openvas_auth.c File Reference

#include "openvas_auth.h"
#include "openvas_uuid.h"
#include "../base/openvas_file.h"
#include "../base/array.h"
#include <errno.h>
#include <gcrypt.h>
#include <glib/gstdio.h>

Macros
#define	G_LOG_DOMAIN   "lib auth"
	GLib logging domain. More...

Functions
int	openvas_auth_ldap_enabled ()
	Return whether libraries has been compiled with LDAP support. More...
int	openvas_auth_radius_enabled ()
	Return whether libraries has been compiled with RADIUS support. More...
const gchar *	auth_method_name (auth_method_t method)
	Return name of auth_method_t. More...
int	openvas_auth_init ()
	Initializes Gcrypt. More...
void	openvas_auth_tear_down (void)
	Free memory associated to authentication configuration. More...
gchar *	digest_hex (int gcrypt_algorithm, const guchar *digest)
	Generate a hexadecimal representation of a message digest. More...
gchar *	get_password_hashes (int digest_algorithm, const gchar *password)
	Generate a pair of hashes to be used in the OpenVAS "auth/hash" file for the user. More...
int	openvas_authenticate_classic (const gchar *username, const gchar *password, const gchar *hash_arg)
	Authenticate a credential pair against openvas user file contents. More...

Macro Definition Documentation

G_LOG_DOMAIN

#define G_LOG_DOMAIN   "lib auth"

GLib logging domain.

Function Documentation

auth_method_name()

const gchar* auth_method_name

(

auth_method_t

method

)

Return name of auth_method_t.

Keep in sync with authentication_methods and authentication_method .

Parameters

method

Auth method.

Returns

Name of auth method.

digest_hex()

gchar* digest_hex	(	int	gcrypt_algorithm,
		const guchar *	digest
	)

Generate a hexadecimal representation of a message digest.

Parameters

gcrypt_algorithm	The libgcrypt message digest algorithm used to create the digest (e.g. GCRY_MD_MD5; see the enum gcry_md_algos in gcrypt.h).
digest	The binary representation of the digest.

Returns

A pointer to the hexadecimal representation of the message digest or NULL if an unavailable message digest algorithm was selected.

get_password_hashes()

gchar* get_password_hashes	(	int	digest_algorithm,
		const gchar *	password
	)

Generate a pair of hashes to be used in the OpenVAS "auth/hash" file for the user.

The "auth/hash" file consist of two hashes, h_1 and h_2. h_2 (the "seed") is the message digest of (currently) 256 bytes of random data. h_1 is the message digest of h_2 concatenated with the password in plaintext.

The current implementation was taken from the openvas-adduser shell script provided with openvas-server.

Parameters

digest_algorithm	The libgcrypt message digest algorithm used to create the digest (e.g. GCRY_MD_MD5; see the enum gcry_md_algos in gcrypt.h)
password	The password in plaintext.

Returns

A pointer to a gchar containing the two hashes separated by a space or NULL if an unavailable message digest algorithm was selected.

openvas_auth_init()

int openvas_auth_init

(

)

Initializes Gcrypt.

Returns

0 success, -1 error.

openvas_auth_ldap_enabled()

int openvas_auth_ldap_enabled

(

)

Return whether libraries has been compiled with LDAP support.

Returns

1 if enabled, else 0.

openvas_auth_radius_enabled()

int openvas_auth_radius_enabled

(

)

Return whether libraries has been compiled with RADIUS support.

Returns

1 if enabled, else 0.

openvas_auth_tear_down()

void openvas_auth_tear_down

(

void

)

Free memory associated to authentication configuration.

This will have no effect if openvas_auth_init was not called.

Todo:

Close memleak, destroy list and content.

openvas_authenticate_classic()

int openvas_authenticate_classic	(	const gchar *	username,
		const gchar *	password,
		const gchar *	hash_arg
	)

Authenticate a credential pair against openvas user file contents.

Parameters

username	Username.
password	Password.
hash_arg	Hash.

Returns

0 authentication success, 1 authentication failure, -1 error.