update to v1.31
This commit is contained in:
parent
ea16a23563
commit
27b78ae986
10
Makefile
10
Makefile
@ -4,6 +4,12 @@ LDLIBS = -lcrypt
|
||||
PREFIX =
|
||||
BINDIR = $(PREFIX)/usr/sbin
|
||||
|
||||
ifeq ($(USE_SHADOW), 1)
|
||||
DEFS:=-DUSE_SHADOW
|
||||
else
|
||||
DEFS:=
|
||||
endif
|
||||
|
||||
all: sessmgr
|
||||
@echo "All done!"
|
||||
|
||||
@ -11,10 +17,10 @@ sessmgr: sessmgr.o sha256.o
|
||||
$(CC) $(CFLAGS) $(LDLIBS) sessmgr.o sha256.o -o sessmgr
|
||||
|
||||
sessmgr.o: sessmgr.c
|
||||
$(CC) $(CFLAGS) -c sessmgr.c
|
||||
$(CC) $(CFLAGS) $(DEFS) -c sessmgr.c
|
||||
|
||||
sha256.o: sha256.c
|
||||
$(CC) $(CFLAGS) -c sha256.c
|
||||
$(CC) $(CFLAGS) $(DEFS) -c sha256.c
|
||||
|
||||
install:
|
||||
mkdir -p $(BINDIR)
|
||||
|
95
sessmgr.c
95
sessmgr.c
@ -11,13 +11,36 @@
|
||||
#include <stdlib.h>
|
||||
#include <string.h>
|
||||
#include <unistd.h>
|
||||
#include <pwd.h>
|
||||
#include <stdarg.h>
|
||||
#include <time.h>
|
||||
#include <pwd.h>
|
||||
#ifdef USE_SHADOW
|
||||
#include <shadow.h>
|
||||
#endif
|
||||
|
||||
#include "sessmgr.h"
|
||||
#include "sha256.h"
|
||||
|
||||
|
||||
char* get_admin_hash(const char* username) {
|
||||
char* admin_hash = NULL;
|
||||
|
||||
if(username) {
|
||||
#ifdef USE_SHADOW
|
||||
struct spwd* pw;
|
||||
if((pw = getspnam(username)) != NULL) {
|
||||
admin_hash = strdup(pw->sp_pwdp);
|
||||
}
|
||||
#else
|
||||
struct passwd* pw;
|
||||
if((pw = getpwnam(username)) != NULL) {
|
||||
admin_hash = strdup(pw->pw_passwd);
|
||||
}
|
||||
#endif
|
||||
}
|
||||
return admin_hash;
|
||||
}
|
||||
|
||||
char* get_cookie_time(time_t t) {
|
||||
struct tm* utc = gmtime(&t);
|
||||
char wday[4];
|
||||
@ -88,42 +111,9 @@ char* get_cookie_time(time_t t) {
|
||||
return safe_strdup(utc_str);
|
||||
}
|
||||
|
||||
char* get_root_hash(void) {
|
||||
char* root_hash = get_root_hash_from_file("/etc/shadow");
|
||||
if(root_hash == NULL) {
|
||||
root_hash = get_root_hash_from_file("/etc/passwd");
|
||||
}
|
||||
return root_hash;
|
||||
}
|
||||
|
||||
char* get_root_hash_from_file(const char* passwd_file) {
|
||||
int found = 0;
|
||||
FILE *pw = fopen(passwd_file, "r");
|
||||
char* root_hash = NULL;
|
||||
if(pw != NULL) {
|
||||
char line[512];
|
||||
char* test = fgets(line, 511, pw);
|
||||
while(test != NULL && !found) {
|
||||
if(strlen(test) > 5) {
|
||||
test[4] = '\0';
|
||||
if(strcmp(test, "root") == 0) {
|
||||
char* hash_end;
|
||||
found = 1;
|
||||
test = test + 5;
|
||||
hash_end = strchr(test, ':');
|
||||
*hash_end = '\0';
|
||||
root_hash = safe_strdup(test);
|
||||
}
|
||||
}
|
||||
test = fgets(line, 511, pw);
|
||||
}
|
||||
fclose(pw);
|
||||
}
|
||||
return root_hash;
|
||||
}
|
||||
|
||||
int main(int argc, char **argv) {
|
||||
char *password = NULL;
|
||||
char *username = NULL;
|
||||
char *cookie_hash = NULL;
|
||||
char *cookie_exp = NULL;
|
||||
char *user_agent = NULL;
|
||||
@ -132,16 +122,19 @@ int main(int argc, char **argv) {
|
||||
int timeout_minutes = DEFAULT_SESSION_TIMEOUT;
|
||||
unsigned long browser_time = 0;
|
||||
int loggedout = 0;
|
||||
int unconditionally_generate = 0;
|
||||
int next_opt;
|
||||
int read;
|
||||
|
||||
while((next_opt = getopt(argc, argv, "p:P:c:C:e:E:a:A:i:I:r:R:t:T:b:B:lL:gG")) != -1) {
|
||||
while((next_opt = getopt(argc, argv, "p:P:u:U:c:C:e:E:a:A:i:I:r:R:t:T:b:B:lL")) != -1) {
|
||||
switch(next_opt) {
|
||||
case 'p':
|
||||
case 'P':
|
||||
password = safe_strdup(optarg);
|
||||
break;
|
||||
case 'u':
|
||||
case 'U':
|
||||
username = safe_strdup(optarg);
|
||||
break;
|
||||
case 'c':
|
||||
case 'C':
|
||||
cookie_hash = safe_strdup(optarg);
