Adding upstream version 3.2.5+dfsg.upstream/3.2.5+dfsgupstream

Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>

1 files changed, 344 insertions, 49 deletions

diff --git a/src/modules/rlm_totp/rlm_totp.c b/src/modules/rlm_totp/rlm_totp.c
index 1459716..d58e1ee 100644
--- a/src/modules/rlm_totp/rlm_totp.c
+++ b/src/modules/rlm_totp/rlm_totp.c
@@ -26,9 +26,68 @@ RCSID("$Id$")
 
 #include <freeradius-devel/radiusd.h>
 #include <freeradius-devel/modules.h>
+#include <freeradius-devel/dlist.h>
 #include <freeradius-devel/rad_assert.h>
 
-#define TIME_STEP (30)
+#include <ctype.h>
+
+typedef struct {
+	uint8_t const	*key;
+	size_t		keylen;
+	char const	*passwd;
+	time_t		when;
+	bool		unlisted;
+	void		*instance;
+	fr_dlist_t	dlist;
+} totp_dedup_t;
+
+#ifdef HAVE_PTHREAD_H
+#include <pthread.h>
+
+#define PTHREAD_MUTEX_LOCK(_x) pthread_mutex_lock(&((_x)->mutex))
+#define PTHREAD_MUTEX_UNLOCK(_x) pthread_mutex_unlock(&((_x)->mutex))
+#else
+#define PTHREAD_MUTEX_LOCK(_x)
+#define PTHREAD_MUTEX_UNLOCK(_x)
+#endif
+
+
+/* Define a structure for the configuration variables */
+typedef struct rlm_totp_t {
+        char const	*name;			//!< name of this instance */
+        uint32_t	time_step;		//!< seconds
+        uint32_t	otp_length;		//!< forced to 6 or 8
+        uint32_t	lookback_steps;		//!< number of steps to look back
+        uint32_t	lookback_interval;	//!< interval in seconds between steps
+	uint32_t	lookforward_steps;	//!< number of steps to look forwards
+	rbtree_t	*dedup_tree;
+	fr_dlist_t	dedup_list;
+#ifdef HAVE_PTHREAD_H
+	pthread_mutex_t	mutex;
+#endif
+} rlm_totp_t;
+
+#ifndef TESTING
+/* Map configuration file names to internal variables */
+static const CONF_PARSER module_config[] = {
+        { "time_step", FR_CONF_OFFSET(PW_TYPE_INTEGER, rlm_totp_t, time_step), "30" },
+        { "otp_length", FR_CONF_OFFSET(PW_TYPE_INTEGER, rlm_totp_t, otp_length), "6" },
+	{ "lookback_steps", FR_CONF_OFFSET(PW_TYPE_INTEGER, rlm_totp_t, lookback_steps), "1" },
+	{ "lookback_interval", FR_CONF_OFFSET(PW_TYPE_INTEGER, rlm_totp_t, lookback_interval), "30" },
+	{ "lookforward_steps", FR_CONF_OFFSET(PW_TYPE_INTEGER, rlm_totp_t, lookforward_steps), "0" },
+	CONF_PARSER_TERMINATOR
+};
+
+#define TIME_STEP      (inst->time_step)
+#define OTP_LEN        (inst->otp_length)
+#define BACK_STEPS     (steps)
+#define BACK_STEP_SECS (inst->lookback_interval)
+#else
+#define TIME_STEP	(30)
+#define OTP_LEN		(8)
+#define BACK_STEPS	(1)
+#define BACK_STEP_SECS	(30)
+#endif
 
 /*
  *	RFC 4648 base32 decoding.
@@ -110,7 +169,7 @@ static ssize_t base32_decode(uint8_t *out, size_t outlen, char const *in)
 	 *	Will get converted to
 	 *
 	 *	11111222 22333334 44445555 56666677 77788888
-	 */	
+	 */
 	for (p = b = out; p < end; p += 8) {
 		b[0] = p[0] << 3;
 		b[0] |= p[1] >> 2;
@@ -142,14 +201,112 @@ static ssize_t base32_decode(uint8_t *out, size_t outlen, char const *in)
 	return b - out;
 }
 
