Browse code
fix typo in comments
Dario Rodriguez authored on 23/07/2014 16:48:27
Showing 1 changed files
Browse code
fix password processing (workaround to issues with libscrypt: don't use scrypt_hash, check that the salt is small)
Dario Rodriguez authored on 26/06/2014 11:58:59
Showing 1 changed files
| ... | ... |
@@ -14,27 +14,54 @@ |
| 14 | 14 |
#include <sys/types.h> |
| 15 | 15 |
#include <sys/stat.h> |
| 16 | 16 |
#include <fcntl.h> |
| 17 |
+#include "loglib.h" |
|
| 17 | 18 |
#include "kakumei.h" |
| 18 | 19 |
#include "libscrypt.h" |
| 19 | 20 |
|
| 21 |
+#define VALUE_N 16384 |
|
| 22 |
+#define VALUE_r 8 |
|
| 23 |
+#define VALUE_p 1 |
|
| 24 |
+ |
|
| 25 |
+static int mcf_gen(const char *salt,const char *passwd, char *mcf, int mcfsize); |
|
| 26 |
+static int mcf_check(char *mcf, const char *passwd); |
|
| 27 |
+ |
|
| 20 | 28 |
int |
| 21 | 29 |
pass_new(kakumei *ka, char *user, char *passwd) |
| 22 | 30 |
{
|
| 23 | 31 |
int fd; |
| 24 | 32 |
char filename[1024]; |
| 25 |
- char mcf[SCRYPT_MCF_LEN+1]; |
|
| 26 | 33 |
int len; |
| 27 |
- if(kakumei_uservalid(ka,user)!=0) |
|
| 34 |
+ int res; |
|
| 35 |
+ static const char mysalt[]={"NFkFsNdzMQ9Jfer"};
|
|
| 36 |
+ char mcf[SCRYPT_MCF_LEN]; |
|
| 37 |
+ if(kakumei_uservalid(ka,user)!=0) {
|
|
| 38 |
+ log_write("PASS","Ilegal username %s",user);
|
|
| 39 |
+ return(-1); |
|
| 40 |
+ } |
|
| 41 |
+ memset(mcf,0,sizeof(mcf)); |
|
| 42 |
+ if((res=mcf_gen(mysalt,passwd,mcf,sizeof(mcf)))!=0) {
|
|
| 43 |
+ log_write("PASS","Couln't create simple hash for user %s",user);
|
|
| 28 | 44 |
return(-1); |
| 45 |
+ } |
|
| 46 |
+ if((res=mcf_check(mcf,passwd))!=0) {
|
|
| 47 |
+ log_write("EINT","%s:%i",__FILE__,__LINE__);
|
|
| 48 |
+ return(-1); /* internal error */ |
|
| 49 |
+ } |
|
| 50 |
+ mkdir(DATADIR,0700); |
|
| 51 |
+ mkdir(USERSDIR,0700); |
|
| 52 |
+ snprintf(filename,sizeof(filename)-1,"%s/%s",USERSDIR,user); |
|
| 53 |
+ filename[sizeof(filename)-1]='\0'; |
|
| 54 |
+ mkdir(filename,0700); |
|
| 29 | 55 |
snprintf(filename,sizeof(filename)-1,"%s/%s/passwd",USERSDIR,user); |
| 30 | 56 |
filename[sizeof(filename)-1]='\0'; |
| 31 |
- memset(mcf,0,sizeof(mcf)); |
|
| 32 |
- libscrypt_hash(mcf,passwd,SCRYPT_N,SCRYPT_r,SCRYPT_p); |
|
| 33 |
- if((fd=open(filename,O_WRONLY|O_TRUNC|O_CREAT,0600))==-1) |
|
| 57 |
+ if((fd=open(filename,O_WRONLY|O_TRUNC|O_CREAT,0600))==-1) {
|
|
| 58 |
+ log_write("PASS","Couln't open for writing to %s",filename);
|
|
| 34 | 59 |
return(-1); |
| 60 |
+ } |
|
| 35 | 61 |
len=strlen(mcf); |
| 36 | 62 |
if(write(fd,mcf,len)!=len) {
|
| 37 | 63 |
close(fd),fd=-1; |
| 64 |
+ log_write("PASS","Error writing to %s",filename);
|
|
| 38 | 65 |
return(-1); |
| 39 | 66 |
} |
| 40 | 67 |
close(fd),fd=-1; |
| ... | ... |
@@ -46,17 +73,67 @@ pass_check(kakumei *ka, char *user, char *passwd) |
| 46 | 73 |
{
|
| 47 | 74 |
int fd; |
| 48 | 75 |
char filename[1024]; |
| 49 |
