1 | /* $Id$ */ |
---|
2 | |
---|
3 | /* Read a password, encrypt it and compare to the encrypted |
---|
4 | * password in the TELNETD_PASSWD environment variable. |
---|
5 | * No password is required if TELNETD_PASSWD is unset |
---|
6 | */ |
---|
7 | |
---|
8 | /* |
---|
9 | * Authorship |
---|
10 | * ---------- |
---|
11 | * This software was created by |
---|
12 | * Till Straumann <strauman@slac.stanford.edu>, 2003-2007 |
---|
13 | * Stanford Linear Accelerator Center, Stanford University. |
---|
14 | * |
---|
15 | * Acknowledgement of sponsorship |
---|
16 | * ------------------------------ |
---|
17 | * This software was produced by |
---|
18 | * the Stanford Linear Accelerator Center, Stanford University, |
---|
19 | * under Contract DE-AC03-76SFO0515 with the Department of Energy. |
---|
20 | * |
---|
21 | * Government disclaimer of liability |
---|
22 | * ---------------------------------- |
---|
23 | * Neither the United States nor the United States Department of Energy, |
---|
24 | * nor any of their employees, makes any warranty, express or implied, or |
---|
25 | * assumes any legal liability or responsibility for the accuracy, |
---|
26 | * completeness, or usefulness of any data, apparatus, product, or process |
---|
27 | * disclosed, or represents that its use would not infringe privately owned |
---|
28 | * rights. |
---|
29 | * |
---|
30 | * Stanford disclaimer of liability |
---|
31 | * -------------------------------- |
---|
32 | * Stanford University makes no representations or warranties, express or |
---|
33 | * implied, nor assumes any liability for the use of this software. |
---|
34 | * |
---|
35 | * Stanford disclaimer of copyright |
---|
36 | * -------------------------------- |
---|
37 | * Stanford University, owner of the copyright, hereby disclaims its |
---|
38 | * copyright and all other rights in this software. Hence, anyone may |
---|
39 | * freely use it for any purpose without restriction. |
---|
40 | * |
---|
41 | * Maintenance of notices |
---|
42 | * ---------------------- |
---|
43 | * In the interest of clarity regarding the origin and status of this |
---|
44 | * SLAC software, this and all the preceding Stanford University notices |
---|
45 | * are to remain affixed to any copy or derivative of this software made |
---|
46 | * or distributed by the recipient and are to be affixed to any copy of |
---|
47 | * software made or distributed by the recipient that contains a copy or |
---|
48 | * derivative of this software. |
---|
49 | * |
---|
50 | * ------------------ SLAC Software Notices, Set 4 OTT.002a, 2004 FEB 03 |
---|
51 | */ |
---|
52 | |
---|
53 | #if !defined(INSIDE_TELNETD) && !defined(__rtems__) |
---|
54 | #include <crypt.h> |
---|
55 | #endif |
---|
56 | #include <termios.h> |
---|
57 | #include <errno.h> |
---|
58 | #include <stdio.h> |
---|
59 | #include <unistd.h> |
---|
60 | #include <stdlib.h> |
---|
61 | #include <string.h> |
---|
62 | #include <syslog.h> |
---|
63 | |
---|
64 | #include "passwd.h" |
---|
65 | |
---|
66 | /* rtems has global filedescriptors but per-thread stdio streams... */ |
---|
67 | #define STDI_FD fileno(stdin) |
---|
68 | #define MAXPASSRETRY 3 |
---|
69 | |
---|
70 | extern char *__des_crypt_r(char *, char*, char*, int); |
---|
71 | |
---|
72 | #if !defined(INSIDE_TELNETD) |
---|
73 | #define sockpeername(s,b,sz) (-1) |
---|
74 | #endif |
---|
75 | |
---|
76 | #if defined(INSIDE_TELNETD) |
---|
77 | static |
---|
78 | #endif |
---|
79 | int check_passwd(char *peername) |
---|
80 | { |
---|
81 | char *pw; |
---|
82 | int rval = -1, tmp, retries; |
---|
83 | struct termios t,told; |
---|
84 | int restore_flags = 0; |
---|
85 | char buf[30], cryptbuf[21]; |
---|
