Exemple #1
0
// Check the user's password, return 1 if OK
static int check_password(const char *method, const char *ha1, const char *uri,
                          const char *nonce, const char *nc, const char *cnonce,
                          const char *qop, const char *response) {
  char ha2[32 + 1], expected_response[32 + 1];

  // Some of the parameters may be NULL
  if (method == NULL || nonce == NULL || nc == NULL || cnonce == NULL ||
      qop == NULL || response == NULL) {
    return 0;
  }

  // NOTE(lsm): due to a bug in MSIE, we do not compare the URI
  // TODO(lsm): check for authentication timeout
  if (// strcmp(dig->uri, c->ouri) != 0 ||
      strlen(response) != 32
      // || now - strtoul(dig->nonce, NULL, 10) > 3600
      ) {
    return 0;
  }

  mg_md5(ha2, method, ":", uri, NULL);
  mg_md5(expected_response, ha1, ":", nonce, ":", nc,
      ":", cnonce, ":", qop, ":", ha2, NULL);

  return mg_strcasecmp(response, expected_response) == 0;
}
Exemple #2
0
END_TEST


START_TEST(test_mg_md5)
{
	char buf[33];
	char *ret;
	const char *long_str =
	    "_123456789A123456789B123456789C123456789D123456789E123456789F123456789"
	    "G123456789H123456789I123456789J123456789K123456789L123456789M123456789"
	    "N123456789O123456789P123456789Q123456789R123456789S123456789T123456789"
	    "U123456789V123456789W123456789X123456789Y123456789Z";

	memset(buf, 77, sizeof(buf));
	ret = mg_md5(buf, NULL);
	ck_assert_str_eq(buf, "d41d8cd98f00b204e9800998ecf8427e");
	ck_assert_str_eq(ret, "d41d8cd98f00b204e9800998ecf8427e");
	ck_assert_ptr_eq(ret, buf);

	memset(buf, 77, sizeof(buf));
	ret = mg_md5(buf, "The quick brown fox jumps over the lazy dog.", NULL);
	ck_assert_str_eq(buf, "e4d909c290d0fb1ca068ffaddf22cbd0");
	ck_assert_str_eq(ret, "e4d909c290d0fb1ca068ffaddf22cbd0");
	ck_assert_ptr_eq(ret, buf);

	memset(buf, 77, sizeof(buf));
	ret = mg_md5(buf,
	             "",
	             "The qu",
	             "ick bro",
	             "",
	             "wn fox ju",
	             "m",
	             "ps over the la",
	             "",
	             "",
	             "zy dog.",
	             "",
	             NULL);
	ck_assert_str_eq(buf, "e4d909c290d0fb1ca068ffaddf22cbd0");
	ck_assert_str_eq(ret, "e4d909c290d0fb1ca068ffaddf22cbd0");
	ck_assert_ptr_eq(ret, buf);

	memset(buf, 77, sizeof(buf));
	ret = mg_md5(buf, long_str, NULL);
	ck_assert_str_eq(buf, "1cb13cf9f16427807f081b2138241f08");
	ck_assert_str_eq(ret, "1cb13cf9f16427807f081b2138241f08");
	ck_assert_ptr_eq(ret, buf);

	memset(buf, 77, sizeof(buf));
	ret = mg_md5(buf, long_str + 1, NULL);
	ck_assert_str_eq(buf, "cf62d3264334154f5779d3694cc5093f");
	ck_assert_str_eq(ret, "cf62d3264334154f5779d3694cc5093f");
	ck_assert_ptr_eq(ret, buf);
}
/*
 * Edit the passwords file.
 */
static int
mg_edit_passwords(const char *fname, const char *domain,
                  const char *user, const char *pass)
{
   int ret = EXIT_SUCCESS, found = 0;
   char line[512], u[512], d[512], ha1[33], tmp[FILENAME_MAX];
   FILE    *fp = NULL, *fp2 = NULL;

   (void) snprintf(tmp, sizeof(tmp), "%s.tmp", fname);

   /* Create the file if does not exist */
   if ((fp = fopen(fname, "a+")) != NULL)
      (void) fclose(fp);

   /* Open the given file and temporary file */
   if ((fp = fopen(fname, "r")) == NULL) {
      fprintf(stderr, "Cannot open %s: %s", fname, strerror(errno));
      exit(EXIT_FAILURE);
   } else if ((fp2 = fopen(tmp, "w+")) == NULL) {
      fprintf(stderr, "Cannot open %s: %s", tmp, strerror(errno));
      exit(EXIT_FAILURE);
   }