+
 #ifndef TESTING
-#define LEN 6
-#define PRINT "%06u"
-#define DIV 1000000
-#else
-#define LEN 8
-#define PRINT "%08u"
-#define DIV 100000000
+#define TESTING_UNUSED
+
+#else /* TESTING */
+#undef RDEBUG3
+#define RDEBUG3(fmt, ...)	printf(fmt "\n", ## __VA_ARGS__)
+#define TESTING_UNUSED UNUSED
+#endif
+
+#ifndef TESTING
+static int mod_bootstrap(CONF_SECTION *conf, void *instance)
+{
+        rlm_totp_t *inst = instance;
+
+        inst->name = cf_section_name2(conf);
+        if (!inst->name) {
+                inst->name = cf_section_name1(conf);
+        }
+
+        return 0;
+}
+
+static int dedup_cmp(void const *one, void const *two)
+{
+	int rcode;
+	totp_dedup_t const *a = one;
+	totp_dedup_t const *b = two;
+
+	if (a->keylen < b->keylen) return -1;
+	if (a->keylen > b->keylen) return +1;
+
+	rcode = memcmp(a->key , b->key, a->keylen);
+	if (rcode != 0) return rcode;
+
+	/*
+	 *	The user can enter multiple keys
+	 */
+	return strcmp(a->passwd, b->passwd);
+}
+
+static void dedup_free(void *data)
+{
+	totp_dedup_t *dedup = data;
+#ifdef HAVE_PTHREAD_H
+	rlm_totp_t *inst = dedup->instance;
+#endif
+
+	if (!dedup->unlisted) {
+		PTHREAD_MUTEX_LOCK(inst);
+		fr_dlist_entry_unlink(&dedup->dlist);
+		PTHREAD_MUTEX_UNLOCK(inst);
+	}
+
+	free(dedup);
+}
+
+/*
+ *	Do any per-module initialization that is separate to each
+ *	configured instance of the module.  e.g. set up connections
+ *	to external databases, read configuration files, set up
+ *	dictionary entries, etc.
+ *
+ *	If configuration information is given in the config section
+ *	that must be referenced in later calls, store a handle to it
+ *	in *instance otherwise put a null pointer there.
+ */
+static int mod_instantiate(UNUSED CONF_SECTION *conf, void *instance)
+{
+	rlm_totp_t *inst = instance;
+
+	FR_INTEGER_BOUND_CHECK("time_step", inst->time_step, >=, 5);
+	FR_INTEGER_BOUND_CHECK("time_step", inst->time_step, <=, 120);
+
+	FR_INTEGER_BOUND_CHECK("lookback_steps", inst->lookback_steps, >=, 1);
+	FR_INTEGER_BOUND_CHECK("lookback_steps", inst->lookback_steps, <=, 10);
+
+	FR_INTEGER_BOUND_CHECK("lookforward_steps", inst->lookforward_steps, <=, 10);
+
+	FR_INTEGER_BOUND_CHECK("lookback_interval", inst->lookback_interval, <=, inst->time_step);
+
+	FR_INTEGER_BOUND_CHECK("otp_length", inst->otp_length, >=, 6);
+	FR_INTEGER_BOUND_CHECK("otp_length", inst->otp_length, <=, 8);
+
+	if (inst->otp_length == 7) inst->otp_length = 8;
+
+	inst->dedup_tree = rbtree_create(instance, dedup_cmp, dedup_free, 0);
+	if (!inst->dedup_tree) return -1;
+
+	fr_dlist_entry_init(&inst->dedup_list);
+#ifdef HAVE_PTHREAD_H
+	(void) pthread_mutex_init(&inst->mutex, NULL);
+#endif
+
+	return 0;
+}
+
+#ifdef HAVE_PTHREAD_H
+static int mod_detach(void *instance)
+{
+	rlm_totp_t *inst = instance;
+
+	pthread_mutex_destroy(&inst->mutex);
+	return 0;
+}
+#endif
 #endif
 
