Exemple #1
0
/*
 * Callback from the keyring lookup in refresh_credentials.
 */
static void
found_password_cb (GnomeKeyringResult  result,
                   GList              *list,
                   gpointer            user_data)
{
  SwService *service = SW_SERVICE (user_data);
  SwServiceLastfm *lastfm = SW_SERVICE_LASTFM (service);
  SwServiceLastfmPrivate *priv = lastfm->priv;

  g_free (priv->username);
  g_free (priv->password);
  g_free (priv->session_key);
  priv->session_key = NULL;
  priv->username = NULL;
  priv->password = NULL;
  priv->checked_with_server = FALSE;

  if (result == GNOME_KEYRING_RESULT_OK && list != NULL) {
    GnomeKeyringNetworkPasswordData *data = list->data;

    priv->username = g_strdup (data->user);
    priv->password = g_strdup (data->password);

    if (sw_is_online ()) {
      verify_user (service);
    }
  } else {
    if (result != GNOME_KEYRING_RESULT_NO_MATCH) {
      g_warning (G_STRLOC ": Error getting password: %s", gnome_keyring_result_to_message (result));
    }
  }

  sw_service_emit_user_changed (service);
  sw_service_emit_capabilities_changed (service, get_dynamic_caps (service));
}
Exemple #2
0
void hNOTICE(struct entity *from, char *target, char *msg) {
	struct user *u = (struct user *)from;

	if (!verify_user(u))
		return;
	if (u->server == me)
		return;
	if (*target != '#')
		hook_call("onprivnotc", pack_args(arg_user(u), arg_user(get_user_by_numeric(str2unum(target))), arg_str(msg)));
}
Exemple #3
0
/*
 * Returns true if the user successfully authenticates, false if not
 * or -1 on error.
 */
static int
check_user_interactive(int validated, int mode, struct passwd *auth_pw)
{
    int status, rval = true;
    debug_decl(check_user_interactive, SUDOERS_DEBUG_AUTH)

    /* Always need a password when -k was specified with the command. */
    if (ISSET(mode, MODE_IGNORE_TICKET))
	SET(validated, FLAG_CHECK_USER);

    if (build_timestamp(auth_pw) == -1) {
	rval = -1;
	goto done;
    }

    status = timestamp_status(auth_pw);

    if (status != TS_CURRENT || ISSET(validated, FLAG_CHECK_USER)) {
	char *prompt;
	bool lectured;

	/* Bail out if we are non-interactive and a password is required */
	if (ISSET(mode, MODE_NONINTERACTIVE)) {
	    validated |= FLAG_NON_INTERACTIVE;
	    log_auth_failure(validated, 0);
	    rval = -1;
	    goto done;
	}

	/* XXX - should not lecture if askpass helper is being used. */
	lectured = display_lecture(status);

	/* Expand any escapes in the prompt. */
	prompt = expand_prompt(user_prompt ? user_prompt : def_passprompt,
	    auth_pw->pw_name);
	if (prompt == NULL) {
	    rval = -1;
	    goto done;
	}

	rval = verify_user(auth_pw, prompt, validated);
	if (rval == true && lectured)
	    set_lectured();
	sudo_efree(prompt);
    }
    /* Only update timestamp if user was validated. */
    if (rval == true && ISSET(validated, VALIDATE_SUCCESS) &&
	!ISSET(mode, MODE_IGNORE_TICKET) && status != TS_ERROR)
	update_timestamp(auth_pw);
done:
    debug_return_bool(rval);
}
Exemple #4
0
void hPRIVMSG(struct entity *from, char *target, char *msg) {
	struct user *u = (struct user *)from;

	if (!verify_user(u))
		return;
	if (u->server == me)
		return;

