void AdminConnection::processLogin(){
InputFrame::Ptr recvframe( new InputFrame(version, paddingfilter) );
if (readFrame(recvframe)) {
try {
if(recvframe->getType() == ft02_Login){
std::string username, password;
if ( getAuth( recvframe, username, password ) ) {
bool authenticated = false;
try{
if(username == Settings::getSettings()->get("admin_user") && password == Settings::getSettings()->get("admin_pass"))
authenticated = true;
}catch(std::exception e){
}
if(authenticated){
sendOK( recvframe, "Welcome" );
INFO("Admin login ok by %s", username.c_str());
logextid = Logger::getLogger()->addLog( LogSink::Ptr( new AdminLogger( boost::dynamic_pointer_cast<AdminConnection>(shared_from_this()) ) ) );
status = READY;
} else {
throw FrameException( fec_FrameError, "Admin Login Error - bad username or password"); // TODO - should be a const or enum, Login error
}
}
}else{
throw FrameException( fec_FrameError, "Wrong type of frame in this state, wanted login");
}
} catch ( FrameException& exception ) {
// This might be overkill later, but now let's log it
DEBUG( "AdminConnection caught FrameException : %s", exception.what() );
sendFail( recvframe, exception.getErrorCode(), exception.getErrorMessage() );
}
}
}
void HTTPS_Proxy::send_auth()
{
if (getAuth()){
string s = basic_auth(getUser(), getPassword());
bOut << "Proxy-Authorization: Basic ";
bOut << s.c_str();
bOut << "\r\n";
}
}
static inline uint8_t* tryAuth(union Headers_CryptoAuth* cauth,
uint8_t hashOutput[32],
struct CryptoAuth_Wrapper* wrapper,
String** userPtr)
{
struct CryptoAuth_Auth* auth = getAuth(cauth->handshake.auth, wrapper->context);
if (auth != NULL) {
uint16_t deriv = Headers_getAuthChallengeDerivations(&cauth->handshake.auth);
getPasswordHash_typeOne(hashOutput, deriv, auth);
if (deriv == 0) {
*userPtr = auth->user;
}
return hashOutput;
}
return NULL;
}
static inline uint8_t* tryAuth(union Headers_CryptoAuth* cauth,
uint8_t hashOutput[32],
struct Wrapper* wrapper,
void** userPtr)
{
struct Auth* auth = getAuth(cauth->handshake.auth, wrapper->context);
if (auth != NULL) {
uint16_t deriv = Headers_getAuthChallengeDerivations(&cauth->handshake.auth);
getPasswordHash(hashOutput, deriv, auth);
if (deriv == 0) {
*userPtr = auth->user;
}
return hashOutput;
}
wrapper->authenticatePackets |= Headers_isPacketAuthRequired(&cauth->handshake.auth);
return NULL;
}
void SOCKS5_Proxy::connect_ready()
{
if (m_state != Connect){
error_state(STATE_ERROR, 0);
return;
}
bOut << (char)0x05;
if (getAuth()) {
bOut << (char)0x02
<< (char)0x00
<< (char)0x02;
} else {
bOut << (char) 0x01
<< (char)0x00;
}
m_state = WaitAnswer;
write();
}
void StateMachineMgr::buildExitWindows(QLayout* layout)
{
m_pFormMsg = getMsgWidget(NULL, layout);
getAuth(NULL, layout);
//m_pFormLoadParam = new FormLoadParam(NULL, layout);
m_pFormLoadParam = getLoadParam(NULL, layout);
getPasswordVerify(NULL, layout);
//m_pTableWidget = new FormTableWidget(NULL, layout);
m_pTableWidget = getTableWidget(NULL, layout);
//m_informTK = new ForminformId(NULL,layout);
m_pOrdWidget = new FormExit(NULL, layout);
getFuncForm(NULL, layout);
getCardBox(NULL, layout);
getInformWidget(NULL, layout);
m_devTable = new FormDeviceTable(NULL, layout);
//增加校时功能界面
getRegulateTimeForm(NULL, layout);
}
int DialogNew::qt_metacall(QMetaObject::Call _c, int _id, void **_a)
{
_id = QDialog::qt_metacall(_c, _id, _a);
if (_id < 0)
return _id;
if (_c == QMetaObject::InvokeMetaMethod) {
switch (_id) {
case 0: diterima((*reinterpret_cast< QString(*)>(_a[1])),(*reinterpret_cast< QString(*)>(_a[2])),(*reinterpret_cast< QString(*)>(_a[3]))); break;
case 1: diterima((*reinterpret_cast< QString(*)>(_a[1]))); break;
case 2: getFromClipboard(); break;
case 3: pbOk(); break;
case 4: pbCancel(); break;
case 5: getAuth(); break;
