2 * Copyright (c) 1990,1993 Regents of The University of Michigan.
3 * Copyright (c) 1999 Adrian Sun (asun@u.washington.edu)
4 * All Rights Reserved. See COPYRIGHT.
19 #include <sys/param.h>
23 #include <netatalk/endian.h>
25 #include <atalk/afp.h>
26 #include <atalk/uam.h>
42 static C_Block seskey;
43 static Key_schedule seskeysched;
44 static struct passwd *randpwd;
45 static u_int8_t randbuf[8];
47 /* hash to a 16-bit number. this will generate completely harmless
48 * warnings on 64-bit machines. */
49 #define randhash(a) (((((unsigned long) a) >> 8) ^ \
50 ((unsigned long)a)) & 0xffff)
53 /* handle ~/.passwd. courtesy of shirsch@ibm.net. */
54 static __inline__ int home_passwd(const struct passwd *pwd,
55 const char *path, const int pathlen,
56 char *passwd, const int len,
62 if ( (fd = open(path, (set) ? O_WRONLY : O_RDONLY)) < 0 ) {
63 syslog( LOG_ERR, "Failed to open %s", path);
67 if ( fstat( fd, &st ) < 0 )
68 goto home_passwd_fail;
70 /* If any of these are true, disallow login:
71 * - not a regular file
72 * - gid or uid don't match user
73 * - anyone else has permissions of any sort
75 if (!S_ISREG(st.st_mode) || (pwd->pw_uid != st.st_uid) ||
76 (pwd->pw_gid != st.st_gid) ||
77 (st.st_mode & ( S_IRWXG | S_IRWXO )) ) {
78 syslog( LOG_INFO, "Insecure permissions found for %s.", path);
79 goto home_passwd_fail;
82 /* get the password */
84 if (write(fd, passwd, len) < 0) {
85 syslog( LOG_ERR, "Failed to write to %s", path );
86 goto home_passwd_fail;
89 if (read(fd, passwd, len) < 0) {
90 syslog( LOG_ERR, "Failed to read from %s", path );
91 goto home_passwd_fail;
94 /* get rid of pesky characters */
95 for (i = 0; i < len; i++)
96 if ((passwd[i] != ' ') && isspace(passwd[i]))
105 return AFPERR_ACCESS;
111 * handle /path/afppasswd with an optional key file. we're a lot more
112 * trusting of this file. NOTE: we use our own password entry writing
113 * bits as we want to avoid tromping over global variables. in addition,
114 * we look for a key file and use that if it's there. here are the
117 * username:password:last login date:failedcount
119 * password is just the hex equivalent of either the ASCII password
120 * (if the key file doesn't exist) or the des encrypted password.
124 #define PASSWD_ILLEGAL '*'
125 #define unhex(x) (isdigit(x) ? (x) - '0' : toupper(x) + 10 - 'A')
126 static int afppasswd(const struct passwd *pwd,
127 const char *path, const int pathlen,
128 char *passwd, int len,
131 u_int8_t key[DES_KEY_SZ*2];
132 char buf[MAXPATHLEN + 1], *p;
133 Key_schedule schedule;
135 int i, j, keyfd = -1, err = 0;
138 if ((fp = fopen(path, (set) ? "r+" : "r")) < 0) {
139 syslog( LOG_ERR, "Failed to open %s", path);
140 return AFPERR_ACCESS;
143 /* open the key file if it exists */
145 if (pathlen < sizeof(buf) - 5) {
147 keyfd = open(buf, O_RDONLY);
151 memset(buf, 0, sizeof(buf));
152 while (fgets(buf, sizeof(buf), fp)) {
153 if ((p = strchr(buf, ':'))) {
154 if (strncmp(buf, pwd->pw_name, p - buf) == 0) {
156 if (*p == PASSWD_ILLEGAL) {
157 syslog(LOG_INFO, "invalid password entry for %s", pwd->pw_name);
161 goto afppasswd_found;
165 memset(buf, 0, sizeof(buf));
172 /* convert to binary. */
173 for (i = j = 0; i < sizeof(key); i += 2, j++)
174 p[j] = (unhex(p[i]) << 4) | unhex(p[i + 1]);
176 memset(p + j, 0, sizeof(key) - j);
180 /* read in the hex representation of an 8-byte key */
181 read(keyfd, key, sizeof(key));
183 /* convert to binary key */
184 for (i = j = 0; i < strlen(key); i += 2, j++)
185 key[j] = (unhex(key[i]) << 4) | unhex(key[i + 1]);
187 memset(key + j, 0, sizeof(key) - j);
188 key_sched((C_Block *) key, schedule);
189 memset(key, 0, sizeof(key));
192 /* NOTE: this takes advantage of the fact that passwd doesn't
193 * get used after this call if it's being set. */
194 ecb_encrypt((C_Block *) passwd, (C_Block *) passwd, schedule,
197 /* decrypt the password */
198 ecb_encrypt((C_Block *) p, (C_Block *) p, schedule, DES_DECRYPT);
200 memset(schedule, 0, sizeof(schedule));
204 const unsigned char hextable[] = "0123456789ABCDEF";
