Kagera
/
sessmgr
Watch 2
Star 0
Fork 0
Code Issues 0 Pull Requests 0 Releases 0 Wiki Activity
Browse Source

update to v1.31

master
Rafal Kupiec 5 years ago
parent
ea16a23563
commit
27b78ae986
3 changed files with 49 additions and 59 deletions
Split View Show Diff Stats
  1. 8
    2
      Makefile
  2. 40
    55
      sessmgr.c
  3. 1
    2
      sessmgr.h

+ 8
- 2
Makefile View File 

@@ -4,6 +4,12 @@ LDLIBS =	-lcrypt
4 4 
 PREFIX =
5 5 
 BINDIR =	$(PREFIX)/usr/sbin
6 6
7 
+ifeq ($(USE_SHADOW), 1)
8 
+	DEFS:=-DUSE_SHADOW
9 
+else
10 
+	DEFS:=
11 
+endif
12 
+
7 13 
 all: sessmgr
8 14 
 	@echo "All done!"
9 15 
 
@@ -11,10 +17,10 @@ sessmgr: sessmgr.o sha256.o
11 17 
 	$(CC) $(CFLAGS) $(LDLIBS) sessmgr.o sha256.o -o sessmgr
12 18
13 19 
 sessmgr.o: sessmgr.c
14 
-	$(CC) $(CFLAGS) -c sessmgr.c
20 
+	$(CC) $(CFLAGS) $(DEFS) -c sessmgr.c
15 21
16 22 
 sha256.o: sha256.c
17 
-	$(CC) $(CFLAGS) -c sha256.c
23 
+	$(CC) $(CFLAGS) $(DEFS) -c sha256.c
18 24
19 25 
 install:
20 26 
 	mkdir -p $(BINDIR)

+ 40
- 55
sessmgr.c View File 

@@ -11,13 +11,36 @@
11 11 
 #include <stdlib.h>
12 12 
 #include <string.h>
13 13 
 #include <unistd.h>
14 
-#include <pwd.h>
15 14 
 #include <stdarg.h>
16 15 
 #include <time.h>
16 
+#include <pwd.h>
17 
+#ifdef USE_SHADOW
18 
+	#include <shadow.h>
19 
+#endif
17 20
18 21 
 #include "sessmgr.h"
19 22 
 #include "sha256.h"
20 23
24 
+
25 
+char* get_admin_hash(const char* username) {
26 
+	char* admin_hash = NULL;
27 
+
28 
+	if(username) {
29 
+#ifdef USE_SHADOW
30 
+		struct spwd* pw;
31 
+		if((pw = getspnam(username)) != NULL) {
32 
+			admin_hash = strdup(pw->sp_pwdp);
33 
+		}
34 
+#else
35 
+		struct passwd* pw;
36 
+		if((pw = getpwnam(username)) != NULL) {
37 
+			admin_hash = strdup(pw->pw_passwd);
38 
+		}
39 
+#endif
40 
+	}
41 
+	return admin_hash;
42 
+}
43 
+
21 44 
 char* get_cookie_time(time_t t) {
22 45 
 	struct tm* utc = gmtime(&t);
23 46 
 	char wday[4];
 
@@ -88,42 +111,9 @@ char* get_cookie_time(time_t t) {
88 111 
 	return safe_strdup(utc_str);
89 112 
 }
90 113
91 
-char* get_root_hash(void) {
92 
-	char* root_hash = get_root_hash_from_file("/etc/shadow");
93 
-	if(root_hash == NULL) {
94 
-		root_hash = get_root_hash_from_file("/etc/passwd");
95 
-	}
96 
-	return root_hash;
97 
-}
98 
-
99 
-char* get_root_hash_from_file(const char* passwd_file) {
100 
-	int found = 0;
101 
-	FILE *pw = fopen(passwd_file, "r");
102 
-	char* root_hash = NULL;
103 
-	if(pw != NULL) {
104 
-		char line[512];
105 
-		char* test = fgets(line, 511, pw);
106 
-		while(test != NULL && !found) {
107 
-			if(strlen(test) > 5) {
108 
-				test[4] = '\0';
109 
-				if(strcmp(test, "root") == 0) {
110 
-					char* hash_end;
111 
-					found = 1;
112 
-					test = test + 5;
113 
-					hash_end = strchr(test, ':');
114 
-					*hash_end = '\0';
115 
-					root_hash = safe_strdup(test);
116 
-				}
117 
-			}
118 
-			test = fgets(line, 511, pw);
119 
-		}
120 
-		fclose(pw);
121 
-	}
122 
-	return root_hash;
123 
-}
124 
-
125 114 
 int main(int argc, char **argv) {
126 115 
 	char *password = NULL;
116 
+	char *username = NULL;
127 117 
 	char *cookie_hash = NULL;
128 118 
 	char *cookie_exp = NULL;
129 119 
 	char *user_agent = NULL;
 
@@ -132,16 +122,19 @@ int main(int argc, char **argv) {
132 122 
 	int timeout_minutes = DEFAULT_SESSION_TIMEOUT;
133 123 
 	unsigned long browser_time = 0;
134 124 
 	int loggedout = 0;
135 
-	int unconditionally_generate = 0;
136 125 
 	int next_opt;
137 126 
 	int read;
138 127
139 
-	while((next_opt = getopt(argc, argv, "p:P:c:C:e:E:a:A:i:I:r:R:t:T:b:B:lL:gG")) != -1) {
128 
+	while((next_opt = getopt(argc, argv, "p:P:u:U:c:C:e:E:a:A:i:I:r:R:t:T:b:B:lL")) != -1) {
140 129 
 		switch(next_opt) {
141 130 
 			case 'p':
142 131 
 			case 'P':
143 132 
 				password = safe_strdup(optarg);
144 133 
 				break;
134 
+			case 'u':
135 
+			case 'U':
136 
+				username = safe_strdup(optarg);
137 
+				break;
145 138 
 			case 'c':
146 139 
 			case 'C':
147 140 
 				cookie_hash = safe_strdup(optarg);
 
