From: Armaan Bhojwani Date: Sun, 4 Apr 2021 01:20:55 +0000 (-0400) Subject: Add basic insult capability X-Git-Tag: v6.9~5 X-Git-Url: https://git.armaanb.net/?p=opendoas.git;a=commitdiff_plain;h=edb30a0b44cff296d3e948a38a99d425201a8f2e Add basic insult capability --- diff --git a/configure b/configure index 1f92f01..43a76e9 100755 --- a/configure +++ b/configure @@ -28,6 +28,8 @@ usage: configure [options] --with-timestamp enable timestamp support + --without-kiss-insults disable kiss insults + --uid-max=NUM set UID_MAX (default 65535) --gid-max=NUM set GID_MAX (default 65535) @@ -38,6 +40,7 @@ EOF # defaults WITHOUT_TIMESTAMP=yes +WITHOUT_KISS_INSULTS="" UID_MAX=65535 GID_MAX=65535 @@ -60,6 +63,7 @@ for x; do --with-shadow) WITHOUT_SHADOW=; WITHOUT_PAM=yes ;; --without-pam) WITHOUT_PAM=yes ;; --without-shadow) WITHOUT_SHADOW=yes ;; + --without-kiss-insults) WITHOUT_KISS_INSULTS=yes ;; --with-timestamp) WITHOUT_TIMESTAMP= ;; --without-timestamp) WITHOUT_TIMESTAMP=yes ;; --uid-max) UID_MAX=$var ;; @@ -221,6 +225,15 @@ int main(void) { return 1 } +definsults() { + printf 'SRCS += insults.c\n' >>$CONFIG_MK + [ "$WITHOUT_KISS_INSULTS" ] && { + printf 'Not using KISS insults' + return 0 + } +} + + persistmethod() { [ -z "$WITHOUT_TIMESTAMP" ] && { printf '#define USE_TIMESTAMP\n' >>$CONFIG_H @@ -549,6 +562,8 @@ else exit 1 fi +insults=$(definsults) + persist=$(persistmethod) if [ $? -eq 0 ]; then printf 'Using persist method\t\t\t%s.\n' "$persist" >&2 diff --git a/doas.c b/doas.c index ac3a42a..eb9c47a 100644 --- a/doas.c +++ b/doas.c @@ -35,6 +35,7 @@ #include #include #include +#include #include "openbsd.h" #include "doas.h" @@ -235,6 +236,13 @@ mygetpwuid_r(uid_t uid, struct passwd *pwd, struct passwd **result) return rv; } +void +authfail(void) +{ + printf("%s\n", getinsult()); + errx(1, "Authentication failed"); +} + int main(int argc, char **argv) { diff --git a/doas.h b/doas.h index a8aa41b..1e9a0e5 100644 --- a/doas.h +++ b/doas.h @@ -57,3 +57,6 @@ int timestamp_open(int *, int); int timestamp_set(int, int); int timestamp_clear(void); #endif + +const char * getinsult(void); +void authfail(void); diff --git a/insults.c b/insults.c new file mode 100644 index 0000000..4a49390 --- /dev/null +++ b/insults.c @@ -0,0 +1,92 @@ +#include +#include + +char *insults[] = { + + /* + * These insults were stolen from the Sudo project. + * The copyright header on those files states: + * ISC license + * Copyright (c) 1996-2018Todd C. Miller + */ + + "Just what do you think you're doing Dave?", + "It can only be attributed to human error.", + "That's something I cannot allow to happen.", + "My mind is going. I can feel it.", + "Sorry about this, I know it's a bit silly.", + "Take a stress pill and think things over.", + "This mission is too important for me to allow you to jeopardize it.", + "I feel much better now.", + "Wrong! You cheating scum!", + "And you call yourself a Rocket Scientist!", + "No soap, honkie-lips.", + "Where did you learn to type?", + "Are you on drugs?", + "My pet ferret can type better than you!", + "You type like i drive.", + "Do you think like you type?", + "Your mind just hasn't been the same since the electro-shock, has it?", + "Maybe if you used more than just two fingers...", + "BOB says: You seem to have forgotten your passwd, enter another!", + "stty: unknown mode: doofus", + "I can't hear you -- I'm using the scrambler.", + "The more you drive -- the dumber you get.", + "Listen, broccoli brains, I don't have time to listen to this trash.", + "I've seen penguins that can type better than that.", + "Have you considered trying to match wits with a rutabaga?", + "You speak an infinite deal of nothing", + "You silly, twisted boy you.", + "He has fallen in the water!", + "We'll all be murdered in our beds!", + "You can't come in. Our tiger has got flu", + "I don't wish to know that.", + "What, what, what, what, what, what, what, what, what, what?", + "You can't get the wood, you know.", + "You'll starve!", + "... and it used to be so