[Pkg-wmaker-commits] [wmbiff] 03/15: in-memory frobnication of imap passwords
Doug Torrance
dtorrance-guest at moszumanska.debian.org
Thu Aug 20 03:03:19 UTC 2015
This is an automated email from the git hooks/post-receive script.
dtorrance-guest pushed a commit to tag wmbiff_0_4_15
in repository wmbiff.
commit 0b41c6bc1efd8e978c433846275312cb916ce8ab
Author: bluehal <bluehal>
Date: Sun Mar 2 02:37:07 2003 +0000
in-memory frobnication of imap passwords
---
NEWS | 16 +++++++++++++---
configure.ac | 3 +++
wmbiff/Imap4Client.c | 34 ++++++++++++++++++++++++++--------
wmbiff/passwordMgr.c | 25 ++++++++++++++++---------
wmbiff/passwordMgr.h | 5 +++--
5 files changed, 61 insertions(+), 22 deletions(-)
diff --git a/NEWS b/NEWS
index ab97f64..8741549 100644
--- a/NEWS
+++ b/NEWS
@@ -1,12 +1,22 @@
Release Notes
~~~~~~~~~~~~~
-Release 0.4.14 - Feb 13, 2003
+Release 0.4.15 - Mar x, 2003
+ * Frobnicate internally stored passwords, partially
+ obfuscating them in memory. Not actually more
+ secure, but harder to casually discover a password.
+ * Tighten configuration file lines to more quickly
+ detect misconfiguration; give the -relax option if
+ it is too paranoid.
+
+Release 0.4.14 - Jan 24, 2003
+ * Handle building on systems with both posix and gnu
+ regex in different but conflicting files.
* Restart wmbiff on SIGUSR1. You may need to use
'killall -USR1 wmbiff' if it gets stuck.
* Restart wmbiff on ctrl-shift mouse 1.
Release 0.4.13 - Jan 20, 2003
- * Fix a potential file descriptor leak when using
+ * Fix a file descriptor leak when using
both Shell and IMAP clients.
* Portability to Mac OS X, Solaris, and probably BSD
restored (thanks sourceforge compile farm!) with a
@@ -401,4 +411,4 @@ Release 0.1 - Wed, 17 Nov 1999 00:00:00 +0000
* Initial release by Gennady Belyakov <gb at ccat.elect.ru>.
-$Id: NEWS,v 1.39 2003/02/13 21:07:34 bluehal Exp $
+$Id: NEWS,v 1.40 2003/03/02 02:37:07 bluehal Exp $
diff --git a/configure.ac b/configure.ac
index c95392c..23646a0 100644
--- a/configure.ac
+++ b/configure.ac
@@ -36,6 +36,9 @@ AC_CHECK_HEADERS(stdio.h)
dnl for IPv6 support
AC_CHECK_FUNCS(getaddrinfo)
+dnl see if we can cheaply "encrypt" passwords in memory
+AC_CHECK_FUNCS(memfrob)
+
dnl AC_CHECK_FUNC(asprintf, , VASPRINTF="vasprintf.c")
dnl replacing the old USE_POLL define
diff --git a/wmbiff/Imap4Client.c b/wmbiff/Imap4Client.c
index e487f65..6190019 100644
--- a/wmbiff/Imap4Client.c
+++ b/wmbiff/Imap4Client.c
@@ -34,13 +34,21 @@ extern int Relax;
#define IMAP_DM(pc, lvl, args...) DM(pc, lvl, "imap4: " args)
+#ifdef HAVE_MEMFROB
+#define DEFROB(x) memfrob(x, strlen(x))
+#define ENFROB(x) memfrob(x, strlen(x))
+#else
+#define DEFROB(x)
+#define ENFROB(x)
+#endif
+
/* this array maps server:port pairs to file descriptors, so
that when more than one mailbox is queried from a server,
we only use one socket. It's limited in size by the
number of different mailboxes displayed. */
#define FDMAP_SIZE 5
static struct fdmap_struct {
- char *user_password_server_port; /* tuple, in string form */
+ char *user_server_port; /* tuple, in string form */
/*@owned@ */ struct connection_state *cs;
} fdmap[FDMAP_SIZE];
@@ -88,9 +96,8 @@ static struct connection_state *state_for_pcu(Pop3 pc)
sprintf(connection_id, "%s|%s|%d", PCU.userName, PCU.serverName,
PCU.serverPort);
for (i = 0; i < FDMAP_SIZE; i++)
- if (fdmap[i].user_password_server_port != NULL &&
- (strcmp(connection_id,
- fdmap[i].user_password_server_port) == 0)) {
+ if (fdmap[i].user_server_port != NULL &&
+ (strcmp(connection_id, fdmap[i].user_server_port) == 0)) {
retval = fdmap[i].cs;
}
free(connection_id);
@@ -117,7 +124,7 @@ static void bind_state_to_pcu(Pop3 pc,
"Tried to open too many IMAP connections. Sorry!\n");
exit(EXIT_FAILURE);
}
- fdmap[i].user_password_server_port = connection_id;
+ fdmap[i].user_server_port = connection_id;
fdmap[i].cs = scs;
}
@@ -135,7 +142,7 @@ struct connection_state *unbind(
for (i = 0; i < FDMAP_SIZE && fdmap[i].cs != scs; i++);
if (i < FDMAP_SIZE) {
- free(fdmap[i].user_password_server_port);
