1 /*        $NetBSD: skeylogin.c,v 1.19 2005/02/04 16:13:14 perry Exp $ */
2 
3 /* S/KEY v1.1b (skeylogin.c)
4  *
5  * Authors:
6  *          Neil M. Haller <nmh@thumper.bellcore.com>
7  *          Philip R. Karn <karn@chicago.qualcomm.com>
8  *          John S. Walden <jsw@thumper.bellcore.com>
9  *          Scott Chasin <chasin@crimelab.com>
10  *
11  * Modifications:
12  *          Todd C. Miller <Todd.Miller@courtesan.com>
13  *          Angelos D. Keromytis <adk@adk.gr>
14  *
15  * S/KEY verification check, lookups, and authentication.
16  */
17 
18 #include <sys/cdefs.h>
19 __RCSID("$NetBSD: skeylogin.c,v 1.19 2005/02/04 16:13:14 perry Exp $");
20 
21 #include <sys/param.h>
22 #include <sys/stat.h>
23 #include <sys/time.h>
24 #include <sys/resource.h>
25 #include <sys/types.h>
26 
27 #include <ctype.h>
28 #include <err.h>
29 #include <errno.h>
30 #include <fcntl.h>
31 #include <paths.h>
32 #include <stdio.h>
33 #include <stdlib.h>
34 #include <string.h>
35 #include <time.h>
36 #include <unistd.h>
37 
38 #include "skey.h"
39 
40 #define OTP_FMT "otp-%.*s %d %.*s"
41 
42 /* Issue a skey challenge for user 'name'. If successful,
43  * fill in the caller's skey structure and return 0. If unsuccessful
44  * (e.g., if name is unknown) return -1.
45  *
46  * The file read/write pointer is left at the start of the
47  * record.
48  */
getskeyprompt(struct skey * mp,char * name,char * prompt)49 int getskeyprompt(struct skey *mp, char *name, char *prompt)
50 {
51           int rval;
52 
53           sevenbit(name);
54           rval = skeylookup(mp, name);
55 
56           *prompt = '\0';
57           switch (rval) {
58           case -1:  /* File error */
59                     return -1;
60           case 0:             /* Lookup succeeded, return challenge */
61                     sprintf(prompt, OTP_FMT "\n",
62                                         SKEY_MAX_HASHNAME_LEN, skey_get_algorithm(),
63                                         mp->n - 1, SKEY_MAX_SEED_LEN, mp->seed);
64                     return 0;
65           case 1:             /* User not found */
66                     fclose(mp->keyfile);
67                     mp->keyfile = NULL;
68                     return -1;
69           }
70           return -1;          /* Can't happen */
71 }
72 
73 /* Return  a skey challenge string for user 'name'. If successful,
74  * fill in the caller's skey structure and return 0. If unsuccessful
75  * (e.g., if name is unknown) return -1.
76  *
77  * The file read/write pointer is left at the start of the
78  * record.
79  */
skeychallenge(struct skey * mp,const char * name,char * ss,size_t sslen)80 int skeychallenge(struct skey *mp, const char *name, char *ss, size_t sslen)
81 {
82           int rval;
83 
84           rval = skeylookup(mp, name);
85 
86           *ss = '\0';
87           switch(rval){
88           case -1:  /* File error */
89                     return -1;
90           case 0:             /* Lookup succeeded, issue challenge */
91                     snprintf(ss, sslen, OTP_FMT, SKEY_MAX_HASHNAME_LEN,
92                                         skey_get_algorithm(), mp->n - 1,
93                                         SKEY_MAX_SEED_LEN, mp->seed);
94                     return 0;
95           case 1:             /* User not found */
96                     fclose(mp->keyfile);
97                     mp->keyfile = NULL;
98                     return -1;
99           }
100           return -1;          /* Can't happen */
101 }
102 
openSkey(void)103 static FILE *openSkey(void)
104 {
105           struct stat statbuf;
106           FILE *keyfile = NULL;
107 
108           /* Open _PATH_SKEYKEYS if it exists, else return an error */
109           if (stat(_PATH_SKEYKEYS, &statbuf) == 0 &&
110               (keyfile = fopen(_PATH_SKEYKEYS, "r+"))) {
111                     if ((statbuf.st_mode & 0007777) != 0600)
112                     fchmod(fileno(keyfile), 0600);
113         } else {
114                     keyfile = NULL;
115           }
116 
117           return keyfile;
118 }
119 
120 /* Find an entry in the One-time Password database.