@@ -181,23 +174,19 @@ int main(int argc, char **argv) {
181 174 
 			case 'L':
182 175 
 				loggedout = 1;
183 176 
 				break;
184 
-			case 'g':
185 
-			case 'G':
186 
-				unconditionally_generate = 1;
187 
-				break;
188 177 
 		}
189 178 
 	}
190 179
191 180 
 	int expired = 0;
192 181 
 	int valid = 0;
193 
-	char* root_hash = get_root_hash();
182 
+	char* admin_hash = get_admin_hash(username);
194 183 
 	if(loggedout == 1) {
195 
-		printf("echo \"Set-Cookie:kagera_sid=loggedout;\"; ");
196 
-	} else if(root_hash != NULL) {
184 
+		printf("echo \"Set-Cookie:kagera_sid=loggedout;\"; echo \"Set-Cookie:kagera_usr=loggedout;\"; ");
185 
+	} else if(admin_hash != NULL) {
197 186 
 		time_t now;
198 187 
 		time(&now);
199 188 
 		if(password != NULL) {
200 
-			valid = strcmp(crypt(password, root_hash), root_hash) == 0 ? 1 : 0;
189 
+			valid = strcmp(crypt(password, admin_hash), admin_hash) == 0 ? 1 : 0;
201 190 
 			if(valid) {
202 191 
 				printf("logger -t webui \"Kagera Administration Interface authorization succeeded from ${REMOTE_ADDR}\"; ");
203 192 
 			}
 
@@ -210,7 +199,7 @@ int main(int argc, char **argv) {
210 199 
 					expired = 0;
211 200 
 				}
212 201 
 			}
213 
-			char *combined = safe_strcat(4, root_hash, cookie_exp, user_agent, src_ip);
202 
+			char *combined = safe_strcat(4, admin_hash, cookie_exp, user_agent, src_ip);
214 203 
 			char* hashed = get_sha256_hash_hex_str(combined);
215 204 
 			if(strcmp(hashed, cookie_hash) == 0) {
216 205 
 				if(expired == 0 && read > 0) {
 
@@ -222,9 +211,6 @@ int main(int argc, char **argv) {
222 211 
 			free(hashed);
223 212 
 			free(combined);
224 213 
 		}
225 
-		if(unconditionally_generate == 1) {
226 
-			valid = 1;
227 
-		}
228 214 
 		if(valid == 1 && src_ip != NULL && user_agent != NULL) {
229 215 
 			char* new_hash;
230 216 
 			char* combined;
 
@@ -238,20 +224,19 @@ int main(int argc, char **argv) {
238 224 
 			} else {
239 225 
 				cookie_exp = get_cookie_time(new_exp_t);
240 226 
 			}
241 
-			combined = safe_strcat(4, root_hash, new_exp, user_agent, src_ip);
227 
+			combined = safe_strcat(4, admin_hash, new_exp, user_agent, src_ip);
242 228 
 			new_hash = get_sha256_hash_hex_str(combined);
243 229 
 			if(browser_time == 0) {
244 
-				printf("echo \"Set-Cookie:kagera_sid=%s; Path=/;\"; echo \"Set-Cookie:kagera_exp=%s; Path=/;\"; ", new_hash, new_exp);
230 
+				printf("echo \"Set-Cookie:kagera_sid=%s; Path=/;\"; echo \"Set-Cookie:kagera_usr=%s; Path=/;\"; echo \"Set-Cookie:kagera_exp=%s; Path=/;\"; ", new_hash, username, new_exp);
245 231 
 			} else {
246 
-				printf("echo \"Set-Cookie:kagera_sid=%s; Expires=%s; Path=/;\"; echo \"Set-Cookie:kagera_exp=%s; Expires=%s; Path=/;\"; ", new_hash, cookie_exp, new_exp, cookie_exp);
232 
+				printf("echo \"Set-Cookie:kagera_sid=%s; Expires=%s; Path=/;\"; echo \"Set-Cookie:kagera_usr=%s; Expires=%s; Path=/;\"; echo \"Set-Cookie:kagera_exp=%s; Expires=%s; Path=/;\"; ", new_hash, cookie_exp, username, cookie_exp, new_exp, cookie_exp);
247 233 
 			}
248 234 
 			free(new_hash);
249 235 
 			free(combined);
250 236 
 			free(cookie_exp);
251 
-		} else {
252 
-			printf("KAGERA_LOGGEDOUT=1\n");
237 
+			printf("VALIDSESS=1\n");
253 238 
 		}
254 
-		free(root_hash);
239 
+		free(admin_hash);
255 240 
 	}
256 241 
 	if(redirect != NULL) {
257 242 
 		char str[20] = "";

+ 1
- 2
sessmgr.h View File 

@@ -13,9 +13,8 @@
13 13 
 #define DEFAULT_SESSION_TIMEOUT 15
14 14
15 15 
 extern char* crypt(const char* key, const char* setting);
16 
+char* get_admin_hash(const char* username);
16 17 
 char* get_cookie_time(time_t t);
17 
-char* get_root_hash(void);
18 
-char* get_root_hash_from_file(const char* passwd_file);
19 18 
 void* safe_malloc(size_t size);
20 19 
 char* safe_strcat(int num_strs, ...);
21 20 
 char* safe_strdup(const char* str);

Write Preview
Loading…
Cancel
Save