LTSP5

Merge lp:~bennabiy/ltsp/ldm-hashing into lp:~ltsp-upstream/ltsp/ldm-trunk

  1. ldm-hashing
  2. Merge into ldm-trunk
Proposed by ben-Nabiy Derush
Status: Merged
Merge reported by: Vagrant Cascadian
Merged at revision: not available
Proposed branch: lp:~bennabiy/ltsp/ldm-hashing
Merge into: lp:~ltsp-upstream/ltsp/ldm-trunk
Diff against target: 161 lines (+86/-3)
5 files modified
src/ldminfo.c (+21/-0)
src/ldminfo.h (+1/-0)
src/plugins/ssh/Makefile.am (+1/-1)
src/plugins/ssh/ssh.c (+62/-2)
src/plugins/ssh/ssh.h (+1/-0)
To merge this branch: bzr merge lp:~bennabiy/ltsp/ldm-hashing
Reviewer Review Type Date Requested Status
Vagrant Cascadian Pending
Review via email: mp+228560@code.launchpad.net

Description of the change

Allows for passwords to work in fat client / localapps to allow screen locking and such.

To post a comment you must log in.
lp:~bennabiy/ltsp/ldm-hashing updated
1553. By ben-Nabiy Derush

updated ssh.c to reflect a static file written to at /var/cache/ltsp/shadow.sed

1554. By ben-Nabiy Derush

Adjusted to static location for sed file, and not running hash in an insecure way.
removes hash file unconditionally.

1555. By ben-Nabiy Derush

Patched to allow environment variable LDM_PASSWORD_HASH to opt out

1556. By ben-Nabiy Derush

bug fix

1557. By ben-Nabiy Derush

Removed rc.d script and moved its contents to LTSP script X01-localapps

Added new function ldm_getenv_bool_default which allows for default value
to be passed to function if NULL value received from getenv().

modified ssh.c to reflect that.

1558. By ben-Nabiy Derush

Changed to opt-in rather than opt-out

1559. By ben-Nabiy Derush

Modified logging to reflect opt-in nature

1560. By ben-Nabiy Derush

Adjusting logging, cleaned up code a little.

