xref: /openbsd/libexec/login_skey/login_skey.c (revision adbf56d7) 
1 /*	$OpenBSD: login_skey.c,v 1.14 2004/08/08 19:32:45 deraadt Exp $	*/
2 
3 /*
4  * Copyright (c) 2000, 2001, 2004 Todd C. Miller <Todd.Miller@courtesan.com>
5  *
6  * Permission to use, copy, modify, and distribute this software for any
7  * purpose with or without fee is hereby granted, provided that the above
8  * copyright notice and this permission notice appear in all copies.
9  *
10  * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
11  * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
12  * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
13  * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
14  * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
15  * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
16  * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
17  */
18 
19 #include <sys/param.h>
20 #include <sys/socket.h>
21 #include <sys/stat.h>
22 #include <sys/time.h>
23 #include <sys/resource.h>
24 
25 #include <ctype.h>
26 #include <errno.h>
27 #include <fcntl.h>
28 #include <paths.h>
29 #include <pwd.h>
30 #include <readpassphrase.h>
31 #include <signal.h>
32 #include <stdio.h>
33 #include <stdlib.h>
34 #include <string.h>
35 #include <syslog.h>
36 #include <unistd.h>
37 
38 #include <login_cap.h>
39 #include <bsd_auth.h>
40 #include <skey.h>
41 
42 #define	MODE_LOGIN	0
43 #define	MODE_CHALLENGE	1
44 #define	MODE_RESPONSE	2
45 
46 void quit(int);
47 void send_fd(int);
48 void suspend(int);
49 
50 volatile sig_atomic_t resumed;
51 struct skey skey;
52 
53 int
54 main(int argc, char *argv[])
55 {
56 	FILE *back = NULL;
57 	char *user = NULL, *cp, *ep;
58 	char challenge[SKEY_MAX_CHALLENGE+17], response[SKEY_MAX_PW_LEN+1];
59 	const char *errstr;
60 	int ch, fd = -1, haskey = 0, mode = MODE_LOGIN;
61 
62 	(void)signal(SIGINT, quit);
63 	(void)signal(SIGQUIT, quit);
64 	(void)signal(SIGALRM, quit);
65 	(void)signal(SIGTSTP, suspend);
66 	(void)setpriority(PRIO_PROCESS, 0, 0);
67 
68 	openlog(NULL, LOG_ODELAY, LOG_AUTH);
69 
70 	while ((ch = getopt(argc, argv, "ds:v:")) != -1) {
71 		switch (ch) {
72 		case 'd':
73 			back = stdout;
74 			break;
75 		case 's':	/* service */
76 			if (strcmp(optarg, "login") == 0)
77 				mode = MODE_LOGIN;
78 			else if (strcmp(optarg, "challenge") == 0)
79 				mode = MODE_CHALLENGE;
80 			else if (strcmp(optarg, "response") == 0)
81 				mode = MODE_RESPONSE;
82 			else {
83 				syslog(LOG_ERR, "%s: invalid service", optarg);
84 				exit(1);
85 			}
86 			break;
87 		case 'v':
88 			if (strncmp(optarg, "fd=", 3) == 0) {
89 				fd = strtonum(optarg + 3, 0, INT_MAX, &errstr);
90 				if (errstr != NULL) {
91 					syslog(LOG_ERR, "fd is %s: %s",
92 					    errstr, optarg + 3);
93 					fd = -1;
94 				}
95 			}
96 			/* silently ignore unsupported variables */
97 			break;
98 		default:
99 			syslog(LOG_ERR, "usage error");
100 			exit(1);
101 		}
102 	}
103 	argc -= optind;
104 	argv += optind;
105 
106 	switch (argc) {
107 	case 2:	/* silently ignore class */
108 	case 1:
109 		user = *argv;
110 		break;
111 	default:
112 		syslog(LOG_ERR, "usage error");
113 		exit(1);
114 	}
115 
116 	if (back == NULL && (back = fdopen(3, "r+")) == NULL)  {
117 		syslog(LOG_ERR, "reopening back channel: %m");
118 		exit(1);
119 	}
120 
121 	/*
122 	 * Note: our skeychallenge2() will always fill in the challenge,
123 	 *       even if it has to create a fake one.
124 	 */
125 	switch (mode) {
126 	case MODE_LOGIN:
127 		haskey = (skeychallenge2(fd, &skey, user, challenge) == 0);
128 		strlcat(challenge, "\nS/Key Password: ", sizeof(challenge));
129 
130 		/* time out getting passphrase after 2 minutes to avoid a DoS */
131 		if (haskey)
132 			alarm(120);
133 		resumed = 0;
134 		if (!readpassphrase(challenge, response, sizeof(response), 0))
135 			exit(1);
136 		if (response[0] == '\0')
137 			readpassphrase("S/Key Password [echo on]: ",
138 			    response, sizeof(response), RPP_ECHO_ON);
139 		alarm(0);
140 		if (resumed) {
141 			/*
142 			 * We were suspended by the user.  Our lock is
143 			 * no longer valid so we must regain it so
144 			 * an attacker cannot do a partial guess of
145 			 * an S/Key response already in progress.
