uams_randnum.c File Reference

#include <arpa/inet.h>
#include <ctype.h>
#include <errno.h>
#include <fcntl.h>
#include <pwd.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <sys/param.h>
#include <unistd.h>
#include <crack.h>
#include <gcrypt.h>
#include <atalk/logger.h>
#include <atalk/afp.h>
#include <atalk/uam.h>
#include <atalk/constant_time.h>

Macros
#define	DES_KEY_SZ   8
#define	PASSWDLEN   8
#define	randhash(a)
#define	PASSWD_ILLEGAL   '*'
#define	HEXPASSWDLEN   (DES_KEY_SZ * 2)

Functions
static int	unhex (unsigned char x)
static int	randnum_cipher_check (const char *op, gcry_error_t err)
static int	afppasswd_open_keyfile (const char *path, const int pathlen)
static int	afppasswd_read_keyfile (int keyfd, uint8_t key[DES_KEY_SZ])
static void	randnum_warn_passwdfile_key (void *obj)
static int	afppasswd (const struct passwd *pwd, const char *path, const int pathlen, unsigned char *passwd, int len, const int set)
	handle /path/afppasswd with a required key file. we're a lot more trusting of this file.
static int	randpass (const struct passwd *pwd, const char *file, unsigned char *passwd, const int len, const int set)
	this sets the uid.
static int	rand_login (void *obj, char *username, int ulen, struct passwd **uam_pwd, char *ibuf, size_t ibuflen, char *rbuf, size_t *rbuflen)
static int	randnum_logincont (void *obj, struct passwd **uam_pwd, char *ibuf, size_t ibuflen, char *rbuf, size_t *rbuflen)
	check encrypted reply.
static int	rand2num_logincont (void *obj, struct passwd **uam_pwd, char *ibuf, size_t ibuflen, char *rbuf, size_t *rbuflen)
static int	randnum_changepw (void *obj, const char *username, struct passwd *pwd, char *ibuf, size_t ibuflen, char *rbuf, size_t *rbuflen)
	change password
static int	randnum_login (void *obj, struct passwd **uam_pwd, char *ibuf, size_t ibuflen, char *rbuf, size_t *rbuflen)
static int	randnum_login_ext (void *obj, char *uname, struct passwd **uam_pwd, char *ibuf, size_t ibuflen, char *rbuf, size_t *rbuflen)
static int	uam_setup (void *obj, const char *path)
static void	uam_cleanup (void)

Variables
static unsigned char	seskey [8]
static struct passwd *	randpwd
static uint8_t	randbuf [8]
UAM_MODULE_EXPORT struct uam_export	uams_randnum

Macro Definition Documentation

DES_KEY_SZ

#define DES_KEY_SZ   8

HEXPASSWDLEN

#define HEXPASSWDLEN   (DES_KEY_SZ * 2)

PASSWD_ILLEGAL

#define PASSWD_ILLEGAL   '*'

PASSWDLEN

#define PASSWDLEN   8

randhash

#define randhash

(

a

)

Value:

              (((((unsigned long) a) >> 8) ^ \
              ((unsigned long)a)) & 0xffff)

hash to a 16-bit number. this will generate completely harmless warnings on 64-bit machines.

Function Documentation

afppasswd()

static int afppasswd ( const struct passwd *  pwd, const char *  path, const int  pathlen, unsigned char *  passwd, int  len, const int  set  )

static

handle /path/afppasswd with a required key file. we're a lot more trusting of this file.

Note

we use our own password entry writing bits as we want to avoid tromping over global variables. in addition, we require a key file and fail if it is not available.

here are the formats:

password file

username:password:last login date:failedcount

password is just the hex equivalent of the DES encrypted password.

key file

key (in hex)

afppasswd_open_keyfile()

static int afppasswd_open_keyfile ( const char *  path, const int  pathlen  )

static

afppasswd_read_keyfile()

static int afppasswd_read_keyfile ( int  keyfd, uint8_t  key[DES_KEY_SZ]  )

static

rand2num_logincont()

static int rand2num_logincont ( void *  obj, struct passwd **  uam_pwd, char *  ibuf, size_t  ibuflen, char *  rbuf, size_t *  rbuflen  )

static

differences from randnum:

1. each byte of the key is shifted left one bit
2. client sends the server a 64-bit number. the server encrypts it and sends it back as part of the reply.

rand_login()

static int rand_login ( void *  obj, char *  username, int  ulen, struct passwd **  uam_pwd, char *  ibuf, size_t  ibuflen, char *  rbuf, size_t *  rbuflen  )

static

randnum sends an 8-byte number and uses the user's password to check against the encrypted reply.

randnum_changepw()

static int randnum_changepw ( void *  obj, const char *  username, struct passwd *  pwd, char *  ibuf, size_t  ibuflen, char *  rbuf, size_t *  rbuflen  )

static

change password

Note

an FPLogin must already have completed successfully for this to work.

randnum_cipher_check()

static int randnum_cipher_check ( const char *  op, gcry_error_t  err  )

static

randnum_login()

static int randnum_login ( void *  obj, struct passwd **  uam_pwd, char *  ibuf, size_t  ibuflen, char *  rbuf, size_t *  rbuflen  )

static

randnum login

randnum_login_ext()

static int randnum_login_ext ( void *  obj, char *  uname, struct passwd **  uam_pwd, char *  ibuf, size_t  ibuflen, char *  rbuf, size_t *  rbuflen  )

static

randnum login ext

randnum_logincont()

static int randnum_logincont ( void *  obj, struct passwd **  uam_pwd, char *  ibuf, size_t  ibuflen, char *  rbuf, size_t *  rbuflen  )

static

check encrypted reply.

Note

we actually setup the encryption stuff here as the first part of randnum and rand2num are identical.

randnum_warn_passwdfile_key()

static void randnum_warn_passwdfile_key ( void *  obj )

static

randpass()

static int randpass ( const struct passwd *  pwd, const char *  file, unsigned char *  passwd, const int  len, const int  set  )

static

this sets the uid.

Note

the afppasswd file must be read and updated as root.

uam_cleanup()

static void uam_cleanup ( void  )

static

uam_setup()

static int uam_setup ( void *  obj, const char *  path  )

static

unhex()

static int unhex ( unsigned char  x )

static

Variable Documentation

randbuf

uint8_t randbuf[8]

static

randpwd

struct passwd* randpwd

static

seskey

unsigned char seskey[8]

static

uams_randnum

UAM_MODULE_EXPORT struct uam_export uams_randnum

Initial value:

= {
    UAM_MODULE_SERVER,
    UAM_MODULE_VERSION,
    uam_setup, uam_cleanup
}