auth.c 5.7 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282
  1. /*
  2. * GRUB -- GRand Unified Bootloader
  3. * Copyright (C) 2009 Free Software Foundation, Inc.
  4. *
  5. * GRUB is free software: you can redistribute it and/or modify
  6. * it under the terms of the GNU General Public License as published by
  7. * the Free Software Foundation, either version 3 of the License, or
  8. * (at your option) any later version.
  9. *
  10. * GRUB is distributed in the hope that it will be useful,
  11. * but WITHOUT ANY WARRANTY; without even the implied warranty of
  12. * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
  13. * GNU General Public License for more details.
  14. *
  15. * You should have received a copy of the GNU General Public License
  16. * along with GRUB. If not, see <http://www.gnu.org/licenses/>.
  17. */
  18. #include <grub/auth.h>
  19. #include <grub/list.h>
  20. #include <grub/mm.h>
  21. #include <grub/misc.h>
  22. #include <grub/env.h>
  23. #include <grub/normal.h>
  24. #include <grub/time.h>
  25. #include <grub/i18n.h>
  26. struct grub_auth_user
  27. {
  28. struct grub_auth_user *next;
  29. struct grub_auth_user **prev;
  30. char *name;
  31. grub_auth_callback_t callback;
  32. void *arg;
  33. int authenticated;
  34. };
  35. static struct grub_auth_user *users = NULL;
  36. grub_err_t
  37. grub_auth_register_authentication (const char *user,
  38. grub_auth_callback_t callback,
  39. void *arg)
  40. {
  41. struct grub_auth_user *cur;
  42. cur = grub_named_list_find (GRUB_AS_NAMED_LIST (users), user);
  43. if (!cur)
  44. cur = grub_zalloc (sizeof (*cur));
  45. if (!cur)
  46. return grub_errno;
  47. cur->callback = callback;
  48. cur->arg = arg;
  49. if (! cur->name)
  50. {
  51. cur->name = grub_strdup (user);
  52. if (!cur->name)
  53. {
  54. grub_free (cur);
  55. return grub_errno;
  56. }
  57. grub_list_push (GRUB_AS_LIST_P (&users), GRUB_AS_LIST (cur));
  58. }
  59. return GRUB_ERR_NONE;
  60. }
  61. grub_err_t
  62. grub_auth_unregister_authentication (const char *user)
  63. {
  64. struct grub_auth_user *cur;
  65. cur = grub_named_list_find (GRUB_AS_NAMED_LIST (users), user);
  66. if (!cur)
  67. return grub_error (GRUB_ERR_BAD_ARGUMENT, "user '%s' not found", user);
  68. if (!cur->authenticated)
  69. {
  70. grub_free (cur->name);
  71. grub_list_remove (GRUB_AS_LIST (cur));
  72. grub_free (cur);
  73. }
  74. else
  75. {
  76. cur->callback = NULL;
  77. cur->arg = NULL;
  78. }
  79. return GRUB_ERR_NONE;
  80. }
  81. grub_err_t
  82. grub_auth_authenticate (const char *user)
  83. {
  84. struct grub_auth_user *cur;
  85. cur = grub_named_list_find (GRUB_AS_NAMED_LIST (users), user);
  86. if (!cur)
  87. cur = grub_zalloc (sizeof (*cur));
  88. if (!cur)
  89. return grub_errno;
  90. cur->authenticated = 1;
  91. if (! cur->name)
  92. {
  93. cur->name = grub_strdup (user);
  94. if (!cur->name)
  95. {
  96. grub_free (cur);
  97. return grub_errno;
  98. }
  99. grub_list_push (GRUB_AS_LIST_P (&users), GRUB_AS_LIST (cur));
  100. }
  101. return GRUB_ERR_NONE;
  102. }
  103. grub_err_t
  104. grub_auth_deauthenticate (const char *user)
  105. {
  106. struct grub_auth_user *cur;
  107. cur = grub_named_list_find (GRUB_AS_NAMED_LIST (users), user);
  108. if (!cur)
  109. return grub_error (GRUB_ERR_BAD_ARGUMENT, "user '%s' not found", user);
  110. if (!cur->callback)