	if (*target == '#')
		hook_call("onchanmsg", pack_args(arg_user(u), arg_chan(get_channel_by_name(target)), arg_str(msg)));
	else
		hook_call("onprivmsg", pack_args(arg_user(u), arg_user(get_user_by_numeric(str2unum(target))), arg_str(msg)));
}
Exemple #5
0
int
main(int argc, char *argv[])
{
  char *sql_db = NULL;
  sqlite3* db;
  char *username = NULL;
  struct user user;
  enum manage_action action = MANAGE_ACTION_HELP;
  int opt;
  char privid[OTP_PRIVID_HEX_LEN];
  unsigned char *privid_bin;
  int temp, ret;
  struct otp_data* data;
  char digest_name[DIGEST_NAME_MAX_SIZE];
  char *ctemp;

  while((opt = getopt(argc, argv, "hs:lg:r:a:c")) != -1) {
    switch(opt) {
      case 'h':
        usage(0);
        break;
      case 's':
        sql_db = optarg;
        break;
      case 'l':
        if (action != MANAGE_ACTION_HELP) {
          usage(1);
        }
        action = MANAGE_ACTION_LIST;
        break;
      case 'g':
        if (action != MANAGE_ACTION_HELP) {
          usage(1);
        }
        action = MANAGE_ACTION_GET;
        username = optarg;
        break;
      case 'r':
        if (action != MANAGE_ACTION_HELP) {
          usage(1);
        }
        action = MANAGE_ACTION_DELETE;
        username = optarg;
        break;
      case 'a':
        if (action != MANAGE_ACTION_HELP) {
          usage(1);
        }
        action = MANAGE_ACTION_ADD;
        username = optarg;
        break;
      case 'c':
        if (action != MANAGE_ACTION_HELP) {
          usage(1);
        }
        action = MANAGE_ACTION_CREATE;
        break;
      default:
        usage(0);
     }
  }

  if(argc > optind) {
    usage(1);
  }

  if (action == MANAGE_ACTION_HELP) {
    usage(0);
  }

  if (sql_db == NULL) {
    usage(2);
  }

  if (forget_real_credentials() != 0) {
    printf("Unable to fix uid/gid\n");
    return -EPERM;
  }

  db = init(sql_db);
  if (db == NULL) {
    printf("Unable to open the database\n");
    return 1;
  }
  switch(action) {
    case MANAGE_ACTION_HELP:
       /* Already done */
      break;
    case MANAGE_ACTION_LIST:
      list_users(db);
      sql_close(db);
      return 0;
    case MANAGE_ACTION_CREATE:
      create_database(db);
      return 0;
    case MANAGE_ACTION_GET:
    case MANAGE_ACTION_ADD:
    case MANAGE_ACTION_DELETE:
      /* Later */
      break;
  }
  if (username == NULL) {
    usage(3);
  }
  if (verify_user(username, strlen(username), &user) != 0) {
    printf("Unauthorized char in the username");
    return OTP_ERR;
  }

  switch(action) {
    case MANAGE_ACTION_HELP:
    case MANAGE_ACTION_LIST:
    case MANAGE_ACTION_CREATE:
      /* Already done */
      break;
    case MANAGE_ACTION_GET:
      data = get_otp_data(db, &user);
      if (data == NULL) {
        printf("No such user\n");
        break;
      }
      printf("User '%.*s':\n", (unsigned int) user.len, user.name);
      printf("Public ID  : %.*s\n", (int) OTP_PUB_ID_HEX_LEN, data->pubid);
      printf("Private Key: %.*s\n", (int) OTP_KEY_HEX_LEN, data->key);
      printf("Private ID digest: %s\n", data->digest_name);
      printf("Private ID hash:   %s\n", data->privid_hash);
      free(data);
      break;
    case MANAGE_ACTION_DELETE:
      for (temp = 0; temp < MAX_RETRIES; ++temp) {
        ret = try_start_transaction(db);
        switch (ret) {
          case OTP_SQL_ERR:
            printf("SQL error during the transaction initialisation");
            goto free_db;
          case OTP_SQL_MAY_RETRY:
            break;
          case OTP_SQL_OK:
            ret = try_delete_credentials(db, &user);
            switch (ret) {
              case OTP_SQL_ERR:
                printf("SQL error while trying to remove user");
                goto free_db;
              case OTP_SQL_MAY_RETRY:
                break;
              case OTP_SQL_OK:
                ret = try_end_transaction(db);
                switch (ret) {
                  case OTP_SQL_MAY_RETRY:
                    break;
                  case OTP_SQL_ERR:
                    printf("SQL error when trying to commit the transaction");
                    goto free_db;
                  case OTP_SQL_OK:
                    sql_close(db);
                    return 0;
                }
            }
        }
      }
      printf("Unable to remove user (Database busy)\n");
      break;
    case MANAGE_ACTION_ADD:
      data = calloc(sizeof(struct otp_data), 1ul);
      if (data == NULL) {
        printf("Malloc error\n");
        goto free_db;
      }
      if (read_input_word(data->pubid, OTP_PUB_ID_HEX_LEN, "Public ID")) {
        goto free_data;
      }
      if (check_modhex(data->pubid, OTP_PUB_ID_HEX_LEN) != 0) {
        printf("Non hex character in input, please retry\n");
        goto free_data;
      }

