1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
|
/* Verify user passwords
Copyright (C) 1996, 1997 Free Software Foundation, Inc.
Written by Miles Bader <miles@gnu.ai.mit.edu>
This program is free software; you can redistribute it and/or
modify it under the terms of the GNU General Public License as
published by the Free Software Foundation; either version 2, or (at
your option) any later version.
This program is distributed in the hope that it will be useful, but
WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. */
#include <stdlib.h>
#include <unistd.h>
#include <stdio.h>
#include <string.h>
#include <idvec.h>
#include <grp.h>
#include <pwd.h>
extern char *crypt (const char *string, const char salt[2]);
#pragma weak crypt
static error_t verify_id (); /* FWD */
/* Make sure the user has the right to the ids in UIDS and GIDS, given that
we know he already has HAVE_UIDS and HAVE_GIDS, asking for passwords (with
GETPASS, which defaults to the standard libc function getpass) where
necessary; any of the arguments may be 0, which is treated the same as if
they were empty. 0 is returned if access should be allowed, otherwise
EINVAL if an incorrect password was entered, or an error relating to
resource failure. Any uid/gid < 0 will be guaranteed to fail regardless
of what the user types. */
error_t
idvec_verify (const struct idvec *uids, const struct idvec *gids,
const struct idvec *have_uids, const struct idvec *have_gids,
char *(*getpass_fn)(const char *prompt))
{
if (have_uids && idvec_contains (have_uids, 0))
/* Root can do anything. */
return 0;
else
{
int i;
int multiple = 0; /* Asking for multiple ids? */
error_t err = 0; /* Our return status. */
struct idvec implied_gids = IDVEC_INIT; /* Gids implied by uids. */
/* If we already are in group 0 (`wheel'), this user's password can be
used to get root privileges instead of root's. */
int wheel_uid =
((have_uids && have_gids
&& (idvec_contains (have_gids, 0) && have_uids->num > 0))
? have_uids->ids[0]
: 0);
/* See if there are multiple ids in contention, in which case we should
name each user/group as we ask for its password. */
if (uids && gids)
{
int num_non_implied_gids = 0;
/* Calculate which groups we need not ask about because they are
implied by the uids which we (will) have verified. Note that we
ignore any errors; at most, it means we will ask for too many
passwords. */
idvec_merge_implied_gids (&implied_gids, uids);
for (i = 0; i < gids->num; i++)
if (! idvec_contains (&implied_gids, gids->ids[i]))
num_non_implied_gids++;
multiple = (uids->num + num_non_implied_gids) > 1;
}
else if (uids)
multiple = uids->num > 1;
else if (gids)
multiple = gids->num > 1;
if (uids && idvec_contains (uids, 0))
/* root is being asked for, which, once granted will provide access for
all the others. */
err = verify_id (0, 0, multiple, wheel_uid, getpass_fn);
else
{
if (uids)
/* Check uids */
for (i = 0; i < uids->num && !err; i++)
{
uid_t uid = uids->ids[i];
if (!have_uids || !idvec_contains (have_uids, uid))
err = verify_id (uid, 0, multiple, wheel_uid, getpass_fn);
}
if (gids)
/* Check gids */
for (i = 0; i < gids->num && !err; i++)
{
gid_t gid = gids->ids[i];
if ((!have_gids || !idvec_contains (have_gids, gid))
&& !idvec_contains (&implied_gids, gid))
err = verify_id (gid, 1, multiple, wheel_uid, getpass_fn);
}
}
idvec_fini (&implied_gids);
return err;
}
}
/* Verify that the user should be allowed to assume the indentity of the
user/group ID (depending on whether IS_GROUP is false/true). If MULTIPLE
is true, then this is one of multiple ids being verified, so */
static error_t
verify_id (uid_t id, int is_group, int multiple, int wheel_uid,
char *(*getpass_fn)(const char *prompt))
{
int err;
char *name = 0, *password = 0;
char *prompt = 0, *unencrypted, *encrypted;
char id_lookup_buf[1024];
if (id >= 0)
do
{
if (is_group)
{
struct group _gr, *gr;
if (getgrgid_r (id, &_gr, id_lookup_buf, sizeof id_lookup_buf, &gr)
== 0)
{
password = gr->gr_passwd;
name = gr->gr_name;
}
}
else
{
struct passwd _pw, *pw;
if (getpwuid_r (id, &_pw, id_lookup_buf, sizeof id_lookup_buf, &pw)
== 0)
{
password = pw->pw_passwd;
name = pw->pw_name;
}
}
if (! name)
/* [ug]id lookup failed! */
if (id != 0 || is_group)
/* If ID != 0, then it's probably just an unknown id, so ask for
the root password instead -- root should be able to do
anything. */
{
id = 0; /* Root */
is_group = 0; /* uid */
multiple = 1; /* Explicitly ask for root's password. */
}
else
/* If ID == 0 && !IS_GROUP, then this means that the system is
really fucked up (there's no root password entry), so instead
just don't ask for a password at all (if an intruder has
succeeded in preventing the lookup somehow, he probably could
have just provided his own result anyway). */
name = "uh-oh";
}
while (! name);
if (!password || !*password)
/* No password! */
return 0;
if (! getpass_fn)
getpass_fn = getpass;
if (multiple)
if (name)
asprintf (&prompt, "Password for %s%s:",
is_group ? "group " : "", name);
else
asprintf (&prompt, "Password for %s %d:",
is_group ? "group" : "user", id);
if (prompt)
{
unencrypted = (*getpass_fn) (prompt);
free (prompt);
}
else
unencrypted = (*getpass_fn) ("Password:");
if (crypt)
{
encrypted = crypt (unencrypted, password);
if (! encrypted)
/* Something went wrong. */
return errno;
}
else
encrypted = unencrypted;
err = EINVAL; /* Assume an invalid password. */
if (encrypted && strcmp (encrypted, password) == 0)
err = 0; /* Password correct! */
else if (id == 0 && !is_group && wheel_uid)
/* Special hack: a user attempting to gain root access can use
their own password (instead of root's) if they're in group 0. */
{
struct passwd *pw = getpwuid (wheel_uid);
encrypted = crypt (unencrypted, pw->pw_passwd);
if (pw && encrypted && strcmp (encrypted, pw->pw_passwd) == 0)
err = 0; /* *this* password is correct! */
}
/* Paranoia may destroya. */
memset (unencrypted, 0, strlen (unencrypted));
return err;
}
|