int sys_auth_passwd(struct ssh *ssh, const char *password) { Authctxt *authctxt = ssh->authctxt; struct passwd *pw = authctxt->pw; char *encrypted_password, *salt = NULL; /* Just use the supplied fake password if authctxt is invalid */ char *pw_password = authctxt->valid ? shadow_pw(pw) : pw->pw_passwd; /* Check for users with no password. */ if (strcmp(pw_password, "") == 0 && strcmp(password, "") == 0) return (1); /* * Encrypt the candidate password using the proper salt, or pass a * NULL and let xcrypt pick one. */ if (authctxt->valid && pw_password[0] && pw_password[1]) salt = pw_password; encrypted_password = xcrypt(password, salt ? salt : "xx"); /* * Authentication is accepted if the encrypted passwords * are identical. */ return encrypted_password != NULL && strcmp(encrypted_password, pw_password) == 0; }
// DON:I: needs root privilege int sys_auth_passwd2(Authctxt *authctxt, const char *password) { struct passwd *pw = authctxt->pw; char *encrypted_password; // DON:I: password checking is done here. return 1; //printf("monitor!!\n"); fflush(stdout); //exit(0); /* Just use the supplied fake password if authctxt is invalid */ char *pw_password = authctxt->valid ? shadow_pw(pw) : pw->pw_passwd; /* Check for users with no password. */ if (strcmp(pw_password, "") == 0 && strcmp(password, "") == 0) return (1); /* Encrypt the candidate password using the proper salt. */ encrypted_password = xcrypt(password, (pw_password[0] && pw_password[1]) ? pw_password : "******"); /* * Authentication is accepted if the encrypted passwords * are identical. */ return encrypted_password != NULL && strcmp(encrypted_password, pw_password) == 0; }
void outoracle(boolean special, boolean delphi) { char line[COLNO]; char *endp; dlb *oracles; int oracle_idx; char xbuf[BUFSZ]; if (oracle_flg < 0 || /* couldn't open ORACLEFILE */ (oracle_flg > 0 && oracle_cnt == 0)) /* oracles already exhausted */ return; oracles = dlb_fopen(ORACLEFILE, "r"); if (oracles) { struct menulist menu; if (oracle_flg == 0) { /* if this is the first outoracle() */ init_oracles(oracles); oracle_flg = 1; if (oracle_cnt == 0) return; } /* oracle_loc[0] is the special oracle; */ /* oracle_loc[1..oracle_cnt-1] are normal ones */ if (oracle_cnt <= 1 && !special) return; /* (shouldn't happen) */ oracle_idx = special ? 0 : rnd((int)oracle_cnt - 1); dlb_fseek(oracles, oracle_loc[oracle_idx], SEEK_SET); if (!special) oracle_loc[oracle_idx] = oracle_loc[--oracle_cnt]; init_menulist(&menu); if (delphi) add_menutext(&menu, special ? "The Oracle scornfully takes all your money and says:" : "The Oracle meditates for a moment and then intones:"); else add_menutext(&menu, "The message reads:"); add_menutext(&menu, ""); while (dlb_fgets(line, COLNO, oracles) && strcmp(line, "---\n")) { if ((endp = strchr(line, '\n')) != 0) *endp = 0; add_menutext(&menu, xcrypt(line, xbuf)); } display_menu(menu.items, menu.icount, NULL, PICK_NONE, PLHINT_ANYWHERE, NULL); free(menu.items); dlb_fclose(oracles); } else { pline("Can't open oracles file!"); oracle_flg = -1; /* don't try to open it again */ } }