      if (read_input_word(data->key, OTP_KEY_HEX_LEN, "AES key")) {
        goto free_data;
      }
      if (check_hex(data->key, (int) OTP_KEY_HEX_LEN) != 0) {
        printf("Non hex character in input, please retry\n");
        goto free_data;
      }

      if (read_input_word(privid, OTP_PRIVID_HEX_LEN, "Private ID")) {
        goto free_data;
      }
      if (check_hex(privid, (int) OTP_PRIVID_HEX_LEN) != 0) {
        printf("Non hex character in input, please retry\n");
        goto free_data;
      }
      privid_bin = hex2bin(privid, OTP_PRIVID_HEX_LEN);
      if (privid_bin == NULL) {
        printf("Malloc error (bis)\n");
        goto free_data;
      }

      printf("Please Specify a valid digest algorithm [%s]\n", DEFAULT_DIGEST);
      memset(digest_name, 0, (size_t) DIGEST_NAME_MAX_SIZE);
      ctemp = fgets(digest_name, DIGEST_NAME_MAX_SIZE, stdin);
      if (ctemp == NULL) {
        printf("Unable to read input\n");
        goto free_data;
      }
      if (digest_name[DIGEST_NAME_MAX_SIZE - 1] != 0 && digest_name[DIGEST_NAME_MAX_SIZE - 1] != '\n') {
        printf("Digest algorithm name too long, please retry\n");
        goto free_data;
      }
      if (digest_name[0] == '\n') {
        data->digest_name = strdup(DEFAULT_DIGEST);
      } else {
        ctemp = memchr(digest_name, '\n', (size_t) DIGEST_NAME_MAX_SIZE);
        if (ctemp != NULL) {
          *ctemp = '\0';
        }
        data->digest_name = digest_name;
      }
      ctemp = (char*)compute_hash(data->digest_name, (char*)privid_bin, OTP_PRIVID_BIN_LEN);
      if (ctemp == NULL) {
        goto free_data;
      }
      data->privid_hash = bin2hex(ctemp, strlen(ctemp));
      if (data->privid_hash == NULL) {
        goto free_data;
      }
      printf("New user :\n");
      printf("Name: '%.*s':\n", (unsigned int) user.len, user.name);
      printf("Public ID  : %.*s\n", (int) OTP_PUB_ID_HEX_LEN, data->pubid);
      printf("Private Key: %.*s\n", (int) OTP_KEY_HEX_LEN, data->key);
      printf("Private ID:        %.*s\n", (int) OTP_PRIVID_HEX_LEN, privid);
      printf("Private ID digest: %s\n", data->digest_name);
      printf("Private ID hash:   %s\n", data->privid_hash);
      printf("Press enter to create this new user\n");
      if (getc(stdin) != '\n') {
        goto free_data;
      }
      for (temp = 0; temp < MAX_RETRIES; ++temp) {
        ret = try_start_transaction(db);
        switch (ret) {
          case OTP_SQL_ERR:
            printf("SQL error during the transaction initialisation");
            goto free_data;
          case OTP_SQL_MAY_RETRY:
            break;
          case OTP_SQL_OK:
            ret = try_create_credentials(db, data, &user);
            switch (ret) {
              case OTP_SQL_ERR:
                printf("SQL error while trying to add the user");
                goto free_data;
              case OTP_SQL_MAY_RETRY:
                break;
              case OTP_SQL_OK:
                ret = try_end_transaction(db);
                switch (ret) {
                  case OTP_SQL_MAY_RETRY:
                    break;
                  case OTP_SQL_ERR:
                    printf("SQL error when trying to commit the transaction");
                    goto free_data;
                  case OTP_SQL_OK:
                    goto free_data;
                }
            }
        }
      }
      printf("Unable to create user (Database busy)\n");
      break;
  }
  goto free_db;