default: ;
}
_id -= 6;
}
return _id;
}
void StateMachineMgr::buildEntryWindows(QLayout* layout)
{
m_pFormMsg = getMsgWidget(NULL, layout);
getAuth(NULL, layout);
m_pFormLoadParam = getLoadParam(NULL, layout);
getPasswordVerify(NULL, layout);
//m_pTableWidget = new FormTableWidget(NULL, layout);
m_pTableWidget = getTableWidget(NULL, layout);
//m_informTK = new ForminformId(NULL,layout);
if(getLaneInfo()->isAutoLane())
{
m_pOrdWidget = new FormAutoCard(NULL, layout);
}
else
{
m_pOrdWidget = new FormEntry(NULL, layout);
}
getFuncForm(NULL, layout);
getCardBox(NULL, layout);
m_devTable = new FormDeviceTable(NULL, layout);
//增加校时功能界面
getRegulateTimeForm(NULL, layout);
}
int TembooSession::executeChoreo(
const char* accountName,
const char* appKeyName,
const char* appKeyValue,
const char* path,
const ChoreoInputSet& inputSet,
const ChoreoOutputSet& outputSet,
const ChoreoPreset& preset) {
DataFormatter fmt(&inputSet, &outputSet, &preset);
char auth[HMAC_HEX_SIZE_BYTES + 1];
char buffer[11];
// We use the current time-of-day as salt on the app key.
// We keep track of time-of-day by getting the current time
// from the server and applying an offset (the length of time
// we've been running.)
uint32toa((uint32_t)TembooSession::getTime(), buffer);
uint16_t contentLength = getAuth(fmt, appKeyValue, buffer, auth);
m_client.stop();
m_client.flush();
int connected = 0;
TEMBOO_TRACE("Connecting: ");
// reserve space for the "host" string sufficient to hold either the
// (dotted-quad) IP address + port, or the default <account>.temboolive.com
// host string.
int hostLen = (m_addr == INADDR_NONE ? (strlen_P(TEMBOO_DOMAIN) + strlen(accountName) + 1):21);
char host[hostLen];
// If no explicit IP address was specified (the normal case), construct
// the "host" string from the account name and the temboo domain name.
if (m_addr == INADDR_NONE) {
strcpy(host, accountName);
strcat_P(host, TEMBOO_DOMAIN);
TEMBOO_TRACELN(host);
connected = m_client.connect(host, m_port);
} else {
// If an IP address was explicitly specified (presumably for testing purposes),
// convert it to a dotted-quad text string.
host[0] = '\0';
for(int i = 0; i < 4; i++) {
uint16toa(m_addr[i], &host[strlen(host)]);
strcat(host, ".");
}
// replace the last '.' with ':'
host[strlen(host)-1] = ':';
// append the port number
uint16toa(m_port, &host[strlen(host)]);
TEMBOO_TRACELN(host);
connected = m_client.connect(m_addr, m_port);
}
if (connected) {
TEMBOO_TRACELN("OK. req:");
qsendProgmem(POST);
qsendProgmem(BASE_CHOREO_URI);
qsend(path);
qsendProgmem(SDK_ID);
qsendlnProgmem(POSTAMBLE);
// Send our custom authentication header
// (app-key-name:hmac)
qsendProgmem(HEADER_AUTH);
qsend(appKeyName);
qsend(":");
qsendln(auth);
// send the standard host header
qsendProgmem(HEADER_HOST);
qsendln(host);
// send the standard accept header
qsendlnProgmem(HEADER_ACCEPT);
// send our custom account name neader
qsendProgmem(HEADER_ORG);
qsend(accountName);
qsendlnProgmem(HEADER_DOM);
// send the standard content type header
qsendlnProgmem(HEADER_CONTENT_TYPE);
// send our custom client time header
qsendProgmem(HEADER_TIME);
qsendln(buffer);
// send the standard content length header
qsendProgmem(HEADER_CONTENT_LENGTH);
qsendln(uint16toa(contentLength, buffer));
qsendProgmem(EOL);
// Format and send the body of the request
fmt.reset();
while(fmt.hasNext()) {
qsend(fmt.next());
}
qsendProgmem(EOL);
qflush();
return 0;
} else {
TEMBOO_TRACELN("FAIL");
return 1;
}
}
static Gcc_USE_RET int decryptHandshake(struct CryptoAuth_Session_pvt* session,
const uint32_t nonce,
struct Message* message,
union CryptoHeader* header)
{
if (message->length < CryptoHeader_SIZE) {
cryptoAuthDebug0(session, "DROP runt");
return -1;
}
// handshake
// nextNonce 0: recieving hello.