 /*
@@ -159,8 +316,14 @@ static ssize_t base32_decode(uint8_t *out, size_t outlen, char const *in)
  *	for 8-character challenges, and not for 6 character
  *	challenges!
  */
-static int totp_cmp(time_t now, uint8_t const *key, size_t keylen, char const *totp)
+static int totp_cmp(TESTING_UNUSED REQUEST *request, time_t now, uint8_t const *key, size_t keylen, char const *totp, TESTING_UNUSED void *instance)
 {
+#ifndef TESTING
+        rlm_totp_t *inst = instance;
+	uint32_t steps = inst->lookback_steps > inst->lookforward_steps ? inst->lookback_steps : inst->lookforward_steps;
+#endif
+	time_t diff, then;
+	unsigned int i;
 	uint8_t offset;
 	uint32_t challenge;
 	uint64_t padded;
@@ -168,59 +331,153 @@ static int totp_cmp(time_t now, uint8_t const *key, size_t keylen, char const *t
 	uint8_t data[8];
 	uint8_t digest[SHA1_DIGEST_LENGTH];
 
-	padded = ((uint64_t) now) / TIME_STEP;
-	data[0] = padded >> 56;
-	data[1] = padded >> 48;
-	data[2] = padded >> 40;
-	data[3] = padded >> 32;
-	data[4] = padded >> 24;
-	data[5] = padded >> 16;
-	data[6] = padded >> 8;
-	data[7] = padded & 0xff;
-
 	/*
-	 *	Encrypt the network order time with the key.
+	 *	First try to authenticate against the current OTP, then step
+	 *	back in increments of BACK_STEP_SECS, up to BACK_STEPS times,
+	 *	to authenticate properly in cases of long transit delay, as
+	 *	described in RFC 6238, secion 5.2.
 	 */
-	fr_hmac_sha1(digest, data, 8, key, keylen);
 
-	/*
-	 *	Take the least significant 4 bits.
-	 */
-	offset = digest[SHA1_DIGEST_LENGTH - 1] & 0x0f;
+	for (i = 0, diff = 0; i <= BACK_STEPS; i++, diff += BACK_STEP_SECS) {
+#ifndef TESTING
+		if (i > inst->lookback_steps) goto forwards;
+#endif
+		then = now - diff;
+#ifndef TESTING
+	repeat:
+#endif
+		padded = (uint64_t) then / TIME_STEP;
+		data[0] = padded >> 56;
+		data[1] = padded >> 48;
+		data[2] = padded >> 40;
+		data[3] = padded >> 32;
+		data[4] = padded >> 24;
+		data[5] = padded >> 16;
+		data[6] = padded >> 8;
+		data[7] = padded & 0xff;
+
+		/*
+		 *	Encrypt the network order time with the key.
+		 */
+		fr_hmac_sha1(digest, data, 8, key, keylen);
+
+		/*
+		 *	Take the least significant 4 bits.
+		 */
+		offset = digest[SHA1_DIGEST_LENGTH - 1] & 0x0f;
+
+		/*
+		 *	Grab the 32bits at "offset", and drop the high bit.
+		 */
+		challenge = (digest[offset] & 0x7f) << 24;
+		challenge |= digest[offset + 1] << 16;
+		challenge |= digest[offset + 2] << 8;
+		challenge |= digest[offset + 3];
+
+		/*
+		 *	The token is the last 6 digits in the number (or 8 for testing)..
+		 */
+        	snprintf(buffer, sizeof(buffer), ((OTP_LEN == 6) ? "%06u" : "%08u"),
+			 challenge % ((OTP_LEN == 6) ? 1000000 : 100000000));
+
+		RDEBUG3("Now: %zu, Then: %zu", (size_t) now, (size_t) then);
+		RDEBUG3("Expected %s", buffer);
+		RDEBUG3("Received %s", totp);
+
+		if (rad_digest_cmp((uint8_t const *) buffer, (uint8_t const *) totp, OTP_LEN) == 0) return 0;
+
+#ifndef TESTING
+		/*
+		 *	We've tested backwards, now do the equivalent time slot forwards
+		 */
+		if ((then < now) && (i <= inst->lookforward_steps)) {
+		forwards:
+			then = now + diff;
+			goto repeat;
+		}
+#endif
+	}
+	return 1;
+}
+
+#ifndef TESTING
+
+static inline CC_HINT(nonnull) totp_dedup_t *fr_dlist_head(fr_dlist_t const *head)
+{
+	if (head->prev == head) return NULL;
+
+	return (totp_dedup_t *) (((uintptr_t) head->next) - offsetof(totp_dedup_t, dlist));
+}
+
+
+static bool totp_reused(void *instance, time_t now, uint8_t const *key, size_t keylen, char const *passwd)
+{
+	rlm_totp_t *inst = instance;
+	totp_dedup_t *dedup, my_dedup;
+
+	my_dedup.key = key;
+	my_dedup.keylen = keylen;
+	my_dedup.passwd = passwd;
+
+	PTHREAD_MUTEX_LOCK(inst);
 
