1995-07-26 00:13:55 +00:00
|
|
|
/*
|
|
|
|
* Copyright (c) 1985, 1993, 1994
|
|
|
|
* The Regents of the University of California. All rights reserved.
|
|
|
|
*
|
|
|
|
* Redistribution and use in source and binary forms, with or without
|
|
|
|
* modification, are permitted provided that the following conditions
|
|
|
|
* are met:
|
|
|
|
* 1. Redistributions of source code must retain the above copyright
|
|
|
|
* notice, this list of conditions and the following disclaimer.
|
|
|
|
* 2. Redistributions in binary form must reproduce the above copyright
|
|
|
|
* notice, this list of conditions and the following disclaimer in the
|
|
|
|
* documentation and/or other materials provided with the distribution.
|
|
|
|
* 4. Neither the name of the University nor the names of its contributors
|
|
|
|
* may be used to endorse or promote products derived from this software
|
|
|
|
* without specific prior written permission.
|
|
|
|
*
|
|
|
|
* THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
|
|
|
|
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
|
|
|
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
|
|
|
* ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
|
|
|
|
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
|
|
|
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
|
|
|
|
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
|
|
|
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
|
|
|
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
|
|
|
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
|
|
|
* SUCH DAMAGE.
|
|
|
|
*/
|
|
|
|
|
|
|
|
#include <sys/types.h>
|
|
|
|
#include <sys/stat.h>
|
|
|
|
|
|
|
|
#include <ctype.h>
|
1996-08-16 01:33:20 +00:00
|
|
|
#include <err.h>
|
1995-07-26 00:13:55 +00:00
|
|
|
#include <errno.h>
|
2000-05-29 18:04:55 +00:00
|
|
|
#include <netdb.h>
|
1995-07-26 00:13:55 +00:00
|
|
|
#include <stdio.h>
|
2001-07-17 08:32:35 +00:00
|
|
|
#include <stdio_ext.h>
|
1995-07-26 00:13:55 +00:00
|
|
|
#include <stdlib.h>
|
|
|
|
#include <string.h>
|
|
|
|
#include <unistd.h>
|
1999-06-19 09:58:37 +00:00
|
|
|
#include <libintl.h>
|
1995-07-26 00:13:55 +00:00
|
|
|
|
|
|
|
/* #include "ftp_var.h" */
|
|
|
|
|
2000-05-29 18:04:55 +00:00
|
|
|
static int token (void);
|
1995-07-26 00:13:55 +00:00
|
|
|
static FILE *cfile;
|
|
|
|
|
|
|
|
#define DEFAULT 1
|
|
|
|
#define LOGIN 2
|
|
|
|
#define PASSWD 3
|
|
|
|
#define ACCOUNT 4
|
|
|
|
#define MACDEF 5
|
|
|
|
#define ID 10
|
|
|
|
#define MACHINE 11
|
|
|
|
|
|
|
|
static char tokval[100];
|
|
|
|
|
1999-04-28 21:56:46 +00:00
|
|
|
static const char tokstr[] =
|
|
|
|
{
|
|
|
|
#define TOK_DEFAULT_IDX 0
|
|
|
|
"default\0"
|
|
|
|
#define TOK_LOGIN_IDX (TOK_DEFAULT_IDX + sizeof "default")
|
|
|
|
"login\0"
|
|
|
|
#define TOK_PASSWORD_IDX (TOK_LOGIN_IDX + sizeof "login")
|
|
|
|
"password\0"
|
|
|
|
