void Wiegand37WithFacilityFormat::setLinearDataWithoutParity(const void* data, size_t dataLengthBytes)
{
unsigned int pos = 1;
setFacilityCode((unsigned short)revertField(data, dataLengthBytes, &pos, 16));
setUid(revertField(data, dataLengthBytes, &pos, 19));
}
/*!
\internal
Creates a new contact. The properties of the contact are
set from \a fromMap.
*/
OPimContact::OPimContact( const QMap<int, QString> &fromMap ):OPimRecord(), mMap( fromMap ), d( 0 )
{
QString cats = mMap[ Qtopia::AddressCategory ];
if ( !cats.isEmpty() )
setCategories( idsFromString( cats ) );
QString uidStr = find( Qtopia::AddressUid );
if ( uidStr.isEmpty() || ( uidStr.toInt() == 0 ) )
{
setUid( uidGen().generate() );
}
else
setUid( uidStr.toInt() );
// if ( !uidStr.isEmpty() )
// setUid( uidStr.toInt() );
}
void FASCN200BitFormat::unSerialize(boost::property_tree::ptree& node)
{
setAgencyCode(node.get_child("AgencyCode").get_value<short>());
setSystemCode(node.get_child("SystemCode").get_value<short>());
setSerieCode(node.get_child("SerieCode").get_value<unsigned char>());
setCredentialCode(node.get_child("CredentialCode").get_value<unsigned char>());
setPersonIdentifier(node.get_child("PersonIdentifier").get_value<unsigned long long>());
setOrganizationalCategory(static_cast<FASCNOrganizationalCategory>(node.get_child("OrganizationalCategory").get_value<unsigned int>()));
setOrganizationalIdentifier(node.get_child("OrganizationalIdentifier").get_value<short>());
setPOACategory(static_cast<FASCNPOAssociationCategory>(node.get_child("POACategory").get_value<unsigned int>()));
setUid(node.get_child("Uid").get_value<unsigned long long>());
}
bool DirEntryList::setUidGid(const Key &key, uid_t uid, gid_t gid) {
auto found = _findByKey(key);
bool changed = false;
if (uid != (uid_t)-1) {
found->setUid(uid);
changed = true;
}
if (gid != (gid_t)-1) {
found->setGid(gid);
changed = true;
}
return changed;
}
void OEvent::fromMap( const QMap<int, QString>& map )
{
// We just want to set the UID if it is really stored.
if ( !map[OEvent::FUid].isEmpty() )
setUid( map[OEvent::FUid].toInt() );
setCategories( idsFromString( map[OEvent::FCategories] ) );
setDescription( map[OEvent::FDescription] );
setLocation( map[OEvent::FLocation] );
if ( map[OEvent::FType] == "AllDay" )
setAllDay( true );
else
setAllDay( false );
int alarmTime = -1;
if( !map[OEvent::FAlarm].isEmpty() )
alarmTime = map[OEvent::FAlarm].toInt();
int sound = ( ( map[OEvent::FSound] == "loud" ) ? OPimAlarm::Loud : OPimAlarm::Silent );
if ( ( alarmTime != -1 ) ){
QDateTime dt = startDateTime().addSecs( -1*alarmTime*60 );
OPimAlarm al( sound , dt );
notifiers().add( al );
}
if ( !map[OEvent::FTimeZone].isEmpty() && ( map[OEvent::FTimeZone] != "None" ) ){
setTimeZone( map[OEvent::FTimeZone] );
}
time_t start = (time_t) map[OEvent::FStart].toLong();
time_t end = (time_t) map[OEvent::FEnd].toLong();
/* AllDay is always in UTC */
if ( isAllDay() ) {
OTimeZone utc = OTimeZone::utc();
setStartDateTime( utc.fromUTCDateTime( start ) );
setEndDateTime ( utc.fromUTCDateTime( end ) );
setTimeZone( "UTC"); // make sure it is really utc
}else {
/* to current date time */
// qWarning(" Start is %d", start );
OTimeZone zone( timeZone().isEmpty() ? OTimeZone::current() : timeZone() );
QDateTime date = zone.toDateTime( start );
qWarning(" Start is %s", date.toString().latin1() );
setStartDateTime( zone.toDateTime( date, OTimeZone::current() ) );
date = zone.toDateTime( end );
setEndDateTime ( zone.toDateTime( date, OTimeZone::current() ) );
}
if ( !map[OEvent::FRecParent].isEmpty() )
setParent( map[OEvent::FRecParent].toInt() );
if ( !map[OEvent::FRecChildren].isEmpty() ){
QStringList list = QStringList::split(' ', map[OEvent::FRecChildren] );
for ( QStringList::Iterator it = list.begin(); it != list.end(); ++it ) {
addChild( (*it).toInt() );
}
}
// Fill recurrence stuff and put it directly into the ORecur-Object using fromMap..