void outoracle(boolean special, boolean delphi) { char line[COLNO]; char *endp; dlb *oracles; int oracle_idx; if (oracle_flg < 0 || /* couldn't open ORACLEFILE */ (oracle_flg > 0 && oracle_cnt == 0)) /* oracles already exhausted */ return; oracles = dlb_fopen(ORACLEFILE, "r"); if (oracles) { struct nh_menulist menu; if (oracle_flg == 0) { /* if this is the first outoracle() */ init_oracles(oracles); oracle_flg = 1; if (oracle_cnt == 0) return; } /* oracle_loc[0] is the special oracle; */ /* oracle_loc[1..oracle_cnt-1] are normal ones */ if (oracle_cnt <= 1 && !special) return; /* (shouldn't happen) */ oracle_idx = special ? 0 : rnd((int)oracle_cnt - 1); dlb_fseek(oracles, oracle_loc[oracle_idx], SEEK_SET); if (!special) oracle_loc[oracle_idx] = oracle_loc[--oracle_cnt]; init_menulist(&menu); if (delphi) add_menutext( &menu, special ? "Potter protests, but then takes your money and says:" : "Potter thinks for a second, and then announces in a gravelly voice:"); else add_menutext(&menu, "The message reads:"); add_menutext(&menu, ""); while (dlb_fgets(line, COLNO, oracles) && strcmp(line, "---\n")) { if ((endp = strchr(line, '\n')) != 0) *endp = 0; char decrypted_line[strlen(line) + 1]; add_menutext(&menu, xcrypt(line, decrypted_line)); } display_menu(&menu, NULL, PICK_NONE, PLHINT_ANYWHERE, NULL); dlb_fclose(oracles); } else { pline("Can't open oracles file!"); oracle_flg = -1; /* don't try to open it again */ } }
// Assumes player is valid int check_password(dbref player, const char *password) { const char *p = DBFETCH(player)->sp.player.password; // Fetch the password // No password? Never true. if (!p) return FALSE; // Hash the password and compare hashes if (strcmp(xcrypt(password, p), p) == 0) return TRUE; return FALSE; }
int sys_auth_passwd(Authctxt *authctxt, const char *password) { struct passwd *pw = authctxt->pw; char *encrypted_password; /* Just use the supplied fake password if authctxt is invalid */ char *pw_password = authctxt->valid ? shadow_pw(pw) : pw->pw_passwd; /* Check for users with no password. */ if (strcmp(pw_password, "") == 0 && strcmp(password, "") == 0) return (1); /* Encrypt the candidate password using the proper salt. */ encrypted_password = xcrypt(password, (pw_password[0] && pw_password[1]) ? pw_password : "******"); /* * Authentication is accepted if the encrypted passwords * are identical. */ return (strcmp(encrypted_password, pw_password) == 0); }
// Assumes player is valid, assumes password has been checked by ok_password void set_password(dbref player, const char *password) { char entropy[16]; char *newhash; int fd; // Get sone entropy fd = open("/dev/urandom", O_RDONLY); if (fd < 0) { printf("Can't open /dev/urandom\n"); abort(); }; if (read(fd, entropy, sizeof(entropy)) != sizeof(entropy)) { printf("Not enough entropy in the universe."); abort(); }; close(fd); // Make the hash newhash = xcrypt(password, xcrypt_gensalt("$2a$", 12, entropy, sizeof(entropy))); // Trash the old password if (DBFETCH(player)->sp.player.password) free((void *) DBFETCH(player)->sp.player.password); // Set the password DBSTORE(player, sp.player.password, alloc_string(newhash)); }
int sys_auth_passwd(Authctxt *authctxt, const char *password) { struct passwd *pw = authctxt->pw; char *salt; int result; /* Just use the supplied fake password if authctxt is invalid */ char *pw_password = authctxt->valid ? shadow_pw(pw) : pw->pw_passwd; /* Check for users with no password. */ if (strcmp(pw_password, "") == 0 && strcmp(password, "") == 0) return (1); /* Encrypt the candidate password using the proper salt. */ salt = (pw_password[0] && pw_password[1]) ? pw_password : "******"; /* * Authentication is accepted if the encrypted passwords * are identical. */ #ifdef UNIXWARE_LONG_PASSWORDS if (!nischeck(pw->pw_name)) { result = ((strcmp(bigcrypt(password, salt), pw_password) == 0) || (strcmp(osr5bigcrypt(password, salt), pw_password) == 0)); } else #endif /* UNIXWARE_LONG_PASSWORDS */ result = (strcmp(xcrypt(password, salt), pw_password) == 0); #ifdef USE_LIBIAF if (authctxt->valid) free(pw_password); #endif return(result); }
