source-git / mingw-gnutls

Clone
Source Code
GIT

Blame src/srptool.c

c8 master
  1.   597b58dd775b000e719f2f261e720f3f1dc7cad1
  2.   src
  3.   srptool.c
Blob History Raw
Packit 549fdc 
/*
Packit 549fdc 
 * Copyright (C) 2001-2012 Free Software Foundation, Inc.
Packit 549fdc 
 *
Packit 549fdc 
 * This file is part of GnuTLS.
Packit 549fdc 
 *
Packit 549fdc 
 * GnuTLS is free software: you can redistribute it and/or modify it
Packit 549fdc 
 * under the terms of the GNU General Public License as published by
Packit 549fdc 
 * the Free Software Foundation, either version 3 of the License, or
Packit 549fdc 
 * (at your option) any later version.
Packit 549fdc 
 *
Packit 549fdc 
 * GnuTLS is distributed in the hope that it will be useful, but
Packit 549fdc 
 * WITHOUT ANY WARRANTY; without even the implied warranty of
Packit 549fdc 
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
Packit 549fdc 
 * General Public License for more details.
Packit 549fdc 
 *
Packit 549fdc 
 * You should have received a copy of the GNU General Public License
Packit 549fdc 
 * along with this program.  If not, see
Packit 549fdc 
 * <http://www.gnu.org/licenses/>.
Packit 549fdc 
 */
Packit 549fdc
Packit 549fdc 
#include <config.h>
Packit 549fdc
Packit 549fdc 
#include <stdio.h>
Packit 549fdc 
#include <string.h>
Packit 549fdc 
#include <stdlib.h>
Packit 549fdc 
#include <gnutls/gnutls.h>
Packit 549fdc 
#include <gnutls/crypto.h>	/* for random */
Packit 549fdc
Packit 549fdc 
#include <sys/types.h>
Packit 549fdc 
#include <sys/stat.h>
Packit 549fdc
Packit 549fdc 
#ifndef _WIN32
Packit 549fdc 
#include <pwd.h>
Packit 549fdc 
#include <unistd.h>
Packit 549fdc 
#else
Packit 549fdc 
#include <windows.h>
Packit 549fdc 
#endif
Packit 549fdc
Packit 549fdc 
/* Gnulib portability files. */
Packit 549fdc 
#include <getpass.h>
Packit 549fdc 
#include <minmax.h>
Packit 549fdc
Packit 549fdc 
#include <srptool-args.h>
Packit 549fdc
Packit 549fdc 
/* This may need some rewrite. A lot of stuff which should be here
Packit 549fdc 
 * are in the library, which is not good.
Packit 549fdc 
 */
Packit 549fdc
Packit 549fdc 
int crypt_int(const char *username, const char *passwd, int salt,
Packit 549fdc 
	      const char *tpasswd_conf, const char *tpasswd, int uindex);
Packit 549fdc 
static int read_conf_values(gnutls_datum_t * g, gnutls_datum_t * n,
Packit 549fdc 
			    char *str);
Packit 549fdc 
static int _verify_passwd_int(const char *username, const char *passwd,
Packit 549fdc 
			      char *verifier, const char *salt,
Packit 549fdc 
			      const gnutls_datum_t * g,
Packit 549fdc 
			      const gnutls_datum_t * n);
Packit 549fdc
Packit 549fdc 
static void print_num(const char *msg, const gnutls_datum_t * num)
Packit 549fdc 
{
Packit 549fdc 
	unsigned int i;
Packit 549fdc
Packit 549fdc 
	printf("%s:\t", msg);
Packit 549fdc
Packit 549fdc 
	for (i = 0; i < num->size; i++) {
Packit 549fdc 
		if (i != 0 && i % 12 == 0)
Packit 549fdc 
			printf("\n\t");
Packit 549fdc 
		else if (i != 0 && i != num->size)
Packit 549fdc 
			printf(":");
Packit 549fdc 
		printf("%.2x", num->data[i]);