if( !map[OEvent::FRType].isEmpty() ){
QMap<int, QString> recFields;
recFields.insert( ORecur::RType, map[OEvent::FRType] );
recFields.insert( ORecur::RWeekdays, map[OEvent::FRWeekdays] );
recFields.insert( ORecur::RPosition, map[OEvent::FRPosition] );
recFields.insert( ORecur::RFreq, map[OEvent::FRFreq] );
recFields.insert( ORecur::RHasEndDate, map[OEvent::FRHasEndDate] );
recFields.insert( ORecur::EndDate, map[OEvent::FREndDate] );
recFields.insert( ORecur::Created, map[OEvent::FRCreated] );
recFields.insert( ORecur::Exceptions, map[OEvent::FRExceptions] );
ORecur recur( recFields );
setRecurrence( recur );
}
}
void FASCN200BitFormat::setLinearData(const void* data, size_t dataLengthBytes)
{
unsigned int pos = 0;
unsigned char c;
if (dataLengthBytes * 8 < getDataLength())
{
THROW_EXCEPTION_WITH_LOG(LibLogicalAccessException, "Data length too small.");
}
c = (unsigned char)revertField(data, dataLengthBytes, &pos, 4);
if (c != FASCN_SS)
{
char tmpmsg[64];
sprintf(tmpmsg, "The FASC-N Start Sentinel doesn't match (%x).", c);
THROW_EXCEPTION_WITH_LOG(LibLogicalAccessException, tmpmsg);
}
setAgencyCode((unsigned short)revertField(data, dataLengthBytes, &pos, 16));
c = (unsigned char)revertField(data, dataLengthBytes, &pos, 4);
if (c != FASCN_FS)
{
THROW_EXCEPTION_WITH_LOG(LibLogicalAccessException, "The FASC-N Field Separator doesn't match after the Agency Code.");
}
setSystemCode((unsigned short)revertField(data, dataLengthBytes, &pos, 16));
c = (unsigned char)revertField(data, dataLengthBytes, &pos, 4);
if (c != FASCN_FS)
{
THROW_EXCEPTION_WITH_LOG(LibLogicalAccessException, "The FASC-N Field Separator doesn't match after the System Code.");
}
setUid(revertField(data, dataLengthBytes, &pos, 24));
c = (unsigned char)revertField(data, dataLengthBytes, &pos, 4);
if (c != FASCN_FS)
{
THROW_EXCEPTION_WITH_LOG(LibLogicalAccessException, "The FASC-N Field Separator doesn't match after the Credential.");
}
setSerieCode((unsigned char)revertField(data, dataLengthBytes, &pos, 4));
c = (unsigned char)revertField(data, dataLengthBytes, &pos, 4);
if (c != FASCN_FS)
{
THROW_EXCEPTION_WITH_LOG(LibLogicalAccessException, "The FASC-N Field Separator doesn't match after the Credential Series.");
}
setCredentialCode((unsigned char)revertField(data, dataLengthBytes, &pos, 4));
c = (unsigned char)revertField(data, dataLengthBytes, &pos, 4);
if (c != FASCN_FS)
{
THROW_EXCEPTION_WITH_LOG(LibLogicalAccessException, "The FASC-N Field Separator doesn't match after the Credential Issue.");
}
setPersonIdentifier(revertField(data, dataLengthBytes, &pos, 40));
setOrganizationalCategory((FASCNOrganizationalCategory)revertField(data, dataLengthBytes, &pos, 4));
setOrganizationalIdentifier((unsigned char)revertField(data, dataLengthBytes, &pos, 16));
setPOACategory((FASCNPOAssociationCategory)revertField(data, dataLengthBytes, &pos, 4));
c = (unsigned char)revertField(data, dataLengthBytes, &pos, 4);
if (c != FASCN_ES)
{
THROW_EXCEPTION_WITH_LOG(LibLogicalAccessException, "The End Sentinel doesn't match.");
}
unsigned char lrc = calculateLRC(data, pos);
c = (unsigned char)revertField(data, dataLengthBytes, &pos, 4);
