uams_randnum.c File Reference

#include <arpa/inet.h>
#include <ctype.h>
#include <errno.h>
#include <fcntl.h>
#include <pwd.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <sys/param.h>
#include <unistd.h>
#include <crack.h>
#include <gcrypt.h>
#include <atalk/logger.h>
#include <atalk/afp.h>
#include <atalk/uam.h>
#include <atalk/constant_time.h>

Macros
#define	DES_KEY_SZ   8
#define	PASSWDLEN   8
#define	randhash(a)
#define	PASSWD_ILLEGAL   '*'
#define	HEXPASSWDLEN   (DES_KEY_SZ * 2)

Functions
static int	unhex (unsigned char x)
static int	randnum_cipher_check (const char *opop, gcry_error_t err)
static int	afppasswd_open_keyfile (const char *path, const int pathlen)
static int	afppasswd_read_keyfile (int keyfd, uint8_t key[DES_KEY_SZ])
static void	randnum_warn_passwdfile_key (void *obj)
static int	afppasswd (const struct passwd *pwd, const char *path, const int pathlen, unsigned char *passwd, int len, const int set)
	handle /path/afppasswd with a required key file. we're a lot more trusting of this file.
static int	randpass (const struct passwd *pwd, const char *file, unsigned char *passwd, const int len, const int set)
	this sets the uid.
static int	rand_login (void *obj, char *username, int ulen, struct passwd **uam_pwd, char *ibuf, size_t ibuflen, char *rbuf, size_t *rbuflen)
static int	randnum_logincont (void *obj, struct passwd **uam_pwd, char *ibuf, size_t ibuflen, char *rbuf, size_t *rbuflen)
	check encrypted reply.
static int	rand2num_logincont (void *obj, struct passwd **uam_pwd, char *ibuf, size_t ibuflen, char *rbuf, size_t *rbuflen)
static int	randnum_changepw (void *obj, const char *username, struct passwd *pwd, char *ibuf, size_t ibuflen, char *rbuf, size_t *rbuflen)
	change password
static int	randnum_login (void *obj, struct passwd **uam_pwd, char *ibuf, size_t ibuflen, char *rbuf, size_t *rbuflen)
static int	randnum_login_ext (void *obj, char *uname, struct passwd **uam_pwd, char *ibuf, size_t ibuflen, char *rbuf, size_t *rbuflen)
static int	uam_setup (void *obj, const char *path)
static void	uam_cleanup (void)

Variables
static unsigned char	seskey [8]
static struct passwd *	randpwd
static uint8_t	randbuf [8]
UAM_MODULE_EXPORT struct uam_export	uams_randnum

Macro Definition Documentation

DES_KEY_SZ

#define DES_KEY_SZ   8

HEXPASSWDLEN

#define HEXPASSWDLEN   (DES_KEY_SZ * 2)

PASSWD_ILLEGAL

#define PASSWD_ILLEGAL   '*'

PASSWDLEN

#define PASSWDLEN   8

randhash

#define randhash

(

a

)

Value:

(((((unsigned long) a) >> 8) ^ \
((unsigned long)a)) & 0xffff)

hash to a 16-bit number. this will generate completely harmless warnings on 64-bit machines.

Function Documentation

afppasswd()

int afppasswd ( const struct passwd * pwd, const char * path, const int pathlen, unsigned char * passwd, int len, const int set )

static

handle /path/afppasswd with a required key file. we're a lot more trusting of this file.

Note

we use our own password entry writing bits as we want to avoid tromping over global variables. in addition, we require a key file and fail if it is not available.

here are the formats:

password file

username:password:last login date:failedcount

password is just the hex equivalent of the DES encrypted password.

key file

key (in hex)

afppasswd_open_keyfile()

int afppasswd_open_keyfile ( const char * path, const int pathlen )

static

afppasswd_read_keyfile()

int afppasswd_read_keyfile ( int keyfd, uint8_t key[DES_KEY_SZ] )

static

rand2num_logincont()

int rand2num_logincont ( void * obj, struct passwd ** uam_pwd, char * ibuf, size_t ibuflen, char * rbuf, size_t * rbuflen )

static

differences from randnum:

1. each byte of the key is shifted left one bit
2. client sends the server a 64-bit number. the server encrypts it and sends it back as part of the reply.

rand_login()

int rand_login ( void * obj, char * username, int ulen, struct passwd ** uam_pwd, char * ibuf, size_t ibuflen, char * rbuf, size_t * rbuflen )

static

randnum sends an 8-byte number and uses the user's password to check against the encrypted reply.

randnum_changepw()

int randnum_changepw ( void * obj, const char * username, struct passwd * pwd, char * ibuf, size_t ibuflen, char * rbuf, size_t * rbuflen )

static

change password

Note

an FPLogin must already have completed successfully for this to work.

randnum_cipher_check()

int randnum_cipher_check ( const char * op, gcry_error_t err )

static

randnum_login()

int randnum_login ( void * obj, struct passwd ** uam_pwd, char * ibuf, size_t ibuflen, char * rbuf, size_t * rbuflen )

static

randnum login

randnum_login_ext()

int randnum_login_ext ( void * obj, char * uname, struct passwd ** uam_pwd, char * ibuf, size_t ibuflen, char * rbuf, size_t * rbuflen )

static

randnum login ext

randnum_logincont()

int randnum_logincont ( void * obj, struct passwd ** uam_pwd, char * ibuf, size_t ibuflen, char * rbuf, size_t * rbuflen )

static

check encrypted reply.

Note

we actually setup the encryption stuff here as the first part of randnum and rand2num are identical.

randnum_warn_passwdfile_key()

void randnum_warn_passwdfile_key ( void * obj )

static

randpass()

int randpass ( const struct passwd * pwd, const char * file, unsigned char * passwd, const int len, const int set )

static

this sets the uid.

Note

the afppasswd file must be read and updated as root.

uam_cleanup()

void uam_cleanup ( void )

static

uam_setup()

int uam_setup ( void * obj, const char * path )

static

unhex()

int unhex ( unsigned char x )

static

Variable Documentation

randbuf

uint8_t randbuf[8]

static

randpwd

struct passwd* randpwd

static

seskey

unsigned char seskey[8]

static

uams_randnum

UAM_MODULE_EXPORT struct uam_export uams_randnum

Initial value:

                                  = {
    UAM_MODULE_SERVER,
    UAM_MODULE_VERSION,
    uam_setup, uam_cleanup
}