[05/13] lib/crypt: Add helpers for operating on /etc/shadow
diff mbox series

Message ID 20181122233630.6303-6-sam@mendozajonas.com
State Superseded
Headers show
Series
  • User support and client permissions
Related show

Commit Message

Samuel Mendoza-Jonas Nov. 22, 2018, 11:36 p.m. UTC
Provides helper functions for reading, writing, and checking against
/etc/shadow. The main use case if for authenticating clients against the
"system" password, which is set as the root password.

Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
---
 configure.ac      |  22 ++++++++
 lib/Makefile.am   |   9 ++++
 lib/crypt/crypt.c | 126 ++++++++++++++++++++++++++++++++++++++++++++++
 lib/crypt/crypt.h |  49 ++++++++++++++++++
 4 files changed, 206 insertions(+)
 create mode 100644 lib/crypt/crypt.c
 create mode 100644 lib/crypt/crypt.h

Comments

Stewart Smith Nov. 23, 2018, 12:54 a.m. UTC | #1
Samuel Mendoza-Jonas <sam@mendozajonas.com> writes:
> Provides helper functions for reading, writing, and checking against
> /etc/shadow. The main use case if for authenticating clients against the
> "system" password, which is set as the root password.
>
> Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
> ---
>  configure.ac      |  22 ++++++++
>  lib/Makefile.am   |   9 ++++
>  lib/crypt/crypt.c | 126 ++++++++++++++++++++++++++++++++++++++++++++++
>  lib/crypt/crypt.h |  49 ++++++++++++++++++
>  4 files changed, 206 insertions(+)
>  create mode 100644 lib/crypt/crypt.c
>  create mode 100644 lib/crypt/crypt.h
>
> diff --git a/configure.ac b/configure.ac
> index 2bf6e6f6..4151b002 100644
> --- a/configure.ac
> +++ b/configure.ac
> @@ -76,6 +76,27 @@ AC_CHECK_LIB([devmapper], [dm_task_create],
>  	[AC_MSG_FAILURE([The libdevmapper development library is required by petitboot.  Try installing the package libdevmapper-dev or device-mapper-devel.])]
>  )
>
> +AC_ARG_ENABLE(
> +	[crypt],
> +	[AS_HELP_STRING(
> +		[--enable-crypt],
> +		[Include crypt support to enable password use [default=no]]
> +	)],
> +	[],
> +	[enable_crypt=no]
> +)
> +AM_CONDITIONAL([ENABLE_CRYPT], [test "x$enable_crypt" = "xyes"])
> +AS_IF([test "x$enable_crypt" = "xyes"],
> +      [AC_DEFINE(CRYPT_SUPPORT, 1, [Enable crypt/password support])],
> +      []
> +)
> +AS_IF([test "x$enable_crypt" = "xyes"],
> +	AC_CHECK_LIB([crypt], [crypt],
> +		[CRYPT_LIBS=-lcrypt],
> +		[AC_MSG_FAILURE([shadow/crypt libs required])]
> +	)
> +)
> +
>  AC_ARG_WITH([fdt],
>  	AS_HELP_STRING([--without-fdt],
>  		[Build without libfdt (default: no)]))
> @@ -455,6 +476,7 @@ AS_IF(
>   
>  AC_SUBST([UDEV_LIBS])
>  AC_SUBST([DEVMAPPER_LIBS])
> +AC_SUBST([CRYPT_LIBS])
>  AC_SUBST([FDT_LIBS])
>  AC_SUBST([LIBFLASH_LIBS])
>  AC_SUBST([LIBTOOL_DEPS])
> diff --git a/lib/Makefile.am b/lib/Makefile.am
> index 016a14dd..69a66c37 100644
> --- a/lib/Makefile.am
> +++ b/lib/Makefile.am
> @@ -35,6 +35,7 @@ lib_libpbcore_la_CFLAGS = \
>
>  lib_libpbcore_la_SOURCES = \
>  	lib/ccan/endian/endian.h \
> +	lib/crypt/crypt.h \
>  	lib/file/file.h \
>  	lib/file/file.c \
>  	lib/fold/fold.h \
> @@ -93,3 +94,11 @@ lib_libpbcore_la_SOURCES += \
>  	lib/security/none.c
>  endif
>  endif
> +
> +if ENABLE_CRYPT
> +lib_libpbcore_la_SOURCES += \
> +	lib/crypt/crypt.c
> +
> +lib_libpbcore_la_LDFLAGS += \
> +	$(CRYPT_LIBS)
> +endif
> diff --git a/lib/crypt/crypt.c b/lib/crypt/crypt.c
> new file mode 100644
> index 00000000..dcaf3afe
> --- /dev/null
> +++ b/lib/crypt/crypt.c
> @@ -0,0 +1,126 @@
> +/*
> + *  Copyright (C) 2018 IBM Corporation
> + *
> + *  This program is free software; you can redistribute it and/or modify
> + *  it under the terms of the GNU General Public License as published by
> + *  the Free Software Foundation; version 2 of the License.
> + *
> + *  This program is distributed in the hope that it will be useful,
> + *  but WITHOUT ANY WARRANTY; without even the implied warranty of
> + *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
> + *  GNU General Public License for more details.
> + *
> + */
> +#include <string.h>
> +#include <errno.h>
> +#include <stdlib.h>
> +#include <shadow.h>
> +#include <crypt.h>
> +#include <errno.h>
> +
> +#include <talloc/talloc.h>
> +#include <log/log.h>
> +
> +#include "crypt.h"
> +
> +int crypt_set_password_hash(void *ctx, const char *hash)
> +{
> +	struct spwd *shadow;
> +	FILE *fp;
> +	int rc;
> +
> +	shadow = getspnam("root");
> +	if (!shadow) {
> +		pb_log("Could not find root shadow\n");
> +		return -1;
> +	}
> +
> +	shadow->sp_pwdp = talloc_strdup(ctx, hash);
> +	if (!shadow->sp_pwdp) {
> +		pb_log("Could not assign password\n");
> +		return -1;
> +	}
> +
> +	lckpwdf();
> +
> +	fp = fopen("/etc/shadow", "w+");
> +	if (!fp) {
> +		pb_log("Could not open shadow file\n");
> +		rc = -1;
> +		goto out;
> +	}
> +
> +	rc = putspent(shadow, fp);
> +	if (rc)
> +		pb_log("Failed to set password hash\n");
> +
> +	talloc_free(shadow->sp_pwdp);
> +out:
> +	fclose(fp);

