diff --git a/COPYING b/COPYING new file mode 100644 index 0000000..d159169 --- /dev/null +++ b/COPYING @@ -0,0 +1,339 @@ + GNU GENERAL PUBLIC LICENSE + Version 2, June 1991 + + Copyright (C) 1989, 1991 Free Software Foundation, Inc., + 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA + Everyone is permitted to copy and distribute verbatim copies + of this license document, but changing it is not allowed. + + Preamble + + The licenses for most software are designed to take away your +freedom to share and change it. By contrast, the GNU General Public +License is intended to guarantee your freedom to share and change free +software--to make sure the software is free for all its users. This +General Public License applies to most of the Free Software +Foundation's software and to any other program whose authors commit to +using it. (Some other Free Software Foundation software is covered by +the GNU Lesser General Public License instead.) You can apply it to +your programs, too. + + When we speak of free software, we are referring to freedom, not +price. Our General Public Licenses are designed to make sure that you +have the freedom to distribute copies of free software (and charge for +this service if you wish), that you receive source code or can get it +if you want it, that you can change the software or use pieces of it +in new free programs; and that you know you can do these things. + + To protect your rights, we need to make restrictions that forbid +anyone to deny you these rights or to ask you to surrender the rights. +These restrictions translate to certain responsibilities for you if you +distribute copies of the software, or if you modify it. + + For example, if you distribute copies of such a program, whether +gratis or for a fee, you must give the recipients all the rights that +you have. You must make sure that they, too, receive or can get the +source code. And you must show them these terms so they know their +rights. + + We protect your rights with two steps: (1) copyright the software, and +(2) offer you this license which gives you legal permission to copy, +distribute and/or modify the software. + + Also, for each author's protection and ours, we want to make certain +that everyone understands that there is no warranty for this free +software. If the software is modified by someone else and passed on, we +want its recipients to know that what they have is not the original, so +that any problems introduced by others will not reflect on the original +authors' reputations. + + Finally, any free program is threatened constantly by software +patents. We wish to avoid the danger that redistributors of a free +program will individually obtain patent licenses, in effect making the +program proprietary. To prevent this, we have made it clear that any +patent must be licensed for everyone's free use or not licensed at all. + + The precise terms and conditions for copying, distribution and +modification follow. + + GNU GENERAL PUBLIC LICENSE + TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION + + 0. This License applies to any program or other work which contains +a notice placed by the copyright holder saying it may be distributed +under the terms of this General Public License. The "Program", below, +refers to any such program or work, and a "work based on the Program" +means either the Program or any derivative work under copyright law: +that is to say, a work containing the Program or a portion of it, +either verbatim or with modifications and/or translated into another +language. (Hereinafter, translation is included without limitation in +the term "modification".) Each licensee is addressed as "you". + +Activities other than copying, distribution and modification are not +covered by this License; they are outside its scope. The act of +running the Program is not restricted, and the output from the Program +is covered only if its contents constitute a work based on the +Program (independent of having been made by running the Program). +Whether that is true depends on what the Program does. + + 1. You may copy and distribute verbatim copies of the Program's +source code as you receive it, in any medium, provided