- char mcf[SCRYPT_MCF_LEN+1]; |
|
| 50 |
- if(kakumei_userexists(ka,user)!=0) |
|
| 76 |
+ char mcf[SCRYPT_MCF_LEN]; |
|
| 77 |
+ int res; |
|
| 78 |
+ if(kakumei_userexists(ka,user)!=0) {
|
|
| 79 |
+ log_write("PASS","No username %s",user);
|
|
| 51 | 80 |
return(-1); |
| 81 |
+ } |
|
| 52 | 82 |
snprintf(filename,sizeof(filename)-1,"%s/%s/passwd",USERSDIR,user); |
| 53 | 83 |
filename[sizeof(filename)-1]='\0'; |
| 54 |
- if((fd=open(filename,O_RDONLY))==-1) |
|
| 84 |
+ if((fd=open(filename,O_RDONLY))==-1) {
|
|
| 85 |
+ log_write("PASS","Couldn't read passwd of user %s",user);
|
|
| 55 | 86 |
return(-1); |
| 87 |
+ } |
|
| 56 | 88 |
memset(mcf,0,sizeof(mcf)); |
| 57 | 89 |
read(fd,mcf,sizeof(mcf)-1); |
| 58 | 90 |
close(fd),fd=-1; |
| 59 |
- if(libscrypt_check(mcf,passwd)<=0) |
|
| 91 |
+ if((res=mcf_check(mcf,passwd))!=0) {
|
|
| 92 |
+ log_write("PASS","Wrong password trying to login for user %s",user);
|
|
| 93 |
+ return(-1); |
|
| 94 |
+ } |
|
| 95 |
+ return(0); |
|
| 96 |
+} |
|
| 97 |
+ |
|
| 98 |
+/* utility functions to make libscrypt usable */ |
|
| 99 |
+static int |
|
| 100 |
+mcf_gen(const char *salt,const char *passwd, char *mcf, int mcfsize) |
|
| 101 |
+{
|
|
| 102 |
+ int res; |
|
| 103 |
+ uint8_t hashbuf[SCRYPT_HASH_LEN]; |
|
| 104 |
+ char saltbuf[1024]; |
|
| 105 |
+ char outbuf[1024]; |
|
| 106 |
+ if(mcfsize<SCRYPT_MCF_LEN) |
|
| 107 |
+ return(-1); |
|
| 108 |
+ if(strlen(salt)>16) |
|
| 109 |
+ return(-1); /* large salts make libscrypt break */ |
|
| 110 |
+ if((res=libscrypt_scrypt((uint8_t*)passwd,strlen(passwd), |
|
| 111 |
+ (uint8_t*)salt, strlen(salt), VALUE_N,VALUE_r,VALUE_p, hashbuf, sizeof(hashbuf)))!=0) {
|
|
| 112 |
+ log_write("PASS","Couln't create hash");
|
|
| 113 |
+ return(-1); |
|
| 114 |
+ } |
|
| 115 |
+ if((res=libscrypt_b64_encode(outbuf, (char*)hashbuf, sizeof(hashbuf)))==-1) {
|
|
| 116 |
+ log_write("PASS","Couln't encode hash");
|
|
| 117 |
+ return(-1); |
|
| 118 |
+ } |
|
| 119 |
+ if((res=libscrypt_b64_encode(saltbuf, salt, strlen(salt)))==-1) {
|
|
| 120 |
+ log_write("PASS","Couln't encode salt");
|
|
| 121 |
+ return(-1); |
|
| 122 |
+ } |
|
| 123 |
+ if(!(res=libscrypt_mcf(VALUE_N,VALUE_r,VALUE_p, saltbuf, outbuf, mcf))) {
|
|
| 124 |
+ log_write("PASS","Couln't convert to mcf");
|
|
| 125 |
+ return(-1); |
|
| 126 |
+ } |
|
| 127 |
+ return(0); |
|
| 128 |
+} |
|
| 129 |
+ |
|
| 130 |
+static int |
|
| 131 |
+mcf_check(char *mcf, const char *passwd) |
|
| 132 |
+{
|
|
| 133 |
+ char mcftest[SCRYPT_MCF_LEN]; |
|
| 134 |
+ int res; |
|
| 135 |
+ memcpy(mcftest,mcf,sizeof(mcftest)); |
|
| 136 |
+ if((res=libscrypt_check(mcftest,(char *)passwd))<=0) |
|
| 60 | 137 |
return(-1); |
| 61 | 138 |
return(0); |
| 62 | 139 |
} |
Browse code
implement kakumei_pass, add ÃÃlibscrypt to Makefile
Dario Rodriguez authored on 25/06/2014 19:22:09
Showing 1 changed files
| ... | ... |
@@ -7,19 +7,57 @@ |
| 7 | 7 |
