[security] Shadow Passwords, whoami, and more

This update includes support for shadow passwords, stored in
/etc/master.passwd, as well as support for an /etc/passwd file
containing user/uid/full name/shell associations, which are used by the
shell to get your username for display purposes, as well as by whoami
for the same reason. The login tool does not yet select the right shell
though this is planned.

* root's password is `toor` (a throwback to older times)
* local's password is `local` (because it's obvious)

README.md

@@ -267,3 +267,32 @@ ToAruOS contains additional software with the following copyright notices:
         Software without prior written authorization from the Gnome Foundation
         or Bitstream Inc., respectively. For further information, contact:
         fonts at gnome dot org.
+
+* The include SHA512 support library (userspace/lib/sha2.{c,h}) is provided under the BSD license as follows:
+
+        Copyright (c) 2000-2001, Aaron D. Gifford
+        All rights reserved.
+
+        Redistribution and use in source and binary forms, with or without
+        modification, are permitted provided that the following conditions
+        are met:
+        1. Redistributions of source code must retain the above copyright
+           notice, this list of conditions and the following disclaimer.
+        2. Redistributions in binary form must reproduce the above copyright
+           notice, this list of conditions and the following disclaimer in the
+           documentation and/or other materials provided with the distribution.
+        3. Neither the name of the copyright holder nor the names of contributors
+           may be used to endorse or promote products derived from this software
+           without specific prior written permission.
+
+        THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTOR(S) ``AS IS'' AND
+        ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+        IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+        ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTOR(S) BE LIABLE
+        FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+        DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+        OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+        HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+        LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+        OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+        SUCH DAMAGE.

hdd/etc/master.passwd

@@ -0,0 +1,2 @@
+root:2b64f2e3f9fee1942af9ff60d40aa5a719db33b8ba8dd4864bb4f11e25ca2bee00907de32a59429602336cac832c8f2eeff5177cc14c864dd116c8bf6ca5d9a9:0
+local:6f01a907513e6652020598d38516b788063624b31e9f3afe9c7c0ef4ea5ab4fd4843dd3579292de5aef626d588e678c045cb3ab4d1e49b89237380140907576c:1000

hdd/etc/passwd

@@ -0,0 +1,2 @@
+root:x:0:0:Administrator:/home/root:/bin/esh
+local:x:1000:1000:Local User:/home/local:/bin/esh

userspace/Makefile

@@ -2,7 +2,7 @@ CC = i686-pc-toaru-gcc
 CPP = i686-pc-toaru-g++
 CFLAGS = -march=core2 -std=c99 -O3 -m32 -Wa,--32
 CPPFLAGS = -march=core2 -O3 -m32 -Wa,--32
-EXECUTABLES = $(patsubst %.c,../hdd/bin/%,$(wildcard *.c)) $(patsubst %.cpp,../hdd/bin/%,$(wildcard *.cpp))
+EXECUTABLES = $(patsubst %.c,%.o,$(wildcard lib/*.c)) $(patsubst %.c,../hdd/bin/%,$(wildcard *.c)) $(patsubst %.cpp,../hdd/bin/%,$(wildcard *.cpp))
 
 BEG = ../util/mk-beg
 END = ../util/mk-end
@@ -33,6 +33,11 @@ clean:
 	@${CC} ${CFLAGS} -s -I ../util/toaru-toolchain/i686-pc-toaru/include/freetype2/ -o $@ $< ../util/toaru-toolchain/i686-pc-toaru/lib/libfreetype.a ${ERRORS}
 	@${END} "CC" "$< [freetype]"
 
+../hdd/bin/login: login.c lib/sha2.o
+	@${BEG} "CC" "$< [w/libs]"
+	@${CC} ${CFLAGS} -s -o $@ $< lib/sha2.o ${ERRORS}
+	@${END} "CC" "$< [w/libs]"
+
 ../hdd/bin/%: %.cpp
 	@${BEG} "CPP" "$<"
 	@${CPP} ${CPPFLAGS} -s -o $@ $< ${ERRORS}
@@ -48,3 +53,7 @@ clean:
 	@${CC} ${CFLAGS} -s -o $@ $< ${ERRORS}
 	@${END} "CC" "$<"
 
+%.o: %.c
+	@${BEG} "CC" "$< [lib]"
+	@${CC} ${CFLAGS} -c -s -o $@ $< ${ERRORS}
+	@${END} "CC" "$< [lib]"

userspace/esh.c

@@ -17,12 +17,42 @@ DEFN_SYSCALL1(wait, 17, unsigned int);
 DEFN_SYSCALL2(getcwd, 29, char *, size_t);
 DEFN_SYSCALL1(chdir, 28, char *);
 