   /* Copy the stuff to temporary file */
   while (fgets(line, sizeof(line), fp) != NULL) {

      if (sscanf(line, "%[^:]:%[^:]:%*s", u, d) != 2)
         continue;

      if (!strcmp(u, user) && !strcmp(d, domain)) {
         found++;
         mg_md5(ha1, user, ":", domain, ":", pass, NULL);
         (void) fprintf(fp2, "%s:%s:%s\n", user, domain, ha1);
      } else {
         (void) fprintf(fp2, "%s", line);
      }
   }

   /* If new user, just add it */
   if (!found) {
      mg_md5(ha1, user, ":", domain, ":", pass, NULL);
      (void) fprintf(fp2, "%s:%s:%s\n", user, domain, ha1);
   }

   /* Close files */
   (void) fclose(fp);
   (void) fclose(fp2);

   /* Put the temp file in place of real file */
   (void) remove(fname);
   (void) rename(tmp, fname);

   return (ret);
}
Exemple #4
0
// Return 1 if username/password is allowed, 0 otherwise.
int Ntop::checkUserPassword(const char *user, const char *password) {
  char key[64], val[64];
  char password_hash[33];

  if(user == NULL) return(false);

  snprintf(key, sizeof(key), "user.%s.password", user);

  if(ntop->getRedis()->get(key, val, sizeof(val)) < 0) {
    return(false);
  } else {
    mg_md5(password_hash, password, NULL);
    return(strcmp(password_hash, val) == 0);
  }
}
Exemple #5
0
int Ntop::addUser(char *username, char *full_name, char *password) {
  char key[64];
  char password_hash[33];

  // FIX add a seed
  mg_md5(password_hash, password, NULL);

  snprintf(key, sizeof(key), "user.%s.full_name", username);
  ntop->getRedis()->set(key, full_name, 0);

  snprintf(key, sizeof(key), "user.%s.group", username);
  ntop->getRedis()->set(key, (char*) "administrator" /* TODO */, 0);

  snprintf(key, sizeof(key), "user.%s.password", username);
  return(ntop->getRedis()->set(key, password_hash, 0) >= 0);
}
Exemple #6
0
int Ntop::resetUserPassword(char *username, char *old_password, char *new_password) {
  char key[64];
  char password_hash[33];

  if (!checkUserPassword(username, old_password))
    return(false);

  snprintf(key, sizeof(key), "user.%s.password", username);

  mg_md5(password_hash, new_password, NULL);

  if(ntop->getRedis()->set(key, password_hash, 0) < 0)
    return(false);

  return(true);
}
Exemple #7
0
void generate_htpasswd(char* password) {
	char *strBuff;
	char digest[33];
	int len;
	FILE *pFile;

	if(strlen(password) == 0) { printf("\n"); return; }

	// Generate the digest to hash
	len = strlen(username) + strlen(realm) + strlen(password) + 2 + 1; // we need 2 : characters, plus null
	strBuff = (char*)malloc(len * sizeof(char));
	strcpy(strBuff, username);
	strcat(strBuff, ":");
	strcat(strBuff, realm);
	strcat(strBuff, ":");
	strcat(strBuff, password);

	// Calculate the digest
	mg_md5(digest, strBuff, NULL);

	// Clear the undigested string from memory
	free(strBuff);

	// Write the digest file
	pFile = fopen("resources/.htpasswd", "w");
	if(pFile != NULL) {
		len = strlen(username) + strlen(realm) + 2 + 32 + 1; // 2 for the :, 32 for the md5 hash, 1 for null
		strBuff = (char*)malloc(len * sizeof(char));
		strcpy(strBuff, username);
		strcat(strBuff, ":");
		strcat(strBuff, realm);
		strcat(strBuff, ":");
		strcat(strBuff, digest);

		fwrite(strBuff, sizeof(char), len-1, pFile);
		fwrite("\r\n", sizeof(char), 2, pFile);
		fclose(pFile);

