diff --git a/Makefile b/Makefile index aef00b6..41e69eb 100644 --- a/Makefile +++ b/Makefile @@ -4,6 +4,12 @@ LDLIBS = -lcrypt PREFIX = BINDIR = $(PREFIX)/usr/sbin +ifeq ($(USE_SHADOW), 1) + DEFS:=-DUSE_SHADOW +else + DEFS:= +endif + all: sessmgr @echo "All done!" @@ -11,10 +17,10 @@ sessmgr: sessmgr.o sha256.o $(CC) $(CFLAGS) $(LDLIBS) sessmgr.o sha256.o -o sessmgr sessmgr.o: sessmgr.c - $(CC) $(CFLAGS) -c sessmgr.c + $(CC) $(CFLAGS) $(DEFS) -c sessmgr.c sha256.o: sha256.c - $(CC) $(CFLAGS) -c sha256.c + $(CC) $(CFLAGS) $(DEFS) -c sha256.c install: mkdir -p $(BINDIR) diff --git a/sessmgr.c b/sessmgr.c index f2b05cc..793c07e 100644 --- a/sessmgr.c +++ b/sessmgr.c @@ -11,13 +11,36 @@ #include #include #include -#include #include #include +#include +#ifdef USE_SHADOW + #include +#endif #include "sessmgr.h" #include "sha256.h" + +char* get_admin_hash(const char* username) { + char* admin_hash = NULL; + + if(username) { +#ifdef USE_SHADOW + struct spwd* pw; + if((pw = getspnam(username)) != NULL) { + admin_hash = strdup(pw->sp_pwdp); + } +#else + struct passwd* pw; + if((pw = getpwnam(username)) != NULL) { + admin_hash = strdup(pw->pw_passwd); + } +#endif + } + return admin_hash; +} + char* get_cookie_time(time_t t) { struct tm* utc = gmtime(&t); char wday[4]; @@ -88,42 +111,9 @@ char* get_cookie_time(time_t t) { return safe_strdup(utc_str); } -char* get_root_hash(void) { - char* root_hash = get_root_hash_from_file("/etc/shadow"); - if(root_hash == NULL) { - root_hash = get_root_hash_from_file("/etc/passwd"); - } - return root_hash; -} - -char* get_root_hash_from_file(const char* passwd_file) { - int found = 0; - FILE *pw = fopen(passwd_file, "r"); - char* root_hash = NULL; - if(pw != NULL) { - char line[512]; - char* test = fgets(line, 511, pw); - while(test != NULL && !found) { - if(strlen(test) > 5) { - test[4] = '\0'; - if(strcmp(test, "root") == 0) { - char* hash_end; - found = 1; - test = test + 5; - hash_end = strchr(test, ':'); - *hash_end = '\0'; - root_hash = safe_strdup(test); - } - } - test = fgets(line, 511, pw); - } - fclose(pw); - } - return root_hash; -} - int main(int argc, char **argv) { char *password = NULL; + char *username = NULL; char *cookie_hash = NULL; char *cookie_exp = NULL; char *user_agent = NULL; @@ -132,16 +122,19 @@ int main(int argc, char **argv) { int timeout_minutes = DEFAULT_SESSION_TIMEOUT; unsigned long browser_time = 0; int loggedout = 0; - int unconditionally_generate = 0; int next_opt; int read; - while((next_opt = getopt(argc, argv, "p:P:c:C:e:E:a:A:i:I:r:R:t:T:b:B:lL:gG")) != -1) { + while((next_opt = getopt(argc, argv, "p:P:u:U:c:C:e:E:a:A:i:I:r:R:t:T:b:B:lL")) != -1) { switch(next_opt) { case 'p': case 'P': password = safe_strdup(optarg); break; + case 'u': + case 'U': + username = safe_strdup(optarg); + break; case 'c': case 'C': cookie_hash = safe_strdup(optarg); @@ -181,23 +174,19 @@ int main(int argc, char **argv) { case 'L': loggedout = 1; break; - case 'g': - case 'G': - unconditionally_generate = 1; - break; } } int expired = 0; int valid = 0; - char* root_hash = get_root_hash(); + char* admin_hash = get_admin_hash(username); if(loggedout == 1) { - printf("echo \"Set-Cookie:kagera_sid=loggedout;\"; "); - } else if(root_hash != NULL) { + printf("echo \"Set-Cookie:kagera_sid=loggedout;\"; echo \"Set-Cookie:kagera_usr=loggedout;\"; "); + } else if(admin_hash != NULL) { time_t now; time(&now); if(password != NULL) { - valid = strcmp(crypt(password, root_hash), root_hash) == 0 ? 1 : 0; + valid = strcmp(crypt(password, admin_hash), admin_hash) == 0 ? 1 : 0; if(valid) { printf("logger -t webui \"Kagera Administration Interface authorization succeeded from ${REMOTE_ADDR}\"; "); } @@ -210,7 +199,7 @@ int main(int argc, char **argv) { expired = 0; } } - char *combined = safe_strcat(4, root_hash, cookie_exp, user_agent, src_ip); + char *combined = safe_strcat(4, admin_hash, cookie_exp, user_agent, src_ip); char* hashed = get_sha256_hash_hex_str(combined); if(strcmp(hashed, cookie_hash) == 0) { if(expired == 0 && read > 0) { @@ -222,9 +211,6 @@ int main(int argc, char **argv) { free(hashed); free(combined); } - if(unconditionally_generate == 1) { - valid = 1; - } if(valid == 1 && src_ip != NULL && user_agent != NULL) { char* new_hash; char* combined; @@ -238,20 +224,19 @@ int main(int argc, char **argv) { } else { cookie_exp = get_cookie_time(new_exp_t); } - combined = safe_strcat(4, root_hash, new_exp, user_agent, src_ip); + combined = safe_strcat(4, admin_hash, new_exp, user_agent, src_ip); new_hash = get_sha256_hash_hex_str(combined); if(browser_time == 0) { - printf("echo \"Set-Cookie:kagera_sid=%s; Path=/;\"; echo \"Set-Cookie:kagera_exp=%s; Path=/;\"; ", new_hash, new_exp); + printf("echo \"Set-Cookie:kagera_sid=%s; Path=/;\"; echo \"Set-Cookie:kagera_usr=%s; Path=/;\"; echo \"Set-Cookie:kagera_exp=%s; Path=/;\"; ", new_hash, username, new_exp); } else { - printf("echo \"Set-Cookie:kagera_sid=%s; Expires=%s; Path=/;\"; echo \"Set-Cookie:kagera_exp=%s; Expires=%s; Path=/;\"; ", new_hash, cookie_exp, new_exp, cookie_exp); + printf("echo \"Set-Cookie:kagera_sid=%s; Expires=%s; Path=/;\"; echo \"Set-Cookie:kagera_usr=%s; Expires=%s; Path=/;\"; echo \"Set-Cookie:kagera_exp=%s; Expires=%s; Path=/;\"; ", new_hash, cookie_exp, username, cookie_exp, new_exp, cookie_exp); } free(new_hash); free(combined); free(cookie_exp); - } else { - printf("KAGERA_LOGGEDOUT=1\n"); + printf("VALIDSESS=1\n"); } - free(root_hash); + free(admin_hash); } if(redirect != NULL) { char str[20] = ""; diff --git a/sessmgr.h b/sessmgr.h index 771a58f..e9333be 100644 --- a/sessmgr.h +++ b/sessmgr.h @@ -13,9 +13,8 @@ #define DEFAULT_SESSION_TIMEOUT 15 extern char* crypt(const char* key, const char* setting); +char* get_admin_hash(const char* username); char* get_cookie_time(time_t t); -char* get_root_hash(void); -char* get_root_hash_from_file(const char* passwd_file); void* safe_malloc(size_t size); char* safe_strcat(int num_strs, ...); char* safe_strdup(const char* str);