Kaynağa Gözat

Initial import

Rafal Kupiec 5 yıl önce
ebeveyn
işleme
a4dc349656
8 değiştirilmiş dosya ile 958 ekleme ve 4 silme
  1. 339
    0
      COPYING
  2. 30
    0
      Makefile
  3. 10
    0
      README
  4. 0
    4
      README.md
  5. 317
    0
      sessmgr.c
  6. 23
    0
      sessmgr.h
  7. 180
    0
      sha256.c
  8. 59
    0
      sha256.h

+ 339
- 0
COPYING Dosyayı Görüntüle

@@ -0,0 +1,339 @@
1
+                    GNU GENERAL PUBLIC LICENSE
2
+                       Version 2, June 1991
3
+
4
+ Copyright (C) 1989, 1991 Free Software Foundation, Inc.,
5
+ 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
6
+ Everyone is permitted to copy and distribute verbatim copies
7
+ of this license document, but changing it is not allowed.
8
+
9
+                            Preamble
10
+
11
+  The licenses for most software are designed to take away your
12
+freedom to share and change it.  By contrast, the GNU General Public
13
+License is intended to guarantee your freedom to share and change free
14
+software--to make sure the software is free for all its users.  This
15
+General Public License applies to most of the Free Software
16
+Foundation's software and to any other program whose authors commit to
17
+using it.  (Some other Free Software Foundation software is covered by
18
+the GNU Lesser General Public License instead.)  You can apply it to
19
+your programs, too.
20
+
21
+  When we speak of free software, we are referring to freedom, not
22
+price.  Our General Public Licenses are designed to make sure that you
23
+have the freedom to distribute copies of free software (and charge for
24
+this service if you wish), that you receive source code or can get it
25
+if you want it, that you can change the software or use pieces of it
26
+in new free programs; and that you know you can do these things.
27
+
28
+  To protect your rights, we need to make restrictions that forbid
29
+anyone to deny you these rights or to ask you to surrender the rights.
30
+These restrictions translate to certain responsibilities for you if you
31
+distribute copies of the software, or if you modify it.
32
+
33
+  For example, if you distribute copies of such a program, whether
34
+gratis or for a fee, you must give the recipients all the rights that
35
+you have.  You must make sure that they, too, receive or can get the
36
+source code.  And you must show them these terms so they know their
37
+rights.
38
+
39
+  We protect your rights with two steps: (1) copyright the software, and
40
+(2) offer you this license which gives you legal permission to copy,
41
+distribute and/or modify the software.
42
+
43
+  Also, for each author's protection and ours, we want to make certain
44
+that everyone understands that there is no warranty for this free
45
+software.  If the software is modified by someone else and passed on, we
46
+want its recipients to know that what they have is not the original, so
47
+that any problems introduced by others will not reflect on the original
48
+authors' reputations.
49
+
50
+  Finally, any free program is threatened constantly by software
51
+patents.  We wish to avoid the danger that redistributors of a free
52
+program will individually obtain patent licenses, in effect making the
53
+program proprietary.  To prevent this, we have made it clear that any
54
+patent must be licensed for everyone's free use or not licensed at all.
55
+
56
+  The precise terms and conditions for copying, distribution and
57
+modification follow.
58
+
59
+                    GNU GENERAL PUBLIC LICENSE
60
+   TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION
61
+
62
+  0. This License applies to any program or other work which contains
63
+a notice placed by the copyright holder saying it may be distributed
64
+under the terms of this General Public License.  The "Program", below,
65
+refers to any such program or work, and a "work based on the Program"
66
+means either the Program or any derivative work under copyright law:
67
+that is to say, a work containing the Program or a portion of it,
68
+either verbatim or with modifications and/or translated into another
69
+language.  (Hereinafter, translation is included without limitation in
70
+the term "modification".)  Each licensee is addressed as "you".
71
+
72
+Activities other than copying, distribution and modification are not
73
+covered by this License; they are outside its scope.  The act of
74
+running the Program is not restricted, and the output from the Program
75
+is covered only if its contents constitute a work based on the
76
+Program (independent of having been made by running the Program).
77
+Whether that is true depends on what the Program does.
78
+
79
+  1. You may copy and distribute verbatim copies of the Program's
80
+source code as you receive it, in any medium, provided that you
81
+conspicuously and appropriately publish on each copy an appropriate
82
+copyright notice and disclaimer of warranty; keep intact all the
83
+notices that refer to this License and to the absence of any warranty;
84
+and give any other recipients of the Program a copy of this License
85
+along with the Program.
86
+
87
+You may charge a fee for the physical act of transferring a copy, and
88
+you may at your option offer warranty protection in exchange for a fee.
89
+
90
+  2. You may modify your copy or copies of the Program or any portion
91
+of it, thus forming a work based on the Program, and copy and
92
+distribute such modifications or work under the terms of Section 1
93
+above, provided that you also meet all of these conditions:
94
+
95
+    a) You must cause the modified files to carry prominent notices
96
+    stating that you changed the files and the date of any change.
97
+
98
+    b) You must cause any work that you distribute or publish, that in
99
+    whole or in part contains or is derived from the Program or any
100
+    part thereof, to be licensed as a whole at no charge to all third
101
+    parties under the terms of this License.
102
+
103
+    c) If the modified program normally reads commands interactively
104
+    when run, you must cause it, when started running for such
105
+    interactive use in the most ordinary way, to print or display an
106
+    announcement including an appropriate copyright notice and a
107
+    notice that there is no warranty (or else, saying that you provide
108
+    a warranty) and that users may redistribute the program under
109
+    these conditions, and telling the user how to view a copy of this
110
+    License.  (Exception: if the Program itself is interactive but
