logo

skeud

Simple and portable utilities to deal with user accounts (su, login)git clone https://anongit.hacktivis.me/git/skeud.git/

common.c (2729B)

    

  1. // SPDX-FileCopyrightText: 2022 Haelwenn (lanodan) Monnier <contact+skeud@hacktivis.me>
  2. // SPDX-License-Identifier: MPL-2.0
  4. #define _POSIX_C_SOURCE 202405L
  5. // for explicit_bzero
  6. #define _DEFAULT_SOURCE
  8. #include "common.h"
  10. #include <errno.h>   // errno
  11. #include <stdio.h>   // fclose, fopen, fprintf, perror, getline, fileno
  12. #include <string.h>  // explicit_bzero
  13. #include <termios.h> // tcgetattr, tcsetattr
  14. #include <unistd.h>  // crypt
  16. #undef MIN
  17. #define MIN(a, b) (((a) < (b)) ? (a) : (b))
  19. // doesn't exits to make sure cleanup is done
  20. int
  21. skeud_err(const char *errmsg, int err)
  22. {
  23. 	fputs(argv0, stderr);
  24. 	fputs(": error: ", stderr);
  25. 	fputs(errmsg, stderr);
  26. 	if(err != 0)
  27. 	{
  28. 		fputs(": ", stderr);
  29. 		fputs(strerror(err), stderr);
  30. 	}
  31. 	fputs("\n", stderr);
  32. 	return fflush(stderr);
  33. }
  35. // Needs to be constant-time
  36. bool
  37. hash_match(const char *a, size_t alen, const char *b, size_t blen)
  38. {
  39. 	size_t n = MIN(alen, blen);
  40. 	bool ret = true;
  42. 	for(size_t i = 0; i < n; i++)
  43. 		if(a[i] != b[i]) ret = false;
  45. 	if(alen != blen)
  46. 		return false;
  47. 	else
  48. 		return ret;
  49. }
  51. bool
  52. skeud_crypt_check(const char *hash, const char *password)
  53. {
  54. 	size_t hashlen = strlen0(hash);
  55. 	if(hashlen == 0) return false;
  57. 	/* flawfinder: ignore CWE-327, crypt is the only relevant function */
  58. 	char *chk_hash = crypt(password, hash);
  59. 	if(chk_hash == NULL)
  60. 	{
  61. 		skeud_err("Failed hashing password", errno);
  62. 		return false;
  63. 	}
  65. 	bool match = hash_match(hash, hashlen, chk_hash, strlen(chk_hash));
  67. 	// cleanup
  68. 	chk_hash = crypt("", hash);
  70. 	return match;
  71. }
  73. ssize_t
  74. skeud_getpass(char **password)
  75. {
  76. 	struct termios t;
  77. 	size_t len  = 0;
  78. 	ssize_t got = -1;
  80. 	/* flawfinder: ignore CWE-362 */
  81. 	FILE *tty = fopen("/dev/tty", "rb+");
  82. 	if(tty == NULL)
  83. 	{
  84. 		skeud_err("Failed opening '/dev/tty'", errno);
  85. 		return got;
  86. 	}
  87. 	int tty_fd = fileno(tty);
  88. 	if(tty_fd < 0)
  89. 	{
  90. 		skeud_err("Failed getting fd from '/dev/tty' stream", errno);
  91. 		goto getpass_end;
  92. 	}
  94. 	if(tcgetattr(tty_fd, &t) < 0)
  95. 	{
  96. 		skeud_err("Failed getting terminal attributes", errno);
  97. 		goto getpass_end;
  98. 	}
  100. 	const char *prompt = "Password: ";
  101. 	write(tty_fd, prompt, strlen(prompt));
  102. 	t.c_lflag &= ~ECHO;
  103. 	if(tcsetattr(tty_fd, TCSANOW, &t) < 0)
  104. 	{
  105. 		skeud_err("Failed disabling terminal echo", errno);
  106. 		goto getpass_end;
  107. 	}
  109. 	errno = 0;
  110. 	got   = getline(password, &len, tty);
  111. 	if(got < 0)
  112. 	{
  113. 		if(errno != 0) skeud_err("Failed reading line", errno);
  114. 		goto getpass_clean;
  115. 	}
  116. 	fputs("\n", tty);
  117. 	(*password)[got]     = 0;
  118. 	(*password)[got - 1] = 0;
  119. 	got--;
  121. getpass_clean:
  122. 	t.c_lflag ^= ECHO;
  123. 	if(tcsetattr(tty_fd, TCSANOW, &t) < 0)
  124. 	{
  125. 		skeud_err("Failed re-enabling terminal echo", errno);
  126. 		explicit_bzero(password, got);
  127. 		got = -1;
  128. 		goto getpass_end;
  129. 	}
  131. getpass_end:
  132. 	fclose(tty);
  134. 	return got;
  135. }