|
|
@ -11,13 +11,36 @@ |
|
|
|
#include <stdlib.h> |
|
|
|
#include <string.h> |
|
|
|
#include <unistd.h> |
|
|
|
#include <pwd.h> |
|
|
|
#include <stdarg.h> |
|
|
|
#include <time.h> |
|
|
|
#include <pwd.h> |
|
|
|
#ifdef USE_SHADOW |
|
|
|
#include <shadow.h> |
|
|
|
#endif |
|
|
|
|
|
|
|
#include "sessmgr.h" |
|
|
|
#include "sha256.h" |
|
|
|
|
|
|
|
|
|
|
|
char* get_admin_hash(const char* username) { |
|
|
|
char* admin_hash = NULL; |
|
|
|
|
|
|
|
if(username) { |
|
|
|
#ifdef USE_SHADOW |
|
|
|
struct spwd* pw; |
|
|
|
if((pw = getspnam(username)) != NULL) { |
|
|
|
admin_hash = strdup(pw->sp_pwdp); |
|
|
|
} |
|
|
|
#else |
|
|
|
struct passwd* pw; |
|
|
|
if((pw = getpwnam(username)) != NULL) { |
|
|
|
admin_hash = strdup(pw->pw_passwd); |
|
|
|
} |
|
|
|
#endif |
|
|
|
} |
|
|
|
return admin_hash; |
|
|
|
} |
|
|
|
|
|
|
|
char* get_cookie_time(time_t t) { |
|
|
|
struct tm* utc = gmtime(&t); |
|
|
|
char wday[4]; |
|
|
@ -88,42 +111,9 @@ char* get_cookie_time(time_t t) { |
|
|
|
return safe_strdup(utc_str); |
|
|
|
} |
|
|
|
|
|
|
|
char* get_root_hash(void) { |
|
|
|
char* root_hash = get_root_hash_from_file("/etc/shadow"); |
|
|
|
if(root_hash == NULL) { |
|
|
|
root_hash = get_root_hash_from_file("/etc/passwd"); |
|
|
|
} |
|
|
|
return root_hash; |
|
|
|
} |
|
|
|
|
|
|
|
char* get_root_hash_from_file(const char* passwd_file) { |
|
|
|
int found = 0; |
|
|
|
FILE *pw = fopen(passwd_file, "r"); |
|
|
|
char* root_hash = NULL; |
|
|
|
if(pw != NULL) { |
|
|
|
char line[512]; |
|
|
|
char* test = fgets(line, 511, pw); |
|
|
|
while(test != NULL && !found) { |
|
|
|
if(strlen(test) > 5) { |
|
|
|
test[4] = '\0'; |
|
|
|
if(strcmp(test, "root") == 0) { |
|
|
|
char* hash_end; |
|
|
|
found = 1; |
|
|
|
test = test + 5; |
|
|
|
hash_end = strchr(test, ':'); |
|
|
|
*hash_end = '\0'; |
|
|
|
root_hash = safe_strdup(test); |
|
|
|
} |
|
|
|
} |
|
|
|
test = fgets(line, 511, pw); |
|
|
|
} |
|
|
|
fclose(pw); |
|
|
|
} |
|
|
|
return root_hash; |
|
|
|
} |
|
|
|
|
|
|
|
int main(int argc, char **argv) { |
|
|
|
char *password = NULL; |
|
|
|
char *username = NULL; |
|
|
|
char *cookie_hash = NULL; |
|
|
|
char *cookie_exp = NULL; |
|
|
|
char *user_agent = NULL; |
|
|
@ -132,16 +122,19 @@ int main(int argc, char **argv) { |
|
|
|
int timeout_minutes = DEFAULT_SESSION_TIMEOUT; |
|
|
|
unsigned long browser_time = 0; |
|
|
|
int loggedout = 0; |
|
|
|
int unconditionally_generate = 0; |
|
|
|
int next_opt; |
|
|
|
int read; |
|
|
|
|
|
|
|
while((next_opt = getopt(argc, argv, "p:P:c:C:e:E:a:A:i:I:r:R:t:T:b:B:lL:gG")) != -1) { |
|
|
|
while((next_opt = getopt(argc, argv, "p:P:u:U:c:C:e:E:a:A:i:I:r:R:t:T:b:B:lL")) != -1) { |
|
|
|
switch(next_opt) { |
|
|
|
case 'p': |
|
|
|
case 'P': |
|
|
|
password = safe_strdup(optarg); |
|
|
|
break; |
|
|
|
case 'u': |
|
|
|
case 'U': |
|
|
|
username = safe_strdup(optarg); |
|
|
|
break; |
|
|
|
case 'c': |
|
|
|
case 'C': |
|
|
|
cookie_hash = safe_strdup(optarg); |
|
|
@ -181,23 +174,19 @@ int main(int argc, char **argv) { |
|
|
|
case 'L': |
|
|
|
loggedout = 1; |
|