I don't think fclose() can take NULL, which would be hit by a failure in
the fopen() path above.

*technically* fclose() can also file with EIO,ENOSPC etc (everything
close(2), write(2), or fflush(3) can fail with) so *possibly* worthwhile
checking for it here, at least so we have well defined behaviour?

Patch
diff mbox series

diff --git a/configure.ac b/configure.ac
index 2bf6e6f6..4151b002 100644
--- a/configure.ac
+++ b/configure.ac
@@ -76,6 +76,27 @@  AC_CHECK_LIB([devmapper], [dm_task_create],
 	[AC_MSG_FAILURE([The libdevmapper development library is required by petitboot.  Try installing the package libdevmapper-dev or device-mapper-devel.])]
 )
 
+AC_ARG_ENABLE(
+	[crypt],
+	[AS_HELP_STRING(
+		[--enable-crypt],
+		[Include crypt support to enable password use [default=no]]
+	)],
+	[],
+	[enable_crypt=no]
+)
+AM_CONDITIONAL([ENABLE_CRYPT], [test "x$enable_crypt" = "xyes"])
+AS_IF([test "x$enable_crypt" = "xyes"],
+      [AC_DEFINE(CRYPT_SUPPORT, 1, [Enable crypt/password support])],
+      []
+)
+AS_IF([test "x$enable_crypt" = "xyes"],
+	AC_CHECK_LIB([crypt], [crypt],
+		[CRYPT_LIBS=-lcrypt],
+		[AC_MSG_FAILURE([shadow/crypt libs required])]
+	)
+)
+
 AC_ARG_WITH([fdt],
 	AS_HELP_STRING([--without-fdt],
 		[Build without libfdt (default: no)]))
@@ -455,6 +476,7 @@  AS_IF(
  
 AC_SUBST([UDEV_LIBS])
 AC_SUBST([DEVMAPPER_LIBS])
+AC_SUBST([CRYPT_LIBS])
 AC_SUBST([FDT_LIBS])
 AC_SUBST([LIBFLASH_LIBS])
 AC_SUBST([LIBTOOL_DEPS])
diff --git a/lib/Makefile.am b/lib/Makefile.am
index 016a14dd..69a66c37 100644
--- a/lib/Makefile.am
+++ b/lib/Makefile.am
@@ -35,6 +35,7 @@  lib_libpbcore_la_CFLAGS = \
 
