/src/zsrelay/auth-pwd.c

https://github.com/Shirk/zsrelay · C · 259 lines · 159 code · 49 blank · 51 comment · 55 complexity · 2f1fbea10b55f567adadd7053598e28f MD5 · raw file 

    

  1. /*
    2. 

  2.    This file is part of zsrelay a srelay port for the iPhone.
    3. 

    4. 

  4.    Copyright (C) 2008 Rene Koecher <shirk@bitspin.org>
    5. 

    6. 

  6.    Based on srelay 0.4.6 source base Copyright (C) 2001 Tomo.M
    7. 

  7.    Destributed under the GPL license with original authors permission.
    8. 

    9. 

  9.    zsrelay is free software: you can redistribute it and/or modify
    10. 

  10.    it under the terms of the GNU General Public License as published by
    11. 

  11.    the Free Software Foundation, either version 3 of the License, or (at
    12. 

  12.    your option) any later version.
    13. 

    14. 

  14.    This program is distributed in the hope that it will be useful, but
    15. 

  15.    WITHOUT ANY WARRANTY; without even the implied warranty of
    16. 

  16.    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
    17. 

  17.    General Public License for more details.
    18. 

    19. 

  19.    You should have received a copy of the GNU General Public License
    20. 

  20.    along with this program.  If not, see <http://www.gnu.org/licenses/>. 
    21. 

  21.    */
    22. 

  22. 

  23. #include "zsrelay.h"
    24. 

  24. #if defined(FREEBSD) || defined(LINUX)
    25. 

  25. #include <pwd.h>
    26. 

  26. #elif  SOLARIS
    27. 

  27. #include <shadow.h>
    28. 

  28. #include <crypt.h>
    29. 

  29. #endif
    30. 

  30. 

  31. #define TIMEOUTSEC    30
    32. 

  32. 

  33. /* proto types */
    34. 

  34. int checkpasswd(char *, char *);
    35. 

  35. 

  36. int
    37. 

  37. auth_pwd_server(int s)
    38. 

  38. {
    39. 

  39.     char buf[512];
    40. 

  40.     int  r, len;
    41. 

  41.     char user[256];
    42. 

  42.     char pass[256];
    43. 

  43.     struct sockaddr_storage client;
    44. 

  44.     char client_ip[NI_MAXHOST];
    45. 

  45.     int  error = 0;
    46. 

  46.     int  code = 0;
    47. 

  47. 

  48.     r = timerd_read(s, buf, sizeof(buf), TIMEOUTSEC, MSG_PEEK);
    49. 

  49.     if ( r < 2 )
    50. 

  50.       return(-1);
    51. 

  51. 

  52.     if (buf[0] != 0x01) /* current username/password auth version */
    53. 

  53.       /* error in version */
    54. 

  54.       return(-1);
    55. 

  55. 

  56.     len = buf[1];
    57. 

  57.     if (len < 1 || len > 255)
    58. 

  58.       /* invalid username len */
    59. 

  59.       return(-1);
    60. 

  60. 

  61.     /* read username */
    62. 

  62.     r = timerd_read(s, buf, 2+len, TIMEOUTSEC, 0);
    63. 

  63.     if (r < 2+len)
    64. 

  64.       /* read error */
    65. 

  65.       return(-1);
    66. 

  66. 

  67.     strncpy(user, &buf[2], len);
    68. 

  68.     user[len] = '\0';
    69. 

  69. 

  70.     /* get passwd */
    71. 

  71.     r = timerd_read(s, buf, sizeof(buf), TIMEOUTSEC, MSG_PEEK);
    72. 

  72.     if ( r < 1 )
    73. 

  73.       return(-1);
    74. 

  74. 

  75.     len = buf[0];
    76. 

  76.     if (len < 1 || len > 255)
    77. 

  77.       /* invalid password len */
    78. 

  78.       return(-1);
    79. 

  79. 

  80.     /* read passwd */
    81. 

  81.     r = timerd_read(s, buf, 1+len, TIMEOUTSEC, 0);
    82. 