// nextNonce 1: recieving key, we sent hello.
// nextNonce 2: recieving first data packet or duplicate hello.
// nextNonce 3: recieving first data packet.
// nextNonce >3: handshake complete
if (knowHerKey(session)) {
if (Bits_memcmp(session->pub.herPublicKey, header->handshake.publicKey, 32)) {
cryptoAuthDebug0(session, "DROP a packet with different public key than this session");
return -1;
}
} else if (Bits_isZero(session->pub.herIp6, 16)) {
// ok fallthrough
} else if (!ip6MatchesKey(session->pub.herIp6, header->handshake.publicKey)) {
cryptoAuthDebug0(session, "DROP packet with public key not matching ip6 for session");
return -1;
}
struct CryptoAuth_User* userObj = getAuth(&header->handshake.auth, session->context);
uint8_t* restrictedToip6 = NULL;
uint8_t* passwordHash = NULL;
if (userObj) {
passwordHash = userObj->secret;
if (userObj->restrictedToip6[0]) {
restrictedToip6 = userObj->restrictedToip6;
if (!ip6MatchesKey(restrictedToip6, header->handshake.publicKey)) {
cryptoAuthDebug0(session, "DROP packet with key not matching restrictedToip6");
return -1;
}
}
}
if (session->requireAuth && !userObj) {
cryptoAuthDebug0(session, "DROP message because auth was not given");
return -1;
}
if (!userObj && header->handshake.auth.challenge.type != 0) {
cryptoAuthDebug0(session, "DROP message with unrecognized authenticator");
return -1;
}
// What the nextNonce will become if this packet is valid.
uint32_t nextNonce;
// The secret for decrypting this message.
uint8_t sharedSecret[32];
uint8_t* herPermKey = session->pub.herPublicKey;
if (nonce < 2) {
if (nonce == 0) {
cryptoAuthDebug(session, "Received a hello packet, using auth: %d",
(userObj != NULL));
} else {
cryptoAuthDebug0(session, "Received a repeat hello packet");
}
// Decrypt message with perminent keys.
if (!knowHerKey(session) || session->nextNonce == 0) {
herPermKey = header->handshake.publicKey;
if (Defined(Log_DEBUG) && Bits_isZero(header->handshake.publicKey, 32)) {
cryptoAuthDebug0(session, "DROP Node sent public key of ZERO!");
// This is strictly informational, we will not alter the execution path for it.
}
}
getSharedSecret(sharedSecret,
session->context->privateKey,
herPermKey,
passwordHash,
session->context->logger);
nextNonce = 2;
} else {
if (nonce == 2) {
cryptoAuthDebug0(session, "Received a key packet");
} else {
Assert_true(nonce == 3);
cryptoAuthDebug0(session, "Received a repeat key packet");
}
if (Bits_memcmp(header->handshake.publicKey, session->pub.herPublicKey, 32)) {
cryptoAuthDebug0(session, "DROP packet contains different perminent key");
return -1;
}
if (!session->isInitiator) {
cryptoAuthDebug0(session, "DROP a stray key packet");
return -1;
}
// We sent the hello, this is a key
getSharedSecret(sharedSecret,
session->ourTempPrivKey,
session->pub.herPublicKey,
passwordHash,
session->context->logger);
nextNonce = 4;
}
// Shift it on top of the authenticator before the encrypted public key
Message_shift(message, 48 - CryptoHeader_SIZE, NULL);
if (Defined(Log_KEYS)) {
uint8_t sharedSecretHex[65];
printHexKey(sharedSecretHex, sharedSecret);
uint8_t nonceHex[49];
Hex_encode(nonceHex, 49, header->handshake.nonce, 24);
uint8_t cipherHex[65];
printHexKey(cipherHex, message->bytes);
Log_keys(session->context->logger,
"Decrypting message with:\n"
" nonce: %s\n"
" secret: %s\n"
" cipher: %s\n",
nonceHex, sharedSecretHex, cipherHex);
}
// Decrypt her temp public key and the message.