208 /* convert to hex password */
209 for (i = j = 0; i < DES_KEY_SZ; i++, j += 2) {
210 key[j] = hextable[(passwd[i] & 0xF0) >> 4];
211 key[j + 1] = hextable[passwd[i] & 0x0F];
213 memcpy(p, key, sizeof(key));
215 /* get exclusive access to the user's password entry. we don't
216 * worry so much on reads. in the worse possible case there, the
217 * user will just need to re-enter their password. */
218 lock.l_type = F_WRLCK;
221 lock.l_whence = SEEK_SET;
223 fseek(fp, pos, SEEK_SET);
224 fcntl(fd, F_SETLKW, &lock);
225 fwrite(buf, p - buf + sizeof(key), 1, fp);
226 lock.l_type = F_UNLCK;
227 fcntl(fd, F_SETLK, &lock);
229 memcpy(passwd, p, len);
231 memset(buf, 0, sizeof(buf));
241 /* this sets the uid. it needs to do slightly different things
242 * depending upon whether or not the password is in ~/.passwd
243 * or in a global location */
244 static int randpass(const struct passwd *pwd, const char *file,
245 char *passwd, const int len, const int set)
248 uid_t uid = geteuid();
250 /* Build pathname to user's '.passwd' file */
253 char path[MAXPATHLEN + 1];
255 if ( (strlen(pwd->pw_dir) + i - 1) > MAXPATHLEN)
258 strcpy(path, pwd->pw_dir );
260 strcat(path, file + 2);
262 seteuid(pwd->pw_uid); /* change ourselves to the user */
263 i = home_passwd(pwd, path, i, passwd, len, set);
265 seteuid(0); /* change ourselves back to root */
272 /* handle afppasswd file. we need to make sure that we're root
273 * when we do this. */
276 i = afppasswd(pwd, file, i, passwd, len, set);
283 /* randnum sends an 8-byte number and uses the user's password to
284 * check against the encrypted reply. */
285 static int randnum_login(void *obj, struct passwd **uam_pwd,
286 char *ibuf, int ibuflen,
287 char *rbuf, int *rbuflen)
289 char *username, *passwdfile;
295 if (uam_afpserver_option(obj, UAM_OPTION_USERNAME,
296 (void *) &username, &ulen) < 0)
299 len = UAM_PASSWD_FILENAME;
300 if (uam_afpserver_option(obj, UAM_OPTION_PASSWDOPT,
301 (void *) &passwdfile, &len) < 0)
304 len = (unsigned char) *ibuf++;
308 memcpy(username, ibuf, len );
310 username[ len ] = '\0';
311 if ((unsigned long) ibuf & 1) /* padding */
314 if (( randpwd = uam_getname(username, ulen)) == NULL )
315 return AFPERR_PARAM; /* unknown user */
317 syslog( LOG_INFO, "randnum/rand2num login: %s", username);
318 if (uam_checkuser(randpwd) < 0)
319 return AFPERR_NOTAUTH;
321 if ((err = randpass(randpwd, passwdfile, seskey,
322 sizeof(seskey), 0)) != AFP_OK)
325 /* get a random number */
326 len = sizeof(randbuf);
327 if (uam_afpserver_option(obj, UAM_OPTION_RANDNUM,
328 (void *) randbuf, &len) < 0)
331 /* session id is a hashed version of the obj pointer */
332 sessid = randhash(obj);
333 memcpy(rbuf, &sessid, sizeof(sessid));
334 rbuf += sizeof(sessid);
335 *rbuflen = sizeof(sessid);
337 /* send the random number off */
338 memcpy(rbuf, randbuf, sizeof(randbuf));
339 *rbuflen += sizeof(randbuf);
340 return AFPERR_AUTHCONT;
344 /* check encrypted reply. we actually setup the encryption stuff
345 * here as the first part of randnum and rand2num are identical. */
346 static int randnum_logincont(void *obj, struct passwd **uam_pwd,
347 char *ibuf, int ibuflen,
348 char *rbuf, int *rbuflen)
354 memcpy(&sessid, ibuf, sizeof(sessid));
355 if (sessid != randhash(obj))
358 ibuf += sizeof(sessid);
360 /* encrypt. this saves a little space by using the fact that
361 * des can encrypt in-place without side-effects. */
362 key_sched((C_Block *) seskey, seskeysched);
363 memset(seskey, 0, sizeof(seskey));
364 ecb_encrypt((C_Block *) randbuf, (C_Block *) randbuf,
365 seskeysched, DES_ENCRYPT);
366 memset(seskeysched, 0, sizeof(seskeysched));
368 /* test against what the client sent */
369 if (memcmp( randbuf, ibuf, sizeof(randbuf) )) { /* != */
370 memset(randbuf, 0, sizeof(randbuf));
371 return AFPERR_NOTAUTH;
374 memset(randbuf, 0, sizeof(randbuf));
380 /* differences from randnum:
381 * 1) each byte of the key is shifted left one bit
382 * 2) client sends the server a 64-bit number. the server encrypts it
383 * and sends it back as part of the reply.