that you +conspicuously and appropriately publish on each copy an appropriate +copyright notice and disclaimer of warranty; keep intact all the +notices that refer to this License and to the absence of any warranty; +and give any other recipients of the Program a copy of this License +along with the Program. + +You may charge a fee for the physical act of transferring a copy, and +you may at your option offer warranty protection in exchange for a fee. + + 2. You may modify your copy or copies of the Program or any portion +of it, thus forming a work based on the Program, and copy and +distribute such modifications or work under the terms of Section 1 +above, provided that you also meet all of these conditions: + + a) You must cause the modified files to carry prominent notices + stating that you changed the files and the date of any change. + + b) You must cause any work that you distribute or publish, that in + whole or in part contains or is derived from the Program or any + part thereof, to be licensed as a whole at no charge to all third + parties under the terms of this License. + + c) If the modified program normally reads commands interactively + when run, you must cause it, when started running for such + interactive use in the most ordinary way, to print or display an + announcement including an appropriate copyright notice and a + notice that there is no warranty (or else, saying that you provide + a warranty) and that users may redistribute the program under + these conditions, and telling the user how to view a copy of this + License. (Exception: if the Program itself is interactive but + does not normally print such an announcement, your work based on + the Program is not required to print an announcement.) + +These requirements apply to the modified work as a whole. If +identifiable sections of that work are not derived from the Program, +and can be reasonably considered independent and separate works in +themselves, then this License, and its terms, do not apply to those +sections when you distribute them as separate works. But when you +distribute the same sections as part of a whole which is a work based +on the Program, the distribution of the whole must be on the terms of +this License, whose permissions for other licensees extend to the +entire whole, and thus to each and every part regardless of who wrote it. + +Thus, it is not the intent of this section to claim rights or contest +your rights to work written entirely by you; rather, the intent is to +exercise the right to control the distribution of derivative or +collective works based on the Program. + +In addition, mere aggregation of another work not based on the Program +with the Program (or with a work based on the Program) on a volume of +a storage or distribution medium does not bring the other work under +the scope of this License. + + 3. You may copy and distribute the Program (or a work based on it, +under Section 2) in object code or executable form under the terms of +Sections 1 and 2 above provided that you also do one of the following: + + a) Accompany it with the complete corresponding machine-readable + source code, which must be distributed under the terms of Sections + 1 and 2 above on a medium customarily used for software interchange; or, + + b) Accompany it with a written offer, valid for at least three + years, to give any third party, for a charge no more than your + cost of physically performing source distribution, a complete + machine-readable copy of the corresponding source code, to be + distributed under the terms of Sections 1 and 2 above on a medium + customarily used for software interchange; or, + + c) Accompany it with the information you received as to the offer + to distribute corresponding source code. (This alternative is + allowed only for noncommercial distribution and only if you + received the program in object code or executable form with such + an offer, in accord with Subsection b above.) + +The source code for a work means the preferred form of the work for +making modifications to it. For an executable work, complete source +code means all the source code for all modules it contains, plus any +associated