Head

GCC Code Coverage Report

Directory:	./		Exec	Total	Coverage
File:	libexec/login_yubikey/login_yubikey.c	Lines:	0	133	0.0 %
Date:	2017-11-07	Branches:	0	79	0.0 %


/* $OpenBSD: login_yubikey.c,v 1.16 2016/09/03 11:01:44 gsoares Exp $ */

/*
 * Copyright (c) 2010 Daniel Hartmeier <daniel@benzedrine.cx>
 * All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 *
 *    - Redistributions of source code must retain the above copyright
 *      notice, this list of conditions and the following disclaimer.
 *    - Redistributions in binary form must reproduce the above
 *      copyright notice, this list of conditions and the following
 *      disclaimer in the documentation and/or other materials provided
 *      with the distribution.
 *
 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
 * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
 * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
 * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
 * CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN
 * ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
 * POSSIBILITY OF SUCH DAMAGE.
 *
 */

#include <sys/stat.h>
#include <sys/time.h>
#include <sys/resource.h>
#include <sys/unistd.h>
#include <ctype.h>
#include <login_cap.h>
#include <pwd.h>
#include <readpassphrase.h>
#include <stdarg.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <syslog.h>
#include <unistd.h>
#include <limits.h>
#include <errno.h>

#include "yubikey.h"

#define	MODE_LOGIN	0
#define	MODE_CHALLENGE	1
#define	MODE_RESPONSE	2

#define	AUTH_OK		0
#define	AUTH_FAILED	-1

static const char *path = "/var/db/yubikey";

static int clean_string(const char *);
static int yubikey_login(const char *, const char *);

int
main(int argc, char *argv[])
{
	int ch, ret, mode = MODE_LOGIN, count;
	FILE *f = NULL;
	char *username, *password = NULL;
	char pbuf[1024];
	char response[1024];

	setpriority(PRIO_PROCESS, 0, 0);

	if (pledge("stdio tty wpath rpath cpath", NULL) == -1) {
		syslog(LOG_AUTH|LOG_ERR, "pledge: %m");
		exit(EXIT_FAILURE);
	}

	openlog(NULL, LOG_ODELAY, LOG_AUTH);

	while ((ch = getopt(argc, argv, "dv:s:")) != -1) {
		switch (ch) {
		case 'd':
			f = stdout;
			break;
		case 'v':
			break;
		case 's':
			if (!strcmp(optarg, "login"))
				mode = MODE_LOGIN;
			else if (!strcmp(optarg, "response"))
				mode = MODE_RESPONSE;
			else if (!strcmp(optarg, "challenge"))
				mode = MODE_CHALLENGE;
			else {
				syslog(LOG_ERR, "%s: invalid service", optarg);
				exit(EXIT_FAILURE);
			}
			break;
		default:
			syslog(LOG_ERR, "usage error1");
			exit(EXIT_FAILURE);
		}
	}
	argc -= optind;
	argv += optind;
	if (argc != 2 && argc != 1) {
		syslog(LOG_ERR, "usage error2");
		exit(EXIT_FAILURE);
	}
	username = argv[0];
	/* passed by sshd(8) for non-existing users */
	if (!strcmp(username, "NOUSER"))
		exit(EXIT_FAILURE);
	if (!clean_string(username)) {
		syslog(LOG_ERR, "clean_string username");
		exit(EXIT_FAILURE);
	}

	if (f == NULL && (f = fdopen(3, "r+")) == NULL) {
		syslog(LOG_ERR, "user %s: fdopen: %m", username);
		exit(EXIT_FAILURE);
	}

	switch (mode) {
	case MODE_LOGIN:
		if ((password = readpassphrase("Password:", pbuf, sizeof(pbuf),
			    RPP_ECHO_OFF)) == NULL) {
			syslog(LOG_ERR, "user %s: readpassphrase: %m",
			    username);
			exit(EXIT_FAILURE);
		}
		break;
	case MODE_CHALLENGE:
		/* see login.conf(5) section CHALLENGES */
		fprintf(f, "%s\n", BI_SILENT);
		exit(EXIT_SUCCESS);
		break;
	case MODE_RESPONSE:
		/* see login.conf(5) section RESPONSES */
		/* this happens e.g. when called from sshd(8) */
		mode = 0;
		count = -1;
		while (++count < sizeof(response) &&
		    read(3, &response[count], 1) == 1) {
			if (response[count] == '\0' && ++mode == 2)
				break;
			if (response[count] == '\0' && mode == 1)
				password = response + count + 1;
		}
		if (mode < 2) {
			syslog(LOG_ERR, "user %s: protocol error "
			    "on back channel", username);
			exit(EXIT_FAILURE);
		}
		break;
	}