385 static int rand2num_logincont(void *obj, struct passwd **uam_pwd,
386 char *ibuf, int ibuflen,
387 char *rbuf, int *rbuflen)
394 /* compare session id */
395 memcpy(&sessid, ibuf, sizeof(sessid));
396 if (sessid != randhash(obj))
399 ibuf += sizeof(sessid);
401 /* shift key elements left one bit */
402 for (i = 0; i < sizeof(seskey); i++)
405 /* encrypt randbuf */
406 key_sched((C_Block *) seskey, seskeysched);
407 memset(seskey, 0, sizeof(seskey));
408 ecb_encrypt( (C_Block *) randbuf, (C_Block *) randbuf,
409 seskeysched, DES_ENCRYPT);
411 /* test against client's reply */
412 if (memcmp(randbuf, ibuf, sizeof(randbuf))) { /* != */
413 memset(randbuf, 0, sizeof(randbuf));
414 memset(seskeysched, 0, sizeof(seskeysched));
415 return AFPERR_NOTAUTH;
417 ibuf += sizeof(randbuf);
418 memset(randbuf, 0, sizeof(randbuf));
420 /* encrypt client's challenge and send back */
421 ecb_encrypt( (C_Block *) ibuf, (C_Block *) rbuf,
422 seskeysched, DES_ENCRYPT);
423 memset(seskeysched, 0, sizeof(seskeysched));
424 *rbuflen = sizeof(randbuf);
430 /* change password --
431 * NOTE: an FPLogin must already have completed successfully for this
434 static int randnum_changepw(void *obj, const char *username,
435 struct passwd *pwd, char *ibuf,
436 int ibuflen, char *rbuf, int *rbuflen)
441 if (uam_checkuser(pwd) < 0)
442 return AFPERR_ACCESS;
444 len = UAM_PASSWD_FILENAME;
445 if (uam_afpserver_option(obj, UAM_OPTION_PASSWDOPT,
446 (void *) &passwdfile, &len) < 0)
449 /* old password is encrypted with new password and new password is
450 * encrypted with old. */
451 if ((err = randpass(pwd, passwdfile, seskey,
452 sizeof(seskey), 0)) != AFP_OK)
455 /* use old passwd to decrypt new passwd */
456 key_sched((C_Block *) seskey, seskeysched);
457 ibuf += PASSWDLEN; /* new passwd */
458 ibuf[PASSWDLEN] = '\0';
459 ecb_encrypt( (C_Block *) ibuf, (C_Block *) ibuf, seskeysched, DES_DECRYPT);
461 /* now use new passwd to decrypt old passwd */
462 key_sched((C_Block *) ibuf, seskeysched);
463 ibuf -= PASSWDLEN; /* old passwd */
464 ecb_encrypt((C_Block *) ibuf, (C_Block *) ibuf, seskeysched, DES_DECRYPT);
465 if (memcmp(seskey, ibuf, sizeof(seskey)))
466 err = AFPERR_NOTAUTH;
467 else if (memcmp(seskey, ibuf + PASSWDLEN, sizeof(seskey)) == 0)
468 err = AFPERR_PWDSAME;
470 else if (FascistCheck(ibuf + PASSWDLEN, _PATH_CRACKLIB))
471 err = AFPERR_PWDPOLCY;
475 err = randpass(pwd, passwdfile, ibuf + PASSWDLEN, sizeof(seskey), 1);
477 /* zero out some fields */
478 memset(seskeysched, 0, sizeof(seskeysched));
479 memset(seskey, 0, sizeof(seskey));
480 memset(ibuf, 0, sizeof(seskey)); /* old passwd */
481 memset(ibuf + PASSWDLEN, 0, sizeof(seskey)); /* new passwd */
489 static int uam_setup(const char *path)
491 if (uam_register(UAM_SERVER_LOGIN, path, "Randnum exchange",
492 randnum_login, randnum_logincont, NULL) < 0)
494 if (uam_register(UAM_SERVER_LOGIN, path, "2-Way Randnum exchange",
495 randnum_login, rand2num_logincont, NULL) < 0) {
496 uam_unregister(UAM_SERVER_LOGIN, "Randnum exchange");
500 if (uam_register(UAM_SERVER_CHANGEPW, path, "Randnum Exchange",
501 randnum_changepw) < 0) {
502 uam_unregister(UAM_SERVER_LOGIN, "Randnum exchange");
503 uam_unregister(UAM_SERVER_LOGIN, "2-Way Randnum exchange");
506 /*uam_register(UAM_SERVER_PRINTAUTH, path, "Randnum Exchange",
512 static void uam_cleanup(void)
514 uam_unregister(UAM_SERVER_LOGIN, "Randnum exchange");
515 uam_unregister(UAM_SERVER_LOGIN, "2-Way Randnum exchange");
516 uam_unregister(UAM_SERVER_CHANGEPW, "Randnum Exchange");
517 /*uam_unregister(UAM_SERVER_PRINTAUTH, "Randnum Exchange");*/
520 UAM_MODULE_EXPORT struct uam_export uams_randnum = {
523 uam_setup, uam_cleanup
526 #endif /* UAM_RNDNUM */