uams_randnum.c File Reference

#include <arpa/inet.h>
#include <ctype.h>
#include <errno.h>
#include <fcntl.h>
#include <pwd.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <sys/param.h>
#include <sys/stat.h>
#include <unistd.h>
#include <crack.h>
#include <gcrypt.h>
#include <atalk/logger.h>
#include <atalk/afp.h>
#include <atalk/uam.h>

Macros
#define	DES_KEY_SZ   8
#define	PASSWDLEN   8
#define	randhash(a)
#define	PASSWD_ILLEGAL   '*'
#define	unhex(x)

Functions
static int	home_passwd (const struct passwd *pwd, const char *path, const int pathlen, unsigned char *passwd, const int len, const int set)
static int	afppasswd (const struct passwd *pwd, const char *path, const int pathlen, unsigned char *passwd, int len, const int set)
	handle /path/afppasswd with an optional key file. we're a lot more trusting of this file.
static int	randpass (const struct passwd *pwd, const char *file, unsigned char *passwd, const int len, const int set)
	this sets the uid.
static int	rand_login (void *obj, char *username, int ulen, struct passwd **uam_pwd, char *ibuf, size_t ibuflen, char *rbuf, size_t *rbuflen)
static int	randnum_logincont (void *obj, struct passwd **uam_pwd, char *ibuf, size_t ibuflen, char *rbuf, size_t *rbuflen)
	check encrypted reply.
static int	rand2num_logincont (void *obj, struct passwd **uam_pwd, char *ibuf, size_t ibuflen, char *rbuf, size_t *rbuflen)
static int	randnum_changepw (void *obj, const char *username, struct passwd *pwd, char *ibuf, size_t ibuflen, char *rbuf, size_t *rbuflen)
	change password
static int	randnum_login (void *obj, struct passwd **uam_pwd, char *ibuf, size_t ibuflen, char *rbuf, size_t *rbuflen)
static int	randnum_login_ext (void *obj, char *uname, struct passwd **uam_pwd, char *ibuf, size_t ibuflen, char *rbuf, size_t *rbuflen)
static int	uam_setup (void *obj, const char *path)
static void	uam_cleanup (void)

Variables
static unsigned char	seskey [8]
static struct passwd *	randpwd
static uint8_t	randbuf [8]
UAM_MODULE_EXPORT struct uam_export	uams_randnum

Macro Definition Documentation

DES_KEY_SZ

#define DES_KEY_SZ   8

PASSWD_ILLEGAL

#define PASSWD_ILLEGAL   '*'

PASSWDLEN

#define PASSWDLEN   8

randhash

#define randhash

(

a

)

Value:

              (((((unsigned long) a) >> 8) ^ \
              ((unsigned long)a)) & 0xffff)

hash to a 16-bit number. this will generate completely harmless warnings on 64-bit machines.

unhex

#define unhex

(

x

)

Value:

(isdigit(x) ? (x) - '0' : toupper(x) + 10 - 'A')

Function Documentation

afppasswd()

int afppasswd ( const struct passwd * pwd, const char * path, const int pathlen, unsigned char * passwd, int len, const int set )

static

handle /path/afppasswd with an optional key file. we're a lot more trusting of this file.

Note

we use our own password entry writing bits as we want to avoid tromping over global variables. in addition, we look for a key file and use that if it's there.

here are the formats:

password file

username:password:last login date:failedcount

password is just the hex equivalent of either the ASCII password (if the key file doesn't exist) or the des encrypted password.

key file

key (in hex)

home_passwd()

int home_passwd ( const struct passwd * pwd, const char * path, const int pathlen, unsigned char * passwd, const int len, const int set )

static

handle ~/.passwd. courtesy of shirs.nosp@m.ch@i.nosp@m.bm.ne.nosp@m.t.

rand2num_logincont()

int rand2num_logincont ( void * obj, struct passwd ** uam_pwd, char * ibuf, size_t ibuflen, char * rbuf, size_t * rbuflen )

static

differences from randnum:

1. each byte of the key is shifted left one bit
2. client sends the server a 64-bit number. the server encrypts it and sends it back as part of the reply.

rand_login()

int rand_login ( void * obj, char * username, int ulen, struct passwd ** uam_pwd, char * ibuf, size_t ibuflen, char * rbuf, size_t * rbuflen )

static

randnum sends an 8-byte number and uses the user's password to check against the encrypted reply.

randnum_changepw()

int randnum_changepw ( void * obj, const char * username, struct passwd * pwd, char * ibuf, size_t ibuflen, char * rbuf, size_t * rbuflen )

static

change password

Note

an FPLogin must already have completed successfully for this to work.

randnum_login()

int randnum_login ( void * obj, struct passwd ** uam_pwd, char * ibuf, size_t ibuflen, char * rbuf, size_t * rbuflen )

static

randnum login

randnum_login_ext()

int randnum_login_ext ( void * obj, char * uname, struct passwd ** uam_pwd, char * ibuf, size_t ibuflen, char * rbuf, size_t * rbuflen )

static

randnum login ext

randnum_logincont()

int randnum_logincont ( void * obj, struct passwd ** uam_pwd, char * ibuf, size_t ibuflen, char * rbuf, size_t * rbuflen )

static

check encrypted reply.

Note

we actually setup the encryption stuff here as the first part of randnum and rand2num are identical.

randpass()

int randpass ( const struct passwd * pwd, const char * file, unsigned char * passwd, const int len, const int set )

static

this sets the uid.

Note

it needs to do slightly different things depending upon whether or not the password is in ~/.passwd or in a global location

uam_cleanup()

void uam_cleanup ( void )

static

uam_setup()

int uam_setup ( void * obj, const char * path )

static

Variable Documentation

randbuf

uint8_t randbuf[8]

static

randpwd

struct passwd* randpwd

static

seskey

unsigned char seskey[8]

static

uams_randnum

UAM_MODULE_EXPORT struct uam_export uams_randnum

Initial value:

= {
    UAM_MODULE_SERVER,
    UAM_MODULE_VERSION,
    uam_setup, uam_cleanup
}