4 * This program is designed to run setuid(root) or with sufficient
5 * privilege to read all of the unix password databases. It is designed
6 * to provide a mechanism for the current user (defined by this
7 * process' uid) to verify their own password.
9 * The password is read from the standard input. The exit status of
10 * this program indicates whether the user is authenticated or not.
12 * Copyright information is located at the end of the file.
16 #include <security/_pam_aconf.h>
24 #include <sys/types.h>
29 #define MAXPASS 200 /* the maximum length of a password */
31 #include <security/_pam_macros.h>
35 extern char *crypt(const char *key, const char *salt);
36 extern char *bigcrypt(const char *key, const char *salt);
41 /* syslogging function for errors and other information */
43 static void _log_err(int err, const char *format,...)
47 va_start(args, format);
48 openlog("unix_chkpwd", LOG_CONS | LOG_PID, LOG_AUTH);
49 vsyslog(err, format, args);
54 static void su_sighandler(int sig)
57 _log_err(LOG_NOTICE, "caught signal %d.", sig);
62 static void setup_signals(void)
64 struct sigaction action; /* posix signal structure */
67 * Setup signal handlers
69 (void) memset((void *) &action, 0, sizeof(action));
70 action.sa_handler = su_sighandler;
71 action.sa_flags = SA_RESETHAND;
72 (void) sigaction(SIGILL, &action, NULL);
73 (void) sigaction(SIGTRAP, &action, NULL);
74 (void) sigaction(SIGBUS, &action, NULL);
75 (void) sigaction(SIGSEGV, &action, NULL);
76 action.sa_handler = SIG_IGN;
78 (void) sigaction(SIGTERM, &action, NULL);
79 (void) sigaction(SIGHUP, &action, NULL);
80 (void) sigaction(SIGINT, &action, NULL);
81 (void) sigaction(SIGQUIT, &action, NULL);
84 static int _unix_verify_password(const char *name, const char *p, int opt)
86 struct passwd *pwd = NULL;
87 struct spwd *spwdent = NULL;
90 int retval = UNIX_FAILED;
92 /* UNIX passwords area */
94 pwd = getpwnam(name); /* Get password file entry... */
97 if (strcmp(pwd->pw_passwd, "x") == 0) {
99 * ...and shadow password file entry for this user,
100 * if shadowing is enabled
103 spwdent = getspnam(name);
106 salt = x_strdup(spwdent->sp_pwdp);
110 if (strcmp(pwd->pw_passwd, "*NP*") == 0) { /* NIS+ */
113 save_uid = geteuid();
114 seteuid(pwd->pw_uid);
115 spwdent = getspnam(name);
118 salt = x_strdup(spwdent->sp_pwdp);
120 salt = x_strdup(pwd->pw_passwd);
124 if (pwd == NULL || salt == NULL) {
125 _log_err(LOG_ALERT, "check pass; user unknown");
130 if (strlen(salt) == 0)
131 return (opt == 0) ? UNIX_FAILED : UNIX_PASSED;
133 /* the moment of truth -- do we agree with the password? */
134 retval = UNIX_FAILED;
135 if (!strncmp(salt, "$1$", 3)) {
136 pp = Goodcrypt_md5(p, salt);
137 if (strcmp(pp, salt) == 0) {
138 retval = UNIX_PASSED;
140 pp = Brokencrypt_md5(p, salt);
141 if (strcmp(pp, salt) == 0)
142 retval = UNIX_PASSED;
145 pp = bigcrypt(p, salt);
146 if (strcmp(pp, salt) == 0) {
147 retval = UNIX_PASSED;
150 p = NULL; /* no longer needed here */
165 static char *getuidname(uid_t uid)
171 envname = getenv("LOGNAME");
179 if (strcmp(envname, pw->pw_name))
184 static char username[32];
190 memset(username, 0, 32);
191 strncpy(username, pw->pw_name, 32);
198 int main(int argc, char *argv[])
200 char pass[MAXPASS + 1];
203 int retval = UNIX_FAILED;
207 * Catch or ignore as many signal as possible.
212 * we establish that this program is running with non-tty stdin.
213 * this is to discourage casual use. It does *NOT* prevent an
214 * intruder from repeatadly running this program to determine the
215 * password of the current user (brute force attack, but one for
216 * which the attacker must already have gained access to the user's
220 if (isatty(STDIN_FILENO)) {
223 ,"inappropriate use of Unix helper binary [UID=%d]"
226 ,"This binary is not designed for running in this way\n"
227 "-- the system administrator has been informed\n");
228 sleep(10); /* this should discourage/annoy the user */
232 * determine the current user's name is
233 * 1. supplied as a environment variable as LOGNAME
234 * 2. the uid has to match the one associated with the LOGNAME.
236 user = getuidname(getuid());
238 /* read the nollok/nonull option */
240 npass = read(STDIN_FILENO, option, 8);
243 _log_err(LOG_DEBUG, "no option supplied");
247 if (strncmp(option, "nullok", 8) == 0)
253 /* read the password from stdin (a pipe from the pam_unix module) */
255 npass = read(STDIN_FILENO, pass, MAXPASS);
257 if (npass < 0) { /* is it a valid password? */
259 _log_err(LOG_DEBUG, "no password supplied");
261 } else if (npass >= MAXPASS) {
263 _log_err(LOG_DEBUG, "password too long");
267 /* the password is NULL */
269 retval = _unix_verify_password(user, NULL, opt);
272 /* does pass agree with the official one? */
274 pass[npass] = '\0'; /* NUL terminate */
275 retval = _unix_verify_password(user, pass, opt);
280 memset(pass, '\0', MAXPASS); /* clear memory of the password */
282 /* return pass or fail */
288 * Copyright (c) Andrew G. Morgan, 1996. All rights reserved
290 * Redistribution and use in source and binary forms, with or without
291 * modification, are permitted provided that the following conditions
293 * 1. Redistributions of source code must retain the above copyright
294 * notice, and the entire permission notice in its entirety,
295 * including the disclaimer of warranties.
296 * 2. Redistributions in binary form must reproduce the above copyright
297 * notice, this list of conditions and the following disclaimer in the
298 * documentation and/or other materials provided with the distribution.
299 * 3. The name of the author may not be used to endorse or promote
300 * products derived from this software without specific prior
301 * written permission.
303 * ALTERNATIVELY, this product may be distributed under the terms of
304 * the GNU Public License, in which case the provisions of the GPL are
305 * required INSTEAD OF the above restrictions. (This clause is
306 * necessary due to a potential bad interaction between the GPL and
307 * the restrictions contained in a BSD-style copyright.)
309 * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED
310 * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
311 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
312 * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT,
313 * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
314 * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
315 * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
316 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
317 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
318 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
319 * OF THE POSSIBILITY OF SUCH DAMAGE.