	ret = yubikey_login(username, password);
	explicit_bzero(password, strlen(password));
	if (ret == AUTH_OK) {
		syslog(LOG_INFO, "user %s: authorize", username);
		fprintf(f, "%s\n", BI_AUTH);
	} else {
		syslog(LOG_INFO, "user %s: reject", username);
		fprintf(f, "%s\n", BI_REJECT);
	}
	closelog();
	return (EXIT_SUCCESS);
}

static int
clean_string(const char *s)
{
	while (*s) {
		if (!isalnum((unsigned char)*s) && *s != '-' && *s != '_')
			return (0);
		++s;
	}
	return (1);
}

static int
yubikey_login(const char *username, const char *password)
{
	char fn[PATH_MAX];
	char hexkey[33], key[YUBIKEY_KEY_SIZE];
	char hexuid[13], uid[YUBIKEY_UID_SIZE];
	FILE *f;
	yubikey_token_st tok;
	u_int32_t last_ctr = 0, ctr;
	int r, i = 0, mapok = 0, crcok = 0;

	snprintf(fn, sizeof(fn), "%s/%s.uid", path, username);
	if ((f = fopen(fn, "r")) == NULL) {
		syslog(LOG_ERR, "user %s: fopen: %s: %m", username, fn);
		return (AUTH_FAILED);
	}
	if (fscanf(f, "%12s", hexuid) != 1) {
		syslog(LOG_ERR, "user %s: fscanf: %s: %m", username, fn);
		fclose(f);
		return (AUTH_FAILED);
	}
	fclose(f);

	snprintf(fn, sizeof(fn), "%s/%s.key", path, username);
	if ((f = fopen(fn, "r")) == NULL) {
		syslog(LOG_ERR, "user %s: fopen: %s: %m", username, fn);
		return (AUTH_FAILED);
	}
	if (fscanf(f, "%32s", hexkey) != 1) {
		syslog(LOG_ERR, "user %s: fscanf: %s: %m", username, fn);
		fclose(f);
		return (AUTH_FAILED);
	}
	fclose(f);
	if (strlen(hexkey) != 32) {
		syslog(LOG_ERR, "user %s: key len != 32", username);
		return (AUTH_FAILED);
	}

	snprintf(fn, sizeof(fn), "%s/%s.ctr", path, username);
	if ((f = fopen(fn, "r")) != NULL) {
		if (fscanf(f, "%u", &last_ctr) != 1)
			last_ctr = 0;
		fclose(f);
	}

	yubikey_hex_decode(uid, hexuid, YUBIKEY_UID_SIZE);
	yubikey_hex_decode(key, hexkey, YUBIKEY_KEY_SIZE);

	explicit_bzero(hexkey, sizeof(hexkey));

	/*
	 * Cycle through the key mapping table.
         * XXX brute force, unoptimized; a lookup table for valid mappings may
	 * be appropriate.
	 */
	while (1) {
		r = yubikey_parse((uint8_t *)password, (uint8_t *)key, &tok, i++);
		switch (r) {
		case EMSGSIZE:
			syslog(LOG_INFO, "user %s failed: password too short.",
			    username);
			explicit_bzero(key, sizeof(key));
			return (AUTH_FAILED);
		case EINVAL:	/* keyboard mapping invalid */
			continue;
		case 0:		/* found a valid keyboard mapping */
			mapok++;
			if (!yubikey_crc_ok_p((uint8_t *)&tok))
				continue;	/* try another one */
			crcok++;
			syslog(LOG_DEBUG, "user %s: crc %04x ok",
			    username, tok.crc);

			if (memcmp(tok.uid, uid, YUBIKEY_UID_SIZE)) {
				char h[13];