#define TOK_PASSWD_IDX (TOK_PASSWORD_IDX + sizeof "password")
|
|
|
|
"passwd\0"
|
|
|
|
#define TOK_ACCOUNT_IDX (TOK_PASSWD_IDX + sizeof "passwd")
|
|
|
|
"account\0"
|
|
|
|
#define TOK_MACHINE_IDX (TOK_ACCOUNT_IDX + sizeof "account")
|
|
|
|
"machine\0"
|
|
|
|
#define TOK_MACDEF_IDX (TOK_MACHINE_IDX + sizeof "machine")
|
|
|
|
"macdef"
|
|
|
|
};
|
|
|
|
|
|
|
|
static const struct toktab {
|
|
|
|
int tokstr_off;
|
1995-07-26 00:13:55 +00:00
|
|
|
int tval;
|
|
|
|
} toktab[]= {
|
1999-04-28 21:56:46 +00:00
|
|
|
{ TOK_DEFAULT_IDX, DEFAULT },
|
|
|
|
{ TOK_LOGIN_IDX, LOGIN },
|
|
|
|
{ TOK_PASSWORD_IDX, PASSWD },
|
|
|
|
{ TOK_PASSWD_IDX, PASSWD },
|
|
|
|
{ TOK_ACCOUNT_IDX, ACCOUNT },
|
|
|
|
{ TOK_MACHINE_IDX, MACHINE },
|
|
|
|
{ TOK_MACDEF_IDX, MACDEF }
|
1995-07-26 00:13:55 +00:00
|
|
|
};
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
int
|
2015-10-20 11:52:27 +00:00
|
|
|
ruserpass (const char *host, const char **aname, const char **apass)
|
1995-07-26 00:13:55 +00:00
|
|
|
{
|
1996-08-16 01:33:20 +00:00
|
|
|
char *hdir, *buf, *tmp;
|
1995-07-26 00:13:55 +00:00
|
|
|
char myname[1024], *mydomain;
|
2000-05-29 18:04:55 +00:00
|
|
|
int t, usedefault = 0;
|
2000-09-01 02:26:05 +00:00
|
|
|
struct stat64 stb;
|
1995-07-26 00:13:55 +00:00
|
|
|
|
2012-07-25 17:46:22 +00:00
|
|
|
hdir = __libc_secure_getenv("HOME");
|
1996-09-28 03:24:10 +00:00
|
|
|
if (hdir == NULL) {
|
|
|
|
/* If we can't get HOME, fail instead of trying ".",
|
|
|
|
which is no improvement. This really should call
|
|
|
|
getpwuid(getuid()). */
|
|
|
|
/*hdir = ".";*/
|
2013-06-06 17:36:03 +00:00
|
|
|
return -1;
|
1996-09-28 03:24:10 +00:00
|
|
|
}
|
1996-08-16 01:33:20 +00:00
|
|
|
|
|
|
|
buf = alloca (strlen (hdir) + 8);
|
|
|
|
|
1997-11-06 00:02:46 +00:00
|
|
|
__stpcpy (__stpcpy (buf, hdir), "/.netrc");
|
2011-11-15 09:24:42 +00:00
|
|
|
cfile = fopen(buf, "rce");
|
1995-07-26 00:13:55 +00:00
|
|
|
if (cfile == NULL) {
|
1996-08-16 01:33:20 +00:00
|
|
|
if (errno != ENOENT)
|
|
|
|
warn("%s", buf);
|
1995-07-26 00:13:55 +00:00
|
|
|
return (0);
|
|
|
|
}
|
2001-07-17 08:32:35 +00:00
|
|
|
/* No threads use this stream. */
|
|
|
|
__fsetlocking (cfile, FSETLOCKING_BYCALLER);
|
1998-07-16 11:44:36 +00:00
|
|
|
if (__gethostname(myname, sizeof(myname)) < 0)
|
1995-07-26 00:13:55 +00:00
|
|
|
myname[0] = '\0';
|
1999-04-28 21:56:46 +00:00
|
|
|
mydomain = __strchrnul(myname, '.');
|
1995-07-26 00:13:55 +00:00
|
|
|
next:
|
|
|
|
while ((t = token())) switch(t) {
|
|
|
|
|
|
|
|
case DEFAULT:
|
|
|
|
usedefault = 1;
|
|
|
|
/* FALL THROUGH */
|
|
|
|
|
|
|
|
case MACHINE:
|
|
|
|
if (!usedefault) {
|
|
|
|
if (token() != ID)
|
|
|
|
continue;
|
|
|
|
/*
|
|
|
|
* Allow match either for user's input host name
|
1996-08-16 01:33:20 +00:00
|
|
|
* or official hostname. Also allow match of
|
1995-07-26 00:13:55 +00:00
|
|
|
* incompletely-specified host in local domain.
