kagera/sessmgr
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

update to v1.31

Browse Source
This commit is contained in:
belliash
2013-07-26 17:40:19 +02:00
parent ea16a23563
commit 27b78ae986
3 changed files with 49 additions and 59 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
Makefile
View File

@@ -4,6 +4,12 @@ LDLIBS = -lcrypt
PREFIX = PREFIX =
BINDIR = $(PREFIX)/usr/sbin BINDIR = $(PREFIX)/usr/sbin
ifeq ($(USE_SHADOW), 1)
DEFS:=-DUSE_SHADOW
else
DEFS:=
endif
all: sessmgr all: sessmgr
@echo "All done!" @echo "All done!"
@@ -11,10 +17,10 @@ sessmgr: sessmgr.o sha256.o
$(CC) $(CFLAGS) $(LDLIBS) sessmgr.o sha256.o -o sessmgr $(CC) $(CFLAGS) $(LDLIBS) sessmgr.o sha256.o -o sessmgr
sessmgr.o: sessmgr.c sessmgr.o: sessmgr.c
$(CC) $(CFLAGS) -c sessmgr.c $(CC) $(CFLAGS) $(DEFS) -c sessmgr.c
sha256.o: sha256.c sha256.o: sha256.c
$(CC) $(CFLAGS) -c sha256.c $(CC) $(CFLAGS) $(DEFS) -c sha256.c
install: install:
mkdir -p $(BINDIR) mkdir -p $(BINDIR)

95
sessmgr.c
View File

@@ -11,13 +11,36 @@
#include <stdlib.h> #include <stdlib.h>
#include <string.h> #include <string.h>
#include <unistd.h> #include <unistd.h>
#include <pwd.h>
#include <stdarg.h> #include <stdarg.h>
#include <time.h> #include <time.h>
#include <pwd.h>
#ifdef USE_SHADOW
#include <shadow.h>
#endif
#include "sessmgr.h" #include "sessmgr.h"
#include "sha256.h" #include "sha256.h"
char* get_admin_hash(const char* username) {
char* admin_hash = NULL;
if(username) {
#ifdef USE_SHADOW
struct spwd* pw;
if((pw = getspnam(username)) != NULL) {
admin_hash = strdup(pw->sp_pwdp);
}
#else
struct passwd* pw;
if((pw = getpwnam(username)) != NULL) {
admin_hash = strdup(pw->pw_passwd);
}
#endif
}
return admin_hash;
}
char* get_cookie_time(time_t t) { char* get_cookie_time(time_t t) {
struct tm* utc = gmtime(&t); struct tm* utc = gmtime(&t);
char wday[4]; char wday[4];
@@ -88,42 +111,9 @@ char* get_cookie_time(time_t t) {
return safe_strdup(utc_str); return safe_strdup(utc_str);
} }
char* get_root_hash(void) {
char* root_hash = get_root_hash_from_file("/etc/shadow");
if(root_hash == NULL) {
root_hash = get_root_hash_from_file("/etc/passwd");
}
return root_hash;
}
char* get_root_hash_from_file(const char* passwd_file) {
int found = 0;
FILE *pw = fopen(passwd_file, "r");
char* root_hash = NULL;
if(pw != NULL) {
char line[512];
char* test = fgets(line, 511, pw);
while(test != NULL && !found) {
if(strlen(test) > 5) {
test[4] = '\0';
if(strcmp(test, "root") == 0) {
char* hash_end;
found = 1;
test = test + 5;
hash_end = strchr(test, ':');
*hash_end = '\0';
root_hash = safe_strdup(test);
}
}
test = fgets(line, 511, pw);
}
fclose(pw);
}
return root_hash;
}
int main(int argc, char **argv) { int main(int argc, char **argv) {
char *password = NULL; char *password = NULL;
char *username = NULL;
char *cookie_hash = NULL; char *cookie_hash = NULL;
char *cookie_exp = NULL; char *cookie_exp = NULL;
char *user_agent = NULL; char *user_agent = NULL;
@@ -132,16 +122,19 @@ int main(int argc, char **argv) {
int timeout_minutes = DEFAULT_SESSION_TIMEOUT; int timeout_minutes = DEFAULT_SESSION_TIMEOUT;
unsigned long browser_time = 0; unsigned long browser_time = 0;
int loggedout = 0; int loggedout = 0;
int unconditionally_generate = 0;
int next_opt; int next_opt;
int read; int read;
while((next_opt = getopt(argc, argv, "p:P:c:C:e:E:a:A:i:I:r:R:t:T:b:B:lL:gG")) != -1) { while((next_opt = getopt(argc, argv, "p:P:u:U:c:C:e:E:a:A:i:I:r:R:t:T:b:B:lL")) != -1) {
switch(next_opt) { switch(next_opt) {
case 'p': case 'p':
case 'P': case 'P':
password = safe_strdup(optarg); password = safe_strdup(optarg);
break; break;
case 'u':
case 'U':
username = safe_strdup(optarg);
break;
case 'c': case 'c':
case 'C': case 'C':
cookie_hash = safe_strdup(optarg); cookie_hash = safe_strdup(optarg);
@@ -181,23 +174,19 @@ int main(int argc, char **argv) {
case 'L': case 'L':
loggedout = 1; loggedout = 1;
break; break;
case 'g':
case 'G':
unconditionally_generate = 1;
break;
} }
} }
int expired = 0; int expired = 0;
int valid = 0; int valid = 0;
char* root_hash = get_root_hash(); char* admin_hash = get_admin_hash(username);
if(loggedout == 1) { if(loggedout == 1) {
printf("echo \"Set-Cookie:kagera_sid=loggedout;\"; "); printf("echo \"Set-Cookie:kagera_sid=loggedout;\"; echo \"Set-Cookie:kagera_usr=loggedout;\"; ");
} else if(root_hash != NULL) { } else if(admin_hash != NULL) {
time_t now; time_t now;
time(&now); time(&now);
if(password != NULL) { if(password != NULL) {
valid = strcmp(crypt(password, root_hash), root_hash) == 0 ? 1 : 0; valid = strcmp(crypt(password, admin_hash), admin_hash) == 0 ? 1 : 0;
if(valid) { if(valid) {
printf("logger -t webui \"Kagera Administration Interface authorization succeeded from ${REMOTE_ADDR}\"; "); printf("logger -t webui \"Kagera Administration Interface authorization succeeded from ${REMOTE_ADDR}\"; ");
} }
@@ -210,7 +199,7 @@ int main(int argc, char **argv) {
expired = 0; expired = 0;
} }
} }
char *combined = safe_strcat(4, root_hash, cookie_exp, user_agent, src_ip); char *combined = safe_strcat(4, admin_hash, cookie_exp, user_agent, src_ip);
char* hashed = get_sha256_hash_hex_str(combined); char* hashed = get_sha256_hash_hex_str(combined);
if(strcmp(hashed, cookie_hash) == 0) { if(strcmp(hashed, cookie_hash) == 0) {
if(expired == 0 && read > 0) { if(expired == 0 && read > 0) {
@@ -222,9 +211,6 @@ int main(int argc, char **argv) {
free(hashed); free(hashed);
free(combined); free(combined);
} }
if(unconditionally_generate == 1) {
valid = 1;
}
if(valid == 1 && src_ip != NULL && user_agent != NULL) { if(valid == 1 && src_ip != NULL && user_agent != NULL) {
char* new_hash; char* new_hash;
char* combined; char* combined;
@@ -238,20 +224,19 @@ int main(int argc, char **argv) {
} else { } else {
cookie_exp = get_cookie_time(new_exp_t); cookie_exp = get_cookie_time(new_exp_t);
} }
combined = safe_strcat(4, root_hash, new_exp, user_agent, src_ip); combined = safe_strcat(4, admin_hash, new_exp, user_agent, src_ip);
new_hash = get_sha256_hash_hex_str(combined); new_hash = get_sha256_hash_hex_str(combined);
if(browser_time == 0) { if(browser_time == 0) {
printf("echo \"Set-Cookie:kagera_sid=%s; Path=/;\"; echo \"Set-Cookie:kagera_exp=%s; Path=/;\"; ", new_hash, new_exp); printf("echo \"Set-Cookie:kagera_sid=%s; Path=/;\"; echo \"Set-Cookie:kagera_usr=%s; Path=/;\"; echo \"Set-Cookie:kagera_exp=%s; Path=/;\"; ", new_hash, username, new_exp);
} else { } else {
printf("echo \"Set-Cookie:kagera_sid=%s; Expires=%s; Path=/;\"; echo \"Set-Cookie:kagera_exp=%s; Expires=%s; Path=/;\"; ", new_hash, cookie_exp, new_exp, cookie_exp); printf("echo \"Set-Cookie:kagera_sid=%s; Expires=%s; Path=/;\"; echo \"Set-Cookie:kagera_usr=%s; Expires=%s; Path=/;\"; echo \"Set-Cookie:kagera_exp=%s; Expires=%s; Path=/;\"; ", new_hash, cookie_exp, username, cookie_exp, new_exp, cookie_exp);
} }
free(new_hash); free(new_hash);
free(combined); free(combined);
free(cookie_exp); free(cookie_exp);
} else { printf("VALIDSESS=1\n");
printf("KAGERA_LOGGEDOUT=1\n");
} }
free(root_hash); free(admin_hash);
} }
if(redirect != NULL) { if(redirect != NULL) {
char str[20] = ""; char str[20] = "";

3
sessmgr.h
View File

@@ -13,9 +13,8 @@
#define DEFAULT_SESSION_TIMEOUT 15 #define DEFAULT_SESSION_TIMEOUT 15
extern char* crypt(const char* key, const char* setting); extern char* crypt(const char* key, const char* setting);
char* get_admin_hash(const char* username);
char* get_cookie_time(time_t t); char* get_cookie_time(time_t t);
char* get_root_hash(void);
char* get_root_hash_from_file(const char* passwd_file);
void* safe_malloc(size_t size); void* safe_malloc(size_t size);
char* safe_strcat(int num_strs, ...); char* safe_strcat(int num_strs, ...);
char* safe_strdup(const char* str); char* safe_strdup(const char* str);