if (decryptRndNonce(header->handshake.nonce, message, sharedSecret)) {
// just in case
Bits_memset(header, 0, CryptoHeader_SIZE);
cryptoAuthDebug(session, "DROP message with nonce [%d], decryption failed", nonce);
return -1;
}
if (Bits_isZero(header->handshake.encryptedTempKey, 32)) {
// we need to reject 0 public keys outright because they will be confused with "unknown"
cryptoAuthDebug0(session, "DROP message with zero as temp public key");
return -1;
}
if (Defined(Log_KEYS)) {
uint8_t tempKeyHex[65];
Hex_encode(tempKeyHex, 65, header->handshake.encryptedTempKey, 32);
Log_keys(session->context->logger,
"Unwrapping temp public key:\n"
" %s\n",
tempKeyHex);
}
Message_shift(message, -32, NULL);
// Post-decryption checking
if (nonce == 0) {
// A new hello packet
if (!Bits_memcmp(session->herTempPubKey, header->handshake.encryptedTempKey, 32)) {
// possible replay attack or duped packet
cryptoAuthDebug0(session, "DROP dupe hello packet with same temp key");
return -1;
}
} else if (nonce == 2 && session->nextNonce >= 4) {
// we accept a new key packet and let it change the session since the other end might have
// killed off the session while it was in the midst of setting up.
// This is NOT a repeat key packet because it's nonce is 2, not 3
if (!Bits_memcmp(session->herTempPubKey, header->handshake.encryptedTempKey, 32)) {
Assert_true(!Bits_isZero(session->herTempPubKey, 32));
cryptoAuthDebug0(session, "DROP dupe key packet with same temp key");
return -1;
}
} else if (nonce == 3 && session->nextNonce >= 4) {
// Got a repeat key packet, make sure the temp key is the same as the one we know.
if (Bits_memcmp(session->herTempPubKey, header->handshake.encryptedTempKey, 32)) {
Assert_true(!Bits_isZero(session->herTempPubKey, 32));
cryptoAuthDebug0(session, "DROP repeat key packet with different temp key");
return -1;
}
}
// If Alice sent a hello packet then Bob sent a hello packet and they crossed on the wire,
// somebody has to yield and the other has to stand firm otherwise they will either deadlock
// each believing their hello packet is superior or they will livelock, each switching to the
// other's session and never synchronizing.
// In this event whoever has the lower permanent public key wins.
// If we receive a (possibly repeat) key packet
if (nextNonce == 4) {
if (session->nextNonce <= 4) {
// and have not yet begun sending "run" data
Bits_memcpyConst(session->herTempPubKey, header->handshake.encryptedTempKey, 32);
} else {
// It's a (possibly repeat) key packet and we have begun sending run data.
// We will change the shared secret to the one specified in the new key packet but
// intentionally avoid de-incrementing the nonce just in case
getSharedSecret(session->sharedSecret,
session->ourTempPrivKey,
header->handshake.encryptedTempKey,
NULL,
session->context->logger);
nextNonce = session->nextNonce + 1;
cryptoAuthDebug0(session, "New key packet but we are already sending data");
}
} else if (nextNonce != 2) {
Assert_true(!"should never happen");
} else if (!session->isInitiator || session->established) {
// This is a hello packet and we are either in ESTABLISHED state or we are
// not the initiator of the connection.
// If the case is that we are in ESTABLISHED state, the other side tore down the session
// and we have not so lets tear it down.
// If we are not in ESTABLISHED state then we don't allow resetting of the session unless
// they are the sender of the hello packet or their permanent public key is lower.