111
+    does not normally print such an announcement, your work based on
112
+    the Program is not required to print an announcement.)
113
+
114
+These requirements apply to the modified work as a whole.  If
115
+identifiable sections of that work are not derived from the Program,
116
+and can be reasonably considered independent and separate works in
117
+themselves, then this License, and its terms, do not apply to those
118
+sections when you distribute them as separate works.  But when you
119
+distribute the same sections as part of a whole which is a work based
120
+on the Program, the distribution of the whole must be on the terms of
121
+this License, whose permissions for other licensees extend to the
122
+entire whole, and thus to each and every part regardless of who wrote it.
123
+
124
+Thus, it is not the intent of this section to claim rights or contest
125
+your rights to work written entirely by you; rather, the intent is to
126
+exercise the right to control the distribution of derivative or
127
+collective works based on the Program.
128
+
129
+In addition, mere aggregation of another work not based on the Program
130
+with the Program (or with a work based on the Program) on a volume of
131
+a storage or distribution medium does not bring the other work under
132
+the scope of this License.
133
+
134
+  3. You may copy and distribute the Program (or a work based on it,
135
+under Section 2) in object code or executable form under the terms of
136
+Sections 1 and 2 above provided that you also do one of the following:
137
+
138
+    a) Accompany it with the complete corresponding machine-readable
139
+    source code, which must be distributed under the terms of Sections
140
+    1 and 2 above on a medium customarily used for software interchange; or,
141
+
142
+    b) Accompany it with a written offer, valid for at least three
143
+    years, to give any third party, for a charge no more than your
144
+    cost of physically performing source distribution, a complete
145
+    machine-readable copy of the corresponding source code, to be
146
+    distributed under the terms of Sections 1 and 2 above on a medium
147
+    customarily used for software interchange; or,
148
+
149
+    c) Accompany it with the information you received as to the offer
150
+    to distribute corresponding source code.  (This alternative is
151
+    allowed only for noncommercial distribution and only if you
152
+    received the program in object code or executable form with such
153
+    an offer, in accord with Subsection b above.)
154
+
155
+The source code for a work means the preferred form of the work for
156
+making modifications to it.  For an executable work, complete source
157
+code means all the source code for all modules it contains, plus any
158
+associated interface definition files, plus the scripts used to
159
+control compilation and installation of the executable.  However, as a
160
+special exception, the source code distributed need not include
161
+anything that is normally distributed (in either source or binary
162
+form) with the major components (compiler, kernel, and so on) of the
163
+operating system on which the executable runs, unless that component
164
+itself accompanies the executable.
165
+
166
+If distribution of executable or object code is made by offering
167
+access to copy from a designated place, then offering equivalent
168
+access to copy the source code from the same place counts as
169
+distribution of the source code, even though third parties are not
170
+compelled to copy the source along with the object code.
171
+
172
+  4. You may not copy, modify, sublicense, or distribute the Program
173
+except as expressly provided under this License.  Any attempt
174
+otherwise to copy, modify, sublicense or distribute the Program is
175
+void, and will automatically terminate your rights under this License.
176
+However, parties who have received copies, or rights, from you under
177
+this License will not have their licenses terminated so long as such
178
+parties remain in full compliance.
179
+
180
+  5. You are not required to accept this License, since you have not
181
+signed it.  However, nothing else grants you permission to modify or
182
+distribute the Program or its derivative works.  These actions are
183
+prohibited by law if you do not accept this License.  Therefore, by
184
+modifying or distributing the Program (or any work based on the
185
+Program), you indicate your acceptance of this License to do so, and
186
+all its terms and conditions for copying, distributing or modifying
187
+the Program or works based on it.
188
+
189
+  6. Each time you redistribute the Program (or any work based on the
190
+Program), the recipient automatically receives a license from the
191
+original licensor to copy, distribute or modify the Program subject to
192
+these terms and conditions.  You may not impose any further
193
+restrictions on the recipients' exercise of the rights granted herein.
194
+You are not responsible for enforcing compliance by third parties to
195
+this License.
196
+
197
+  7. If, as a consequence of a court judgment or allegation of patent
198
+infringement or for any other reason (not limited to patent issues),
199
+conditions are imposed on you (whether by court order, agreement or
200
+otherwise) that contradict the conditions of this License, they do not
201
+excuse you from the conditions of this License.  If you cannot
202
+distribute so as to satisfy simultaneously your obligations under this
203
+License and any other pertinent obligations, then as a consequence you
204
+may not distribute the Program at all.  For example, if a patent
205
+license would not permit royalty-free redistribution of the Program by
206
+all those who receive copies directly or indirectly through you, then
207
+the only way you could satisfy both it and this License would be to
208
+refrain entirely from distribution of the Program.
209
+
210
+If any portion of this section is held invalid or unenforceable under
211
+any particular circumstance, the balance of the section is intended to
212
+apply and the section as a whole is intended to apply in other
213
+circumstances.
214
+
215
+It is not the purpose of this section to induce you to infringe any
216
+patents or other property right claims or to contest validity of any
217
+such claims; this section has the sole purpose of protecting the
218
+integrity of the free software distribution system, which is
219
+implemented by public license practices.  Many people have made
220