121  * Return codes:
122  * -1: error in opening database
123  *  0: entry found, file R/W pointer positioned at beginning of record
124  *  1: entry not found, file R/W pointer positioned at EOF
125  */
skeylookup(struct skey * mp,const char * name)126 int skeylookup(struct skey *mp, const char *name)
127 {
128           int found = 0;
129           long recstart = 0;
130           const char *ht = NULL;
131           char *last;
132 
133           if(!(mp->keyfile = openSkey()))
134                     return(-1);
135 
136           /* Look up user name in database */
137           while (!feof(mp->keyfile)) {
138                     char *cp;
139 
140                     recstart = ftell(mp->keyfile);
141                     mp->recstart = recstart;
142                     if (fgets(mp->buf, sizeof(mp->buf), mp->keyfile) != mp->buf)
143                               break;
144 
145                     rip(mp->buf);
146                     if (mp->buf[0] == '#')
147                               continue; /* Comment */
148                     if ((mp->logname = strtok_r(mp->buf, " \t", &last)) == NULL)
149                               continue;
150                     if ((cp = strtok_r(NULL, " \t", &last)) == NULL)
151                               continue;
152                     /* Save hash type if specified, else use md4 */
153                     if (isalpha((u_char) *cp)) {
154                               ht = cp;
155                               if ((cp = strtok_r(NULL, " \t", &last)) == NULL)
156                                         continue;
157                     } else {
158                               ht = "md4";
159                     }
160                     mp->n = atoi(cp);
161                     if ((mp->seed = strtok_r(NULL, " \t", &last)) == NULL)
162                               continue;
163                     if ((mp->val = strtok_r(NULL, " \t", &last)) == NULL)
164                               continue;
165                     if (strcmp(mp->logname, name) == 0) {
166                               found = 1;
167                               break;
168                     }
169           }
170           if (found) {
171                     fseek(mp->keyfile, recstart, SEEK_SET);
172                     /* Set hash type */
173                     if (ht && skey_set_algorithm(ht) == NULL) {
174                               warnx("Unknown hash algorithm %s, using %s", ht,
175                                         skey_get_algorithm());
176                     }
177                     return(0);
178           } else {
179           return(1);
180           }
181 }
182 
183 /* Get the next entry in the One-time Password database.
184  * Return codes:
185  * -1: error in opening database
186  *  0: next entry found and stored in mp
187  *  1: no more entries, file R/W pointer positioned at EOF
188  */
skeygetnext(struct skey * mp)189 int skeygetnext(struct skey *mp)
190 {
191           long recstart = 0;
192           char *last;
193 
194           /* Open _PATH_SKEYKEYS if it exists, else return an error */
195           if (mp->keyfile == NULL) {
196                     if(!(mp->keyfile = openSkey()))
197                               return(-1);
198           }
199 
200           /* Look up next user in database */
201           while (!feof(mp->keyfile)) {
202                     char *cp;
203 
204                     recstart = ftell(mp->keyfile);
205                     mp->recstart = recstart;
206                     if (fgets(mp->buf, sizeof(mp->buf), mp->keyfile) != mp->buf)
207                               break;
208                     rip(mp->buf);
209                     if (mp->buf[0] == '#')
210                               continue; /* Comment */
211                     if ((mp->logname = strtok_r(mp->buf, " \t", &last)) == NULL)
212                               continue;
213                     if ((cp = strtok_r(NULL, " \t", &last)) == NULL)
214                               continue;
215                     /* Save hash type if specified, else use md4 */
216                     if (isalpha((u_char) *cp)) {
217                               if ((cp = strtok_r(NULL, " \t", &last)) == NULL)
218                                         continue;
219                     }
220                     mp->n = atoi(cp);
221                     if ((mp->seed = strtok_r(NULL, " \t", &last)) == NULL)
222                               continue;
223                     if ((mp->val = strtok_r(NULL, " \t", &last)) == NULL)
224                               continue;
225                     /* Got a real entry */
226                     break;
227           }
228           return(feof(mp->keyfile));
229 }
230 
231 /* Verify response to a s/key challenge.
232  *
233  * Return codes:
234  * -1: Error of some sort; database unchanged
235  *  0:  Verify successful, database updated
236  *  1:  Verify failed, database unchanged
237  *
238  * The database file is always closed by this call.