  82.     if (r < 1+len)
    83. 

  83.       /* read error */
    84. 

  84.       return(-1);
    85. 

  85. 

  86.     strncpy(pass, &buf[1], len);
    87. 

  87.     pass[len] = '\0';
    88. 

  88. 

  89.     /* do authentication */
    90. 

  90.     r = checkpasswd(user, pass);
    91. 

  91. 

  92.     /* logging */
    93. 

  93.     len = sizeof(struct sockaddr_storage);
    94. 

  94. 

  95.     if (getpeername(s, (struct sockaddr *)&client, &len) != 0)
    96. 

  96.       client_ip[0] = '\0';
    97. 

  97.     else
    98. 

  98.       {
    99. 

  99. 	error = getnameinfo((struct sockaddr *)&client, len,
    100. 

  100. 			    client_ip, sizeof(client_ip),
    101. 

  101. 			    NULL, 0, NI_NUMERICHOST);
    102. 

  102. 

  103. 	if (error)
    104. 

  104. 	  client_ip[0] = '\0';
    105. 

  105.       }
    106. 

  106. 

  107.     msg_out(norm, "%s 5-U/P_AUTH %s %s.", client_ip,
    108. 

  108. 	    user, r == 0 ? "accepted" : "denied");
    109. 

  109. 

  110.     /* erace uname and passwd storage */
    111. 

  111.     memset(user, 0, sizeof(user));
    112. 

  112.     memset(pass, 0, sizeof(pass));
    113. 

  113. 

  114.     code = ( r == 0 ? 0 : -1 );
    115. 

  115. 

  116.     /* reply to client */
    117. 

  117.     buf[0] = 0x01;  /* sub negotiation version */
    118. 

  118.     buf[1] = code & 0xff;  /* grant or not */
    119. 

  119. 

  120.     r = timerd_write(s, buf, 2, TIMEOUTSEC);
    121. 

  121.     if (r < 2)
    122. 

  122.       /* write error */
    123. 

  123.       return(-1);
    124. 

  124. 

  125.     return(code);   /* access granted or not */
    126. 

  126. }
    127. 

  127. 

  128. int
    129. 

  129. auth_pwd_client(int s, int ind)
    130. 

  130. {
    131. 

  131.     char buf[640];
    132. 

  132.     int  r, ulen, plen;
    133. 

  133.     FILE *fp;
    134. 

  134.     char user[256];
    135. 

  135.     char pass[256];
    136. 

  136. 

  137.     /* get username/password */
    138. 

  138.     setreuid(PROCUID, 0);
    139. 

  139.     fp = fopen(pwdfile, "r");
    140. 

  140.     setreuid(0, PROCUID);
    141. 

  141. 

  142.     if ( fp == NULL )
    143. 

  143.       /* cannot open pwdfile */
    144. 

  144.       return(-1);
    145. 

  145. 

  146.     r = readpasswd(fp, ind,
    147. 

  147. 		   user, sizeof(user)-1, pass, sizeof(pass)-1);
    148. 

  148.     fclose(fp);
    149. 

  149. 

  150.     if ( r != 0)
    151. 

  151.       /* no matching entry found or error */
    152. 

  152.       goto err_ret;
    153. 

  153. 

  154.     ulen = strlen(user);
    155. 

  155.     if ( ulen < 1 || ulen > 255)
    156. 

  156.       /* invalid user name length */
    157. 

  157.       goto err_ret;
    158. 

  158. 

  159.     plen = strlen(pass);
    160. 

  160.     if ( plen < 1 || plen > 255 )
    161. 

  161.       /* invalid password length */
    162. 

  162.       goto err_ret;
    163. 

  163. 

  164.     /* build auth data */
    165. 

  165.     buf[0] = 0x01;
    166. 

  166.     buf[1] = ulen & 0xff;
    167. 

  167.     memcpy(&buf[2], user, ulen);
    168. 

  168.     buf[2+ulen] = plen & 0xff;
    169. 

  169.     memcpy(&buf[2+ulen+1], pass, plen);
    170. 

  170. 

