Attachment #41518 for bug #67060




#define SERVER_PATH "/usr/sbin/"
#endif

// Maximum time in seconds to cache credentials
#ifndef MAX_CACHE_AGE
#define MAX_CACHE_AGE	5
#endif

// The following comes from unix(7)
#define UNIX_PATH_MAX    108

// internal helpers
int smbpw_verify_socket_path(char *name);
int smbpw_open_unix_socket(char *name);
char *smbpw_readstring(int cs);
int smbpw_unix_connect(char *name);

// external interface
int smbpw_store(char *username, char *password);
char *smbpw_retrieve(char *username);
int smbpw_shutdown_server(void);
void smbpw_flush(int flushall);
#ifdef DEBUG
void smbpw_dump(void);
#endif /* DEBUG */

#endif




 * funny buggers with the socket and subvert the security.
 *
 */
int smbpw_verify_socket_path(char *name)
{
	int i = 0;
	char x;

	return result;
}

int smbpw_open_unix_socket(char *name)
{
	struct stat stat_buf;
	int ss;

	return ss;
}

int smbpw_unix_connect(char *name)
{
	struct sockaddr_un addr;
	int cs = socket(PF_UNIX, SOCK_STREAM, 0);

	return cs;
}

char *smbpw_readstring(int cs)
{
	char buffer[1024];
	int i = 0;

	return strdup(buffer);
}

int smbpw_store(char *username, char *password)
{
	int cs;
	char command;

	int delay = 1;


	cs = smbpw_unix_connect(SOCKET_NAME);
	if(cs < 0)
	{
		while(attempts > 0)

			sleep(delay);
			delay = delay * 2;

			cs = smbpw_unix_connect(SOCKET_NAME);
			if(cs >= 0)
			{
				break;

	return 0;
}

void writecommand(char command)
void dump(void)
{
	int cs;
	char command = 0x03;

	cs = smbpw_unix_connect(SOCKET_NAME);

	write(cs, &command, sizeof(command));
	close(cs);
}

void smbpw_flush(int flushall)
{
	if (flushall)
		writecommand(0x05);
	else
		writecommand(0x04);
}

#ifdef DEBUG
void smbpw_dump(void)
{
	writecommand(0x03);
}
#endif /* DEBUG */

char *smbpw_retrieve(char *username)
{
	int cs;
	char command;

	char result = 0xff;
	char *password = 0;

	cs = smbpw_unix_connect(SOCKET_NAME);

	if(cs < 0)
	{
		cs = smbpw_unix_connect(SOCKET_NAME);
	}

	// retrieve


		if(result == 0x00)
		{
			password = smbpw_readstring(cs);
			//printf("The password is %s\n", password);
		}
	}

	return password;
}

int smbpw_shutdown_server(void)
{
	int cs;
	char command;
	char result = 0x00;

	cs = smbpw_unix_connect(SOCKET_NAME);

	// store
	command = 0x02;