interface definition files, plus the scripts used to +control compilation and installation of the executable. However, as a +special exception, the source code distributed need not include +anything that is normally distributed (in either source or binary +form) with the major components (compiler, kernel, and so on) of the +operating system on which the executable runs, unless that component +itself accompanies the executable. + +If distribution of executable or object code is made by offering +access to copy from a designated place, then offering equivalent +access to copy the source code from the same place counts as +distribution of the source code, even though third parties are not +compelled to copy the source along with the object code. + + 4. You may not copy, modify, sublicense, or distribute the Program +except as expressly provided under this License. Any attempt +otherwise to copy, modify, sublicense or distribute the Program is +void, and will automatically terminate your rights under this License. +However, parties who have received copies, or rights, from you under +this License will not have their licenses terminated so long as such +parties remain in full compliance. + + 5. You are not required to accept this License, since you have not +signed it. However, nothing else grants you permission to modify or +distribute the Program or its derivative works. These actions are +prohibited by law if you do not accept this License. Therefore, by +modifying or distributing the Program (or any work based on the +Program), you indicate your acceptance of this License to do so, and +all its terms and conditions for copying, distributing or modifying +the Program or works based on it. + + 6. Each time you redistribute the Program (or any work based on the +Program), the recipient automatically receives a license from the +original licensor to copy, distribute or modify the Program subject to +these terms and conditions. You may not impose any further +restrictions on the recipients' exercise of the rights granted herein. +You are not responsible for enforcing compliance by third parties to +this License. + + 7. If, as a consequence of a court judgment or allegation of patent +infringement or for any other reason (not limited to patent issues), +conditions are imposed on you (whether by court order, agreement or +otherwise) that contradict the conditions of this License, they do not +excuse you from the conditions of this License. If you cannot +distribute so as to satisfy simultaneously your obligations under this +License and any other pertinent obligations, then as a consequence you +may not distribute the Program at all. For example, if a patent +license would not permit royalty-free redistribution of the Program by +all those who receive copies directly or indirectly through you, then +the only way you could satisfy both it and this License would be to +refrain entirely from distribution of the Program. + +If any portion of this section is held invalid or unenforceable under +any particular circumstance, the balance of the section is intended to +apply and the section as a whole is intended to apply in other +circumstances. + +It is not the purpose of this section to induce you to infringe any +patents or other property right claims or to contest validity of any +such claims; this section has the sole purpose of protecting the +integrity of the free software distribution system, which is +implemented by public license practices. Many people have made +generous contributions to the wide range of software distributed +through that system in reliance on consistent application of that +system; it is up to the author/donor to decide if he or she is willing +to distribute software through any other system and a licensee cannot +impose that choice. + +This section is intended to make thoroughly clear what is believed to +be a consequence of the rest of this License. + + 8. If the distribution and/or use of the Program is restricted in +certain countries either by patents or by copyrighted interfaces, the +original copyright holder who places the Program under this License +may add an explicit geographical distribution limitation