  171.     r = timerd_write(s, buf, 3+ulen+plen, TIMEOUTSEC);
    172. 

  172.     if (r < 3+ulen+plen)
    173. 

  173.       /* cannot write */
    174. 

  174.       goto err_ret;
    175. 

  175. 

  176.     /* get server reply */
    177. 

  177.     r = timerd_read(s, buf, 2, TIMEOUTSEC, 0);
    178. 

  178.     if (r < 2)
    179. 

  179.       /* cannot read */
    180. 

  180.       goto err_ret;
    181. 

  181. 

  182.     if (buf[0] == 0x01 && buf[1] == 0)
    183. 

  183.       /* username/passwd auth succeded */
    184. 

  184.       return(0);
    185. 

  185. 

  186. err_ret:
    187. 

  187.     /* erace uname and passwd storage */
    188. 

  188.     memset(user, 0, sizeof(user));
    189. 

  189.     memset(pass, 0, sizeof(pass));
    190. 

  190. 

  191.     return(-1);
    192. 

  192. }
    193. 

  193. 

  194. int
    195. 

  195. checkpasswd(char *user, char *pass)
    196. 

  196. {
    197. 

  197. #if defined(FREEBSD) || defined(LINUX)
    198. 

  198.     struct passwd *pwd;
    199. 

  199. #elif SOLARIS
    200. 

  200.     struct spwd *spwd, sp;
    201. 

  201.     char   buf[512];
    202. 

  202. #endif
    203. 

  203.     int matched = 0;
    204. 

  204. 

  205.     if (user == NULL)
    206. 

  206.       /* user must be specified */
    207. 

  207.       return(-1);
    208. 

  208. 

  209. 

  210. #if defined(FREEBSD) || defined(LINUX)
    211. 

  211.     setreuid(PROCUID, 0);
    212. 

  212.     pwd = getpwnam(user);
    213. 

  213.     setreuid(0, PROCUID);
    214. 

  214. 

  215.     if (pwd == NULL) 
    216. 

  216.       /* error in getpwnam */
    217. 

  217.       return(-1);
    218. 

  218. 

  219.     if (pwd->pw_passwd == NULL && pass == NULL)
    220. 

  220.       /* null password matched */
    221. 

  221.       return(0);
    222. 

  222. 

  223.     if (*pwd->pw_passwd)
    224. 

  224.       {
    225. 

  225. 	if (strcmp(pwd->pw_passwd, crypt(pass, pwd->pw_passwd)) == 0)
    226. 

  226. 	  matched = 1;
    227. 

  227.       }
    228. 

  228.     memset(pwd->pw_passwd, 0, strlen(pwd->pw_passwd));
    229. 

  229. 

  230. #elif SOLARIS
    231. 

  231.     setreuid(PROCUID, 0);
    232. 

  232.     spwd = getspnam_r(user, &sp, buf, sizeof buf);
    233. 

  233.     setreuid(0, PROCUID);
    234. 

  234. 

  235.     if (spwd == NULL)
    236. 

  236.       /* error in getspnam */
    237. 

  237.       return(-1);
    238. 

  238. 

  239.     if (spwd->sp_pwdp == NULL && pass == NULL)
    240. 

  240.       /* null password matched */
    241. 

  241.       return(0);
    242. 

  242. 

  243.     if (*spwd->sp_pwdp)
    244. 

  244.       {
    245. 

  245. 	if (strcmp(spwd->sp_pwdp, crypt(pass, spwd->sp_pwdp)) == 0) 
    246. 

  246. 	  matched = 1;
    247. 

  247.       }
    248. 

  248.     memset(spwd->sp_pwdp, 0, strlen(spwd->sp_pwdp));
    249. 

  249. #endif
    250. 

  250. 

  251. #if defined(FREEBSD) || defined(SOLARIS)
    252. 

  252.     if (matched)
    253. 

  253.       return(0);
    254. 

  254.     else
    255. 

  255.       return(-1);
    256. 

  256. #endif
    257. 

  257. 

  258.     return(0);
    259. 

  259. }
    260.