if (c != lrc)
{
THROW_EXCEPTION_WITH_LOG(LibLogicalAccessException, "The FASC-N LRC seems wrong.");
}
}
void aufgabe28() {
char str[255];
char *i,*j=str;
int len;
int knopp=0,ax=0,ay=0,az=0;
int lastax=-1;
int lastay=-1;
int lastaz=-1;
// Arbeitspalznummer +10
setUid(17);
// Selbe fequenz wie unsere Nachbarn mit denen wir komunizieren wollen
switchFreq(8);
while(1) {
if(do_output==1) {
// Daten des Packets holen und vorbereiten
sprintPacket(str);
len=strlen(str);
writestr(str);
// Code welcher die Funtionalitaet folgender Zeile hat
// sscanf(j,"%d\t%d\t%d\r\n",NULL,NULL,ax,ay,az,knopp);
j=str;
while(*j!='\t') j++; j++;
while(*j!='\t') j++;
i=++j;
while(*j!='\t') j++; *j='\0';
ax=atoi(i);
i=++j;
while(*j!='\t') j++; *j='\0';
ay=atoi(i);
i=++j;
while(*j!='\t') j++; *j='\0';
az=atoi(i);
i=++j;
while(*j!='\r') j++; *j='\0';
knopp=atoi(i);
// Je nach dem welcher Knopf gedrueckt wurde LEDs einschalten
if(knopp==2){
LED_ON(GREEN);
}
if(knopp==1){
LED_OFF(GREEN);
}
// Entscheiden ob einer der Beschleunigungswerte mehr als
// 20 % vom alten abweicht - wenn ja rote LED einschalten
if(lastax!=-1){
if( abs(lastay-ay) >= lastay*0.2 ||
abs(lastax-ax) >= lastax*0.2 ||
abs(lastaz-az) >= lastaz*0.2 ){
LED_ON(RED);
}else{
LED_OFF(RED);
}
}
// alte Werte fuer den naechten Druchlauf setzen
lastax=ax;
lastay=ay;
lastaz=az;
// gelbe LED als Statusanzeige toggeln
LED_TOGGLE(YELLOW);
do_output=0;
// ACK an den sender schicken
sprintf(str,"FACK:%d",len);
sendPacket(18,17,str,strlen(str));
}
}
}
void Wiegand37Format::unSerialize(boost::property_tree::ptree& node)
{
setUid(node.get_child("Uid").get_value<unsigned long long>());
}
void Wiegand37Format::setLinearDataWithoutParity(const void* data, size_t dataLengthBytes)
{
unsigned int pos = 1;
setUid(revertField(data, dataLengthBytes, &pos, 35));
}
main(void)
{
//===Hier sollten Variablen deklariert werden ============================
//unsigned char i = 0;
//char text[60];
//int x,y;
//===Hier die notwendigen Initialisierungsschritte =======================
//=(1)== Port-Initialisierung ============================================
init_Port(); // Initialisierung der Port Register
//(2)=== Clock-System-Initialisierung ====================================
//== XT2() oder Dco() als Taktquelle einstellen
//== durch Ein- oder Auskommentieren
//== DCO ist bei LPM Einsatz bevorzugt muß zyklisch kalibriert werden
//== XT2 ist quarzstabil muß nicht zyklisch kalibriert werden
//
//XT2 (); // XT2 Taktquelle aktivieren mit 7.3728MHz
DCO (); // Dco Taktquelle aktivieren mit 7.3728MHz
// beachte DELTA
//=(3)== Timer-Initialisierung= ==========================================
init_Timer_A(); // Init Timer für Sekundeninterrupt
// !! noch leere Funktion
//=(4)== USART-Initialisierung ===========================================
init_UART1(); // UART-RS232 mit 115.2kBit/s initialisieren
// !! noch leere Funktion
//=(5)== CC1100-Transceiver-Initialisierung ==============================
init_UART0_SPI(); // CC1100 SPI UART initalisieren
init_CC1100_POWERDOWN(); // CC1100 init und in RX Mode setzen
// !!!Interrupte sind ab jetzt freigegeben!!