+DEFN_SYSCALL0(getuid, 23);
+
+#define LINE_LEN 4096
+
 char cwd[1024] = {'/',0};
 struct timeval {
 	unsigned int tv_sec;
 	unsigned int tv_usec;
 };
 
+char username[1024];
+
+void getusername() {
+	FILE * passwd = fopen("/etc/passwd", "r");
+	char line[LINE_LEN];
+	
+	int uid = syscall_getuid();
+
+	while (fgets(line, LINE_LEN, passwd) != NULL) {
+
+		line[strlen(line)-1] = '\0';
+
+		char *p, *tokens[10], *last;
+		int i = 0;
+		for ((p = strtok_r(line, ":", &last)); p;
+				(p = strtok_r(NULL, ":", &last)), i++) {
+			if (i < 511) tokens[i] = p;
+		}
+		tokens[i] = NULL;
+
+		if (atoi(tokens[2]) == uid) {
+			memcpy(username, tokens[0], strlen(tokens[0]) + 1);
+		}
+	}
+	fclose(passwd);
+}
 
 void draw_prompt(int ret) {
 	struct tm * timeinfo;
@@ -34,7 +64,7 @@ void draw_prompt(int ret) {
 	char time_buffer[80];
 	strftime(time_buffer, 80, "%H:%M:%S", timeinfo);
 	printf("\033[1m[\033[1;33m%s \033[1;32m%s \033[1;31m%s \033[1;34m%s\033[0m ",
-			"test", "esh", date_buffer, time_buffer);
+			username, "esh", date_buffer, time_buffer);
 	if (ret != 0) {
 		printf("\033[1;31m%d ", ret);
 	}
@@ -83,6 +113,8 @@ int main(int argc, char ** argv) {
 	int  free_cmd = 0;
 	int  last_ret = 0;
 
+	getusername();
+
 	FILE * motd = fopen("/etc/motd", "r");
 	if (motd) {
 		size_t s = 0;
@@ -94,6 +126,7 @@ int main(int argc, char ** argv) {
 		fwrite(m, s, 1, stdout);
 		fprintf(stdout, "\n");
 		fflush(stdout);
+		free(m);
 	}
 
 	while (1) {
@@ -129,6 +162,7 @@ int main(int argc, char ** argv) {
 				printf("cd: expected argument\n");
 				last_ret = 1;
 			}
+			free(cmd);
 			continue;
 		}
 		nowait = (!strcmp(tokens[i-1],"&"));