// this is a tie-breaker in case hello packets cross on the wire.
if (session->established) {
cryptoAuthDebug0(session, "new hello during established session, resetting");
reset(session);
}
// We got a (possibly repeat) hello packet and we have not sent any hello packet,
// new session.
if (session->nextNonce == 3) {
// We sent a key packet so the next packet is a repeat key but we got another hello
// We'll just keep steaming along sending repeat key packets
nextNonce = 3;
}
Bits_memcpyConst(session->herTempPubKey, header->handshake.encryptedTempKey, 32);
} else if (Bits_memcmp(header->handshake.publicKey, session->context->pub.publicKey, 32) < 0) {
// It's a hello and we are the initiator but their permant public key is numerically lower
// than ours, this is so that in the event of two hello packets crossing on the wire, the
// nodes will agree on who is the initiator.
cryptoAuthDebug0(session, "Incoming hello from node with lower key, resetting");
reset(session);
Bits_memcpyConst(session->herTempPubKey, header->handshake.encryptedTempKey, 32);
} else {
cryptoAuthDebug0(session, "DROP Incoming hello from node with higher key, not resetting");
return -1;
}
if (herPermKey && herPermKey != session->pub.herPublicKey) {
Bits_memcpyConst(session->pub.herPublicKey, herPermKey, 32);
}
if (restrictedToip6) {
Bits_memcpyConst(session->pub.herIp6, restrictedToip6, 16);
}
// Nonces can never go backward and can only "not advance" if they're 0,1,2,3,4 session state.
Assert_true(session->nextNonce < nextNonce ||
(session->nextNonce <= 4 && nextNonce == session->nextNonce)
);
session->nextNonce = nextNonce;
Bits_memset(&session->pub.replayProtector, 0, sizeof(struct ReplayProtector));
return 0;
}
int TembooSession::executeChoreo(
const char* accountName,
const char* appKeyName,
const char* appKeyValue,
const char* path,
const ChoreoInputSet& inputSet,
const ChoreoOutputSet& outputSet,
const ChoreoPreset& preset) {
DataFormatter fmt(&inputSet, &outputSet, &preset);
char auth[HMAC_HEX_SIZE_BYTES + 1];
char buffer[11];
// We use the current time-of-day as salt on the app key.
// We keep track of time-of-day by getting the current time
// from the server and applying an offset (the length of time
// we've been running.)
uint32toa((uint32_t)TembooSession::getTime(), buffer);
uint16_t contentLength = getAuth(fmt, appKeyValue, buffer, auth);
m_client.stop();
m_client.flush();
int connected = 0;
TEMBOO_TRACE("Connecting: ");
// reserve space for the "host" string sufficient to hold either the
// (dotted-quad) IP address + port, or the default <account>.temboolive.com
// host string.
int hostLen = strlen_P(TEMBOO_DOMAIN) + strlen(accountName) + 1;
char host[hostLen];
// Construct the "host" string from the account name and the temboo domain name.
strcpy(host, accountName);
strcat_P(host, TEMBOO_DOMAIN);
bool useProxy = false;
if (m_addr == INADDR_NONE) {
TEMBOO_TRACELN(host);
connected = m_client.connect(host, m_port);
} else {
TEMBOO_TRACELN(host);
connected = m_client.connect(m_addr, m_port);
useProxy = true;
}
if (connected) {
TEMBOO_TRACELN("OK. req:");
qsendProgmem(POST);
if(useProxy) {
qsendProgmem(HTTP);
qsend(host);
}
qsendProgmem(BASE_CHOREO_URI);
qsend(path);
qsendProgmem(SDK_ID);
qsendlnProgmem(POSTAMBLE);
// Send our custom authentication header
// (app-key-name:hmac)
qsendProgmem(HEADER_AUTH);
qsend(appKeyName);
qsend(":");
qsendln(auth);
// send the standard host header
qsendProgmem(HEADER_HOST);
qsendln(host);
// send the standard accept header
qsendlnProgmem(HEADER_ACCEPT);
// send our custom account name neader
qsendProgmem(HEADER_ORG);
qsend(accountName);
qsendlnProgmem(HEADER_DOM);
// send the standard content type header
qsendlnProgmem(HEADER_CONTENT_TYPE);
// send our custom client time header
qsendProgmem(HEADER_TIME);
qsendln(buffer);
// send the standard content length header
qsendProgmem(HEADER_CONTENT_LENGTH);
qsendln(uint16toa(contentLength, buffer));
qsendProgmem(EOL);
// Format and send the body of the request
fmt.reset();
while(fmt.hasNext()) {
qsend(fmt.next());
}
qsendProgmem(EOL);
qflush();
return 0;
} else {
TEMBOO_TRACELN("FAIL");
return 1;
}
}