//== Adresse und Funkkanal des Transceivers setzen
//== für die Arbeitsplaetze HWPx (x=1...10) sollten
//== ID=x und channnel=x gesetzt werden
ID = 1; // Adresse
setUid(ID); // Adresse im Transceiver setzen
channel = 1; // Funkkanal
switchFreq(channel); // Funkkanal im Transceiver setzen
//== Soll der Transceiver genutzt werden müssen folgende zwei Zeilen
//== auskommentiert werden:
init_CC1100_IDLE(); // CC1100 in den IDLE Mode setzen
init_CC1100_POWERDOWN();// CC1100 in den PowerDown Mode setzen
//=(6)== LCD-Display-Initialisierung =====================================
dogm_reset(); // Hardware Reset des LCD Controllers
dogm_init(); // Initialisierung der LCD Controller Register
lcd_clear(WHITE); // Grafikspeicher auf dem MSP430 löschen
//lcd_string(BLACK, 15, 25, "MSP430-GESTARTET!"); // Textausgabe
lcd_paint(); // Grafikspeicher auf das LCD Display ausgeben
#define LED_ROT (0x01) // 0 0 1 P4.0
#define LED_GELB (0x02) // 0 1 0 P4.1
#define LED_GRUEN (0x04) // 1 0 0 P4.2
#define LED_ALL (LED_ROT | LED_GELB | LED_GRUEN)
#define LED_ON(led) (BIT_CLR(P4OUT, led))
#define LED_OFF(led) (BIT_SET(P4OUT, led))
#define LED_TOGGLE(led) (BIT_TOGGLE(P4OUT, led))
#define IS_LED_ON(led) (!(P4OUT & led))
#define TASTE_LINKS (0x1)
#define TASTE_RECHTS (0x2)
#define SLEEP_QUANTUM 10000
#define SLEEP(n) do { /* sleep for n seconds */ \
long time = n * 100000; /* wait() sleeps 10*n microseconds */ \
while(time > SLEEP_QUANTUM) { \
wait(SLEEP_QUANTUM); \
time -= SLEEP_QUANTUM; \
} \
wait(time); \
} while(0)
// alle Leitungen auf Eingang
TS_TIP_DIR_IN;
TS_YP_DIR_IN;
TS_YM_DIR_IN;
TS_XP_DIR_IN;
TS_XM_DIR_IN;
// die Ausgangsregister vorbereitend setzen
TS_XM_0; // XM X-Achse wird auf 0 gesetzt
TS_TIP_1; // YP Y-Achse wird über einen PullUp Widerstand auf 1 gezogen
// Die Ausgaenge jetzt freigeben
TS_XM_DIR_OUT; // XM auf 0
TS_TIP_DIR_OUT; // YP auf 1
BIT_SET(P1IE, BIT6);
BIT_CLR(P1IFG, BIT6);
_bis_SR_register(GIE);
//===Hier die Endlosschleife quasi das Betriebssystem=====================
print_value();
while(1){
// linker Taster gedrueckt -> gruen an
if (P1IN & TASTE_LINKS) {
LED_OFF(LED_ROT | LED_GELB);
LED_ON(LED_GRUEN);
// rechter Taster gedrueckt -> rot an
} else if (P1IN & TASTE_RECHTS) {
LED_OFF(LED_GRUEN | LED_GELB);
LED_ON(LED_ROT);
// kein Taster gedrueckt -> gelb an
} else {
LED_OFF(LED_GRUEN | LED_ROT);
LED_ON(LED_GELB);
}
} // Ende der Endlosschleife
} // Ende Main
static int
#if defined(USE_PAM) || defined(_AIX)
isNoPassAllowed( const char *un )
{
struct passwd *pw = 0;
# ifdef HAVE_GETSPNAM /* (sic!) - not USESHADOW */
struct spwd *spw;
# endif
#else
isNoPassAllowed( const char *un, struct passwd *pw )
{
#endif
struct group *gr;
char **fp;
int hg;
if (!*un)
return 0;
if (cursource != PWSRC_MANUAL)
return 1;
for (hg = 0, fp = td->noPassUsers; *fp; fp++)
if (**fp == '@')
hg = 1;
else if (!strcmp( un, *fp ))
return 1;
else if (!strcmp( "*", *fp )) {
#if defined(USE_PAM) || defined(_AIX)
if (!(pw = getpwnam( un )))
return 0;
if (pw->pw_passwd[0] == '!' || pw->pw_passwd[0] == '*')
continue;
# ifdef HAVE_GETSPNAM /* (sic!) - not USESHADOW */
if ((spw = getspnam( un )) &&
(spw->sp_pwdp[0] == '!' || spw->sp_pwdp[0] == '*'))
continue;
# endif
#endif
if (pw->pw_uid)
return 1;
}
#if defined(USE_PAM) || defined(_AIX)
if (hg && (pw || (pw = getpwnam( un )))) {
