authutils.c File Reference

Authentication mechanism(s). More...

#include "authutils.h"
#include <gcrypt.h>
#include <string.h>

Include dependency graph for authutils.c:

This graph shows which files directly or indirectly include this file:

Go to the source code of this file.

Macros
#define	G_LOG_DOMAIN   "libgvm util"
	GLib logging domain.

Functions
int	gvm_auth_ldap_enabled (void)
	Return whether libraries has been compiled with LDAP support.
int	gvm_auth_radius_enabled (void)
	Return whether libraries has been compiled with RADIUS support.
const gchar *	auth_method_name (auth_method_t method)
	Return name of auth_method_t.
int	gvm_auth_init (void)
	Initializes Gcrypt.
gchar *	digest_hex (int gcrypt_algorithm, const guchar *digest)
	Generate a hexadecimal representation of a message digest.
gchar *	get_password_hashes (const gchar *password)
	Generate a pair of md5 hashes to be used in the "auth/hash" file for the user.
gchar *	get_md5_hash_from_string (const gchar *string)
	Calculate the MD5 hash value for a given string.
int	gvm_authenticate_classic (const gchar *username, const gchar *password, const gchar *hash_arg)
	Authenticate a credential pair against user file contents.

Variables
static const gchar *	authentication_methods []
	Array of string representations of the supported authentication methods.
static gboolean	initialized = FALSE
	Flag whether the config file was read.

Detailed Description

Authentication mechanism(s).

Definition in file authutils.c.

Macro Definition Documentation

G_LOG_DOMAIN

#define G_LOG_DOMAIN   "libgvm util"

GLib logging domain.

Definition at line 20 of file authutils.c.

Function Documentation

auth_method_name()

const gchar * auth_method_name

(

auth_method_t

method

)

Return name of auth_method_t.

Keep in sync with authentication_methods and authentication_method .

Parameters

method

Auth method.

Returns

Name of auth method.

Definition at line 76 of file authutils.c.

{
  if (method >= AUTHENTICATION_METHOD_LAST)
    return "ERROR";
  return authentication_methods[method];
}

References AUTHENTICATION_METHOD_LAST, and authentication_methods.

digest_hex()

gchar * digest_hex	(	int	gcrypt_algorithm,
		const guchar *	digest
	)

Generate a hexadecimal representation of a message digest.

Parameters

gcrypt_algorithm	The libgcrypt message digest algorithm used to create the digest (e.g. GCRY_MD_MD5; see the enum gcry_md_algos in gcrypt.h).
digest	The binary representation of the digest.

Returns

A pointer to the hexadecimal representation of the message digest or NULL if an unavailable message digest algorithm was selected.

Definition at line 154 of file authutils.c.

{
  unsigned int i;
  gchar *hex;
 
  gcry_error_t err = gcry_md_test_algo (gcrypt_algorithm);
  if (err != 0)
    {
      g_warning ("Could not select gcrypt algorithm: %s", gcry_strerror (err));
      return NULL;
    }
 
  hex = g_malloc0 (gcry_md_get_algo_dlen (gcrypt_algorithm) * 2 + 1);
  for (i = 0; i < gcry_md_get_algo_dlen (gcrypt_algorithm); i++)
    {
      g_snprintf (hex + i * 2, 3, "%02x", digest[i]);
    }
 
  return hex;
}

Referenced by get_md5_hash_from_string(), get_password_hashes(), and gvm_authenticate_classic().

Here is the caller graph for this function:

get_md5_hash_from_string()

gchar * get_md5_hash_from_string

(

const gchar *

string

)

Calculate the MD5 hash value for a given string.

Parameters

string

The String to be hashed

Returns

A pointer to a gchar containing the hash value as a hexadecimal string, has to be freed by the caller.

Definition at line 228 of file authutils.c.

{
  g_assert (string);
 
  gchar *hash_hex = NULL;
  guchar *hash = g_malloc0 (gcry_md_get_algo_dlen (GCRY_MD_MD5));
 
  gcry_md_hash_buffer (GCRY_MD_MD5, hash, string, strlen (string));
  hash_hex = digest_hex (GCRY_MD_MD5, hash);
 
  g_free (hash);
 
  return hash_hex;
}

References digest_hex().

Here is the call graph for this function:

get_password_hashes()

gchar * get_password_hashes

(

const gchar *

password

)

Generate a pair of md5 hashes to be used in the "auth/hash" file for the user.

The "auth/hash" file consist of two hashes, h_1 and h_2. h_2 (the "seed") is the message digest of (currently) 256 bytes of random data. h_1 is the message digest of h_2 concatenated with the password in plaintext.

Parameters

password

The password in plaintext.

Returns

A pointer to a gchar containing the two hashes separated by a space or NULL if an unavailable message digest algorithm was selected.

Definition at line 189 of file authutils.c.

{
  g_assert (password);
 
  unsigned char *nonce_buffer[256];
  guchar *seed = g_malloc0 (gcry_md_get_algo_dlen (GCRY_MD_MD5));
  gchar *seed_hex = NULL;
  gchar *seed_pass = NULL;
  guchar *hash = g_malloc0 (gcry_md_get_algo_dlen (GCRY_MD_MD5));
  gchar *hash_hex = NULL;
  gchar *hashes_out = NULL;
 
  gcry_create_nonce (nonce_buffer, 256);
  gcry_md_hash_buffer (GCRY_MD_MD5, seed, nonce_buffer, 256);
  seed_hex = digest_hex (GCRY_MD_MD5, seed);
  seed_pass = g_strconcat (seed_hex, password, NULL);
  gcry_md_hash_buffer (GCRY_MD_MD5, hash, seed_pass, strlen (seed_pass));
  hash_hex = digest_hex (GCRY_MD_MD5, hash);
 
  hashes_out = g_strjoin (" ", hash_hex, seed_hex, NULL);
 
  g_free (seed);
  g_free (seed_hex);
  g_free (seed_pass);
  g_free (hash);
  g_free (hash_hex);
 
  return hashes_out;
}

References digest_hex().

