oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity
Files
f6d1dfd60f34ef40532707d4e116bf5f19268a28
heimdal/lib/hx509/lock.c
Nicolas Williams cbe156d927 Use OpenSSL 3.x _only_ and implement RFC 8636 
- No more OpenSSL 1.x support
 - Remove 1DES and 3DES
 - Remove NETLOGON, NTLM (client and 'digest' service)
2026-01-18 19:06:16 -06:00

481 lines
10 KiB
C
Raw Blame History

/*
* Copyright (c) 2005 - 2006 Kungliga Tekniska Högskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* 3. Neither the name of the Institute nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
#include "hx_locl.h"
/*
* lib/hcrypto.ui.c code here
*/
#include <signal.h>
#ifdef HAVE_TERMIOS_H
#include <termios.h>
#endif
#define UI_UTIL_FLAG_VERIFY 0x1 /* ask to verify password */
#define UI_UTIL_FLAG_VERIFY_SILENT 0x2 /* silence on verify failure */
#ifdef HAVE_CONIO_H
#include <conio.h>
#endif
static sig_atomic_t intr_flag;
static void
intr(int sig)
{
intr_flag++;
}
#ifdef HAVE_CONIO_H
/*
* Windows does console slightly different then then unix case.
*/
static int
read_string(const char *preprompt, const char *prompt,
char *buf, size_t len, int echo)
{
int of = 0;
int c;
char *p;
void (*oldsigintr)(int);
printf("%s%s", preprompt, prompt);
fflush(stdout);
oldsigintr = signal(SIGINT, intr);
p = buf;
while(intr_flag == 0){
c = ((echo)? _getche(): _getch());
if(c == '\n' || c == '\r')
break;
if(of == 0)
*p++ = c;
of = (p == buf + len);
}
if(of)
p--;
*p = 0;
if(echo == 0){
printf("\n");
}
signal(SIGINT, oldsigintr);
if(intr_flag)
return -2;
if(of)
return -1;
return 0;
}
#else /* !HAVE_CONIO_H */
#ifndef NSIG
#define NSIG 47
#endif
static int
read_string(const char *preprompt, const char *prompt,
char *buf, size_t len, int echo)
{
struct sigaction sigs[NSIG];
int oksigs[NSIG];
struct sigaction sa;
FILE *tty;
int ret = 0;
int of = 0;
int i;
int c;
char *p;
struct termios t_new, t_old;
memset(&oksigs, 0, sizeof(oksigs));
memset(&sa, 0, sizeof(sa));
sa.sa_handler = intr;
sigemptyset(&sa.sa_mask);
sa.sa_flags = 0;
for(i = 1; i < sizeof(sigs) / sizeof(sigs[0]); i++)
if (i != SIGALRM)
if (sigaction(i, &sa, &sigs[i]) == 0)
oksigs[i] = 1;
if((tty = fopen("/dev/tty", "r")) != NULL)
rk_cloexec_file(tty);
else
tty = stdin;
fprintf(stderr, "%s%s", preprompt, prompt);
fflush(stderr);
if(echo == 0){
tcgetattr(fileno(tty), &t_old);
memcpy(&t_new, &t_old, sizeof(t_new));
t_new.c_lflag &= ~ECHO;
tcsetattr(fileno(tty), TCSANOW, &t_new);
}
intr_flag = 0;
p = buf;
while(intr_flag == 0){
c = getc(tty);
if(c == EOF){
if(!ferror(tty))
ret = 1;
break;
}
if(c == '\n')
break;
if(of == 0)
*p++ = c;
of = (p == buf + len);
}
if(of)
p--;
*p = 0;
if(echo == 0){
fprintf(stderr, "\n");
tcsetattr(fileno(tty), TCSANOW, &t_old);
}
if(tty != stdin)
fclose(tty);
for(i = 1; i < sizeof(sigs) / sizeof(sigs[0]); i++)
if (oksigs[i])
sigaction(i, &sigs[i], NULL);
if(ret)
return -3;
if(intr_flag)
return -2;
if(of)
return -1;
return 0;
}
#endif /* HAVE_CONIO_H */
int
_hx509_UI_UTIL_read_pw_string(char *buf, int length, const char *prompt, int verify)
{
int ret;
ret = read_string("", prompt, buf, length, 0);
if (ret)
return ret;
if (verify & UI_UTIL_FLAG_VERIFY) {
char *buf2;
buf2 = malloc(length);
if (buf2 == NULL)
return 1;
ret = read_string("Verify password - ", prompt, buf2, length, 0);
if (ret) {
free(buf2);
return ret;
}
if (strcmp(buf2, buf) != 0) {
if (!(verify & UI_UTIL_FLAG_VERIFY_SILENT)) {
fprintf(stderr, "Verify failure\n");
fflush(stderr);
}
ret = 1;
}
free(buf2);
}
return ret;
}
/* lib/hcrypto/ui.c code over */
/**
* @page page_lock Locking and unlocking certificates and encrypted data.