free_data:
  free_otp_data(data);
free_db:
  sql_close(db);
  return 0;
}
Exemple #6
0
/*
 * Returns true if the user successfully authenticates, false if not
 * or -1 on error.
 */
int
check_user(int validated, int mode)
{
    struct passwd *auth_pw;
    char *timestampdir = NULL;
    char *timestampfile = NULL;
    char *prompt;
    struct stat sb;
    int status, rval = true;
    debug_decl(check_user, SUDO_DEBUG_AUTH)

    /*
     * Init authentication system regardless of whether we need a password.
     * Required for proper PAM session support.
     */
    auth_pw = get_authpw();
    if (sudo_auth_init(auth_pw) == -1) {
	rval = -1;
	goto done;
    }

    /*
     * Don't prompt for the root passwd or if the user is exempt.
     * If the user is not changing uid/gid, no need for a password.
     */
    if (!def_authenticate || user_uid == 0 || user_is_exempt())
	goto done;
    if (user_uid == runas_pw->pw_uid &&
	(!runas_gr || user_in_group(sudo_user.pw, runas_gr->gr_name))) {
#ifdef HAVE_SELINUX
	if (user_role == NULL && user_type == NULL)
#endif
#ifdef HAVE_PRIV_SET
	if (runas_privs == NULL && runas_limitprivs == NULL)
#endif
	    goto done;
    }

    /* Always need a password when -k was specified with the command. */
    if (ISSET(mode, MODE_IGNORE_TICKET))
	SET(validated, FLAG_CHECK_USER);

    /* Stash the tty's ctime for tty ticket comparison. */
    if (def_tty_tickets && user_ttypath && stat(user_ttypath, &sb) == 0) {
	tty_info.dev = sb.st_dev;
	tty_info.ino = sb.st_ino;
	tty_info.rdev = sb.st_rdev;
	if (tty_is_devpts(user_ttypath))
	    ctim_get(&sb, &tty_info.ctime);
    }

    if (build_timestamp(&timestampdir, &timestampfile) == -1) {
	rval = -1;
	goto done;
    }

    status = timestamp_status(timestampdir, timestampfile, user_name,
	TS_MAKE_DIRS);

    if (status != TS_CURRENT || ISSET(validated, FLAG_CHECK_USER)) {
	/* Bail out if we are non-interactive and a password is required */
	if (ISSET(mode, MODE_NONINTERACTIVE)) {
	    validated |= FLAG_NON_INTERACTIVE;
	    log_auth_failure(validated, 0);
	    rval = -1;
	    goto done;
	}

	/* XXX - should not lecture if askpass helper is being used. */
	lecture(status);