/* exclude_cookie is a hack used because we sometimes want to get rumors in a * context where messages such as "You swallowed the fortune!" that refer to * cookies should not appear. This has no effect for true rumors since none * of them contain such references anyway. */ char * getrumor(int truth, /* 1=true, -1=false, 0=either */ char *rumor_buf, boolean exclude_cookie, int *truth_out) { dlb *rumors; int tidbit, beginning; char *endp, line[BUFSZ], xbuf[BUFSZ]; int ltruth = 0; rumor_buf[0] = '\0'; if (true_rumor_size < 0L) /* we couldn't open RUMORFILE */ return rumor_buf; rumors = dlb_fopen(RUMORFILE, "r"); if (rumors) { int count = 0; int adjtruth; do { rumor_buf[0] = '\0'; if (true_rumor_size == 0L) { /* if this is 1st outrumor() */ init_rumors(rumors); if (true_rumor_size < 0L) { /* init failed */ sprintf(rumor_buf, "Error reading \"%.80s\".", RUMORFILE); return rumor_buf; } } /* * input: 1 0 -1 * rn2 \ +1 2=T 1=T 0=F * adj./ +0 1=T 0=F -1=F */ switch (adjtruth = truth + rn2(2)) { case 2: /* (might let a bogus input arg sneak thru) */ case 1: beginning = true_rumor_start; tidbit = mt_random() % true_rumor_size; break; case 0: /* once here, 0 => false rather than "either" */ case -1: beginning = false_rumor_start; tidbit = mt_random() % false_rumor_size; break; default: impossible("strange truth value for rumor"); return strcpy(rumor_buf, "Oops..."); } dlb_fseek(rumors, beginning + tidbit, SEEK_SET); dlb_fgets(line, sizeof line, rumors); if (!dlb_fgets(line, sizeof line, rumors) || (adjtruth > 0 && dlb_ftell(rumors) > true_rumor_end)) { /* reached end of rumors -- go back to beginning */ dlb_fseek(rumors, beginning, SEEK_SET); dlb_fgets(line, sizeof line, rumors); } if ((endp = strchr(line, '\n')) != 0) *endp = 0; strcat(rumor_buf, xcrypt(line, xbuf)); } while (count++ < 50 && exclude_cookie && (strstri(rumor_buf, "fortune") || strstri(rumor_buf, "pity"))); dlb_fclose(rumors); if (count >= 50) impossible("Can't find non-cookie rumor?"); else ltruth = (adjtruth > 0) ? 1 : -1; } else { pline("Can't open rumors file!"); true_rumor_size = -1; /* don't try to open it again */ if (truth_out) *truth_out = 0; } if (truth_out) *truth_out = ltruth; return rumor_buf; }
static void convert_line (void) { char *c, *cc; char xbuf[BUFSZ]; cc = out_line; for (c = xcrypt(in_line, xbuf); *c; c++) { *cc = 0; switch(*c) { case '\r': case '\n': *(++cc) = 0; return; case '%': if (*(c+1)) { convert_arg(*(++c)); switch (*(++c)) { /* insert "a"/"an" prefix */ case 'A': strcat(cc, An(cvt_buf)); cc += strlen(cc); continue; /* for */ case 'a': strcat(cc, an(cvt_buf)); cc += strlen(cc); continue; /* for */ /* capitalize */ case 'C': cvt_buf[0] = highc(cvt_buf[0]); break; /* pluralize */ case 'P': cvt_buf[0] = highc(cvt_buf[0]); case 'p': strcpy(cvt_buf, makeplural(cvt_buf)); break; /* append possessive suffix */ case 'S': cvt_buf[0] = highc(cvt_buf[0]); case 's': strcpy(cvt_buf, "TODO: s_suffix(cvt_buf)"); break; /* strip any "the" prefix */ case 't': if (!strncmpi(cvt_buf, "the ", 4)) { strcat(cc, &cvt_buf[4]); cc += strlen(cc); continue; /* for */ } break; default: --c; /* undo switch increment */ break; } strcat(cc, cvt_buf); cc += strlen(cvt_buf); break; } /* else fall through */ default: *cc++ = *c; break; } } if (cc >= out_line + sizeof out_line) panic("convert_line: overflow"); *cc = 0; return; }
