poppassd-1.8.5/0000711000175700003100000000000010153623231013744 5ustar kravietzaba00000000000000poppassd-1.8.5/Makefile0000600000175700003100000000037510153623121015407 0ustar kravietzaba00000000000000BINDIR = /usr/sbin CFLAGS = -O2 CC=gcc poppassd: poppassd.c Makefile $(CC) $(CFLAGS) poppassd.c -o poppassd -lpam -ldl install: poppassd install -g bin -o root -m 500 poppassd $(BINDIR) clean: rm -f *.o *~* core Makefile.new Makefile.bak poppassd poppassd-1.8.5/poppassd.c0000600000175700003100000001546210153623137015756 0ustar kravietzaba00000000000000/* * poppassd.c * * A Eudora and NUPOP change password server. * * Pawel Krawczyk * * Based on poppassd by John Norstad , * Roy Smith and Daniel L. Leavitt . * Shadow file update code taken from shadow-960810 by John F. Haugh * II and Marek Michalkiewicz * * * See README for more information. */ /* Steve Dorner's description of the simple protocol: * * The server's responses should be like an FTP server's responses; * 1xx for in progress, 2xx for success, 3xx for more information * needed, 4xx for temporary failure, and 5xx for permanent failure. * Putting it all together, here's a sample conversation: * * S: 200 hello\r\n * E: user yourloginname\r\n * S: 300 please send your password now\r\n * E: pass yourcurrentpassword\r\n * S: 200 My, that was tasty\r\n * E: newpass yournewpassword\r\n * S: 200 Happy to oblige\r\n * E: quit\r\n * S: 200 Bye-bye\r\n * S: * E: */ #define VERSION "1.8.5" #define BAD_PASS_DELAY 3 /* delay in seconds after bad 'Old password' */ #define POP_MIN_UID 100 /* minimum UID which is allowed to change password via poppassd */ /* These need to be quoted because they are only used as * parts of format strings for sscanf; actual lengths are smaller * by 5 because the buffer needs to fit "user " and "pass " strings * as well */ #define MAX_LEN_USERNAME "64" /* maximum length of username buffer */ #define MAX_LEN_PASS "128" /* maximum length of password buffer */ #define SUCCESS 1 #define FAILURE 0 #define BUFSIZE 1000 #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #if !__GLIBC__ >= 2 #include #endif #include #include #define LOCK_TRIES 30 #ifndef UL_SETFSIZE #ifdef UL_SFILLIM #define UL_SETFSIZE UL_SFILLIM #else #define UL_SETFSIZE 2 #endif #endif /* need to be global for poppassd_conv */ char oldpass[BUFSIZE]; char newpass[BUFSIZE]; #define POP_OLDPASS 0 #define POP_NEWPASS 1 #define POP_SKIPASS 2 short int pop_state = POP_OLDPASS; void WriteToClient (char *fmt, ...) { va_list ap; va_start (ap, fmt); vfprintf (stdout, fmt, ap); fputs ("\r\n", stdout ); fflush (stdout); va_end (ap); } void ReadFromClient (char *line) { char *sp; int i; bzero(line, BUFSIZE); fgets (line, BUFSIZE-1, stdin); if ((sp = strchr(line, '\n')) != NULL) *sp = '\0'; if ((sp = strchr(line, '\r')) != NULL) *sp = '\0'; /* convert initial keyword on line to lower case. */ for (sp = line; isalpha(*sp); sp++) *sp = tolower(*sp); line[BUFSIZE-1] = '\0'; } int poppassd_conv(num_msg, msg, resp, appdata_ptr) int num_msg; const struct pam_message **msg; struct pam_response **resp; void *appdata_ptr; { int i; struct pam_response *r = malloc(sizeof(struct pam_response) * num_msg); if(num_msg <= 0) return(PAM_CONV_ERR); if(r == NULL) return(PAM_CONV_ERR); for(i=0; imsg_style == PAM_ERROR_MSG) { WriteToClient ("500 PAM error: %s", msg[i]->msg); syslog(LOG_ERR, "PAM error: %s", msg[i]->msg); /* * If there is an error, we don't want to be sending in * anything more, so set pop_state to invalid */ pop_state = POP_SKIPASS; } r[i].resp_retcode = 0; if(msg[i]->msg_style == PAM_PROMPT_ECHO_OFF || msg[i]->msg_style == PAM_PROMPT_ECHO_ON) { switch(pop_state) { case POP_OLDPASS: r[i].resp = strdup(oldpass); break; case POP_NEWPASS: r[i].resp = strdup(newpass); break; case POP_SKIPASS: r[i].resp = NULL; break; default: syslog(LOG_ERR, "PAM error: too many switches (state=%d)", pop_state); } } else { r[i].resp = strdup(""); } } *resp = r; return PAM_SUCCESS; } const struct pam_conv pam_conv = { poppassd_conv, NULL }; int main (int argc, char *argv[]) { char line[BUFSIZE]; char user[BUFSIZE]; char emess[BUFSIZE]; char *slavedev; struct passwd *pw, *getpwnam(); struct spwd *sp; int c, master; pid_t pid, wpid; int wstat; int ret; pam_handle_t *pamh=NULL; char *item=oldpass; *user = *oldpass = *newpass = 0; openlog("poppassd", LOG_PID, LOG_LOCAL4); WriteToClient ("200 poppassd v%s hello, who are you?", VERSION); ReadFromClient (line); if( strlen(line) > atoi(MAX_LEN_USERNAME) ) { WriteToClient ("500 Username too long (max %d).", atoi(MAX_LEN_USERNAME)); exit(1); } sscanf (line, "user %" MAX_LEN_USERNAME "s", user) ; if (strlen (user) == 0 ) { WriteToClient ("500 Username required."); exit(1); } if(pam_start("poppassd", user, &pam_conv, &pamh) != PAM_SUCCESS) { WriteToClient("500 Invalid username."); exit(1); } WriteToClient ("200 Your password please."); ReadFromClient (line); if( strlen(line) > atoi(MAX_LEN_PASS) ) { WriteToClient("500 Password length exceeded (max %d).", atoi(MAX_LEN_PASS) ); exit(1); } sscanf (line, "pass %" MAX_LEN_PASS "c", oldpass); if(strlen(oldpass) == 0) { WriteToClient("500 Password required."); exit(1); } if(pam_authenticate(pamh, 0) != PAM_SUCCESS) { WriteToClient ("500 Old password is incorrect."); syslog(LOG_ERR, "old password is incorrect for user %s", user); /* pause to make brute force attacks harder */ sleep(BAD_PASS_DELAY); exit(1); } pw=getpwnam(user); if(pw->pw_uid. It is IMHO more secure and less complicated than using SUID CGI scripts or CGI wrappers to /bin/passwd. User fills a WWW form which is then processed by PopPass program. PopPass checks if the data seems to be correct (passwords are same and long enough), connects to the poppassd daemon which performs the real password change. For better security it is recommended to configure PopPass to connect to poppassd on localhost and block access to the port 106 from other machines. This is described below. By default poppassd allows alphanumeric (no spaces allowed) usernames up to 59 characters and alphanumeric (spaces allowed) passwords up to 123 characters as well. This can be changed in source code. INSTALLATION: You need PAM libraries and header files to compile poppassd, on most Linux distributions they are provided in packages named pam-devel, libpam-dev or similiar. 1. Edit Makefile if necessary and type 'make'. 2. Install in /usr/sbin, owned by root and executable only by root. 3. If you're using inetd, add to /etc/inetd.conf: poppassd stream tcp nowait root /usr/sbin/tcpd poppassd If you're using xinetd, add a file /etc/xinet.d/poppassd: service poppassd { disable = no socket_type = stream wait = no user = root server = /usr/sbin/poppassd log_on_success += HOST DURATION log_on_failure += HOST } 4. Add do /etc/services: poppassd 106/tcp 5. Configure tcpd to refuse connection to poppassd from all hosts but localhost. I have tcpd compiled with -DOPTIONS and my /etc/hosts.deny entry looks like: poppassd: nobody@localhost: allow poppassd: ALL: deny 6. Add a file /etc/pam.d/poppassd: #%PAM-1.0 auth required /lib/security/pam_pwdb.so shadow nullok account required /lib/security/pam_pwdb.so password required /lib/security/pam_cracklib.so retry=3 password required /lib/security/pam_pwdb.so use_authtok nullok You may need to change 'nobody' to the user your httpd is running as. To use the user@ form you also need to have identd running on your system. If you haven't, simply use "localhost: allow" rule. It's also worth considering to block all incoming TCP packets to port 106 on your router, if you're only using poppassd to change passwords from web. 6. Add to /etc/syslog.conf: local4.err /var/log/poppassd 7. Install a poppassd client in your web server (some are available in ftp://ftp.ceti.pl/pub/linux/) CREDITS Based on poppassd by John Norstad , Roy Smith and Daniel L. Leavitt . Shadow file update code taken from shadow-960810 by John F. Haugh II and Marek Michalkiewicz This version was modified to work directly on Linux shadow files. It includes a few additions like delay after incorrect password. Version 1.5 fixes bug which caused usernames containing characters like underscore '_' to be ignored. I've also added new compilation flag -DALLOW_NULL_PASSWORDS, which makes exactly what it means ;) I've needed it for automated accounts creation. Don't use it if unless you really need it - this can be a security hole.I Version 1.7 uses PAM. Thanks to Mikolaj Rydzewski for giving me a clue how to use PAM conversion function in his wwwpasswd. Version 1.8 fixes minor bugs. Version 1.8.1 has only cosmetical changes, like updated documentation. Version 1.8.2 has some cleanups in maximum username and password length checking and more verbose logging. It also supports passwords with space inside thanks to suggestion from Adam Conrad. Version 1.8.3 has changed the default PAM service name from "passwd" to "poppassd" (Radoslaw Antoniuk) and some more cleanups on password and username length (Mihail Vidiassov). Also added configuration hints from Brian Kircher. Version 1.8.4 Steven Danz fixes one bug where PAM errors (like cracklib complaints) were actually not preventing the user from changing the password. Now, if cracklib reports a weak password, it won't be accepted. To return to the previous default behaviour, remove cracklib from poppassd PAM configuration. Version 1.8.5 small fixes to compile under gcc-3.3 (varargs vs stdarg), reported by many people. -- Pawel Krawczyk http://echelon.pl/kravietz/ poppassd-1.8.5/COPYING0000644000175700003100000000330607447634731015034 0ustar kravietzaba00000000000000Redistribution and use in source and binary forms of poppassd, with or without modification, are permitted provided that the following conditions are met: 1. Redistributions of source code must retain any existing copyright notice, and this entire permission notice in its entirety, including the disclaimer of warranties. 2. Redistributions in binary form must reproduce all prior and current copyright notices, this list of conditions, and the following disclaimer in the documentation and/or other materials provided with the distribution. 3. The name of any author may not be used to endorse or promote products derived from this software without their specific prior written permission. ALTERNATIVELY, this product may be distributed under the terms of the GNU General Public License, in which case the provisions of the GNU GPL are required INSTEAD OF the above restrictions. (This clause is necessary due to a potential conflict between the GNU GPL and the restrictions contained in a BSD-style copyright.) THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR(S) BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.