	/* Expand any escapes in the prompt. */
	prompt = expand_prompt(user_prompt ? user_prompt : def_passprompt,
	    user_name, user_shost);

	rval = verify_user(auth_pw, prompt, validated);
    }
    /* Only update timestamp if user was validated. */
    if (rval == true && ISSET(validated, VALIDATE_OK) &&
	!ISSET(mode, MODE_IGNORE_TICKET) && status != TS_ERROR)
	update_timestamp(timestampdir, timestampfile);
    efree(timestampdir);
    efree(timestampfile);

done:
    sudo_auth_cleanup(auth_pw);
    sudo_pw_delref(auth_pw);

    debug_return_bool(rval);
}
Exemple #7
0
// TODO: Should change this logic to re-use sessions.
session_t * session_new(maindata_t *maindata, RISPSESSION streamsession)
{
	assert(maindata);
	assert(streamsession);
	assert(maindata->verify == 0xc001b33f);
	
	// to indicate when this function is called.
	fprintf(stderr, "---> session_new();\n");
	
	
	// allocate space for the object, and clear it too.
	session_t *session = calloc(1, sizeof(session_t));
	assert(session);
	
	int index;
	int found = -1;
	for (index=0; found < 0 && index < maindata->sessions.max; index++) {
		if(maindata->sessions.list[index] == NULL) {
			found = index;
		}
	}

	if (found < 0) {
		maindata->sessions.list = realloc(maindata->sessions.list, sizeof(session_t *) * (maindata->sessions.max + 1));
		found = maindata->sessions.max;
		maindata->sessions.max ++;
	}
	assert(found >= 0);
	
	maindata->sessions.list[found] = session;

	session->id = found;
	session->verify = 123456789;
	session->maindata = maindata;
	session->session_ptr = streamsession;
	
	// this will ask the RISP session if there was any authorisation information (certificates)
	assert(streamsession);
	char *certname = rispsession_get_session_auth_certname(streamsession);
	if (certname) {
		// we need to check if the cert is in the users list.
		fprintf(stderr, "##### Client cert name: %s\n", certname);
		if (verify_user(maindata, certname) == 1) {
			fprintf(stderr, "User Validated[%d]\n", session->id);
			session->data.authenticated = true;
		}
		else {
			assert(session->data.authenticated == false);
		}
		free(certname);
		certname = NULL;
	}
	else {
		fprintf(stderr, "##$### Client Cert Not Received.\n");
	}
	
	// Set the defaults
	session->data.name[0] = 0;
	session->data.established = false;
	session->data.echo = false;
	session->data.follow = true;
	session->data.update = true;
	
	return(session);
}
Exemple #8
0
/**
Benutzer anmelden (Passwort Überprüfen)

*/
int main(int argc, char ** argv)
{

    cgi datCGI;
    init_CGI(&datCGI);
    person login_person;
    init_person(&login_person);

    //fprintf(stderr, "Hallo vor Post\n");
    get_CGI_data(&datCGI);

    if(datCGI.request_method != POST) {
        print_exit_failure("Use POST!");
    }

    //fprintf(stderr, "POST_DATA: %s", datCGI.POST_data);

    //Aus POST_data den String zwischen <AttributName>= und '&' ausschneiden
    extract_POST_data(&datCGI, "email", &login_person.email);

    remove_newline(login_person.email);
    extract_POST_data(&datCGI, "pass", &login_person.password);
    remove_newline(login_person.password);


    if(login_person.email == NULL) {
        httpSetCookie("EMAIL", "NULL");
        httpSetCookie("SID", "0");
        httpCacheControl("no-cache");
        char * redirectString=NULL;
        asprintf(&redirectString, "https://%s/incorrect_password.html", datCGI.http_host);
        httpRedirect(redirectString);
    }

    //fprintf(stderr, "POST_DATA: %s", datCGI.POST_data);
    //TODO: Verhindern, dass sich ein anderer Nutzer vom selben Rechner aus einloggt wenn der erste noch nicht abgemeldet ist
    //(zweimaliges Anmelden verhindern)