|
|
break; |
|
|
|
case 'g': |
|
|
|
case 'G': |
|
|
|
unconditionally_generate = 1; |
|
|
|
break; |
|
|
|
} |
|
|
|
} |
|
|
|
|
|
|
|
int expired = 0; |
|
|
|
int valid = 0; |
|
|
|
char* root_hash = get_root_hash(); |
|
|
|
char* admin_hash = get_admin_hash(username); |
|
|
|
if(loggedout == 1) { |
|
|
|
printf("echo \"Set-Cookie:kagera_sid=loggedout;\"; "); |
|
|
|
} else if(root_hash != NULL) { |
|
|
|
printf("echo \"Set-Cookie:kagera_sid=loggedout;\"; echo \"Set-Cookie:kagera_usr=loggedout;\"; "); |
|
|
|
} else if(admin_hash != NULL) { |
|
|
|
time_t now; |
|
|
|
time(&now); |
|
|
|
if(password != NULL) { |
|
|
|
valid = strcmp(crypt(password, root_hash), root_hash) == 0 ? 1 : 0; |
|
|
|
valid = strcmp(crypt(password, admin_hash), admin_hash) == 0 ? 1 : 0; |
|
|
|
if(valid) { |
|
|
|
printf("logger -t webui \"Kagera Administration Interface authorization succeeded from ${REMOTE_ADDR}\"; "); |
|
|
|
} |
|
|
@ -210,7 +199,7 @@ int main(int argc, char **argv) { |
|
|
|
expired = 0; |
|
|
|
} |
|
|
|
} |
|
|
|
char *combined = safe_strcat(4, root_hash, cookie_exp, user_agent, src_ip); |
|
|
|
char *combined = safe_strcat(4, admin_hash, cookie_exp, user_agent, src_ip); |
|
|
|
char* hashed = get_sha256_hash_hex_str(combined); |
|
|
|
if(strcmp(hashed, cookie_hash) == 0) { |
|
|
|
if(expired == 0 && read > 0) { |
|
|
@ -222,9 +211,6 @@ int main(int argc, char **argv) { |
|
|
|
free(hashed); |
|
|
|
free(combined); |
|
|
|
} |
|
|
|
if(unconditionally_generate == 1) { |
|
|
|
valid = 1; |
|
|
|
} |
|
|
|
if(valid == 1 && src_ip != NULL && user_agent != NULL) { |
|
|
|
char* new_hash; |
|
|
|
char* combined; |
|
|
@ -238,20 +224,19 @@ int main(int argc, char **argv) { |
|
|
|
} else { |
|
|
|
cookie_exp = get_cookie_time(new_exp_t); |
|
|
|
} |
|
|
|
combined = safe_strcat(4, root_hash, new_exp, user_agent, src_ip); |
|
|
|
combined = safe_strcat(4, admin_hash, new_exp, user_agent, src_ip); |
|
|
|
new_hash = get_sha256_hash_hex_str(combined); |
|
|
|
if(browser_time == 0) { |
|
|
|
printf("echo \"Set-Cookie:kagera_sid=%s; Path=/;\"; echo \"Set-Cookie:kagera_exp=%s; Path=/;\"; ", new_hash, new_exp); |
|
|
|
printf("echo \"Set-Cookie:kagera_sid=%s; Path=/;\"; echo \"Set-Cookie:kagera_usr=%s; Path=/;\"; echo \"Set-Cookie:kagera_exp=%s; Path=/;\"; ", new_hash, username, new_exp); |
|
|
|
} else { |
|
|
|
printf("echo \"Set-Cookie:kagera_sid=%s; Expires=%s; Path=/;\"; echo \"Set-Cookie:kagera_exp=%s; Expires=%s; Path=/;\"; ", new_hash, cookie_exp, new_exp, cookie_exp); |
|
|
|
printf("echo \"Set-Cookie:kagera_sid=%s; Expires=%s; Path=/;\"; echo \"Set-Cookie:kagera_usr=%s; Expires=%s; Path=/;\"; echo \"Set-Cookie:kagera_exp=%s; Expires=%s; Path=/;\"; ", new_hash, cookie_exp, username, cookie_exp, new_exp, cookie_exp); |
|
|
|
} |
|
|
|
free(new_hash); |
|
|
|
free(combined); |
|
|
|
free(cookie_exp); |
|
|
|
} else { |
|
|
|
printf("KAGERA_LOGGEDOUT=1\n"); |
|
|
|
printf("VALIDSESS=1\n"); |
|
|
|
} |
|
|
|
free(root_hash); |
|
|
|
free(admin_hash); |
|
|
|
} |
|
|
|
if(redirect != NULL) { |
|
|
|
char str[20] = ""; |
|
|
|