Lines 39-44 Link Here

(-)smbpwman-0.5.orig/smbpwman.c (-33 / +79 lines)
39	*	39	*
40	* all str commands are 0x00 terminated string of chars.	40	* all str commands are 0x00 terminated string of chars.
41	*	41	*
		42	* Patched by Chris Jensen - 22 Sep 2004
		43	* Expire cached passwords after short timeout
		44	* Add flush and flushall requests
		45	* Rename shared functions to avoid naming collisions
42	* Patched by Chris Jensen - 19 Aug 2004	46	* Patched by Chris Jensen - 19 Aug 2004
43	* Clear passwords after first use	47	* Clear passwords after first use
44	* Overwrite passwords with 0x00 before freeing memory	48	* Overwrite passwords with 0x00 before freeing memory
Lines 55-60 Link Here
55	#include "smbpw.h"	59	#include "smbpw.h"
56	#include <stdarg.h>	60	#include <stdarg.h>
57	#include <syslog.h>	61	#include <syslog.h>
		62	#include <time.h>
58		63
59	/* Reference counter is necissary otherwise	64	/* Reference counter is necissary otherwise
60	* the sequence store, store, retrieve, retrieve	65	* the sequence store, store, retrieve, retrieve
Lines 67-72 Link Here
67	char *key;	72	char *key;
68	char *value;	73	char *value;
69	int ref; /* reference counter */	74	int ref; /* reference counter */
		75	time_t mtime; /* time the value was last modified */
70	} *root = 0;	76	} *root = 0;
71		77
72	/* clean_free_str	78	/* clean_free_str
Lines 95-101 Link Here
95	if(strcmp((*entry)->key, key) == 0)	101	if(strcmp((*entry)->key, key) == 0)
96	{	102	{
97	(*entry)->ref++;	103	(*entry)->ref++;
98	//printf("Already an entry for key %s\n", key);	104	(*entry)->mtime=time(NULL);
99	clean_free_str(&((*entry)->value));	105	clean_free_str(&((*entry)->value));
100		106
101	(*entry)->value = strdup(value);	107	(*entry)->value = strdup(value);
Lines 108-113 Link Here
108	new = malloc(sizeof(struct entry_t));	114	new = malloc(sizeof(struct entry_t));
109	new->next = 0;	115	new->next = 0;
110	new->ref=1;	116	new->ref=1;
		117	new->mtime=time(NULL);
111	new->key = strdup(key);	118	new->key = strdup(key);
112	new->value = strdup(value);	119	new->value = strdup(value);
113	*entry = new;	120	*entry = new;
Lines 115-135 Link Here
115	return 0;	122	return 0;
116	}	123	}
117		124
118	/* scrub_memory
119	Write 0x00 over all passwords stored in memory before shutting down
120	*/
121	void scrub_memory(void)
122	{
123	struct entry_t *entry = root;
124
125	while (entry)
126	{
127	clean_free_str(&(entry->key));
128	clean_free_str(&(entry->value));
129
130	entry = entry->next;
131	}
132	}
133		125
134	#ifdef DEBUG	126	#ifdef DEBUG
135	/* cache_dump	127	/* cache_dump
Lines 141-155 Link Here
141	{	133	{
142	struct entry_t *entry = root;	134	struct entry_t *entry = root;
143	int count = 0;	135	int count = 0;
		136	char *mtime;
144		137
145	while (entry)	138	while (entry)
146	{	139	{
147	count++;	140	count++;
148	printf("%i, User: %s, Password: %s, Ref: %i\n",	141	mtime = ctime(&(entry->mtime));
		142	printf("%i, User: %s, Password: %s, Ref: %i, mtime: %s\n",
149	count, entry->key, entry->value,	143	count, entry->key, entry->value,
150	entry->ref);	144	entry->ref, mtime);
151		145
152	entry = entry->next;	146	entry = entry->next;
		147	free(mtime);
153	}	148	}
154		149
155	printf("Total: %i\n", count);	150	printf("Total: %i\n", count);
Lines 161-184 Link Here
161	struct entry_t *entry = root;	156	struct entry_t *entry = root;
162	char *password = NULL;	157	char *password = NULL;
163	struct entry_t **prev = &root;	158	struct entry_t **prev = &root;
		159	time_t now = time(NULL);
		160	int expired;
164		161
165	while(entry)	162	while(entry)
166	{	163	{
167	//printf("%s, %s\n", entry->key, entry->value);	164	//printf("%s, %s\n", entry->key, entry->value);