239  */
240 
skeyverify(struct skey * mp,char * response)241 int skeyverify(struct skey *mp, char *response)
242 {
243           char key[SKEY_BINKEY_SIZE];
244           char fkey[SKEY_BINKEY_SIZE];
245           char filekey[SKEY_BINKEY_SIZE];
246           time_t now;
247           struct tm *tm;
248           char tbuf[27];
249           char *cp, *last;
250           int i, rval;
251 
252           time(&now);
253           tm = localtime(&now);
254           strftime(tbuf, sizeof(tbuf), " %b %d,%Y %T", tm);
255 
256           if (response == NULL) {
257                     fclose(mp->keyfile);
258                     mp->keyfile = NULL;
259                     return -1;
260           }
261           rip(response);
262 
263           /* Convert response to binary */
264           if (etob(key, response) != 1 && atob8(key, response) != 0) {
265                     /* Neither english words or ascii hex */
266                     fclose(mp->keyfile);
267                     mp->keyfile = NULL;
268                     return -1;
269           }
270 
271           /* Compute fkey = f(key) */
272           memcpy(fkey, key, sizeof(key));
273         fflush(stdout);
274 
275           f(fkey);
276 
277           /*
278            * Obtain an exclusive lock on the key file so the same password
279            * cannot be used twice to get in to the system.
280            */
281           for (i = 0; i < 300; i++) {
282                     if ((rval = flock(fileno(mp->keyfile), LOCK_EX|LOCK_NB)) == 0 ||
283                         errno != EWOULDBLOCK)
284                               break;
285                     usleep(100000);                         /* Sleep for 0.1 seconds */
286           }
287           if (rval == -1) {                       /* Can't get exclusive lock */
288                     errno = EAGAIN;
289                     return(-1);
290           }
291 
292           /* Reread the file record NOW */
293 
294           fseek(mp->keyfile, mp->recstart, SEEK_SET);
295           if (fgets(mp->buf, sizeof(mp->buf), mp->keyfile) != mp->buf) {
296                     fclose(mp->keyfile);
297                     mp->keyfile = NULL;
298                     return -1;
299           }
300           rip(mp->buf);
301           if ((mp->logname = strtok_r(mp->buf, " \t", &last)) == NULL)
302                     goto verify_failure;
303           if ((cp = strtok_r(NULL, " \t", &last)) == NULL)
304                     goto verify_failure;
305           if (isalpha((u_char) *cp))
306                     if ((cp = strtok_r(NULL, " \t", &last)) == NULL)
307                               goto verify_failure;
308           if ((mp->seed = strtok_r(NULL, " \t", &last)) == NULL)
309                     goto verify_failure;
310           if ((mp->val = strtok_r(NULL, " \t", &last)) == NULL)
311                     goto verify_failure;
312           /* And convert file value to hex for comparison */
313           atob8(filekey, mp->val);
314 
315           /* Do actual comparison */
316           if (memcmp(filekey, fkey, SKEY_BINKEY_SIZE) != 0) {
317                     /* Wrong response */
318                     fclose(mp->keyfile);
319                     mp->keyfile = NULL;
320                     return 1;
321           }
322 
323           /*
324            * Update key in database by overwriting entire record. Note
325            * that we must write exactly the same number of bytes as in
326            * the original record (note fixed width field for N)
327            */
328           btoa8(mp->val, key);
329           mp->n--;
330           fseek(mp->keyfile, mp->recstart, SEEK_SET);
331           /* Don't save algorithm type for md4 (keep record length same) */
332           if (strcmp(skey_get_algorithm(), "md4") == 0)
333                     (void)fprintf(mp->keyfile, "%s %04d %-16s %s %-21s\n",
334                                     mp->logname, mp->n, mp->seed, mp->val, tbuf);
335           else
336                     (void)fprintf(mp->keyfile, "%s %s %04d %-16s %s %-21s\n",
337                                     mp->logname, skey_get_algorithm(), mp->n,
338                                     mp->seed, mp->val, tbuf);
339 
340           fclose(mp->keyfile);
341           mp->keyfile = NULL;
342           return 0;
343 
344   verify_failure:
345           fclose(mp->keyfile);
346           mp->keyfile = NULL;
347           return -1;
348 }
349 
350 
351 /* Returns: 1 user doesnt exist, -1 file error, 0 user exists. */
352 
skey_haskey(const char * username)353 int skey_haskey(const char *username)
354 {
355           struct skey skey;
356           int i;
357 
358           i = skeylookup(&skey, username);
359 
360           if (skey.keyfile != NULL) {
361                     fclose(skey.keyfile);
362                     skey.keyfile = NULL;
363           }
364           return(i);
365 }
366 
367 /*
368  * Returns the current sequence number and
369  * seed for the passed user.