#else
if (hg) {
#endif
for (setgrent(); (gr = getgrent()); )
for (fp = td->noPassUsers; *fp; fp++)
if (**fp == '@' && !strcmp( gr->gr_name, *fp + 1 )) {
if (pw->pw_gid == gr->gr_gid) {
endgrent();
return 1;
}
for (; *gr->gr_mem; gr->gr_mem++)
if (!strcmp( un, *gr->gr_mem )) {
endgrent();
return 1;
}
}
endgrent();
}
return 0;
}
#if !defined(USE_PAM) && !defined(_AIX) && defined(HAVE_SETUSERCONTEXT)
# define LC_RET0 do { login_close(lc); return 0; } while(0)
#else
# define LC_RET0 return 0
#endif
int
verify( GConvFunc gconv, int rootok )
{
#ifdef USE_PAM
const char *psrv;
struct pam_data pdata;
int pretc, pnopass;
char psrvb[64];
#elif defined(_AIX)
char *msg, *curret;
int i, reenter;
#else
struct stat st;
const char *nolg;
char *buf;
int fd;
# ifdef HAVE_GETUSERSHELL
char *s;
# endif
# if defined(HAVE_STRUCT_PASSWD_PW_EXPIRE) || defined(USESHADOW)
int tim, expir, warntime, quietlog;
# endif
#endif
debug( "verify ...\n" );
#ifdef USE_PAM
pnopass = FALSE;
if (!strcmp( curtype, "classic" )) {
if (!gconv( GCONV_USER, 0 ))
return 0;
if (isNoPassAllowed( curuser )) {
gconv( GCONV_PASS_ND, 0 );
if (!*curpass) {
pnopass = TRUE;
sprintf( psrvb, "%.31s-np", PAMService );
psrv = psrvb;
} else
psrv = PAMService;
} else
psrv = PAMService;
pdata.usecur = TRUE;
} else {
sprintf( psrvb, "%.31s-%.31s", PAMService, curtype );
psrv = psrvb;
pdata.usecur = FALSE;
}
pdata.gconv = gconv;
if (!doPAMAuth( psrv, &pdata ))
return 0;
#elif defined(_AIX)
if ((td->displayType & d_location) == dForeign) {
char *tmpch;
strncpy( hostname, td->name, sizeof(hostname) - 1 );
hostname[sizeof(hostname)-1] = '\0';
if ((tmpch = strchr( hostname, ':' )))
*tmpch = '\0';
} else
hostname[0] = '\0';
/* tty names should only be 15 characters long */
# if 0
for (i = 0; i < 15 && td->name[i]; i++) {
if (td->name[i] == ':' || td->name[i] == '.')
tty[i] = '_';
else
tty[i] = td->name[i];
}
tty[i] = '\0';
# else
memcpy( tty, "/dev/xdm/", 9 );
for (i = 0; i < 6 && td->name[i]; i++) {
if (td->name[i] == ':' || td->name[i] == '.')
tty[9 + i] = '_';
else
tty[9 + i] = td->name[i];
}
tty[9 + i] = '\0';
# endif
if (!strcmp( curtype, "classic" )) {
if (!gconv( GCONV_USER, 0 ))
return 0;
if (isNoPassAllowed( curuser )) {
gconv( GCONV_PASS_ND, 0 );
if (!*curpass) {
debug( "accepting despite empty password\n" );
goto done;
}
} else
if (!gconv( GCONV_PASS, 0 ))
return 0;
enduserdb();
msg = NULL;
if ((i = authenticate( curuser, curpass, &reenter, &msg ))) {
debug( "authenticate() failed: %s\n", msg );
if (msg)
free( msg );
loginfailed( curuser, hostname, tty );
if (i == ENOENT || i == ESAD)
V_RET_AUTH;
else
V_RET_FAIL( 0 );
}
if (reenter) {
logError( "authenticate() requests more data: %s\n", msg );
free( msg );
V_RET_FAIL( 0 );
}
} else if (!strcmp( curtype, "generic" )) {
if (!gconv( GCONV_USER, 0 ))
return 0;
for (curret = 0;;) {
msg = NULL;
if ((i = authenticate( curuser, curret, &reenter, &msg ))) {
debug( "authenticate() failed: %s\n", msg );
if (msg)
free( msg );
loginfailed( curuser, hostname, tty );
if (i == ENOENT || i == ESAD)
V_RET_AUTH;
else
V_RET_FAIL( 0 );
}
if (curret)
free( curret );
if (!reenter)
break;
if (!(curret = gconv( GCONV_HIDDEN, msg )))
return 0;
free( msg );
}
} else {
logError( "Unsupported authentication type %\"s requested\n", curtype );