Packit 549fdc 
	}
Packit 549fdc 
	printf("\n\n");
Packit 549fdc
Packit 549fdc 
}
Packit 549fdc
Packit 549fdc 
static int generate_create_conf(const char *tpasswd_conf)
Packit 549fdc 
{
Packit 549fdc 
	FILE *fd;
Packit 549fdc 
	char line[5 * 1024];
Packit 549fdc 
	int index = 1, srp_idx;
Packit 549fdc 
	gnutls_datum_t g, n;
Packit 549fdc 
	gnutls_datum_t str_g, str_n;
Packit 549fdc
Packit 549fdc 
	fd = fopen(tpasswd_conf, "w");
Packit 549fdc 
	if (fd == NULL) {
Packit 549fdc 
		fprintf(stderr, "Cannot open file '%s'\n", tpasswd_conf);
Packit 549fdc 
		return -1;
Packit 549fdc 
	}
Packit 549fdc
Packit 549fdc 
	for (index = 1; index <= 5; index++) {
Packit 549fdc
Packit 549fdc 
		if (index == 1) {
Packit 549fdc 
			srp_idx = 2;
Packit 549fdc 
			n = gnutls_srp_1536_group_prime;
Packit 549fdc 
			g = gnutls_srp_1536_group_generator;
Packit 549fdc 
		} else if (index == 2) {
Packit 549fdc 
			srp_idx = 3;
Packit 549fdc 
			n = gnutls_srp_2048_group_prime;
Packit 549fdc 
			g = gnutls_srp_2048_group_generator;
Packit 549fdc 
		} else if (index == 3) {
Packit 549fdc 
			srp_idx = 4;
Packit 549fdc 
			n = gnutls_srp_3072_group_prime;
Packit 549fdc 
			g = gnutls_srp_3072_group_generator;
Packit 549fdc 
		} else if (index == 4) {
Packit 549fdc 
			srp_idx = 5;
Packit 549fdc 
			n = gnutls_srp_4096_group_prime;
Packit 549fdc 
			g = gnutls_srp_4096_group_generator;
Packit 549fdc 
		} else if (index == 5) {
Packit 549fdc 
			srp_idx = 7;
Packit 549fdc 
			n = gnutls_srp_8192_group_prime;
Packit 549fdc 
			g = gnutls_srp_8192_group_generator;
Packit 549fdc 
		} else {
Packit 549fdc 
			fprintf(stderr, "Unknown index: %d\n", index);
Packit 549fdc 
			return -1;
Packit 549fdc 
		}
Packit 549fdc
Packit 549fdc 
		printf("\nGroup %d, of %d bits:\n", srp_idx, n.size * 8);
Packit 549fdc 
		print_num("Generator", &g);
Packit 549fdc 
		print_num("Prime", &n);
Packit 549fdc
Packit 549fdc 
		if (gnutls_srp_base64_encode_alloc(&n, &str_n) < 0) {
Packit 549fdc 
			fprintf(stderr, "Could not encode\n");
Packit 549fdc 
			fclose(fd);
Packit 549fdc 
			return -1;
Packit 549fdc 
		}
Packit 549fdc
Packit 549fdc 
		if (gnutls_srp_base64_encode_alloc(&g, &str_g) < 0) {
Packit 549fdc 
			fprintf(stderr, "Could not encode\n");
Packit 549fdc 
			fclose(fd);
Packit 549fdc 
			return -1;
Packit 549fdc 
		}
Packit 549fdc
Packit 549fdc 
		sprintf(line, "%d:%s:%s\n", srp_idx, str_n.data, str_g.data);
Packit 549fdc
Packit 549fdc 
		gnutls_free(str_n.data);
Packit 549fdc 
		gnutls_free(str_g.data);
Packit 549fdc
Packit 549fdc 
		fwrite(line, 1, strlen(line), fd);
Packit 549fdc
Packit 549fdc 
	}
Packit 549fdc
Packit 549fdc 
	fclose(fd);
Packit 549fdc
Packit 549fdc 
	return 0;
Packit 549fdc
Packit 549fdc 
}
Packit 549fdc
Packit 549fdc 
/* The format of a tpasswd file is:
Packit 549fdc 
 * username:verifier:salt:index
Packit 549fdc 
 *
Packit 549fdc 
 * index is the index of the prime-generator pair in tpasswd.conf
Packit 549fdc 
 */
Packit 549fdc 
static int
Packit 549fdc 
_verify_passwd_int(const char *username, const char *passwd,
Packit 549fdc 
		   char *verifier, const char *salt,
