/*
 * pwdauth.c - program to verify a given username/password pair.
 *
 * Run it with username in argv[1] (may be omitted - default is the
 * current user), and send it the password over a pipe on stdin.
 * Exit status: 0 - correct password, 1 - wrong password, >1 - other
 * errors.  For use with shadow passwords, this program should be
 * installed setuid root.
 *
 * This can be used, for example, by xlock - you don't have to install
 * this large and complex (== possibly insecure) program setuid root,
 * just modify it to run this simple program to do the authentication.
 *
 * Recent versions (xlockmore-3.9) are cleaner, and drop privileges as
 * soon as possible after getting the user's encrypted password.
 * Using this program probably doesn't make it more secure, and has one
 * disadvantage: since we don't get the encrypted user's password at
 * startup (but at the time the user is authenticated), it is not clear
 * how we should handle errors (like getpwnam() returning NULL).
 * - fail the authentication?  Problem: no way to unlock (other than kill
 *   the process from somewhere else) if the NIS server stops responding.
 * - succeed and unlock?  Problem: it's too easy to unlock by unplugging
 *   the box from the network and waiting until NIS times out...
 *
 * This program is Copyright (C) 1996 Marek Michalkiewicz
 * <marekm@i17linuxb.ists.pwr.wroc.pl>.
 *
 * It may be used and distributed freely for any purposes.  There is no
 * warranty - use at your own risk.  I am not liable for any damages etc.
 * If you improve it, please send me your changes.
 */

static char rcsid[] = "$Id$";

/*
 * Define USE_SYSLOG to use syslog() to log successful and failed
 * authentication.  This should be safe even if your system has
 * the infamous syslog buffer overrun security problem...
 */
#define USE_SYSLOG

/*
 * Define HAVE_GETSPNAM to get shadow passwords using getspnam().
 * Some systems don't have getspnam(), but getpwnam() returns
 * encrypted passwords only if running as root.
 *
 * According to the xlock source (not tested, except Linux) -
 * define: Linux, Solaris 2.x, SVR4, ...
 * undef: HP-UX with Secured Passwords, FreeBSD, NetBSD, QNX.
 * Known not supported (yet): Ultrix, OSF/1, SCO.
 */
#define HAVE_GETSPNAM

/*
 * Define HAVE_PW_ENCRYPT to use pw_encrypt() instead of crypt().
 * pw_encrypt() is like the standard crypt(), except that it may
 * support better password hashing algorithms.
 *
 * Define if linking with libshadow.a from the shadow password
 * suite (Linux, SunOS 4.x?).
 */
#undef HAVE_PW_ENCRYPT

/*
 * Define HAVE_AUTH_METHODS to support the shadow suite specific
 * extension: the encrypted password field contains a list of
 * administrator defined authentication methods, separated by
 * semicolons.  This program only supports the standard password
 * authentication method (a string that doesn't start with '@').
 */
#undef HAVE_AUTH_METHODS

/*
 * FAIL_DELAY - number of seconds to sleep before exiting if the
 * password was wrong, to slow down password guessing attempts.
 */
#define FAIL_DELAY 2

/* No user-serviceable parts below :-).  */

#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <sys/types.h>
#include <sys/wait.h>
#include <unistd.h>
#include <pwd.h>

#ifdef USE_SYSLOG
#include <syslog.h>
#ifndef LOG_AUTHPRIV
#define LOG_AUTHPRIV LOG_AUTH
#endif
#endif

#ifdef HAVE_GETSPNAM
#include <shadow.h>
#endif

#ifdef HAVE_PW_ENCRYPT
extern char *pw_encrypt();
#define crypt pw_encrypt
#endif

/*
 * Read the password (one line) from fp.  We don't turn off echo
 * because we expect input from a pipe.
 */
static char *
get_line(fp)
	FILE *fp;
{
	static char buf[128];
	char *cp;
	int ch;

	cp = buf;
	while ((ch = getc(fp)) != EOF && ch != '\0' && ch != '\n') {
		if (cp >= buf + sizeof buf - 1)
			break;
		*cp++ = ch;
	}
	*cp = '\0';
	return buf;
}