146 			 */
147 			haskey = (skeylookup(&skey, user) == 0);
148 		}
149 		break;
150 
151 	case MODE_CHALLENGE:
152 		haskey = (skeychallenge2(fd, &skey, user, challenge) == 0);
153 		strlcat(challenge, "\nS/Key Password: ", sizeof(challenge));
154 		fprintf(back, BI_VALUE " challenge %s\n",
155 		    auth_mkvalue(challenge));
156 		fprintf(back, BI_CHALLENGE "\n");
157 		fprintf(back, BI_FDPASS "\n");
158 		fflush(back);
159 		send_fd(fileno(back));
160 		exit(0);
161 
162 	case MODE_RESPONSE:
163 		/* read challenge */
164 		mode = -1;
165 		cp = challenge;
166 		ep = challenge + sizeof(challenge);
167 		while (cp < ep && read(fileno(back), cp, 1) == 1) {
168 			if (*cp++ == '\0') {
169 				mode = MODE_CHALLENGE;
170 				break;
171 			}
172 		}
173 		if (mode != MODE_CHALLENGE) {
174 			syslog(LOG_ERR,
175 			    "protocol error: bad/missing challenge");
176 			exit(1);
177 		}
178 
179 		/* read response */
180 		cp = response;
181 		ep = response + sizeof(response);
182 		while (cp < ep && read(fileno(back), cp, 1) == 1) {
183 			if (*cp++ == '\0') {
184 				mode = MODE_RESPONSE;
185 				break;
186 			}
187 		}
188 		if (mode != MODE_RESPONSE) {
189 			syslog(LOG_ERR,
190 			    "protocol error: bad/missing response");
191 			exit(1);
192 		}
193 
194 		/*
195 		 * Since the entry is locked we do not need to compare
196 		 * the passed in challenge to the S/Key database but
197 		 * maybe we should anyway?
198 		 */
199 		haskey = (skeychallenge2(fd, &skey, user, challenge) == 0);
200 		break;
201 	}
202 
203 	/*
204 	 * Ignore keyboard interupt/suspend during database update.
205 	 */
206 	signal(SIGINT, SIG_IGN);
207 	signal(SIGQUIT, SIG_IGN);
208 	signal(SIGTSTP, SIG_IGN);
209 
210 	if (haskey && skeyverify(&skey, response) == 0) {
211 		if (mode == MODE_LOGIN) {
212 			if (skey.n <= 1)
213 				printf("Warning! You MUST change your "
214 				    "S/Key password now!\n");
215 			else if (skey.n < 5)
216 				printf("Warning! Change S/Key password soon\n");
217 		}
218 		fprintf(back, BI_AUTH "\n");
219 		fprintf(back, BI_SECURE "\n");
220 		exit(0);
221 	}
222 	fprintf(back, BI_REJECT "\n");
223 	exit(1);
224 }
225 
226 void
227 quit(int signo)
228 {
229 
230 	_exit(1);
231 }
232 
233 void
234 suspend(int signo)
235 {
236 	sigset_t nset;
237 	int save_errno = errno;
238 
239 	/*
240 	 * Unlock the skey record so we don't sleep holding the lock.
241 	 * Unblock SIGTSTP, set it to the default action and then
242 	 * resend it so we are suspended properly.
243 	 * When we resume, reblock SIGTSTP, reset the signal handler,
244 	 * set a flag and restore errno.
245 	 */
246 	alarm(0);
247 	skey_unlock(&skey);
248 	(void)signal(signo, SIG_DFL);
249 	(void)sigemptyset(&nset);
250 	(void)sigaddset(&nset, signo);
251 	(void)sigprocmask(SIG_UNBLOCK, &nset, NULL);
252 	(void)kill(getpid(), signo);
253 	(void)sigprocmask(SIG_BLOCK, &nset, NULL);
254 	(void)signal(signo, suspend);
255 	resumed = 1;
256 	errno = save_errno;
257 }
258 
259 void
260 send_fd(int fd)
261 {
262 	struct msghdr msg;
263 	struct cmsghdr *cmp;
264 	char cmsgbuf[CMSG_LEN(sizeof(int))];
265 
266 	memset(&msg, 0, sizeof(msg));
267 	msg.msg_control = cmsgbuf;
268 	msg.msg_controllen = sizeof(cmsgbuf);
269 
270 	cmp = (struct cmsghdr *)cmsgbuf;
271 	cmp->cmsg_len = sizeof(cmsgbuf);
272 	cmp->cmsg_level = SOL_SOCKET;
273 	cmp->cmsg_type = SCM_RIGHTS;
274 
275 	*(int *)CMSG_DATA(cmsgbuf) = fileno(skey.keyfile);
276 
277 	if (sendmsg(fd, &msg, 0) < 0)
278 		syslog(LOG_ERR, "sendmsg: %m");
279 }
280