[Pkg-wmaker-commits] [wmbiff] 03/15: in-memory frobnication of imap passwords

Doug Torrance dtorrance-guest at moszumanska.debian.org
Thu Aug 20 03:03:19 UTC 2015


This is an automated email from the git hooks/post-receive script.

dtorrance-guest pushed a commit to tag wmbiff_0_4_15
in repository wmbiff.

commit 0b41c6bc1efd8e978c433846275312cb916ce8ab
Author: bluehal <bluehal>
Date:   Sun Mar 2 02:37:07 2003 +0000

    in-memory frobnication of imap passwords
---
 NEWS                 | 16 +++++++++++++---
 configure.ac         |  3 +++
 wmbiff/Imap4Client.c | 34 ++++++++++++++++++++++++++--------
 wmbiff/passwordMgr.c | 25 ++++++++++++++++---------
 wmbiff/passwordMgr.h |  5 +++--
 5 files changed, 61 insertions(+), 22 deletions(-)

diff --git a/NEWS b/NEWS
index ab97f64..8741549 100644
--- a/NEWS
+++ b/NEWS
@@ -1,12 +1,22 @@
 Release Notes
 ~~~~~~~~~~~~~
-Release 0.4.14 - Feb 13, 2003
+Release 0.4.15 - Mar x, 2003
+  * Frobnicate internally stored passwords, partially 
+    obfuscating them in memory.  Not actually more 
+    secure, but harder to casually discover a password.
+  * Tighten configuration file lines to more quickly
+    detect misconfiguration; give the -relax option if
+    it is too paranoid.
+
+Release 0.4.14 - Jan 24, 2003
+  * Handle building on systems with both posix and gnu
+    regex in different but conflicting files.  
   * Restart wmbiff on SIGUSR1.  You may need to use 
     'killall -USR1 wmbiff' if it gets stuck.
   * Restart wmbiff on ctrl-shift mouse 1.
 
 Release 0.4.13 - Jan 20, 2003
-  * Fix a potential file descriptor leak when using 
+  * Fix a file descriptor leak when using 
     both Shell and IMAP clients.
   * Portability to Mac OS X, Solaris, and probably BSD
     restored (thanks sourceforge compile farm!) with a
@@ -401,4 +411,4 @@ Release 0.1 - Wed, 17 Nov 1999 00:00:00 +0000
   * Initial release by Gennady Belyakov <gb at ccat.elect.ru>.
 
 
-$Id: NEWS,v 1.39 2003/02/13 21:07:34 bluehal Exp $
+$Id: NEWS,v 1.40 2003/03/02 02:37:07 bluehal Exp $
diff --git a/configure.ac b/configure.ac
index c95392c..23646a0 100644
--- a/configure.ac
+++ b/configure.ac
@@ -36,6 +36,9 @@ AC_CHECK_HEADERS(stdio.h)
 dnl for IPv6 support
 AC_CHECK_FUNCS(getaddrinfo)
 
+dnl see if we can cheaply "encrypt" passwords in memory
+AC_CHECK_FUNCS(memfrob)
+
 dnl AC_CHECK_FUNC(asprintf, , VASPRINTF="vasprintf.c")
 
 dnl replacing the old USE_POLL define
diff --git a/wmbiff/Imap4Client.c b/wmbiff/Imap4Client.c
index e487f65..6190019 100644
--- a/wmbiff/Imap4Client.c
+++ b/wmbiff/Imap4Client.c
@@ -34,13 +34,21 @@ extern int Relax;
 
 #define IMAP_DM(pc, lvl, args...) DM(pc, lvl, "imap4: " args)
 
+#ifdef HAVE_MEMFROB
+#define DEFROB(x) memfrob(x, strlen(x))
+#define ENFROB(x) memfrob(x, strlen(x))
+#else
+#define DEFROB(x)
+#define ENFROB(x)
+#endif
+
 /* this array maps server:port pairs to file descriptors, so
    that when more than one mailbox is queried from a server,
    we only use one socket.  It's limited in size by the
    number of different mailboxes displayed. */
 #define FDMAP_SIZE 5
 static struct fdmap_struct {
-	char *user_password_server_port;	/* tuple, in string form */
+	char *user_server_port;		/* tuple, in string form */
 	/*@owned@ */ struct connection_state *cs;
 } fdmap[FDMAP_SIZE];
 
@@ -88,9 +96,8 @@ static struct connection_state *state_for_pcu(Pop3 pc)
 	sprintf(connection_id, "%s|%s|%d", PCU.userName, PCU.serverName,
 			PCU.serverPort);
 	for (i = 0; i < FDMAP_SIZE; i++)
-		if (fdmap[i].user_password_server_port != NULL &&
-			(strcmp(connection_id,
-					fdmap[i].user_password_server_port) == 0)) {
+		if (fdmap[i].user_server_port != NULL &&
+			(strcmp(connection_id, fdmap[i].user_server_port) == 0)) {
 			retval = fdmap[i].cs;
 		}
 	free(connection_id);
@@ -117,7 +124,7 @@ static void bind_state_to_pcu(Pop3 pc,
 				"Tried to open too many IMAP connections. Sorry!\n");
 		exit(EXIT_FAILURE);
 	}
-	fdmap[i].user_password_server_port = connection_id;
+	fdmap[i].user_server_port = connection_id;
 	fdmap[i].cs = scs;
 }
 
@@ -135,7 +142,7 @@ struct connection_state *unbind(
 
 	for (i = 0; i < FDMAP_SIZE && fdmap[i].cs != scs; i++);
 	if (i < FDMAP_SIZE) {
-		free(fdmap[i].user_password_server_port);
+		free(fdmap[i].user_server_port);
 		retval = fdmap[i].cs;