* This progran is licensed under the terms of the Affero GPL v1+ |
| 8 | 8 |
*/ |
| 9 | 9 |
|
| 10 |
+#include <stdio.h> |
|
| 11 |
+#include <stdlib.h> |
|
| 12 |
+#include <unistd.h> |
|
| 13 |
+#include <string.h> |
|
| 14 |
+#include <sys/types.h> |
|
| 15 |
+#include <sys/stat.h> |
|
| 16 |
+#include <fcntl.h> |
|
| 10 | 17 |
#include "kakumei.h" |
| 18 |
+#include "libscrypt.h" |
|
| 11 | 19 |
|
| 12 | 20 |
int |
| 13 | 21 |
pass_new(kakumei *ka, char *user, char *passwd) |
| 14 | 22 |
{
|
| 15 |
-#warning TODO |
|
| 16 |
- return(-1); |
|
| 23 |
+ int fd; |
|
| 24 |
+ char filename[1024]; |
|
| 25 |
+ char mcf[SCRYPT_MCF_LEN+1]; |
|
| 26 |
+ int len; |
|
| 27 |
+ if(kakumei_uservalid(ka,user)!=0) |
|
| 28 |
+ return(-1); |
|
| 29 |
+ snprintf(filename,sizeof(filename)-1,"%s/%s/passwd",USERSDIR,user); |
|
| 30 |
+ filename[sizeof(filename)-1]='\0'; |
|
| 31 |
+ memset(mcf,0,sizeof(mcf)); |
|
| 32 |
+ libscrypt_hash(mcf,passwd,SCRYPT_N,SCRYPT_r,SCRYPT_p); |
|
| 33 |
+ if((fd=open(filename,O_WRONLY|O_TRUNC|O_CREAT,0600))==-1) |
|
| 34 |
+ return(-1); |
|
| 35 |
+ len=strlen(mcf); |
|
| 36 |
+ if(write(fd,mcf,len)!=len) {
|
|
| 37 |
+ close(fd),fd=-1; |
|
| 38 |
+ return(-1); |
|
| 39 |
+ } |
|
| 40 |
+ close(fd),fd=-1; |
|
| 41 |
+ return(0); |
|
| 17 | 42 |
} |
| 18 | 43 |
|
| 19 | 44 |
int |
| 20 | 45 |
pass_check(kakumei *ka, char *user, char *passwd) |
| 21 | 46 |
{
|
| 22 |
-#warning TODO |
|
| 23 |
- return(-1); |
|
| 47 |
+ int fd; |
|
| 48 |
+ char filename[1024]; |
|
| 49 |
+ char mcf[SCRYPT_MCF_LEN+1]; |
|
| 50 |
+ if(kakumei_userexists(ka,user)!=0) |
|
| 51 |
+ return(-1); |
|
| 52 |
+ snprintf(filename,sizeof(filename)-1,"%s/%s/passwd",USERSDIR,user); |
|
| 53 |
+ filename[sizeof(filename)-1]='\0'; |
|
| 54 |
+ if((fd=open(filename,O_RDONLY))==-1) |
|
| 55 |
+ return(-1); |
|
| 56 |
+ memset(mcf,0,sizeof(mcf)); |
|
| 57 |
+ read(fd,mcf,sizeof(mcf)-1); |
|
| 58 |
+ close(fd),fd=-1; |
|
| 59 |
+ if(libscrypt_check(mcf,passwd)<=0) |
|
| 60 |
+ return(-1); |
|
| 61 |
+ return(0); |
|
| 24 | 62 |
} |
| 25 | 63 |
|
Browse code
put passwd handling in separate source file
Dario Rodriguez authored on 25/06/2014 17:09:44
Showing 1 changed files
| 1 | 1 |
new file mode 100644 |
| ... | ... |
@@ -0,0 +1,25 @@ |
| 1 |
+/* |
|
| 2 |
+ * kakumei_pass.h |
|
| 3 |
+ * |
|
| 4 |
+ * Password handling for kakumei. |
|
| 5 |
+ * |
|
| 6 |
+ * Author: Dario Rodriguez dario@softhome.net |
|
| 7 |
+ * This progran is licensed under the terms of the Affero GPL v1+ |
|
| 8 |
+ */ |
|
| 9 |
+ |
|
| 10 |
+#include "kakumei.h" |
|
| 11 |
+ |
|
| 12 |
+int |
|
| 13 |
+pass_new(kakumei *ka, char *user, char *passwd) |
|
| 14 |
+{
|
|
| 15 |
+#warning TODO |
|
| 16 |
+ return(-1); |
|
| 17 |
+} |
|
| 18 |
+ |
|
| 19 |
+int |
|
| 20 |
+pass_check(kakumei *ka, char *user, char *passwd) |
|
| 21 |
+{
|
|
| 22 |
+#warning TODO |
|
| 23 |
+ return(-1); |
|
| 24 |
+} |
|
| 25 |
+ |