excluding +those countries, so that distribution is permitted only in or among +countries not thus excluded. In such case, this License incorporates +the limitation as if written in the body of this License. + + 9. The Free Software Foundation may publish revised and/or new versions +of the General Public License from time to time. Such new versions will +be similar in spirit to the present version, but may differ in detail to +address new problems or concerns. + +Each version is given a distinguishing version number. If the Program +specifies a version number of this License which applies to it and "any +later version", you have the option of following the terms and conditions +either of that version or of any later version published by the Free +Software Foundation. If the Program does not specify a version number of +this License, you may choose any version ever published by the Free Software +Foundation. + + 10. If you wish to incorporate parts of the Program into other free +programs whose distribution conditions are different, write to the author +to ask for permission. For software which is copyrighted by the Free +Software Foundation, write to the Free Software Foundation; we sometimes +make exceptions for this. Our decision will be guided by the two goals +of preserving the free status of all derivatives of our free software and +of promoting the sharing and reuse of software generally. + + NO WARRANTY + + 11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY +FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN +OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES +PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED +OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF +MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS +TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE +PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING, +REPAIR OR CORRECTION. + + 12. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING +WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR +REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, +INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING +OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED +TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY +YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER +PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE +POSSIBILITY OF SUCH DAMAGES. + + END OF TERMS AND CONDITIONS + + How to Apply These Terms to Your New Programs + + If you develop a new program, and you want it to be of the greatest +possible use to the public, the best way to achieve this is to make it +free software which everyone can redistribute and change under these terms. + + To do so, attach the following notices to the program. It is safest +to attach them to the start of each source file to most effectively +convey the exclusion of warranty; and each file should have at least +the "copyright" line and a pointer to where the full notice is found. + + + Copyright (C) + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License along + with this program; if not, write to the Free Software Foundation, Inc., + 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + +Also add information on how to contact you by electronic and paper mail. + +If the program is interactive, make it output a short notice like this +when it starts in an interactive mode: + + Gnomovision version 69, Copyright (C) year name of author + Gnomovision comes with ABSOLUTELY NO WARRANTY; for details type `show w'. + This is free software, and you are welcome to redistribute it + under certain conditions; type `show c' for details. + +The hypothetical commands `show w' and `show c' should show the appropriate +parts of the General Public License. Of course, the commands you use may +be called something other than `show w' and `show c'; they could even be +mouse-clicks or menu items--whatever suits your program. + +You should also get your employer (if you work as a programmer) or your +school, if any, to sign a "copyright disclaimer" for the program, if +necessary. Here is a sample; alter the names: + + Yoyodyne, Inc., hereby disclaims all copyright interest in the