Packit 549fdc 
		   const gnutls_datum_t * g, const gnutls_datum_t * n)
Packit 549fdc 
{
Packit 549fdc 
	char _salt[1024];
Packit 549fdc 
	gnutls_datum_t tmp, raw_salt, new_verifier;
Packit 549fdc 
	size_t salt_size;
Packit 549fdc 
	char *pos;
Packit 549fdc
Packit 549fdc 
	if (salt == NULL || verifier == NULL)
Packit 549fdc 
		return -1;
Packit 549fdc
Packit 549fdc 
	if (strlen(salt) >= sizeof(_salt)) {
Packit 549fdc 
		fprintf(stderr, "Too long salt.\n");
Packit 549fdc 
		return -1;
Packit 549fdc 
	}
Packit 549fdc
Packit 549fdc 
	/* copy salt, and null terminate after the ':' */
Packit 549fdc 
	strcpy(_salt, salt);
Packit 549fdc 
	pos = strchr(_salt, ':');
Packit 549fdc 
	if (pos != NULL)
Packit 549fdc 
		*pos = 0;
Packit 549fdc
Packit 549fdc 
	/* convert salt to binary. */
Packit 549fdc 
	tmp.data = (void *) _salt;
Packit 549fdc 
	tmp.size = strlen(_salt);
Packit 549fdc
Packit 549fdc 
	if (gnutls_srp_base64_decode_alloc(&tmp, &raw_salt) < 0) {
Packit 549fdc 
		fprintf(stderr, "Could not decode salt.\n");
Packit 549fdc 
		return -1;
Packit 549fdc 
	}
Packit 549fdc
Packit 549fdc 
	if (gnutls_srp_verifier
Packit 549fdc 
	    (username, passwd, &raw_salt, g, n, &new_verifier) < 0) {
Packit 549fdc 
		fprintf(stderr, "Could not make the verifier\n");
Packit 549fdc 
		return -1;
Packit 549fdc 
	}
Packit 549fdc
Packit 549fdc 
	free(raw_salt.data);
Packit 549fdc
Packit 549fdc 
	/* encode the verifier into _salt */
Packit 549fdc 
	salt_size = sizeof(_salt);
Packit 549fdc 
	memset(_salt, 0, salt_size);
Packit 549fdc 
	if (gnutls_srp_base64_encode(&new_verifier, _salt, &salt_size) < 0) {
Packit 549fdc 
		fprintf(stderr, "Encoding error\n");
Packit 549fdc 
		return -1;
Packit 549fdc 
	}
Packit 549fdc
Packit 549fdc 
	free(new_verifier.data);
Packit 549fdc
Packit 549fdc 
	if (strncmp(verifier, _salt, strlen(_salt)) == 0) {
Packit 549fdc 
		fprintf(stderr, "Password verified\n");
Packit 549fdc 
		return 0;
Packit 549fdc 
	} else {
Packit 549fdc 
		fprintf(stderr, "Password does NOT match\n");
Packit 549fdc 
	}
Packit 549fdc 
	return -1;
Packit 549fdc 
}
Packit 549fdc
Packit 549fdc 
static int filecopy(const char *src, const char *dst)
Packit 549fdc 
{
Packit 549fdc 
	FILE *fd, *fd2;
Packit 549fdc 
	char line[5 * 1024];
Packit 549fdc 
	char *p;
Packit 549fdc
Packit 549fdc 
	fd = fopen(dst, "w");
Packit 549fdc 
	if (fd == NULL) {
Packit 549fdc 
		fprintf(stderr, "Cannot open '%s' for write\n", dst);
Packit 549fdc 
		return -1;
Packit 549fdc 
	}
Packit 549fdc
Packit 549fdc 
	fd2 = fopen(src, "r");
Packit 549fdc 
	if (fd2 == NULL) {
Packit 549fdc 
		/* empty file */
Packit 549fdc 
		fclose(fd);
Packit 549fdc 
		return 0;
Packit 549fdc 
	}
Packit 549fdc
Packit 549fdc 
	line[sizeof(line) - 1] = 0;
Packit 549fdc 
	do {
Packit 549fdc 
		p = fgets(line, sizeof(line) - 1, fd2);
Packit 549fdc 
		if (p == NULL)
Packit 549fdc 
			break;
Packit 549fdc
Packit 549fdc 
		fputs(line, fd);
Packit 549fdc 
	}
Packit 549fdc 
	while (1);
Packit 549fdc
Packit 549fdc 
	fclose(fd);
Packit 549fdc 
	fclose(fd2);
Packit 549fdc
Packit 549fdc 
	return 0;
Packit 549fdc 
}
Packit 549fdc