168	if(strcmp(key, entry->key) == 0)	165	if(strcmp(key, entry->key) == 0)
169	{	166	{
		167	expired = (difftime(now, entry->mtime) >
		168	MAX_CACHE_AGE);
		169
170	if (entry->value)	170	if (entry->value)
171	{	171	{
172	password = strdup(entry->value);	172	if (!expired)
173		173	{
174	if ((--(entry->ref)) < 1)	174	password = strdup(entry->value);
175	{	175	(entry->ref)--;
176	clean_free_str(&(entry->value));
177
178	*prev=entry->next;
179	free(entry);
180	}	176	}
181	}	177	}
		178
		179	/* If the entry has expired, or has
		180	no more processes waiting to read on it
		181	remove it */
		182	if (expired \|\| (entry->ref < 1))
		183	{
		184	clean_free_str(&(entry->value));
		185	free(&(entry->key));
		186
		187	*prev=entry->next;
		188	free(entry);
		189	}
182	return password;	190	return password;
183	}	191	}
184	prev = &entry->next;	192	prev = &entry->next;
Lines 187-192 Link Here
187	return 0;	195	return 0;
188	}	196	}
189		197
		198	static void cache_flush(int flushall)
		199	{
		200	struct entry_t *entry = root;
		201	struct entry_t **prev = &root;
		202	time_t now = time(NULL);
		203
		204	while(entry)
		205	{
		206	if ((flushall) \|\| (difftime(now, entry->mtime) >
		207	MAX_CACHE_AGE))
		208	{
		209	clean_free_str(&(entry->value));
		210	clean_free_str(&(entry->key));
		211
		212	*prev=entry->next;
		213	free(entry);
		214	}
		215
		216	prev = &entry->next;
		217	entry = entry->next;
		218	}
		219	}
		220
190	static void log(int err, const char *format, ...)	221	static void log(int err, const char *format, ...)
191	{	222	{
192	va_list args;	223	va_list args;
Lines 234-247 Link Here
234	return 1;	265	return 1;
235	}	266	}
236		267
237	if(verify_socket_path(SOCKET_NAME) < 0)	268	if(smbpw_verify_socket_path(SOCKET_NAME) < 0)
238	{	269	{
239	print_version();	270	print_version();
240	fprintf(stderr, "Socket path %s is insecure\n", SOCKET_NAME);	271	fprintf(stderr, "Socket path %s is insecure\n", SOCKET_NAME);
241	return 1;	272	return 1;
242	}	273	}
243		274
244	ss = open_unix_socket(SOCKET_NAME);	275	ss = smbpw_open_unix_socket(SOCKET_NAME);
245	if(ss < 0)	276	if(ss < 0)
246	{	277	{
247	print_version();	278	print_version();
Lines 307-319 Link Here
307	{	338	{
308	printf("STORE\n");	339	printf("STORE\n");
309	}	340	}
310	username = readstring(cs);	341	username = smbpw_readstring(cs);
311	if(!username)	342	if(!username)
312	{	343	{
313	close(cs);	344	close(cs);
314	continue;	345	continue;
315	}	346	}
316	password = readstring(cs);	347	password = smbpw_readstring(cs);
317	if(!password)	348	if(!password)
318	{	349	{
319	close(cs);	350	close(cs);
Lines 331-337 Link Here
331	{	362	{
332	printf("RETRIEVE\n");	363	printf("RETRIEVE\n");
333	}	364	}
334	username = readstring(cs);	365	username = smbpw_readstring(cs);
335	if(!username)	366	if(!username)
336	{	367	{
337	close(cs);	368	close(cs);
Lines 360-366 Link Here
360	printf("SHUTDOWN\n");	391	printf("SHUTDOWN\n");
361	}	392	}
362	log(LOG_INFO, "shutdown request. daemon terminating\n");	393	log(LOG_INFO, "shutdown request. daemon terminating\n");
363	scrub_memory();	394	cache_flush(1);
364	return 0;	395	return 0;
365	break;	396	break;
366	#ifdef DEBUG	397	#ifdef DEBUG
Lines 373-379 Link Here
373	}	404	}
374	break;	405	break;
375	#endif /* DEBUG */	406	#endif /* DEBUG */
376		407	case 0x05:
		408	if(verbose)
		409	{
		410	printf("FLUSH\n");
		411	}
		412	log(LOG_INFO, "Buffer flush requested. All old entries being cleaned.\n");
		413	cache_flush(0);
		414	break;
		415	case 0x06:
		416	if(verbose)
		417	{
		418	printf("FLUSH ALL\n");
		419	}
		420	log(LOG_INFO, "Full buffer flush requested. All entries are being removed.\n");
		421	cache_flush(1);
		422	break;
377	default:	423	default:
378	break;	424	break;
379	}	425	}