|
|
|
|
*/
|
1998-07-16 11:44:36 +00:00
|
|
|
if (__strcasecmp(host, tokval) == 0)
|
1995-07-26 00:13:55 +00:00
|
|
|
goto match;
|
1998-07-16 11:44:36 +00:00
|
|
|
/* if (__strcasecmp(hostname, tokval) == 0)
|
1996-08-16 01:33:20 +00:00
|
|
|
goto match;
|
1995-07-26 00:13:55 +00:00
|
|
|
if ((tmp = strchr(hostname, '.')) != NULL &&
|
1998-07-16 11:44:36 +00:00
|
|
|
__strcasecmp(tmp, mydomain) == 0 &&
|
|
|
|
__strncasecmp(hostname, tokval, tmp-hostname) == 0 &&
|
1995-07-26 00:13:55 +00:00
|
|
|
tokval[tmp - hostname] == '\0')
|
|
|
|
goto match; */
|
|
|
|
if ((tmp = strchr(host, '.')) != NULL &&
|
1998-07-16 11:44:36 +00:00
|
|
|
__strcasecmp(tmp, mydomain) == 0 &&
|
|
|
|
__strncasecmp(host, tokval, tmp - host) == 0 &&
|
1995-07-26 00:13:55 +00:00
|
|
|
tokval[tmp - host] == '\0')
|
|
|
|
goto match;
|
|
|
|
continue;
|
|
|
|
}
|
|
|
|
match:
|
|
|
|
while ((t = token()) && t != MACHINE && t != DEFAULT) switch(t) {
|
|
|
|
|
|
|
|
case LOGIN:
|
2000-05-29 18:04:55 +00:00
|
|
|
if (token()) {
|
1996-08-16 01:33:20 +00:00
|
|
|
if (*aname == 0) {
|
2000-05-29 18:04:55 +00:00
|
|
|
char *newp;
|
|
|
|
newp = malloc((unsigned) strlen(tokval) + 1);
|
|
|
|
if (newp == NULL)
|
|
|
|
{
|
|
|
|
warnx(_("out of memory"));
|
|
|
|
goto bad;
|
|
|
|
}
|
|
|
|
*aname = strcpy(newp, tokval);
|
1995-07-26 00:13:55 +00:00
|
|
|
} else {
|
|
|
|
if (strcmp(*aname, tokval))
|
|
|
|
goto next;
|
|
|
|
}
|
2000-05-29 18:04:55 +00:00
|
|
|
}
|
1995-07-26 00:13:55 +00:00
|
|
|
break;
|
|
|
|
case PASSWD:
|
|
|
|
if (strcmp(*aname, "anonymous") &&
|
2020-07-15 19:35:58 +00:00
|
|
|
__fstat64(fileno(cfile), &stb) >= 0 &&
|
1995-07-26 00:13:55 +00:00
|
|
|
(stb.st_mode & 077) != 0) {
|
1996-08-16 01:33:20 +00:00
|
|
|
warnx(_("Error: .netrc file is readable by others."));
|
manual: Revise crypt.texi.
This is a major rewrite of the description of 'crypt', 'getentropy',
and 'getrandom'.
A few highlights of the content changes:
- Throughout the manual, public headers, and user-visible messages,
I replaced the term "password" with "passphrase", the term
"password database" with "user database", and the term
"encrypt(ion)" with "(one-way) hashing" whenever it was applied to
passphrases. I didn't bother making this change in internal code
or tests. The use of the term "password" in ruserpass.c survives,
because that refers to a keyword in netrc files, but it is adjusted
to make this clearer.
There is a note in crypt.texi explaining that they were
traditionally called passwords but single words are not good enough
anymore, and a note in users.texi explaining that actual passphrase
hashes are found in a "shadow" database nowadays.
- There is a new short introduction to the "Cryptographic Functions"
section, explaining how we do not intend to be a general-purpose
cryptography library, and cautioning that there _are_, or have
been, legal restrictions on the use of cryptography in many
countries, without getting into any kind of detail that we can't
promise to keep up to date.
- I added more detail about what a "one-way function" is, and why
they are used to obscure passphrases for storage. I removed the
paragraph saying that systems not connected to a network need no
user authentication, because that's a pretty rare situation
nowadays. (It still says "sometimes it is necessary" to
authenticate the user, though.)
- I added documentation for all of the hash functions that glibc
actually supports, but not for the additional hash functions
supported by libxcrypt. If we're going to keep this manual section
around after the transition is more advanced, it would probably
make sense to add them then.