Packit 549fdc 
/* accepts password file */
Packit 549fdc 
static int find_strchr(const char *username, const char *file)
Packit 549fdc 
{
Packit 549fdc 
	FILE *fd;
Packit 549fdc 
	char *pos;
Packit 549fdc 
	char line[5 * 1024];
Packit 549fdc 
	unsigned int i;
Packit 549fdc
Packit 549fdc 
	fd = fopen(file, "r");
Packit 549fdc 
	if (fd == NULL) {
Packit 549fdc 
		fprintf(stderr, "Cannot open file '%s'\n", file);
Packit 549fdc 
		return -1;
Packit 549fdc 
	}
Packit 549fdc
Packit 549fdc 
	while (fgets(line, sizeof(line), fd) != NULL) {
Packit 549fdc 
		/* move to first ':' */
Packit 549fdc 
		i = 0;
Packit 549fdc 
		while ((line[i] != ':') && (line[i] != '\0')
Packit 549fdc 
		       && (i < sizeof(line))) {
Packit 549fdc 
			i++;
Packit 549fdc 
		}
Packit 549fdc 
		if (strncmp(username, line, MAX(i, strlen(username))) == 0) {
Packit 549fdc 
			/* find the index */
Packit 549fdc 
			pos = strrchr(line, ':');
Packit 549fdc 
			pos++;
Packit 549fdc 
			fclose(fd);
Packit 549fdc 
			return atoi(pos);
Packit 549fdc 
		}
Packit 549fdc 
	}
Packit 549fdc
Packit 549fdc 
	fclose(fd);
Packit 549fdc 
	return -1;
Packit 549fdc 
}
Packit 549fdc
Packit 549fdc 
/* Parses the tpasswd files, in order to verify the given
Packit 549fdc 
 * username/password pair.
Packit 549fdc 
 */
Packit 549fdc 
static int
Packit 549fdc 
verify_passwd(const char *conffile, const char *tpasswd,
Packit 549fdc 
	      const char *username, const char *passwd)
Packit 549fdc 
{
Packit 549fdc 
	FILE *fd;
Packit 549fdc 
	char line[5 * 1024];
Packit 549fdc 
	unsigned int i;
Packit 549fdc 
	gnutls_datum_t g, n;
Packit 549fdc 
	int iindex;
Packit 549fdc 
	char *p, *pos;
Packit 549fdc
Packit 549fdc 
	iindex = find_strchr(username, tpasswd);
Packit 549fdc 
	if (iindex == -1) {
Packit 549fdc 
		fprintf(stderr, "Cannot find '%s' in %s\n", username,
Packit 549fdc 
			tpasswd);
Packit 549fdc 
		return -1;
Packit 549fdc 
	}
Packit 549fdc
Packit 549fdc 
	fd = fopen(conffile, "r");
Packit 549fdc 
	if (fd == NULL) {
Packit 549fdc 
		fprintf(stderr, "Cannot find %s\n", conffile);
Packit 549fdc 
		return -1;
Packit 549fdc 
	}
Packit 549fdc
Packit 549fdc 
	do {
Packit 549fdc 
		p = fgets(line, sizeof(line) - 1, fd);
Packit 549fdc 
	}
Packit 549fdc 
	while (p != NULL && atoi(p) != iindex);
Packit 549fdc
Packit 549fdc 
	if (p == NULL) {
Packit 549fdc 
		fprintf(stderr, "Cannot find entry in %s\n", conffile);
Packit 549fdc 
		return -1;
Packit 549fdc 
	}
Packit 549fdc 
	line[sizeof(line) - 1] = 0;
Packit 549fdc
Packit 549fdc 
	fclose(fd);
Packit 549fdc
Packit 549fdc 
	if ((iindex = read_conf_values(&g, &n, line)) < 0) {
Packit 549fdc 
		fprintf(stderr, "Cannot parse conf file '%s'\n", conffile);
Packit 549fdc 
		return -1;
Packit 549fdc 
	}
Packit 549fdc
Packit 549fdc 
	fd = fopen(tpasswd, "r");
Packit 549fdc 
	if (fd == NULL) {
Packit 549fdc 
		fprintf(stderr, "Cannot open file '%s'\n", tpasswd);
Packit 549fdc 
		return -1;
Packit 549fdc 
	}
Packit 549fdc
Packit 549fdc 
	while (fgets(line, sizeof(line), fd) != NULL) {
Packit 549fdc 
		/* move to first ':'
Packit 549fdc 
		 * This is the actual verifier.