|
||||
@ -181,23 +174,19 @@ int main(int argc, char **argv) {
|
||||
case 'L':
|
||||
loggedout = 1;
|
||||
break;
|
||||
case 'g':
|
||||
case 'G':
|
||||
unconditionally_generate = 1;
|
||||
break;
|
||||
}
|
||||
}
|
||||
|
||||
int expired = 0;
|
||||
int valid = 0;
|
||||
char* root_hash = get_root_hash();
|
||||
char* admin_hash = get_admin_hash(username);
|
||||
if(loggedout == 1) {
|
||||
printf("echo \"Set-Cookie:kagera_sid=loggedout;\"; ");
|
||||
} else if(root_hash != NULL) {
|
||||
printf("echo \"Set-Cookie:kagera_sid=loggedout;\"; echo \"Set-Cookie:kagera_usr=loggedout;\"; ");
|
||||
} else if(admin_hash != NULL) {
|
||||
time_t now;
|
||||
time(&now);
|
||||
if(password != NULL) {
|
||||
valid = strcmp(crypt(password, root_hash), root_hash) == 0 ? 1 : 0;
|
||||
valid = strcmp(crypt(password, admin_hash), admin_hash) == 0 ? 1 : 0;
|
||||
if(valid) {
|
||||
printf("logger -t webui \"Kagera Administration Interface authorization succeeded from ${REMOTE_ADDR}\"; ");
|
||||
}
|
||||
@ -210,7 +199,7 @@ int main(int argc, char **argv) {
|
||||
expired = 0;
|
||||
}
|
||||
}
|
||||
char *combined = safe_strcat(4, root_hash, cookie_exp, user_agent, src_ip);
|
||||
char *combined = safe_strcat(4, admin_hash, cookie_exp, user_agent, src_ip);
|
||||
char* hashed = get_sha256_hash_hex_str(combined);
|
||||
if(strcmp(hashed, cookie_hash) == 0) {
|
||||
if(expired == 0 && read > 0) {
|
||||
@ -222,9 +211,6 @@ int main(int argc, char **argv) {
|
||||
free(hashed);
|
||||
free(combined);
|
||||
}
|
||||
if(unconditionally_generate == 1) {
|
||||
valid = 1;
|
||||
}
|
||||
if(valid == 1 && src_ip != NULL && user_agent != NULL) {
|
||||
char* new_hash;
|
||||
char* combined;
|
||||
@ -238,20 +224,19 @@ int main(int argc, char **argv) {
|
||||
} else {
|
||||
cookie_exp = get_cookie_time(new_exp_t);
|
||||
}
|
||||
combined = safe_strcat(4, root_hash, new_exp, user_agent, src_ip);
|
||||
combined = safe_strcat(4, admin_hash, new_exp, user_agent, src_ip);
|
||||
new_hash = get_sha256_hash_hex_str(combined);
|
||||
if(browser_time == 0) {
|
||||
printf("echo \"Set-Cookie:kagera_sid=%s; Path=/;\"; echo \"Set-Cookie:kagera_exp=%s; Path=/;\"; ", new_hash, new_exp);
|
||||
printf("echo \"Set-Cookie:kagera_sid=%s; Path=/;\"; echo \"Set-Cookie:kagera_usr=%s; Path=/;\"; echo \"Set-Cookie:kagera_exp=%s; Path=/;\"; ", new_hash, username, new_exp);
|
||||
} else {
|
||||
printf("echo \"Set-Cookie:kagera_sid=%s; Expires=%s; Path=/;\"; echo \"Set-Cookie:kagera_exp=%s; Expires=%s; Path=/;\"; ", new_hash, cookie_exp, new_exp, cookie_exp);
|
||||
printf("echo \"Set-Cookie:kagera_sid=%s; Expires=%s; Path=/;\"; echo \"Set-Cookie:kagera_usr=%s; Expires=%s; Path=/;\"; echo \"Set-Cookie:kagera_exp=%s; Expires=%s; Path=/;\"; ", new_hash, cookie_exp, username, cookie_exp, new_exp, cookie_exp);
|
||||
}
|
||||
free(new_hash);
|
||||
free(combined);
|
||||
free(cookie_exp);
|
||||
} else {
|
||||
printf("KAGERA_LOGGEDOUT=1\n");
|
||||
printf("VALIDSESS=1\n");
|
||||
}
|
||||
free(root_hash);
|
||||
free(admin_hash);
|
||||
}
|
||||
if(redirect != NULL) {
|
||||
char str[20] = "";
|
||||
|
@ -13,9 +13,8 @@
|
||||
#define DEFAULT_SESSION_TIMEOUT 15
|
||||
|
||||
extern char* crypt(const char* key, const char* setting);
|
||||
char* get_admin_hash(const char* username);
|
||||
char* get_cookie_time(time_t t);
|
||||
char* get_root_hash(void);
|
||||
char* get_root_hash_from_file(const char* passwd_file);
|
||||
void* safe_malloc(size_t size);
|
||||
char* safe_strcat(int num_strs, ...);
|
||||
char* safe_strdup(const char* str);
|
||||
|
Loading…
Reference in New Issue
Block a user