linux登陸認證模擬

一個很簡陋的認證過程，通過用戶名（或用戶ID）和密碼明文驗證該用戶是否可以登陸系統。
just for fun，沒有時間完善了，不過應該比較容易擴充和增加其他的功能。
注意鏈接需要制定-lcrypt。如果需要一般用戶同樣可以使用，需要將程序setuid（需要驗證/etc/shadow）:
# chown root:root checkpasswd
# chmod 4755 checkpasswd

usage:
$ checkpasswd --user testuser --password testpassword --verbose
$ checkpasswd -i 1001 -p empty_passwd -v

#define    _XOPEN_SOURCE
#define    _GNU_SOURCE

#include 

#include 
#include 
#include 
#include 
#include 
#include 

#include 
#include 
#include 
#include 
#include 

typedef enum{
    AUTH_TYPE_AUTO,
    AUTH_TYPE_DES,
    AUTH_TYPE_MD5,

    NR_AUTH_TYPE
}auth_type_t;

typedef enum{
    AUTH_INFO_AUTO,
    AUTH_INFO_PASSWD,
    AUTH_INFO_SHADOW,

    NR_AUTH_INFO
}auth_info_t;

typedef struct login_info{
    char* login;    /* login name */
    char* cname;    /* cname */
    char* group;
    char* passwd;    /* plain text password */

    uid_t uid;
    gid_t gid;

    uint16_t auth_type;
    uint16_t auth_info;
}login_info_t;

static login_info_t login_info = {
    NULL, NULL, NULL, NULL, -1, -1, 0, 0,
};

static int verbose_flag;

/**
 * option for getopt_long
 */
static const struct option opt_options[] = {
    {"user", 1, 0, 'n'},
    {"uid", 1, 0, 'u'},
    {"password", 1, 0, 'p'},
    {"help", 0, 0, '?'},
    {"version", 0, 0, 'V'},
    {"verbose", 0, 0, 'v'},
    {0, 0, 0, 0},
};

static void help(void)
{
    const struct option* o;

    for(o = &opt_options[0]; o && o->name; o++){
        fprintf(stderr, "%s\n", o->name);
    }
    fprintf(stderr, "\n");
}

static void version(void)
{
    fprintf(stderr, "version: 0.0.1\n");
}

int verbose(const char* fmt, ...)
{
    va_list ap;
    int n;
    
    if(!verbose_flag)
        return 0;

    va_start(ap, fmt);
    n = vfprintf(stderr, fmt, ap);
    va_end(ap);
    
    return 0;
}

int auth_des(const char* plain_text, const char* key_compare)
{
    char* des_key;
    char salt[2] = ;

    if(strlen(key_compare) < 2)
        return -1;

    strncpy(salt, key_compare, 2);

    des_key = crypt(plain_text, salt);

    if(strcmp(des_key, key_compare) == 0)
        return 0;

    verbose("auth DES: non-match(Wrong) password!\n");

    return -1;
}

/**
 * need GNU libc 2.x or higher
 */

int auth_md5(const char* plain_text, const char* key_compare)
{
    char* md5_key;
    const char* p;
    char salt[12] = ;
    int n = 0;

    if(strlen(key_compare) < 3)
        return -1;

    if(strncmp(key_compare, "$", 3) != 0){    /* not start with "$", please confirm
                               to /etc/shadow file */
        verbose("auth MD5: not start with \"$\"\n");
        return -1;
    }

    p = key_compare + 3;

    while(*p++){
        ++n;
        if(!p){
            verbose("auth MD5: invalid shadowed MD5 password!\n");
            return -1;    /* invalid shadowed md5 password */
        }

        if(n > 8){
            break;
        }
        if(*p == '$'){
            break;
        }
    }

    strncpy(salt, key_compare, n + 3);
    md5_key = crypt(plain_text, salt);

    if(strcmp(md5_key, key_compare) == 0)
        return 0;

    verbose("auth MD5, non-match(Wrong) password!\n");

    return -1;
}

int check_shadowed_passwd(login_info_t* login_info)
{
    struct passwd* pw;
    struct spwd* spw;

    if(login_info->login){
        spw = getspnam(login_info->login);
    }else if(login_info->uid >= 0){
        pw = getpwuid(login_info->uid);
        if(!pw){
            verbose("getpwuid [%d] failed, error: %s\n", login_info->uid, 
                strerror(errno));
            return -1;
        }
        login_info->login = pw->pw_name;
        spw = getspnam(pw->pw_name);
    }else{
        return -1;
    }