/*
 * Get the password file entry for the current user.  If the name
 * returned by getlogin() is correct (matches the current real uid),
 * return the entry for that user.  Otherwise, return the entry (if
 * any) matching the current real uid.  Return NULL on failure.
 */
static struct passwd *
get_my_pwent()
{
	uid_t uid = getuid();
	char *name = getlogin();

	if (name && *name) {
		struct passwd *pw = getpwnam(name);

		if (pw && pw->pw_uid == uid)
			return pw;
	}
	return getpwuid(uid);
}

/*
 * Verify the password.  The system-dependent shadow support is here.
 */
static int
password_auth_ok(pw, pass)
	const struct passwd *pw;
	const char *pass;
{
	int result;
	char *cp;
#ifdef HAVE_AUTH_METHODS
	char *buf;
#endif
#ifdef HAVE_GETSPNAM
	struct spwd *sp;
#endif

	if (pw) {
#ifdef HAVE_GETSPNAM
		sp = getspnam(pw->pw_name);
		if (sp)
			cp = sp->sp_pwdp;
		else
#endif
			cp = pw->pw_passwd;
	} else
		cp = "xx";

#ifdef HAVE_AUTH_METHODS
	buf = strdup(cp);  /* will be modified by strtok() */
	if (!buf) {
		fprintf(stderr, "Out of memory.\n");
		exit(13);
	}
	cp = strtok(buf, ";");
	while (cp && *cp == '@')
		cp = strtok(NULL, ";");

	/* fail if no password authentication for this user */
	if (!cp)
		cp = "xx";
#endif

	if (*pass || *cp)
		result = (strcmp(crypt(pass, cp), cp) == 0);
	else
		result = 1;  /* user with no password */

#ifdef HAVE_AUTH_METHODS
	free(buf);
#endif
	return result;
}

/*
 * Main program.
 */
int
main(argc, argv)
	int argc;
	char **argv;
{
	struct passwd *pw;
	char *pass, *name;
	char myname[32];

#ifdef USE_SYSLOG
	openlog("pwdauth", LOG_PID | LOG_CONS, LOG_AUTHPRIV);
#endif
	pw = get_my_pwent();
	if (!pw) {
#ifdef USE_SYSLOG
		syslog(LOG_ERR, "can't get login name for uid %d.\n",
		       (int) getuid());
#endif
		fprintf(stderr, "Who are you?\n");
		exit(2);
	}
	strncpy(myname, pw->pw_name, sizeof myname - 1);
	myname[sizeof myname - 1] = '\0';
	name = myname;

	if (argc > 1) {
		name = argv[1];
		pw = getpwnam(name);
	}

	pass = get_line(stdin);
	if (password_auth_ok(pw, pass)) {
#ifdef USE_SYSLOG
		syslog(pw->pw_uid ? LOG_INFO : LOG_NOTICE,
		       "user `%s' entered correct password for `%.32s'.\n",
		       myname, name);
#endif
		exit(0);
	}
#ifdef USE_SYSLOG
	/* be careful not to overrun the syslog buffer */
	syslog((!pw || pw->pw_uid) ? LOG_NOTICE : LOG_WARNING,
	       "user `%s' entered incorrect password for `%.32s'.\n",
	       myname, name);
#endif
#ifdef FAIL_DELAY
	sleep(FAIL_DELAY);
#endif
	fprintf(stderr, "Wrong password.\n");
	exit(1);
}

#if 0
/*
 * You can use code similar to the following to run this program.
 * Return values: >=0 - program exit status (use the <sys/wait.h>
 * macros to get the exit code, it is shifted left by 8 bits),
 * -1 - check errno.
 */
int
verify_password(const char *username, const char *password)
{
	int pipe_fd[2];
	int pid, wpid, status;

	if (pipe(pipe_fd))
		return -1;
	
	if ((pid = fork()) == 0) {
		char *arg[3];
		char *env[1];

		/* child */
		close(pipe_fd[1]);
		if (pipe_fd[0] != 0) {
			if (dup2(pipe_fd[0], 0) != 0)
				_exit(127);
			close(pipe_fd[0]);
		}
		arg[0] = "/usr/bin/pwdauth";
		arg[1] = username;
		arg[2] = NULL;
		env[0] = NULL;
		execve(arg[0], arg, env);
		_exit(127);
	} else if (pid == -1) {
		/* error */
		close(pipe_fd[0]);
		close(pipe_fd[1]);
		return -1;
	}
	/* parent */
	close(pipe_fd[0]);
	write(pipe_fd[1], password, strlen(password));
	write(pipe_fd[1], "\n", 1);
	close(pipe_fd[1]);

	while ((wpid = wait(&status)) != pid) {
		if (wpid == -1)
			return -1;
	}
	return status;
}
#endif