Kagera
/
sessmgr
Watch 2
Star 0
Fork 0
Code Issues 0 Pull Requests 0 Releases 0 Wiki Activity
Browse Source

update to v1.31

master
Rafal Kupiec 6 years ago
parent
ea16a23563
commit
27b78ae986
3 changed files with 49 additions and 59 deletions
Split View Show Diff Stats
  1. +8
    -2
      Makefile
  2. +40
    -55
      sessmgr.c
  3. +1
    -2
      sessmgr.h

+ 8
- 2
Makefile View File

@@ -4,6 +4,12 @@ LDLIBS = -lcrypt
PREFIX =
BINDIR = $(PREFIX)/usr/sbin

ifeq ($(USE_SHADOW), 1)
DEFS:=-DUSE_SHADOW
else
DEFS:=
endif

all: sessmgr
@echo "All done!"

@@ -11,10 +17,10 @@ sessmgr: sessmgr.o sha256.o
$(CC) $(CFLAGS) $(LDLIBS) sessmgr.o sha256.o -o sessmgr

sessmgr.o: sessmgr.c
$(CC) $(CFLAGS) -c sessmgr.c
$(CC) $(CFLAGS) $(DEFS) -c sessmgr.c

sha256.o: sha256.c
$(CC) $(CFLAGS) -c sha256.c
$(CC) $(CFLAGS) $(DEFS) -c sha256.c

install:
mkdir -p $(BINDIR)

+ 40
- 55
sessmgr.c View File

@@ -11,13 +11,36 @@
#include <stdlib.h>
#include <string.h>
#include <unistd.h>
#include <pwd.h>
#include <stdarg.h>
#include <time.h>
#include <pwd.h>
#ifdef USE_SHADOW
#include <shadow.h>
#endif

#include "sessmgr.h"
#include "sha256.h"


char* get_admin_hash(const char* username) {
char* admin_hash = NULL;

if(username) {
#ifdef USE_SHADOW
struct spwd* pw;
if((pw = getspnam(username)) != NULL) {
admin_hash = strdup(pw->sp_pwdp);
}
#else
struct passwd* pw;
if((pw = getpwnam(username)) != NULL) {
admin_hash = strdup(pw->pw_passwd);
}
#endif
}
return admin_hash;
}

char* get_cookie_time(time_t t) {
struct tm* utc = gmtime(&t);
char wday[4];
@@ -88,42 +111,9 @@ char* get_cookie_time(time_t t) {
return safe_strdup(utc_str);
}

char* get_root_hash(void) {
char* root_hash = get_root_hash_from_file("/etc/shadow");
if(root_hash == NULL) {
root_hash = get_root_hash_from_file("/etc/passwd");
}
return root_hash;
}

char* get_root_hash_from_file(const char* passwd_file) {
int found = 0;
FILE *pw = fopen(passwd_file, "r");
char* root_hash = NULL;
if(pw != NULL) {
char line[512];
char* test = fgets(line, 511, pw);
while(test != NULL && !found) {
if(strlen(test) > 5) {
test[4] = '\0';
if(strcmp(test, "root") == 0) {
char* hash_end;
found = 1;
test = test + 5;
hash_end = strchr(test, ':');
*hash_end = '\0';
root_hash = safe_strdup(test);
}
}
test = fgets(line, 511, pw);
}
fclose(pw);
}
return root_hash;
}

int main(int argc, char **argv) {
char *password = NULL;
char *username = NULL;
char *cookie_hash = NULL;
char *cookie_exp = NULL;
char *user_agent = NULL;
@@ -132,16 +122,19 @@ int main(int argc, char **argv) {
int timeout_minutes = DEFAULT_SESSION_TIMEOUT;
unsigned long browser_time = 0;
int loggedout = 0;
int unconditionally_generate = 0;
int next_opt;
int read;

while((next_opt = getopt(argc, argv, "p:P:c:C:e:E:a:A:i:I:r:R:t:T:b:B:lL:gG")) != -1) {
while((next_opt = getopt(argc, argv, "p:P:u:U:c:C:e:E:a:A:i:I:r:R:t:T:b:B:lL")) != -1) {
switch(next_opt) {
case 'p':
case 'P':
password = safe_strdup(optarg);
break;
case 'u':
case 'U':
username = safe_strdup(optarg);
break;
case 'c':
case 'C':
cookie_hash = safe_strdup(optarg);
@@ -181,23 +174,19 @@ int main(int argc, char **argv) {
case 'L':
loggedout = 1;
break;
case 'g':
case 'G':
unconditionally_generate = 1;
break;
}
}