*
* See the library functions here: @ref hx509_lock
*/
struct hx509_lock_data {
struct _hx509_password password;
hx509_certs certs;
hx509_prompter_fct prompt;
void *prompt_data;
};
static struct hx509_lock_data empty_lock_data = {
{ 0, NULL },
NULL,
NULL,
NULL
};
hx509_lock _hx509_empty_lock = &empty_lock_data;
/*
*
*/
HX509_LIB_FUNCTION int HX509_LIB_CALL
hx509_lock_init(hx509_context context, hx509_lock *lock)
{
hx509_lock l;
int ret;
*lock = NULL;
l = calloc(1, sizeof(*l));
if (l == NULL)
return ENOMEM;
ret = hx509_certs_init(context,
"MEMORY:locks-internal",
0,
NULL,
&l->certs);
if (ret) {
free(l);
return ret;
}
*lock = l;
return 0;
}
HX509_LIB_FUNCTION int HX509_LIB_CALL
hx509_lock_add_password(hx509_lock lock, const char *password)
{
void *d;
char *s;
s = strdup(password);
if (s == NULL)
return ENOMEM;
d = realloc(lock->password.val,
(lock->password.len + 1) * sizeof(lock->password.val[0]));
if (d == NULL) {
free(s);
return ENOMEM;
}
lock->password.val = d;
lock->password.val[lock->password.len] = s;
lock->password.len++;
return 0;
}
HX509_LIB_FUNCTION const struct _hx509_password * HX509_LIB_CALL
_hx509_lock_get_passwords(hx509_lock lock)
{
return &lock->password;
}
HX509_LIB_FUNCTION hx509_certs HX509_LIB_CALL
_hx509_lock_unlock_certs(hx509_lock lock)
{
return lock->certs;
}
HX509_LIB_FUNCTION void HX509_LIB_CALL
hx509_lock_reset_passwords(hx509_lock lock)
{
size_t i;
for (i = 0; i < lock->password.len; i++)
free(lock->password.val[i]);
free(lock->password.val);
lock->password.val = NULL;
lock->password.len = 0;
}
HX509_LIB_FUNCTION int HX509_LIB_CALL
hx509_lock_add_cert(hx509_context context, hx509_lock lock, hx509_cert cert)
{
return hx509_certs_add(context, lock->certs, cert);
}
HX509_LIB_FUNCTION int HX509_LIB_CALL
hx509_lock_add_certs(hx509_context context, hx509_lock lock, hx509_certs certs)
{
return hx509_certs_merge(context, lock->certs, certs);
}
HX509_LIB_FUNCTION void HX509_LIB_CALL
hx509_lock_reset_certs(hx509_context context, hx509_lock lock)
{
hx509_certs certs = lock->certs;
int ret;
ret = hx509_certs_init(context,
"MEMORY:locks-internal",
0,
NULL,
&lock->certs);
if (ret == 0)
hx509_certs_free(&certs);
else
lock->certs = certs;
}
HX509_LIB_FUNCTION int HX509_LIB_CALL
_hx509_lock_find_cert(hx509_lock lock, const hx509_query *q, hx509_cert *c)
{
*c = NULL;
return 0;
}
HX509_LIB_FUNCTION int HX509_LIB_CALL
hx509_lock_set_prompter(hx509_lock lock, hx509_prompter_fct prompt, void *data)
{
lock->prompt = prompt;
lock->prompt_data = data;
return 0;
}
HX509_LIB_FUNCTION void HX509_LIB_CALL
hx509_lock_reset_promper(hx509_lock lock)
{
lock->prompt = NULL;
lock->prompt_data = NULL;
}
static int
default_prompter(void *data, const hx509_prompt *prompter)
{
if (hx509_prompt_hidden(prompter->type)) {
if(_hx509_UI_UTIL_read_pw_string(prompter->reply.data,
prompter->reply.length,
prompter->prompt,
0))
return 1;
} else {
char *s = prompter->reply.data;
fputs (prompter->prompt, stdout);
fflush (stdout);
if(fgets(prompter->reply.data,
prompter->reply.length,
stdin) == NULL)
return 1;
s[strcspn(s, "\n")] = '\0';
}
return 0;
}
HX509_LIB_FUNCTION int HX509_LIB_CALL
hx509_lock_prompt(hx509_lock lock, hx509_prompt *prompt)
{
if (lock->prompt == NULL)
return HX509_CRYPTO_NO_PROMPTER;
return (*lock->prompt)(lock->prompt_data, prompt);
}
HX509_LIB_FUNCTION void HX509_LIB_CALL
hx509_lock_free(hx509_lock lock)
{
if (lock) {
hx509_certs_free(&lock->certs);
hx509_lock_reset_passwords(lock);
memset(lock, 0, sizeof(*lock));
free(lock);
}
}
HX509_LIB_FUNCTION int HX509_LIB_CALL
hx509_prompt_hidden(hx509_prompt_type type)
{
/* default to hidden if unknown */
switch (type) {
case HX509_PROMPT_TYPE_QUESTION:
case HX509_PROMPT_TYPE_INFO:
return 0;
default:
return 1;
}
}
static char *
read_password_file(const char *fn)
{
size_t n = 0;
char *s = NULL;
FILE *f;
int save_errno;
if ((f = fopen(fn, "r")) == NULL)
return NULL;
if (getline(&s, &n, f) > -1) {
char *nl = strchr(s, '\n');
if (nl) {
*nl = '\0';
if (nl > s && nl[-1] == '\r')
nl[-1] = '\0';
}
}
save_errno = errno;
(void) fclose(f);
errno = save_errno;
return s;
}
HX509_LIB_FUNCTION int HX509_LIB_CALL
hx509_lock_command_string(hx509_lock lock, const char *string)
{
if (strncasecmp(string, "PASS:", 5) == 0) {
hx509_lock_add_password(lock, string + 5);
} else if (strncasecmp(string, "FILE:", 5) == 0) {
char *pass = read_password_file(string + sizeof("FILE:") - 1);
if (pass == NULL) {
warn("Could not read password from %s", string);
return errno;
}
hx509_lock_add_password(lock, pass);
memset(pass, 0, strlen(pass));
free(pass);
} else if (strcasecmp(string, "PROMPT") == 0) {
hx509_lock_set_prompter(lock, default_prompter, NULL);
} else
return HX509_UNKNOWN_LOCK_COMMAND;
return 0;
}
Reference in New Issue View Git Blame Copy Permalink