{
	char *password;

	if(smbpw_verify_socket_path(SOCKET_NAME) < 0)
	{
		fprintf(stderr, "Socket path %s is insecure\n", SOCKET_NAME);
		return 1;


	if(argc == 2 && strcmp(argv[1], "--shutdown") == 0)
	{
		smbpw_shutdown_server();
		return 0;
	}
	else if(argc == 3 && strcmp(argv[1], "--retrieve") == 0)
	{
		password = smbpw_retrieve(argv[2]);

		if(password)
		{

	else if(argc == 2 && strcmp(argv[1], "--dump") == 0)
	{
		printf("Requesting dump.\n");
		smbpw_dump();
	}
#endif /* DEBUG */
	else if(argc == 3 && strcmp(argv[1], "--store") == 0)
	{
		password = getpass("Password: ");
		smbpw_store(argv[2], password);
	}
	else if(argc == 2 && strcmp(argv[1], "--flush") == 0)
	{
		printf("Flushing old cache entries.\n");
		smbpw_flush(0);
	}
	else if(argc == 2 && strcmp(argv[1], "--flushall") == 0)
	{
		printf("Flushing ALL cache entries.\n");
		smbpw_flush(1);
	}
	else
	{

		printf("%s --store <username>\n", argv[0]);
		printf("%s --retrieve <username>\n", argv[0]);
		printf("%s --shutdown\n", argv[0]);
		printf("%s --flush\n", argv[0]);
		printf("%s --flushall\n", argv[0]);
#ifdef DEBUG
		printf("%s --dump\n", argv[0]);
#endif /* DEBUG */

Return to bug 67060

Lines 33-53 Link Here

(-)smbpwman-0.5.orig/smbpw.h (-8 / +14 lines)
33	#define SERVER_PATH "/usr/sbin/"	33	#define SERVER_PATH "/usr/sbin/"
34	#endif	34	#endif
35		35
		36	// Maximum time in seconds to cache credentials
		37	#ifndef MAX_CACHE_AGE
		38	#define MAX_CACHE_AGE 5
		39	#endif
		40
36	// The following comes from unix(7)	41	// The following comes from unix(7)
37	#define UNIX_PATH_MAX 108	42	#define UNIX_PATH_MAX 108
38		43
39	// internal helpers	44	// internal helpers
40	int verify_socket_path(char *name);	45	int smbpw_verify_socket_path(char *name);
41	int open_unix_socket(char *name);	46	int smbpw_open_unix_socket(char *name);
42	char *readstring(int cs);	47	char *smbpw_readstring(int cs);
43	int unix_connect(char *name);	48	int smbpw_unix_connect(char *name);
44		49
45	// external interface	50	// external interface
46	int store(char username, char password);	51	int smbpw_store(char username, char password);
47	char retrieve(char username);	52	char smbpw_retrieve(char username);
48	int shutdown_server(void);	53	int smbpw_shutdown_server(void);
		54	void smbpw_flush(int flushall);
49	#ifdef DEBUG	55	#ifdef DEBUG
50	void dump(void);	56	void smbpw_dump(void);
51	#endif /* DEBUG */	57	#endif /* DEBUG */
52		58
53	#endif	59	#endif