    //Das ist sehr unwahrscheinlich
    /*
    if(datCGI.http_cookies != NULL){
    	person already_logged_in_person;
    	init_person(&already_logged_in_person);

    	char * cook_sid=NULL;
    	if(extract_COOKIE_data(&datCGI, "EMAIL", &already_logged_in_person.email) == 0 && extract_COOKIE_data(&datCGI, "SID", &cook_sid) == 0){
    		//print_exit_failure("Hier ist schon jemand eingeloggt");
    		already_logged_in_person.sid=atoi(cook_sid);

    		if(get_person_by_sid(&already_logged_in_person)){
    			print_exit_failure("Hier ist schon jemand eingeloggt");
    		}
    	}
    }*/
    UserState user_state=verify_user(&login_person);

    //Zwei cookies setzen
    if(user_state == PW_CORRECT || user_state == PW_CORRECT_ALREADY_LOGGED_IN) {
        httpSetCookie("EMAIL", login_person.email);
        char * sid_string;
        asprintf(&sid_string, "%d", login_person.sid);
        httpSetCookie("SID", sid_string);

        httpCacheControl("no-store, no-cache, must-revalidate, max-age=0");

        char * redirectString=NULL;
        asprintf(&redirectString, "https://%s/cgi-bin/all_messages.cgi", datCGI.http_host);
        httpRedirect(redirectString);
    }
    if(user_state == PW_INCORRECT) {
        httpSetCookie("EMAIL", "NULL");
        httpSetCookie("SID", "0");
        httpCacheControl("no-store, no-cache, must-revalidate, max-age=0");
        char * redirectString=NULL;
        asprintf(&redirectString, "https://%s/incorrect_password.html", datCGI.http_host);
        httpRedirect(redirectString);

    }
    /*
    	httpHeader(HTML);
    	printf("<!DOCTYPE html><head>\
    		<title>InfoWall -- Anmeldung</title>\
    		<meta http-equiv=\"content-type\" content=\"text/html;charset=utf-8\" />\
    		<meta name=\"viewport\" content=\"width=device-width\">\
    	</head>\
    	<body>");

    	printf("%s\n", datCGI.POST_data);


    	puts("<h1>Erhaltene Daten:</h1>\n");
    	printf("<br>CONTENT_LENGTH: %d -- REQUEST_METHOD: %s\n", datCGI.content_length, datCGI.request_method);
    	printf("<br>Name:           %s\nPassword:       %s\n", login_person.email, login_person.password);

    	printf("<br>Post Data:           %s\n", datCGI.POST_data);

    	puts("<br>\n\n\n\n");

    	if(login_person.auth && user_state==0){
    		puts("<h2>Personendaten:</h2>\n");
    		printf("<br>User ID:   %d\n", login_person.id);
    		printf("<br>Vorname:   %s\n", login_person.first_name);
    		printf("<br>Nachname:  %s\n", login_person.name);
    		printf("<br>Email:     %s\n", login_person.email);
    		printf("<br>Passwort:  %s (richtig)\n", login_person.password);
    		printf("<br>Faecher:   %s\n", login_person.courses);
    		if(login_person.isTeacher)printf("<br>Kuerzel:   %s\n", login_person.acronym);
    		printf("<br>SID:       %d\n", login_person.sid);

    		puts("<a href=\"/cgi-bin/logout.cgi\" style=\"color: green;\">LOGOUT</a>\
             <br><a href=\"/cgi-bin/all_messages.cgi\">Alle Nachrichten</a>");
             puts("<iframe src=\"/cgi-bin/all_messages.cgi\" style=\"width: 100%; height: 500px;\"");
    	}else{
    		puts("<br>YOU FAIL!!\n");
    		if(user_state == 1){
                puts("Bereits angemeldet!");
                printf("<a href=\"/cgi-bin/logout.cgi\">LOGOUT</a>\
             <br><a href=\"/cgi-bin/all_messages.cgi\">Alle Nachrichten</a>");
    		}
    	}

    	printf("</body>\
    	</html>");*/

    exit(0);
}