 	/*
-	 *	Grab the 32bits at "offset", and drop the high bit.
+	 *	Expire the oldest entries before searching for an entry in the tree.
 	 */
-	challenge = (digest[offset] & 0x7f) << 24;
-	challenge |= digest[offset + 1] << 16;
-	challenge |= digest[offset + 2] << 8;
-	challenge |= digest[offset + 3];
+	while (true) {
+		dedup = fr_dlist_head(&inst->dedup_list);
+		if (!dedup) break;
+
+		if ((now - dedup->when) < (inst->lookback_steps * inst->lookback_interval)) break;
+
+		dedup->unlisted = true;
+		fr_dlist_entry_unlink(&dedup->dlist);
+		(void) rbtree_deletebydata(inst->dedup_tree, dedup);
+	}
 
 	/*
-	 *	The token is the last 6 digits in the number.
+	 *	Was this key and TOTP reused?
 	 */
-	snprintf(buffer, sizeof(buffer), PRINT, challenge % DIV);
+	dedup = rbtree_finddata(inst->dedup_tree, &my_dedup);
+	if (dedup) {
+		PTHREAD_MUTEX_UNLOCK(inst);
+		return true;
+	}
 
-	return rad_digest_cmp((uint8_t const *) buffer, (uint8_t const *) totp, LEN);
-}
+	dedup = calloc(sizeof(*dedup), 1);
+	if (!dedup) {
+		PTHREAD_MUTEX_UNLOCK(inst);
+		return false;
+	}
 
-#ifndef TESTING
+	dedup->key = key;
+	dedup->keylen = keylen;
+	dedup->passwd = passwd;
+	dedup->when = now;
+	dedup->instance = inst;
+
+	fr_dlist_insert_tail(&inst->dedup_list, &dedup->dlist);
+	(void) rbtree_insert(inst->dedup_tree, dedup);
+	PTHREAD_MUTEX_UNLOCK(inst);
+
+	return false;
+}
 
 /*
  *  Do the authentication
  */
-static rlm_rcode_t CC_HINT(nonnull) mod_authenticate(UNUSED void *instance, REQUEST *request)
+static rlm_rcode_t CC_HINT(nonnull) mod_authenticate(void *instance, REQUEST *request)
 {
 	VALUE_PAIR *vp, *password;
 	uint8_t const *key;
 	size_t keylen;
 	uint8_t buffer[80];	/* multiple of 5*8 characters */
-
+	uint64_t now = time(NULL);
 
 	password = fr_pair_find_by_num(request->packet->vps, PW_TOTP_PASSWORD, 0, TAG_ANY);
 	if (!password) return RLM_MODULE_NOOP;
 