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
=== modified file 'src/ldminfo.c'
--- src/ldminfo.c 2014-07-28 12:26:38 +0000
+++ src/ldminfo.c 2014-07-31 15:40:54 +0000
@@ -276,6 +276,27 @@
276}276}
277277
278/*278/*
279 * ldm_getenv_bool_default
280 * Return if env variable is set to true or false
281 * name -- env. variable name
282 * default_value -- int to return as default [0,1]
283 */
284int
285ldm_getenv_bool_default(const char *name, const int default_value)
286{
287 char *env = getenv(name);
288
289 if (env != NULL) {
290 if (*env == 'y' || *env == 't' || *env == 'T' || *env == 'Y') {
291 return 1;
292 } else {
293 return 0;
294 }
295 }
296 return default_value;
297}
298
299/*
279 * ldm_getenv_int300 * ldm_getenv_int
280 * Return an int, will return default_value if not set301 * Return an int, will return default_value if not set
281 */302 */
282303
=== modified file 'src/ldminfo.h'
--- src/ldminfo.h 2012-08-21 14:33:07 +0000
+++ src/ldminfo.h 2014-07-31 15:40:54 +0000
@@ -45,6 +45,7 @@
45void _ldminfo_parse_string(const char *s, ldminfo * ldm_host_info);45void _ldminfo_parse_string(const char *s, ldminfo * ldm_host_info);
4646
47int ldm_getenv_bool(const char *name);47int ldm_getenv_bool(const char *name);
48int ldm_getenv_bool_default(const char *name, const int default_value);
48int ldm_getenv_int(const char *name, int default_value);49int ldm_getenv_int(const char *name, int default_value);
4950
50ldminfo *ldminfo_lookup(gconstpointer key);51ldminfo *ldminfo_lookup(gconstpointer key);
5152
=== modified file 'src/plugins/ssh/Makefile.am'
--- src/plugins/ssh/Makefile.am 2011-05-20 08:59:08 +0000
+++ src/plugins/ssh/Makefile.am 2014-07-31 15:40:54 +0000
@@ -3,5 +3,5 @@
33
4libssh_la_CFLAGS = $(GLIB_CFLAGS) $(GOBJECT_CFLAGS)4libssh_la_CFLAGS = $(GLIB_CFLAGS) $(GOBJECT_CFLAGS)
55
6libssh_la_LDFLAGS = $(GLIB_LIBS) $(GOBJECT_LIBS)6libssh_la_LDFLAGS = -lcrypt $(GLIB_LIBS) $(GOBJECT_LIBS)
7libssh_la_SOURCES = ssh.c7libssh_la_SOURCES = ssh.c
88
=== modified file 'src/plugins/ssh/ssh.c'
--- src/plugins/ssh/ssh.c 2014-07-28 12:27:09 +0000
+++ src/plugins/ssh/ssh.c 2014-07-31 15:40:54 +0000
@@ -16,6 +16,7 @@
16#include <sys/ioctl.h>16#include <sys/ioctl.h>
17#include <sys/stat.h>17#include <sys/stat.h>
18#include <utmp.h>18#include <utmp.h>
19#include <crypt.h>
1920
20#include "../../ldm.h"21#include "../../ldm.h"
21#include "../../ldmutils.h"22#include "../../ldmutils.h"
@@ -125,6 +126,9 @@
125 log_entry("ssh", 6, "calling rc.d start scripts");126 log_entry("ssh", 6, "calling rc.d start scripts");
126 rc_files("start"); /* Execute any rc files */127 rc_files("start"); /* Execute any rc files */
127128
129 /* ssh_hashpass - Defaults to opt-in (Must set LDM_PASSWORD_HASH to true) */
130 ssh_hashpass();
131
128 log_entry("ssh", 6, "starting X session");132 log_entry("ssh", 6, "starting X session");
129 set_session_env(sshinfo->xsession, sshinfo->session);133 set_session_env(sshinfo->xsession, sshinfo->session);
130}134}
@@ -384,8 +388,7 @@
384 /* We might have a : in the data, we're looking for :'s at the388 /* We might have a : in the data, we're looking for :'s at the
385 end of the line */389 end of the line */
386 if (seen == 0) {390 if (seen == 0) {
387 g_free(sshinfo->password);391 /* Freed in ssh_hashpass */
388 sshinfo->password = NULL;
389 return;392 return;
390 } else if (seen == 1) {393 } else if (seen == 1) {
391 int i;394 int i;
@@ -485,6 +488,63 @@
485 }488 }
486}489}
487490
491/*
492 * ssh_hashpass()
493 * Set up password has for client /etc/shadow using /dev/urandom
494 * rather than g_rand() due to developer recommendations at:
495 * https://developer.gnome.org/glib/stable/glib-Random-Numbers.html
496 */
497void
498ssh_hashpass(void)
499{
500 FILE *rand_fp;
501 FILE *shad_fp;
502 gchar salt[] = "$6$...............$";
503 gchar buf[16];
504 const gchar seedchars[] =
505 "./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz";
506 gchar *shadowentry;
507 const gchar hashloc[] = "/var/cache/ltsp/shadow.sed";
508 size_t i = 0;
509 gchar ldmenv[] = "LDM_PASSWORD_HASH";
510 size_t ldm_hash_default = 0; /* Default to false */
511 if (ldm_getenv_bool_default(ldmenv, ldm_hash_default))
512 {
513 log_entry("hashpass", 6, "LDM_PASSWORD_HASH set to true, setting hash");
514 rand_fp = fopen("/dev/urandom", "r");
515 if (rand_fp == NULL) {
516 log_entry("hashpass", 7, "Unable to read from /dev/urandom");
517 }
518 fread(buf, sizeof buf, 1, rand_fp);
519 fclose(rand_fp);
520 for (; i < sizeof buf; i++) {
521 salt[3 + i] = seedchars[buf[i] % (sizeof seedchars - 1)];
522 }
523 shadowentry = crypt(sshinfo->password, salt);
524 log_entry("hashpass", 6, "hash created");
525 /* generate dynamic file for writing hash to.
526 * Will remove anything in its way.
527 * This will be removed during rc.d script run.
528 */
529 shad_fp = fopen(hashloc, "w");
530 if (shad_fp == NULL) {
531 log_entry("hashpass", 7, "Unable to open %s for hash entry.",
532 hashloc);
533 }
534 fprintf(shad_fp,
535 "# Generated by LTSP, to be used by X01-localapps-ldm\n$s:!:%s:",
536 shadowentry);
537 fclose(shad_fp);
538 log_entry("hashpass", 6, "Freeing password as promised.");
539 }
540 else
541 {
542 log_entry("hashpass", 6, "LDM_PASSWORD_HASH set to FALSE or unset, skipping hash function");
543 }
544 g_free(sshinfo->password);
545 sshinfo->password = NULL;
546}
547
488void *548void *
489eater()549eater()
490{550{
491551
=== modified file 'src/plugins/ssh/ssh.h'
--- src/plugins/ssh/ssh.h 2013-01-08 16:59:26 +0000
+++ src/plugins/ssh/ssh.h 2014-07-31 15:40:54 +0000
@@ -29,6 +29,7 @@
29void ssh_endsession(void);29void ssh_endsession(void);
30void ssh_session(void);30void ssh_session(void);
31void ssh_tty_init();31void ssh_tty_init();
32void ssh_hashpass(void);
3233
33int expect(int, char*,int,...);34int expect(int, char*,int,...);
3435

Subscribers

People subscribed via source and target branches