+generous contributions to the wide range of software distributed
221
+through that system in reliance on consistent application of that
222
+system; it is up to the author/donor to decide if he or she is willing
223
+to distribute software through any other system and a licensee cannot
224
+impose that choice.
225
+
226
+This section is intended to make thoroughly clear what is believed to
227
+be a consequence of the rest of this License.
228
+
229
+  8. If the distribution and/or use of the Program is restricted in
230
+certain countries either by patents or by copyrighted interfaces, the
231
+original copyright holder who places the Program under this License
232
+may add an explicit geographical distribution limitation excluding
233
+those countries, so that distribution is permitted only in or among
234
+countries not thus excluded.  In such case, this License incorporates
235
+the limitation as if written in the body of this License.
236
+
237
+  9. The Free Software Foundation may publish revised and/or new versions
238
+of the General Public License from time to time.  Such new versions will
239
+be similar in spirit to the present version, but may differ in detail to
240
+address new problems or concerns.
241
+
242
+Each version is given a distinguishing version number.  If the Program
243
+specifies a version number of this License which applies to it and "any
244
+later version", you have the option of following the terms and conditions
245
+either of that version or of any later version published by the Free
246
+Software Foundation.  If the Program does not specify a version number of
247
+this License, you may choose any version ever published by the Free Software
248
+Foundation.
249
+
250
+  10. If you wish to incorporate parts of the Program into other free
251
+programs whose distribution conditions are different, write to the author
252
+to ask for permission.  For software which is copyrighted by the Free
253
+Software Foundation, write to the Free Software Foundation; we sometimes
254
+make exceptions for this.  Our decision will be guided by the two goals
255
+of preserving the free status of all derivatives of our free software and
256
+of promoting the sharing and reuse of software generally.
257
+
258
+                            NO WARRANTY
259
+
260
+  11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY
261
+FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW.  EXCEPT WHEN
262
+OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES
263
+PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED
264
+OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
265
+MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.  THE ENTIRE RISK AS
266
+TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU.  SHOULD THE
267
+PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING,
268
+REPAIR OR CORRECTION.
269
+
270
+  12. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING
271
+WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR
272
+REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES,
273
+INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING
274
+OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED
275
+TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY
276
+YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER
277
+PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE
278
+POSSIBILITY OF SUCH DAMAGES.
279
+
280
+                     END OF TERMS AND CONDITIONS
281
+
282
+            How to Apply These Terms to Your New Programs
283
+
284
+  If you develop a new program, and you want it to be of the greatest
285
+possible use to the public, the best way to achieve this is to make it
286
+free software which everyone can redistribute and change under these terms.
287
+
288
+  To do so, attach the following notices to the program.  It is safest
289
+to attach them to the start of each source file to most effectively
290
+convey the exclusion of warranty; and each file should have at least
291
+the "copyright" line and a pointer to where the full notice is found.
292
+
293
+    <one line to give the program's name and a brief idea of what it does.>
294
+    Copyright (C) <year>  <name of author>
295
+
296
+    This program is free software; you can redistribute it and/or modify
297
+    it under the terms of the GNU General Public License as published by
298
+    the Free Software Foundation; either version 2 of the License, or
299
+    (at your option) any later version.
300
+
301
+    This program is distributed in the hope that it will be useful,
302
+    but WITHOUT ANY WARRANTY; without even the implied warranty of
303
+    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
304
+    GNU General Public License for more details.
305
+
306
+    You should have received a copy of the GNU General Public License along
307
+    with this program; if not, write to the Free Software Foundation, Inc.,
308
+    51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
309
+
310
+Also add information on how to contact you by electronic and paper mail.
311
+
312
+If the program is interactive, make it output a short notice like this
313
+when it starts in an interactive mode:
314
+
315
+    Gnomovision version 69, Copyright (C) year name of author
316
+    Gnomovision comes with ABSOLUTELY NO WARRANTY; for details type `show w'.
317
+    This is free software, and you are welcome to redistribute it
318
+    under certain conditions; type `show c' for details.
319
+
320
+The hypothetical commands `show w' and `show c' should show the appropriate
321
+parts of the General Public License.  Of course, the commands you use may
322
+be called something other than `show w' and `show c'; they could even be
323
+mouse-clicks or menu items--whatever suits your program.
324
+
325
+You should also get your employer (if you work as a programmer) or your
326
+school, if any, to sign a "copyright disclaimer" for the program, if
327
+necessary.  Here is a sample; alter the names:
328
+
329
+  Yoyodyne, Inc., hereby disclaims all copyright interest in the program
330
+  `Gnomovision' (which makes passes at compilers) written by James Hacker.
331
+
332
+  <signature of Ty Coon>, 1 April 1989
333
+  Ty Coon, President of Vice
334
+
335
+This General Public License does not permit incorporating your program into
336
+proprietary programs.  If your program is a subroutine library, you may
337
+consider it more useful to permit linking proprietary applications with the
338
+library.  If this is what you want to do, use the GNU Lesser General
339
+Public License instead of this License.