V_RET_FAIL( 0 );
}
if (msg) {
displayStr( V_MSG_INFO, msg );
free( msg );
}
done:
#else
if (strcmp( curtype, "classic" )) {
logError( "Unsupported authentication type %\"s requested\n", curtype );
V_RET_FAIL( 0 );
}
if (!gconv( GCONV_USER, 0 ))
return 0;
if (!(p = getpwnam( curuser ))) {
debug( "getpwnam() failed.\n" );
gconv( GCONV_PASS, 0 );
V_RET_AUTH;
}
if (p->pw_passwd[0] == '!' || p->pw_passwd[0] == '*') {
debug( "account is locked\n" );
gconv( GCONV_PASS, 0 );
V_RET_AUTH;
}
# ifdef USESHADOW
if ((sp = getspnam( curuser ))) {
p->pw_passwd = sp->sp_pwdp;
if (p->pw_passwd[0] == '!' || p->pw_passwd[0] == '*') {
debug( "account is locked\n" );
gconv( GCONV_PASS, 0 );
V_RET_AUTH;
}
} else
debug( "getspnam() failed: %m. Are you root?\n" );
# endif
if (!*p->pw_passwd) {
if (!td->allowNullPasswd) {
debug( "denying user with empty password\n" );
gconv( GCONV_PASS, 0 );
V_RET_AUTH;
}
goto nplogin;
}
if (isNoPassAllowed( curuser, p )) {
nplogin:
gconv( GCONV_PASS_ND, 0 );
if (!*curpass) {
debug( "accepting password-less login\n" );
goto done;
}
} else
if (!gconv( GCONV_PASS, 0 ))
return 0;
# ifdef KERBEROS
if (p->pw_uid) {
int ret;
char realm[REALM_SZ];
if (krb_get_lrealm( realm, 1 )) {
logError( "Cannot get KerberosIV realm.\n" );
V_RET_FAIL( 0 );
}
sprintf( krbtkfile, "%s.%.*s", TKT_ROOT, MAXPATHLEN - strlen( TKT_ROOT ) - 2, td->name );
krb_set_tkt_string( krbtkfile );
unlink( krbtkfile );
ret = krb_verify_user( curuser, "", realm, curpass, 1, "rcmd" );
if (ret == KSUCCESS) {
chown( krbtkfile, p->pw_uid, p->pw_gid );
debug( "KerberosIV verify succeeded\n" );
goto done;
} else if (ret != KDC_PR_UNKNOWN && ret != SKDC_CANT) {
logError( "KerberosIV verification failure %\"s for %s\n",
krb_get_err_text( ret ), curuser );
krbtkfile[0] = '\0';
V_RET_FAIL( 0 );
}
debug( "KerberosIV verify failed: %s\n", krb_get_err_text( ret ) );
}
krbtkfile[0] = '\0';
# endif /* KERBEROS */
# if defined(ultrix) || defined(__ultrix__)
if (authenticate_user( p, curpass, NULL ) < 0)
# elif defined(HAVE_PW_ENCRYPT)
if (strcmp( pw_encrypt( curpass, p->pw_passwd ), p->pw_passwd ))
# elif defined(HAVE_CRYPT)
if (strcmp( crypt( curpass, p->pw_passwd ), p->pw_passwd ))
# else
if (strcmp( curpass, p->pw_passwd ))
# endif
{
debug( "password verify failed\n" );
V_RET_AUTH;
}
done:
#endif /* !defined(USE_PAM) && !defined(_AIX) */
debug( "restrict %s ...\n", curuser );
#if defined(USE_PAM) || defined(_AIX)
if (!(p = getpwnam( curuser ))) {
logError( "getpwnam(%s) failed.\n", curuser );
V_RET_FAIL( 0 );
}
#endif
if (!p->pw_uid) {
if (!rootok && !td->allowRootLogin)
V_RET_FAIL( "Root logins are not allowed" );
return 1; /* don't deny root to log in */
}
#ifdef USE_PAM
debug( " pam_acct_mgmt() ...\n" );
pretc = pam_acct_mgmt( pamh, 0 );
reInitErrorLog();
debug( " pam_acct_mgmt() returned: %s\n", pam_strerror( pamh, pretc ) );
if (pretc == PAM_NEW_AUTHTOK_REQD) {
pdata.usecur = FALSE;
pdata.gconv = conv_interact;
/* pam will have output a message already, so no prepareErrorGreet() */
if (gconv != conv_interact || pnopass) {
pam_end( pamh, PAM_SUCCESS );
pamh = 0;
gSendInt( V_CHTOK_AUTH );
/* this cannot auth the wrong user, as only classic auths get here */
while (!doPAMAuth( PAMService, &pdata ))
if (pdata.abort)
return 0;
gSendInt( V_PRE_OK );
} else
gSendInt( V_CHTOK );