-	if (password->vp_length != 6) {
+	if ((password->vp_length != 6) && (password->vp_length != 8)) {
 		RDEBUG("TOTP-Password has incorrect length %d", (int) password->vp_length);
 		return RLM_MODULE_FAIL;
 	}
@@ -237,11 +494,13 @@ static rlm_rcode_t CC_HINT(nonnull) mod_authenticate(UNUSED void *instance, REQU
 		ssize_t len;
 
 		vp = fr_pair_find_by_num(request->config, PW_TOTP_SECRET, 0, TAG_ANY);
-		if (!vp) return RLM_MODULE_NOOP;
-
+		if (!vp) {
+		        RDEBUG("TOTP mod_authenticate() did not receive a TOTP-Secret");
+		        return RLM_MODULE_NOOP;
+		}
 		len = base32_decode(buffer, sizeof(buffer), vp->vp_strvalue);
 		if (len < 0) {
-			RDEBUG("TOTP-Secret cannot be decoded");
+			REDEBUG("TOTP-Secret cannot be decoded");
 			return RLM_MODULE_FAIL;
 		}
 
@@ -249,9 +508,25 @@ static rlm_rcode_t CC_HINT(nonnull) mod_authenticate(UNUSED void *instance, REQU
 		keylen = len;
 	}
 
-	if (totp_cmp(time(NULL), key, keylen, password->vp_strvalue) != 0) return RLM_MODULE_FAIL;
+	vp = fr_pair_find_by_num(request->config, PW_TOTP_TIME_OFFSET, 0, TAG_ANY);
+	if (vp && (vp->vp_signed > -600) && (vp->vp_signed < 600)) {
+		RDEBUG("Using TOTP-Time-Offset = %d", vp->vp_signed);
+		now += vp->vp_signed;
+	}
+
+	if (totp_cmp(request, now, key, keylen, password->vp_strvalue, instance) == 0) {
+		/*
+		 *	Forbid using a key more than once.
+		 */
+		if (totp_reused(instance, now, key, keylen, password->vp_strvalue)) return RLM_MODULE_REJECT;
+
+		return RLM_MODULE_OK;
+	}
 
-	return RLM_MODULE_OK;
+	/*
+	 *	Bad keys don't affect the cache.
+	 */
+	return RLM_MODULE_REJECT;
 }
 
 
@@ -269,12 +544,24 @@ module_t rlm_totp = {
 	.magic		= RLM_MODULE_INIT,
 	.name		= "totp",
 	.type		= RLM_TYPE_THREAD_SAFE,
+	.inst_size      = sizeof(rlm_totp_t),
+	.config         = module_config,
+	.bootstrap      = mod_bootstrap,
+	.instantiate    = mod_instantiate,
+#ifdef HAVE_PTHREAD_H
+	.detach		= mod_detach,
+#endif
 	.methods = {
 		[MOD_AUTHENTICATE]	= mod_authenticate,
 	},
 };
 
 #else /* TESTING */
+/*
+ *	./totp decode KEY_BASE32
+ *
+ *	./totp totp now KEY TOTP
+ */
 int main(int argc, char **argv)
 {
 	size_t len;
@@ -298,23 +585,31 @@ int main(int argc, char **argv)
 	}
 
 	/*
-	 *	TOTP <time> <key> <8-character-expected-token>
+	 *	TOTP <time> <key> <expected-token>
 	 */
 	if (strcmp(argv[1], "totp") == 0) {
 		uint64_t now;
 
 		if (argc < 5) return 0;
 
-		(void) sscanf(argv[2], "%llu", &now);
+		if (strcmp(argv[2], "now") == 0) {
+			now = time(NULL);
+		} else {
+			(void) sscanf(argv[2], "%llu", &now);
+		}
+
+		printf ("=== Time = %llu, TIME_STEP = %d, BACK_STEPS = %d, BACK_STEP_SECS = %d ===\n",
+			 now, TIME_STEP, BACK_STEPS, BACK_STEP_SECS);
 
-		if (totp_cmp((time_t) now, (uint8_t const *) argv[3], strlen(argv[3]), argv[4]) == 0) {
-			return 0;
+		if (totp_cmp(NULL, (time_t) now, (uint8_t const *) argv[3],
+			     strlen(argv[3]), argv[4], NULL) == 0) {
+		       return 0;
 		}
 		printf("Fail\n");
 		return 1;
 	}
 
-	fprintf(stderr, "Unknown command argv[1]\n", argv[1]);
+	fprintf(stderr, "Unknown command %s\n", argv[1]);
 	return 1;
 }
 #endif