				yubikey_hex_encode(h, (const char *)tok.uid,
				    YUBIKEY_UID_SIZE);
				syslog(LOG_DEBUG, "user %s: uid %s != %s",
				    username, h, hexuid);
				continue;	/* try another one */
			}
			break; /* uid matches */
		case -1:
			syslog(LOG_INFO, "user %s: could not decode password "
			    "with any keymap (%d crc ok)",
			    username, crcok);
			explicit_bzero(key, sizeof(key));
			return (AUTH_FAILED);
		default:
			syslog(LOG_DEBUG, "user %s failed: %s",
			    username, strerror(r));
			explicit_bzero(key, sizeof(key));
			return (AUTH_FAILED);
		}
		break; /* only reached through the bottom of case 0 */
	}

	explicit_bzero(key, sizeof(key));

	syslog(LOG_INFO, "user %s uid %s: %d matching keymaps (%d checked), "
	    "%d crc ok", username, hexuid, mapok, i, crcok);

	ctr = ((u_int32_t)yubikey_counter(tok.ctr) << 8) | tok.use;
	if (ctr <= last_ctr) {
		syslog(LOG_INFO, "user %s: counter %u.%u <= %u.%u "
		    "(REPLAY ATTACK!)", username, ctr / 256, ctr % 256,
		    last_ctr / 256, last_ctr % 256);
		return (AUTH_FAILED);
	}
	syslog(LOG_INFO, "user %s: counter %u.%u > %u.%u",
	    username, ctr / 256, ctr % 256, last_ctr / 256, last_ctr % 256);
	umask(S_IRWXO);
	if ((f = fopen(fn, "w")) == NULL) {
		syslog(LOG_ERR, "user %s: fopen: %s: %m", username, fn);
		return (AUTH_FAILED);
	}
	fprintf(f, "%u", ctr);
	fclose(f);

	return (AUTH_OK);
}


Generated by: GCOVR (Version 3.3)

