Kagera
/
sessmgr
2
0
Fork 0
Code Issues 0 Pull Requests 0 Releases 0 Wiki Activity
Kagera Session Manager
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
4 Commits
1 Branch
108 KiB
Tree: 27b78ae986
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '27b78ae986'
${ noResults }
sessmgr/sessmgr.c

302 lines
7.0 KiB
Raw Normal View History

Initial import
7 years ago
update to v1.31
7 years ago
Initial import
7 years ago
update to v1.31
7 years ago
Initial import
7 years ago
update to v1.31
7 years ago
Initial import
7 years ago
update to v1.31
7 years ago
Initial import
7 years ago
update to v1.31
7 years ago
Initial import
7 years ago
update to v1.31
7 years ago
Initial import
7 years ago
update to v1.31
7 years ago
Initial import
7 years ago
update to v1.31
7 years ago
Initial import
7 years ago
update to v1.31
7 years ago
Initial import
7 years ago
update to v1.31
7 years ago
Initial import
7 years ago
update to v1.31
7 years ago
Initial import
7 years ago
update to v1.31
7 years ago
Initial import
7 years ago
update to v1.31
7 years ago
Initial import
7 years ago
update to v1.31
7 years ago
Initial import
7 years ago
 
  1. /**

  2.  * @PROJECT			Session Manager
  3.  * @COPYRIGHT		See COPYING in the top level directory
  4.  * @FILE			sessmgr.h
  5.  * @PURPOSE			WebUI session manager
  6.  * @DEVELOPERS		Eric Bishop <eric@gargoyle-router.com>
  7.  *					Rafal Kupiec <belliash@asiotec.eu.org>
  8.  */
  9. 

  10. #include <stdio.h>

  11. #include <stdlib.h>

  12. #include <string.h>

  13. #include <unistd.h>

  14. #include <stdarg.h>

  15. #include <time.h>

  16. #include <pwd.h>

  17. #ifdef USE_SHADOW

  18. 	#include <shadow.h>

  19. #endif

  20. 

  21. #include "sessmgr.h"

  22. #include "sha256.h"

  23. 

  24. 

  25. char* get_admin_hash(const char* username) {
  26. 	char* admin_hash = NULL;
  27. 

  28. 	if(username) {
  29. #ifdef USE_SHADOW

  30. 		struct spwd* pw;
  31. 		if((pw = getspnam(username)) != NULL) {
  32. 			admin_hash = strdup(pw->sp_pwdp);
  33. 		}
  34. #else

  35. 		struct passwd* pw;
  36. 		if((pw = getpwnam(username)) != NULL) {
  37. 			admin_hash = strdup(pw->pw_passwd);
  38. 		}
  39. #endif

  40. 	}
  41. 	return admin_hash;
  42. }
  43. 

  44. char* get_cookie_time(time_t t) {
  45. 	struct tm* utc = gmtime(&t);
  46. 	char wday[4];
  47. 	char month[4];
  48. 	switch(utc->tm_wday) {
  49. 		case 0:
  50. 			sprintf(wday, "Sun");
  51. 			break;
  52. 		case 1:
  53. 			sprintf(wday, "Mon");
  54. 			break;
  55. 		case 2:
  56. 			sprintf(wday, "Tue");
  57. 			break;
  58. 		case 3:
  59. 			sprintf(wday, "Wed");
  60. 			break;
  61. 		case 4:
  62. 			sprintf(wday, "Thu");
  63. 			break;
  64. 		case 5:
  65. 			sprintf(wday, "Fri");
  66. 			break;
  67. 		case 6:
  68. 			sprintf(wday, "Sat");
  69. 			break;
  70. 		}
  71. 	switch(utc->tm_mon) {
  72. 		case 0:
  73. 			sprintf(month, "Jan");
  74. 			break;
  75. 		case 1:
  76. 			sprintf(month, "Feb");
  77. 			break;
  78. 		case 2:
  79. 			sprintf(month, "Mar");
  80. 			break;
  81. 		case 3:
  82. 			sprintf(month, "Apr");
  83. 			break;
  84. 		case 4:
  85. 			sprintf(month, "May");
  86. 			break;
  87. 		case 5:
  88. 			sprintf(month, "Jun");
  89. 			break;
  90. 		case 6:
  91. 			sprintf(month, "Jul");
  92. 			break;
  93. 		case 7:
  94. 			sprintf(month, "Aug");
  95. 			break;
  96. 		case 8:
  97. 			sprintf(month, "Sep");
  98. 			break;
  99. 		case 9:
  100. 			sprintf(month, "Oct");
  101. 			break;
  102. 		case 10:
  103. 			sprintf(month, "Nov");
  104. 			break;
  105. 		case 11:
  106. 			sprintf(month, "Dec");
  107. 			break;
  108. 	}
  109. 	char utc_str[200];
  110. 	sprintf(utc_str, "%s, %d %s %d %02d:%02d:%02d UTC", wday, utc->tm_mday, month, (utc->tm_year + 1900), utc->tm_hour, utc->tm_min, utc->tm_sec);
  111. 	return safe_strdup(utc_str);
  112. }
  113. 