for (;;) {
debug( " pam_chauthtok() ...\n" );
pretc = pam_chauthtok( pamh, PAM_CHANGE_EXPIRED_AUTHTOK );
reInitErrorLog();
debug( " pam_chauthtok() returned: %s\n", pam_strerror( pamh, pretc ) );
if (pdata.abort) {
pam_end( pamh, PAM_SUCCESS );
pamh = 0;
return 0;
}
if (pretc == PAM_SUCCESS)
break;
/* effectively there is only PAM_AUTHTOK_ERR */
gSendInt( V_FAIL );
}
if (curpass)
free( curpass );
curpass = newpass;
newpass = 0;
} else if (pretc != PAM_SUCCESS) {
pam_end( pamh, pretc );
pamh = 0;
V_RET_AUTH;
}
#elif defined(_AIX) /* USE_PAM */
msg = NULL;
if (loginrestrictions( curuser,
((td->displayType & d_location) == dForeign) ? S_RLOGIN : S_LOGIN,
tty, &msg ) == -1)
{
debug( "loginrestrictions() - %s\n", msg ? msg : "error" );
loginfailed( curuser, hostname, tty );
prepareErrorGreet();
if (msg) {
displayStr( V_MSG_ERR, msg );
free( msg );
}
gSendInt( V_AUTH );
return 0;
}
if (msg)
free( (void *)msg );
#endif /* USE_PAM || _AIX */
#ifndef _AIX
# ifdef HAVE_SETUSERCONTEXT
# ifdef HAVE_LOGIN_GETCLASS
lc = login_getclass( p->pw_class );
# else
lc = login_getpwclass( p );
# endif
if (!lc)
V_RET_FAIL( 0 );
p->pw_shell = login_getcapstr( lc, "shell", p->pw_shell, p->pw_shell );
# endif
# ifndef USE_PAM
/* restrict_expired */
# if defined(HAVE_STRUCT_PASSWD_PW_EXPIRE) || defined(USESHADOW)
# if !defined(HAVE_STRUCT_PASSWD_PW_EXPIRE) || (!defined(HAVE_SETUSERCONTEXT) && defined(USESHADOW))
if (sp)
# endif
{
# define DEFAULT_WARN (2L * 7L) /* Two weeks */
tim = time( NULL ) / 86400L;
# ifdef HAVE_SETUSERCONTEXT
quietlog = login_getcapbool( lc, "hushlogin", 0 );
warntime = login_getcaptime( lc, "warnexpire",
DEFAULT_WARN * 86400L,
DEFAULT_WARN * 86400L ) / 86400L;
# else
quietlog = 0;
# ifdef USESHADOW
warntime = sp->sp_warn != -1 ? sp->sp_warn : DEFAULT_WARN;
# else
warntime = DEFAULT_WARN;
# endif
# endif
# ifdef HAVE_STRUCT_PASSWD_PW_EXPIRE
if (p->pw_expire) {
expir = p->pw_expire / 86400L;
# else
if (sp->sp_expire != -1) {
expir = sp->sp_expire;
# endif
if (tim > expir) {
displayStr( V_MSG_ERR,
"Your account has expired;"
" please contact your system administrator" );
gSendInt( V_FAIL );
LC_RET0;
} else if (tim > (expir - warntime) && !quietlog) {
displayMsg( V_MSG_INFO,
"Warning: your account will expire in %d day(s)",
expir - tim );
}
}
# ifdef HAVE_STRUCT_PASSWD_PW_EXPIRE
if (p->pw_change) {
expir = p->pw_change / 86400L;
# else
if (!sp->sp_lstchg) {
displayStr( V_MSG_ERR,
"You are required to change your password immediately"
" (root enforced)" );
/* XXX todo password change */
gSendInt( V_FAIL );
LC_RET0;
} else if (sp->sp_max != -1) {
expir = sp->sp_lstchg + sp->sp_max;
if (sp->sp_inact != -1 && tim > expir + sp->sp_inact) {
displayStr( V_MSG_ERR,
"Your account has expired;"
" please contact your system administrator" );
gSendInt( V_FAIL );
LC_RET0;
}
# endif
if (tim > expir) {
displayStr( V_MSG_ERR,
"You are required to change your password immediately"
" (password aged)" );
/* XXX todo password change */
gSendInt( V_FAIL );
LC_RET0;
} else if (tim > (expir - warntime) && !quietlog) {
displayMsg( V_MSG_INFO,
"Warning: your password will expire in %d day(s)",
expir - tim );
}
}
}
# endif /* HAVE_STRUCT_PASSWD_PW_EXPIRE || USESHADOW */
/* restrict_nologin */
# ifndef _PATH_NOLOGIN
# define _PATH_NOLOGIN "/etc/nologin"
# endif
if ((