Packit 549fdc 
		 */
Packit 549fdc 
		i = 0;
Packit 549fdc 
		while ((line[i] != ':') && (line[i] != '\0')
Packit 549fdc 
		       && (i < sizeof(line))) {
Packit 549fdc 
			i++;
Packit 549fdc 
		}
Packit 549fdc 
		if (strncmp(username, line, MAX(i, strlen(username))) == 0) {
Packit 549fdc 
			char *verifier_pos, *salt_pos;
Packit 549fdc
Packit 549fdc 
			pos = strchr(line, ':');
Packit 549fdc 
			fclose(fd);
Packit 549fdc 
			if (pos == NULL) {
Packit 549fdc 
				fprintf(stderr,
Packit 549fdc 
					"Cannot parse conf file '%s'\n",
Packit 549fdc 
					conffile);
Packit 549fdc 
				return -1;
Packit 549fdc 
			}
Packit 549fdc 
			pos++;
Packit 549fdc 
			verifier_pos = pos;
Packit 549fdc
Packit 549fdc 
			/* Move to the salt */
Packit 549fdc 
			pos = strchr(pos, ':');
Packit 549fdc 
			if (pos == NULL) {
Packit 549fdc 
				fprintf(stderr,
Packit 549fdc 
					"Cannot parse conf file '%s'\n",
Packit 549fdc 
					conffile);
Packit 549fdc 
				return -1;
Packit 549fdc 
			}
Packit 549fdc 
			pos++;
Packit 549fdc 
			salt_pos = pos;
Packit 549fdc
Packit 549fdc 
			return _verify_passwd_int(username, passwd,
Packit 549fdc 
						  verifier_pos, salt_pos,
Packit 549fdc 
						  &g, &n);
Packit 549fdc 
		}
Packit 549fdc 
	}
Packit 549fdc
Packit 549fdc 
	fclose(fd);
Packit 549fdc 
	return -1;
Packit 549fdc
Packit 549fdc 
}
Packit 549fdc
Packit 549fdc 
#define KPASSWD "/etc/tpasswd"
Packit 549fdc 
#define KPASSWD_CONF "/etc/tpasswd.conf"
Packit 549fdc
Packit 549fdc 
static void tls_log_func(int level, const char *str)
Packit 549fdc 
{
Packit 549fdc 
	fprintf(stderr, "|<%d>| %s", level, str);
Packit 549fdc 
}
Packit 549fdc
Packit 549fdc 
int main(int argc, char **argv)
Packit 549fdc 
{
Packit 549fdc 
	const char *passwd;
Packit 549fdc 
	int salt_size, ret;
Packit 549fdc 
	const char *fpasswd, *fpasswd_conf;
Packit 549fdc 
	const char *username;
Packit 549fdc 
#ifndef _WIN32
Packit 549fdc 
	struct passwd *pwd;
Packit 549fdc 
#endif
Packit 549fdc
Packit 549fdc 
	if ((ret = gnutls_global_init()) < 0) {
Packit 549fdc 
		fprintf(stderr, "global_init: %s\n", gnutls_strerror(ret));
Packit 549fdc 
		exit(1);
Packit 549fdc 
	}
Packit 549fdc
Packit 549fdc 
	umask(066);
Packit 549fdc
Packit 549fdc 
	optionProcess(&srptoolOptions, argc, argv);
Packit 549fdc
Packit 549fdc 
	gnutls_global_set_log_function(tls_log_func);
Packit 549fdc 
	gnutls_global_set_log_level(OPT_VALUE_DEBUG);
Packit 549fdc
Packit 549fdc 
	if (HAVE_OPT(CREATE_CONF)) {
Packit 549fdc 
		return generate_create_conf(OPT_ARG(CREATE_CONF));
Packit 549fdc 
	}
Packit 549fdc
Packit 549fdc 
	if (HAVE_OPT(PASSWD))
Packit 549fdc 
		fpasswd = OPT_ARG(PASSWD);
Packit 549fdc 
	else
Packit 549fdc 
		fpasswd = (char *) KPASSWD;
Packit 549fdc
Packit 549fdc 
	if (HAVE_OPT(PASSWD_CONF))
Packit 549fdc 
		fpasswd_conf = OPT_ARG(PASSWD_CONF);
Packit 549fdc 
	else
Packit 549fdc 
		fpasswd_conf = (char *) KPASSWD_CONF;
Packit 549fdc
Packit 549fdc 
	if (HAVE_OPT(USERNAME))
Packit 549fdc 