Lines 17-23 Link Here

(-)smbpwman-0.5.orig/smbpwcommon.c (-17 / +29 lines)
17	* funny buggers with the socket and subvert the security.	17	* funny buggers with the socket and subvert the security.
18	*	18	*
19	*/	19	*/
20	int verify_socket_path(char *name)	20	int smbpw_verify_socket_path(char *name)
21	{	21	{
22	int i = 0;	22	int i = 0;
23	char x;	23	char x;
Lines 68-74 Link Here
68	return result;	68	return result;
69	}	69	}
70		70
71	int open_unix_socket(char *name)	71	int smbpw_open_unix_socket(char *name)
72	{	72	{
73	struct stat stat_buf;	73	struct stat stat_buf;
74	int ss;	74	int ss;
Lines 119-125 Link Here
119	return ss;	119	return ss;
120	}	120	}
121		121
122	int unix_connect(char *name)	122	int smbpw_unix_connect(char *name)
123	{	123	{
124	struct sockaddr_un addr;	124	struct sockaddr_un addr;
125	int cs = socket(PF_UNIX, SOCK_STREAM, 0);	125	int cs = socket(PF_UNIX, SOCK_STREAM, 0);
Lines 141-147 Link Here
141	return cs;	141	return cs;
142	}	142	}
143		143
144	char *readstring(int cs)	144	char *smbpw_readstring(int cs)
145	{	145	{
146	char buffer[1024];	146	char buffer[1024];
147	int i = 0;	147	int i = 0;
Lines 166-172 Link Here
166	return strdup(buffer);	166	return strdup(buffer);
167	}	167	}
168		168
169	int store(char username, char password)	169	int smbpw_store(char username, char password)
170	{	170	{
171	int cs;	171	int cs;
172	char command;	172	char command;
Lines 176-182 Link Here
176	int delay = 1;	176	int delay = 1;
177		177
178		178
179	cs = unix_connect(SOCKET_NAME);	179	cs = smbpw_unix_connect(SOCKET_NAME);
180	if(cs < 0)	180	if(cs < 0)
181	{	181	{
182	while(attempts > 0)	182	while(attempts > 0)
Lines 185-191 Link Here
185	sleep(delay);	185	sleep(delay);
186	delay = delay * 2;	186	delay = delay * 2;
187		187
188	cs = unix_connect(SOCKET_NAME);	188	cs = smbpw_unix_connect(SOCKET_NAME);
189	if(cs >= 0)	189	if(cs >= 0)
190	{	190	{
191	break;	191	break;
Lines 223-242 Link Here
223	return 0;	223	return 0;
224	}	224	}
225		225
226	#ifdef DEBUG	226	void writecommand(char command)
227	void dump(void)
228	{	227	{
229	int cs;	228	int cs;
230	char command = 0x03;
231		229
232	cs = unix_connect(SOCKET_NAME);	230	cs = smbpw_unix_connect(SOCKET_NAME);
233		231
234	write(cs, &command, sizeof(command));	232	write(cs, &command, sizeof(command));
235	close(cs);	233	close(cs);
236	}	234	}
		235
		236	void smbpw_flush(int flushall)
		237	{
		238	if (flushall)
		239	writecommand(0x05);
		240	else
		241	writecommand(0x04);
		242	}
		243
		244	#ifdef DEBUG
		245	void smbpw_dump(void)
		246	{
		247	writecommand(0x03);
		248	}
237	#endif /* DEBUG */	249	#endif /* DEBUG */
238		250
239	char retrieve(char username)	251	char smbpw_retrieve(char username)
240	{	252	{
241	int cs;	253	int cs;
242	char command;	254	char command;
Lines 244-254 Link Here
244	char result = 0xff;	256	char result = 0xff;
245	char *password = 0;	257	char *password = 0;
246		258
247	cs = unix_connect(SOCKET_NAME);	259	cs = smbpw_unix_connect(SOCKET_NAME);
248		260
249	if(cs < 0)	261	if(cs < 0)
250	{	262	{
251	cs = unix_connect(SOCKET_NAME);	263	cs = smbpw_unix_connect(SOCKET_NAME);
252	}	264	}
253		265
254	// retrieve	266	// retrieve
Lines 263-269 Link Here
263		275
264	if(result == 0x00)	276	if(result == 0x00)
265	{	277	{
266	password = readstring(cs);	278	password = smbpw_readstring(cs);
267	//printf("The password is %s\n", password);	279	//printf("The password is %s\n", password);
268	}	280	}
269	}	281	}
Lines 281-293 Link Here
281	return password;	293	return password;
282	}	294	}
283		295
284	int shutdown_server(void)	296	int smbpw_shutdown_server(void)
285	{	297	{
286	int cs;	298	int cs;
287	char command;	299	char command;
288	char result = 0x00;	300	char result = 0x00;
289		301
290	cs = unix_connect(SOCKET_NAME);	302	cs = smbpw_unix_connect(SOCKET_NAME);
291		303
292	// store	304	// store
293	command = 0x02;	305	command = 0x02;