370  */
skey_keyinfo(const char * username)371 const char *skey_keyinfo(const char *username)
372 {
373           int i;
374           static char str[SKEY_MAX_CHALLENGE];
375           struct skey skey;
376 
377           i = skeychallenge(&skey, username, str, sizeof str);
378           if (i == -1)
379                     return 0;
380 
381           if (skey.keyfile != NULL) {
382                     fclose(skey.keyfile);
383                     skey.keyfile = NULL;
384           }
385           return str;
386 }
387 
388 /*
389  * Check to see if answer is the correct one to the current
390  * challenge.
391  *
392  * Returns: 0 success, -1 failure
393  */
394 
skey_passcheck(const char * username,char * passwd)395 int skey_passcheck(const char *username, char *passwd)
396 {
397           int i;
398           struct skey skey;
399 
400           i = skeylookup (&skey, username);
401           if (i == -1 || i == 1)
402                     return -1;
403 
404           if (skeyverify (&skey, passwd) == 0)
405                     return skey.n;
406 
407           return -1;
408 }
409 
410 #if DO_FAKE_CHALLENGE
411 #define ROUND(x)   (((x)[0] << 24) + (((x)[1]) << 16) + (((x)[2]) << 8) + \
412                         ((x)[3]))
413 
414 /*
415  * hash_collapse()
416  */
hash_collapse(u_char * s)417 static u_int32_t hash_collapse(u_char *s)
418 {
419         int len, target;
420           u_int32_t i;
421           int slen;
422 
423           slen = strlen((char *)s);
424           if ((slen % sizeof(u_int32_t)) == 0)
425                     target = slen;    /* Multiple of 4 */
426           else
427                     target = slen - slen % sizeof(u_int32_t);
428 
429           for (i = 0, len = 0; len < target; len += 4)
430           i ^= ROUND(s + len);
431 
432           return i;
433 }
434 #endif
435 
436 /*
437  * Used when calling program will allow input of the user's
438  * response to the challenge.
439  *
440  * Returns: 0 success, -1 failure
441  */
442 
skey_authenticate(const char * username)443 int skey_authenticate(const char *username)
444 {
445           int i;
446           char pbuf[SKEY_MAX_PW_LEN+1], skeyprompt[SKEY_MAX_CHALLENGE+1];
447           struct skey skey;
448 #if DO_FAKE_CHALLENGE
449           u_int ptr;
450           u_char hseed[SKEY_MAX_SEED_LEN], flg = 1, *up;
451           size_t secretlen;
452           struct skey skey;
453           SHA1_CTX ctx;
454 #endif
455           /* Attempt a S/Key challenge */
456           i = skeychallenge(&skey, username, skeyprompt, sizeof skeyprompt);
457 
458 #if DO_FAKE_CHALLENGE
459           /* Cons up a fake prompt if no entry in keys file */
460           if (i != 0) {
461                     char *p, *u;
462 
463                     /*
464                      * Base first 4 chars of seed on hostname.
465                      * Add some filler for short hostnames if necessary.