		username = OPT_ARG(USERNAME);
Packit 549fdc 
	else {
Packit 549fdc 
#ifndef _WIN32
Packit 549fdc 
		pwd = getpwuid(getuid());
Packit 549fdc
Packit 549fdc 
		if (pwd == NULL) {
Packit 549fdc 
			fprintf(stderr, "No such user\n");
Packit 549fdc 
			return -1;
Packit 549fdc 
		}
Packit 549fdc
Packit 549fdc 
		username = pwd->pw_name;
Packit 549fdc 
#else
Packit 549fdc 
		fprintf(stderr, "Please specify a user\n");
Packit 549fdc 
		return -1;
Packit 549fdc 
#endif
Packit 549fdc 
	}
Packit 549fdc
Packit 549fdc 
	salt_size = 16;
Packit 549fdc
Packit 549fdc 
	passwd = getpass("Enter password: ");
Packit 549fdc 
	if (passwd == NULL) {
Packit 549fdc 
		fprintf(stderr, "Please specify a password\n");
Packit 549fdc 
		return -1;
Packit 549fdc 
	}
Packit 549fdc
Packit 549fdc 
/* not ready yet */
Packit 549fdc 
	if (HAVE_OPT(VERIFY)) {
Packit 549fdc 
		return verify_passwd(fpasswd_conf, fpasswd,
Packit 549fdc 
				     username, passwd);
Packit 549fdc 
	}
Packit 549fdc
Packit 549fdc
Packit 549fdc 
	return crypt_int(username, passwd, salt_size,
Packit 549fdc 
			 fpasswd_conf, fpasswd, OPT_VALUE_INDEX);
Packit 549fdc
Packit 549fdc 
}
Packit 549fdc
Packit 549fdc 
static char *_srp_crypt(const char *username, const char *passwd,
Packit 549fdc 
			int salt_size, const gnutls_datum_t * g,
Packit 549fdc 
			const gnutls_datum_t * n)
Packit 549fdc 
{
Packit 549fdc 
	unsigned char salt[128];
Packit 549fdc 
	static char result[1024];
Packit 549fdc 
	gnutls_datum_t dat_salt, txt_salt;
Packit 549fdc 
	gnutls_datum_t verifier, txt_verifier;
Packit 549fdc
Packit 549fdc 
	if ((unsigned) salt_size > sizeof(salt))
Packit 549fdc 
		return NULL;
Packit 549fdc
Packit 549fdc 
	/* generate the salt
Packit 549fdc 
	 */
Packit 549fdc 
	if (gnutls_rnd(GNUTLS_RND_NONCE, salt, salt_size) < 0) {
Packit 549fdc 
		fprintf(stderr, "Could not create nonce\n");
Packit 549fdc 
		return NULL;
Packit 549fdc 
	}
Packit 549fdc
Packit 549fdc 
	dat_salt.data = salt;
Packit 549fdc 
	dat_salt.size = salt_size;
Packit 549fdc
Packit 549fdc 
	if (gnutls_srp_verifier
Packit 549fdc 
	    (username, passwd, &dat_salt, g, n, &verifier) < 0) {
Packit 549fdc 
		fprintf(stderr, "Error getting verifier\n");
Packit 549fdc 
		return NULL;
Packit 549fdc 
	}
Packit 549fdc
Packit 549fdc 
	/* base64 encode the verifier */
Packit 549fdc 
	if (gnutls_srp_base64_encode_alloc(&verifier, &txt_verifier) < 0) {
Packit 549fdc 
		fprintf(stderr, "Error encoding\n");
Packit 549fdc 
		free(verifier.data);
Packit 549fdc 
		return NULL;
Packit 549fdc 
	}
Packit 549fdc
Packit 549fdc 
	free(verifier.data);
Packit 549fdc
Packit 549fdc 
	if (gnutls_srp_base64_encode_alloc(&dat_salt, &txt_salt) < 0) {
Packit 549fdc 
		fprintf(stderr, "Error encoding\n");
Packit 549fdc 
		return NULL;
Packit 549fdc 
	}
Packit 549fdc
Packit 549fdc 
	sprintf(result, "%s:%s", txt_verifier.data, txt_salt.data);
Packit 549fdc 
	free(txt_salt.data);
Packit 549fdc 
	free(txt_verifier.data);
Packit 549fdc
Packit 549fdc 