86 | char salt[3]; |
---|
87 | |
---|
88 | if ( !(pw=getenv("TELNETD_PASSWD")) || 0 == strlen(pw) ) |
---|
89 | #ifdef TELNETD_DEFAULT_PASSWD |
---|
90 | pw = TELNETD_DEFAULT_PASSWD; |
---|
91 | #else |
---|
92 | return 0; |
---|
93 | #endif |
---|
94 | |
---|
95 | if ( tcgetattr(STDI_FD, &t) ) { |
---|
96 | perror("check_passwd(): tcgetattr"); |
---|
97 | goto done; |
---|
98 | } |
---|
99 | told = t; |
---|
100 | t.c_lflag &= ~ECHO; |
---|
101 | t.c_lflag &= ~ICANON; |
---|
102 | t.c_cc[VTIME] = 255; |
---|
103 | t.c_cc[VMIN] = 0; |
---|
104 | |
---|
105 | strncpy(salt,pw,2); |
---|
106 | salt[2]=0; |
---|
107 | |
---|
108 | if ( tcsetattr(STDI_FD, TCSANOW, &t) ) { |
---|
109 | perror("check_passwd(): tcsetattr"); |
---|
110 | goto done; |
---|
111 | } |
---|
112 | restore_flags = 1; |
---|
113 | |
---|
114 | /* Here we ask for the password... */ |
---|
115 | for ( retries = MAXPASSRETRY; retries > 0; retries-- ) { |
---|
116 | fflush(stdin); |
---|
117 | fprintf(stderr,"Password:"); |
---|
118 | fflush(stderr); |
---|
119 | if ( 0 == fgets(buf,sizeof(buf),stdin) ) { |
---|
120 | /* Here comes an ugly hack: |
---|
121 | * The termios driver's 'read()' handler |
---|
122 | * returns 0 to the c library's fgets if |
---|
123 | * it times out. 'fgets' interprets this |
---|
124 | * (correctly) as EOF, a condition we want |
---|
125 | * to undo since it's not really true since |
---|
126 | * we really have a read error (termios bug??) |
---|
127 | * |
---|
128 | * As a workaround we push something back and |
---|
129 | * read it again. This should simply reset the |
---|
130 | * EOF condition. |
---|
131 | */ |
---|
132 | if (ungetc('?',stdin) >= 0) |
---|
133 | fgetc(stdin); |
---|
134 | goto done; |
---|
135 | } |
---|
136 | fputc('\n',stderr); |
---|
137 | tmp = strlen(buf); |
---|
138 | while ( tmp > 0 && ('\n' == buf[tmp-1] || '\r' == buf[tmp-1]) ) { |
---|
139 | buf[--tmp]=0; |
---|
140 | } |
---|
141 | if ( !strcmp(__des_crypt_r(buf, salt, cryptbuf, sizeof(cryptbuf)), pw) ) { |
---|
142 | rval = 0; |
---|
143 | break; |
---|
144 | } |
---|
145 | fprintf(stderr,"Incorrect Password.\n"); |
---|
146 | sleep(2); |
---|
147 | } |
---|
148 | |
---|
149 | if ( 0 == retries ) { |
---|
150 | syslog( LOG_AUTHPRIV | LOG_WARNING, |
---|
151 | "telnetd: %i wrong passwords entered from %s", |
---|
152 | MAXPASSRETRY, |
---|
153 | peername ? peername : "<UNKNOWN>"); |
---|
154 | } |
---|
155 | |
---|
156 | done: |
---|
157 | /* what to do if restoring the flags fails?? */ |
---|
158 | if (restore_flags) |
---|
159 | tcsetattr(STDI_FD, TCSANOW, &told); |
---|
160 | |
---|
161 | if (rval) { |
---|
162 | sleep(2); |
---|
163 | } |
---|
164 | return rval; |
---|
165 | } |
---|
166 | |
---|
167 | #if !defined(INSIDE_TELNETD) && !defined(__rtems__) |
---|
168 | int |
---|
169 | main(int argc, char **argv) |
---|
170 | { |
---|
171 | char *str, *enc=0; |
---|
172 | int ch; |
---|
173 | |
---|
174 | while ( (ch=getopt(argc, argv, "g:")) > 0 ) { |
---|
175 | switch (ch) { |
---|
176 | default: |
---|
177 | fprintf(stderr,"Unknown option\n"); |
---|
178 | return(1); |
---|
179 | |
---|
180 | case 'g': |
---|
181 | printf("Generated encrypted password: '%s'\n", (enc=crypt(optarg,"td"))); |
---|
182 | break; |
---|
183 | |
---|
184 | } |
---|
185 | } |
---|
186 | if (argc>optind && !enc) { |
---|
187 | enc=argv[optind]; |
---|
188 | } |
---|
189 | if (enc) { |
---|
190 | str = malloc(strlen(enc) + 30); |
---|
191 | sprintf(str,"TELNETD_PASSWD=%s",enc); |
---|
192 | putenv(str); |
---|
193 | } |
---|
194 | if (check_passwd(-1)) { |
---|
195 | fprintf(stderr,"check_passwd() failed\n"); |
---|
196 | } |
---|
197 | return 0; |
---|
198 | } |
---|
199 | |
---|
200 | #endif |
---|