- There is much more detailed discussion of how to generate a salt,
and the failure behavior for crypt is documented. (Returning an
invalid hash on failure is what libxcrypt does; Solar Designer's
notes say that this was done "for compatibility with old programs
that assume crypt can never fail".)
- As far as I can tell, the header 'crypt.h' is entirely a GNU
invention, and never existed on any other Unix lineage. The
function 'crypt', however, was in Issue 1 of the SVID and is now
in the XSI component of POSIX. I tried to make all of the
@standards annotations consistent with this, but I'm not sure I got
them perfectly right.
- The genpass.c example has been improved to use getentropy instead
of the current time to generate the salt, and to use a SHA-256 hash
instead of MD5. It uses more random bytes than is strictly
necessary because I didn't want to complicate the code with proper
base64 encoding.
- The testpass.c example has three hardwired hashes now, to
demonstrate that different one-way functions produce different
hashes for the same input. It also demonstrates how DES hashing
only pays attention to the first eight characters of the input.
- There is new text explaining in more detail how a CSPRNG differs
from a regular random number generator, and how
getentropy/getrandom are not exactly a CSPRNG. I tried not to make
specific falsifiable claims here. I also tried to make the
blocking/cancellation/error behavior of both getentropy and
getrandom clearer.
2018-06-29 14:53:37 +00:00
|
|
|
warnx(_("Remove 'password' line or make file unreadable by others."));
|
1995-07-26 00:13:55 +00:00
|
|
|
goto bad;
|
|
|
|
}
|
|
|
|
if (token() && *apass == 0) {
|
2000-05-29 18:04:55 +00:00
|
|
|
char *newp;
|
|
|
|
newp = malloc((unsigned) strlen(tokval) + 1);
|
|
|
|
if (newp == NULL)
|
|
|
|
{
|
|
|
|
warnx(_("out of memory"));
|
|
|
|
goto bad;
|
|
|
|
}
|
|
|
|
*apass = strcpy(newp, tokval);
|
1995-07-26 00:13:55 +00:00
|
|
|
}
|
|
|
|
break;
|
|
|
|
case ACCOUNT:
|
|
|
|
break;
|
|
|
|
case MACDEF:
|
|
|
|
break;
|
|
|
|
default:
|
1996-08-16 01:33:20 +00:00
|
|
|
warnx(_("Unknown .netrc keyword %s"), tokval);
|
1995-07-26 00:13:55 +00:00
|
|
|
break;
|
|
|
|
}
|
|
|
|
goto done;
|
|
|
|
}
|
|
|
|
done:
|
|
|
|
(void) fclose(cfile);
|
|
|
|
return (0);
|
|
|
|
bad:
|
|
|
|
(void) fclose(cfile);
|
|
|
|
return (-1);
|
|
|
|
}
|
* include/stdlib.h: Use libc_hidden_proto for wctomb.
* stdlib/wctomb.c: Add libc_hidden_def.
* include/netdb.h: Use libc_hidden_proto for innetgr, rcmd_af,
rexec_af, rresvport_af, ruserok_af, iruserok_af, ruserpass, hstrerror.
* resolv/herror.c: Likewise.
* inet/rcmd.c: Add libc_hidden_def.
* inet/ruserpass.c: Likewise.
* inet/getnetgrent_r.c: Likewise.
* include/rpc/auth.h: Use libc_hidden_proto for getnetname,
netname2user, host2netname, user2netname.
* sunrpc/netname.c: Add libc_hidden_def.
* include/rpc/svc.h: Use libc_hidden_proto for svc_register,
svc_unregister, remove *_internal decls. Use libc_hidden_proto
for svcerr_auth, svcerr_noprog, svcerr_progvers.
* sunrpc/svc.c (svc_register, svc_unregister): Change INTDEF to
libc_hidden_def.
(svcerr_auth, svcerr_noprog, svcerr_progvers): Add libc_hidden_def.
* sunrpc/svc_simple.c (registerrpc): Nix INTUSE for svc_register.
