logo

skeud

Simple and portable utilities to deal with user accounts (su, login)git clone https://anongit.hacktivis.me/git/skeud.git/

common.c (2561B)

    

  1. // SPDX-FileCopyrightText: 2022 Haelwenn (lanodan) Monnier <contact+skeud@hacktivis.me>
  2. // SPDX-License-Identifier: MPL-2.0
  4. #define _POSIX_C_SOURCE 200809L
  5. // for explicit_bzero and termios
  6. #define _DEFAULT_SOURCE
  8. #include "common.h"
  10. #include <errno.h>   // errno
  11. #include <stdio.h>   // fclose, fopen, fprintf, perror, getline, fileno
  12. #include <string.h>  // explicit_bzero
  13. #include <termios.h> // tcgetattr, tcsetattr
  14. #include <unistd.h>  // crypt
  16. #ifndef MIN
  17. #define MIN(a, b) (((a) < (b)) ? (a) : (b))
  18. #endif
  20. // Needs to be constant-time so the hash can't be guessed via using a rainbow-table
  21. bool
  22. hash_match(const char *a, const char *b)
  23. {
  24. 	/* flawfinder: ignore CWE-126 */
  25. 	size_t len_a = strlen(a);
  26. 	/* flawfinder: ignore CWE-126 */
  27. 	size_t len_b = strlen(b);
  28. 	size_t n     = MIN(len_a, len_b);
  29. 	bool ret     = true;
  31. 	for(size_t i = 0; i < n; i++)
  32. 		if(a[i] != b[i]) ret = false;
  34. 	if(len_a != len_b)
  35. 		return false;
  36. 	else
  37. 		return ret;
  38. }
  40. bool
  41. skeud_crypt_check(const char *hash, const char *password)
  42. {
  43. 	if(!hash) return false;
  44. 	if(strcmp(hash, "") == 0) return false;
  46. 	/* flawfinder: ignore CWE-327, crypt is the only relevant function */
  47. 	char *chk_hash = crypt(password, hash);
  48. 	if(chk_hash == NULL)
  49. 	{
  50. 		perror("skeud_crypt_check: error: crypt");
  51. 		return false;
  52. 	}
  54. 	bool match = hash_match(hash, chk_hash);
  56. 	// cleanup
  57. 	chk_hash = crypt("", hash);
  59. 	return match;
  60. }
  62. ssize_t
  63. skeud_getpass(char **password)
  64. {
  65. 	struct termios t;
  66. 	size_t len  = 0;
  67. 	ssize_t got = -1;
  69. 	/* flawfinder: ignore CWE-362 */
  70. 	FILE *tty = fopen("/dev/tty", "rb+");
  71. 	if(tty == NULL)
  72. 	{
  73. 		perror("skeud_getpass: error: open(\"/dev/tty\")");
  74. 		return got;
  75. 	}
  76. 	int tty_fd = fileno(tty);
  77. 	if(tty_fd < 0)
  78. 	{
  79. 		perror("skeud_getpass: error: fileno(tty)");
  80. 		goto getpass_end;
  81. 	}
  83. 	if(tcgetattr(tty_fd, &t) < 0)
  84. 	{
  85. 		perror("skeud_getpass: error: tcgetattr");
  86. 		goto getpass_end;
  87. 	}
  89. 	const char *prompt = "Password: ";
  90. 	write(tty_fd, prompt, strlen(prompt));
  91. 	t.c_lflag &= ~ECHO;
  92. 	if(tcsetattr(tty_fd, TCSANOW, &t) < 0)
  93. 	{
  94. 		perror("skeud_getpass: error: tcsetattr(~ECHO)");
  95. 		goto getpass_end;
  96. 	}
  98. 	errno = 0;
  99. 	got   = getline(password, &len, tty);
  100. 	if(got < 0)
  101. 	{
  102. 		if(errno != 0) perror("skeud_getpass: error: getline");
  103. 		goto getpass_clean;
  104. 	}
  105. 	fputs("\n", tty);
  106. 	(*password)[got]     = 0;
  107. 	(*password)[got - 1] = 0;
  108. 	got--;
  110. getpass_clean:
  111. 	t.c_lflag ^= ECHO;
  112. 	if(tcsetattr(tty_fd, TCSANOW, &t) < 0)
  113. 	{
  114. 		perror("skeud_getpass: error: tcsetattr(ECHO)");
  115. 		explicit_bzero(password, got);
  116. 		got = -1;
  117. 		goto getpass_end;
  118. 	}
  120. getpass_end:
  121. 	fclose(tty);
  123. 	return got;
  124. }