466                      */
467                     if (gethostname(pbuf, sizeof(pbuf)) == -1)
468                               *(p = pbuf) = '.';
469                     else
470                               for (p = pbuf; *p && isalnum((u_char) *p); p++)
471                                         if (isalpha((u_char)*p) && isupper((u_char)*p))
472                                                   *p = tolower((u_char)*p);
473                     if (*p && pbuf - p < 4)
474                               (void)strncpy(p, "asjd", 4 - (pbuf - p));
475                     pbuf[4] = '\0';
476 
477                     /* Hash the username if possible */
478                     if ((up = SHA1Data(username, strlen(username), NULL)) != NULL) {
479                               struct stat sb;
480                               time_t t;
481                               int fd;
482 
483                               /* Collapse the hash */
484                               ptr = hash_collapse(up);
485                               memset(up, 0, strlen(up));
486 
487                               /* See if the random file's there, else use ctime */
488                               if ((fd = open(_SKEY_RAND_FILE_PATH_, O_RDONLY)) != -1
489                                   && fstat(fd, &sb) == 0 &&
490                                   sb.st_size > (off_t)SKEY_MAX_SEED_LEN &&
491                                   lseek(fd, ptr % (sb.st_size - SKEY_MAX_SEED_LEN),
492                                   SEEK_SET) != -1 && read(fd, hseed,
493                                   SKEY_MAX_SEED_LEN) == SKEY_MAX_SEED_LEN) {
494                                         close(fd);
495                                         fd = -1;
496                                         secret = hseed;
497                                         secretlen = SKEY_MAX_SEED_LEN;
498                                         flg = 0;
499                               } else if (!stat(_PATH_MEM, &sb) || !stat("/", &sb)) {
500                                         t = sb.st_ctime;
501                                         secret = ctime(&t);
502                                         secretlen = strlen(secret);
503                                         flg = 0;
504                               }
505                               if (fd != -1)
506                                         close(fd);
507                     }
508 
509                     /* Put that in your pipe and smoke it */
510                     if (flg == 0) {
511                               /* Hash secret value with username */
512                               SHA1Init(&ctx);
513                               SHA1Update(&ctx, secret, secretlen);
514                               SHA1Update(&ctx, username, strlen(username));
515                               SHA1End(&ctx, up);
516 
517                               /* Zero out */
518                               memset(secret, 0, secretlen);
519 
520                               /* Now hash the hash */
521                               SHA1Init(&ctx);
522                               SHA1Update(&ctx, up, strlen(up));
523                               SHA1End(&ctx, up);
524 
525                               ptr = hash_collapse(up + 4);
526 
527                               for (i = 4; i < 9; i++) {
528                                         pbuf[i] = (ptr % 10) + '0';
529                                         ptr /= 10;
530                               }
531                               pbuf[i] = '\0';
532 
533                               /* Sequence number */
534                               ptr = ((up[2] + up[3]) % 99) + 1;
535 
536                               memset(up, 0, 20); /* SHA1 specific */
537                               free(up);
538 
539                               (void)sprintf(skeyprompt,
540                                               "otp-%.*s %d %.*s",
541                                               SKEY_MAX_HASHNAME_LEN,
542                                               skey_get_algorithm(),
543                                               ptr, SKEY_MAX_SEED_LEN,
544                                               pbuf);
545                     } else {
546                               /* Base last 8 chars of seed on username */
547                               u = username;
548                               i = 8;
549                               p = &pbuf[4];
550                               do {
551                                         if (*u == 0) {
552                                                   /* Pad remainder with zeros */
553                                                   while (--i >= 0)
554                                                             *p++ = '0';
555                                                   break;
556                                         }
557 
558                                         *p++ = (*u++ % 10) + '0';
559                               } while (--i != 0);
560                               pbuf[12] = '\0';
561 
562                               (void)sprintf(skeyprompt, "otp-%.*s %d %.*s",
563                                               SKEY_MAX_HASHNAME_LEN,
564                                               skey_get_algorithm(),
565                                               99, SKEY_MAX_SEED_LEN, pbuf);
566                     }
567           }
568 #endif
569 
570           fprintf(stderr, "[%s]\n", skeyprompt);
571           fflush(stderr);
572 
573           fputs("Response: ", stderr);
574           readskey(pbuf, sizeof(pbuf));
575 
576           /* Is it a valid response? */
577           if (i == 0 && skeyverify(&skey, pbuf) == 0) {
578                     if (skey.n < 5) {
579                               fprintf(stderr,
580                               "\nWarning! Key initialization needed soon.  (%d logins left)\n",
581                               skey.n);
582                     }
583                     return 0;
584           }
585           return -1;
586 }
587 
588 /* Comment out user's entry in the s/key database
589  *
590  * Return codes:
591  * -1: Write error; database unchanged
592  *  0:  Database updated
593  *
594  * The database file is always closed by this call.
595  */
596 
597 /* ARGSUSED */
skeyzero(struct skey * mp,char * response)598 int skeyzero(struct skey *mp, char *response)
599 {
600           /*
601            * Seek to the right place and write comment character
602            * which effectively zero's out the entry.
603            */
604           fseek(mp->keyfile, mp->recstart, SEEK_SET);
605           if (fputc('#', mp->keyfile) == EOF) {
606                     fclose(mp->keyfile);
607                     mp->keyfile = NULL;
608                     return(-1);
609           }
610 
611           fclose(mp->keyfile);
612           mp->keyfile = NULL;
613           return(0);
614 }
615