+ 30
- 0
Makefile Dosyayı Görüntüle

@@ -0,0 +1,30 @@
1
+CC =		gcc
2
+CFLAGS =	-O2 -s -D_GNU_SOURCE
3
+LDLIBS =	-lcrypt
4
+PREFIX =
5
+BINDIR =	$(PREFIX)/usr/sbin
6
+
7
+all: sessmgr
8
+	@echo "All done!"
9
+
10
+sessmgr: sessmgr.o sha256.o
11
+	$(CC) $(CFLAGS) $(LDLIBS) sessmgr.o sha256.o -o sessmgr
12
+
13
+sessmgr.o: sessmgr.c
14
+	$(CC) $(CFLAGS) -c sessmgr.c
15
+
16
+sha256.o: sha256.c
17
+	$(CC) $(CFLAGS) -c sha256.c
18
+
19
+install:
20
+	mkdir -p $(BINDIR)
21
+	cp sessmgr $(BINDIR)
22
+	@echo "All done!"
23
+
24
+uninstall:
25
+	rm -f $(BINDIR)/sessmgr
26
+	@echo "All done!"
27
+
28
+clean:
29
+	rm -f sessmgr *.o
30
+	@echo "All done!"

+ 10
- 0
README Dosyayı Görüntüle

@@ -0,0 +1,10 @@
1
+Session Manager
2
+===============
3
+
4
+SessMgr is a small utility for Kagera Firmware Administrator's WebUI session validation.
5
+Its task is to check password, validate sessions and authorize administrator access.
6
+For security reasons, it also saves all success authorization in system logger and allows
7
+to easily log out from Web Interface.
8
+
9
+
10
+It is based on Gargoyle Session Validator <http://www.gargoyle-router.com/>

