1 /* $OpenBSD: pwd_check.c,v 1.16 2017/08/21 21:41:13 deraadt Exp $ */ 2 3 /* 4 * Copyright 2000 Niels Provos <provos@citi.umich.edu> 5 * All rights reserved. 6 * 7 * Redistribution and use in source and binary forms, with or without 8 * modification, are permitted provided that the following conditions 9 * are met: 10 * 1. Redistributions of source code must retain the above copyright 11 * notice, this list of conditions and the following disclaimer. 12 * 2. Redistributions in binary form must reproduce the above copyright 13 * notice, this list of conditions and the following disclaimer in the 14 * documentation and/or other materials provided with the distribution. 15 * 3. All advertising materials mentioning features or use of this software 16 * must display the following acknowledgement: 17 * This product includes software developed by Niels Provos. 18 * 4. The name of the author may not be used to endorse or promote products 19 * derived from this software without specific prior written permission. 20 * 21 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 22 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 23 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 24 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, 25 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 26 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 27 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 28 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 29 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 30 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 31 */ 32 33 #include <sys/types.h> 34 #include <sys/wait.h> 35 36 #include <stdio.h> 37 #include <stdlib.h> 38 #include <string.h> 39 #include <unistd.h> 40 #include <limits.h> 41 #include <errno.h> 42 #include <err.h> 43 #include <regex.h> 44 #include <grp.h> 45 #include <paths.h> 46 #include <login_cap.h> 47 #include <signal.h> 48 49 int pwd_check(login_cap_t *, char *); 50 int pwd_gettries(login_cap_t *); 51 52 struct pattern { 53 char *match; 54 int flags; 55 char *response; 56 }; 57 58 struct pattern patterns[] = { 59 { 60 "^[0-9]*$", 61 REG_EXTENDED|REG_NOSUB, 62 "Please don't use all-digit passwords." 63 }, 64 { 65 "^[a-z]{1,9}$", 66 REG_EXTENDED|REG_NOSUB, 67 "Please don't use an all-lower case password." 68 }, 69 { 70 "^[a-z]{1,6}[0-9]+$", 71 REG_EXTENDED|REG_NOSUB|REG_ICASE, 72 "Please use a more complicated password." 73 }, 74 { 75 "^([a-z][0-9]){1,4}$", 76 REG_EXTENDED|REG_NOSUB|REG_ICASE, 77 "Please use a more complicated password." 78 }, 79 { 80 "^([0-9][a-z]){1,4}$", 81 REG_EXTENDED|REG_NOSUB|REG_ICASE, 82 "Please use a more complicated password." 83 } 84 }; 85 86 int 87 pwd_check(login_cap_t *lc, char *password) 88 { 89 regex_t rgx; 90 int i, res, min_len; 91 char *checker; 92 char *argp[] = { "sh", "-c", NULL, NULL}; 93 int pipefds[2]; 94 pid_t child; 95 uid_t uid; 96 gid_t gid; 97 98 min_len = (int)login_getcapnum(lc, "minpasswordlen", 6, 6); 99 if (min_len > 0 && strlen(password) < min_len) { 100 printf("Please enter a longer password.\n"); 101 return (0); 102 } 103 104 /* External password check program */ 105 checker = login_getcapstr(lc, "passwordcheck", NULL, NULL); 106 107 /* Pipes are only used for external checker */ 108 if (checker != NULL && pipe(pipefds) == -1) { 109 warn("pipe"); 110 goto out; 111 } 112 113 /* Check password in low-privileged child */ 114 switch (child = fork()) { 115 case -1: 116 warn("fork"); 117 goto out; 118 case 0: 119 (void)signal(SIGINT, SIG_DFL); 120 (void)signal(SIGQUIT, SIG_DFL); 121 uid = getuid(); 122 gid = getgid(); 123 if (setresgid(gid, gid, gid) == -1) { 124 warn("setresgid"); 125 exit(1); 126 } 127 if (setgroups(1, &gid) == -1) { 128 warn("setgroups"); 129 exit(1); 130 } 131 if (setresuid(uid, uid, uid) == -1) { 132 warn("setresuid"); 133 exit(1); 134 } 135 136 if (checker == NULL) { 137 if (pledge("stdio", NULL) == -1) 138 err(1, "pledge"); 139 140 for (i = 0; i < sizeof(patterns) / sizeof(*patterns); i++) { 141 int ret; 142 143 if (regcomp(&rgx, patterns[i].match, 144 patterns[i].flags) != 0) 145 continue; 146 ret = regexec(&rgx, password, 0, NULL, 0); 147 regfree(&rgx); 148 if (ret == 0) { 149 printf("%s\n", patterns[i].response); 150 exit(1); 151 } 152 } 153 /* no external checker in use, accept the password */ 154 exit(0); 155 } 156 157 if (pledge("stdio exec", NULL) == -1) 158 err(1, "pledge"); 159 160 /* Otherwise, pass control to checker program */ 161 argp[2] = checker; 162 if (dup2(pipefds[0], STDIN_FILENO) == -1) { 163 warn("dup2"); 164 exit(1); 165 } 166 close(pipefds[0]); 167 close(pipefds[1]); 168 169 if (execv(_PATH_BSHELL, argp) == -1) { 170 warn("exec"); 171 exit(1); 172 } 173 /* NOTREACHED */ 174 default: 175 break; /* parent continues below */ 176 } 177 178 if (checker != NULL) { 179 /* Send the password to STDIN of child */ 180 close(pipefds[0]); 181 write(pipefds[1], password, strlen(password) + 1); 182 close(pipefds[1]); 183 } 184 185 /* get the return value from the child */ 186 while (waitpid(child, &res, 0) == -1) { 187 if (errno != EINTR) 188 break; 189 } 190 if (WIFEXITED(res) && WEXITSTATUS(res) == 0) { 191 free(checker); 192 return (1); 193 } 194 195 out: 196 free(checker); 197 printf("Please use a different password. Unusual capitalization,\n"); 198 printf("control characters, or digits are suggested.\n"); 199 200 return (0); 201 } 202 203 int 204 pwd_gettries(login_cap_t *lc) 205 { 206 quad_t ntries; 207 208 if ((ntries = login_getcapnum(lc, "passwordtries", -1, -1)) != -1) { 209 if (ntries >= 0 && ntries <= INT_MAX) 210 return((int)ntries); 211 fprintf(stderr, 212 "Warning: pwdtries out of range in /etc/login.conf"); 213 } 214 215 /* 216 * If no amount of tries is specified, return a default of 3, 217 * meaning that after 3 attempts where the user is foiled by the 218 * password checks, it will no longer be checked and they can set 219 * it to whatever they like. This is the historic BSD behavior. 220 */ 221 return (3); 222 } 223