+ free(fdmap[i].user_server_port);
retval = fdmap[i].cs;
fdmap[i].cs = NULL;
}
@@ -390,8 +397,13 @@ int imap4Create( /*@notnull@ */ Pop3 pc, const char *const str)
return -1;
}
- if (PCU.password[0] == '\0')
+ if (PCU.password[0] == '\0') {
PCU.interactive_password = 1;
+ } else {
+#ifdef HAVE_MEMFROB
+ memfrob(PCU.password, strlen(PCU.password));
+#endif
+ }
// grab_authList(unaliased_str + matchedchars, PCU.authList);
@@ -431,8 +443,10 @@ static int authenticate_plaintext( /*@notnull@ */ Pop3 pc,
ask_user_for_password(pc, 0);
do {
/* login */
+ DEFROB(PCU.password);
tlscomm_printf(scs, "a001 LOGIN %s \"%s\"\r\n", PCU.userName,
PCU.password);
+ ENFROB(PCU.password);
if (tlscomm_expect(scs, "a001 ", buf, BUF_SIZE) == 0) {
IMAP_DM(pc, DEBUG_ERROR,
"Did not get a response to the LOGIN command.\n");
@@ -483,7 +497,9 @@ static int authenticate_md5(Pop3 pc,
strcat(buf, " ");
ask_user_for_password(pc, 0);
gmh = gcry_md_open(GCRY_MD_MD5, GCRY_MD_FLAG_HMAC);
+ DEFROB(PCU.password);
gcry_md_setkey(gmh, PCU.password, strlen(PCU.password));
+ ENFROB(PCU.password);
gcry_md_write(gmh, (unsigned char *) buf2, strlen(buf2));
gcry_md_final(gmh);
md5 = gcry_md_read(gmh, 0);
@@ -522,13 +538,15 @@ static void ask_user_for_password( /*@notnull@ */ Pop3 pc, int bFlushCache)
if (PCU.interactive_password) {
if (strlen(PCU.password) == 0) {
/* we need to grab the password from the user. */
- const char *password;
+ char *password;
IMAP_DM(pc, DEBUG_INFO, "asking for password %d\n",
bFlushCache);
password =
passwordFor(PCU.userName, PCU.serverName, pc, bFlushCache);
if (password != NULL) {
strcpy(PCU.password, password);
+ free(password);
+ ENFROB(PCU.password);
}
}
}
diff --git a/wmbiff/passwordMgr.c b/wmbiff/passwordMgr.c
index f2a8c33..13318fd 100644
--- a/wmbiff/passwordMgr.c
+++ b/wmbiff/passwordMgr.c
@@ -42,10 +42,10 @@ typedef struct password_binding_struct {
struct password_binding_struct *next;
char user[32];
char server[255];
- char password[32];
+ char password[32]; /* may be frobnicated */
} *password_binding;
-password_binding pass_list = NULL;
+static password_binding pass_list = NULL;
/* verifies that askpass_fname, if it has no spaces, exists as
a file, is owned by the user or by root, and is not world
@@ -81,8 +81,8 @@ int permissions_ok(Pop3 pc, const char *askpass_fname)
return (1);
}
-const char *passwordFor(const char *username,
- const char *servername, Pop3 pc, int bFlushCache)
+char *passwordFor(const char *username,
+ const char *servername, Pop3 pc, int bFlushCache)
{
password_binding p;
@@ -99,8 +99,13 @@ const char *passwordFor(const char *username,
/* if so, return the password */
if (p != NULL) {
if (p->password[0] != '\0') {
- if (bFlushCache == 0)
- return (p->password);
+ if (bFlushCache == 0) {
+ char *ret = strdup(p->password);
+#ifdef HAVE_MEMFROB
+ memfrob(ret, strlen(ret));
+#endif
+ return (ret);
+ }
/* else fall through, overwrite */
} else if (pc) {
/* if we've asked, but received nothing, disable this box */
@@ -148,11 +153,13 @@ const char *passwordFor(const char *username,
strcpy(p->server, servername);
strncpy(p->password, password_ptr, 31);
p->password[31] = '\0'; /* force a null termination */
- free(password_ptr);
-
+ // caller is responsible for freeing plaintext version free(password_ptr);
+#ifdef HAVE_MEMFROB
+ memfrob(p->password, strlen(p->password));
+#endif
p->next = pass_list;
pass_list = p;
- return (p->password);
+ return (password_ptr);
}
}
diff --git a/wmbiff/passwordMgr.h b/wmbiff/passwordMgr.h
index 249264b..3b91fc3 100644
--- a/wmbiff/passwordMgr.h
+++ b/wmbiff/passwordMgr.h
@@ -1,7 +1,8 @@
#include "Client.h"
-const char *passwordFor(const char *username,
- const char *servername, Pop3 pc, int bFlushCache);
+/*@mustfree@*/ char *passwordFor(const char *username,
+ const char *servername, Pop3 pc,
+ int bFlushCache);
/* tested by test_wmbiff; don't use this for anything. */
int permissions_ok(Pop3 pc, const char *askpass_fname);
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-wmaker/wmbiff.git
More information about the Pkg-wmaker-commits
mailing list