Line	Branch	Exec	Source
1			/* $OpenBSD: login_yubikey.c,v 1.16 2016/09/03 11:01:44 gsoares Exp $ */
2
3			/*
4			* Copyright (c) 2010 Daniel Hartmeier <daniel@benzedrine.cx>
5			* All rights reserved.
6			*
7			* Redistribution and use in source and binary forms, with or without
8			* modification, are permitted provided that the following conditions
9			* are met:
10			*
11			* - Redistributions of source code must retain the above copyright
12			* notice, this list of conditions and the following disclaimer.
13			* - Redistributions in binary form must reproduce the above
14			* copyright notice, this list of conditions and the following
15			* disclaimer in the documentation and/or other materials provided
16			* with the distribution.
17			*
18			* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
19			* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
20			* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
21			* FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
22			* COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
23			* INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
24			* BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
25			* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
26			* CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
27			* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN
28			* ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
29			* POSSIBILITY OF SUCH DAMAGE.
30			*
31			*/
32
33			#include <sys/stat.h>
34			#include <sys/time.h>
35			#include <sys/resource.h>
36			#include <sys/unistd.h>
37			#include <ctype.h>
38			#include <login_cap.h>
39			#include <pwd.h>
40			#include <readpassphrase.h>
41			#include <stdarg.h>
42			#include <stdio.h>
43			#include <stdlib.h>
44			#include <string.h>
45			#include <syslog.h>
46			#include <unistd.h>
47			#include <limits.h>
48			#include <errno.h>
49
50			#include "yubikey.h"
51
52			#define MODE_LOGIN 0
53			#define MODE_CHALLENGE 1
54			#define MODE_RESPONSE 2
55
56			#define AUTH_OK 0
57			#define AUTH_FAILED -1
58
59			static const char *path = "/var/db/yubikey";
60
61			static int clean_string(const char *);
62			static int yubikey_login(const char , const char );
63
64			int
65			main(int argc, char *argv[])
66			{
67			int ch, ret, mode = MODE_LOGIN, count;
68			FILE *f = NULL;
69			char username, password = NULL;
70			char pbuf[1024];
71			char response[1024];
72
73			setpriority(PRIO_PROCESS, 0, 0);
74
75			if (pledge("stdio tty wpath rpath cpath", NULL) == -1) {
76			syslog(LOG_AUTH\|LOG_ERR, "pledge: %m");
77			exit(EXIT_FAILURE);
78			}
79
80			openlog(NULL, LOG_ODELAY, LOG_AUTH);
81
82			while ((ch = getopt(argc, argv, "dv:s:")) != -1) {
83			switch (ch) {
84			case 'd':
85			f = stdout;
86			break;
87			case 'v':
88			break;
89			case 's':
90			if (!strcmp(optarg, "login"))
91			mode = MODE_LOGIN;
92			else if (!strcmp(optarg, "response"))
93			mode = MODE_RESPONSE;
94			else if (!strcmp(optarg, "challenge"))
95			mode = MODE_CHALLENGE;
96			else {
97			syslog(LOG_ERR, "%s: invalid service", optarg);
98			exit(EXIT_FAILURE);
99			}
100			break;
101			default:
102			syslog(LOG_ERR, "usage error1");
103			exit(EXIT_FAILURE);
104			}
105			}
106			argc -= optind;
107			argv += optind;
108			if (argc != 2 && argc != 1) {
109			syslog(LOG_ERR, "usage error2");
110			exit(EXIT_FAILURE);
111			}
112			username = argv[0];
113			/* passed by sshd(8) for non-existing users */
114			if (!strcmp(username, "NOUSER"))
115			exit(EXIT_FAILURE);
116			if (!clean_string(username)) {
117			syslog(LOG_ERR, "clean_string username");
118			exit(EXIT_FAILURE);
119			}
120
121			if (f == NULL && (f = fdopen(3, "r+")) == NULL) {
122			syslog(LOG_ERR, "user %s: fdopen: %m", username);
123			exit(EXIT_FAILURE);
124			}
125
126			switch (mode) {
127			case MODE_LOGIN:
128			if ((password = readpassphrase("Password:", pbuf, sizeof(pbuf),
129			RPP_ECHO_OFF)) == NULL) {
130			syslog(LOG_ERR, "user %s: readpassphrase: %m",
131			username);
132			exit(EXIT_FAILURE);
133			}
134			break;
135			case MODE_CHALLENGE:
136			/* see login.conf(5) section CHALLENGES */
137			fprintf(f, "%s\n", BI_SILENT);
138			exit(EXIT_SUCCESS);
139			break;
140			case MODE_RESPONSE:
141			/* see login.conf(5) section RESPONSES */
142			/* this happens e.g. when called from sshd(8) */
143			mode = 0;
144			count = -1;
145			while (++count < sizeof(response) &&
146			read(3, &response[count], 1) == 1) {
147			if (response[count] == '\0' && ++mode == 2)
148			break;
149			if (response[count] == '\0' && mode == 1)
150			password = response + count + 1;
151			}
152			if (mode < 2) {
