mutils_error _mhash_gen_key_hex(void *keyword, mutils_word32 key_size,
mutils_word8 *password, mutils_word32 plen)
{
mutils_word8 *chain = password;
mutils_word8 *pkeyword = keyword;
mutils_word8 tmp[3];
mutils_word32 i;
mutils_bzero(keyword, key_size);
/* The chain should have 2*n characters
*/
if (plen % 2 != 0 || plen > key_size*2)
return(-MUTILS_INVALID_SIZE);
if (check_hex(chain, plen) == MUTILS_FALSE)
return(-MUTILS_INVALID_FORMAT);
mutils_bzero( keyword, key_size);
for (i = 0; i < plen; i += 2) {
mutils_memcpy(tmp, &chain[i], 2);
tmp[2] = '\0';
pkeyword[i / 2] = mutils_strtol(tmp, (mutils_word8 **) NULL, 16);
}
return(MUTILS_OK);
}
static void
readBlobAsChar(test_info *t, int step, int wide)
{
SQLRETURN rc = SQL_SUCCESS_WITH_INFO;
char buf[8192];
SQLLEN len, total = 0, len2;
int i = 0;
int check;
int bufsize;
SQLSMALLINT type = SQL_C_CHAR;
unsigned int char_len = 1;
if (wide) {
char_len = sizeof(SQLWCHAR);
type = SQL_C_WCHAR;
}
if (step%2) bufsize = sizeof(buf) - char_len;
else bufsize = sizeof(buf);
printf(">> readBlobAsChar field %d\n", t->num);
while (rc == SQL_SUCCESS_WITH_INFO) {
i++;
rc = CHKGetData(t->num, type, (SQLPOINTER) buf, (SQLINTEGER) bufsize, &len, "SINo");
if (rc == SQL_SUCCESS_WITH_INFO && len == SQL_NO_TOTAL) {
len = bufsize - char_len;
rc = SQL_SUCCESS;
}
if (rc == SQL_NO_DATA || len <= 0)
break;
rc = CHKGetData(t->num, type, (SQLPOINTER) buf, 0, &len2, "SINo");
if (rc == SQL_SUCCESS_WITH_INFO && len2 != SQL_NO_TOTAL)
len = len - len2;
#if 0
if (len > (SQLLEN) (bufsize - char_len))
len = (SQLLEN) (bufsize - char_len);
len -= len % (2u * char_len);
#endif
printf(">> step %d: %d bytes readed\n", i, (int) len);
if (wide) {
len /= sizeof(SQLWCHAR);
odbc_from_sqlwchar((char *) buf, (SQLWCHAR *) buf, len + 1);
}
check = check_hex(buf, len, 2*t->gen1 + total, t->gen2);
if (!check) {
fprintf(stderr, "Wrong buffer content\n");
dump(stderr, " buf ", buf, len);
failed = 1;
}
total += len;
}
printf(">> total bytes read = %d \n", (int) total);
if (total != 20000) {
fprintf(stderr, "Wrong buffer length, expected 20000\n");
failed = 1;
}
}
int main()
{
long int check;
char var1[] = "123t";
char var2[] = "1Ae4";
check = check_hex(var1);
if( check == -1 )
printf("\"%s\" is not hexadecimal digit.\n", var1);
else
printf("\"%s\" is hexadecimal digit, and value is %ld.\n", var1, check);
check = check_hex(var2);
if( check == -1 )
printf("\"%s\" is not hexadecimal digit.\n", var2);
else
printf("\"%s\" is hexadecimal digit, and value is %ld.\n", var2, check);
return 0;
}
int
main(int argc, char *argv[])
{
char *sql_db = NULL;
sqlite3* db;
char *username = NULL;
struct user user;
enum manage_action action = MANAGE_ACTION_HELP;
int opt;
char privid[OTP_PRIVID_HEX_LEN];
unsigned char *privid_bin;
int temp, ret;
struct otp_data* data;
char digest_name[DIGEST_NAME_MAX_SIZE];
char *ctemp;
while((opt = getopt(argc, argv, "hs:lg:r:a:c")) != -1) {
switch(opt) {
case 'h':
usage(0);
break;
case 's':
sql_db = optarg;
break;
case 'l':
if (action != MANAGE_ACTION_HELP) {
usage(1);
}
action = MANAGE_ACTION_LIST;
break;
case 'g':
if (action != MANAGE_ACTION_HELP) {
usage(1);
}
action = MANAGE_ACTION_GET;
username = optarg;
break;
case 'r':
