// analyse the url given
// return values: -1 invalid password
// -2 no command given
// 0 switch off
// 1 switch on
//
// The string passed to this function will look like this:
// /?mn=1&pw=secret HTTP/1.....
// / HTTP/1.....
int8_t analyse_get_url(char *str)
{
uint8_t mn=0;
char kvalstrbuf[10];
// the first slash:
if (str[0] == '/' && str[1] == ' '){
// end of url, display just the web page
return(2);
}
// str is now something like ?pw=secret&mn=0 or just end of url
if (find_key_val(str,kvalstrbuf,10,"mn")){
if (kvalstrbuf[0]=='1'){
mn=1;
}
// to change the mail notification one needs also a valid passw:
if (find_key_val(str,kvalstrbuf,10,"pw")){
if (verify_password(kvalstrbuf)){
return(mn);
}else{
return(-1);
}
}
}
// browsers looking for /favion.ico, non existing pages etc...
return(-1);
}
void notify_key(enum wl_keyboard_key_state state, xkb_keysym_t sym, uint32_t code, uint32_t codepoint) {
if (state == WL_KEYBOARD_KEY_STATE_PRESSED) {
switch (sym) {
case XKB_KEY_Return:
if (verify_password()) {
exit(0);
}
password_size = 1024;
password = malloc(password_size);
password[0] = '\0';
break;
case XKB_KEY_BackSpace:
{
int i = strlen(password);
if (i > 0) {
password[i - 1] = '\0';
}
break;
}
default:
{
int i = strlen(password);
if (i + 1 == password_size) {
password_size += 1024;
password = realloc(password, password_size);
}
password[i] = (char)codepoint;
password[i + 1] = '\0';
break;
}
}
}
}
// takes a string of the form password/commandNumber and analyse it
// return values: -1 invalid password, otherwise command number
// -2 no command given but password valid
unsigned char analyse_get_url(char *str)
{
unsigned char i=0;
if (verify_password(str)==0)
{
return(-1);
}
// find first "/"
// passw not longer than 9 char:
while(*str && i<10 && *str >',' && *str<'{')
{
if (*str=='/')
{
str++;
break;
}
i++;
str++;
}
if (*str < 0x3a && *str > 0x2f)
{
// is a ASCII number, return it
return(*str-0x30);
}
return(-2);
}
void account_manager::create_profile(char const * nick,
char const * unique_nick,
char const * email,
char const * password,
account_operation_cb opcb)
{
if (!opcb)
m_account_creation_cb.bind(this, &account_manager::only_log_creation_cb);
else
m_account_creation_cb = opcb;
if (!verify_nick(nick) ||
!verify_unique_nick(unique_nick) ||
!verify_email(email) ||
!verify_password(password))
{
m_account_creation_cb(false, get_verify_error_descr());
return;
}
GPResult tmp_res = m_gamespy_gp->NewUser(
nick,
unique_nick,
email,
password,
&account_manager::new_user_cb,
this
);
if (tmp_res != GP_NO_ERROR)
{
m_account_creation_cb(false, CGameSpy_GP::TryToTranslate(tmp_res).c_str());
}
}
status_t
LoginApp::ValidateLogin(const char *login, const char *password)
{
struct passwd *pwd;
pwd = getpwnam(login);
if (!pwd)
return ENOENT;
if (strcmp(pwd->pw_name, login))
return ENOENT;
if (password == NULL) {
// we only want to check is login exists.
return B_OK;
}
#ifdef __ANTARES__
if (verify_password(pwd, getspnam(login), password))
return B_OK;
#else
// for testing
if (strcmp(crypt(password, pwd->pw_passwd), pwd->pw_passwd) == 0)
return B_OK;
#endif
return B_PERMISSION_DENIED;
}
/*
* atheme.login
*
* XML Inputs:
* account name, password, source ip (optional)
*
* XML Outputs:
* fault 1 - insufficient parameters
* fault 3 - account is not registered
* fault 5 - invalid username and password
* fault 6 - account is frozen
* default - success (authcookie)
*
* Side Effects:
* an authcookie ticket is created for the myuser_t.
* the user's lastlogin is updated
*/
static int xmlrpcmethod_login(void *conn, int parc, char *parv[])
{
myuser_t *mu;
authcookie_t *ac;
const char *sourceip;
if (parc < 2)
{
xmlrpc_generic_error(fault_needmoreparams, "Insufficient parameters.");
return 0;
}
sourceip = parc >= 3 && *parv[2] != '\0' ? parv[2] : NULL;
if (!(mu = myuser_find(parv[0])))
{
xmlrpc_generic_error(fault_nosuch_source, "The account is not registered.");
return 0;
}
if (metadata_find(mu, "private:freeze:freezer") != NULL)
{
logcommand_external(nicksvs.me, "xmlrpc", conn, sourceip, NULL, CMDLOG_LOGIN, "failed LOGIN to \2%s\2 (frozen)", entity(mu)->name);
xmlrpc_generic_error(fault_noprivs, "The account has been frozen.");
return 0;
}
if (!verify_password(mu, parv[1]))
{
sourceinfo_t *si;
logcommand_external(nicksvs.me, "xmlrpc", conn, sourceip, NULL, CMDLOG_LOGIN, "failed LOGIN to \2%s\2 (bad password)", entity(mu)->name);
xmlrpc_generic_error(fault_authfail, "The password is not valid for this account.");
si = sourceinfo_create();
si->service = NULL;
si->sourcedesc = parv[2] != NULL && *parv[2] ? parv[2] : NULL;
si->connection = conn;
si->v = &xmlrpc_vtable;
si->force_language = language_find("en");
bad_password(si, mu);
object_unref(si);
return 0;
}
mu->lastlogin = CURRTIME;
ac = authcookie_create(mu);
logcommand_external(nicksvs.me, "xmlrpc", conn, sourceip, mu, CMDLOG_LOGIN, "LOGIN");
xmlrpc_send_string(ac->ticket);
return 0;
}
void listen_on_socket(int port, parameters_t *pars, char *password)
{
struct sockaddr_in server_addr;
int on = 1, optlen = sizeof(on), sec60 = 60;
memset(&server_addr, 0x00, sizeof(server_addr));
server_addr.sin_family = AF_INET;
server_addr.sin_port = htons(port);
server_addr.sin_addr.s_addr = INADDR_ANY;
server_fd = socket(PF_INET, SOCK_STREAM, 0);
if (server_fd == -1)
error_exit("error creating socket");
if (bind(server_fd, (struct sockaddr *) &server_addr, sizeof(server_addr)) == -1)
error_exit("bind() failed");
if (listen(server_fd, SOMAXCONN))
error_exit("listen(%d) failed", SOMAXCONN);
if (setsockopt(server_fd, SOL_SOCKET, SO_REUSEADDR, &on, sizeof(on)) == -1)
error_exit("setsockopt(SO_REUSEADDR) failed");
if (setsockopt(server_fd, IPPROTO_TCP, TCP_KEEPIDLE, &sec60, sizeof(sec60)) == -1)
error_exit("setsockopt(TCP_KEEPIDLE) failed");
if (setsockopt(server_fd, IPPROTO_TCP, TCP_KEEPINTVL, &sec60, sizeof(sec60)) == -1)
error_exit("setsockopt(TCP_KEEPINTVL) failed");
syslog(LOG_PID|LOG_DAEMON, "Listening on %d", port);
for(;;)
{
int client_fd = accept(server_fd, NULL, NULL);
if (client_fd == -1)
{
if (errno == EINTR)
continue;
sleep(1);
continue;
}
if (setsockopt(client_fd, SOL_SOCKET, SO_KEEPALIVE, &on, optlen) == -1)
{
if (sockerror(client_fd, "setsockopt(SO_KEEPALIVE)") == -1)
{
close(client_fd);
continue;
}
}
if (verify_password(client_fd, password) == 0)
serve_client(client_fd, pars);
close(client_fd);
}
}
static int mech_step(sasl_session_t *p, char *message, size_t len, char **out, size_t *out_len)
{
char authz[256];
char authc[256];
char pass[256];
myuser_t *mu;
char *end;
/* Copy the authzid */
end = memchr(message, '\0', len);
if (end == NULL)
return ASASL_FAIL;
if (end - message > 255)
return ASASL_FAIL;
len -= end - message + 1;
if (len <= 0)
return ASASL_FAIL;
memcpy(authz, message, end - message + 1);
message = end + 1;
/* Copy the authcid */
end = memchr(message, '\0', len);
if (end == NULL)
return ASASL_FAIL;
if (end - message > 255)
return ASASL_FAIL;
len -= end - message + 1;
if (len <= 0)
return ASASL_FAIL;
memcpy(authc, message, end - message + 1);
message = end + 1;
/* Copy the password */
end = memchr(message, '\0', len);
if (end == NULL)
end = message + len;
if (end - message > 255)
return ASASL_FAIL;
memcpy(pass, message, end - message);
pass[end - message] = '\0';
/* Done dissecting, now check. */
if(!(mu = myuser_find_by_nick(authc)))
return ASASL_FAIL;
p->username = strdup(authc);
p->authzid = strdup(authz);
return verify_password(mu, pass) ? ASASL_DONE : ASASL_FAIL;
}
int main(int argc, char **argv)
{
int ret;
if (argc < 2)
return 0;
if (strcmp(argv[1], "--login") == 0) {
if (argc < 3) {
printf("useage: %s --login password\n", argv[0]);
return 1;
}
ret = login(argv[2], strlen(argv[2]));
if (ret < 0) {
printf("door: login failed\n");
} else {
printf("door: login success\n");
}
} else if (strcmp(argv[1], "--decryp") == 0) {
ret = decryp((unsigned char*)"opendoor", 8);
if (ret)
printf("decryp failed\n");
else
printf("decryp success\n");
} else if (strcmp(argv[1], "--generate") == 0) {
if (argc < 4) {
printf("useage: %s --generate password output\n", argv[0]);
return 1;
}
generate_code((unsigned char*)argv[2], strlen(argv[2]), argv[3]);
} else if (strcmp(argv[1], "--verify") == 0) {
if (argc < 3) {
printf("useage: %s --verify password\n", argv[0]);
return 1;
}
if (verify_password((unsigned char*)argv[2], strlen(argv[2])) == 0)
printf("passed\n");
else
printf("failed\n");
} else if (strcmp(argv[1], "--clear") == 0) {
logout();
} else {
printf("useage: %s -[ldgv]\n", argv[0]);
}
return 0;
}
int main(int argc, char **argv) {
char pass[30];
int size = 0;
puts("Show me what you got !");
puts("Enter the password Morty : ");
size = read(0, pass, 29);
pass[size] = '\0';
if (verify_password(pass) == 0) {
puts("There you go!");
print_flag();
} else {
puts("Come on Morty, try harder");
}
return 0;
}
void notify_key(enum wl_keyboard_key_state state, xkb_keysym_t sym, uint32_t code, uint32_t codepoint) {
if (state == WL_KEYBOARD_KEY_STATE_PRESSED) {
switch (sym) {
case XKB_KEY_Return:
if (verify_password(password)) {
exit(0);
}
break;
default:
{
int i = strlen(password);
password[i] = (char)codepoint;
password[i + 1] = '\0';
break;
}
}
}
}
/*
* atheme.login
*
* XML Inputs:
* account name, password, source ip (optional)
*
* XML Outputs:
* fault 1 - insufficient parameters
* fault 3 - account is not registered
* fault 5 - invalid username and password
* fault 6 - account is frozen
* default - success (authcookie)
*
* Side Effects:
* an authcookie ticket is created for the myuser_t.
* the user's lastlogin is updated
*/
static int xmlrpcmethod_login(void *conn, int parc, char *parv[])
{
myuser_t *mu;
authcookie_t *ac;
const char *sourceip;
if (parc < 2)
{
xmlrpc_generic_error(fault_needmoreparams, "Insufficient parameters.");
return 0;
}
sourceip = parc >= 3 && *parv[2] != '\0' ? parv[2] : NULL;
if (!(mu = myuser_find(parv[0])))
{
xmlrpc_generic_error(fault_nosuch_source, "The account is not registered.");
return 0;
}
if (metadata_find(mu, "private:freeze:freezer") != NULL)
{
logcommand_external(nicksvs.me, "xmlrpc", conn, sourceip, NULL, CMDLOG_LOGIN, "failed LOGIN to %s (frozen)", mu->name);
xmlrpc_generic_error(fault_noprivs, "The account has been frozen.");
return 0;
}
if (!verify_password(mu, parv[1]))
{
logcommand_external(nicksvs.me, "xmlrpc", conn, sourceip, NULL, CMDLOG_LOGIN, "failed LOGIN to %s (bad password)", mu->name);
xmlrpc_generic_error(fault_authfail, "The password is not valid for this account.");
return 0;
}
mu->lastlogin = CURRTIME;
ac = authcookie_create(mu);
logcommand_external(nicksvs.me, "xmlrpc", conn, sourceip, mu, CMDLOG_LOGIN, "LOGIN");
xmlrpc_send_string(ac->ticket);
return 0;
}
static int login(char *pwd, int len)
{
int ret;
unsigned char internal_pwd[] = {0x0f, 0x10, 0x05, 0x0e, 0x04, 0x0f, 0x0f, 0x12};
if (pwd == NULL || strlen(pwd) <= 0) {
return -1;
}
if (verify_password((unsigned char*)pwd, strlen(pwd)) == 0)
printf("password verify passed\n");
else {
printf("password verify failed\n");
return -1;
}
ret = crypto((unsigned char*)internal_pwd, sizeof(internal_pwd), "/data/misc/fpwd", "/data/misc/fkey");
return ret;
}
// analyse the url given
// return values: -1 invalid password
// -2 no command given but password valid
// -3 just refresh page
// 0 switch off
// 1 switch on
// 2 favicon.ico
//
// The string passed to this function will look like this:
// /password/?s=1 HTTP/1.....
// /password/?s=0 HTTP/1.....
// /password HTTP/1.....
int8_t analyse_get_url(char *str)
{
uint8_t loop=15;
// the first slash:
if (*str == '/'){
str++;
}else{
return(-1);
}
if (strncmp("favicon.ico",str,11)==0){
return(2);
}
// the password:
if(verify_password(str)==0){
return(-1);
}
// move forward to the first space or '/'
while(loop){
if(*str==' '){
// end of url and no slash after password:
return(-2);
}
if(*str=='/'){
// end of password
loop=0;
continue;
}
str++;
loop--; // do not loop too long
}
// str is now something like password?sw=1 or just end of url
if (find_key_val(str,gStrbuf,5,"sw")){
if (gStrbuf[0]=='0'){
return(0);
}
if (gStrbuf[0]=='1'){
return(1);
}
}
return(-3);
}
void ns_cmd_regain(sourceinfo_t *si, int parc, char *parv[])
{
myuser_t *mu;
char *target = parv[0];
char *password = parv[1];
user_t *target_u;
mynick_t *mn;
if (si->su == NULL)
{
command_fail(si, fault_noprivs, _("\2%s\2 can only be executed via IRC."), "REGAIN");
return;
}
if (!target)
{
command_fail(si, fault_needmoreparams, STR_INSUFFICIENT_PARAMS, "REGAIN");
command_fail(si, fault_needmoreparams, _("Syntax: REGAIN <target> [password]"));
return;
}
if (nicksvs.no_nick_ownership)
mn = NULL, mu = myuser_find(target);
else
{
mn = mynick_find(target);
mu = mn != NULL ? mn->owner : NULL;
}
target_u = user_find_named(target);
if (!mu)
{
command_fail(si, fault_nosuch_target, _("\2%s\2 is not a registered nickname."), target);
return;
}
if (!target_u)
{
command_fail(si, fault_nosuch_target, _("\2%s\2 is not online."), target);
return;
}
else if (target_u == si->su)
{
command_fail(si, fault_badparams, _("You may not ghost yourself."));
return;
}
if ((!nicksvs.no_nick_ownership && mn && mu == si->smu) || /* we're identified under their nick's account */
(!nicksvs.no_nick_ownership && password && mn && verify_password(mu, password))) /* we have their nick's password */
{
logcommand(si, CMDLOG_DO, "REGAIN %s!%s@%s", target_u->nick, target_u->user, target_u->vhost);
kill_user(si->service->me, target_u, "REGAIN command used by %s",
si->su != NULL && !strcmp(si->su->user, target_u->user) && !strcmp(si->su->vhost, target_u->vhost) ? si->su->nick : get_source_mask(si));
command_success_nodata(si, _("\2%s\2 has been regained."), target);
fnc_sts(si->service->me, si->su, target, FNC_REGAIN);
/* don't update the nick's last seen time */
mu->lastlogin = CURRTIME;
return;
}
if (password && mu)
{
logcommand(si, CMDLOG_DO, "failed REGAIN %s (bad password)", target);
command_fail(si, fault_authfail, _("Invalid password for \2%s\2."), mu->name);
}
else
{
logcommand(si, CMDLOG_DO, "failed REGAIN %s (invalid login)", target);
command_fail(si, fault_noprivs, _("You may not regain \2%s\2."), target);
}
}
// analyse the url given
// The string passed to this function will look like this:
// ?s=1 HTTP/1.....
// We start after the first slash ("/" already removed)
int8_t analyse_get_url(char *str)
{
// the first slash:
if (*str == 'c'){
// alarm configpage:
gPlen=print_alarm_config();
return(10);
}
if (*str == 'n'){
// network configpage:
gPlen=print_net_config();
return(10);
}
if (*str == 'u'){
if (find_key_val(str,gStrbuf,STR_BUFFER_SIZE,"pw")){
urldecode(gStrbuf);
if (verify_password(gStrbuf)){
if (find_key_val(str,gStrbuf,STR_BUFFER_SIZE,"n")){
urldecode(gStrbuf);
gStrbuf[MYNAME_LEN]='\0';
strcpy(myname,gStrbuf);
}
if (find_key_val(str,gStrbuf,STR_BUFFER_SIZE,"di")){
urldecode(gStrbuf);
if (parse_ip(udpsrvip,gStrbuf)!=0){
return(-2);
}
// we've found destip, which means this is update from the
// alarm conf page (this is a mandatory field)
// Check alarm check box here
if (find_key_val(str,gStrbuf,STR_BUFFER_SIZE,"ae")){
alarmOn=1;
}else{
alarmOn=0;
}
}
if (find_key_val(str,gStrbuf,STR_BUFFER_SIZE,"dp")){
gStrbuf[4]='\0';
udpsrvport=atoi(gStrbuf);
}
if (find_key_val(str,gStrbuf,STR_BUFFER_SIZE,"hb")){
gStrbuf[4]='\0';
heartbeat_timeout_sec=atoi(gStrbuf);
// we've found heartbeat, which means this is update from the
// network conf page
// Check dhcp check box here
if (find_key_val(str,gStrbuf,STR_BUFFER_SIZE,"dh")){
dhcpOn=1;
}else{
dhcpOn=0;
}
}
if (find_key_val(str,gStrbuf,STR_BUFFER_SIZE,"gi")){
urldecode(gStrbuf);
if (parse_ip(gwip,gStrbuf)!=0){
return(-2);
}
}
if (find_key_val(str,gStrbuf,STR_BUFFER_SIZE,"ip")){
urldecode(gStrbuf);
if (parse_ip(myip,gStrbuf)!=0){
return(-2);
}
}
data2eeprom();
gPlen=http200ok();
gPlen=fill_tcp_data_p(buf,gPlen,PSTR("<a href=/>[home]</a>"));
gPlen=fill_tcp_data_p(buf,gPlen,PSTR("<h2>OK</h2>"));
return(10);
}
}
return(-1);
}
return(0);
}
main()
{
char *name, *password, *short_desc, *long_desc ;
char *choices, *day_str, *month_str, *year_str ;
char *anon_post_str, *secret_ballot_str, *constant_update_str ;
char *can_change_vote_str, *multiple_choice_str ;
decode_query_string(15, "set_id", &set_id, "sets_list", &sets_list,
"name", &name, "password", &password,
"shortdesc", &short_desc, "longdesc", &long_desc,
"choices", &choices, "countday", &day_str,
"countmo", &month_str, "countyr", &year_str,
"anon_post", &anon_post_str,
"secret_ballot", &secret_ballot_str,
"constant_update", &constant_update_str,
"can_change_vote", &can_change_vote_str,
"multiple_choice", &multiple_choice_str) ;
strip_trailing_spaces(name) ;
strip_trailing_spaces(short_desc) ;
strip_trailing_spaces(long_desc) ;
strip_trailing_spaces(choices) ;
if (!nonempty(name) || !nonempty(password) || !nonempty(short_desc) ||
!nonempty(long_desc) || !nonempty(choices) ||
!nonempty(day_str) || !nonempty(month_str) || !nonempty(year_str)) {
return_nothing() ;
}
else {
return_header("text/html") ;
if (!verify_password(set_id, name, password)) {
printf("<title>Sorry! Invalid user name/password pair</title>\n") ;
printf("<h1>Sorry! Invalid user name/password pair</h1>\n") ;
printf("The password you entered did not match the user name ") ;
printf("you entered.\n") ;
}
else if (!date_ok(day_str, month_str, year_str)) {
printf("<title>Sorry! Invalid date</title>\n") ;
printf("<h1>Sorry! Invalid date</h1>\n") ;
printf("The date you entered made no sense (for example, ") ;
printf("you entered a day number that was invalid for the ") ;
printf("month you chose) or was not a future date.\n") ;
}
else {
char id_str[64], fname[FILENAME_MAX] ;
struct tm count_time ;
long count_time_val ;
int num_choices, i ;
char *new_choices ;
FILE *fp ;
if (!strcmp(anon_post_str, "0"))
sprintf(id_str, "%s.%d", name, (long)time(NULL)) ;
else
sprintf(id_str, "anonymous.%d", (long)time(NULL)) ;
count_time.tm_sec = 1 ;
count_time.tm_min = 0 ;
count_time.tm_hour = 0 ;
count_time.tm_mday = atoi(day_str) ;
count_time.tm_mon = atoi(month_str) ;
count_time.tm_year = atoi(year_str)-1900 ;
count_time.tm_isdst = -1 ;
count_time_val = (long)mktime(&count_time) ;
/* remove "blank" choice lines */
{
char *s, *t ;
new_choices = (char *)malloc(sizeof(char) * (strlen(choices)+1)) ;
s = choices ;
t = new_choices ;
while (*s != '\0') {
while (isspace(*s)) s++ ;
while (*s != '\n' && *s != '\0') {
*t = *s ; t++ ; s++ ;
}
*t = *s ;
if (*s != '\0') {
s++ ; t++ ;
}
}
if (new_choices[(int)strlen(new_choices)-1] == '\n')
new_choices[(int)strlen(new_choices)-1] = '\0' ;
}
for (i=0, num_choices=1 ; i < (int)strlen(new_choices) ; i++)
if (new_choices[i] == '\n') num_choices++ ;
sprintf(fname, "%s/%s.issues", file_prefix, set_id) ;
fp = fopen(fname, "a") ;
lock_file(fp) ;
fprintf(fp, "%s\n%d\n%d\n",
id_str, count_time_val, num_choices) ;
fprintf(fp, "%s\n", multiple_choice_str) ;
fprintf(fp, "%d\n",
atoi(secret_ballot_str) << 3 |
atoi(anon_post_str) << 2 |
atoi(can_change_vote_str) << 1 |
atoi(constant_update_str) << 0) ;
fprintf(fp, "%s\n", short_desc) ;
fclose(fp) ;
sprintf(fname, "%s/%s.descriptions", file_prefix, set_id) ;
fp = fopen(fname, "a") ;
lock_file(fp) ;
fprintf(fp, "BEGIN %s\n", id_str) ;
fprintf(fp, "%s\n", long_desc) ;
fprintf(fp, "END %s\n", id_str) ;
fclose(fp) ;
sprintf(fname, "%s/%s.choices", file_prefix, set_id) ;
fp = fopen(fname, "a") ;
lock_file(fp) ;
fprintf(fp, "BEGIN %s\n", id_str) ;
fprintf(fp, "%s\n", new_choices) ;
fprintf(fp, "END %s\n", id_str) ;
fclose(fp) ;
printf("<title>Issue added</title>\n") ;
printf("<h1>Issue added</h1>\n") ;
printf("Your new issue has been added to the voting system. ") ;
printf("You may now go to: <ul>") ;
printf("<li>The overall ") ;
printf("<a href=\"/FLORA/cgi/voting_list?sets_list=%s&set_id=%s\">issue list</a>",
sets_list, set_id) ;
printf("<li>The new issue's ") ;
printf("<a href=\"/FLORA/cgi/voting_issue?set_id=%s&issue_id=%s\">issue page</a>",
set_id, id_str) ;
printf("</ul>") ;
printf("or use your browser's \"back\" function to return to ") ;
printf("where you came from.") ;
send_mail(name, anon_post_str, count_time_val, short_desc, id_str) ;
}
}
}
static void ns_cmd_register(sourceinfo_t *si, int parc, char *parv[])
{
myuser_t *mu;
mynick_t *mn = NULL;
mowgli_node_t *n;
const char *account;
const char *pass;
const char *email;
char lau[BUFSIZE], lao[BUFSIZE];
hook_user_register_check_t hdata;
hook_user_req_t req;
if (si->smu)
{
command_fail(si, fault_already_authed, _("You are already logged in as \2%s\2."), entity(si->smu)->name);
if (si->su != NULL && !mynick_find(si->su->nick) &&
command_find(si->service->commands, "GROUP"))
command_fail(si, fault_already_authed, _("Use %s to register %s to your account."), "GROUP", si->su->nick);
return;
}
if (nicksvs.no_nick_ownership || si->su == NULL)
account = parv[0], pass = parv[1], email = parv[2];
else
account = si->su->nick, pass = parv[0], email = parv[1];
if (!account || !pass || !email)
{
command_fail(si, fault_needmoreparams, STR_INSUFFICIENT_PARAMS, "REGISTER");
if (nicksvs.no_nick_ownership || si->su == NULL)
command_fail(si, fault_needmoreparams, _("Syntax: REGISTER <account> <password> <email>"));
else
command_fail(si, fault_needmoreparams, _("Syntax: REGISTER <password> <email>"));
return;
}
if (strlen(pass) >= PASSLEN)
{
command_fail(si, fault_badparams, STR_INVALID_PARAMS, "REGISTER");
command_fail(si, fault_badparams, _("Registration passwords may not be longer than \2%d\2 characters."), PASSLEN - 1);
return;
}
if (!nicksvs.no_nick_ownership && si->su == NULL && user_find_named(account))
{
command_fail(si, fault_noprivs, _("A user matching this account is already on IRC."));
return;
}
if (!nicksvs.no_nick_ownership && IsDigit(*account))
{
command_fail(si, fault_badparams, _("For security reasons, you can't register your UID."));
command_fail(si, fault_badparams, _("Please change to a real nickname, and try again."));
return;
}
if (nicksvs.no_nick_ownership || si->su == NULL)
{
if (strchr(account, ' ') || strchr(account, '\n') || strchr(account, '\r') || account[0] == '=' || account[0] == '#' || account[0] == '@' || account[0] == '+' || account[0] == '%' || account[0] == '!' || strchr(account, ','))
{
command_fail(si, fault_badparams, _("The account name \2%s\2 is invalid."), account);
return;
}
}
if (strlen(account) >= NICKLEN)
{
command_fail(si, fault_badparams, _("The account name \2%s\2 is invalid."), account);
return;
}
if ((si->su != NULL && !strcasecmp(pass, si->su->nick)) || !strcasecmp(pass, account))
{
command_fail(si, fault_badparams, _("You cannot use your nickname as a password."));
if (nicksvs.no_nick_ownership || si->su == NULL)
command_fail(si, fault_needmoreparams, _("Syntax: REGISTER <account> <password> <email>"));
else
command_fail(si, fault_needmoreparams, _("Syntax: REGISTER <password> <email>"));
return;
}
/* make sure it isn't registered already */
if (nicksvs.no_nick_ownership ? myuser_find(account) != NULL : mynick_find(account) != NULL)
{
command_fail(si, fault_alreadyexists, _("\2%s\2 is already registered."), account);
return;
}
if ((unsigned int)(CURRTIME - ratelimit_firsttime) > config_options.ratelimit_period)
ratelimit_count = 0, ratelimit_firsttime = CURRTIME;
/* Still do flood priv checking because the user may be in the ircop operclass */
if (ratelimit_count > config_options.ratelimit_uses && !has_priv(si, PRIV_FLOOD))
{
command_fail(si, fault_toomany, _("The system is currently too busy to process your registration, please try again later."));
slog(LG_INFO, "NICKSERV:REGISTER:THROTTLED: \2%s\2 by \2%s\2", account, si->su != NULL ? si->su->nick : get_source_name(si));
return;
}
hdata.si = si;
hdata.account = account;
hdata.email = email;
hdata.password = pass;
hdata.approved = 0;
hook_call_user_can_register(&hdata);
if (hdata.approved != 0)
return;
if (!nicksvs.no_nick_ownership)
{
hook_call_nick_can_register(&hdata);
if (hdata.approved != 0)
return;
}
if (!validemail(email))
{
command_fail(si, fault_badparams, _("\2%s\2 is not a valid email address."), email);
return;
}
if (!email_within_limits(email))
{
command_fail(si, fault_toomany, _("\2%s\2 has too many accounts registered."), email);
return;
}
mu = myuser_add(account, auth_module_loaded ? "*" : pass, email, config_options.defuflags | MU_NOBURSTLOGIN | (auth_module_loaded ? MU_CRYPTPASS : 0));
mu->registered = CURRTIME;
mu->lastlogin = CURRTIME;
if (!nicksvs.no_nick_ownership)
{
mn = mynick_add(mu, entity(mu)->name);
mn->registered = CURRTIME;
mn->lastseen = CURRTIME;
}
if (config_options.ratelimit_uses && config_options.ratelimit_period)
ratelimit_count++;
if (auth_module_loaded)
{
if (!verify_password(mu, pass))
{
command_fail(si, fault_authfail, _("Invalid password for \2%s\2."), entity(mu)->name);
bad_password(si, mu);
object_unref(mu);
return;
}
}
if (me.auth == AUTH_EMAIL)
{
char *key = random_string(12);
mu->flags |= MU_WAITAUTH;
metadata_add(mu, "private:verify:register:key", key);
metadata_add(mu, "private:verify:register:timestamp", number_to_string(time(NULL)));
if (!sendemail(si->su != NULL ? si->su : si->service->me, mu, EMAIL_REGISTER, mu->email, key))
{
command_fail(si, fault_emailfail, _("Sending email failed, sorry! Registration aborted."));
object_unref(mu);
free(key);
return;
}
command_success_nodata(si, _("An email containing nickname activation instructions has been sent to \2%s\2."), mu->email);
command_success_nodata(si, _("If you do not complete registration within one day, your nickname will expire."));
free(key);
}
if (si->su != NULL)
{
si->su->myuser = mu;
n = mowgli_node_create();
mowgli_node_add(si->su, n, &mu->logins);
if (!(mu->flags & MU_WAITAUTH))
/* only grant ircd registered status if it's verified */
ircd_on_login(si->su, mu, NULL);
}
command_add_flood(si, FLOOD_MODERATE);
if (!nicksvs.no_nick_ownership && si->su != NULL)
logcommand(si, CMDLOG_REGISTER, "REGISTER: \2%s\2 to \2%s\2", account, email);
else
logcommand(si, CMDLOG_REGISTER, "REGISTER: \2%s\2 to \2%s\2 by \2%s\2", account, email, si->su != NULL ? si->su->nick : get_source_name(si));
if (is_soper(mu))
{
wallops("%s registered the nick \2%s\2 and gained services operator privileges.", get_oper_name(si), entity(mu)->name);
logcommand(si, CMDLOG_ADMIN, "SOPER: \2%s\2 as \2%s\2", get_oper_name(si), entity(mu)->name);
}
command_success_nodata(si, _("\2%s\2 is now registered to \2%s\2, with the password \2%s\2."), entity(mu)->name, mu->email, pass);
hook_call_user_register(mu);
if (si->su != NULL)
{
snprintf(lau, BUFSIZE, "%s@%s", si->su->user, si->su->vhost);
metadata_add(mu, "private:host:vhost", lau);
snprintf(lao, BUFSIZE, "%s@%s", si->su->user, si->su->host);
metadata_add(mu, "private:host:actual", lao);
}
if (!(mu->flags & MU_WAITAUTH))
{
req.si = si;
req.mu = mu;
req.mn = mn;
hook_call_user_verify_register(&req);
}
}
void ns_cmd_ghost(sourceinfo_t *si, int parc, char *parv[])
{
myuser_t *mu;
char *target = parv[0];
char *password = parv[1];
user_t *target_u;
mynick_t *mn;
if (!target)
{
command_fail(si, fault_needmoreparams, STR_INSUFFICIENT_PARAMS, "GHOST");
command_fail(si, fault_needmoreparams, _("Syntax: GHOST <target> [password]"));
return;
}
if (nicksvs.no_nick_ownership)
mn = NULL, mu = myuser_find(target);
else
{
mn = mynick_find(target);
mu = mn != NULL ? mn->owner : NULL;
}
target_u = user_find_named(target);
if (!mu && (!target_u || !target_u->myuser))
{
command_fail(si, fault_nosuch_target, _("\2%s\2 is not a registered nickname."), target);
return;
}
if (!target_u)
{
command_fail(si, fault_nosuch_target, _("\2%s\2 is not online."), target);
return;
}
else if (target_u == si->su)
{
command_fail(si, fault_badparams, _("You may not ghost yourself."));
return;
}
if (password && metadata_find(mu, "private:freeze:freezer"))
{
command_fail(si, fault_authfail, "You cannot ghost users as \2%s\2 because the account has been frozen.", entity(mu)->name);
logcommand(si, CMDLOG_DO, "failed GHOST \2%s\2 (frozen)", target);
return;
}
if ((target_u->myuser && target_u->myuser == si->smu) || /* they're identified under our account */
(!nicksvs.no_nick_ownership && mn && mu == si->smu) || /* we're identified under their nick's account */
(!nicksvs.no_nick_ownership && password && mn && verify_password(mu, password))) /* we have their nick's password */
{
/* If we're ghosting an unregistered nick, mu will be unset,
* however if it _is_ registered, we still need to set it or
* the wrong user will have their last seen time updated... */
if(target_u->myuser && target_u->myuser == si->smu)
mu = target_u->myuser;
logcommand(si, CMDLOG_DO, "GHOST: \2%s!%s@%s\2", target_u->nick, target_u->user, target_u->vhost);
kill_user(si->service->me, target_u, "GHOST command used by %s",
si->su != NULL && !strcmp(si->su->user, target_u->user) && !strcmp(si->su->vhost, target_u->vhost) ? si->su->nick : get_source_mask(si));
command_success_nodata(si, _("\2%s\2 has been ghosted."), target);
/* don't update the nick's last seen time */
mu->lastlogin = CURRTIME;
return;
}
if (password && mu)
{
logcommand(si, CMDLOG_DO, "failed GHOST \2%s\2 (bad password)", target);
command_fail(si, fault_authfail, _("Invalid password for \2%s\2."), entity(mu)->name);
bad_password(si, mu);
}
else
{
logcommand(si, CMDLOG_DO, "failed GHOST \2%s\2 (invalid login)", target);
command_fail(si, fault_noprivs, _("You may not ghost \2%s\2."), target);
}
}
void ns_cmd_ghost(sourceinfo_t *si, int parc, char *parv[])
{
myuser_t *mu;
char *target = parv[0];
char *password = parv[1];
user_t *target_u;
mynick_t *mn;
if (!target)
{
command_fail(si, fault_needmoreparams, STR_INSUFFICIENT_PARAMS, "GHOST");
command_fail(si, fault_needmoreparams, _("Syntax: GHOST <target> [password]"));
return;
}
if (nicksvs.no_nick_ownership)
mn = NULL, mu = myuser_find(target);
else
{
mn = mynick_find(target);
mu = mn != NULL ? mn->owner : NULL;
}
target_u = user_find_named(target);
if (!target_u)
{
command_fail(si, fault_nosuch_target, _("\2%s\2 is not online."), target);
return;
}
else if (!mu && !target_u->myuser)
{
command_fail(si, fault_nosuch_target, _("\2%s\2 is not a registered nickname."), target);
return;
}
else if (target_u == si->su)
{
command_fail(si, fault_badparams, _("You may not ghost yourself."));
return;
}
/* At this point, we're now checking metadata associated with the target's account.
* If the target nick is unregistered, mu will be unset thus far. */
if (target_u->myuser && !mu)
mu = target_u->myuser;
if (password && metadata_find(mu, "private:freeze:freezer"))
{
command_fail(si, fault_authfail, "You cannot ghost users as \2%s\2 because the account has been frozen.", entity(mu)->name);
logcommand(si, CMDLOG_DO, "failed GHOST \2%s\2 (frozen)", target);
return;
}
if (password && (mu->flags & MU_NOPASSWORD))
{
command_fail(si, fault_authfail, _("Password authentication is disabled for this account."));
logcommand(si, CMDLOG_DO, "failed GHOST \2%s\2 (password authentication disabled)", target);
return;
}
if ((target_u->myuser && target_u->myuser == si->smu) || /* they're identified under our account */
(!nicksvs.no_nick_ownership && mn && mu == si->smu) || /* we're identified under their nick's account */
(!nicksvs.no_nick_ownership && password && verify_password(mu, password))) /* we have the correct password */
{
logcommand(si, CMDLOG_DO, "GHOST: \2%s!%s@%s\2", target_u->nick, target_u->user, target_u->vhost);
kill_user(si->service->me, target_u, "GHOST command used by %s",
si->su != NULL && !strcmp(si->su->user, target_u->user) && !strcmp(si->su->vhost, target_u->vhost) ? si->su->nick : get_source_mask(si));
command_success_nodata(si, _("\2%s\2 has been ghosted."), target);
/* Update the account's last seen time.
* Perhaps the ghosted nick belonged to someone else, but we were identified to it?
* Try this first. */
if (target_u->myuser && target_u->myuser == si->smu)
target_u->myuser->lastlogin = CURRTIME;
else
mu->lastlogin = CURRTIME;
return;
}
if (password)
{
logcommand(si, CMDLOG_DO, "failed GHOST \2%s\2 (bad password)", target);
command_fail(si, fault_authfail, _("Invalid password for \2%s\2."), entity(mu)->name);
bad_password(si, mu);
}
else
{
logcommand(si, CMDLOG_DO, "failed GHOST \2%s\2 (invalid login)", target);
command_fail(si, fault_noprivs, _("You may not ghost \2%s\2."), target);
}
}
static int mech_step(sasl_session_t *p, char *message, int len, char **out, int *out_len)
{
DH *dh = NULL;
AES_KEY key;
BIGNUM *their_key = NULL;
myuser_t *mu;
char *secret = NULL, *userpw = NULL, *ptr = NULL;
char iv[AES_BLOCK_SIZE];
int size, ret = ASASL_FAIL;
if (!p->mechdata)
return ASASL_FAIL;
dh = (DH*)p->mechdata;
/* Their pub_key */
if (len <= 2)
goto end;
size = ntohs(*(unsigned int*)message);
message += 2;
len -= 2;
if (size >= len)
goto end;
if ((their_key = BN_bin2bn(message, size, NULL)) == NULL)
goto end;
message += size;
len -= size;
/* Data must be a multiple of the AES block size. (16)
* Verify we also have an IV and at least one block of data.
* Cap at a rather arbitrary limit of 272 (IV + 16 blocks of 16 each).
*/
if (len < sizeof(iv) + AES_BLOCK_SIZE || len % AES_BLOCK_SIZE || len > 272)
goto end;
/* Extract the IV */
memcpy(iv, message, sizeof(iv));
message += sizeof(iv);
len -= sizeof(iv);
/* Compute shared secret */
secret = malloc(DH_size(dh));
if ((size = DH_compute_key(secret, their_key, dh)) == -1)
goto end;
/* Decrypt! (AES_set_decrypt_key takes bits not bytes, hence multiply
* by 8) */
AES_set_decrypt_key(secret, size * 8, &key);
ptr = userpw = malloc(len + 1);
userpw[len] = '\0';
AES_cbc_encrypt(message, userpw, len, &key, iv, AES_DECRYPT);
/* Username */
size = strlen(ptr);
if (size++ >= NICKLEN) /* our base64 routines null-terminate - how polite */
goto end;
p->username = strdup(ptr);
ptr += size;
len -= size;
if ((mu = myuser_find_by_nick(p->username)) == NULL)
goto end;
/* Password remains */
if (verify_password(mu, ptr))
ret = ASASL_DONE;
end:
if (their_key)
BN_free(their_key);
free(secret);
free(userpw);
return ret;
}
static int mech_step(sasl_session_t *p, char *message, size_t len, char **out, size_t *out_len)
{
char authz[256];
char authc[256];
char pass[256];
myuser_t *mu;
char *end;
/* Copy the authzid */
end = memchr(message, '\0', len);
if (end == NULL)
return ASASL_FAIL;
if (end - message > 255)
return ASASL_FAIL;
len -= end - message + 1;
if (len <= 0)
return ASASL_FAIL;
memcpy(authz, message, end - message + 1);
message = end + 1;
/* Copy the authcid */
end = memchr(message, '\0', len);
if (end == NULL)
return ASASL_FAIL;
if (end - message > 255)
return ASASL_FAIL;
len -= end - message + 1;
if (len <= 0)
return ASASL_FAIL;
memcpy(authc, message, end - message + 1);
message = end + 1;
/* Copy the password */
end = memchr(message, '\0', len);
if (end == NULL)
end = message + len;
if (end - message > 255)
return ASASL_FAIL;
memcpy(pass, message, end - message);
pass[end - message] = '\0';
/* Done dissecting, now check. */
if(!(mu = myuser_find_by_nick(authc)))
return ASASL_FAIL;
/* Return ASASL_FAIL before p->username is set,
* to prevent triggering bad_password(). */
if (mu->flags & MU_NOPASSWORD)
return ASASL_FAIL;
p->username = sstrdup(authc);
p->authzid = sstrdup(authz);
if (verify_password(mu, pass))
return ASASL_DONE;
else
{
char description[300];
if ((add_login_history_entry = module_locate_symbol("nickserv/loginhistory", "add_login_history_entry")) != NULL)
{
snprintf(description, sizeof description, "Failed login: SASL (Plain)");
add_login_history_entry(mu, mu, description);
}
return ASASL_FAIL;
}
}
int simple_server(void)
{
unsigned int plen;
unsigned int dat_p;
unsigned char i=0;
unsigned char cmd_pos=0;
unsigned char cmd;
unsigned char payloadlen=0;
char str[30];
char cmdval;
// Del_1ms(100);
/*initialize enc28j60*/
enc28j60Init(mymac);
init_ip_arp_udp_tcp(mymac,myip,mywwwport);
//ָʾµÆ״̬:0x476 is PHLCON LEDA(ÂÌ)=links status, LEDB(ºì)=receive/transmit
enc28j60PhyWrite(PHLCON,0x7a4);
enc28j60clkout(2); // change clkout from 6.25MHz to 12.5MHz
// Del_1ms(20);
//init the ethernet/ip layer:
while(1)
{
// OSTimeDlyHMSM(0, 0, 0, 50);
// get the next new packet:
plen = enc28j60PacketReceive(BUFFER_SIZE, buf);
//USART_DMASendData(USART1,buf,plen);
/*plen will ne unequal to zero if there is a valid packet (without crc error) */
if(plen==0)
{
continue;
}
// arp is broadcast if unknown but a host may also
// verify the mac address by sending it to
// a unicast address.
if(eth_type_is_arp_and_my_ip(buf,plen))
{
make_arp_answer_from_request(buf);
//USART_DMASendText(USART1,"make_arp_answer_from_request\n");
continue;
}
// check if ip packets are for us:
if(eth_type_is_ip_and_my_ip(buf,plen)==0)
{
continue;
}
if(buf[IP_PROTO_P]==IP_PROTO_ICMP_V && buf[ICMP_TYPE_P]==ICMP_TYPE_ECHOREQUEST_V)
{
// a ping packet, let's send pong
make_echo_reply_from_request(buf, plen);
//USART_DMASendText(USART1,"make_echo_reply_from_request\n");
continue;
}
// tcp port www start, compare only the lower byte
if (buf[IP_PROTO_P]==IP_PROTO_TCP_V&&buf[TCP_DST_PORT_H_P]==0&&buf[TCP_DST_PORT_L_P]==mywwwport)
{
if (buf[TCP_FLAGS_P] & TCP_FLAGS_SYN_V)
{
make_tcp_synack_from_syn(buf);
// make_tcp_synack_from_syn does already send the syn,ack
continue;
}
if (buf[TCP_FLAGS_P] & TCP_FLAGS_ACK_V)
{
init_len_info(buf); // init some data structures
// we can possibly have no data, just ack:
dat_p=get_tcp_data_pointer();
if (dat_p==0)
{
if (buf[TCP_FLAGS_P] & TCP_FLAGS_FIN_V)
{
// finack, answer with ack
make_tcp_ack_from_any(buf);
}
// just an ack with no data, wait for next packet
continue;
}
if (strncmp("GET ",(char *)&(buf[dat_p]),4)!=0)
{
// head, post and other methods:
//
// for possible status codes see:
// http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html
plen=fill_tcp_data_p(buf,0,PSTR("HTTP/1.0 200 OK\r\nContent-Type: text/html\r\n\r\n<h1>200 OK</h1>"));
goto SENDTCP;
}
if (strncmp("/ ",(char *)&(buf[dat_p+4]),2)==0)
{
plen=fill_tcp_data_p(buf,0,PSTR("HTTP/1.0 200 OK\r\nContent-Type: text/html\r\n\r\n"));
plen=fill_tcp_data_p(buf,plen,PSTR("<p>Usage: "));
plen=fill_tcp_data(buf,plen,baseurl);
plen=fill_tcp_data_p(buf,plen,PSTR("password</p>"));
goto SENDTCP;
}
cmd=analyse_get_url((char *)&(buf[dat_p+5]));
// for possible status codes see:
// http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html
if (cmd==-1)
{
plen=fill_tcp_data_p(buf,0,PSTR("HTTP/1.0 401 Unauthorized\r\nContent-Type: text/html\r\n\r\n<h1>401 Unauthorized</h1>"));
goto SENDTCP;
}
if (cmd==1)
{
//PORTD|= (1<<PD7);// transistor on
//IOCLR |= (1<<26);
// LED1ON();
i=1;
}
if (cmd==0)
{
//PORTD &= ~(1<<PD7);// transistor off
//IOSET |= (1<<26);
// LED1OFF();
i=0;
}
// if (cmd==-2) or any other value
// just display the status:
plen=print_webpage(buf,(i));
SENDTCP:
make_tcp_ack_from_any(buf); // send ack for http get
make_tcp_ack_with_data(buf,plen); // send data
continue;
}
}
// tcp port www end
//
// udp start, we listen on udp port 1200=0x4B0
if (buf[IP_PROTO_P]==IP_PROTO_UDP_V&&buf[UDP_DST_PORT_H_P]==4&&buf[UDP_DST_PORT_L_P]==0xb0)
{
payloadlen=buf[UDP_LEN_L_P]-UDP_HEADER_LEN;
// you must sent a string starting with v
// e.g udpcom version 10.0.0.24
if (verify_password((char *)&(buf[UDP_DATA_P])))
{
// find the first comma which indicates
// the start of a command:
cmd_pos=0;
while(cmd_pos<payloadlen)
{
cmd_pos++;
if (buf[UDP_DATA_P+cmd_pos]==',')
{
cmd_pos++; // put on start of cmd
break;
}
}
// a command is one char and a value. At
// least 3 characters long. It has an '=' on
// position 2:
if (cmd_pos<2 || cmd_pos>payloadlen-3 || buf[UDP_DATA_P+cmd_pos+1]!='=')
{
strcpy(str,"e=no_cmd");
goto ANSWER;
}
// supported commands are
// t=1 t=0 t=?
if (buf[UDP_DATA_P+cmd_pos]=='t')
{
cmdval=buf[UDP_DATA_P+cmd_pos+2];
if(cmdval=='1')
{
//PORTD|= (1<<PD7);// transistor on
//IOCLR |= (1<<26);
//LED1ON();
strcpy(str,"t=1");
goto ANSWER;
}
else if(cmdval=='0')
{
//PORTD &= ~(1<<PD7);// transistor off
//IOSET |= (1<<26);
//LED1OFF();
strcpy(str,"t=0");
goto ANSWER;
}
else if(cmdval=='?')
{
/*
if (IOPIN & (1<<26))
{
strcpy(str,"t=1");
goto ANSWER;
}
*/
strcpy(str,"t=0");
goto ANSWER;
}
}
strcpy(str,"e=no_such_cmd");
goto ANSWER;
}
strcpy(str,"e=invalid_pw");
ANSWER:
make_udp_reply_from_request(buf,str,strlen(str),myudpport);
}
}
// return (0);
}
int main(void){
uint16_t plen;
uint8_t i=0;
uint8_t cmd_pos=0;
uint8_t payloadlen=0;
char str[30];
char cmdval;
// set the clock speed to 8MHz
// set the clock prescaler. First write CLKPCE to enable setting of clock the
// next four instructions.
CLKPR=(1<<CLKPCE);
CLKPR=0; // 8 MHZ
delay_ms(10);
/* enable PB0, reset as output */
DDRB|= (1<<DDB0);
/* enable PD2/INT0, as input */
DDRD&= ~(1<<DDD2);
/* set output to gnd, reset the ethernet chip */
PORTB &= ~(1<<PB0);
delay_ms(10);
/* set output to Vcc, reset inactive */
PORTB|= (1<<PB0);
delay_ms(200);
/*initialize enc28j60*/
enc28j60Init(mymac);
delay_ms(20);
// LED
/* enable PB1, LED as output */
DDRB|= (1<<DDB1);
/* set output to Vcc, LED off */
PORTB|= (1<<PB1);
// the transistor on PD7
DDRD|= (1<<DDD7);
PORTD &= ~(1<<PD7);// transistor off
/* Magjack leds configuration, see enc28j60 datasheet, page 11 */
// LEDB=yellow LEDA=green
//
// 0x476 is PHLCON LEDA=links status, LEDB=receive/transmit
// enc28j60PhyWrite(PHLCON,0b0000 0100 0111 01 10);
enc28j60PhyWrite(PHLCON,0x476);
delay_ms(20);
/* set output to GND, red LED on */
PORTB &= ~(1<<PB1);
i=1;
//init the ethernet/ip layer:
init_ip_arp_udp(mymac,myip);
while(1){
// get the next new packet:
plen = enc28j60PacketReceive(BUFFER_SIZE, buf);
/*plen will ne unequal to zero if there is a valid
* packet (without crc error) */
if(plen==0){
continue;
}
// led----------
if (i){
/* set output to Vcc, LED off */
PORTB|= (1<<PB1);
i=0;
}else{
/* set output to GND, LED on */
PORTB &= ~(1<<PB1);
i=1;
}
// arp is broadcast if unknown but a host may also
// verify the mac address by sending it to
// a unicast address.
if(eth_type_is_arp_and_my_ip(buf,plen)){
make_arp_answer_from_request(buf,plen);
continue;
}
// check if ip packets (icmp or udp) are for us:
if(eth_type_is_ip_and_my_ip(buf,plen)==0){
continue;
}
if(buf[IP_PROTO_P]==IP_PROTO_ICMP_V && buf[ICMP_TYPE_P]==ICMP_TYPE_ECHOREQUEST_V){
// a ping packet, let's send pong
make_echo_reply_from_request(buf,plen);
continue;
}
// we listen on port 1200=0x4B0
if (buf[IP_PROTO_P]==IP_PROTO_UDP_V&&buf[UDP_DST_PORT_H_P]==4&&buf[UDP_DST_PORT_L_P]==0xb0){
payloadlen=buf[UDP_LEN_L_P]-UDP_HEADER_LEN;
// you must sent a string starting with v
// e.g udpcom version 10.0.0.24
if (verify_password((char *)&(buf[UDP_DATA_P]))){
// find the first comma which indicates
// the start of a command:
cmd_pos=0;
while(cmd_pos<payloadlen){
cmd_pos++;
if (buf[UDP_DATA_P+cmd_pos]==','){
cmd_pos++; // put on start of cmd
break;
}
}
// a command is one char and a value. At
// least 3 characters long. It has an '=' on
// position 2:
if (cmd_pos<2 || cmd_pos>payloadlen-3 || buf[UDP_DATA_P+cmd_pos+1]!='='){
strcpy(str,"e=no_cmd");
goto ANSWER;
}
// supported commands are
// t=1 t=0 t=?
if (buf[UDP_DATA_P+cmd_pos]=='t'){
cmdval=buf[UDP_DATA_P+cmd_pos+2];
if(cmdval=='1'){
PORTD|= (1<<PD7);// transistor on
strcpy(str,"t=1");
goto ANSWER;
}else if(cmdval=='0'){
PORTD &= ~(1<<PD7);// transistor off
strcpy(str,"t=0");
goto ANSWER;
}else if(cmdval=='?'){
if (PORTD & (1<<PD7)){
strcpy(str,"t=1");
goto ANSWER;
}
strcpy(str,"t=0");
goto ANSWER;
}
}
strcpy(str,"e=no_such_cmd");
goto ANSWER;
}
strcpy(str,"e=invalid_pw");
ANSWER:
make_udp_reply_from_request(buf,str,strlen(str),myport);
}
}
return (0);
}
uint8_t analyse_get_url(char *str)
{
errmsg="invalid pw";
if (strncmp("now",str,3)==0){
return(3);
}
if (strncmp("cnf",str,3)==0){
return(6);
}
if (strncmp("room1",str,5)==0){
return(10);
}
if (strncmp("room2",str,5)==0){
return(11);
}
if (strncmp("clk",str,3)==0){
return(12);
}
// Set the new time or date
if (strncmp("cdclk",str,4)==0){
if (find_key_val(str,"pw")){
urldecode(strbuf);
if (verify_password(strbuf)){
if (find_key_val(str,"h")){
urldecode(strbuf);
time.hr = atoi(strbuf);
if (find_key_val(str,"m")){
urldecode(strbuf);
time.min = atoi(strbuf);
if (find_key_val(str,"s")){
urldecode(strbuf);
time.sec = atoi(strbuf);
if (find_key_val(str,"dd")){
urldecode(strbuf);
time.dat = atoi(strbuf);
if (find_key_val(str,"mm")){
urldecode(strbuf);
time.mon = atoi(strbuf);
if (find_key_val(str,"yy")){
urldecode(strbuf);
time.yr = atoi(strbuf);
strbuf[7]='\0';
return(35);
}
}
}
}
}
}
}
}
}
// change temp in room1
if (strncmp("tmpc",str,4)==0){
if (find_key_val(str,"pw")){
urldecode(strbuf);
if (verify_password(strbuf)){
if (find_key_val(str,"ntemp")){
urldecode(strbuf);
strbuf[2]='\0';
return(20);
}
}
}
}
// change temp in room2
if (strncmp("tmpc2",str,5)==0){
if (find_key_val(str,"pw")){
urldecode(strbuf);
if (verify_password(strbuf)){
if (find_key_val(str,"ntemp2")){
urldecode(strbuf);
strbuf[2]='\0';
return(21);
}
}
}
}
// change on / off status on slave-modules
if (strncmp("stat1",str,5)==0){
if (find_key_val(str,"pw")){
urldecode(strbuf);
if (verify_password(strbuf)){
if (find_key_val(str,"onoff")){
urldecode(strbuf);
strbuf[2]='\0';
return(34);
}
}
}
}
// change on / off status on slave-modules
if (strncmp("stat2",str,5)==0){
if (find_key_val(str,"pw")){
urldecode(strbuf);
if (verify_password(strbuf)){
if (find_key_val(str,"onoff2")){
urldecode(strbuf);
strbuf[2]='\0';
return(32);
}
}
}
}
// change own ip and pw
if (strncmp("ipc",str,3)==0){
if (find_key_val(str,"pw")){
urldecode(strbuf);
if (verify_password(strbuf)){
if (find_key_val(str,"nip")){
urldecode(strbuf);
if (parse_ip(myip,strbuf)){
errmsg="invalid ip";
return(0);
}
strbuf[7]='\0';
return(7);
}
}
if (find_key_val(str,"npw")){
urldecode(strbuf);
strbuf[7]='\0';
strcpy(password,strbuf);
return(2);
}
}
return(0);
}
if (strncmp("mod",str,3)==0){
return(2);
}
errmsg="inv. url";
return(0);
}
void notify_key(enum wl_keyboard_key_state state, xkb_keysym_t sym, uint32_t code, uint32_t codepoint) {
int redraw_screen = 0;
char *password_realloc;
if (state == WL_KEYBOARD_KEY_STATE_PRESSED) {
switch (sym) {
case XKB_KEY_KP_Enter: // fallthrough
case XKB_KEY_Return:
render_data.auth_state = AUTH_STATE_VALIDATING;
render(&render_data);
// Make sure our render call will actually be displayed on the screen
wl_dispatch_events();
if (verify_password()) {
exit(0);
}
render_data.auth_state = AUTH_STATE_INVALID;
redraw_screen = 1;
password_size = 1024;
password = malloc(password_size);
password[0] = '\0';
break;
case XKB_KEY_BackSpace:
{
int i = strlen(password);
if (i > 0) {
password[i - 1] = '\0';
render_data.auth_state = AUTH_STATE_BACKSPACE;
redraw_screen = 1;
}
break;
}
case XKB_KEY_Control_L: // fallthrough
case XKB_KEY_Control_R: // fallthrough
case XKB_KEY_Shift_L: // fallthrough
case XKB_KEY_Shift_R: // fallthrough
case XKB_KEY_Caps_Lock: // fallthrough
case XKB_KEY_Shift_Lock: // fallthrough
case XKB_KEY_Meta_L: // fallthrough
case XKB_KEY_Meta_R: // fallthrough
case XKB_KEY_Alt_L: // fallthrough
case XKB_KEY_Alt_R: // fallthrough
case XKB_KEY_Super_L: // fallthrough
case XKB_KEY_Super_R: // fallthrough
case XKB_KEY_Hyper_L: // fallthrough
case XKB_KEY_Hyper_R:
{
// don't draw screen on modifier keys
break;
}
case XKB_KEY_Escape: // fallthrough
case XKB_KEY_u: // fallthrough
case XKB_KEY_U:
{
// clear password buffer on ctrl-u (or escape for i3lock compatibility)
if (sym == XKB_KEY_Escape || xkb_state_mod_name_is_active(registry->input->xkb.state,
XKB_MOD_NAME_CTRL, XKB_STATE_MODS_EFFECTIVE) > 0) {
render_data.auth_state = AUTH_STATE_BACKSPACE;
redraw_screen = 1;
password_size = 1024;
free(password);
password = malloc(password_size);
password[0] = '\0';
break;
}
}
default:
{
render_data.auth_state = AUTH_STATE_INPUT;
redraw_screen = 1;
int i = strlen(password);
if (i + 1 == password_size) {
password_size += 1024;
password_realloc = realloc(password, password_size);
// reset password if realloc fails.
if (password_realloc == NULL) {
password_size = 1024;
free(password);
password = malloc(password_size);
password[0] = '\0';
break;
} else {
password = password_realloc;
}
}
password[i] = (char)codepoint;
password[i + 1] = '\0';
break;
}
}
if (redraw_screen) {
render(&render_data);
wl_dispatch_events();
// Hide the indicator after a couple of seconds
alarm(5);
}
}
}
static void ns_cmd_drop(sourceinfo_t *si, int parc, char *parv[])
{
myuser_t *mu;
mynick_t *mn;
char *acc = parv[0];
char *pass = parv[1];
if (!acc || !pass)
{
command_fail(si, fault_needmoreparams, STR_INSUFFICIENT_PARAMS, "DROP");
command_fail(si, fault_needmoreparams, _("Syntax: DROP <account> <password>"));
return;
}
if (!(mu = myuser_find(acc)))
{
if (!nicksvs.no_nick_ownership)
{
mn = mynick_find(acc);
if (mn != NULL && command_find(si->service->cmdtree, "UNGROUP"))
{
command_fail(si, fault_nosuch_target, _("\2%s\2 is a grouped nick, use %s to remove it."), acc, "UNGROUP");
return;
}
}
command_fail(si, fault_nosuch_target, _("\2%s\2 is not registered."), acc);
return;
}
if (metadata_find(mu, "private:freeze:freezer"))
{
command_fail(si, fault_authfail, nicksvs.no_nick_ownership ? "You cannot login as \2%s\2 because the account has been frozen." : "You cannot identify to \2%s\2 because the nickname has been frozen.", mu->name);
return;
}
if (!verify_password(mu, pass))
{
command_fail(si, fault_authfail, _("Authentication failed. Invalid password for \2%s\2."), mu->name);
bad_password(si, mu);
return;
}
if (!nicksvs.no_nick_ownership &&
LIST_LENGTH(&mu->nicks) > 1 &&
command_find(si->service->cmdtree, "UNGROUP"))
{
command_fail(si, fault_noprivs, _("Account \2%s\2 has %d other nick(s) grouped to it, remove those first."),
mu->name, LIST_LENGTH(&mu->nicks) - 1);
return;
}
if (is_soper(mu))
{
command_fail(si, fault_noprivs, _("The nickname \2%s\2 belongs to a services operator; it cannot be dropped."), acc);
return;
}
if (mu->flags & MU_HOLD)
{
command_fail(si, fault_noprivs, _("The account \2%s\2 is held; it cannot be dropped."), acc);
return;
}
snoop("DROP: \2%s\2 by \2%s\2", mu->name, get_source_name(si));
command_add_flood(si, FLOOD_MODERATE);
logcommand(si, CMDLOG_REGISTER, "DROP %s", mu->name);
hook_call_user_drop(mu);
command_success_nodata(si, _("The account \2%s\2 has been dropped."), mu->name);
object_unref(mu);
}
void ethernet_process(void)
{
uint16_t plen;
uint16_t dat_p;
uint8_t cmd_pos=0;
int8_t cmd;
uint8_t payloadlen=0;
char str[30];
char cmdval;
// get the next new packet:
plen = enc28j60PacketReceive(BUFFER_SIZE, buf);
buf[BUFFER_SIZE]='\0';
dat_p=packetloop_arp_icmp_tcp(buf,plen);
#if 0
// tcp port 80 begin
if (strncmp("GET ",(char *)&(buf[dat_p]),4)!=0)
{
// head, post and other methods:
dat_p=http200ok();
dat_p=ES_fill_tcp_data(buf,dat_p,"<h1>200 OK</h1>");
goto SENDTCP;
}
#endif
/*plen will ne unequal to zero if there is a valid
* packet (without crc error) */
if(plen==0)
{
//continue;
}
// arp is broadcast if unknown but a host may also
// verify the mac address by sending it to
// a unicast address.
if(eth_type_is_arp_and_my_ip(buf,plen))
{
make_arp_answer_from_request(buf);
//continue;
}
// check if ip packets are for us:
if(eth_type_is_ip_and_my_ip(buf,plen)==0)
{
//continue;
}
#ifdef _DEBUG_
// led----------
if (i){
/* set output to Vcc, LED off */
PORTB|= (1<<PORTB1);
i=0;
}else{
/* set output to GND, LED on */
PORTB &= ~(1<<PORTB1);
i=1;
}
#endif
if(buf[IP_PROTO_P]==IP_PROTO_ICMP_V && buf[ICMP_TYPE_P]==ICMP_TYPE_ECHOREQUEST_V)
{
// a ping packet, let's send pong
make_echo_reply_from_request(buf,plen);
//continue;
}
// tcp port www start, compare only the lower byte
if (buf[IP_PROTO_P]==IP_PROTO_TCP_V&&buf[TCP_DST_PORT_H_P]==0&&buf[TCP_DST_PORT_L_P]==MYWWWPORT)
{
if (buf[TCP_FLAGS_P] & TCP_FLAGS_SYN_V)
{
make_tcp_synack_from_syn(buf);
// make_tcp_synack_from_syn does already send the syn,ack
//continue;
}
if (buf[TCP_FLAGS_P] & TCP_FLAGS_ACK_V)
{
init_len_info(buf); // init some data structures
// we can possibly have no data, just ack:
dat_p=get_tcp_data_pointer();
if (dat_p==0)
{
if (buf[TCP_FLAGS_P] & TCP_FLAGS_FIN_V)
{
// finack, answer with ack
make_tcp_ack_from_any(buf,1,0);
}
// just an ack with no data, wait for next packet
//continue;
}
if (strncmp("GET ",(char *)&(buf[dat_p]),4)!=0)
{
// head, post and other methods:
//
// for possible status codes see:
// http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html
plen=fill_tcp_data_p(buf,0,PSTR("HTTP/1.0 200 OK\r\nContent-Type: text/html\r\n\r\n<h1>200 OK</h1>"));
goto SENDTCP;
}
if (strncmp("/ ",(char *)&(buf[dat_p+4]),2)==0)
{
plen=fill_tcp_data_p(buf,0,PSTR("HTTP/1.0 200 OK\r\nContent-Type: text/html\r\n\r\n"));
plen=fill_tcp_data_p(buf,plen,PSTR("<p>Usage: http://host_or_ip/password</p>\n"));
goto SENDTCP;
}
cmd=analyse_get_url((char *)&(buf[dat_p+5]));
// for possible status codes see:
// http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html
if (cmd==-1)
{
plen=fill_tcp_data_p(buf,0,PSTR("HTTP/1.0 401 Unauthorized\r\nContent-Type: text/html\r\n\r\n<h1>401 Unauthorized</h1>"));
goto SENDTCP;
}
#ifdef _DEBUG_
if (cmd==1)
{
PORTD|= (1<<PORTD7);// transistor on
}
if (cmd==0)
{
PORTD &= ~(1<<PORTD7);// transistor off
}
#endif
if (cmd==-3)
{
// redirect to add a trailing slash
plen=moved_perm(buf);
goto SENDTCP;
}
#ifndef _DEBUG_
// if (cmd==-2) or any other value
// just display the status:
//plen=print_webpage(buf,(PORTD & (1<<PORTD7)));
plen=print_webpage(buf);
//
#endif
SENDTCP:
plen=print_webpage(buf);
make_tcp_ack_from_any(buf,1,0); // send ack for http get
make_tcp_ack_with_data(buf,plen); // send data
//continue;
}
}
// tcp port www end
//
// udp start, we listen on udp port 1200=0x4B0
if (buf[IP_PROTO_P]==IP_PROTO_UDP_V&&buf[UDP_DST_PORT_H_P]==4&&buf[UDP_DST_PORT_L_P]==0xb0)
{
payloadlen=buf[UDP_LEN_L_P]-UDP_HEADER_LEN;
// you must sent a string starting with v
// e.g udpcom version 10.0.0.24
if (verify_password((char *)&(buf[UDP_DATA_P])))
{
// find the first comma which indicates
// the start of a command:
cmd_pos=0;
while(cmd_pos<payloadlen)
{
cmd_pos++;
if (buf[UDP_DATA_P+cmd_pos]==',')
{
cmd_pos++; // put on start of cmd
break;
}
}
// a command is one char and a value. At
// least 3 characters long. It has an '=' on
// position 2:
if (cmd_pos<2 || cmd_pos>payloadlen-3 || buf[UDP_DATA_P+cmd_pos+1]!='=')
{
strcpy(str,"e=no_cmd");
goto ANSWER;
}
// supported commands are
// t=1 t=0 t=?
if (buf[UDP_DATA_P+cmd_pos]=='t')
{
cmdval=buf[UDP_DATA_P+cmd_pos+2];
if(cmdval=='1')
{
//PORTD|= (1<<PORTD7);// transistor on
strcpy(str,"t=1");
goto ANSWER;
}
else if(cmdval=='0')
{
//PORTD &= ~(1<<PORTD7);// transistor off
strcpy(str,"t=0");
goto ANSWER;
}
else if(cmdval=='?')
{
// if (PORTD & (1<<PORTD7)){
// strcpy(str,"t=1");
// goto ANSWER;
// }
strcpy(str,"t=0");
goto ANSWER;
}
}
strcpy(str,"e=no_such_cmd");
goto ANSWER;
}
strcpy(str,"e=invalid_pw");
ANSWER:
make_udp_reply_from_request(buf,str,strlen(str),MYUDPPORT);
}
}
PAM_EXTERN int
pam_sm_authenticate(pam_handle_t *pamh,
int flags,
int argc,
const char *argv[])
{
const void *ptr;
struct pam_conv *conv;
struct pam_message msg;
const struct pam_message *msgp;
struct pam_response *resp;
const char *user;
char *password;
char *storedPwd;
int pam_err;
D(("Database path: %s", argv[0]));
/* identify user */
if ((pam_err = pam_get_user(pamh, &user, NULL)) != PAM_SUCCESS)
return (pam_err);
/* Gets conversation item to grab password */
pam_err = pam_get_item(pamh, PAM_CONV, &ptr);
if (pam_err != PAM_SUCCESS)
return (PAM_SYSTEM_ERR);
conv = (struct pam_conv *) ptr;
msg.msg_style = PAM_PROMPT_ECHO_OFF;
msg.msg = password_prompt;
msgp = &msg;
password = NULL;
resp = NULL;
/* Call conversation */
pam_err = (*conv->conv)(1, &msgp, &resp, conv->appdata_ptr);
if (resp != NULL)
{
if (pam_err == PAM_SUCCESS)
password = resp->resp;
else
free(resp->resp);
free(resp);
}
if (pam_err != PAM_SUCCESS)
return (PAM_AUTH_ERR);
//D(("Got pass: %s", password));
/* compare passwords */
if((pam_err = verify_password(user, password, argv[0])) != PAM_SUCCESS)
{
D(("ERROR!\n"));
return pam_err;
}
return PAM_SUCCESS;
}
static int mech_step(sasl_session_t *p, char *message, size_t len, char **out, size_t *out_len)
{
DH *dh = NULL;
BF_KEY key;
BIGNUM *their_key = NULL;
myuser_t *mu;
char *ptr, *secret = NULL, *password = NULL;
int ret = ASASL_FAIL;
uint16_t size;
int secret_size;
if (!p->mechdata)
return ASASL_FAIL;
dh = (DH*)p->mechdata;
/* Their pub_key */
if (len < 2)
goto end;
size = ntohs(*(uint16_t *)message);
message += 2;
len -= 2;
if (size > len)
goto end;
if ((their_key = BN_bin2bn((unsigned char *)message, size, NULL)) == NULL)
goto end;
message += size;
len -= size;
/* Username */
size = strlen(message);
if (size >= NICKLEN) /* our base64 routines null-terminate - how polite */
goto end;
p->username = strdup(message);
message += size + 1;
len -= size + 1;
if ((mu = myuser_find_by_nick(p->username)) == NULL)
goto end;
/* AES-encrypted password remains */
/* Compute shared secret */
secret = (char*)malloc(DH_size(dh));
secret_size = DH_compute_key((unsigned char *)secret, their_key, dh);
if (secret_size <= 0)
goto end;
/* Data must be multiple of block size, and let's be reasonable about size */
if (len == 0 || len % 8 || len > 128)
goto end;
/* Decrypt! */
BF_set_key(&key, secret_size, (unsigned char *)secret);
ptr = password = (char*)malloc(len + 1);
password[len] = '\0';
while (len)
{
BF_ecb_encrypt((unsigned char *)message, (unsigned char *)ptr, &key, BF_DECRYPT);
message += 8;
ptr += 8;
len -= 8;
}
if (verify_password(mu, password))
ret = ASASL_DONE;
end:
if (their_key)
BN_free(their_key);
free(secret);
free(password);
return ret;
}