	return result;
Packit 549fdc
Packit 549fdc 
}
Packit 549fdc
Packit 549fdc
Packit 549fdc 
int
Packit 549fdc 
crypt_int(const char *username, const char *passwd, int salt_size,
Packit 549fdc 
	  const char *tpasswd_conf, const char *tpasswd, int uindex)
Packit 549fdc 
{
Packit 549fdc 
	FILE *fd;
Packit 549fdc 
	char *cr;
Packit 549fdc 
	gnutls_datum_t g, n;
Packit 549fdc 
	char line[5 * 1024];
Packit 549fdc 
	char *p, *pp;
Packit 549fdc 
	int iindex;
Packit 549fdc 
	char tmpname[1024];
Packit 549fdc
Packit 549fdc 
	fd = fopen(tpasswd_conf, "r");
Packit 549fdc 
	if (fd == NULL) {
Packit 549fdc 
		fprintf(stderr, "Cannot find %s\n", tpasswd_conf);
Packit 549fdc 
		return -1;
Packit 549fdc 
	}
Packit 549fdc
Packit 549fdc 
	do {			/* find the specified uindex in file */
Packit 549fdc 
		p = fgets(line, sizeof(line) - 1, fd);
Packit 549fdc 
	}
Packit 549fdc 
	while (p != NULL && (iindex = atoi(p)) != uindex);
Packit 549fdc
Packit 549fdc 
	if (p == NULL) {
Packit 549fdc 
		fprintf(stderr, "Cannot find entry in %s\n", tpasswd_conf);
Packit 549fdc 
		return -1;
Packit 549fdc 
	}
Packit 549fdc 
	line[sizeof(line) - 1] = 0;
Packit 549fdc
Packit 549fdc 
	fclose(fd);
Packit 549fdc 
	if ((iindex = read_conf_values(&g, &n, line)) < 0) {
Packit 549fdc 
		fprintf(stderr, "Cannot parse conf file '%s'\n",
Packit 549fdc 
			tpasswd_conf);
Packit 549fdc 
		return -1;
Packit 549fdc 
	}
Packit 549fdc
Packit 549fdc 
	cr = _srp_crypt(username, passwd, salt_size, &g, &n);
Packit 549fdc 
	if (cr == NULL) {
Packit 549fdc 
		fprintf(stderr, "Cannot _srp_crypt()...\n");
Packit 549fdc 
		return -1;
Packit 549fdc 
	} else {
Packit 549fdc 
		/* delete previous entry */
Packit 549fdc 
		struct stat st;
Packit 549fdc 
		FILE *fd2;
Packit 549fdc 
		int put;
Packit 549fdc
Packit 549fdc 
		if (strlen(tpasswd) + 5 > sizeof(tmpname)) {
Packit 549fdc 
			fprintf(stderr, "file '%s' is tooooo long\n",
Packit 549fdc 
				tpasswd);
Packit 549fdc 
			return -1;
Packit 549fdc 
		}
Packit 549fdc
Packit 549fdc 
		snprintf(tmpname, sizeof(tmpname), "%s.tmp", tpasswd);
Packit 549fdc
Packit 549fdc 
		if (stat(tmpname, &st) != -1) {
Packit 549fdc 
			fprintf(stderr, "file '%s' is locked\n", tpasswd);
Packit 549fdc 
			return -1;
Packit 549fdc 
		}
Packit 549fdc
Packit 549fdc 
		if (filecopy(tpasswd, tmpname) != 0) {
Packit 549fdc 
			fprintf(stderr, "Cannot copy '%s' to '%s'\n",
Packit 549fdc 
				tpasswd, tmpname);
Packit 549fdc 
			return -1;
Packit 549fdc 
		}
Packit 549fdc
Packit 549fdc 
		fd = fopen(tpasswd, "w");
Packit 549fdc 
		if (fd == NULL) {
Packit 549fdc 
			fprintf(stderr, "Cannot open '%s' for write\n",
Packit 549fdc 
				tpasswd);
Packit 549fdc 
			(void)remove(tmpname);
Packit 549fdc 
			return -1;
Packit 549fdc 
		}
Packit 549fdc
Packit 549fdc 
		fd2 = fopen(tmpname, "r");
Packit 549fdc 
		if (fd2 == NULL) {
Packit 549fdc 
			fprintf(stderr, "Cannot open '%s' for read\n",
Packit 549fdc 
				tmpname);
Packit 549fdc 
			(void)remove(tmpname);
