35 #include "../base/openvas_file.h" 36 #include "../base/array.h" 40 #include <glib/gstdio.h> 46 #define G_LOG_DOMAIN "lib auth" 53 static const gchar *authentication_methods[] = {
"file",
59 static gboolean initialized = FALSE;
69 #ifdef ENABLE_LDAP_AUTH 84 #ifdef ENABLE_RADIUS_AUTH 106 return authentication_methods[method];
117 if (initialized == TRUE)
119 g_warning (
"openvas_auth_init called a second time.");
129 if (!gcry_check_version (NULL))
131 g_critical (
"%s: libgcrypt version check failed\n", __FUNCTION__);
137 gcry_control (GCRYCTL_SUSPEND_SECMEM_WARN);
145 gcry_control (GCRYCTL_INIT_SECMEM, 16384, 0);
149 gcry_control (GCRYCTL_RESUME_SECMEM_WARN);
154 gcry_control (GCRYCTL_INITIALIZATION_FINISHED, 0);
189 gcry_error_t
err = gcry_md_test_algo (gcrypt_algorithm);
192 g_warning (
"Could not select gcrypt algorithm: %s", gcry_strerror (
err));
196 hex = g_malloc0 (gcry_md_get_algo_dlen (gcrypt_algorithm) * 2 + 1);
197 for (i = 0; i < gcry_md_get_algo_dlen (gcrypt_algorithm); i++)
199 g_snprintf (hex + i * 2, 3,
"%02x", digest[i]);
227 gcry_error_t
err = gcry_md_test_algo (digest_algorithm);
230 g_warning (
"Could not select gcrypt algorithm: %s", gcry_strerror (
err));
236 unsigned char *nonce_buffer[256];
237 guchar *seed = g_malloc0 (gcry_md_get_algo_dlen (digest_algorithm));
238 gchar *seed_hex = NULL;
239 gchar *seed_pass = NULL;
240 guchar *hash = g_malloc0 (gcry_md_get_algo_dlen (digest_algorithm));
241 gchar *hash_hex = NULL;
242 gchar *hashes_out = NULL;
244 gcry_create_nonce (nonce_buffer, 256);
245 gcry_md_hash_buffer (digest_algorithm, seed, nonce_buffer, 256);
246 seed_hex =
digest_hex (digest_algorithm, seed);
247 seed_pass = g_strconcat (seed_hex, password, NULL);
248 gcry_md_hash_buffer (digest_algorithm, hash, seed_pass, strlen (seed_pass));
249 hash_hex =
digest_hex (digest_algorithm, hash);
251 hashes_out = g_strjoin (
" ", hash_hex, seed_hex, NULL);
273 const gchar *hash_arg)
275 int gcrypt_algorithm = GCRY_MD_MD5;
277 gchar *actual, *expect, *seed_pass;
279 gchar *hash_hex, **seed_hex, **split;
282 if (hash_arg == NULL)
284 actual = g_strdup (hash_arg);
286 split = g_strsplit_set (g_strchomp (actual),
" ", 2);
287 seed_hex = split + 1;
288 if (*split == NULL || *seed_hex == NULL)
290 g_warning (
"Failed to split auth contents.");
296 seed_pass = g_strconcat (*seed_hex, password, NULL);
297 hash = g_malloc0 (gcry_md_get_algo_dlen (gcrypt_algorithm));
298 gcry_md_hash_buffer (GCRY_MD_MD5, hash, seed_pass, strlen (seed_pass));
301 expect = g_strjoin (
" ", hash_hex, *seed_hex, NULL);
308 ret = strcmp (expect, actual) ? 1 : 0;
int openvas_auth_init()
Initializes Gcrypt.
const gchar * auth_method_name(auth_method_t method)
Return name of auth_method_t.
void openvas_auth_tear_down(void)
Free memory associated to authentication configuration.
gchar * get_password_hashes(int digest_algorithm, const gchar *password)
Generate a pair of hashes to be used in the OpenVAS "auth/hash" file for the user.
int openvas_auth_ldap_enabled()
Return whether libraries has been compiled with LDAP support.
gchar * digest_hex(int gcrypt_algorithm, const guchar *digest)
Generate a hexadecimal representation of a message digest.
enum authentication_method auth_method_t
Type for the numerical representation of the supported.
int openvas_authenticate_classic(const gchar *username, const gchar *password, const gchar *hash_arg)
Authenticate a credential pair against openvas user file contents.
int openvas_auth_radius_enabled()
Return whether libraries has been compiled with RADIUS support.