program + `Gnomovision' (which makes passes at compilers) written by James Hacker. + + , 1 April 1989 + Ty Coon, President of Vice + +This General Public License does not permit incorporating your program into +proprietary programs. If your program is a subroutine library, you may +consider it more useful to permit linking proprietary applications with the +library. If this is what you want to do, use the GNU Lesser General +Public License instead of this License. diff --git a/Makefile b/Makefile new file mode 100644 index 0000000..aef00b6 --- /dev/null +++ b/Makefile @@ -0,0 +1,30 @@ +CC = gcc +CFLAGS = -O2 -s -D_GNU_SOURCE +LDLIBS = -lcrypt +PREFIX = +BINDIR = $(PREFIX)/usr/sbin + +all: sessmgr + @echo "All done!" + +sessmgr: sessmgr.o sha256.o + $(CC) $(CFLAGS) $(LDLIBS) sessmgr.o sha256.o -o sessmgr + +sessmgr.o: sessmgr.c + $(CC) $(CFLAGS) -c sessmgr.c + +sha256.o: sha256.c + $(CC) $(CFLAGS) -c sha256.c + +install: + mkdir -p $(BINDIR) + cp sessmgr $(BINDIR) + @echo "All done!" + +uninstall: + rm -f $(BINDIR)/sessmgr + @echo "All done!" + +clean: + rm -f sessmgr *.o + @echo "All done!" diff --git a/README b/README new file mode 100644 index 0000000..f815754 --- /dev/null +++ b/README @@ -0,0 +1,10 @@ +Session Manager +=============== + +SessMgr is a small utility for Kagera Firmware Administrator's WebUI session validation. +Its task is to check password, validate sessions and authorize administrator access. +For security reasons, it also saves all success authorization in system logger and allows +to easily log out from Web Interface. + + +It is based on Gargoyle Session Validator diff --git a/README.md b/README.md deleted file mode 100644 index adeac90..0000000 --- a/README.md +++ /dev/null @@ -1,4 +0,0 @@ -sessmgr -======= - -Kagera Session Manager diff --git a/sessmgr.c b/sessmgr.c new file mode 100644 index 0000000..f2b05cc --- /dev/null +++ b/sessmgr.c @@ -0,0 +1,317 @@ +/** + * @PROJECT Session Manager + * @COPYRIGHT See COPYING in the top level directory + * @FILE sessmgr.h + * @PURPOSE WebUI session manager + * @DEVELOPERS Eric Bishop + * Rafal Kupiec + */ + +#include +#include +#include +#include +#include +#include +#include + +#include "sessmgr.h" +#include "sha256.h" + +char* get_cookie_time(time_t t) { + struct tm* utc = gmtime(&t); + char wday[4]; + char month[4]; + switch(utc->tm_wday) { + case 0: + sprintf(wday, "Sun"); + break; + case 1: + sprintf(wday, "Mon"); + break; + case 2: + sprintf(wday, "Tue"); + break; + case 3: + sprintf(wday, "Wed"); + break; + case 4: + sprintf(wday, "Thu"); + break; + case 5: + sprintf(wday, "Fri"); + break; + case 6: + sprintf(wday, "Sat"); + break; + } + switch(utc->tm_mon) { + case 0: + sprintf(month, "Jan"); + break; + case 1: + sprintf(month, "Feb"); + break; + case 2: + sprintf(month, "Mar"); + break; + case 3: + sprintf(month, "Apr"); + break; + case 4: + sprintf(month, "May"); + break; + case 5: + sprintf(month, "Jun"); + break; + case 6: + sprintf(month, "Jul"); + break; + case 7: + sprintf(month, "Aug"); + break; + case 8: + sprintf(month, "Sep"); + break; + case 9: + sprintf(month, "Oct"); + break; + case 10: + sprintf(month, "Nov"); + break; + case 11: + sprintf(month, "Dec"); + break; + } + char utc_str[200]; + sprintf(utc_str, "%s, %d %s %d %02d:%02d:%02d UTC", wday, utc->tm_mday, month, (utc->tm_year + 1900), utc->tm_hour, utc->tm_min, utc->tm_sec); + return safe_strdup(utc_str); +} + +char* get_root_hash(void) { + char* root_hash = get_root_hash_from_file("/etc/shadow"); + if(root_hash == NULL) { + root_hash = get_root_hash_from_file("/etc/passwd"); + } + return root_hash; +} + +char* get_root_hash_from_file(const char* passwd_file) { + int found = 0; + FILE *pw = fopen(passwd_file, "r"); + char* root_hash = NULL; + if(pw != NULL) { + char line[512]; + char* test = fgets(line, 511, pw); + while(test != NULL && !found) { + if(strlen(test) > 5) { + test[4] = '\0'; + if(strcmp(test, "root") == 0) { + char* hash_end; + found = 1; + test = test + 5; + hash_end = strchr(test, ':'); + *hash_end = '\0'; + root_hash = safe_strdup(test); + } + } + test = fgets(line, 511, pw); + } + fclose(pw); + } + return root_hash; +} + +int main(int argc, char **argv) { + char *password = NULL; + char *cookie_hash = NULL; + char *cookie_exp = NULL; + char *user_agent = NULL; + char *src_ip = NULL; + char *redirect = NULL; + int timeout_minutes = DEFAULT_SESSION_TIMEOUT; + unsigned long browser_time = 0; + int loggedout = 0; + int unconditionally_generate = 0; + int next_opt; + int read; + + while((next_opt = getopt(argc, argv, "p:P:c:C:e:E:a:A:i:I:r:R:t:T:b:B:lL:gG")) != -1) { + switch(next_opt) { + case 'p': + case 'P': + password = safe_strdup(optarg); + break; + case 'c': + case 'C': + cookie_hash = safe_strdup(optarg); + break; + case 'e': + case 'E': + cookie_exp = safe_strdup(optarg); + break; + case 'a': + case 'A': + user_agent = safe_strdup(optarg); + break; + case 'i': + case 'I': + src_ip = safe_strdup(optarg); + break; + case 'r': + case 'R': + redirect = safe_strdup(optarg); + break; + case 't': + case 'T': + read = sscanf(optarg, "%d", &timeout_minutes); + if(read > 0) { + timeout_minutes = timeout_minutes > 0 ? timeout_minutes : DEFAULT_SESSION_TIMEOUT; + } else { + timeout_minutes = DEFAULT_SESSION_TIMEOUT; + } + timeout_minutes *= 60; + break; + case 'b': + case 'B': + read = sscanf(optarg, "%ld", &browser_time); + browser_time = read > 0 ? browser_time : 0; + break; + case 'l': + case 'L': + loggedout = 1; + break; + case 'g': + case 'G': + unconditionally_generate = 1; + break; + } + } + + int expired = 0; + int valid = 0; + char* root_hash = get_root_hash(); + if(loggedout == 1) { + printf("echo \"Set-Cookie:kagera_sid=loggedout;\"; "); + } else if(root_hash != NULL) { + time_t now; + time(&now); + if(password != NULL) { + valid = strcmp(crypt(password, root_hash), root_hash) == 0 ? 1 : 0; + if(valid) { + printf("logger -t webui \"Kagera Administration Interface authorization succeeded from ${REMOTE_ADDR}\"; "); + } + } else if(cookie_hash != NULL && cookie_exp != NULL && user_agent != NULL && src_ip != NULL) { + time_t exp_time; + int read = sscanf(cookie_exp, "%ld", &exp_time); + if(read > 0) { + expired = 1; + if(exp_time > now && (exp_time - (timeout_minutes) - 2) <= now) { + expired = 0; + } + } + char *combined = safe_strcat(4, root_hash, cookie_exp, user_agent, src_ip); + char* hashed = get_sha256_hash_hex_str(combined); + if(strcmp(hashed, cookie_hash) == 0) { + if(expired == 0 && read > 0) { + valid = 1; + } + } else { + expired = 0; + } + free(hashed); + free(combined); + } + if(unconditionally_generate == 1) { + valid = 1; + } + if(valid == 1 && src_ip != NULL && user_agent != NULL) { + char* new_hash; + char* combined; + char new_exp[100] = ""; + time_t new_exp_t = now + (timeout_minutes); + sprintf(new_exp, "%ld", new_exp_t); + char* cookie_exp; + if(browser_time > 0 && ((browser_time - now) < (-5*60) || (browser_time - now) > (5*60))) { + time_t cookie_exp_t = browser_time+(timeout_minutes); + cookie_exp = get_cookie_time(cookie_exp_t); + } else { + cookie_exp = get_cookie_time(new_exp_t); + } + combined = safe_strcat(4, root_hash, new_exp, user_agent, src_ip); + new_hash = get_sha256_hash_hex_str(combined); + if(browser_time == 0) { + printf("echo \"Set-Cookie:kagera_sid=%s; Path=/;\"; echo \"Set-Cookie:kagera_exp=%s; Path=/;\"; ", new_hash, new_exp); + } else { + printf("echo \"Set-Cookie:kagera_sid=%s; Expires=%s; Path=/;\"; echo \"Set-Cookie:kagera_exp=%s; Expires=%s; Path=/;\"; ", new_hash, cookie_exp, new_exp, cookie_exp); + } + free(new_hash); + free(combined); + free(cookie_exp); + } else { + printf("KAGERA_LOGGEDOUT=1\n"); + } + free(root_hash); + } + if(redirect != NULL) { + char str[20] = ""; + if(expired == 1) { + sprintf(str, "&expired=1"); + } else if(loggedout == 1) { + sprintf(str, "&loggedout=1"); + } + printf("echo \"HTTP/1.1 301 Moved Permanently;\"; echo \"Location: %s%s\"; exit", redirect, str); + } + return 0; +} + +void* safe_malloc(size_t size) { + void* val = malloc(size); + if(val == NULL) { + fprintf(stderr, "ERROR: MALLOC FAILURE!