popular...", + "Pauses for audience applause, not a sausage", + "Hold it up to the light --- not a brain in sight!", + "Have a gorilla...", + "There must be cure for it!", + "There's a lot of it about, you know.", + "You do that again and see what happens...", + "Ying Tong Iddle I Po", + "Harm can come to a young lad like that!", + "And with that remarks folks, the case of the Crown vs yourself was proven.", + "Speak English you fool --- there are no subtitles in this scene.", + "You gotta go owwwww!", + "I have been called worse.", + "It's only your word against mine.", + "I think ... err ... I think ... I think I'll go home", + "That is no basis for supreme executive power!", + "You empty-headed animal food trough wiper!", + "I fart in your general direction!", + "Your mother was a hamster and your father smelt of elderberries!", + "You must cut down the mightiest tree in the forest... with... a herring!", + "I wave my private parts at your aunties!", + "He's not the Messiah, he's a very naughty boy!", + "I wish to make a complaint.", + "When you're walking home tonight, and some homicidal maniac comes after you with a bunch of loganberries, don't come crying to me!", + "This man, he doesn't know when he's beaten! He doesn't know when he's winning, either. He has no... sort of... sensory apparatus...", + "There's nothing wrong with you that an expensive operation can't prolong.", + "I'm very sorry, but I'm not allowed to argue unless you've paid.", + +#ifndef DOAS_INSULTS_KISS +#define DOAS_INSULTS_KISS + + /* + * Insults from the KISS Linux community + */ + + "", + +#endif +}; + +const char * +getinsult(void) +{ + srand(time(NULL)); + return (insults[rand() % (sizeof(insults) / sizeof(insults[0]))]); +} diff --git a/pam.c b/pam.c index a9e2036..01f82b3 100644 --- a/pam.c +++ b/pam.c @@ -39,6 +39,7 @@ #include "openbsd.h" #include "doas.h" +#include "insults.h" #ifndef HOST_NAME_MAX #define HOST_NAME_MAX _POSIX_HOST_NAME_MAX @@ -245,7 +246,7 @@ pamauth(const char *user, const char *myname, int interactive, int nopass, int p #endif if (!user || !myname) - errx(1, "Authentication failed"); + authfail(); ret = pam_start(PAM_SERVICE_NAME, myname, &conv, &pamh); if (ret != PAM_SUCCESS) @@ -277,7 +278,7 @@ pamauth(const char *user, const char *myname, int interactive, int nopass, int p if (!nopass) { if (!interactive) - errx(1, "Authentication required"); + authfail(); /* doas style prompt for pam */ char host[HOST_NAME_MAX + 1]; @@ -291,7 +292,7 @@ pamauth(const char *user, const char *myname, int interactive, int nopass, int p if (ret != PAM_SUCCESS) { pamcleanup(ret, sess, cred); syslog(LOG_AUTHPRIV | LOG_NOTICE, "failed auth for %s", myname); - errx(1, "Authentication failed"); + authfail(); } } @@ -304,7 +305,7 @@ pamauth(const char *user, const char *myname, int interactive, int nopass, int p if (ret != PAM_SUCCESS) { pamcleanup(ret, sess, cred); syslog(LOG_AUTHPRIV | LOG_NOTICE, "failed auth for %s", myname); - errx(1, "Authentication failed"); + authfail(); } /* set PAM_USER to the user we want to be */ diff --git a/shadow.c b/shadow.c index 2569b58..45ac58d 100644 --- a/shadow.c +++ b/shadow.c @@ -67,11 +67,12 @@ shadowauth(const char *myname, int persist) hash = pw->pw_passwd; if (hash[0] == 'x' && hash[1] == '\0') { struct spwd *sp; - if ((sp = getspnam(myname)) == NULL) - errx(1, "Authentication failed"); + if ((sp = getspnam(myname)) == NULL) { + authfail(); + } hash = sp->sp_pwdp; } else if (hash[0] != '*') { - errx(1, "Authentication failed"); + authfail(); } char host[HOST_NAME_MAX + 1]; @@ -91,12 +92,13 @@ shadowauth(const char *myname, int persist) err(1, "readpassphrase"); if ((encrypted = crypt(response, hash)) == NULL) { explicit_bzero(rbuf, sizeof(rbuf)); - errx(1, "Authentication failed"); + printf(getinsult()); + authfail(); } explicit_bzero(rbuf, sizeof(rbuf)); if (strcmp(encrypted, hash) != 0) { syslog(LOG_AUTHPRIV | LOG_NOTICE, "failed auth for %s", myname); - errx(1, "Authentication failed"); + authfail(); } #ifdef USE_TIMESTAMP