2002-08-06 05:10:45 +00:00
|
|
|
libc_hidden_def (ruserpass)
|
1995-07-26 00:13:55 +00:00
|
|
|
|
|
|
|
static int
|
2013-06-08 00:22:23 +00:00
|
|
|
token (void)
|
1995-07-26 00:13:55 +00:00
|
|
|
{
|
|
|
|
char *cp;
|
|
|
|
int c;
|
1999-04-28 21:56:46 +00:00
|
|
|
int i;
|
1995-07-26 00:13:55 +00:00
|
|
|
|
1998-07-05 11:57:59 +00:00
|
|
|
if (feof_unlocked(cfile) || ferror_unlocked(cfile))
|
1995-07-26 00:13:55 +00:00
|
|
|
return (0);
|
1998-07-05 08:24:43 +00:00
|
|
|
while ((c = getc_unlocked(cfile)) != EOF &&
|
1995-07-26 00:13:55 +00:00
|
|
|
(c == '\n' || c == '\t' || c == ' ' || c == ','))
|
|
|
|
continue;
|
|
|
|
if (c == EOF)
|
|
|
|
return (0);
|
|
|
|
cp = tokval;
|
|
|
|
if (c == '"') {
|
1998-07-05 08:24:43 +00:00
|
|
|
while ((c = getc_unlocked(cfile)) != EOF && c != '"') {
|
1995-07-26 00:13:55 +00:00
|
|
|
if (c == '\\')
|
1998-07-05 08:24:43 +00:00
|
|
|
c = getc_unlocked(cfile);
|
1995-07-26 00:13:55 +00:00
|
|
|
*cp++ = c;
|
|
|
|
}
|
|
|
|
} else {
|
|
|
|
*cp++ = c;
|
1998-07-05 08:24:43 +00:00
|
|
|
while ((c = getc_unlocked(cfile)) != EOF
|
1995-07-26 00:13:55 +00:00
|
|
|
&& c != '\n' && c != '\t' && c != ' ' && c != ',') {
|
|
|
|
if (c == '\\')
|
1998-07-05 08:24:43 +00:00
|
|
|
c = getc_unlocked(cfile);
|
1995-07-26 00:13:55 +00:00
|
|
|
*cp++ = c;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
*cp = 0;
|
|
|
|
if (tokval[0] == 0)
|
|
|
|
return (0);
|
Update.
2000-11-26 Ulrich Drepper <drepper@redhat.com>
* inet/getnameinfo.c: Adjust casts to avoid warnings.
* inet/rcmd.c: Likewise.
* inet/ruserpass.c: Likewise.
* inet/netinet/in.h (IN6_IS_ADDR_UNSPECIFIED, IN6_IS_ADDR_LOOPBACK,
IN6_IS_ADDR_MULTICAST, IN6_IS_ADDR_LINKLOCAL, IN6_IS_ADDR_SITELOCAL,
IN6_IS_ADDR_V4MAPPED, IN6_IS_ADDR_V4COMPAT, IN6_ARE_ADDR_EQUAL,
IN6_IS_ADDR_MC_NODELOCAL, IN6_IS_ADDR_MC_LINKLOCAL,
IN6_IS_ADDR_MC_SITELOCAL, IN6_IS_ADDR_MC_ORGLOCAL,
IN6_IS_ADDR_MC_GLOBAL): Preserve const in cast.
* include/aliases.h: Add prototypes for internal __getalias* functions.
* include/netdb.h: Add prototypes for __old_gethostent_r,
__old_gethostbyaddr_r, __old_gethostbyname_r, __old_gethostbyname2_r,
__old_getnetent_r, __old_getnetbyaddr_r, __old_getnetbyname_r,
__old_getservent_r, __old_getservbyname_r, __old_getservbyport_r,
__old_getprotoent_r, __old_getprotobyname_r, __old_getprotobynumber_r.
* include/rpc/netdb.h: Add prototypes for __old_getrpcbyname_r,
__old_getrpcbynumber_r, __old_getrpcent_r.
* include/rpc/netdb.h: Add __getrpcbyname_r, __getrpcbynumber_r,
__getrpcent_r prototypes.
2000-11-26 09:44:30 +00:00
|
|
|
for (i = 0; i < (int) (sizeof (toktab) / sizeof (toktab[0])); ++i)
|
1999-04-28 21:56:46 +00:00
|
|
|
if (!strcmp(&tokstr[toktab[i].tokstr_off], tokval))
|
|
|
|
return toktab[i].tval;
|
1995-07-26 00:13:55 +00:00
|
|
|
return (ID);
|
|
|
|
}
|