\n"); + exit(1); + } + return val; +} + +char* safe_strcat(int num_strs, ...) { + va_list strs; + int new_length = 0; + int i; + int next_start; + char* new_str; + + va_start(strs, num_strs); + for(i=0; i < num_strs; i++) { + char* next_arg = va_arg(strs, char*); + if(next_arg != NULL) { + new_length = new_length + strlen(next_arg); + } + } + va_end(strs); + new_str = safe_malloc((1 + new_length) * sizeof(char)); + va_start(strs, num_strs); + next_start = 0; + for(i=0; i < num_strs; i++) { + char* next_arg = va_arg(strs, char*); + if(next_arg != NULL) { + int next_length = strlen(next_arg); + memcpy(new_str+next_start,next_arg, next_length); + next_start = next_start+next_length; + } + } + new_str[next_start] = '\0'; + return new_str; +} + +char* safe_strdup(const char* str) { + char* new_str = NULL; + if(str != NULL) { + new_str = strdup(str); + if(new_str == NULL) { + fprintf(stderr, "ERROR: MALLOC FAILURE!\n"); + exit(1); + } + } + return new_str; +} diff --git a/sessmgr.h b/sessmgr.h new file mode 100644 index 0000000..771a58f --- /dev/null +++ b/sessmgr.h @@ -0,0 +1,23 @@ +/** + * @PROJECT Session Manager + * @COPYRIGHT See COPYING in the top level directory + * @FILE sessmgr.h + * @PURPOSE WebUI session manager + * @DEVELOPERS Eric Bishop + * Rafal Kupiec + */ + +#ifndef __SESSMGR_H +#define __SESSMGR_H + +#define DEFAULT_SESSION_TIMEOUT 15 + +extern char* crypt(const char* key, const char* setting); +char* get_cookie_time(time_t t); +char* get_root_hash(void); +char* get_root_hash_from_file(const char* passwd_file); +void* safe_malloc(size_t size); +char* safe_strcat(int num_strs, ...); +char* safe_strdup(const char* str); + +#endif diff --git a/sha256.c b/sha256.c new file mode 100644 index 0000000..90894ac --- /dev/null +++ b/sha256.c @@ -0,0 +1,180 @@ +/* + * sha256.c - Implementation of the Secure Hash Algorithm-256 (SHA-256). + * + * Implemented from the description on the NIST Web site: + * http://csrc.nist.gov/cryptval/shs.html + * + * + * Copyright (C) 2012 Rafal Kupiec (customized for sessmgr) + * Copyright (C) 2009 Eric Bishop (adapted as standalone utility) + * Copyright (C) 2002 Southern Storm Software, Pty Ltd. + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + */ + +#include +#include +#include +#include +#include + +#include "sha256.h" + +static void ProcessBlock(SHA256Context *sha, const unsigned char *block) { + u_int32_t W[64]; + u_int32_t a, b, c, d, e, f, g, h; + u_int32_t temp, temp2; + int t; + + for(t = 0; t < 16; ++t) { + W[t] = (((u_int32_t) (block[t * 4 + 0])) << 24) | (((u_int32_t) (block[t * 4 + 1])) << 16) | (((u_int32_t) (block[t * 4 + 2])) << 8) | ((u_int32_t) (block[t * 4 + 3])); + } + for(t = 16; t < 64; ++t) { + W[t] = TRUNCLONG(RHO1(W[t - 2]) + W[t - 7] + RHO0(W[t - 15]) + W[t - 16]); + } + a = sha->A; + b = sha->B; + c = sha->C; + d = sha->D; + e = sha->E; + f = sha->F; + g = sha->G; + h = sha->H; + for(t = 0; t < 64; ++t) { + temp = TRUNCLONG(h + SUM1(e) + CH(e, f, g) + K[t] + W[t]); + temp2 = TRUNCLONG(SUM0(a) + MAJ(a, b, c)); + h = g; + g = f; + f = e; + e = TRUNCLONG(d + temp); + d = c; + c = b; + b = a; + a = TRUNCLONG(temp + temp2); + } + sha->A = TRUNCLONG(sha->A + a); + sha->B = TRUNCLONG(sha->B + b); + sha->C = TRUNCLONG(sha->C + c); + sha->D = TRUNCLONG(sha->D + d); + sha->E = TRUNCLONG(sha->E + e); + sha->F = TRUNCLONG(sha->F + f); + sha->G = TRUNCLONG(sha->G + g); + sha->H = TRUNCLONG(sha->H + h); + DoMemZero(W, sizeof(u_int32_t) * 64); + a = b = c = d = e = f = g = h = temp = temp2 = 0; +} + +void SHA256Data(SHA256Context *sha, const void *buffer, unsigned long len) { + unsigned long templen; + + sha->totalLen += (u_int64_t)len; + while(len > 0) { + if(!(sha->inputLen) && len >= 64) { + ProcessBlock(sha, (const unsigned char *) buffer); + buffer = (const void *) (((const unsigned char *) buffer) + 64); + len -= 64; + } else { + templen = len; + if(templen > (64 - sha->inputLen)) { + templen = 64 - sha->inputLen; + } + memcpy(sha->input + sha->inputLen, buffer, templen); + if((sha->inputLen += templen) >= 64) { + ProcessBlock(sha, sha->input); + sha->inputLen = 0; + } + buffer = (const void *) (((const unsigned char *) buffer) + templen); + len -= templen; + } + } +} + +void SHA256Finalize(SHA256Context *sha, unsigned char hash[SHA256_HASH_SIZE]) { + u_int64_t totalBits; + + if(hash) { + if(sha->inputLen >= 56) { + sha->input[(sha->inputLen)++] = (unsigned char) 0x80; + while(sha->inputLen < 64) { + sha->input[(sha->inputLen)++] = (unsigned char) 0x00; + } + ProcessBlock(sha, sha->input); + sha->inputLen = 0; + } else { + sha->input[(sha->inputLen)++] = (unsigned char) 0x80; + } + while(sha->inputLen < 56) { + sha->input[(sha->inputLen)++] = (unsigned char) 0x00; + } + totalBits = (sha->totalLen << 3); + WriteLong(sha->input + 56, (u_int32_t) (totalBits >> 32)); + WriteLong(sha->input + 60, (u_int32_t) totalBits); + ProcessBlock(sha, sha->input); + WriteLong(hash, sha->A); + WriteLong(hash + 4, sha->B); + WriteLong(hash + 8, sha->C); + WriteLong(hash + 12, sha->D); + WriteLong(hash + 16, sha->E); + WriteLong(hash + 20, sha->F); + WriteLong(hash + 24, sha->G); + WriteLong(hash + 28, sha->H); + } + DoMemZero(sha, sizeof(SHA256Context)); +} + +void SHA256Init(SHA256Context *sha) { + sha->inputLen = 0; + sha->A = 0x6a09e667; + sha->B = 0xbb67ae85; + sha->C = 0x3c6ef372; + sha->D = 0xa54ff53a; + sha->E = 0x510e527f; + sha->F = 0x9b05688c; + sha->G = 0x1f83d9ab; + sha->H = 0x5be0cd19; + sha->totalLen = 0; +} + +static void WriteLong(unsigned char *buf, u_int32_t value) { + buf[0] = (unsigned char)(value >> 24); + buf[1] = (unsigned char)(value >> 16); + buf[2] = (unsigned char)(value >> 8); + buf[3] = (unsigned char)value; +} + +unsigned char* get_sha256_hash(const char* unhashed) { + SHA256Context sha; + unsigned char* hash = (unsigned char*) malloc(32); + + SHA256Init(&sha); + SHA256Data(&sha, unhashed, strlen(unhashed)); + SHA256Finalize(&sha, hash); + return hash; +} + +char* get_sha256_hash_hex_str(const char* unhashed) { + unsigned char* hashed = get_sha256_hash(unhashed); + char* hashed_hex = (char*) malloc(65); + char next_hex[3]; + int index =0; + + hashed_hex[0] = '\0'; + for(index=0; index < 32; index++) { + sprintf(next_hex, "%02X", hashed[index]); + strcat(hashed_hex, next_hex); + } + free(hashed); + return hashed_hex; +} diff --git a/sha256.h b/sha256.h new file mode 100644 index 0000000..49b67ad --- /dev/null +++ b/sha256.h @@ -0,0 +1,59 @@ +#ifndef __SHA256_H +#define __SHA256_H + +#define DoMemZero(dest,len) (memset((dest), 0, (len))) + +#if SIZEOF_LONG > 4 + #define TRUNCLONG(x) ((x) & IL_MAX_UINT32) + #define ROTATE(x,n) (TRUNCLONG(((x) >> (n))) | ((x) << (32 - (n)))) + #define SHIFT(x,n) (TRUNCLONG(((x) >> (n)))) +#else + #define TRUNCLONG(x) (x) + #define ROTATE(x,n) (((x) >> (n)) | ((x) << (32 - (n)))) + #define SHIFT(x,n) ((x) >> (n)) +#endif + +#define CH(x,y,z) (((x) & (y)) ^ (TRUNCLONG(~(x)) & (z))) +#define MAJ(x,y,z) (((x) & (y)) ^ ((x) & (z)) ^ ((y) & (z))) +#define SUM0(x) (ROTATE((x), 2) ^ ROTATE((x), 13) ^ ROTATE((x), 22)) +#define SUM1(x) (ROTATE((x), 6) ^ ROTATE((x), 11) ^ ROTATE((x), 25)) +#define RHO0(x) (ROTATE((x), 7) ^ ROTATE((x), 18) ^ SHIFT((x), 3)) +#define RHO1(x) (ROTATE((x), 17) ^ ROTATE((x), 19) ^ SHIFT((x), 10)) + +#define SHA256_HASH_SIZE 32 + +typedef struct _tagSHA256Context { + unsigned char input[64]; + u_int32_t inputLen; + u_int32_t A, B, C, D, E, F, G, H; + u_int64_t totalLen; +} SHA256Context; + +static u_int32_t const K[64] = { + 0x428a2f98, 0x71374491, 0xb5c0fbcf, 0xe9b5dba5, + 0x3956c25b, 0x59f111f1, 0x923f82a4, 0xab1c5ed5, + 0xd807aa98, 0x12835b01, 0x243185be, 0x550c7dc3, + 0x72be5d74, 0x80deb1fe, 0x9bdc06a7, 0xc19bf174, + 0xe49b69c1, 0xefbe4786, 0x0fc19dc6, 0x240ca1cc, + 0x2de92c6f, 0x4a7484aa, 0x5cb0a9dc, 0x76f988da, + 0x983e5152, 0xa831c66d, 0xb00327c8, 0xbf597fc7, + 0xc6e00bf3, 0xd5a79147, 0x06ca6351, 0x14292967, + 0x27b70a85, 0x2e1b2138, 0x4d2c6dfc, 0x53380d13, + 0x650a7354, 0x766a0abb, 0x81c2c92e, 0x92722c85, + 0xa2bfe8a1, 0xa81a664b, 0xc24b8b70, 0xc76c51a3, + 0xd192e819, 0xd6990624, 0xf40e3585, 0x106aa070, + 0x19a4c116, 0x1e376c08, 0x2748774c, 0x34b0bcb5, + 0x391c0cb3, 0x4ed8aa4a, 0x5b9cca4f, 0x682e6ff3, + 0x748f82ee, 0x78a5636f, 0x84c87814, 0x8cc70208, + 0x90befffa, 0xa4506ceb, 0xbef9a3f7, 0xc67178f2 +}; + +static void ProcessBlock(SHA256Context *sha, const unsigned char *block); +void SHA256Data(SHA256Context *sha, const void *buffer, unsigned long len); +void SHA256Finalize(SHA256Context *sha, unsigned char hash[SHA256_HASH_SIZE]); +void SHA256Init(SHA256Context *sha); +static void WriteLong(unsigned char *buf, u_int32_t value); +extern unsigned char* get_sha256_hash(const char* unhashed); +extern char* get_sha256_hash_hex_str(const char* unhashed); + +#endif