 lib_libpbcore_la_SOURCES = \
 	lib/ccan/endian/endian.h \
+	lib/crypt/crypt.h \
 	lib/file/file.h \
 	lib/file/file.c \
 	lib/fold/fold.h \
@@ -93,3 +94,11 @@  lib_libpbcore_la_SOURCES += \
 	lib/security/none.c
 endif
 endif
+
+if ENABLE_CRYPT
+lib_libpbcore_la_SOURCES += \
+	lib/crypt/crypt.c
+
+lib_libpbcore_la_LDFLAGS += \
+	$(CRYPT_LIBS)
+endif
diff --git a/lib/crypt/crypt.c b/lib/crypt/crypt.c
new file mode 100644
index 00000000..dcaf3afe
--- /dev/null
+++ b/lib/crypt/crypt.c
@@ -0,0 +1,126 @@ 
+/*
+ *  Copyright (C) 2018 IBM Corporation
+ *
+ *  This program is free software; you can redistribute it and/or modify
+ *  it under the terms of the GNU General Public License as published by
+ *  the Free Software Foundation; version 2 of the License.
+ *
+ *  This program is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU General Public License for more details.
+ *
+ */
+#include <string.h>
+#include <errno.h>
+#include <stdlib.h>
+#include <shadow.h>
+#include <crypt.h>
+#include <errno.h>
+
+#include <talloc/talloc.h>
+#include <log/log.h>
+
+#include "crypt.h"
+
+int crypt_set_password_hash(void *ctx, const char *hash)
+{
+	struct spwd *shadow;
+	FILE *fp;
+	int rc;
+
+	shadow = getspnam("root");
+	if (!shadow) {
+		pb_log("Could not find root shadow\n");
+		return -1;
+	}
+
+	shadow->sp_pwdp = talloc_strdup(ctx, hash);
+	if (!shadow->sp_pwdp) {
+		pb_log("Could not assign password\n");
+		return -1;
+	}
+
+	lckpwdf();
+
+	fp = fopen("/etc/shadow", "w+");
+	if (!fp) {
+		pb_log("Could not open shadow file\n");
+		rc = -1;
+		goto out;
+	}
+
+	rc = putspent(shadow, fp);
+	if (rc)
+		pb_log("Failed to set password hash\n");
+
+	talloc_free(shadow->sp_pwdp);
+out:
+	fclose(fp);
+	ulckpwdf();
+	return rc;
+}
+
+static const char *crypt_hash_password(const char *password)
+{
+	struct spwd *shadow;
+	char *hash;
+
+	shadow = getspnam("root");
+	if (!shadow) {
+		pb_log("Could not find root shadow\n");
+		return NULL;
+	}
+
+	hash = crypt(password ?: "", shadow->sp_pwdp);
+	if (!hash)
+		pb_log("Could not create hash, %m\n");
+
+
+	return hash;
+}
+
+
+int crypt_set_password(void *ctx, const char *password)
+{
+	const char *hash;
+
+	hash = crypt_hash_password(password);
+	if (!hash)
+		return -1;
+
+	return crypt_set_password_hash(ctx, hash);
+}
+
+char *crypt_get_hash(void *ctx)
+{
+	struct spwd *shadow;
+
+	shadow = getspnam("root");
+	if (!shadow) {
+		pb_log("Could not find root shadow\n");
+		return false;
+	}
+
+	return talloc_strdup(ctx, shadow->sp_pwdp);
+}
+
+bool crypt_check_password(const char *password)
+{
+	struct spwd *shadow;
+	char *hash;
+
+	shadow = getspnam("root");
+	if (!shadow) {
+		pb_log("Could not find root shadow\n");
+		return false;
+	}
+
+	hash = crypt(password ? : "", shadow->sp_pwdp);
+	if (!hash) {
+		pb_log("Could not create hash, %m\n");
+		return false;
+	}
+
+	return strncmp(shadow->sp_pwdp, hash, strlen(shadow->sp_pwdp)) == 0;
+}
diff --git a/lib/crypt/crypt.h b/lib/crypt/crypt.h
new file mode 100644
index 00000000..4b242f0c
--- /dev/null
+++ b/lib/crypt/crypt.h
@@ -0,0 +1,49 @@ 
+/*
+ *  Copyright (C) 2018 IBM Corporation
+ *
+ *  This program is free software; you can redistribute it and/or modify
+ *  it under the terms of the GNU General Public License as published by
+ *  the Free Software Foundation; version 2 of the License.
+ *
+ *  This program is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU General Public License for more details.
+ *
+ */
+#ifndef CRYPT_H
+#define CRYPT_H
+
+#include "config.h"
+
+#ifdef CRYPT_SUPPORT
+
+char *crypt_get_hash(void *ctx);
+bool crypt_check_password(const char *password);
+int crypt_set_password(void *ctx, const char *password);
+int crypt_set_password_hash(void *ctx, const char *hash);
+
+#else
+
+static inline char *crypt_get_hash(void *ctx __attribute__((unused)))
+{
+	return NULL;
+}
+static inline bool crypt_check_password(
+		const char *password __attribute__((unused)))
+{
+	return false;
+}
+static inline int crypt_set_password(void *ctx __attribute__((unused)),
+		const char *password __attribute__((unused)))
+{
+	return -1;
+}
+static inline int crypt_set_password_hash(void *ctx __attribute__((unused)),
+		const char *hash __attribute__((unused)))
+{
+	return -1;
+}
+
+#endif
+#endif /* CRYPT_H */