if (action != MANAGE_ACTION_HELP) {
usage(1);
}
action = MANAGE_ACTION_DELETE;
username = optarg;
break;
case 'a':
if (action != MANAGE_ACTION_HELP) {
usage(1);
}
action = MANAGE_ACTION_ADD;
username = optarg;
break;
case 'c':
if (action != MANAGE_ACTION_HELP) {
usage(1);
}
action = MANAGE_ACTION_CREATE;
break;
default:
usage(0);
}
}
if(argc > optind) {
usage(1);
}
if (action == MANAGE_ACTION_HELP) {
usage(0);
}
if (sql_db == NULL) {
usage(2);
}
if (forget_real_credentials() != 0) {
printf("Unable to fix uid/gid\n");
return -EPERM;
}
db = init(sql_db);
if (db == NULL) {
printf("Unable to open the database\n");
return 1;
}
switch(action) {
case MANAGE_ACTION_HELP:
/* Already done */
break;
case MANAGE_ACTION_LIST:
list_users(db);
sql_close(db);
return 0;
case MANAGE_ACTION_CREATE:
create_database(db);
return 0;
case MANAGE_ACTION_GET:
case MANAGE_ACTION_ADD:
case MANAGE_ACTION_DELETE:
/* Later */
break;
}
if (username == NULL) {
usage(3);
}
if (verify_user(username, strlen(username), &user) != 0) {
printf("Unauthorized char in the username");
return OTP_ERR;
}
switch(action) {
case MANAGE_ACTION_HELP:
case MANAGE_ACTION_LIST:
case MANAGE_ACTION_CREATE:
/* Already done */
break;
case MANAGE_ACTION_GET:
data = get_otp_data(db, &user);
if (data == NULL) {
printf("No such user\n");
break;
}
printf("User '%.*s':\n", (unsigned int) user.len, user.name);
printf("Public ID : %.*s\n", (int) OTP_PUB_ID_HEX_LEN, data->pubid);
printf("Private Key: %.*s\n", (int) OTP_KEY_HEX_LEN, data->key);
printf("Private ID digest: %s\n", data->digest_name);
printf("Private ID hash: %s\n", data->privid_hash);
free(data);
break;
case MANAGE_ACTION_DELETE:
for (temp = 0; temp < MAX_RETRIES; ++temp) {
ret = try_start_transaction(db);
switch (ret) {
case OTP_SQL_ERR:
printf("SQL error during the transaction initialisation");
goto free_db;
case OTP_SQL_MAY_RETRY:
break;
case OTP_SQL_OK:
ret = try_delete_credentials(db, &user);
switch (ret) {
case OTP_SQL_ERR:
printf("SQL error while trying to remove user");
goto free_db;
case OTP_SQL_MAY_RETRY:
break;
case OTP_SQL_OK:
ret = try_end_transaction(db);
switch (ret) {
case OTP_SQL_MAY_RETRY:
break;
case OTP_SQL_ERR:
printf("SQL error when trying to commit the transaction");
goto free_db;
case OTP_SQL_OK:
sql_close(db);
return 0;
}
}
}
}
printf("Unable to remove user (Database busy)\n");
break;
case MANAGE_ACTION_ADD:
data = calloc(sizeof(struct otp_data), 1ul);
if (data == NULL) {
printf("Malloc error\n");
goto free_db;
}
if (read_input_word(data->pubid, OTP_PUB_ID_HEX_LEN, "Public ID")) {
goto free_data;
}
if (check_modhex(data->pubid, OTP_PUB_ID_HEX_LEN) != 0) {
printf("Non hex character in input, please retry\n");
goto free_data;
}
if (read_input_word(data->key, OTP_KEY_HEX_LEN, "AES key")) {
goto free_data;
}
if (check_hex(data->key, (int) OTP_KEY_HEX_LEN) != 0) {
printf("Non hex character in input, please retry\n");
goto free_data;
}
if (read_input_word(privid, OTP_PRIVID_HEX_LEN, "Private ID")) {
goto free_data;
}
if (check_hex(privid, (int) OTP_PRIVID_HEX_LEN) != 0) {
printf("Non hex character in input, please retry\n");
goto free_data;
}
privid_bin = hex2bin(privid, OTP_PRIVID_HEX_LEN);
if (privid_bin == NULL) {
