LTSP5

Merge lp:~bennabiy/ltsp/ldm-hashing into lp:~ltsp-upstream/ltsp/ldm-trunk

ldm-hashing
Merge into ldm-trunk

Proposed by ben-Nabiy Derush on 2014-07-28

Status:	Merged
Merge reported by:	Vagrant Cascadian
Merged at revision:	not available
Proposed branch:	lp:~bennabiy/ltsp/ldm-hashing
Merge into:	lp:~ltsp-upstream/ltsp/ldm-trunk
Diff against target:	161 lines (+86/-3) 5 files modified src/ldminfo.c (+21/-0) src/ldminfo.h (+1/-0) src/plugins/ssh/Makefile.am (+1/-1) src/plugins/ssh/ssh.c (+62/-2) src/plugins/ssh/ssh.h (+1/-0)
To merge this branch:	bzr merge lp:~bennabiy/ltsp/ldm-hashing
Related bugs:	Link a bug report

Reviewer	Review Type	Date Requested	Status
Vagrant Cascadian		2014-07-28	Pending
Review via email: mp+228560@code.launchpad.net

Description of the change

Allows for passwords to work in fat client / localapps to allow screen locking and such.

lp:~bennabiy/ltsp/ldm-hashing updated on 2014-07-31

1553. By ben-Nabiy Derush on 2014-07-29

updated ssh.c to reflect a static file written to at /var/cache/ltsp/shadow.sed

1554. By ben-Nabiy Derush on 2014-07-29

Adjusted to static location for sed file, and not running hash in an insecure way.
removes hash file unconditionally.

1555. By ben-Nabiy Derush on 2014-07-29

Patched to allow environment variable LDM_PASSWORD_HASH to opt out

1556. By ben-Nabiy Derush on 2014-07-29

bug fix

1557. By ben-Nabiy Derush on 2014-07-30

Removed rc.d script and moved its contents to LTSP script X01-localapps

Added new function ldm_getenv_bool_default which allows for default value
to be passed to function if NULL value received from getenv().

modified ssh.c to reflect that.

1558. By ben-Nabiy Derush on 2014-07-31

Changed to opt-in rather than opt-out

1559. By ben-Nabiy Derush on 2014-07-31

Modified logging to reflect opt-in nature

1560. By ben-Nabiy Derush on 2014-07-31

Adjusting logging, cleaned up code a little.

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk

Subscribers

People subscribed via source and target branches

to all changes:

LTSP5 developers

ben-Nabiy Derush

 === modified file 'src/ldminfo.c'
 --- src/ldminfo.c	2014-07-28 12:26:38 +0000
 +++ src/ldminfo.c	2014-07-31 15:40:54 +0000
@@ -276,6 +276,27 @@
+ }
  /*
++ * ldm_getenv_bool_default
++ *  Return if env variable is set to true or false
++ *      name -- env. variable name
++ *      default_value -- int to return as default [0,1]
++ */
++int
++ldm_getenv_bool_default(const char *name, const int default_value)
++{
++    char *env = getenv(name);
++
++    if (env != NULL) {
++        if (*env == 'y' || *env == 't' || *env == 'T' || *env == 'Y') {
++            return 1;
++        } else {
++            return 0;
++        }
++    }
++    return default_value;
++}
++
++/*
   * ldm_getenv_int
   *  Return an int, will return default_value if not set
   */
 === modified file 'src/ldminfo.h'
 --- src/ldminfo.h	2012-08-21 14:33:07 +0000
 +++ src/ldminfo.h	2014-07-31 15:40:54 +0000
@@ -45,6 +45,7 @@
  void _ldminfo_parse_string(const char *s, ldminfo * ldm_host_info);
  int ldm_getenv_bool(const char *name);
++int ldm_getenv_bool_default(const char *name, const int default_value);
  int ldm_getenv_int(const char *name, int default_value);
  ldminfo *ldminfo_lookup(gconstpointer key);
 === modified file 'src/plugins/ssh/Makefile.am'
 --- src/plugins/ssh/Makefile.am	2011-05-20 08:59:08 +0000
 +++ src/plugins/ssh/Makefile.am	2014-07-31 15:40:54 +0000
@@ -3,5 +3,5 @@
  libssh_la_CFLAGS = $(GLIB_CFLAGS) $(GOBJECT_CFLAGS)
--libssh_la_LDFLAGS = $(GLIB_LIBS) $(GOBJECT_LIBS)
++libssh_la_LDFLAGS = -lcrypt $(GLIB_LIBS) $(GOBJECT_LIBS)
  libssh_la_SOURCES = ssh.c
 === modified file 'src/plugins/ssh/ssh.c'
 --- src/plugins/ssh/ssh.c	2014-07-28 12:27:09 +0000
 +++ src/plugins/ssh/ssh.c	2014-07-31 15:40:54 +0000
@@ -16,6 +16,7 @@
  #include <sys/ioctl.h>
  #include <sys/stat.h>
  #include <utmp.h>
++#include <crypt.h>
  #include "../../ldm.h"
  #include "../../ldmutils.h"
@@ -125,6 +126,9 @@
      log_entry("ssh", 6, "calling rc.d start scripts");
      rc_files("start");                           /* Execute any rc files */
++    /* ssh_hashpass - Defaults to opt-in (Must set LDM_PASSWORD_HASH to true) */
++    ssh_hashpass();
++
      log_entry("ssh", 6, "starting X session");
      set_session_env(sshinfo->xsession, sshinfo->session);
+ }
@@ -384,8 +388,7 @@
          /* We might have a : in the data, we're looking for :'s at the
             end of the line */
          if (seen == 0) {
--            g_free(sshinfo->password);
--            sshinfo->password = NULL;
++            /* Freed in ssh_hashpass */
              return;
          } else if (seen == 1) {
              int i;
@@ -485,6 +488,63 @@
+     }
+ }
++/*
++ * ssh_hashpass()
++ * Set up password has for client /etc/shadow using /dev/urandom
++ * rather than g_rand() due to developer recommendations at:
++ * https://developer.gnome.org/glib/stable/glib-Random-Numbers.html
++ */
++void
++ssh_hashpass(void)
++{
++    FILE *rand_fp;
++    FILE *shad_fp;
++    gchar salt[] = "$6$...............$";
++    gchar buf[16];
++    const gchar seedchars[] =
++        "./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz";
++    gchar *shadowentry;
++    const gchar hashloc[] = "/var/cache/ltsp/shadow.sed";
++    size_t i = 0;
++    gchar ldmenv[] = "LDM_PASSWORD_HASH";
++    size_t ldm_hash_default = 0; /* Default to false */
++    if (ldm_getenv_bool_default(ldmenv, ldm_hash_default))
++    {
++        log_entry("hashpass", 6, "LDM_PASSWORD_HASH set to true, setting hash");
++        rand_fp = fopen("/dev/urandom", "r");
++        if (rand_fp == NULL) {
++            log_entry("hashpass", 7, "Unable to read from /dev/urandom");
++        }
++        fread(buf, sizeof buf, 1, rand_fp);
++        fclose(rand_fp);
++        for (; i < sizeof buf; i++) {
++            salt[3 + i] = seedchars[buf[i] % (sizeof seedchars - 1)];
++        }
++        shadowentry = crypt(sshinfo->password, salt);
++        log_entry("hashpass", 6, "hash created");
++        /* generate dynamic file for writing hash to.
++         * Will remove anything in its way.
++         * This will be removed during rc.d script run.
++         */
++        shad_fp = fopen(hashloc, "w");
++        if (shad_fp == NULL) {
++            log_entry("hashpass", 7, "Unable to open %s for hash entry.",
++                      hashloc);
++        }
++        fprintf(shad_fp,
++                "# Generated by LTSP, to be used by X01-localapps-ldm\n$s:!:%s:",
++                shadowentry);
++        fclose(shad_fp);
++        log_entry("hashpass", 6, "Freeing password as promised.");
++    }
++    else
++    {
++        log_entry("hashpass", 6, "LDM_PASSWORD_HASH set to FALSE or unset, skipping hash function");
++    }
++    g_free(sshinfo->password);
++    sshinfo->password = NULL;
++}
++
  void *
  eater()
+ {
 === modified file 'src/plugins/ssh/ssh.h'
 --- src/plugins/ssh/ssh.h	2013-01-08 16:59:26 +0000
 +++ src/plugins/ssh/ssh.h	2014-07-31 15:40:54 +0000
@@ -29,6 +29,7 @@
  void ssh_endsession(void);
  void ssh_session(void);
  void ssh_tty_init();
++void ssh_hashpass(void);
  int expect(int, char*,int,...);

LTSP5

Merge lp:~bennabiy/ltsp/ldm-hashing into lp:~ltsp-upstream/ltsp/ldm-trunk

Commit message

Description of the change

Preview Diff

Subscribers