Lines 9-15 Link Here

(-)smbpwman-0.5.orig/smbpwtest.c (-5 / +17 lines)
9	{	9	{
10	char *password;	10	char *password;
11		11
12	if(verify_socket_path(SOCKET_NAME) < 0)	12	if(smbpw_verify_socket_path(SOCKET_NAME) < 0)
13	{	13	{
14	fprintf(stderr, "Socket path %s is insecure\n", SOCKET_NAME);	14	fprintf(stderr, "Socket path %s is insecure\n", SOCKET_NAME);
15	return 1;	15	return 1;
Lines 17-28 Link Here
17		17
18	if(argc == 2 && strcmp(argv[1], "--shutdown") == 0)	18	if(argc == 2 && strcmp(argv[1], "--shutdown") == 0)
19	{	19	{
20	shutdown_server();	20	smbpw_shutdown_server();
21	return 0;	21	return 0;
22	}	22	}
23	else if(argc == 3 && strcmp(argv[1], "--retrieve") == 0)	23	else if(argc == 3 && strcmp(argv[1], "--retrieve") == 0)
24	{	24	{
25	password = retrieve(argv[2]);	25	password = smbpw_retrieve(argv[2]);
26		26
27	if(password)	27	if(password)
28	{	28	{
Lines 39-51 Link Here
39	else if(argc == 2 && strcmp(argv[1], "--dump") == 0)	39	else if(argc == 2 && strcmp(argv[1], "--dump") == 0)
40	{	40	{
41	printf("Requesting dump.\n");	41	printf("Requesting dump.\n");
42	dump();	42	smbpw_dump();
43	}	43	}
44	#endif /* DEBUG */	44	#endif /* DEBUG */
45	else if(argc == 3 && strcmp(argv[1], "--store") == 0)	45	else if(argc == 3 && strcmp(argv[1], "--store") == 0)
46	{	46	{
47	password = getpass("Password: ");	47	password = getpass("Password: ");
48	store(argv[2], password);	48	smbpw_store(argv[2], password);
		49	}
		50	else if(argc == 2 && strcmp(argv[1], "--flush") == 0)
		51	{
		52	printf("Flushing old cache entries.\n");
		53	smbpw_flush(0);
		54	}
		55	else if(argc == 2 && strcmp(argv[1], "--flushall") == 0)
		56	{
		57	printf("Flushing ALL cache entries.\n");
		58	smbpw_flush(1);
49	}	59	}
50	else	60	else
51	{	61	{
Lines 53-58 Link Here
53	printf("%s --store <username>\n", argv[0]);	63	printf("%s --store <username>\n", argv[0]);
54	printf("%s --retrieve <username>\n", argv[0]);	64	printf("%s --retrieve <username>\n", argv[0]);
55	printf("%s --shutdown\n", argv[0]);	65	printf("%s --shutdown\n", argv[0]);
		66	printf("%s --flush\n", argv[0]);
		67	printf("%s --flushall\n", argv[0]);
56	#ifdef DEBUG	68	#ifdef DEBUG
57	printf("%s --dump\n", argv[0]);	69	printf("%s --dump\n", argv[0]);
58	#endif /* DEBUG */	70	#endif /* DEBUG */