printf("Malloc error (bis)\n");
goto free_data;
}
printf("Please Specify a valid digest algorithm [%s]\n", DEFAULT_DIGEST);
memset(digest_name, 0, (size_t) DIGEST_NAME_MAX_SIZE);
ctemp = fgets(digest_name, DIGEST_NAME_MAX_SIZE, stdin);
if (ctemp == NULL) {
printf("Unable to read input\n");
goto free_data;
}
if (digest_name[DIGEST_NAME_MAX_SIZE - 1] != 0 && digest_name[DIGEST_NAME_MAX_SIZE - 1] != '\n') {
printf("Digest algorithm name too long, please retry\n");
goto free_data;
}
if (digest_name[0] == '\n') {
data->digest_name = strdup(DEFAULT_DIGEST);
} else {
ctemp = memchr(digest_name, '\n', (size_t) DIGEST_NAME_MAX_SIZE);
if (ctemp != NULL) {
*ctemp = '\0';
}
data->digest_name = digest_name;
}
ctemp = (char*)compute_hash(data->digest_name, (char*)privid_bin, OTP_PRIVID_BIN_LEN);
if (ctemp == NULL) {
goto free_data;
}
data->privid_hash = bin2hex(ctemp, strlen(ctemp));
if (data->privid_hash == NULL) {
goto free_data;
}
printf("New user :\n");
printf("Name: '%.*s':\n", (unsigned int) user.len, user.name);
printf("Public ID : %.*s\n", (int) OTP_PUB_ID_HEX_LEN, data->pubid);
printf("Private Key: %.*s\n", (int) OTP_KEY_HEX_LEN, data->key);
printf("Private ID: %.*s\n", (int) OTP_PRIVID_HEX_LEN, privid);
printf("Private ID digest: %s\n", data->digest_name);
printf("Private ID hash: %s\n", data->privid_hash);
printf("Press enter to create this new user\n");
if (getc(stdin) != '\n') {
goto free_data;
}
for (temp = 0; temp < MAX_RETRIES; ++temp) {
ret = try_start_transaction(db);
switch (ret) {
case OTP_SQL_ERR:
printf("SQL error during the transaction initialisation");
goto free_data;
case OTP_SQL_MAY_RETRY:
break;
case OTP_SQL_OK:
ret = try_create_credentials(db, data, &user);
switch (ret) {
case OTP_SQL_ERR:
printf("SQL error while trying to add the user");
goto free_data;
case OTP_SQL_MAY_RETRY:
break;
case OTP_SQL_OK:
ret = try_end_transaction(db);
switch (ret) {
case OTP_SQL_MAY_RETRY:
break;
case OTP_SQL_ERR:
printf("SQL error when trying to commit the transaction");
goto free_data;
case OTP_SQL_OK:
goto free_data;
}
}
}
}
printf("Unable to create user (Database busy)\n");
break;
}
goto free_db;
free_data:
free_otp_data(data);
free_db:
sql_close(db);
return 0;
}
char *uwsgi_upload_progress_create(struct wsgi_request *wsgi_req, int *fd) {
const char *x_progress_id = "X-Progress-ID=";
char *xpi_ptr = (char *) x_progress_id;
uint16_t i;
char *upload_progress_filename = NULL;
if (wsgi_req->uri_len <= 51)
return NULL;
for (i = 0; i < wsgi_req->uri_len; i++) {
if (wsgi_req->uri[i] == xpi_ptr[0]) {
if (xpi_ptr[0] == '=') {
if (wsgi_req->uri + i + 36 <= wsgi_req->uri + wsgi_req->uri_len) {
upload_progress_filename = wsgi_req->uri + i + 1;
}
break;
}
xpi_ptr++;
}
else {
xpi_ptr = (char *) x_progress_id;
}
}
// now check for valid uuid (from spec available at http://en.wikipedia.org/wiki/Universally_unique_identifier)
if (!upload_progress_filename)
return NULL;
uwsgi_log("upload progress uuid = %.*s\n", 36, upload_progress_filename);
if (!check_hex(upload_progress_filename, 8))
return NULL;
if (upload_progress_filename[8] != '-')
return NULL;
if (!check_hex(upload_progress_filename + 9, 4))
return NULL;
if (upload_progress_filename[13] != '-')
return NULL;
