Пример #1
0
mutils_error _mhash_gen_key_hex(void *keyword, mutils_word32 key_size, 
				mutils_word8 *password, mutils_word32 plen)
{
	mutils_word8 *chain = password;
	mutils_word8 *pkeyword = keyword;
	mutils_word8 tmp[3];
	mutils_word32 i;

	mutils_bzero(keyword, key_size);

	/* The chain should have 2*n characters 
	 */

	if (plen % 2 != 0 || plen > key_size*2)
		return(-MUTILS_INVALID_SIZE);

	if (check_hex(chain, plen) == MUTILS_FALSE)
		return(-MUTILS_INVALID_FORMAT);

	mutils_bzero( keyword, key_size);

	for (i = 0; i < plen; i += 2) {
		mutils_memcpy(tmp, &chain[i], 2);
		tmp[2] = '\0';
		pkeyword[i / 2] = mutils_strtol(tmp, (mutils_word8 **) NULL, 16);
	}

	return(MUTILS_OK);
}
Пример #2
0
static void
readBlobAsChar(test_info *t, int step, int wide)
{
	SQLRETURN rc = SQL_SUCCESS_WITH_INFO;
	char buf[8192];
	SQLLEN len, total = 0, len2;
	int i = 0;
	int check;
	int bufsize;

	SQLSMALLINT type = SQL_C_CHAR;
	unsigned int char_len = 1;
	if (wide) {
		char_len = sizeof(SQLWCHAR);
		type = SQL_C_WCHAR;
	}
	
	if (step%2) bufsize = sizeof(buf) - char_len;
	else bufsize = sizeof(buf);

	printf(">> readBlobAsChar field %d\n", t->num);
	while (rc == SQL_SUCCESS_WITH_INFO) {
		i++;
		rc = CHKGetData(t->num, type, (SQLPOINTER) buf, (SQLINTEGER) bufsize, &len, "SINo");
		if (rc == SQL_SUCCESS_WITH_INFO && len == SQL_NO_TOTAL) {
			len = bufsize - char_len;
			rc = SQL_SUCCESS;
		}
		if (rc == SQL_NO_DATA || len <= 0)
			break;
		rc = CHKGetData(t->num, type, (SQLPOINTER) buf, 0, &len2, "SINo");
		if (rc == SQL_SUCCESS_WITH_INFO && len2 != SQL_NO_TOTAL)
			len = len - len2;
#if 0
		if (len > (SQLLEN) (bufsize - char_len))
			len = (SQLLEN) (bufsize - char_len);
		len -= len % (2u * char_len);
#endif
		printf(">>     step %d: %d bytes readed\n", i, (int) len);

		if (wide) {
			len /= sizeof(SQLWCHAR);
			odbc_from_sqlwchar((char *) buf, (SQLWCHAR *) buf, len + 1);
		}

		check =	check_hex(buf, len, 2*t->gen1 + total, t->gen2);
		if (!check) {
			fprintf(stderr, "Wrong buffer content\n");
			dump(stderr, " buf ", buf, len);
			failed = 1;
		}
		total += len;
	}
	printf(">>   total bytes read = %d \n", (int) total);
	if (total != 20000) {
		fprintf(stderr, "Wrong buffer length, expected 20000\n");
		failed = 1;
	}
}
int main()
{
	long int check;
			
	char var1[] = "123t";
	char var2[] = "1Ae4";
  
  check = check_hex(var1);
  
  if( check == -1 )
  	printf("\"%s\" is not hexadecimal digit.\n", var1);
  else
  	printf("\"%s\" is hexadecimal digit, and value is %ld.\n", var1, check);
  
  check = check_hex(var2);
  
  if( check == -1 )
  	printf("\"%s\" is not hexadecimal digit.\n", var2);
  else
  	printf("\"%s\" is hexadecimal digit, and value is %ld.\n", var2, check);	
   
  return 0;
}
Пример #4
0
int
main(int argc, char *argv[])
{
  char *sql_db = NULL;
  sqlite3* db;
  char *username = NULL;
  struct user user;
  enum manage_action action = MANAGE_ACTION_HELP;
  int opt;
  char privid[OTP_PRIVID_HEX_LEN];
  unsigned char *privid_bin;
  int temp, ret;
  struct otp_data* data;
  char digest_name[DIGEST_NAME_MAX_SIZE];
  char *ctemp;

