NOTICE,
+ "user `%s' entered correct password for `%.32s'.\n",
+ myname, name);
+#endif
+ exit(0);
+ }
+#ifdef USE_SYSLOG
+ /* be careful not to overrun the syslog buffer */
+ syslog((!pw || pw->pw_uid) ? LOG_NOTICE : LOG_WARNING,
+ "user `%s' entered incorrect password for `%.32s'.\n",
+ myname, name);
+#endif
+#ifdef FAIL_DELAY
+ sleep(FAIL_DELAY);
+#endif
+ fprintf(stderr, "Wrong password.\n");
+ exit(1);
+}
+
+#if 0
+/*
+ * You can use code similar to the following to run this program.
+ * Return values: >=0 - program exit status (use the <sys/wait.h>
+ * macros to get the exit code, it is shifted left by 8 bits),
+ * -1 - check errno.
+ */
+int
+verify_password(const char *username, const char *password)
+{
+ int pipe_fd[2];
+ int pid, wpid, status;
+
+ if (pipe(pipe_fd))
+ return -1;
+
+ if ((pid = fork()) == 0) {
+ char *arg[3];
+ char *env[1];
+
+ /* child */
+ close(pipe_fd[1]);
+ if (pipe_fd[0] != 0) {
+ if (dup2(pipe_fd[0], 0) != 0)
+ _exit(127);
+ close(pipe_fd[0]);
+ }
+ arg[0] = "/usr/bin/pwdauth";
+ arg[1] = username;
+ arg[2] = NULL;
+ env[0] = NULL;
+ execve(arg[0], arg, env);
+ _exit(127);
+ } else if (pid == -1) {
+ /* error */
+ close(pipe_fd[0]);
+ close(pipe_fd[1]);
+ return -1;
+ }
+ /* parent */
+ close(pipe_fd[0]);
+ write(pipe_fd[1], password, strlen(password));
+ write(pipe_fd[1], "\n", 1);
+ close(pipe_fd[1]);
+
+ while ((wpid = wait(&status)) != pid) {
+ if (wpid == -1)
+ return -1;
+ }
+ return status;
+}
+#endif