 		fdmap[i].cs = NULL;
 	}
@@ -390,8 +397,13 @@ int imap4Create( /*@notnull@ */ Pop3 pc, const char *const str)
 		return -1;
 	}
 
-	if (PCU.password[0] == '\0')
+	if (PCU.password[0] == '\0') {
 		PCU.interactive_password = 1;
+	} else {
+#ifdef HAVE_MEMFROB
+		memfrob(PCU.password, strlen(PCU.password));
+#endif
+	}
 
 	// grab_authList(unaliased_str + matchedchars, PCU.authList);
 
@@ -431,8 +443,10 @@ static int authenticate_plaintext( /*@notnull@ */ Pop3 pc,
 	ask_user_for_password(pc, 0);
 	do {
 		/* login */
+		DEFROB(PCU.password);
 		tlscomm_printf(scs, "a001 LOGIN %s \"%s\"\r\n", PCU.userName,
 					   PCU.password);
+		ENFROB(PCU.password);
 		if (tlscomm_expect(scs, "a001 ", buf, BUF_SIZE) == 0) {
 			IMAP_DM(pc, DEBUG_ERROR,
 					"Did not get a response to the LOGIN command.\n");
@@ -483,7 +497,9 @@ static int authenticate_md5(Pop3 pc,
 	strcat(buf, " ");
 	ask_user_for_password(pc, 0);
 	gmh = gcry_md_open(GCRY_MD_MD5, GCRY_MD_FLAG_HMAC);
+	DEFROB(PCU.password);
 	gcry_md_setkey(gmh, PCU.password, strlen(PCU.password));
+	ENFROB(PCU.password);
 	gcry_md_write(gmh, (unsigned char *) buf2, strlen(buf2));
 	gcry_md_final(gmh);
 	md5 = gcry_md_read(gmh, 0);
@@ -522,13 +538,15 @@ static void ask_user_for_password( /*@notnull@ */ Pop3 pc, int bFlushCache)
 	if (PCU.interactive_password) {
 		if (strlen(PCU.password) == 0) {
 			/* we need to grab the password from the user. */
-			const char *password;
+			char *password;
 			IMAP_DM(pc, DEBUG_INFO, "asking for password %d\n",
 					bFlushCache);
 			password =
 				passwordFor(PCU.userName, PCU.serverName, pc, bFlushCache);
 			if (password != NULL) {
 				strcpy(PCU.password, password);
+				free(password);
+				ENFROB(PCU.password);
 			}
 		}
 	}
diff --git a/wmbiff/passwordMgr.c b/wmbiff/passwordMgr.c
index f2a8c33..13318fd 100644
--- a/wmbiff/passwordMgr.c
+++ b/wmbiff/passwordMgr.c
@@ -42,10 +42,10 @@ typedef struct password_binding_struct {
 	struct password_binding_struct *next;
 	char user[32];
 	char server[255];
-	char password[32];
+	char password[32];			/* may be frobnicated */
 } *password_binding;
 
-password_binding pass_list = NULL;
+static password_binding pass_list = NULL;
 
 /* verifies that askpass_fname, if it has no spaces, exists as 
    a file, is owned by the user or by root, and is not world 
@@ -81,8 +81,8 @@ int permissions_ok(Pop3 pc, const char *askpass_fname)
 	return (1);
 }
 
-const char *passwordFor(const char *username,
-						const char *servername, Pop3 pc, int bFlushCache)
+char *passwordFor(const char *username,
+				  const char *servername, Pop3 pc, int bFlushCache)
 {
 
 	password_binding p;
@@ -99,8 +99,13 @@ const char *passwordFor(const char *username,
 	/* if so, return the password */
 	if (p != NULL) {
 		if (p->password[0] != '\0') {
-			if (bFlushCache == 0)
-				return (p->password);
+			if (bFlushCache == 0) {
+				char *ret = strdup(p->password);
+#ifdef HAVE_MEMFROB
+				memfrob(ret, strlen(ret));
+#endif
+				return (ret);
+			}
 			/* else fall through, overwrite */
 		} else if (pc) {
 			/* if we've asked, but received nothing, disable this box */
@@ -148,11 +153,13 @@ const char *passwordFor(const char *username,
 			strcpy(p->server, servername);
 			strncpy(p->password, password_ptr, 31);
 			p->password[31] = '\0';	/* force a null termination */
-			free(password_ptr);
-
+			// caller is responsible for freeing plaintext version free(password_ptr);
+#ifdef HAVE_MEMFROB
+			memfrob(p->password, strlen(p->password));
+#endif
 			p->next = pass_list;
 			pass_list = p;
-			return (p->password);
+			return (password_ptr);
 		}
 	}
 
diff --git a/wmbiff/passwordMgr.h b/wmbiff/passwordMgr.h
index 249264b..3b91fc3 100644
--- a/wmbiff/passwordMgr.h
+++ b/wmbiff/passwordMgr.h
@@ -1,7 +1,8 @@
 #include "Client.h"
 
-const char *passwordFor(const char *username,
-						const char *servername, Pop3 pc, int bFlushCache);
+/*@mustfree@*/ char *passwordFor(const char *username,
+								 const char *servername, Pop3 pc,
+								 int bFlushCache);
 
 /* tested by test_wmbiff; don't use this for anything. */
 int permissions_ok(Pop3 pc, const char *askpass_fname);

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-wmaker/wmbiff.git



More information about the Pkg-wmaker-commits mailing list