userspace/lib/sha2.h

@@ -0,0 +1,200 @@
+/*
+ * FILE:	sha2.h
+ * AUTHOR:	Aaron D. Gifford - http://www.aarongifford.com/
+ * 
+ * Copyright (c) 2000-2001, Aaron D. Gifford
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. Neither the name of the copyright holder nor the names of contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTOR(S) ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTOR(S) BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * $Id: sha2.h,v 1.1 2001/11/08 00:02:01 adg Exp adg $
+ */
+
+#ifndef __SHA2_H__
+#define __SHA2_H__
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+
+/*
+ * Import u_intXX_t size_t type definitions from system headers.  You
+ * may need to change this, or define these things yourself in this
+ * file.
+ */
+#include <sys/types.h>
+
+#define BYTE_ORDER LITTLE_ENDIAN
+
+#define SHA2_USE_INTTYPES_H
+#ifdef SHA2_USE_INTTYPES_H
+
+#include <inttypes.h>
+
+#endif /* SHA2_USE_INTTYPES_H */
+
+
+/*** SHA-256/384/512 Various Length Definitions ***********************/
+#define SHA256_BLOCK_LENGTH		64
+#define SHA256_DIGEST_LENGTH		32
+#define SHA256_DIGEST_STRING_LENGTH	(SHA256_DIGEST_LENGTH * 2 + 1)
+#define SHA384_BLOCK_LENGTH		128
+#define SHA384_DIGEST_LENGTH		48
+#define SHA384_DIGEST_STRING_LENGTH	(SHA384_DIGEST_LENGTH * 2 + 1)
+#define SHA512_BLOCK_LENGTH		128
+#define SHA512_DIGEST_LENGTH		64
+#define SHA512_DIGEST_STRING_LENGTH	(SHA512_DIGEST_LENGTH * 2 + 1)
+
+
+/*** SHA-256/384/512 Context Structures *******************************/
+/* NOTE: If your architecture does not define either u_intXX_t types or
+ * uintXX_t (from inttypes.h), you may need to define things by hand
+ * for your system:
+ */
+#if 0
+typedef unsigned char u_int8_t;		/* 1-byte  (8-bits)  */
+typedef unsigned int u_int32_t;		/* 4-bytes (32-bits) */
+typedef unsigned long long u_int64_t;	/* 8-bytes (64-bits) */
+#endif
+/*
+ * Most BSD systems already define u_intXX_t types, as does Linux.
+ * Some systems, however, like Compaq's Tru64 Unix instead can use
+ * uintXX_t types defined by very recent ANSI C standards and included
+ * in the file:
+ *
+ *   #include <inttypes.h>
+ *
+ * If you choose to use <inttypes.h> then please define: 
+ *
+ *   #define SHA2_USE_INTTYPES_H
+ *
+ * Or on the command line during compile:
+ *
+ *   cc -DSHA2_USE_INTTYPES_H ...
+ */
+#ifdef SHA2_USE_INTTYPES_H
+
+typedef struct _SHA256_CTX {
+	uint32_t	state[8];
+	uint64_t	bitcount;
+	uint8_t	buffer[SHA256_BLOCK_LENGTH];
+} SHA256_CTX;
+typedef struct _SHA512_CTX {
+	uint64_t	state[8];
+	uint64_t	bitcount[2];
+	uint8_t	buffer[SHA512_BLOCK_LENGTH];
+} SHA512_CTX;
+
+#else /* SHA2_USE_INTTYPES_H */
+
+typedef struct _SHA256_CTX {
+	u_int32_t	state[8];
+	u_int64_t	bitcount;
+	u_int8_t	buffer[SHA256_BLOCK_LENGTH];
+} SHA256_CTX;
+typedef struct _SHA512_CTX {
+	u_int64_t	state[8];
+	u_int64_t	bitcount[2];
+	u_int8_t	buffer[SHA512_BLOCK_LENGTH];
+} SHA512_CTX;
+
+#endif /* SHA2_USE_INTTYPES_H */
+
+typedef SHA512_CTX SHA384_CTX;
+
+
+/*** SHA-256/384/512 Function Prototypes ******************************/
+#ifndef NOPROTO
+#ifdef SHA2_USE_INTTYPES_H
+
+void SHA256_Init(SHA256_CTX *);
+void SHA256_Update(SHA256_CTX*, const uint8_t*, size_t);
+void SHA256_Final(uint8_t[SHA256_DIGEST_LENGTH], SHA256_CTX*);
+char* SHA256_End(SHA256_CTX*, char[SHA256_DIGEST_STRING_LENGTH]);
+char* SHA256_Data(const uint8_t*, size_t, char[SHA256_DIGEST_STRING_LENGTH]);
+
+void SHA384_Init(SHA384_CTX*);
+void SHA384_Update(SHA384_CTX*, const uint8_t*, size_t);
+void SHA384_Final(uint8_t[SHA384_DIGEST_LENGTH], SHA384_CTX*);
+char* SHA384_End(SHA384_CTX*, char[SHA384_DIGEST_STRING_LENGTH]);
+char* SHA384_Data(const uint8_t*, size_t, char[SHA384_DIGEST_STRING_LENGTH]);
+
+void SHA512_Init(SHA512_CTX*);
+void SHA512_Update(SHA512_CTX*, const uint8_t*, size_t);
+void SHA512_Final(uint8_t[SHA512_DIGEST_LENGTH], SHA512_CTX*);
+char* SHA512_End(SHA512_CTX*, char[SHA512_DIGEST_STRING_LENGTH]);
+char* SHA512_Data(const uint8_t*, size_t, char[SHA512_DIGEST_STRING_LENGTH]);
+
+#else /* SHA2_USE_INTTYPES_H */
+
+void SHA256_Init(SHA256_CTX *);
+void SHA256_Update(SHA256_CTX*, const u_int8_t*, size_t);
+void SHA256_Final(u_int8_t[SHA256_DIGEST_LENGTH], SHA256_CTX*);
+char* SHA256_End(SHA256_CTX*, char[SHA256_DIGEST_STRING_LENGTH]);
+char* SHA256_Data(const u_int8_t*, size_t, char[SHA256_DIGEST_STRING_LENGTH]);
+
+void SHA384_Init(SHA384_CTX*);
+void SHA384_Update(SHA384_CTX*, const u_int8_t*, size_t);
+void SHA384_Final(u_int8_t[SHA384_DIGEST_LENGTH], SHA384_CTX*);
+char* SHA384_End(SHA384_CTX*, char[SHA384_DIGEST_STRING_LENGTH]);
+char* SHA384_Data(const u_int8_t*, size_t, char[SHA384_DIGEST_STRING_LENGTH]);
+
+void SHA512_Init(SHA512_CTX*);
+void SHA512_Update(SHA512_CTX*, const u_int8_t*, size_t);
+void SHA512_Final(u_int8_t[SHA512_DIGEST_LENGTH], SHA512_CTX*);
+char* SHA512_End(SHA512_CTX*, char[SHA512_DIGEST_STRING_LENGTH]);
+char* SHA512_Data(const u_int8_t*, size_t, char[SHA512_DIGEST_STRING_LENGTH]);
+
+#endif /* SHA2_USE_INTTYPES_H */
+
+#else /* NOPROTO */
+
+void SHA256_Init();
+void SHA256_Update();
+void SHA256_Final();
+char* SHA256_End();
+char* SHA256_Data();
+
+void SHA384_Init();
+void SHA384_Update();
+void SHA384_Final();
+char* SHA384_End();
+char* SHA384_Data();
+
+void SHA512_Init();
+void SHA512_Update();
+void SHA512_Final();
+char* SHA512_End();
+char* SHA512_Data();
+
+#endif /* NOPROTO */
+
+#ifdef	__cplusplus
+}
+#endif /* __cplusplus */
+
+#endif /* __SHA2_H__ */
+