  while((opt = getopt(argc, argv, "hs:lg:r:a:c")) != -1) {
    switch(opt) {
      case 'h':
        usage(0);
        break;
      case 's':
        sql_db = optarg;
        break;
      case 'l':
        if (action != MANAGE_ACTION_HELP) {
          usage(1);
        }
        action = MANAGE_ACTION_LIST;
        break;
      case 'g':
        if (action != MANAGE_ACTION_HELP) {
          usage(1);
        }
        action = MANAGE_ACTION_GET;
        username = optarg;
        break;
      case 'r':
        if (action != MANAGE_ACTION_HELP) {
          usage(1);
        }
        action = MANAGE_ACTION_DELETE;
        username = optarg;
        break;
      case 'a':
        if (action != MANAGE_ACTION_HELP) {
          usage(1);
        }
        action = MANAGE_ACTION_ADD;
        username = optarg;
        break;
      case 'c':
        if (action != MANAGE_ACTION_HELP) {
          usage(1);
        }
        action = MANAGE_ACTION_CREATE;
        break;
      default:
        usage(0);
     }
  }

  if(argc > optind) {
    usage(1);
  }

  if (action == MANAGE_ACTION_HELP) {
    usage(0);
  }

  if (sql_db == NULL) {
    usage(2);
  }

  if (forget_real_credentials() != 0) {
    printf("Unable to fix uid/gid\n");
    return -EPERM;
  }

  db = init(sql_db);
  if (db == NULL) {
    printf("Unable to open the database\n");
    return 1;
  }
  switch(action) {
    case MANAGE_ACTION_HELP:
       /* Already done */
      break;
    case MANAGE_ACTION_LIST:
      list_users(db);
      sql_close(db);
      return 0;
    case MANAGE_ACTION_CREATE:
      create_database(db);
      return 0;
    case MANAGE_ACTION_GET:
    case MANAGE_ACTION_ADD:
    case MANAGE_ACTION_DELETE:
      /* Later */
      break;
  }
  if (username == NULL) {
    usage(3);
  }
  if (verify_user(username, strlen(username), &user) != 0) {
    printf("Unauthorized char in the username");
    return OTP_ERR;
  }

  switch(action) {
    case MANAGE_ACTION_HELP:
    case MANAGE_ACTION_LIST:
    case MANAGE_ACTION_CREATE:
      /* Already done */
      break;
    case MANAGE_ACTION_GET:
      data = get_otp_data(db, &user);
      if (data == NULL) {
        printf("No such user\n");
        break;
      }
      printf("User '%.*s':\n", (unsigned int) user.len, user.name);
      printf("Public ID  : %.*s\n", (int) OTP_PUB_ID_HEX_LEN, data->pubid);
      printf("Private Key: %.*s\n", (int) OTP_KEY_HEX_LEN, data->key);
      printf("Private ID digest: %s\n", data->digest_name);
      printf("Private ID hash:   %s\n", data->privid_hash);
      free(data);
      break;
    case MANAGE_ACTION_DELETE:
      for (temp = 0; temp < MAX_RETRIES; ++temp) {
        ret = try_start_transaction(db);
        switch (ret) {
          case OTP_SQL_ERR:
            printf("SQL error during the transaction initialisation");
            goto free_db;
          case OTP_SQL_MAY_RETRY:
            break;
          case OTP_SQL_OK:
            ret = try_delete_credentials(db, &user);
            switch (ret) {
              case OTP_SQL_ERR:
                printf("SQL error while trying to remove user");
                goto free_db;
              case OTP_SQL_MAY_RETRY:
                break;
              case OTP_SQL_OK:
                ret = try_end_transaction(db);
                switch (ret) {
                  case OTP_SQL_MAY_RETRY:
                    break;
                  case OTP_SQL_ERR:
                    printf("SQL error when trying to commit the transaction");
                    goto free_db;
                  case OTP_SQL_OK:
                    sql_close(db);
                    return 0;
                }
            }
        }
      }
      printf("Unable to remove user (Database busy)\n");
      break;
    case MANAGE_ACTION_ADD:
      data = calloc(sizeof(struct otp_data), 1ul);
      if (data == NULL) {
        printf("Malloc error\n");
        goto free_db;
      }
      if (read_input_word(data->pubid, OTP_PUB_ID_HEX_LEN, "Public ID")) {
        goto free_data;
      }
      if (check_modhex(data->pubid, OTP_PUB_ID_HEX_LEN) != 0) {
        printf("Non hex character in input, please retry\n");
        goto free_data;
      }

      if (read_input_word(data->key, OTP_KEY_HEX_LEN, "AES key")) {
        goto free_data;
      }
      if (check_hex(data->key, (int) OTP_KEY_HEX_LEN) != 0) {
        printf("Non hex character in input, please retry\n");
        goto free_data;
      }