if (!check_hex(upload_progress_filename + 14, 4))
return NULL;
if (upload_progress_filename[18] != '-')
return NULL;
if (!check_hex(upload_progress_filename + 19, 4))
return NULL;
if (upload_progress_filename[23] != '-')
return NULL;
if (!check_hex(upload_progress_filename + 24, 12))
return NULL;
upload_progress_filename = uwsgi_concat4n(uwsgi.upload_progress, strlen(uwsgi.upload_progress), "/", 1, upload_progress_filename, 36, ".js", 3);
// here we use O_EXCL to avoid eventual application bug in uuid generation/using
*fd = open(upload_progress_filename, O_WRONLY | O_CREAT | O_EXCL, S_IRUSR | S_IWUSR | S_IRGRP);
if (*fd < 0) {
uwsgi_error_open(upload_progress_filename);
free(upload_progress_filename);
return NULL;
}
return upload_progress_filename;
}
ret_t
cherokee_handler_secdownload_new (cherokee_handler_t **hdl,
void *cnt,
cherokee_module_props_t *props)
{
int re;
ret_t ret;
char *p;
cuint_t path_len;
time_t time_url;
char *time_s;
cherokee_buffer_t md5 = CHEROKEE_BUF_INIT;
cherokee_connection_t *conn = CONN(cnt);
TRACE(ENTRIES, "Analyzing request '%s'\n", conn->request.buf);
/* Sanity check
*/
if (conn->request.len <= 1 + 32 + 2) {
TRACE(ENTRIES, "Malformed URL. Too short: len=%d.\n", conn->request.len);
conn->error_code = http_not_found;
return ret_error;
}
if (conn->request.buf[0] != '/') {
TRACE(ENTRIES, "Malformed URL: %s\n", "Not slash (1)");
conn->error_code = http_not_found;
return ret_error;
}
p = conn->request.buf + 1;
if (check_hex (p, 32)) {
TRACE(ENTRIES, "Malformed URL: %s\n", "No MD5");
conn->error_code = http_not_found;
return ret_error;
}
p += 32;
if (*p != '/') {
TRACE(ENTRIES, "Malformed URL: %s\n", "Not slash (2)");
conn->error_code = http_not_found;
return ret_error;
}
p += 1;
time_s = p;
if (check_hex (p, 8)) {
TRACE(ENTRIES, "Malformed URL: %s\n", "No MD5 (2)");
conn->error_code = http_not_found;
return ret_error;
}
p += 8;
/* Check the time
*/
time_url = get_time (time_s);
if ((cherokee_bogonow_now - time_url) > (int)PROP_SECDOWN(props)->timeout) {
TRACE(ENTRIES, "Time out: %d (now=%d)\n", time_url, cherokee_bogonow_now);
conn->error_code = http_gone;
return ret_error;
}
/* Check the MD5
* [secret][path][hex(time)]
*/
path_len = (conn->request.buf + conn->request.len) - p;
cherokee_buffer_add_buffer (&md5, &PROP_SECDOWN(props)->secret);
cherokee_buffer_add (&md5, p, path_len);
cherokee_buffer_add (&md5, time_s, 8);
cherokee_buffer_encode_md5_digest (&md5);
re = strncasecmp (md5.buf, &conn->request.buf[1], 32);
if (re != 0) {
TRACE(ENTRIES, "MD5 (%s) didn't match\n", md5.buf);
cherokee_buffer_mrproper(&md5);
conn->error_code = http_access_denied;
return ret_error;
}
cherokee_buffer_mrproper (&md5);
/* At this point the request has been validated
*/
if (cherokee_buffer_is_empty (&conn->request_original)) {
cherokee_buffer_add_buffer (&conn->request_original, &conn->request);
cherokee_buffer_add_buffer (&conn->query_string_original, &conn->query_string);
}
cherokee_buffer_clean (&conn->request);
cherokee_buffer_add (&conn->request, p, path_len);
/* Instance the File handler
*/
ret = cherokee_handler_file_new (hdl, cnt, MODULE_PROPS(PROP_SECDOWN(props)->props_file));
if (ret != ret_ok)
return ret_ok;
return ret_ok;
}