+ 0
- 4
README.md Dosyayı Görüntüle

@@ -1,4 +0,0 @@
1
-sessmgr
2
-=======
3
-
4
-Kagera Session Manager

+ 317
- 0
sessmgr.c Dosyayı Görüntüle

@@ -0,0 +1,317 @@
1
+/**
2
+ * @PROJECT			Session Manager
3
+ * @COPYRIGHT		See COPYING in the top level directory
4
+ * @FILE			sessmgr.h
5
+ * @PURPOSE			WebUI session manager
6
+ * @DEVELOPERS		Eric Bishop <eric@gargoyle-router.com>
7
+ *					Rafal Kupiec <belliash@asiotec.eu.org>
8
+ */
9
+
10
+#include <stdio.h>
11
+#include <stdlib.h>
12
+#include <string.h>
13
+#include <unistd.h>
14
+#include <pwd.h>
15
+#include <stdarg.h>
16
+#include <time.h>
17
+
18
+#include "sessmgr.h"
19
+#include "sha256.h"
20
+
21
+char* get_cookie_time(time_t t) {
22
+	struct tm* utc = gmtime(&t);
23
+	char wday[4];
24
+	char month[4];
25
+	switch(utc->tm_wday) {
26
+		case 0:
27
+			sprintf(wday, "Sun");
28
+			break;
29
+		case 1:
30
+			sprintf(wday, "Mon");
31
+			break;
32
+		case 2:
33
+			sprintf(wday, "Tue");
34
+			break;
35
+		case 3:
36
+			sprintf(wday, "Wed");
37
+			break;
38
+		case 4:
39
+			sprintf(wday, "Thu");
40
+			break;
41
+		case 5:
42
+			sprintf(wday, "Fri");
43
+			break;
44
+		case 6:
45
+			sprintf(wday, "Sat");
46
+			break;
47
+		}
48
+	switch(utc->tm_mon) {
49
+		case 0:
50
+			sprintf(month, "Jan");
51
+			break;
52
+		case 1:
53
+			sprintf(month, "Feb");
54
+			break;
55
+		case 2:
56
+			sprintf(month, "Mar");
57
+			break;
58
+		case 3:
59
+			sprintf(month, "Apr");
60
+			break;
61
+		case 4:
62
+			sprintf(month, "May");
63
+			break;
64
+		case 5:
65
+			sprintf(month, "Jun");
66
+			break;
67
+		case 6:
68
+			sprintf(month, "Jul");
69
+			break;
70
+		case 7:
71
+			sprintf(month, "Aug");
72
+			break;
73
+		case 8:
74
+			sprintf(month, "Sep");
75
+			break;
76
+		case 9:
77
+			sprintf(month, "Oct");
78
+			break;
79
+		case 10:
80
+			sprintf(month, "Nov");
81
+			break;
82
+		case 11:
83
+			sprintf(month, "Dec");
84
+			break;
85
+	}
86
+	char utc_str[200];
87
+	sprintf(utc_str, "%s, %d %s %d %02d:%02d:%02d UTC", wday, utc->tm_mday, month, (utc->tm_year + 1900), utc->tm_hour, utc->tm_min, utc->tm_sec);
88
+	return safe_strdup(utc_str);
89
+}
90
+
91
+char* get_root_hash(void) {
92
+	char* root_hash = get_root_hash_from_file("/etc/shadow");
93
+	if(root_hash == NULL) {
94
+		root_hash = get_root_hash_from_file("/etc/passwd");
95
+	}
96
+	return root_hash;
97
+}
98
+
99
+char* get_root_hash_from_file(const char* passwd_file) {
100
+	int found = 0;
101
+	FILE *pw = fopen(passwd_file, "r");
102
+	char* root_hash = NULL;
103
+	if(pw != NULL) {
104
+		char line[512];
105
+		char* test = fgets(line, 511, pw);
106
+		while(test != NULL && !found) {
107
+			if(strlen(test) > 5) {
108
+				test[4] = '\0';
109
+				if(strcmp(test, "root") == 0) {
110
+					char* hash_end;
111
+					found = 1;
112
+					test = test + 5;
113
+					hash_end = strchr(test, ':');
114
+					*hash_end = '\0';
115
+					root_hash = safe_strdup(test);
116
+				}
117
+			}
118
+			test = fgets(line, 511, pw);
119
+		}
120
+		fclose(pw);
121
+	}
122
+	return root_hash;
123
+}
124
+
125
+int main(int argc, char **argv) {
126
+	char *password = NULL;
127
+	char *cookie_hash = NULL;
128
+	char *cookie_exp = NULL;
129
+	char *user_agent = NULL;
130
+	char *src_ip = NULL;
131
+	char *redirect = NULL;
132
+	int timeout_minutes = DEFAULT_SESSION_TIMEOUT;
133
+	unsigned long browser_time = 0;
134
+	int loggedout = 0;
135
+	int unconditionally_generate = 0;
136
+	int next_opt;
137
+	int read;
138
+
139
+	while((next_opt = getopt(argc, argv, "p:P:c:C:e:E:a:A:i:I:r:R:t:T:b:B:lL:gG")) != -1) {	
140
+		switch(next_opt) {
141
+			case 'p':
142
+			case 'P':
143
+				password = safe_strdup(optarg);
144
+				break;
145
+			case 'c':
146
+			case 'C':
147
+				cookie_hash = safe_strdup(optarg);
148
+				break;
149
+			case 'e':
150
+			case 'E':
151
+				cookie_exp = safe_strdup(optarg);
152
+				break;
153
+			case 'a':
154
+			case 'A':
155
+				user_agent = safe_strdup(optarg);
156
+				break;
157
+			case 'i':
158
+			case 'I':
159
+				src_ip = safe_strdup(optarg);
160
+				break;
161
+			case 'r':
162
+			case 'R':
163
+				redirect = safe_strdup(optarg);
164
+				break;
165
+			case 't':
166
+			case 'T':
167
+				read = sscanf(optarg, "%d", &timeout_minutes);
168
+				if(read > 0) {
169
+					timeout_minutes = timeout_minutes > 0 ? timeout_minutes : DEFAULT_SESSION_TIMEOUT;
170
+				} else {
171
+					timeout_minutes = DEFAULT_SESSION_TIMEOUT;
172
+				}
173
+				timeout_minutes *= 60;
174
+				break;