      if (read_input_word(privid, OTP_PRIVID_HEX_LEN, "Private ID")) {
        goto free_data;
      }
      if (check_hex(privid, (int) OTP_PRIVID_HEX_LEN) != 0) {
        printf("Non hex character in input, please retry\n");
        goto free_data;
      }
      privid_bin = hex2bin(privid, OTP_PRIVID_HEX_LEN);
      if (privid_bin == NULL) {
        printf("Malloc error (bis)\n");
        goto free_data;
      }

      printf("Please Specify a valid digest algorithm [%s]\n", DEFAULT_DIGEST);
      memset(digest_name, 0, (size_t) DIGEST_NAME_MAX_SIZE);
      ctemp = fgets(digest_name, DIGEST_NAME_MAX_SIZE, stdin);
      if (ctemp == NULL) {
        printf("Unable to read input\n");
        goto free_data;
      }
      if (digest_name[DIGEST_NAME_MAX_SIZE - 1] != 0 && digest_name[DIGEST_NAME_MAX_SIZE - 1] != '\n') {
        printf("Digest algorithm name too long, please retry\n");
        goto free_data;
      }
      if (digest_name[0] == '\n') {
        data->digest_name = strdup(DEFAULT_DIGEST);
      } else {
        ctemp = memchr(digest_name, '\n', (size_t) DIGEST_NAME_MAX_SIZE);
        if (ctemp != NULL) {
          *ctemp = '\0';
        }
        data->digest_name = digest_name;
      }
      ctemp = (char*)compute_hash(data->digest_name, (char*)privid_bin, OTP_PRIVID_BIN_LEN);
      if (ctemp == NULL) {
        goto free_data;
      }
      data->privid_hash = bin2hex(ctemp, strlen(ctemp));
      if (data->privid_hash == NULL) {
        goto free_data;
      }
      printf("New user :\n");
      printf("Name: '%.*s':\n", (unsigned int) user.len, user.name);
      printf("Public ID  : %.*s\n", (int) OTP_PUB_ID_HEX_LEN, data->pubid);
      printf("Private Key: %.*s\n", (int) OTP_KEY_HEX_LEN, data->key);
      printf("Private ID:        %.*s\n", (int) OTP_PRIVID_HEX_LEN, privid);
      printf("Private ID digest: %s\n", data->digest_name);
      printf("Private ID hash:   %s\n", data->privid_hash);
      printf("Press enter to create this new user\n");
      if (getc(stdin) != '\n') {
        goto free_data;
      }
      for (temp = 0; temp < MAX_RETRIES; ++temp) {
        ret = try_start_transaction(db);
        switch (ret) {
          case OTP_SQL_ERR:
            printf("SQL error during the transaction initialisation");
            goto free_data;
          case OTP_SQL_MAY_RETRY:
            break;
          case OTP_SQL_OK:
            ret = try_create_credentials(db, data, &user);
            switch (ret) {
              case OTP_SQL_ERR:
                printf("SQL error while trying to add the user");
                goto free_data;
              case OTP_SQL_MAY_RETRY:
                break;
              case OTP_SQL_OK:
                ret = try_end_transaction(db);
                switch (ret) {
                  case OTP_SQL_MAY_RETRY:
                    break;
                  case OTP_SQL_ERR:
                    printf("SQL error when trying to commit the transaction");
                    goto free_data;
                  case OTP_SQL_OK:
                    goto free_data;
                }
            }
        }
      }
      printf("Unable to create user (Database busy)\n");
      break;
  }
  goto free_db;

free_data:
  free_otp_data(data);
free_db:
  sql_close(db);
  return 0;
}
Пример #5
0
char *uwsgi_upload_progress_create(struct wsgi_request *wsgi_req, int *fd) {
	const char *x_progress_id = "X-Progress-ID=";
	char *xpi_ptr = (char *) x_progress_id;
	uint16_t i;
	char *upload_progress_filename = NULL;

	if (wsgi_req->uri_len <= 51)
		return NULL;


	for (i = 0; i < wsgi_req->uri_len; i++) {
		if (wsgi_req->uri[i] == xpi_ptr[0]) {
			if (xpi_ptr[0] == '=') {
				if (wsgi_req->uri + i + 36 <= wsgi_req->uri + wsgi_req->uri_len) {
					upload_progress_filename = wsgi_req->uri + i + 1;
				}
				break;
			}
			xpi_ptr++;
		}
		else {
			xpi_ptr = (char *) x_progress_id;
		}
	}