    if(!spw){
        fprintf(stderr, "unable to read shadow passwd info: %s\n", 
                strerror(errno));
        return -1;
    }

    if(login_info->auth_type == AUTH_TYPE_AUTO){
        if(strncmp(spw->sp_pwdp, "$", 3) == 0){    /* GNU extension, md5 used */
            return auth_md5(login_info->passwd, spw->sp_pwdp);
        }else{
            return auth_des(login_info->passwd, spw->sp_pwdp);
        }
    }else if(login_info->auth_type == AUTH_TYPE_DES){
        return auth_des(login_info->passwd, spw->sp_pwdp);
    }else if(login_info->auth_type == AUTH_TYPE_MD5){
        return auth_md5(login_info->passwd, spw->sp_pwdp);
    }else{
        verbose("unknown auth type: %d\n", login_info->auth_type);
        return -1;
    }
}

/**
 * checkpasswd  
 */

int check_passwd(login_info_t* login_info)
{
    struct passwd* pw;

    if(login_info->login){
        pw = getpwnam(login_info->login);
        if(!pw){
            verbose("getpwnam [%s] failed, error: %s\n", login_info->login,
                    strerror(errno));
            return -1;
        }
        login_info->uid = pw->pw_uid;
    }else if(login_info->uid >= 0){
        pw = getpwuid(login_info->uid);
        if(!pw){
            verbose("getpwuid [%d] failed, error: %s\n", login_info->uid,
                    strerror(errno));
            return -1;
        }
        login_info->login = pw->pw_name;
    }else{
        return -1;
    }

    if(!login_info->passwd){
        verbose("no password specified!\n");
        return -1;
    }

    if(login_info->auth_info == AUTH_INFO_AUTO){
        if(strlen(pw->pw_passwd) < 2){
            if(strcmp(pw->pw_passwd, "x") == 0){    /* shadow password used */
                return check_shadowed_passwd(login_info);
            }else{
                return -1;
            }
        }
        return auth_des(login_info->passwd, pw->pw_passwd);    
    }else if(login_info->auth_info == AUTH_INFO_PASSWD){
        return auth_des(login_info->passwd, pw->pw_passwd);
    }else if(login_info->auth_info == AUTH_INFO_SHADOW){
        return check_shadowed_passwd(login_info);
    }else{
        verbose("unknown auth info: %d\n", login_info->auth_info);
        return -1;
    }
}

void handle_args(int argc, char* argv[])
{
    int ch;
    int option_index;

    while((ch = getopt_long(argc, argv, "u:i:p:Vvh", opt_options, &option_index)) != -1){
    switch(ch){
        case 'u':
            login_info.login = optarg;
            break;
        case 'i':
            login_info.uid = atoi(optarg);
            break;
        case 'p':
            login_info.passwd = optarg;
            break;
        case 'h':
            help();
            exit(0);
            break;
        case 'V':
            version();
            exit(0);
            break;
        case 'v':
            verbose_flag = 1;
            break;
        case '?':
        default:
            help();
            exit(1);
            break;
        }
    }

    if(!login_info.passwd){
        fprintf(stderr, "please specifie login password\n");
        help();
        exit(1);
    }
    if(!login_info.login && !login_info.uid){
        fprintf(stderr, "please specifie either login name or user id\n");
        help();
        exit(1);
    }
}

int main(int argc, char* argv[])
{
    int ret;
    const char seperator[] = 
        "==========================================================================================\n";
    int retcode = 1;

    handle_args(argc, argv);

    printf(seperator);

    ret = check_passwd(&login_info);
    
    if(ret < 0){
        fprintf(stderr, "3[1;31mauthentication failed for user: "
                "[%s], uid[%d], password: [%s]3[m\n",
                login_info.login, login_info.uid, login_info.passwd);
        goto quit;
    }else if(ret == 0){
        printf("3[1;32mauthenticated token suclearcase/" target="_blank" >ccessfully, user: "
                "[%s], uid: [%d]3[m\n",
                login_info.login, login_info.uid);
        retcode = 0;
    }else{
        assert(0);
        retcode = -1;
    }

quit:
    printf(seperator);
    exit(retcode);
}

原文轉自：http://www.kjueaiud.com