  111. {
  112. grub_free (cur->name);
  113. grub_list_remove (GRUB_AS_LIST (cur));
  114. grub_free (cur);
  115. }
  116. else
  117. cur->authenticated = 0;
  118. return GRUB_ERR_NONE;
  119. }
  120. static int
  121. is_authenticated (const char *userlist)
  122. {
  123. const char *superusers;
  124. struct grub_auth_user *user;
  125. superusers = grub_env_get ("superusers");
  126. if (!superusers)
  127. return 1;
  128. FOR_LIST_ELEMENTS (user, users)
  129. {
  130. if (!(user->authenticated))
  131. continue;
  132. if ((userlist && grub_strword (userlist, user->name))
  133. || grub_strword (superusers, user->name))
  134. return 1;
  135. }
  136. return 0;
  137. }
  138. static int
  139. grub_username_get (char buf[], unsigned buf_size)
  140. {
  141. unsigned cur_len = 0;
  142. int key;
  143. while (1)
  144. {
  145. key = grub_getkey ();
  146. if (key == '\n' || key == '\r')
  147. break;
  148. if (key == GRUB_TERM_ESC)
  149. {
  150. cur_len = 0;
  151. break;
  152. }
  153. if (key == GRUB_TERM_BACKSPACE)
  154. {
  155. if (cur_len)
  156. {
  157. cur_len--;
  158. grub_printf ("\b \b");
  159. }
  160. continue;
  161. }
  162. if (!grub_isprint (key))
  163. continue;
  164. if (cur_len + 2 < buf_size)
  165. {
  166. buf[cur_len++] = key;
  167. grub_printf ("%c", key);
  168. }
  169. }
  170. grub_memset (buf + cur_len, 0, buf_size - cur_len);
  171. grub_xputs ("\n");
  172. grub_refresh ();
  173. return (key != GRUB_TERM_ESC);
  174. }
  175. grub_err_t
  176. grub_auth_check_authentication (const char *userlist)
  177. {
  178. char login[1024];
  179. struct grub_auth_user *cur = NULL;
  180. static unsigned long punishment_delay = 1;
  181. char entered[GRUB_AUTH_MAX_PASSLEN];
  182. struct grub_auth_user *user;
  183. if (grub_is_cli_disabled ())
  184. return GRUB_ACCESS_DENIED;
  185. grub_memset (login, 0, sizeof (login));
  186. if (is_authenticated (userlist))
  187. {
  188. punishment_delay = 1;
  189. return GRUB_ERR_NONE;
  190. }
  191. grub_puts_ (N_("Enter username: "));
  192. if (!grub_username_get (login, sizeof (login) - 1))
  193. goto access_denied;
  194. grub_puts_ (N_("Enter password: "));
  195. if (!grub_password_get (entered, GRUB_AUTH_MAX_PASSLEN))
  196. goto access_denied;
  197. FOR_LIST_ELEMENTS (user, users)
  198. {
  199. if (grub_strcmp (login, user->name) == 0)
  200. cur = user;
  201. }
  202. if (!cur || ! cur->callback)
  203. goto access_denied;
  204. cur->callback (login, entered, cur->arg);
  205. if (is_authenticated (userlist))
  206. {
  207. punishment_delay = 1;
  208. return GRUB_ERR_NONE;
  209. }
  210. access_denied:
  211. grub_sleep (punishment_delay);
  212. if (punishment_delay < GRUB_ULONG_MAX / 2)
  213. punishment_delay *= 2;
  214. return GRUB_ACCESS_DENIED;
  215. }
  216. static grub_err_t
  217. grub_cmd_authenticate (struct grub_command *cmd __attribute__ ((unused)),
  218. int argc, char **args)
  219. {
  220. return grub_auth_check_authentication ((argc >= 1) ? args[0] : "");
  221. }
  222. static grub_command_t cmd;
  223. void
  224. grub_normal_auth_init (void)
  225. {
  226. cmd = grub_register_command ("authenticate",
  227. grub_cmd_authenticate,
  228. N_("[USERLIST]"),
  229. N_("Check whether user is in USERLIST."));
  230. }
  231. void
  232. grub_normal_auth_fini (void)
  233. {
  234. grub_unregister_command (cmd);
  235. }