summaryrefslogtreecommitdiffstats
path: root/vendor/golang.org/x/crypto/ssh/test/sshd_test_pw.c
diff options
context:
space:
mode:
Diffstat (limited to 'vendor/golang.org/x/crypto/ssh/test/sshd_test_pw.c')
-rw-r--r--vendor/golang.org/x/crypto/ssh/test/sshd_test_pw.c173
1 files changed, 173 insertions, 0 deletions
diff --git a/vendor/golang.org/x/crypto/ssh/test/sshd_test_pw.c b/vendor/golang.org/x/crypto/ssh/test/sshd_test_pw.c
new file mode 100644
index 000000000..2794a563a
--- /dev/null
+++ b/vendor/golang.org/x/crypto/ssh/test/sshd_test_pw.c
@@ -0,0 +1,173 @@
+// Copyright 2017 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// sshd_test_pw.c
+// Wrapper to inject test password data for sshd PAM authentication
+//
+// This wrapper implements custom versions of getpwnam, getpwnam_r,
+// getspnam and getspnam_r. These functions first call their real
+// libc versions, then check if the requested user matches test user
+// specified in env variable TEST_USER and if so replace the password
+// with crypted() value of TEST_PASSWD env variable.
+//
+// Compile:
+// gcc -Wall -shared -o sshd_test_pw.so -fPIC sshd_test_pw.c
+//
+// Compile with debug:
+// gcc -DVERBOSE -Wall -shared -o sshd_test_pw.so -fPIC sshd_test_pw.c
+//
+// Run sshd:
+// LD_PRELOAD="sshd_test_pw.so" TEST_USER="..." TEST_PASSWD="..." sshd ...
+
+// +build ignore
+
+#define _GNU_SOURCE
+#include <string.h>
+#include <pwd.h>
+#include <shadow.h>
+#include <dlfcn.h>
+#include <stdlib.h>
+#include <unistd.h>
+#include <stdio.h>
+
+#ifdef VERBOSE
+#define DEBUG(X...) fprintf(stderr, X)
+#else
+#define DEBUG(X...) while (0) { }
+#endif
+
+/* crypt() password */
+static char *
+pwhash(char *passwd) {
+ return strdup(crypt(passwd, "$6$"));
+}
+
+/* Pointers to real functions in libc */
+static struct passwd * (*real_getpwnam)(const char *) = NULL;
+static int (*real_getpwnam_r)(const char *, struct passwd *, char *, size_t, struct passwd **) = NULL;
+static struct spwd * (*real_getspnam)(const char *) = NULL;
+static int (*real_getspnam_r)(const char *, struct spwd *, char *, size_t, struct spwd **) = NULL;
+
+/* Cached test user and test password */
+static char *test_user = NULL;
+static char *test_passwd_hash = NULL;
+
+static void
+init(void) {
+ /* Fetch real libc function pointers */
+ real_getpwnam = dlsym(RTLD_NEXT, "getpwnam");
+ real_getpwnam_r = dlsym(RTLD_NEXT, "getpwnam_r");
+ real_getspnam = dlsym(RTLD_NEXT, "getspnam");
+ real_getspnam_r = dlsym(RTLD_NEXT, "getspnam_r");
+
+ /* abort if env variables are not defined */
+ if (getenv("TEST_USER") == NULL || getenv("TEST_PASSWD") == NULL) {
+ fprintf(stderr, "env variables TEST_USER and TEST_PASSWD are missing\n");
+ abort();
+ }
+
+ /* Fetch test user and test password from env */
+ test_user = strdup(getenv("TEST_USER"));
+ test_passwd_hash = pwhash(getenv("TEST_PASSWD"));
+
+ DEBUG("sshd_test_pw init():\n");
+ DEBUG("\treal_getpwnam: %p\n", real_getpwnam);
+ DEBUG("\treal_getpwnam_r: %p\n", real_getpwnam_r);
+ DEBUG("\treal_getspnam: %p\n", real_getspnam);
+ DEBUG("\treal_getspnam_r: %p\n", real_getspnam_r);
+ DEBUG("\tTEST_USER: '%s'\n", test_user);
+ DEBUG("\tTEST_PASSWD: '%s'\n", getenv("TEST_PASSWD"));
+ DEBUG("\tTEST_PASSWD_HASH: '%s'\n", test_passwd_hash);
+}
+
+static int
+is_test_user(const char *name) {
+ if (test_user != NULL && strcmp(test_user, name) == 0)
+ return 1;
+ return 0;
+}
+
+/* getpwnam */
+
+struct passwd *
+getpwnam(const char *name) {
+ struct passwd *pw;
+
+ DEBUG("sshd_test_pw getpwnam(%s)\n", name);
+
+ if (real_getpwnam == NULL)
+ init();
+ if ((pw = real_getpwnam(name)) == NULL)
+ return NULL;
+
+ if (is_test_user(name))
+ pw->pw_passwd = strdup(test_passwd_hash);
+
+ return pw;
+}
+
+/* getpwnam_r */
+
+int
+getpwnam_r(const char *name,
+ struct passwd *pwd,
+ char *buf,
+ size_t buflen,
+ struct passwd **result) {
+ int r;
+
+ DEBUG("sshd_test_pw getpwnam_r(%s)\n", name);
+
+ if (real_getpwnam_r == NULL)
+ init();
+ if ((r = real_getpwnam_r(name, pwd, buf, buflen, result)) != 0 || *result == NULL)
+ return r;
+
+ if (is_test_user(name))
+ pwd->pw_passwd = strdup(test_passwd_hash);
+
+ return 0;
+}
+
+/* getspnam */
+
+struct spwd *
+getspnam(const char *name) {
+ struct spwd *sp;
+
+ DEBUG("sshd_test_pw getspnam(%s)\n", name);
+
+ if (real_getspnam == NULL)
+ init();
+ if ((sp = real_getspnam(name)) == NULL)
+ return NULL;
+
+ if (is_test_user(name))
+ sp->sp_pwdp = strdup(test_passwd_hash);
+
+ return sp;
+}
+
+/* getspnam_r */
+
+int
+getspnam_r(const char *name,
+ struct spwd *spbuf,
+ char *buf,
+ size_t buflen,
+ struct spwd **spbufp) {
+ int r;
+
+ DEBUG("sshd_test_pw getspnam_r(%s)\n", name);
+
+ if (real_getspnam_r == NULL)
+ init();
+ if ((r = real_getspnam_r(name, spbuf, buf, buflen, spbufp)) != 0)
+ return r;
+
+ if (is_test_user(name))
+ spbuf->sp_pwdp = strdup(test_passwd_hash);
+
+ return r;
+}
generated by cgit v1.2.3-1-g7c22 (git 2.25.1) at 2024-05-20 15:18:06 +0000