Referenced by Ensure().

Here is the call graph for this function:

Here is the caller graph for this function:

gvm_auth_init()

int gvm_auth_init

(

void

)

Initializes Gcrypt.

Returns

0 success, -1 error.

Definition at line 89 of file authutils.c.

{
  if (initialized == TRUE)
    {
      g_warning ("gvm_auth_init called a second time.");
      return -1;
    }
 
  /* Init Libgcrypt. */
 
  /* Check if libgcrypt is already initialized */
  if (gcry_control (GCRYCTL_ANY_INITIALIZATION_P))
    {
      initialized = TRUE;
      return 0;
    }
 
  /* Version check should be the very first call because it makes sure that
   * important subsystems are initialized.
   * We pass NULL to gcry_check_version to disable the internal version mismatch
   * test. */
  if (!gcry_check_version (NULL))
    {
      g_critical ("%s: libgcrypt version check failed\n", __func__);
      return -1;
    }
 
  /* We don't want to see any warnings, e.g. because we have not yet parsed
   * program options which might be used to suppress such warnings. */
  gcry_control (GCRYCTL_SUSPEND_SECMEM_WARN);
 
  /* ... If required, other initialization goes here.  Note that the process
   * might still be running with increased privileges and that the secure
   * memory has not been initialized. */
 
  /* Allocate a pool of 16k secure memory.  This make the secure memory
   * available and also drops privileges where needed. */
  gcry_control (GCRYCTL_INIT_SECMEM, 16384, 0);
 
  /* It is now okay to let Libgcrypt complain when there was/is a problem with
   * the secure memory. */
  gcry_control (GCRYCTL_RESUME_SECMEM_WARN);
 
  /* ... If required, other initialization goes here. */
 
  /* Tell Libgcrypt that initialization has completed. */
  gcry_control (GCRYCTL_INITIALIZATION_FINISHED, 0);
 
  initialized = TRUE;
 
  return 0;
}

References initialized.

Referenced by Ensure(), and pba_verify_hash().

Here is the caller graph for this function:

gvm_auth_ldap_enabled()

int gvm_auth_ldap_enabled

(

void

)

Return whether libraries has been compiled with LDAP support.

Returns

1 if enabled, else 0.

Definition at line 41 of file authutils.c.

{
#ifdef ENABLE_LDAP_AUTH
  return 1;
#else
  return 0;
#endif /* ENABLE_LDAP_AUTH */
}

gvm_auth_radius_enabled()

int gvm_auth_radius_enabled

(

void

)

Return whether libraries has been compiled with RADIUS support.

Returns

1 if enabled, else 0.

Definition at line 56 of file authutils.c.

{
#ifdef ENABLE_RADIUS_AUTH
  return 1;
#else
  return 0;
#endif /* ENABLE_RADIUS_AUTH */
}

gvm_authenticate_classic()

int gvm_authenticate_classic	(	const gchar *	username,
		const gchar *	password,
		const gchar *	hash_arg
	)

Authenticate a credential pair against user file contents.

Parameters

username	Username.
password	Password.
hash_arg	Hash.

Returns

0 authentication success, 1 authentication failure, -1 error.

Definition at line 253 of file authutils.c.

{
  int gcrypt_algorithm = GCRY_MD_MD5; // FIX whatever configure used
  int ret;
  gchar *actual, *expect, *seed_pass;
  guchar *hash;
  gchar *hash_hex, **seed_hex, **split;
 
  (void) username;
  if (hash_arg == NULL)
    return 1;
  actual = g_strdup (hash_arg);
 
  split = g_strsplit_set (g_strchomp (actual), " ", 2);
  seed_hex = split + 1;
  if (*split == NULL || *seed_hex == NULL)
    {
      g_warning ("Failed to split auth contents.");
      g_strfreev (split);
      g_free (actual);
      return -1;
    }
 
  seed_pass = g_strconcat (*seed_hex, password, NULL);
  hash = g_malloc0 (gcry_md_get_algo_dlen (gcrypt_algorithm));
  gcry_md_hash_buffer (GCRY_MD_MD5, hash, seed_pass, strlen (seed_pass));
  hash_hex = digest_hex (GCRY_MD_MD5, hash);
 
  expect = g_strjoin (" ", hash_hex, *seed_hex, NULL);
 
  g_strfreev (split);
  g_free (seed_pass);
  g_free (hash);
  g_free (hash_hex);
 
  ret = strcmp (expect, actual) ? 1 : 0;
  g_free (expect);
  g_free (actual);
  return ret;
}

References digest_hex().

Referenced by pba_verify_hash().

Here is the call graph for this function:

Here is the caller graph for this function:

Variable Documentation

authentication_methods

const gchar* authentication_methods[]

static

Initial value:

= {"file", "ldap_connect",
                                                "radius_connect", NULL}

Array of string representations of the supported authentication methods.

Warning

Beware to have it in sync with authentication_method.

Definition at line 27 of file authutils.c.

Referenced by auth_method_name().

initialized

gboolean initialized = FALSE

static

Flag whether the config file was read.

Definition at line 33 of file authutils.c.

Referenced by gvm_auth_init(), gvm_init_gpgme_ctx_from_dir(), and pba_verify_hash().