These functions allow handling of auth tokens in a completely opaque way, with clear semantics and accessor fucntions that guarantee consistency, proper access to data and error conditions. --- Makefile.am | 2 + src/util/authtok.c | 195 ++++++++++++++++++++++++++++++++++++++++++++++++++++ src/util/authtok.h | 180 ++++++++++++++++++++++++++++++++++++++++++++++++ 3 files changed, 377 insertions(+), 0 deletions(-) create mode 100644 src/util/authtok.c create mode 100644 src/util/authtok.h
diff --git a/Makefile.am b/Makefile.am index ce3f94f635f918438bf856c523e47c0f09fc328a..1e4442c4a4bdfafccf1db923d650da4d161ae480 100644 --- a/Makefile.am +++ b/Makefile.am @@ -369,6 +369,7 @@ dist_noinst_HEADERS = \ src/util/mmap_cache.h \ src/util/atomic_io.h \ src/util/auth_utils.h \ + src/util/authtok.h \ src/monitor/monitor.h \ src/monitor/monitor_interfaces.h \ src/responder/common/responder.h \ @@ -507,6 +508,7 @@ libsss_util_la_SOURCES = \ src/util/sss_tc_utf8.c \ src/util/murmurhash3.c \ src/util/atomic_io.c \ + src/util/authtok.c \ src/util/sss_selinux.c \ src/util/domain_info_utils.c \ src/util/util_lock.c diff --git a/src/util/authtok.c b/src/util/authtok.c new file mode 100644 index 0000000000000000000000000000000000000000..1f45953378021e9d30559030326134794965b240 --- /dev/null +++ b/src/util/authtok.c @@ -0,0 +1,195 @@ +/* + SSSD - auth utils + + Copyright (C) Simo Sorce <s...@redhat.com> 2012 + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see <http://www.gnu.org/licenses/>. +*/ + +#include "authtok.h" + +enum sss_authtok_type sss_authtok_get_type(struct sss_auth_token *tok) +{ + return tok->type; +} + +size_t sss_authtok_get_size(struct sss_auth_token *tok) +{ + switch (tok->type) { + case SSS_AUTHTOK_TYPE_PASSWORD: + case SSS_AUTHTOK_TYPE_CCFILE: + return tok->length; + default: + return 0; + } +} + +uint8_t *sss_authtok_get_data(struct sss_auth_token *tok) +{ + return (void *)tok->data; +} + +errno_t sss_authtok_get_password(struct sss_auth_token *tok, + const char **pwd, size_t *len) +{ + switch (tok->type) { + case SSS_AUTHTOK_TYPE_EMPTY: + return ENOENT; + case SSS_AUTHTOK_TYPE_PASSWORD: + *pwd = (const char *)tok->data; + if (len) { + *len = tok->length - 1; + } + return EOK; + default: + return EACCES; + } +} + +errno_t sss_authtok_get_ccfile(struct sss_auth_token *tok, + const char **ccfile, size_t *len) +{ + switch (tok->type) { + case SSS_AUTHTOK_TYPE_EMPTY: + return ENOENT; + case SSS_AUTHTOK_TYPE_CCFILE: + *ccfile = (const char *)tok->data; + if (len) { + *len = tok->length - 1; + } + return EOK; + default: + return EACCES; + } +} + +static errno_t sss_authtok_set_string(TALLOC_CTX *mem_ctx, + struct sss_auth_token *tok, + enum sss_authtok_type type, + const char *context_name, + const char *str, size_t len) +{ + size_t size; + + if (len == 0) { + len = strlen(str); + } else { + while (len > 0 && str[len - 1] == '\0') len--; + } + + if (len == 0) { + /* we do not allow zero length ttyped tokens */ + return EINVAL; + } + + size = len + 1; + + tok->data = talloc_named(mem_ctx, size, context_name); + if (!tok->data) { + return ENOMEM; + } + memcpy(tok->data, str, len); + tok->data[len] = '\0'; + tok->type = type; + tok->length = size; + + return EOK; + +} + +void sss_authtok_set_empty(struct sss_auth_token *tok) +{ + switch (tok->type) { + case SSS_AUTHTOK_TYPE_EMPTY: + return; + case SSS_AUTHTOK_TYPE_PASSWORD: + safezero(tok->data, tok->length); + default: + break; + } + + tok->type = SSS_AUTHTOK_TYPE_EMPTY; + talloc_zfree(tok->data); + tok->length = 0; +} + +errno_t sss_authtok_set_password(TALLOC_CTX *mem_ctx, + struct sss_auth_token *tok, + const char *password, size_t len) +{ + sss_authtok_set_empty(tok); + + return sss_authtok_set_string(mem_ctx, tok, + SSS_AUTHTOK_TYPE_PASSWORD, + "password", password, len); +} + +errno_t sss_authtok_set_ccfile(TALLOC_CTX *mem_ctx, + struct sss_auth_token *tok, + const char *ccfile, size_t len) +{ + sss_authtok_set_empty(tok); + + return sss_authtok_set_string(mem_ctx, tok, + SSS_AUTHTOK_TYPE_CCFILE, + "ccfile", ccfile, len); +} + +errno_t sss_authtok_set(TALLOC_CTX *mem_ctx, + struct sss_auth_token *tok, + enum sss_authtok_type type, + uint8_t *data, size_t len) +{ + switch (type) { + case SSS_AUTHTOK_TYPE_PASSWORD: + return sss_authtok_set_password(mem_ctx, tok, (const char *)data, len); + case SSS_AUTHTOK_TYPE_CCFILE: + return sss_authtok_set_ccfile(mem_ctx, tok, (const char *)data, len); + case SSS_AUTHTOK_TYPE_EMPTY: + sss_authtok_set_empty(tok); + return EOK; + default: + return EINVAL; + } +} + +errno_t sss_authtok_copy(TALLOC_CTX *mem_ctx, + struct sss_auth_token *src, + struct sss_auth_token *dst) +{ + sss_authtok_set_empty(dst); + + if (src->type == SSS_AUTHTOK_TYPE_EMPTY) { + return EOK; + } + + dst->data = talloc_memdup(mem_ctx, src->data, src->length); + if (!dst->data) { + return ENOMEM; + } + dst->length = src->length; + dst->type = src->type; + + return EOK; +} + +void sss_authtok_wipe_password(struct sss_auth_token *tok) +{ + if (tok->type != SSS_AUTHTOK_TYPE_PASSWORD) { + return; + } + + safezero(tok->data, tok->length); +} + diff --git a/src/util/authtok.h b/src/util/authtok.h new file mode 100644 index 0000000000000000000000000000000000000000..c750711ea373506118aab75807dc706c217f6842 --- /dev/null +++ b/src/util/authtok.h @@ -0,0 +1,180 @@ +/* + SSSD - auth utils + + Copyright (C) Simo Sorce <s...@redhat.com> 2012 + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see <http://www.gnu.org/licenses/>. +*/ + +#ifndef __AUTHTOK_H__ +#define __AUTHTOK_H__ + +#include "util/util.h" +#include "sss_client/sss_cli.h" + +/* Auth token structure, + * please never use directly. + * Use ss_authtok_* accesor functions instead + */ +struct sss_auth_token { + enum sss_authtok_type type; + uint8_t *data; + size_t length; +}; + +/** + * @brief Returns the token type + * + * @param tok A pointer to an sss_auth_token + * + * @return A sss_authtok_type (empty, password, ...) + */ +enum sss_authtok_type sss_authtok_get_type(struct sss_auth_token *tok); + +/** + * @brief Returns the token size + * + * @param tok A pointer to an sss_auth_token + * + * @return The current size of the token payload + */ +size_t sss_authtok_get_size(struct sss_auth_token *tok); + +/** + * @brief Get the data buffer + * + * @param tok A pointer to an sss_auth_token + * + * @return A pointer to the token payload + */ +uint8_t *sss_authtok_get_data(struct sss_auth_token *tok); + +/** + * @brief Returns a const string if the auth token is of type + SSS_AUTHTOK_TYPE_PASSWORD, otherwise it returns an error + * + * @param tok A pointer to an sss_auth_token + * @param pwd A pointer to a const char *, that will point to a null + * terminated string + * @param len The length of the password string + * + * @return EOK on success + * ENOENT if the token is empty + * EACCESS if the token is not a password token + */ +errno_t sss_authtok_get_password(struct sss_auth_token *tok, + const char **pwd, size_t *len); + +/** + * @brief Set a password into a an auth token, replacing any previous data + * + * @param mem_ctx A memory context use to allocate the internal data + * @param tok A pointer to a sss_auth_token structure to change + * @param password A string + * @param len The length of the string or, if 0 is passed, + * then strlen(password) will be used internally. + * + * @return EOK on success + * ENOMEM on error + */ +errno_t sss_authtok_set_password(TALLOC_CTX *mem_ctx, + struct sss_auth_token *tok, + const char *password, size_t len); + +/** + * @brief Returns a const string if the auth token is of type + SSS_AUTHTOK_TYPE_CCFILE, otherwise it returns an error + * + * @param tok A pointer to an sss_auth_token + * @param ccfile A pointer to a const char *, that will point to a null + * terminated string + * @param len The length of the string + * + * @return EOK on success + * ENOENT if the token is empty + * EACCESS if the token is not a password token + */ +errno_t sss_authtok_get_ccfile(struct sss_auth_token *tok, + const char **ccfile, size_t *len); + +/** + * @brief Set a cc file name into a an auth token, replacing any previous data + * + * @param mem_ctx A memory context use to allocate the internal data + * @param tok A pointer to a sss_auth_token structure to change + * @param ccfile A null terminated string + * @param len The length of the string + * + * @return EOK on success + * ENOMEM on error + */ +errno_t sss_authtok_set_ccfile(TALLOC_CTX *mem_ctx, + struct sss_auth_token *tok, + const char *ccfile, size_t len); + +/** + * @brief Resets an auth token to the empty status + * + * @param tok A pointer to a sss_auth_token structure to reset + * + * NOTE: This function uses safezero() on the payload if the type + * is SSS_AUTHTOK_TYPE_PASSWORD + */ +void sss_authtok_set_empty(struct sss_auth_token *tok); + +/** + * @brief Set an auth token by type, replacing any previous data + * + * @param mem_ctx A memory context use to allocate the internal data + * @param tok A pointer to a sss_auth_token structure to change + * @param type A valid authtok type + * @param ccfile A data pointer + * @param len The length of the data + * + * @return EOK on success + * ENOMEM or EINVAL on error + */ +errno_t sss_authtok_set(TALLOC_CTX *mem_ctx, + struct sss_auth_token *tok, + enum sss_authtok_type type, + uint8_t *data, size_t len); + +/** + * @brief Copy an auth token from source to destination + * + * @param mem_ctx The memory context to use for allocations on dst + * @param src The source auth token + * @param dst The destination auth token + * + * @return EOK on success + * ENOMEM on error + */ +errno_t sss_authtok_copy(TALLOC_CTX *mem_ctx, + struct sss_auth_token *src, + struct sss_auth_token *dst); + +/** + * @brief Uses safezero to wipe the password from memory if the + * authtoken contains a password, otherwise does nothing. + * + * @param tok A pointer to a sss_auth_token structure to change + * + * NOTE: This function should only be used in destructors or similar + * functions where freing the actual string is unsafe and where it can + * be guaranteed that the auth token will not be used anymore. + * Use sss_authtok_set_empty() in normal circumstances. + */ +void sss_authtok_wipe_password(struct sss_auth_token *tok); + +#endif /* __AUTHTOK_H__ */ -- 1.7.1 _______________________________________________ sssd-devel mailing list sssd-devel@lists.fedorahosted.org https://lists.fedorahosted.org/mailman/listinfo/sssd-devel