	// now check for valid uuid (from spec available at http://en.wikipedia.org/wiki/Universally_unique_identifier)
	if (!upload_progress_filename)
		return NULL;

	uwsgi_log("upload progress uuid = %.*s\n", 36, upload_progress_filename);
	if (!check_hex(upload_progress_filename, 8))
		return NULL;
	if (upload_progress_filename[8] != '-')
		return NULL;

	if (!check_hex(upload_progress_filename + 9, 4))
		return NULL;
	if (upload_progress_filename[13] != '-')
		return NULL;

	if (!check_hex(upload_progress_filename + 14, 4))
		return NULL;
	if (upload_progress_filename[18] != '-')
		return NULL;

	if (!check_hex(upload_progress_filename + 19, 4))
		return NULL;
	if (upload_progress_filename[23] != '-')
		return NULL;

	if (!check_hex(upload_progress_filename + 24, 12))
		return NULL;

	upload_progress_filename = uwsgi_concat4n(uwsgi.upload_progress, strlen(uwsgi.upload_progress), "/", 1, upload_progress_filename, 36, ".js", 3);
	// here we use O_EXCL to avoid eventual application bug in uuid generation/using
	*fd = open(upload_progress_filename, O_WRONLY | O_CREAT | O_EXCL, S_IRUSR | S_IWUSR | S_IRGRP);
	if (*fd < 0) {
		uwsgi_error_open(upload_progress_filename);
		free(upload_progress_filename);
		return NULL;
	}

	return upload_progress_filename;
}
Пример #6
0
ret_t
cherokee_handler_secdownload_new (cherokee_handler_t     **hdl,
				  void                    *cnt,
				  cherokee_module_props_t *props)
{
	int                    re;
	ret_t                  ret;
	char                  *p;
	cuint_t                path_len;
	time_t                 time_url;
	char                  *time_s;
	cherokee_buffer_t      md5      = CHEROKEE_BUF_INIT;
	cherokee_connection_t *conn     = CONN(cnt);

	TRACE(ENTRIES, "Analyzing request '%s'\n", conn->request.buf);

	/* Sanity check
	 */
	if (conn->request.len <= 1 + 32 + 2) {
		TRACE(ENTRIES, "Malformed URL. Too short: len=%d.\n", conn->request.len);
		conn->error_code = http_not_found;
		return ret_error;
	}

	if (conn->request.buf[0] != '/') {
		TRACE(ENTRIES, "Malformed URL: %s\n", "Not slash (1)");
		conn->error_code = http_not_found;
		return ret_error;
	}

	p = conn->request.buf + 1;
	if (check_hex (p, 32)) {
		TRACE(ENTRIES, "Malformed URL: %s\n", "No MD5");
		conn->error_code = http_not_found;
		return ret_error;
	}
	p += 32;

	if (*p != '/') {
		TRACE(ENTRIES, "Malformed URL: %s\n", "Not slash (2)");
		conn->error_code = http_not_found;
		return ret_error;
	}
	p += 1;
	time_s = p;

	if (check_hex (p, 8)) {
		TRACE(ENTRIES, "Malformed URL: %s\n", "No MD5 (2)");
		conn->error_code = http_not_found;
		return ret_error;
	}
	p += 8;

	/* Check the time
	 */
	time_url = get_time (time_s);
	if ((cherokee_bogonow_now - time_url) > (int)PROP_SECDOWN(props)->timeout) {
		TRACE(ENTRIES, "Time out: %d (now=%d)\n", time_url, cherokee_bogonow_now);
		conn->error_code = http_gone;
		return ret_error;
	}

	/* Check the MD5
	 * [secret][path][hex(time)]
	 */
	path_len = (conn->request.buf + conn->request.len) - p;

	cherokee_buffer_add_buffer (&md5, &PROP_SECDOWN(props)->secret);
	cherokee_buffer_add        (&md5, p, path_len);
	cherokee_buffer_add        (&md5, time_s, 8);

	cherokee_buffer_encode_md5_digest (&md5);

	re = strncasecmp (md5.buf, &conn->request.buf[1], 32);
	if (re != 0) {
		TRACE(ENTRIES, "MD5 (%s) didn't match\n", md5.buf);
		cherokee_buffer_mrproper(&md5);

		conn->error_code = http_access_denied;
		return ret_error;
	}

	cherokee_buffer_mrproper (&md5);

	/* At this point the request has been validated
	 */
	if (cherokee_buffer_is_empty (&conn->request_original)) {
		cherokee_buffer_add_buffer (&conn->request_original, &conn->request);
		cherokee_buffer_add_buffer (&conn->query_string_original, &conn->query_string);
	}

	cherokee_buffer_clean (&conn->request);
	cherokee_buffer_add   (&conn->request, p, path_len);

	/* Instance the File handler
	 */
	ret = cherokee_handler_file_new (hdl, cnt, MODULE_PROPS(PROP_SECDOWN(props)->props_file));
	if (ret != ret_ok)
		return ret_ok;

	return ret_ok;
}