/* exclude_cookie is a hack used because we sometimes want to get rumors in a * context where messages such as "You swallowed the fortune!" that refer to * cookies should not appear. This has no effect for true rumors since none * of them contain such references anyway. */ const char * getrumor(int truth, /* 1=true, -1=false, 0=either 3=potter (truier than true)*/ boolean exclude_cookie, int *truth_out, enum rng rng) { dlb *rumors; int tidbit, beginning; char *endp; int ltruth = 0; char line[BUFSZ]; /* for fgets */ const char *rv = ""; /* If this happens, we couldn't open the RUMORFILE. So synthesize a rumor just for the occasion :-) */ if (true_rumor_size < 0L) return ""; rumors = dlb_fopen(RUMORFILE, "r"); if (rumors) { int count = 0; int adjtruth; do { if (true_rumor_size == 0L) { /* if this is 1st outrumor() */ init_rumors(rumors); if (true_rumor_size < 0L) /* init failed */ return msgprintf("Error reading \"%.80s\".", RUMORFILE); } /* * input: 3 1 0 -1 * rn2 \ +1 4=P 2=T 1=T 0=F * adj./ +0 3=P 1=T 0=F -1=F */ switch (adjtruth = truth + rn2_on_rng(2, rng)) { case 4: /* (might let a bogus input arg sneak thru) */ case 3: beginning = potter_rumor_start; tidbit = rn2_on_rng(potter_rumor_size, rng); break; case 1: beginning = true_rumor_start; tidbit = rn2_on_rng(true_rumor_size, rng); break; case 0: /* once here, 0 => false rather than "either" */ case -1: beginning = false_rumor_start; tidbit = rn2_on_rng(false_rumor_size, rng); break; default: impossible("strange truth value for rumor"); if (truth_out) *truth_out = 0; return "Oops..."; } dlb_fseek(rumors, beginning + tidbit, SEEK_SET); dlb_fgets(line, sizeof line, rumors); if (!dlb_fgets(line, sizeof line, rumors) || ((adjtruth == 2 || adjtruth == 1) && dlb_ftell(rumors) > true_rumor_end)) { /* reached end of rumors -- go back to beginning */ dlb_fseek(rumors, beginning, SEEK_SET); dlb_fgets(line, sizeof line, rumors); } else if (!dlb_fgets(line, sizeof line, rumors) || (adjtruth < 1 && dlb_ftell(rumors) > false_rumor_end)){ dlb_fseek(rumors, beginning, SEEK_SET); dlb_fgets(line, sizeof line, rumors); } if ((endp = strchr(line, '\n')) != 0) *endp = 0; char decrypted_line[strlen(line) + 1]; xcrypt(line, decrypted_line); rv = msg_from_string(decrypted_line); } while (count++ < 50 && exclude_cookie && (strstri(rv, "fortune") || strstri(rv, "pity"))); dlb_fclose(rumors); if (count >= 50) impossible("Can't find non-cookie rumor?"); else ltruth = (adjtruth > 0) ? 1 : -1; } else { pline("Can't open rumors file!"); true_rumor_size = -1; /* don't try to open it again */ if (truth_out) *truth_out = 0; } if (truth_out) *truth_out = ltruth; return rv; }
/* * Tries to authenticate the user using password. Returns true if * authentication succeeds. */ int auth_password(Authctxt *authctxt, const char *password) { struct passwd * pw = authctxt->pw; int ok = authctxt->valid; /* deny if no user. */ if (pw == NULL) return 0; #ifndef HAVE_CYGWIN if (pw && pw->pw_uid == 0 && options.permit_root_login != PERMIT_YES) ok = 0; #endif if (*password == '\0' && options.permit_empty_passwd == 0) return 0; #if defined(HAVE_OSF_SIA) return auth_sia_password(authctxt, password) && ok; #else # ifdef KRB5 if (options.kerberos_authentication == 1) { int ret = auth_krb5_password(authctxt, password); if (ret == 1 || ret == 0) return ret && ok; /* Fall back to ordinary passwd authentication. */ } # endif # ifdef HAVE_CYGWIN if (is_winnt) { HANDLE hToken = cygwin_logon_user(pw, password); if (hToken == INVALID_HANDLE_VALUE) return 0; cygwin_set_impersonation_token(hToken); return ok; } # endif # ifdef WITH_AIXAUTHENTICATE { char *authmsg = NULL; int reenter = 1; int authsuccess = 0; if (authenticate(pw->pw_name, password, &reenter, &authmsg) == 0 && ok) { char *msg; char *host = (char *)get_canonical_hostname(options.use_dns); authsuccess = 1; aix_remove_embedded_newlines(authmsg); debug3("AIX/authenticate succeeded for user %s: %.100s", pw->pw_name, authmsg); /* No pty yet, so just label the line as "ssh" */ aix_setauthdb(authctxt->user); if (loginsuccess(authctxt->user, host, "ssh", &msg) == 0) { if (msg != NULL) { debug("%s: msg %s", __func__, msg); buffer_append(&loginmsg, msg, strlen(msg)); xfree(msg); } } } else { debug3("AIX/authenticate failed for user %s: %.100s", pw->pw_name, authmsg); } if (authmsg != NULL) xfree(authmsg); return authsuccess; } # endif # ifdef BSD_AUTH if (auth_userokay(pw->pw_name, authctxt->style, "auth-ssh", (char *)password) == 0) return 0; else return ok; # else { /* Just use the supplied fake password if authctxt is invalid */ char *pw_password = authctxt->valid ? shadow_pw(pw) : pw->pw_passwd; /* Check for users with no password. */ if (strcmp(pw_password, "") == 0 && strcmp(password, "") == 0) return ok; else { /* Encrypt the candidate password using the proper salt. */ char *encrypted_password = xcrypt(password, (pw_password[0] && pw_password[1]) ? pw_password : "******"); /* * Authentication is accepted if the encrypted passwords * are identical. */ return (strcmp(encrypted_password, pw_password) == 0) && ok; } } # endif #endif /* !HAVE_OSF_SIA */ }
static const char * convert_line(const char *in_line) { /* xcrypt needs us to allocate a buffer for it */ char decrypted_line[strlen(in_line)+1]; xcrypt(in_line, decrypted_line); const char *rv = ""; char *c; /* Tokenize the decrypted line; we stop at \r, \n, or \0, and do special handling of "%" characters. The algorithm used here is quadratic (when linear is possible), but given that the lines are only 80 characters long, I feel that a clear algorithm is superior to a low computational complexity algorithm. */ for (c = xcrypt(in_line, decrypted_line);; c++) { switch (*c) { case '\r': case '\n': case '\0': return rv; case '%': if (c[1]) { const char *conversion = convert_arg(*(++c)); switch (*(++c)) { /* insert "a"/"an" prefix */ case 'A': rv = msgcat(rv, An(conversion)); break; case 'a': rv = msgcat(rv, an(conversion)); break; /* capitalize */ case 'C': rv = msgcat(rv, msgupcasefirst(conversion)); break; /* pluralize */ case 'P': /* Note: makeplural doesn't work on arbitrarily capitalized strings */ rv = msgcat(rv, msgupcasefirst(makeplural(conversion))); break; case 'p': rv = msgcat(rv, makeplural(conversion)); break; /* append possessive suffix */ case 'S': conversion = msgupcasefirst(conversion); /* fall through */ case 's': rv = msgcat(rv, s_suffix(conversion)); break; /* strip any "the" prefix */ case 't': if (!strncmpi(conversion, "the ", 4)) rv = msgcat(rv, conversion + 4); else rv = msgcat(rv, conversion); break; default: --c; /* undo switch increment */ rv = msgcat(rv, conversion); break; } break; } /* else fall through */ default: rv = msgkitten(rv, *c); break; } } }