Packit 549fdc 
			return -1;
Packit 549fdc 
		}
Packit 549fdc
Packit 549fdc 
		put = 0;
Packit 549fdc 
		do {
Packit 549fdc 
			p = fgets(line, sizeof(line) - 1, fd2);
Packit 549fdc 
			if (p == NULL)
Packit 549fdc 
				break;
Packit 549fdc
Packit 549fdc 
			pp = strchr(line, ':');
Packit 549fdc 
			if (pp == NULL)
Packit 549fdc 
				continue;
Packit 549fdc
Packit 549fdc 
			if (strncmp(p, username,
Packit 549fdc 
				    MAX(strlen(username),
Packit 549fdc 
					(unsigned int) (pp - p))) == 0) {
Packit 549fdc 
				put = 1;
Packit 549fdc 
				fprintf(fd, "%s:%s:%u\n", username, cr,
Packit 549fdc 
					iindex);
Packit 549fdc 
			} else {
Packit 549fdc 
				fputs(line, fd);
Packit 549fdc 
			}
Packit 549fdc 
		}
Packit 549fdc 
		while (1);
Packit 549fdc
Packit 549fdc 
		if (put == 0) {
Packit 549fdc 
			fprintf(fd, "%s:%s:%u\n", username, cr, iindex);
Packit 549fdc 
		}
Packit 549fdc
Packit 549fdc 
		fclose(fd);
Packit 549fdc 
		fclose(fd2);
Packit 549fdc
Packit 549fdc 
		(void)remove(tmpname);
Packit 549fdc
Packit 549fdc 
	}
Packit 549fdc
Packit 549fdc
Packit 549fdc 
	return 0;
Packit 549fdc 
}
Packit 549fdc
Packit 549fdc
Packit 549fdc
Packit 549fdc 
/* this function parses tpasswd.conf file. Format is:
Packit 549fdc 
 * int(index):base64(n):base64(g)
Packit 549fdc 
 */
Packit 549fdc 
static int
Packit 549fdc 
read_conf_values(gnutls_datum_t * g, gnutls_datum_t * n, char *str)
Packit 549fdc 
{
Packit 549fdc 
	char *p;
Packit 549fdc 
	int len;
Packit 549fdc 
	int index, ret;
Packit 549fdc 
	gnutls_datum_t dat;
Packit 549fdc
Packit 549fdc 
	index = atoi(str);
Packit 549fdc
Packit 549fdc 
	p = strrchr(str, ':');	/* we have g */
Packit 549fdc 
	if (p == NULL) {
Packit 549fdc 
		return -1;
Packit 549fdc 
	}
Packit 549fdc
Packit 549fdc 
	*p = '\0';
Packit 549fdc 
	p++;
Packit 549fdc
Packit 549fdc 
	/* read the generator */
Packit 549fdc 
	len = strlen(p);
Packit 549fdc 
	if (p[len - 1] == '\n')
Packit 549fdc 
		len--;
Packit 549fdc
Packit 549fdc 
	dat.data = (void *) p;
Packit 549fdc 
	dat.size = len;
Packit 549fdc 
	ret = gnutls_srp_base64_decode_alloc(&dat, g);
Packit 549fdc
Packit 549fdc 
	if (ret < 0) {
Packit 549fdc 
		fprintf(stderr, "Decoding error\n");
Packit 549fdc 
		return -1;
Packit 549fdc 
	}
Packit 549fdc
Packit 549fdc 
	/* now go for n - modulo */
Packit 549fdc 
	p = strrchr(str, ':');	/* we have n */
Packit 549fdc 
	if (p == NULL) {
Packit 549fdc 
		return -1;
Packit 549fdc 
	}
Packit 549fdc
Packit 549fdc 
	*p = '\0';
Packit 549fdc 
	p++;
Packit 549fdc
Packit 549fdc 
	dat.data = (void *) p;
Packit 549fdc 
	dat.size = strlen(p);
Packit 549fdc
Packit 549fdc 
	ret = gnutls_srp_base64_decode_alloc(&dat, n);
Packit 549fdc
Packit 549fdc 
	if (ret < 0) {
Packit 549fdc 
		fprintf(stderr, "Decoding error\n");
Packit 549fdc 
		free(g->data);
Packit 549fdc 
		return -1;
Packit 549fdc 
	}
Packit 549fdc
Packit 549fdc 
	return index;
Packit 549fdc 
}

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation