int main(int argc, char *argv[])
{
unsigned char lb[2];
unsigned char buf[BUFSIZ];
char *user;
char *pwd;
char *mode;
int sid;
int rval;
struct session *sessp;
// test clause
if (argc == 4 ) {
/* ./epam authmodule user passwd */
printf("testing service=%s u=%s pwd=%s\n", argv[1],argv[2], argv[3]);
do_auth(argv[1], argv[2], argv[3], "AS", 33);
exit(0);
}
wstart();
while (1) {
if (read_fill(0, lb, 2) != 2)
exit(1);
rval = get_int16(lb);
if (read_fill(0, buf, rval) != rval)
exit(1);
switch (buf[0]) {
case 'a':
// auth a user
user = (char *)&buf[1];
pwd = user + strlen(user) + 1;
mode= pwd + strlen(pwd) + 1;
sid = atoi(mode + strlen(mode) + 1);
do_auth(argv[1], user, pwd, mode, sid);
break;
case 'c':
// close session
sid = atoi((char *)&buf[1]);
if ((sessp = del_session(&sessions, sid)) == NULL) {
fprintf(stderr, "Couldn't find session %d\r\n", sid);
break;
}
if (sessp->session_mode == 1) {
pam_close_session(sessp->pamh, 0);
/*fprintf(stderr, "did ok close sess \n\r");*/
}
pam_end(sessp->pamh, PAM_SUCCESS);
free(sessp);
break;
default:
fprintf(stderr, "Bad op \n\r");
}
}
}
/* Function is called when 2xx responses are received. Normally we don't
* have to do anything, except for the first response after the
* authentication handshake. This specific response includes authentication
* data which should be validated by the client (mutual authentication).
*/
apr_status_t
serf__validate_response_kerb_auth(int code,
serf_connection_t *conn,
serf_request_t *request,
serf_bucket_t *response,
apr_pool_t *pool)
{
gss_authn_info_t *gss_info = (code == 401) ? conn->authn_baton :
conn->proxy_authn_baton;
serf_bucket_t *hdrs;
const char *auth_hdr;
hdrs = serf_bucket_response_get_headers(response);
auth_hdr = serf_bucket_headers_get(hdrs, "WWW-Authenticate");
if (gss_info->state != gss_api_auth_completed) {
return do_auth(code,
gss_info,
conn,
auth_hdr,
pool);
}
return APR_SUCCESS;
}
/* FIXME: Implement the anonymous login */
static void
do_login (void)
{
char *username;
char *password;
int result;
rpc_get (msock, RPC_LIMITED_STRING, &up_dir, RPC_LIMITED_STRING,
&username, RPC_END);
if (verbose)
printf ("username: %s\n", username);
if (r_auth) {
logged_in = do_rauth (msock);
if (logged_in) {
login_reply (logged_in);
return;
}
}
rpc_send (msock, RPC_INT, MC_NEED_PASSWORD, RPC_END);
rpc_get (msock, RPC_INT, &result, RPC_END);
if (result == MC_QUIT)
DO_QUIT_VOID ();
if (result != MC_PASS) {
if (verbose)
printf ("do_login: Unknown response: %d\n", result);
DO_QUIT_VOID ();
}
rpc_get (msock, RPC_LIMITED_STRING, &password, RPC_END);
logged_in = do_auth (username, password);
endpwent ();
login_reply (logged_in);
}
void bsd_exploitation(void)
{
printf("Exploiting %s on a *BSD\t", host);
do_auth();
fill_holes();
evil_entry();
start_gzip();
try_exploit();
}
/* A 401 response was received, handle the authentication. */
apr_status_t
serf__handle_kerb_auth(int code,
serf_request_t *request,
serf_bucket_t *response,
const char *auth_hdr,
const char *auth_attr,
void *baton,
apr_pool_t *pool)
{
serf_connection_t *conn = request->conn;
gss_authn_info_t *gss_info = (code == 401) ? conn->authn_baton :
conn->proxy_authn_baton;
return do_auth(code,
gss_info,
request->conn,
auth_hdr,
pool);
}
/* A 40x response was received, handle the authentication. */
apr_status_t
serf__handle_spnego_auth(int code,
serf_request_t *request,
serf_bucket_t *response,
const char *auth_hdr,
const char *auth_attr,
void *baton,
apr_pool_t *pool)
{
serf_connection_t *conn = request->conn;
serf_context_t *ctx = conn->ctx;
gss_authn_info_t *gss_info = (code == 401) ? conn->authn_info.baton :
ctx->proxy_authn_info.baton;
return do_auth(code == 401 ? HOST : PROXY,
code,
gss_info,
request->conn,
request,
auth_hdr,
pool);
}
/* Function is called when 2xx responses are received. Normally we don't
* have to do anything, except for the first response after the
* authentication handshake. This specific response includes authentication
* data which should be validated by the client (mutual authentication).
*/
apr_status_t
serf__validate_response_spnego_auth(const serf__authn_scheme_t *scheme,
peer_t peer,
int code,
serf_connection_t *conn,
serf_request_t *request,
serf_bucket_t *response,
apr_pool_t *pool)
{
serf_context_t *ctx = conn->ctx;
gss_authn_info_t *gss_info;
const char *auth_hdr_name;
/* TODO: currently this function is only called when a response includes
an Authenticate header. This header is optional. If the server does
not provide this header on the first 2xx response, we will not promote
the connection from undecided to stateful. This won't break anything,
but means we stay in non-pipelining mode. */
serf__log_skt(AUTH_VERBOSE, __FILE__, conn->skt,
"Validate Negotiate response header.\n");
if (peer == HOST) {
gss_info = conn->authn_info.baton;
auth_hdr_name = "WWW-Authenticate";
} else {
gss_info = ctx->proxy_authn_info.baton;
auth_hdr_name = "Proxy-Authenticate";
}
if (gss_info->state != gss_api_auth_completed) {
serf_bucket_t *hdrs;
const char *auth_hdr_val;
apr_status_t status;
hdrs = serf_bucket_response_get_headers(response);
auth_hdr_val = get_auth_header(hdrs, auth_hdr_name, scheme->name,
pool);
if (auth_hdr_val) {
status = do_auth(peer, code, gss_info, conn, request, auth_hdr_val,
pool);
if (status) {
return status;
}
} else {
/* No Authenticate headers, nothing to validate: authentication
completed.*/
gss_info->state = gss_api_auth_completed;
serf__log_skt(AUTH_VERBOSE, __FILE__, conn->skt,
"SPNEGO handshake completed.\n");
}
}
if (gss_info->state == gss_api_auth_completed) {
switch(gss_info->pstate) {
case pstate_init:
/* Authentication of the first request is done. */
gss_info->pstate = pstate_undecided;
break;
case pstate_undecided:
/* The server didn't request for authentication even though
we didn't add an Authorization header to previous
request. That means it supports persistent authentication. */
gss_info->pstate = pstate_stateful;
serf_connection_set_max_outstanding_requests(conn, 0);
break;
default:
/* Nothing to do here. */
break;
}
}
return APR_SUCCESS;
}
/* Setup the authn headers on this request message. */
apr_status_t
serf__setup_request_spnego_auth(peer_t peer,
int code,
serf_connection_t *conn,
serf_request_t *request,
const char *method,
const char *uri,
serf_bucket_t *hdrs_bkt)
{
serf_context_t *ctx = conn->ctx;
gss_authn_info_t *gss_info = (peer == HOST) ? conn->authn_info.baton :
ctx->proxy_authn_info.baton;
/* If we have an ongoing authentication handshake, the handler of the
previous response will have created the authn headers for this request
already. */
if (gss_info && gss_info->header && gss_info->value) {
serf__log_skt(AUTH_VERBOSE, __FILE__, conn->skt,
"Set Negotiate authn header on retried request.\n");
serf_bucket_headers_setn(hdrs_bkt, gss_info->header,
gss_info->value);
/* Remember that we're using this request for authentication
handshake. */
request->auth_baton = (void*) TRUE;
/* We should send each token only once. */
gss_info->header = NULL;
gss_info->value = NULL;
return APR_SUCCESS;
}
switch (gss_info->pstate) {
case pstate_init:
/* We shouldn't normally arrive here, do nothing. */
break;
case pstate_undecided: /* fall through */
serf__log_skt(AUTH_VERBOSE, __FILE__, conn->skt,
"Assume for now that the server supports persistent "
"SPNEGO authentication.\n");
/* Nothing to do here. */
break;
case pstate_stateful:
serf__log_skt(AUTH_VERBOSE, __FILE__, conn->skt,
"SPNEGO on this connection is persistent, "
"don't set authn header on next request.\n");
/* Nothing to do here. */
break;
case pstate_stateless:
{
apr_status_t status;
/* Authentication on this connection is known to be stateless.
Add an initial Negotiate token for the server, to bypass the
40x response we know we'll otherwise receive.
(RFC 4559 section 4.2) */
serf__log_skt(AUTH_VERBOSE, __FILE__, conn->skt,
"Add initial Negotiate header to request.\n");
status = do_auth(peer,
code,
gss_info,
conn,
request,
0l, /* no response authn header */
conn->pool);
if (status)
return status;
serf_bucket_headers_setn(hdrs_bkt, gss_info->header,
gss_info->value);
/* Remember that we're using this request for authentication
handshake. */
request->auth_baton = (void*) TRUE;
/* We should send each token only once. */
gss_info->header = NULL;
gss_info->value = NULL;
break;
}
}
return APR_SUCCESS;
}
int
main(int argc, char **argv)
{
extern int optind;
extern char *optarg;
struct sigaction sigact;
int c, n;
int sport = SERVER_PORT;
char *sname = "localhost";
char buf[4096];
struct sockaddr_in sock_server;
sigact.sa_handler = &sighndl;
sigfillset(&sigact.sa_mask);
sigact.sa_flags = SA_RESTART;
sigaction(SIGALRM, &sigact, NULL);
fclose(stdin);
while ((c = getopt(argc, argv, "?h:p:sbl")) != -1)
switch (c) {
case 's':
break;
case 'b':
break;
case 'l':
break;
case 'h':
sname = optarg;
break;
case 'p':
sport = atoi(optarg);
break;
case '?':
default:
usage(argv[0]);
/* NOTREACHED */
}
argc -= optind;
if (argc <= 0) {
usage(argv[0]);
}
argv += optind;
if ((sock_fd = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP)) == -1) {
perror("socket");
exit(1);
}
sock_server.sin_family = AF_INET;
sock_server.sin_port = htons(sport);
sock_server.sin_addr.s_addr = getaddr(sname);
#ifdef DUMPSTAT_DEBUG
fprintf(stderr, "host: %s, port: %hu\n",
inet_ntoa(sock_server.sin_addr), sport);
#endif
if (connect(sock_fd, (struct sockaddr *)&sock_server,
(socklen_t)sizeof(sock_server)) == -1) {
perror("connect");
exit(1);
}
signal(SIGALRM, (void *) &timeout);
alarm(60);
if (do_auth() == -1) {
fprintf(stderr, "Can't login to statistic server.\n");
exit(1);
}
sendcmd(argv);
while ((n = read(sock_fd, buf, sizeof(buf))) > 0) {
fwrite(buf, 1, n, stdout);
}
printf("\n");
close(sock_fd);
return (0);
}
int
main(int argc, char *argv[])
{
struct login_ctx ctx[1];
struct passwd *pw;
pid_t pid;
int c, stat;
pid_t wait_res;
memset(ctx, 0, sizeof(ctx));
while ((c = getopt(argc, argv, "vc:df:h:?")) != -1) {
switch (c) {
case 'v':
version();
break;
case 'c':
ctx->config = optarg;
break;
case 'd':
duo_debug = 1;
break;
case 'f':
ctx->duouser = optarg;
break;
case 'h':
ctx->host = optarg;
break;
default:
usage();
}
}
argc -= optind;
argv += optind;
ctx->uid = getuid();
if (geteuid() != ctx->uid) {
/* Setuid-root operation protecting private config. */
if (ctx->config != NULL || ctx->duouser != NULL) {
die("Only root may specify -c or -f");
}
if ((pw = getpwnam(DUO_PRIVSEP_USER)) == NULL) {
die("User '%s' not found", DUO_PRIVSEP_USER);
}
if ((pid = fork()) == 0) {
/* Unprivileged auth child. */
if (drop_privs(pw->pw_uid, pw->pw_gid) != 0) {
die("couldn't drop privileges: %s",
strerror(errno));
}
exit(do_auth(ctx, get_command(argc, argv)));
} else {
/* Parent continues as user. */
if (drop_privs(getuid(), getgid()) != 0) {
die("couldn't drop privileges: %s",
strerror(errno));
}
/* Check auth child status. */
while ((wait_res = waitpid(pid, &stat, 0)) == -1 &&
errno == EINTR) {
;
}
if (wait_res != pid) {
die("waitpid: %s", strerror(errno));
}
if (WEXITSTATUS(stat) == 0) {
do_exec(ctx, get_command(argc, argv));
}
}
} else {
char *cmd = get_command(argc, argv);
/* Non-setuid root operation or running as root. */
if (do_auth(ctx, cmd) == EXIT_SUCCESS) {
do_exec(ctx, cmd);
}
}
exit(EXIT_FAILURE);
}
/*
* Do any per-module initialization that is separate to each
* configured instance of the module. e.g. set up connections
* to external databases, read configuration files, set up
* dictionary entries, etc.
*
* If configuration information is given in the config section
* that must be referenced in later calls, store a handle to it
* in *instance otherwise put a null pointer there.
*/
static int xmlrpc_instantiate(CONF_SECTION * conf, void **instance)
{
rlm_xmlrpc_t *data;
rlm_xmlrpc_client_t *first_client;
rlm_xmlrpc_client_t *client;
xmlrpc_env env;
struct xmlrpc_clientparms clientParms;
struct xmlrpc_curl_xportparms curlParms;
int i, error;
void (*do_auth) ();
/*
* Set up a storage area for instance data
*/
data = rad_malloc(sizeof(*data));
if (!data) {
return -1;
}
memset(data, 0, sizeof(*data));
/*
* If the configuration parameters can't be parsed, then
* fail.
*/
if (cf_section_parse(conf, data, module_config) < 0) {
free(data);
return -1;
}
*instance = data;
#ifdef HAVE_PTHREAD_H
pthread_mutex_init(&data->client_mutex, NULL);
#endif
/*
* network_interface parameter cannot be omitted because the
* XMLRPC_CXPSIZE macro calcs the size from the first parameter
* to the last modified.
* Unfortunately is this the order.
*/
curlParms.network_interface = data->interface;
curlParms.no_ssl_verifypeer = data->no_ssl_verify_peer;
curlParms.no_ssl_verifyhost = data->no_ssl_verify_host;
clientParms.transport = "curl";
clientParms.transportparmsP = &curlParms;
clientParms.transportparm_size = XMLRPC_CXPSIZE(no_ssl_verifyhost);
/*
* Choosing method authentication
*/
if (strcmp(data->auth_type, "auth_basic") == 0) {
do_auth = xmlrpc_server_info_allow_auth_basic;
} else if (strcmp(data->auth_type, "auth_digest") == 0) {
do_auth = xmlrpc_server_info_allow_auth_digest;
} else if (strcmp(data->auth_type, "auth_negotiate") == 0) {
do_auth = xmlrpc_server_info_allow_auth_negotiate;
} else if (strcmp(data->auth_type, "auth_ntlm") == 0) {
do_auth = xmlrpc_server_info_allow_auth_ntlm;
}
/*
* Clients are created into a circular linked list.
* Into this cycle we setup clients and server information objects.
* Server information contains a method to do html authentication.
*/
for (i = 0; i < data->xmlrpc_num_socks; i++) {
client = rad_malloc(sizeof(*client));
if (!client) {
return -1;
}
memset(client, 0, sizeof(*client));
env = client->env;
xmlrpc_env_init(&env);
if (i == 0) {
data->client = client;
first_client = client;
xmlrpc_client_setup_global_const(&env);
} else {
data->client->next = client;
data->client = data->client->next;
}
xmlrpc_client_create(&env, XMLRPC_CLIENT_NO_FLAGS, NAME,
VERSION, &clientParms,
XMLRPC_CPSIZE(transportparm_size), &client->clientP);
error = check_error_and_free(data);
if (error != RLM_MODULE_OK)
return error;
client->serverInfoP = xmlrpc_server_info_new(&env, data->url);
error = check_error_and_free(data);
if (error != RLM_MODULE_OK)
return error;
if (strcmp(data->auth_type, "none") != 0) {
xmlrpc_server_info_set_user(&env, client->serverInfoP,
data->user, data->password);
error = check_error_and_free(data);
if (error != RLM_MODULE_OK)
return error;
do_auth(&env, client->serverInfoP);
error = check_error_and_free(data);
if (error != RLM_MODULE_OK)
return error;
radlog(L_INFO, "\trlm_xmlrpc: client #%d logged in as %s", i, data->user);
}
radlog(L_INFO, "\trlm_xmlrpc: client #%d initialized", i);
}
/*
* closing the circular linked list. data->client helds a pointer
* to the last client used by a thread.
*/
data->client->next = first_client;
data->client = data->client->next;
return 0;
}
mod_bool
auth(const char* subject, const char* issuer)
{
return do_auth(subject, issuer);
}
int authenticator::authenticate (void)
{
/* Check if we have all the information required to authenticate
*/
if( !(server_address.empty() ||
server_port == -1 ||
user_name.empty() ||
password.empty() ||
sec_cert.empty() ) )
{
/* Great ! We have everything .. no need to do proceed further
*/
return do_auth() ;
}
/* We are missing some things ..
* The next strategy would be to see if a client conf file path is supplied ..
* The adaptor has already checked the ini file for information
*/
if( client_conf.empty() ) return error::SAGA_SECSP_E_NO_CONF_FILE ;
Session s ;
s.loadInfo( client_conf ) ;
if( (server_address.empty()) )
{
if( !(s.m_ClientConf.m_strMasterIP.empty() ))
{
server_address = s.m_ClientConf.m_strMasterIP ;
}
else
{
return error::SAGA_SECSP_E_NO_SERVER ;
}
}
if( (server_port < 0 ) )
{
if( !(s.m_ClientConf.m_iMasterPort < 0 ) )
{
server_port = s.m_ClientConf.m_iMasterPort ;
}
else
{
return error::SAGA_SECSP_E_NO_PORT ;
}
}
if( (user_name.empty()) )
{
if (!(s.m_ClientConf.m_strUserName.empty()) )
{
user_name = s.m_ClientConf.m_strUserName ;
}
else
{
return error::SAGA_SECSP_E_NO_USERNAME ;
}
}
if( (password.empty() ))
{
if ( !(s.m_ClientConf.m_strPassword.empty() ))
{
password = s.m_ClientConf.m_strPassword ;
}
else
{
return error::SAGA_SECSP_E_NO_PASSWORD ;
}
}
if( (sec_cert.empty() ))
{
if ( !(s.m_ClientConf.m_strCertificate.empty() ))
{
sec_cert = s.m_ClientConf.m_strCertificate ;
}
else
{
return error::SAGA_SECSP_E_NO_SECURITY_CERT ;
}
}
return ( do_auth()) ;
}
void client_read(client *cl)
{
int status, pn;
status = mr_cont_receive(cl->con, &cl->req);
if (status == -1)
return;
else if (status != MR_SUCCESS)
{
cl->state = CL_CLOSING;
if (status != MR_NOT_CONNECTED)
com_err(whoami, status, "while reading from socket");
return;
}
pn = cl->req.u.mr_procno;
if (pn < 0 || pn > MR_MAX_PROC)
{
com_err(whoami, 0, "procno out of range");
client_reply(cl, MR_UNKNOWN_PROC);
goto out;
}
log_args(procnames[pn], 2, cl->req.mr_argc, cl->req.mr_argv);
if (dormant == ASLEEP && pn != MR_NOOP && pn != MR_MOTD)
{
client_reply(cl, MR_DOWN);
com_err(whoami, MR_DOWN, "(query refused)");
goto out;
}
/* make sure this gets cleared before every operation */
dbms_errno = 0;
switch (pn)
{
case MR_NOOP:
client_reply(cl, MR_SUCCESS);
break;
case MR_AUTH:
do_auth(cl);
break;
case MR_QUERY:
do_retr(cl);
break;
case MR_ACCESS:
do_access(cl);
break;
case MR_SHUTDOWN:
do_shutdown(cl);
break;
case MR_DO_UPDATE:
client_reply(cl, MR_PERM);
break;
case MR_MOTD:
get_motd(cl);
break;
case MR_PROXY:
do_proxy(cl);
break;
case MR_SETVERSION:
do_version(cl);
break;
case MR_KRB5_AUTH:
do_krb5_auth(cl);
break;
}
out:
mr_destroy_reply(cl->req);
memset(&cl->req, 0, sizeof(mr_params));
}
int main(int argc, char **argv){
SSH_OPTIONS *options=ssh_options_new();
SSH_SESSION *session;
SSH_BIND *ssh_bind;
CHANNEL *chan=NULL;
SFTP_SESSION *sftp=NULL;
int ret;
int donotfork=0;
char *config="mercurius.conf";
ssh_options_getopt(options,&argc,argv);
while((ret=getopt(argc, argv, "Df:"))!=-1){
switch(ret){
case 'D':
donotfork=1;
break;
case 'f':
config=strdup(optarg);
break;
case '?':
usage(argv[0]);
exit(1);
}
}
if(optind<argc) {
usage(argv[0]);
exit(1);
}
ret=parse_config(config);
if(ret != 0){
printf("Error parsing configuration file\n");
return 1;
}
if(!rsa && !dsa){
printf("There must be at least one RSA or DSA host key\n");
return 1;
}
if(dsa)
ssh_options_set_dsa_server_key(options,dsa);
if(rsa)
ssh_options_set_rsa_server_key(options,rsa);
//printf("port : %d\n",port);
if(port!=0)
ssh_options_set_port(options,port);
ssh_bind=ssh_bind_new();
ssh_bind_set_options(ssh_bind,options);
if(ssh_bind_listen(ssh_bind)<0){
printf("Error listening to socket: %s\n",ssh_get_error(ssh_bind));
return 1;
}
signal(SIGCHLD,SIG_IGN);
if(!donotfork){
ssh_say(1,"Going into background...\n");
if(fork()){
exit(0);
}
}
while(1){
session=ssh_bind_accept(ssh_bind);
if(!session){
printf("error accepting a connection : %s\n",ssh_get_error(ssh_bind));
return 1;
}
if(fork()==0){
break;
}
ssh_silent_disconnect(session);
}
ssh_bind_free(ssh_bind);
//printf("Socket connected : %d\n",ssh_get_fd(session));
if(ssh_accept(session)){
printf("ssh_accept : %s\n",ssh_get_error(session));
return 1;
}
if(do_auth(session)<0){
printf("error : %s\n",ssh_get_error(session));
return 1;
}
ssh_say(1,"user authenticated\n");
chan=recv_channel(session);
if(!chan){
printf("error : %s\n",ssh_get_error(session));
return 1;
}
sftp=sftp_server_new(session,chan);
if(sftp_server_init(sftp)){
printf("error : %s\n",ssh_get_error(session));
return 1;
}
ssh_say(1,"Sftp session open by client\n");
sftploop(session,sftp);
ssh_say(1,"Client disconnected\n");
ssh_disconnect(session);