int expired = 0;
int valid = 0;
char* root_hash = get_root_hash();
char* admin_hash = get_admin_hash(username);
if(loggedout == 1) {
printf("echo \"Set-Cookie:kagera_sid=loggedout;\"; ");
} else if(root_hash != NULL) {
printf("echo \"Set-Cookie:kagera_sid=loggedout;\"; echo \"Set-Cookie:kagera_usr=loggedout;\"; ");
} else if(admin_hash != NULL) {
time_t now;
time(&now);
if(password != NULL) {
valid = strcmp(crypt(password, root_hash), root_hash) == 0 ? 1 : 0;
valid = strcmp(crypt(password, admin_hash), admin_hash) == 0 ? 1 : 0;
if(valid) {
printf("logger -t webui \"Kagera Administration Interface authorization succeeded from ${REMOTE_ADDR}\"; ");
}
@@ -210,7 +199,7 @@ int main(int argc, char **argv) {
expired = 0;
}
}
char *combined = safe_strcat(4, root_hash, cookie_exp, user_agent, src_ip);
char *combined = safe_strcat(4, admin_hash, cookie_exp, user_agent, src_ip);
char* hashed = get_sha256_hash_hex_str(combined);
if(strcmp(hashed, cookie_hash) == 0) {
if(expired == 0 && read > 0) {
@@ -222,9 +211,6 @@ int main(int argc, char **argv) {
free(hashed);
free(combined);
}
if(unconditionally_generate == 1) {
valid = 1;
}
if(valid == 1 && src_ip != NULL && user_agent != NULL) {
char* new_hash;
char* combined;
@@ -238,20 +224,19 @@ int main(int argc, char **argv) {
} else {
cookie_exp = get_cookie_time(new_exp_t);
}
combined = safe_strcat(4, root_hash, new_exp, user_agent, src_ip);
combined = safe_strcat(4, admin_hash, new_exp, user_agent, src_ip);
new_hash = get_sha256_hash_hex_str(combined);
if(browser_time == 0) {
printf("echo \"Set-Cookie:kagera_sid=%s; Path=/;\"; echo \"Set-Cookie:kagera_exp=%s; Path=/;\"; ", new_hash, new_exp);
printf("echo \"Set-Cookie:kagera_sid=%s; Path=/;\"; echo \"Set-Cookie:kagera_usr=%s; Path=/;\"; echo \"Set-Cookie:kagera_exp=%s; Path=/;\"; ", new_hash, username, new_exp);
} else {
printf("echo \"Set-Cookie:kagera_sid=%s; Expires=%s; Path=/;\"; echo \"Set-Cookie:kagera_exp=%s; Expires=%s; Path=/;\"; ", new_hash, cookie_exp, new_exp, cookie_exp);
printf("echo \"Set-Cookie:kagera_sid=%s; Expires=%s; Path=/;\"; echo \"Set-Cookie:kagera_usr=%s; Expires=%s; Path=/;\"; echo \"Set-Cookie:kagera_exp=%s; Expires=%s; Path=/;\"; ", new_hash, cookie_exp, username, cookie_exp, new_exp, cookie_exp);
}
free(new_hash);
free(combined);
free(cookie_exp);
} else {
printf("KAGERA_LOGGEDOUT=1\n");
printf("VALIDSESS=1\n");
}
free(root_hash);
free(admin_hash);
}
if(redirect != NULL) {
char str[20] = "";

+ 1
- 2
sessmgr.h View File

@@ -13,9 +13,8 @@
#define DEFAULT_SESSION_TIMEOUT 15

extern char* crypt(const char* key, const char* setting);
char* get_admin_hash(const char* username);
char* get_cookie_time(time_t t);
char* get_root_hash(void);
char* get_root_hash_from_file(const char* passwd_file);
void* safe_malloc(size_t size);
char* safe_strcat(int num_strs, ...);
char* safe_strdup(const char* str);

Write Preview
Loading…
Cancel
Save