  114. int main(int argc, char **argv) {
  115. 	char *password = NULL;
  116. 	char *username = NULL;
  117. 	char *cookie_hash = NULL;
  118. 	char *cookie_exp = NULL;
  119. 	char *user_agent = NULL;
  120. 	char *src_ip = NULL;
  121. 	char *redirect = NULL;
  122. 	int timeout_minutes = DEFAULT_SESSION_TIMEOUT;
  123. 	unsigned long browser_time = 0;
  124. 	int loggedout = 0;
  125. 	int next_opt;
  126. 	int read;
  127. 

  128. 	while((next_opt = getopt(argc, argv, "p:P:u:U:c:C:e:E:a:A:i:I:r:R:t:T:b:B:lL")) != -1) {	
  129. 		switch(next_opt) {
  130. 			case 'p':
  131. 			case 'P':
  132. 				password = safe_strdup(optarg);
  133. 				break;
  134. 			case 'u':
  135. 			case 'U':
  136. 				username = safe_strdup(optarg);
  137. 				break;
  138. 			case 'c':
  139. 			case 'C':
  140. 				cookie_hash = safe_strdup(optarg);
  141. 				break;
  142. 			case 'e':
  143. 			case 'E':
  144. 				cookie_exp = safe_strdup(optarg);
  145. 				break;
  146. 			case 'a':
  147. 			case 'A':
  148. 				user_agent = safe_strdup(optarg);
  149. 				break;
  150. 			case 'i':
  151. 			case 'I':
  152. 				src_ip = safe_strdup(optarg);
  153. 				break;
  154. 			case 'r':
  155. 			case 'R':
  156. 				redirect = safe_strdup(optarg);
  157. 				break;
  158. 			case 't':
  159. 			case 'T':
  160. 				read = sscanf(optarg, "%d", &timeout_minutes);
  161. 				if(read > 0) {
  162. 					timeout_minutes = timeout_minutes > 0 ? timeout_minutes : DEFAULT_SESSION_TIMEOUT;
  163. 				} else {
  164. 					timeout_minutes = DEFAULT_SESSION_TIMEOUT;
  165. 				}
  166. 				timeout_minutes *= 60;
  167. 				break;
  168. 			case 'b':
  169. 			case 'B':
  170. 				read = sscanf(optarg, "%ld", &browser_time);
  171. 				browser_time = read > 0 ? browser_time : 0;
  172. 				break;
  173. 			case 'l':
  174. 			case 'L':
  175. 				loggedout = 1;
  176. 				break;
  177. 		}
  178. 	}
  179. 