return 0;
}
void cvs_conn(void)
{
do_auth();
fill_heap();
}
static inline int digest_authenticate(struct sip_msg *_m, str *_realm,
hdr_types_t _hftype, str *_method)
{
struct hdr_field* h;
auth_cfg_result_t ret = AUTH_ERROR;
auth_result_t rauth;
struct secret *secret_struct;
str username;
LM_DBG("realm: %.*s\n", _realm->len, _realm->s);
LM_DBG("method: %.*s\n", _method->len, _method->s);
rauth = eph_auth_api.pre_auth(_m, _realm, _hftype, &h, NULL);
switch(rauth)
{
case NONCE_REUSED:
LM_DBG("nonce reused\n");
return AUTH_NONCE_REUSED;
case STALE_NONCE:
LM_DBG("stale nonce\n");
return AUTH_STALE_NONCE;
case NO_CREDENTIALS:
LM_DBG("no credentials\n");
return AUTH_NO_CREDENTIALS;
case ERROR:
case BAD_CREDENTIALS:
LM_DBG("error or bad credentials\n");
return AUTH_ERROR;
case CREATE_CHALLENGE:
LM_ERR("CREATE_CHALLENGE is not a valid state\n");
return AUTH_ERROR;
case DO_RESYNCHRONIZATION:
LM_ERR("DO_RESYNCHRONIZATION is not a valid state\n");
return AUTH_ERROR;
case NOT_AUTHENTICATED:
LM_DBG("not authenticated\n");
return AUTH_ERROR;
case DO_AUTHENTICATION:
break;
case AUTHENTICATED:
return AUTH_OK;
}
username = ((auth_body_t *) h->parsed)->digest.username.whole;
LM_DBG("username: %.*s\n", username.len, username.s);
if (autheph_verify_timestamp(&username) < 0)
{
LM_ERR("invalid timestamp in username\n");
return AUTH_ERROR;
}
SECRET_LOCK;
secret_struct = secret_list;
while (secret_struct != NULL)
{
ret = do_auth(_m, h, _realm, _method,
&secret_struct->secret_key);
if (ret == AUTH_OK)
{
break;
}
secret_struct = secret_struct->next;
}
SECRET_UNLOCK;
return ret;
}
int main()
{
sp_context sp_main_ctx;
int ret = 0;
InitBoard();
Beep(3);
// printf("in function main");
#ifdef TEST_BYTE_ORDER
do_test_byte_order();
#endif
//看门狗初始化
#ifdef OPEN_WDT
InitWatchDog();
#endif
//串口设置
sp_init_com();
//测试模式
#ifdef TEST_MODE
test_deselect_card(&sp_main_ctx);
#endif
// 上电后检测POS 机参数
//0、初始化系统存储区
ret = sp_check_context(&sp_main_ctx);
if(ret)
{
SP_WAIT_AND_DISPMSG(SP_KEY_CONFIRM, "检查全局系统参数失败!!按确认键退出程序,ret=%04x", ret);
return 1;
}
//1、初始化全局结构体
ret = sp_init_syspara(&sp_main_ctx);
if(ret)
{
SP_WAIT_AND_DISPMSG(SP_KEY_CONFIRM, "初始化全局系统参数失败!!按确认键退出程序,ret=%04x", ret);
return 1;
}
//1.5、 检查日期是否变化
ret = sp_check_date_change(&sp_main_ctx);
if(ret)
{
SP_WAIT_AND_DISPMSG(SP_KEY_CONFIRM, "检查日期变化失败,ret=%04x", ret);
return 1;
}
//2、初始化流水存储区
ret = sp_init_transdtl(&sp_main_ctx);
if(ret)
{
SP_WAIT_AND_DISPMSG(SP_KEY_CONFIRM, "初始化流水存储区失败,ret=%04x", ret);
return 1;
}
//3、初始化黑名单存储区
ret = sp_init_blacklist(&sp_main_ctx);
if(ret)
{
SP_WAIT_AND_DISPMSG(SP_KEY_CONFIRM, "初始化黑名单存储区失败,ret=%4x", ret);
return 1;
}
//4、初始化psam卡
ret = do_init_sam_card(&sp_main_ctx);
if(ret)
{
SP_WAIT_AND_DISPMSG(SP_KEY_CONFIRM, "初始化psam卡失败!!按确认键退出程序,ret=%04x", ret);
return 1;
}
#ifdef TEST_M1
test_m1_card(&sp_main_ctx);
#endif
#ifdef TEST_TIME
//测试获取时间函数
test_get_time(&sp_main_ctx);
disp_time();
#endif
//5、签到
ret = do_auth(&sp_main_ctx);
if(ret)
{
SP_WAIT_AND_DISPMSG(SP_KEY_CONFIRM, "签到失败!!按确认键退出程序,ret=%04x", ret);
return 1;
}
//消费菜单
sp_menu_consume(&sp_main_ctx);
return 0;
}