153			syslog(LOG_ERR, "user %s: protocol error "
154			"on back channel", username);
155			exit(EXIT_FAILURE);
156			}
157			break;
158			}
159
160			ret = yubikey_login(username, password);
161			explicit_bzero(password, strlen(password));
162			if (ret == AUTH_OK) {
163			syslog(LOG_INFO, "user %s: authorize", username);
164			fprintf(f, "%s\n", BI_AUTH);
165			} else {
166			syslog(LOG_INFO, "user %s: reject", username);
167			fprintf(f, "%s\n", BI_REJECT);
168			}
169			closelog();
170			return (EXIT_SUCCESS);
171			}
172
173			static int
174			clean_string(const char *s)
175			{
176			while (*s) {
177			if (!isalnum((unsigned char)s) && s != '-' && *s != '_')
178			return (0);
179			++s;
180			}
181			return (1);
182			}
183
184			static int
185			yubikey_login(const char username, const char password)
186			{
187			char fn[PATH_MAX];
188			char hexkey[33], key[YUBIKEY_KEY_SIZE];
189			char hexuid[13], uid[YUBIKEY_UID_SIZE];
190			FILE *f;
191			yubikey_token_st tok;
192			u_int32_t last_ctr = 0, ctr;
193			int r, i = 0, mapok = 0, crcok = 0;
194
195			snprintf(fn, sizeof(fn), "%s/%s.uid", path, username);
196			if ((f = fopen(fn, "r")) == NULL) {
197			syslog(LOG_ERR, "user %s: fopen: %s: %m", username, fn);
198			return (AUTH_FAILED);
199			}
200			if (fscanf(f, "%12s", hexuid) != 1) {
201			syslog(LOG_ERR, "user %s: fscanf: %s: %m", username, fn);
202			fclose(f);
203			return (AUTH_FAILED);
204			}
205			fclose(f);
206
207			snprintf(fn, sizeof(fn), "%s/%s.key", path, username);
208			if ((f = fopen(fn, "r")) == NULL) {
209			syslog(LOG_ERR, "user %s: fopen: %s: %m", username, fn);
210			return (AUTH_FAILED);
211			}
212			if (fscanf(f, "%32s", hexkey) != 1) {
213			syslog(LOG_ERR, "user %s: fscanf: %s: %m", username, fn);
214			fclose(f);
215			return (AUTH_FAILED);
216			}
217			fclose(f);
218			if (strlen(hexkey) != 32) {
219			syslog(LOG_ERR, "user %s: key len != 32", username);
220			return (AUTH_FAILED);
221			}
222
223			snprintf(fn, sizeof(fn), "%s/%s.ctr", path, username);
224			if ((f = fopen(fn, "r")) != NULL) {
225			if (fscanf(f, "%u", &last_ctr) != 1)
226			last_ctr = 0;
227			fclose(f);
228			}
229
230			yubikey_hex_decode(uid, hexuid, YUBIKEY_UID_SIZE);
231			yubikey_hex_decode(key, hexkey, YUBIKEY_KEY_SIZE);
232
233			explicit_bzero(hexkey, sizeof(hexkey));
234
235			/*
236			* Cycle through the key mapping table.
237			* XXX brute force, unoptimized; a lookup table for valid mappings may
238			* be appropriate.
239			*/
240			while (1) {
241			r = yubikey_parse((uint8_t )password, (uint8_t )key, &tok, i++);
242			switch (r) {
243			case EMSGSIZE:
244			syslog(LOG_INFO, "user %s failed: password too short.",
245			username);
246			explicit_bzero(key, sizeof(key));
247			return (AUTH_FAILED);
248			case EINVAL: /* keyboard mapping invalid */
249			continue;
250			case 0: /* found a valid keyboard mapping */
251			mapok++;
252			if (!yubikey_crc_ok_p((uint8_t *)&tok))
253			continue; /* try another one */
254			crcok++;
255			syslog(LOG_DEBUG, "user %s: crc %04x ok",
256			username, tok.crc);
257
258			if (memcmp(tok.uid, uid, YUBIKEY_UID_SIZE)) {
259			char h[13];
260
261			yubikey_hex_encode(h, (const char *)tok.uid,
262			YUBIKEY_UID_SIZE);
263			syslog(LOG_DEBUG, "user %s: uid %s != %s",
264			username, h, hexuid);
265			continue; /* try another one */
266			}
267			break; /* uid matches */
268			case -1:
269			syslog(LOG_INFO, "user %s: could not decode password "
270			"with any keymap (%d crc ok)",
271			username, crcok);
272			explicit_bzero(key, sizeof(key));
273			return (AUTH_FAILED);
274			default:
275			syslog(LOG_DEBUG, "user %s failed: %s",
276			username, strerror(r));
277			explicit_bzero(key, sizeof(key));
278			return (AUTH_FAILED);
279			}
280			break; /* only reached through the bottom of case 0 */
281			}
282
283			explicit_bzero(key, sizeof(key));
284
285			syslog(LOG_INFO, "user %s uid %s: %d matching keymaps (%d checked), "
286			"%d crc ok", username, hexuid, mapok, i, crcok);
287
288			ctr = ((u_int32_t)yubikey_counter(tok.ctr) << 8) \| tok.use;
289			if (ctr <= last_ctr) {
290			syslog(LOG_INFO, "user %s: counter %u.%u <= %u.%u "
291			"(REPLAY ATTACK!)", username, ctr / 256, ctr % 256,
292			last_ctr / 256, last_ctr % 256);
293			return (AUTH_FAILED);
294			}
295			syslog(LOG_INFO, "user %s: counter %u.%u > %u.%u",
296			username, ctr / 256, ctr % 256, last_ctr / 256, last_ctr % 256);
297			umask(S_IRWXO);
298			if ((f = fopen(fn, "w")) == NULL) {
299			syslog(LOG_ERR, "user %s: fopen: %s: %m", username, fn);
300			return (AUTH_FAILED);
301			}
302			fprintf(f, "%u", ctr);
303			fclose(f);
304
305			return (AUTH_OK);
306			}