		// Clear the digested string from memory
        free(strBuff);

		printf(".htpasswd generated successfully!\n\nUsername: \t\t%s\nPassword: \t\t%s\n", username, password);
	} else {
		printf("Failed to generate .htpasswd!\n");
		return;
	}
}
Exemple #8
0
bool Ntop::resetUserPassword(char *username, char *old_password, char *new_password) {
  char key[64];
  char password_hash[33];

  if((old_password != NULL) && (old_password[0] != '\0')) {
    if(!checkUserPassword(username, old_password))
      return(false);
  }

  snprintf(key, sizeof(key), CONST_STR_USER_PASSWORD, username);
  mg_md5(password_hash, new_password, NULL);

  if(ntop->getRedis()->set(key, password_hash, 0) < 0)
    return(false);

  return(true);
}
Exemple #9
0
// Return 1 if username/password is allowed, 0 otherwise.
bool Ntop::checkUserPassword(const char *user, const char *password) {
  char key[64], val[64];

  if((user == NULL) || (user[0] == '\0'))
    return(false);

  snprintf(key, sizeof(key), CONST_STR_USER_PASSWORD, user);

  if(ntop->getRedis()->get(key, val, sizeof(val)) < 0) {
    return(false);
  } else {
    char password_hash[33];

    mg_md5(password_hash, password, NULL);
    return((strcmp(password_hash, val) == 0) ? true : false);
  }
}
Exemple #10
0
bool Ntop::addUser(char *username, char *full_name, char *password, char *host_role, char *allowed_networks) {
  char key[64];
  char password_hash[33];

  // FIX add a seed
  mg_md5(password_hash, password, NULL);

  snprintf(key, sizeof(key), CONST_STR_USER_FULL_NAME, username);
  ntop->getRedis()->set(key, full_name, 0);

  snprintf(key, sizeof(key), CONST_STR_USER_GROUP, username);
  ntop->getRedis()->set(key, (char*) host_role /* TODO: done Paola */, 0);

  snprintf(key, sizeof(key), CONST_STR_USER_PASSWORD, username);
  ntop->getRedis()->set(key, password_hash, 0);

  snprintf(key, sizeof(key), CONST_STR_USER_NETS, username);
  ntop->getRedis()->set(key, allowed_networks, 0);

  return(true);
// TODO add check return return(ntop->getRedis()->set(key, password_hash, 0) >= 0);
}
Exemple #11
0
int modify_passwords_file(const char *fname, const char *domain,
                          const char *user, const char *pass) {
  int found;
  char line[512], u[512], d[512], ha1[33], tmp[PATH_MAX];
  FILE *fp, *fp2;

  found = 0;
  fp = fp2 = NULL;

  // Regard empty password as no password - remove user record.
  if (pass != NULL && pass[0] == '\0') {
    pass = NULL;
  }

  (void) snprintf(tmp, sizeof(tmp), "%s.tmp", fname);

  // Create the file if does not exist
  if ((fp = fopen(fname, "a+")) != NULL) {
    fclose(fp);
  }

  // Open the given file and temporary file
  if ((fp = fopen(fname, "r")) == NULL) {
    return 0;
  } else if ((fp2 = fopen(tmp, "w+")) == NULL) {
    fclose(fp);
    return 0;
  }

  // Copy the stuff to temporary file
  while (fgets(line, sizeof(line), fp) != NULL) {
    if (sscanf(line, "%[^:]:%[^:]:%*s", u, d) != 2) {
      continue;
    }

    if (!strcmp(u, user) && !strcmp(d, domain)) {
      found++;
      if (pass != NULL) {
        mg_md5(ha1, user, ":", domain, ":", pass, NULL);
        fprintf(fp2, "%s:%s:%s\n", user, domain, ha1);
      }
    } else {
      fprintf(fp2, "%s", line);
    }
  }

  // If new user, just add it
  if (!found && pass != NULL) {
    mg_md5(ha1, user, ":", domain, ":", pass, NULL);
    fprintf(fp2, "%s:%s:%s\n", user, domain, ha1);
  }

  // Close files
  fclose(fp);
  fclose(fp2);

  // Put the temp file in place of real file
  remove(fname);
  rename(tmp, fname);

  return 1;
}
Exemple #12
0
// Generate session ID. buf must be 33 bytes in size.
// Note that it is easy to steal session cookies by sniffing traffic.
// This is why all communication must be SSL-ed.
static void generate_session_id(char *buf, const char *random, const char *user) {
	mg_md5(buf, random, user, NULL);
}
 static void generate_ssid(const char *user_name, const char *expiration_date,
                          char *ssid, size_t ssid_size) {
  char hash[33];
  mg_md5(hash, user_name, ":", expiration_date, ":", s_secret, NULL);
  snprintf(ssid, ssid_size, "%s|%s|%s", user_name, expiration_date, hash);
}