userspace/login.c

@@ -12,23 +12,12 @@
 #include <unistd.h>
 #include <time.h>
 
+#include "lib/sha2.h"
+
 DEFN_SYSCALL1(wait, 17, unsigned int);
 DEFN_SYSCALL1(setuid, 24, unsigned int);
 DEFN_SYSCALL1(kernel_string_XXX, 25, char *);
 
-typedef struct {
-	int uid;
-	char * name;
-	char * pass;
-} user_combo;
-
-user_combo users[] = {
-	{0, "root", "toor"},
-	{1, "klange", "herp"}
-};
-
-int n_users = 2;
-
 int readline(char * buf, size_t size, uint8_t display) {
 	size_t collected = 0;
 	while (collected < size - 1) {
@@ -55,18 +44,42 @@ _done:
 }
 
 int checkUserPass(char * user, char * pass) {
-	for (int i = 0; i < n_users; ++i) {
-		if (!strcmp(user, users[i].name)) {
-			if (!strcmp(pass, users[i].pass)) {
-				return users[i].uid;
-			}
+
+	/* Generate SHA512 */
+	char hash[SHA512_DIGEST_STRING_LENGTH];
+	SHA512_Data(pass, strlen(pass), hash);
+
+	/* Open up /etc/master.passwd */
+
+	FILE * passwd = fopen("/etc/master.passwd", "r");
+	char line[2048];
+
+	while (fgets(line, 2048, passwd) != NULL) {
+
+		line[strlen(line)-1] = '\0';
+
+		char *p, *tokens[4], *last;
+		int i = 0;
+		for ((p = strtok_r(line, ":", &last)); p;
+				(p = strtok_r(NULL, ":", &last)), i++) {
+			if (i < 511) tokens[i] = p;
 		}
-	}
+		tokens[i] = NULL;
+		
+		if (strcmp(tokens[0],user) != 0) {
+			continue;
+		}
+		if (!strcmp(tokens[1],hash)) {
+			fclose(passwd);
+			return atoi(tokens[2]);
+		}
+		}
+	fclose(passwd);
 	return -1;
+
 }
 
 int main(int argc, char ** argv) {
-	/* TODO: Read /etc/shadow */
 
 	/* TODO: uname() */
 	char * _uname = malloc(sizeof(char) * 1024);
@@ -100,6 +113,7 @@ int main(int argc, char ** argv) {
 
 		uint32_t f = fork();
 		if (getpid() != pid) {
+			/* TODO: Read appropriate shell from /etc/passwd */
 			char * args[] = {
 				"/bin/esh",
 				NULL

userspace/whoami.c

@@ -0,0 +1,39 @@
+/* vim: tabstop=4 shiftwidth=4 noexpandtab
+ *
+ * Who Am I?
+ *
+ */
+#include <stdio.h>
+#include <syscall.h>
+
+DEFN_SYSCALL0(getuid, 23);
+
+#define LINE_LEN 4096
+
+int main(int argc, char ** argv) {
+	FILE * passwd = fopen("/etc/passwd", "r");
+	char line[LINE_LEN];
+	
+	int uid = syscall_getuid();
+
+	while (fgets(line, LINE_LEN, passwd) != NULL) {
+
+		line[strlen(line)-1] = '\0';
+
+		char *p, *tokens[10], *last;
+		int i = 0;
+		for ((p = strtok_r(line, ":", &last)); p;
+				(p = strtok_r(NULL, ":", &last)), i++) {
+			if (i < 511) tokens[i] = p;
+		}
+		tokens[i] = NULL;
+
+		if (atoi(tokens[2]) == uid) {
+			printf("%s\n", tokens[0]);
+		}
+	}
+	fclose(passwd);
+
+	return 0;
+}
+