  180. 	int expired = 0;
  181. 	int valid = 0;
  182. 	char* admin_hash = get_admin_hash(username);
  183. 	if(loggedout == 1) {
  184. 		printf("echo \"Set-Cookie:kagera_sid=loggedout;\"; echo \"Set-Cookie:kagera_usr=loggedout;\"; ");
  185. 	} else if(admin_hash != NULL) {
  186. 		time_t now;
  187. 		time(&now);
  188. 		if(password != NULL) {
  189. 			valid = strcmp(crypt(password, admin_hash), admin_hash) == 0 ? 1 : 0;
  190. 			if(valid) {
  191. 				printf("logger -t webui \"Kagera Administration Interface authorization succeeded from ${REMOTE_ADDR}\"; ");
  192. 			}
  193. 		} else if(cookie_hash != NULL && cookie_exp != NULL && user_agent != NULL && src_ip != NULL) {
  194. 			time_t exp_time;
  195. 			int read = sscanf(cookie_exp, "%ld", &exp_time);
  196. 			if(read > 0) {
  197. 				expired = 1;
  198. 				if(exp_time > now && (exp_time - (timeout_minutes) - 2) <= now) {
  199. 					expired = 0;
  200. 				}
  201. 			}
  202. 			char *combined = safe_strcat(4, admin_hash, cookie_exp, user_agent, src_ip);
  203. 			char* hashed = get_sha256_hash_hex_str(combined);
  204. 			if(strcmp(hashed, cookie_hash) == 0) {
  205. 				if(expired == 0 && read > 0) {
  206. 					valid = 1;
  207. 				}
  208. 			} else {
  209. 				expired = 0;
  210. 			}
  211. 			free(hashed);
  212. 			free(combined);
  213. 		}
  214. 		if(valid == 1 && src_ip != NULL && user_agent != NULL) {
  215. 			char* new_hash;
  216. 			char* combined;
  217. 			char new_exp[100] = "";
  218. 			time_t new_exp_t = now + (timeout_minutes);
  219. 			sprintf(new_exp, "%ld", new_exp_t);
  220. 			char* cookie_exp;
  221. 			if(browser_time > 0 && ((browser_time - now) < (-5*60) || (browser_time - now) > (5*60))) {
  222. 				time_t cookie_exp_t = browser_time+(timeout_minutes);
  223. 				cookie_exp = get_cookie_time(cookie_exp_t);
  224. 			} else {
  225. 				cookie_exp = get_cookie_time(new_exp_t);
  226. 			}
  227. 			combined = safe_strcat(4, admin_hash, new_exp, user_agent, src_ip);
  228. 			new_hash = get_sha256_hash_hex_str(combined);
  229. 			if(browser_time == 0) {
  230. 				printf("echo \"Set-Cookie:kagera_sid=%s; Path=/;\"; echo \"Set-Cookie:kagera_usr=%s; Path=/;\"; echo \"Set-Cookie:kagera_exp=%s; Path=/;\"; ", new_hash, username, new_exp);
  231. 			} else {
  232. 				printf("echo \"Set-Cookie:kagera_sid=%s; Expires=%s; Path=/;\"; echo \"Set-Cookie:kagera_usr=%s; Expires=%s; Path=/;\"; echo \"Set-Cookie:kagera_exp=%s; Expires=%s; Path=/;\"; ", new_hash, cookie_exp, username, cookie_exp, new_exp, cookie_exp);
  233. 			}
  234. 			free(new_hash);
  235. 			free(combined);
  236. 			free(cookie_exp);
  237. 			printf("VALIDSESS=1\n");
  238. 		}
  239. 		free(admin_hash);
  240. 	}
  241. 	if(redirect != NULL) {
  242. 		char str[20] = "";
  243. 		if(expired == 1) {
  244. 			sprintf(str, "&expired=1");
  245. 		} else if(loggedout == 1) {
  246. 			sprintf(str, "&loggedout=1");
  247. 		}
  248. 		printf("echo \"HTTP/1.1 301 Moved Permanently;\"; echo \"Location: %s%s\"; exit", redirect, str);
  249. 	}
  250. 	return 0;
  251. }
  252. 

  253. void* safe_malloc(size_t size) {
  254. 	void* val = malloc(size);
  255. 	if(val == NULL) {
  256. 		fprintf(stderr, "ERROR: MALLOC FAILURE!\n");
  257. 		exit(1);
  258. 	}
  259. 	return val;
  260. }
  261. 

  262. char* safe_strcat(int num_strs, ...) {
  263. 	va_list strs;
  264. 	int new_length = 0;
  265. 	int i;
  266. 	int next_start;
  267. 	char* new_str;
  268. 

  269. 	va_start(strs, num_strs);
  270. 	for(i=0; i < num_strs; i++) {
  271. 		char* next_arg = va_arg(strs, char*);
  272. 		if(next_arg != NULL) {
  273. 			new_length = new_length + strlen(next_arg);
  274. 		}
  275. 	}
  276. 	va_end(strs);
  277. 	new_str = safe_malloc((1 + new_length) * sizeof(char));
  278. 	va_start(strs, num_strs);
  279. 	next_start = 0;
  280. 	for(i=0; i < num_strs; i++) {
  281. 		char* next_arg = va_arg(strs, char*);
  282. 		if(next_arg != NULL) {
  283. 			int next_length = strlen(next_arg);
  284. 			memcpy(new_str+next_start,next_arg, next_length);
  285. 			next_start = next_start+next_length;
  286. 		}
  287. 	}
  288. 	new_str[next_start] = '\0';
  289. 	return new_str;
  290. }
  291. 

  292. char* safe_strdup(const char* str) {
  293. 	char* new_str = NULL;
  294. 	if(str != NULL) {
  295. 		new_str = strdup(str);
  296. 		if(new_str == NULL) {
  297. 			fprintf(stderr, "ERROR: MALLOC FAILURE!\n");
  298. 			exit(1);
  299. 		}
  300. 	}
  301. 	return new_str;
  302. }