175
+			case 'b':
176
+			case 'B':
177
+				read = sscanf(optarg, "%ld", &browser_time);
178
+				browser_time = read > 0 ? browser_time : 0;
179
+				break;
180
+			case 'l':
181
+			case 'L':
182
+				loggedout = 1;
183
+				break;
184
+			case 'g':
185
+			case 'G':
186
+				unconditionally_generate = 1;
187
+				break;
188
+		}
189
+	}
190
+
191
+	int expired = 0;
192
+	int valid = 0;
193
+	char* root_hash = get_root_hash();
194
+	if(loggedout == 1) {
195
+		printf("echo \"Set-Cookie:kagera_sid=loggedout;\"; ");
196
+	} else if(root_hash != NULL) {
197
+		time_t now;
198
+		time(&now);
199
+		if(password != NULL) {
200
+			valid = strcmp(crypt(password, root_hash), root_hash) == 0 ? 1 : 0;
201
+			if(valid) {
202
+				printf("logger -t webui \"Kagera Administration Interface authorization succeeded from ${REMOTE_ADDR}\"; ");
203
+			}
204
+		} else if(cookie_hash != NULL && cookie_exp != NULL && user_agent != NULL && src_ip != NULL) {
205
+			time_t exp_time;
206
+			int read = sscanf(cookie_exp, "%ld", &exp_time);
207
+			if(read > 0) {
208
+				expired = 1;
209
+				if(exp_time > now && (exp_time - (timeout_minutes) - 2) <= now) {
210
+					expired = 0;
211
+				}
212
+			}
213
+			char *combined = safe_strcat(4, root_hash, cookie_exp, user_agent, src_ip);
214
+			char* hashed = get_sha256_hash_hex_str(combined);
215
+			if(strcmp(hashed, cookie_hash) == 0) {
216
+				if(expired == 0 && read > 0) {
217
+					valid = 1;
218
+				}
219
+			} else {
220
+				expired = 0;
221
+			}
222
+			free(hashed);
223
+			free(combined);
224
+		}
225
+		if(unconditionally_generate == 1) {
226
+			valid = 1;
227
+		}
228
+		if(valid == 1 && src_ip != NULL && user_agent != NULL) {
229
+			char* new_hash;
230
+			char* combined;
231
+			char new_exp[100] = "";
232
+			time_t new_exp_t = now + (timeout_minutes);
233
+			sprintf(new_exp, "%ld", new_exp_t);
234
+			char* cookie_exp;
235
+			if(browser_time > 0 && ((browser_time - now) < (-5*60) || (browser_time - now) > (5*60))) {
236
+				time_t cookie_exp_t = browser_time+(timeout_minutes);
237
+				cookie_exp = get_cookie_time(cookie_exp_t);
238
+			} else {
239
+				cookie_exp = get_cookie_time(new_exp_t);
240
+			}
241
+			combined = safe_strcat(4, root_hash, new_exp, user_agent, src_ip);
242
+			new_hash = get_sha256_hash_hex_str(combined);
243
+			if(browser_time == 0) {
244
+				printf("echo \"Set-Cookie:kagera_sid=%s; Path=/;\"; echo \"Set-Cookie:kagera_exp=%s; Path=/;\"; ", new_hash, new_exp);
245
+			} else {
246
+				printf("echo \"Set-Cookie:kagera_sid=%s; Expires=%s; Path=/;\"; echo \"Set-Cookie:kagera_exp=%s; Expires=%s; Path=/;\"; ", new_hash, cookie_exp, new_exp, cookie_exp);
247
+			}
248
+			free(new_hash);
249
+			free(combined);
250
+			free(cookie_exp);
251
+		} else {
252
+			printf("KAGERA_LOGGEDOUT=1\n");
253
+		}
254
+		free(root_hash);
255
+	}
256
+	if(redirect != NULL) {
257
+		char str[20] = "";
258
+		if(expired == 1) {
259
+			sprintf(str, "&expired=1");
260
+		} else if(loggedout == 1) {
261
+			sprintf(str, "&loggedout=1");
262
+		}
263
+		printf("echo \"HTTP/1.1 301 Moved Permanently;\"; echo \"Location: %s%s\"; exit", redirect, str);
264
+	}
265
+	return 0;
266
+}
267
+
268
+void* safe_malloc(size_t size) {
269
+	void* val = malloc(size);
270
+	if(val == NULL) {
271
+		fprintf(stderr, "ERROR: MALLOC FAILURE!\n");
272
+		exit(1);
273
+	}
274
+	return val;
275
+}
276
+
277
+char* safe_strcat(int num_strs, ...) {
278
+	va_list strs;
279
+	int new_length = 0;
280
+	int i;
281
+	int next_start;
282
+	char* new_str;
283
+
284
+	va_start(strs, num_strs);
285
+	for(i=0; i < num_strs; i++) {
286
+		char* next_arg = va_arg(strs, char*);
287
+		if(next_arg != NULL) {
288
+			new_length = new_length + strlen(next_arg);
289
+		}
290
+	}
291
+	va_end(strs);
292
+	new_str = safe_malloc((1 + new_length) * sizeof(char));
293
+	va_start(strs, num_strs);
294
+	next_start = 0;
295
+	for(i=0; i < num_strs; i++) {
296
+		char* next_arg = va_arg(strs, char*);
297
+		if(next_arg != NULL) {
298
+			int next_length = strlen(next_arg);
299
+			memcpy(new_str+next_start,next_arg, next_length);
300
+			next_start = next_start+next_length;
301
+		}
302
+	}
303
+	new_str[next_start] = '\0';
304
+	return new_str;
305
+}
306
+
307
+char* safe_strdup(const char* str) {
308
+	char* new_str = NULL;
309
+	if(str != NULL) {
310
+		new_str = strdup(str);
311
+		if(new_str == NULL) {
312
+			fprintf(stderr, "ERROR: MALLOC FAILURE!\n");
313
+			exit(1);
314
+		}
315
+	}
316
+	return new_str;
317
+}

+ 23
- 0
sessmgr.h Dosyayı Görüntüle

@@ -0,0 +1,23 @@
1
+/**
2
+ * @PROJECT			Session Manager
3
+ * @COPYRIGHT		See COPYING in the top level directory
4
+ * @FILE			sessmgr.h
5
+ * @PURPOSE			WebUI session manager
6
+ * @DEVELOPERS		Eric Bishop <eric@gargoyle-router.com>
7
+ *					Rafal Kupiec <belliash@asiotec.eu.org>
8
+ */
9
+
10
+#ifndef __SESSMGR_H
11
+#define __SESSMGR_H
12
+
13
+#define DEFAULT_SESSION_TIMEOUT 15
14
+
15
+extern char* crypt(const char* key, const char* setting);
16
+char* get_cookie_time(time_t t);
17
+char* get_root_hash(void);
18
+char* get_root_hash_from_file(const char* passwd_file);
19
+void* safe_malloc(size_t size);
20
+char* safe_strcat(int num_strs, ...);
21
+char* safe_strdup(const char* str);
22
+
23
+#endif

+ 180
- 0
sha256.c Dosyayı Görüntüle

@@ -0,0 +1,180 @@
1
+/*
2
+ * sha256.c - Implementation of the Secure Hash Algorithm-256 (SHA-256).
3
+ *
4
+ * Implemented from the description on the NIST Web site:
5
+ *		http://csrc.nist.gov/cryptval/shs.html
6
+ *
7
+ *
8
+ * Copyright (C) 2012  Rafal Kupiec (customized for sessmgr)
9
+ * Copyright (C) 2009  Eric Bishop (adapted as standalone utility)
10
+ * Copyright (C) 2002  Southern Storm Software, Pty Ltd.
11
+ *
12
+ * This program is free software; you can redistribute it and/or modify
13
+ * it under the terms of the GNU General Public License as published by
14
+ * the Free Software Foundation; either version 2 of the License, or
15
+ * (at your option) any later version.
16
+ *
17
+ * This program is distributed in the hope that it will be useful,
18
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
19
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
20
+ * GNU General Public License for more details.
21
+ *
22
+ * You should have received a copy of the GNU General Public License
23
+ * along with this program; if not, write to the Free Software
24
+ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
25
+ */
26
+
27
+#include <stdio.h>
28
+#include <stdlib.h>
29
+#include <string.h>
30
+#include <ctype.h>
31
+#include <unistd.h>
32
+
33
+#include "sha256.h"
34
+
35
+static void ProcessBlock(SHA256Context *sha, const unsigned char *block) {
36
+	u_int32_t W[64];
37
+	u_int32_t a, b, c, d, e, f, g, h;
38
+	u_int32_t temp, temp2;
39
+	int t;
40
+
41
+	for(t = 0; t < 16; ++t) {
42
+		W[t] = (((u_int32_t) (block[t * 4 + 0])) << 24) | (((u_int32_t) (block[t * 4 + 1])) << 16) | (((u_int32_t) (block[t * 4 + 2])) <<  8) | ((u_int32_t) (block[t * 4 + 3]));
43
+	}
44
+	for(t = 16; t < 64; ++t) {
45
+		W[t] = TRUNCLONG(RHO1(W[t - 2]) + W[t - 7] + RHO0(W[t - 15]) + W[t - 16]);
46
+	}
47
+	a = sha->A;
48
+	b = sha->B;
49
+	c = sha->C;
50
+	d = sha->D;
51
+	e = sha->E;
52
+	f = sha->F;
53
+	g = sha->G;
54
+	h = sha->H;
55
+	for(t = 0; t < 64; ++t) {
56
+		temp = TRUNCLONG(h + SUM1(e) + CH(e, f, g) + K[t] + W[t]);
57
+		temp2 = TRUNCLONG(SUM0(a) + MAJ(a, b, c));
58
+		h = g;
59
+		g = f;
60
+		f = e;
61
+		e = TRUNCLONG(d + temp);
62
+		d = c;
63
+		c = b;
64
+		b = a;
65
+		a = TRUNCLONG(temp + temp2);
66
+	}
67
+	sha->A = TRUNCLONG(sha->A + a);
68
+	sha->B = TRUNCLONG(sha->B + b);
69
+	sha->C = TRUNCLONG(sha->C + c);
70
+	sha->D = TRUNCLONG(sha->D + d);
71
+	sha->E = TRUNCLONG(sha->E + e);
72
+	sha->F = TRUNCLONG(sha->F + f);
73
+	sha->G = TRUNCLONG(sha->G + g);
74
+	sha->H = TRUNCLONG(sha->H + h);
75
+	DoMemZero(W, sizeof(u_int32_t) * 64);
76
+	a = b = c = d = e = f = g = h = temp = temp2 = 0;
77
+}
78
+
79
+void SHA256Data(SHA256Context *sha, const void *buffer, unsigned long len) {
80
+	unsigned long templen;
81
+
82
+	sha->totalLen += (u_int64_t)len;
83
+	while(len > 0) {
84
+		if(!(sha->inputLen) && len >= 64) {
85
+			ProcessBlock(sha, (const unsigned char *) buffer);
86
+			buffer = (const void *) (((const unsigned char *) buffer) + 64);
87
+			len -= 64;
88
+		} else {
89
+			templen = len;
90
+			if(templen > (64 - sha->inputLen)) {
91
+				templen = 64 - sha->inputLen;
92
+			}
93
+			memcpy(sha->input + sha->inputLen, buffer, templen);
94
+			if((sha->inputLen += templen) >= 64) {
95
+				ProcessBlock(sha, sha->input);
96
+				sha->inputLen = 0;
97
+			}
98
+			buffer = (const void *) (((const unsigned char *) buffer) + templen);
99
+			len -= templen;
100
+		}
101
+	}
102
+}
103
+
104
+void SHA256Finalize(SHA256Context *sha, unsigned char hash[SHA256_HASH_SIZE]) {
105
+	u_int64_t totalBits;
106
+
107
+	if(hash) {
108
+		if(sha->inputLen >= 56) {
109
+			sha->input[(sha->inputLen)++] = (unsigned char) 0x80;
110
+			while(sha->inputLen < 64) {
111
+				sha->input[(sha->inputLen)++] = (unsigned char) 0x00;
112
+			}
113
+			ProcessBlock(sha, sha->input);
114
+			sha->inputLen = 0;
115
+		} else {
116
+			sha->input[(sha->inputLen)++] = (unsigned char) 0x80;
117
+		}
118
+		while(sha->inputLen < 56) {
119
+			sha->input[(sha->inputLen)++] = (unsigned char) 0x00;
120
+		}
121
+		totalBits = (sha->totalLen << 3);
122
+		WriteLong(sha->input + 56, (u_int32_t) (totalBits >> 32));
123
+		WriteLong(sha->input + 60, (u_int32_t) totalBits);
124
+		ProcessBlock(sha, sha->input);
125
+		WriteLong(hash, sha->A);
126
+		WriteLong(hash + 4, sha->B);
127
+		WriteLong(hash + 8, sha->C);
128
+		WriteLong(hash + 12, sha->D);
129
+		WriteLong(hash + 16, sha->E);
130
+		WriteLong(hash + 20, sha->F);
131
+		WriteLong(hash + 24, sha->G);
132
+		WriteLong(hash + 28, sha->H);
133
+	}
134
+	DoMemZero(sha, sizeof(SHA256Context));
135
+}
136
+
137
+void SHA256Init(SHA256Context *sha) {
138
+	sha->inputLen = 0;
139
+	sha->A = 0x6a09e667;
140
+	sha->B = 0xbb67ae85;
141
+	sha->C = 0x3c6ef372;
142
+	sha->D = 0xa54ff53a;
143
+	sha->E = 0x510e527f;
144
+	sha->F = 0x9b05688c;
145
+	sha->G = 0x1f83d9ab;
146
+	sha->H = 0x5be0cd19;
147
+	sha->totalLen = 0;
148
+}
149
+
150
+static void WriteLong(unsigned char *buf, u_int32_t value) {
151
+	buf[0] = (unsigned char)(value >> 24);
152
+	buf[1] = (unsigned char)(value >> 16);
153
+	buf[2] = (unsigned char)(value >> 8);
154
+	buf[3] = (unsigned char)value;
155
+}
156
+
157
+unsigned char* get_sha256_hash(const char* unhashed) {
158
+	SHA256Context sha;
159
+	unsigned char* hash = (unsigned char*) malloc(32);
160
+
161
+	SHA256Init(&sha);
162
+	SHA256Data(&sha, unhashed, strlen(unhashed));
163
+	SHA256Finalize(&sha, hash);
164
+	return hash;
165
+}
166
+
167
+char* get_sha256_hash_hex_str(const char* unhashed) {
168
+	unsigned char* hashed = get_sha256_hash(unhashed);
169
+	char* hashed_hex = (char*) malloc(65);
170
+	char next_hex[3];
171
+	int index =0;
172
+
173
+	hashed_hex[0] = '\0';
174
+	for(index=0; index < 32; index++) {
175
+		sprintf(next_hex, "%02X", hashed[index]);
176
+		strcat(hashed_hex, next_hex);
177
+	}
178
+	free(hashed);
179
+	return hashed_hex;
180
+}

+ 59
- 0
sha256.h Dosyayı Görüntüle

@@ -0,0 +1,59 @@
1
+#ifndef __SHA256_H
2
+#define __SHA256_H
3
+
4
+#define DoMemZero(dest,len) (memset((dest), 0, (len)))
5
+
6
+#if SIZEOF_LONG > 4
7
+	#define TRUNCLONG(x) ((x) & IL_MAX_UINT32)
8
+	#define ROTATE(x,n) (TRUNCLONG(((x) >> (n))) | ((x) << (32 - (n))))
9
+	#define SHIFT(x,n) (TRUNCLONG(((x) >> (n))))
10
+#else
11
+	#define TRUNCLONG(x) (x)
12
+	#define ROTATE(x,n) (((x) >> (n)) | ((x) << (32 - (n))))
13
+	#define SHIFT(x,n) ((x) >> (n))
14
+#endif
15
+
16
+#define CH(x,y,z) (((x) & (y)) ^ (TRUNCLONG(~(x)) & (z)))
17
+#define MAJ(x,y,z) (((x) & (y)) ^ ((x) & (z)) ^ ((y) & (z)))
18
+#define SUM0(x) (ROTATE((x), 2) ^ ROTATE((x), 13) ^ ROTATE((x), 22))
19
+#define SUM1(x) (ROTATE((x), 6) ^ ROTATE((x), 11) ^ ROTATE((x), 25))
20
+#define RHO0(x) (ROTATE((x), 7) ^ ROTATE((x), 18) ^ SHIFT((x), 3))
21
+#define RHO1(x) (ROTATE((x), 17) ^ ROTATE((x), 19) ^ SHIFT((x), 10))
22
+
23
+#define SHA256_HASH_SIZE 32
24
+
25
+typedef struct _tagSHA256Context {
26
+	unsigned char input[64];
27
+	u_int32_t inputLen;
28
+	u_int32_t A, B, C, D, E, F, G, H;
29
+	u_int64_t totalLen;
30
+} SHA256Context;
31
+
32
+static u_int32_t const K[64] = {
33
+	0x428a2f98, 0x71374491, 0xb5c0fbcf, 0xe9b5dba5,
34
+	0x3956c25b, 0x59f111f1, 0x923f82a4, 0xab1c5ed5,
35
+	0xd807aa98, 0x12835b01, 0x243185be, 0x550c7dc3,
36
+	0x72be5d74, 0x80deb1fe, 0x9bdc06a7, 0xc19bf174,
37
+	0xe49b69c1, 0xefbe4786, 0x0fc19dc6, 0x240ca1cc,
38
+	0x2de92c6f, 0x4a7484aa, 0x5cb0a9dc, 0x76f988da,
39
+	0x983e5152, 0xa831c66d, 0xb00327c8, 0xbf597fc7,
40
+	0xc6e00bf3, 0xd5a79147, 0x06ca6351, 0x14292967,
41
+	0x27b70a85, 0x2e1b2138, 0x4d2c6dfc, 0x53380d13,
42
+	0x650a7354, 0x766a0abb, 0x81c2c92e, 0x92722c85,
43
+	0xa2bfe8a1, 0xa81a664b, 0xc24b8b70, 0xc76c51a3,
44
+	0xd192e819, 0xd6990624, 0xf40e3585, 0x106aa070,
45
+	0x19a4c116, 0x1e376c08, 0x2748774c, 0x34b0bcb5,
46
+	0x391c0cb3, 0x4ed8aa4a, 0x5b9cca4f, 0x682e6ff3,
47
+	0x748f82ee, 0x78a5636f, 0x84c87814, 0x8cc70208,
48
+	0x90befffa, 0xa4506ceb, 0xbef9a3f7, 0xc67178f2
49
+};
50
+
51
+static void ProcessBlock(SHA256Context *sha, const unsigned char *block);
52
+void SHA256Data(SHA256Context *sha, const void *buffer, unsigned long len);
53
+void SHA256Finalize(SHA256Context *sha, unsigned char hash[SHA256_HASH_SIZE]);
54
+void SHA256Init(SHA256Context *sha);
55
+static void WriteLong(unsigned char *buf, u_int32_t value);
56
+extern unsigned char* get_sha256_hash(const char* unhashed);
57
+extern char* get_sha256_hash_hex_str(const char* unhashed);
58
+
59
+#endif

Loading…
İptal
Kaydet