# ifdef HAVE_SETUSERCONTEXT
/* Do we ignore a nologin file? */
!login_getcapbool( lc, "ignorenologin", 0 )) &&
(!stat( (nolg = login_getcapstr( lc, "nologin", "", NULL )), &st ) ||
# endif
!stat( (nolg = _PATH_NOLOGIN), &st )))
{
if (st.st_size && (fd = open( nolg, O_RDONLY )) >= 0) {
if ((buf = Malloc( st.st_size + 1 ))) {
if (read( fd, buf, st.st_size ) == st.st_size) {
close( fd );
buf[st.st_size] = 0;
displayStr( V_MSG_ERR, buf );
free( buf );
gSendInt( V_FAIL );
LC_RET0;
}
free( buf );
}
close( fd );
}
displayStr( V_MSG_ERR,
"Logins are not allowed at the moment.\nTry again later" );
gSendInt( V_FAIL );
LC_RET0;
}
/* restrict_time */
# if defined(HAVE_SETUSERCONTEXT) && defined(HAVE_AUTH_TIMEOK)
if (!auth_timeok( lc, time( NULL ) )) {
displayStr( V_MSG_ERR,
"You are not allowed to login at the moment" );
gSendInt( V_FAIL );
LC_RET0;
}
# endif
# ifdef HAVE_GETUSERSHELL
for (;;) {
if (!(s = getusershell())) {
debug( "shell not in /etc/shells\n" );
endusershell();
V_RET_FAIL( "Your login shell is not listed in /etc/shells" );
}
if (!strcmp( s, p->pw_shell )) {
endusershell();
break;
}
}
# endif
# endif /* !USE_PAM */
/* restrict_nohome */
# ifdef HAVE_SETUSERCONTEXT
if (login_getcapbool( lc, "requirehome", 0 )) {
struct stat st;
if (!*p->pw_dir || stat( p->pw_dir, &st ) || st.st_uid != p->pw_uid) {
displayStr( V_MSG_ERR, "Home folder not available" );
gSendInt( V_FAIL );
LC_RET0;
}
}
# endif
#endif /* !_AIX */
return 1;
}
static const char *envvars[] = {
"TZ", /* SYSV and SVR4, but never hurts */
#ifdef _AIX
"AUTHSTATE", /* for kerberos */
#endif
NULL
};
#if defined(USE_PAM) && defined(HAVE_INITGROUPS)
static int num_saved_gids;
static gid_t *saved_gids;
static int
saveGids( void )
{
num_saved_gids = getgroups( 0, 0 );
if (!(saved_gids = Malloc( sizeof(gid_t) * num_saved_gids )))
return 0;
if (getgroups( num_saved_gids, saved_gids ) < 0) {
logError( "saving groups failed: %m\n" );
return 0;
}
return 1;
}
static int
restoreGids( void )
{
if (setgroups( num_saved_gids, saved_gids ) < 0) {
logError( "restoring groups failed: %m\n" );
return 0;
}
if (setgid( p->pw_gid ) < 0) {
logError( "restoring gid failed: %m\n" );
return 0;
}
return 1;
}
#endif /* USE_PAM && HAVE_INITGROUPS */
static int
resetGids( void )
{
#ifdef HAVE_INITGROUPS
if (setgroups( 0, &p->pw_gid /* anything */ ) < 0) {
logError( "restoring groups failed: %m\n" );
return 0;
}
#endif
if (setgid( 0 ) < 0) {
logError( "restoring gid failed: %m\n" );
return 0;
}
return 1;
}
static int
setGid( const char *name, int gid )
{
if (setgid( gid ) < 0) {
logError( "setgid(%d) (user %s) failed: %m\n", gid, name );
return 0;
}
#ifdef HAVE_INITGROUPS
if (initgroups( name, gid ) < 0) {
logError( "initgroups for %s failed: %m\n", name );
setgid( 0 );
return 0;
}
#endif /* QNX4 doesn't support multi-groups, no initgroups() */
return 1;
}
static int
setUid( const char *name, int uid )
{
if (setuid( uid ) < 0) {
logError( "setuid(%d) (user %s) failed: %m\n", uid, name );
return 0;
}
return 1;
}
static int
setUser( const char *name, int uid, int gid )
{
if (setGid( name, gid )) {
if (setUid( name, uid ))
return 1;
resetGids();
}
return 0;
}
#if defined(SECURE_RPC) || defined(K5AUTH)
static void
nukeAuth( int len, const char *name )
{
int i;
for (i = 0; i < td->authNum; i++)
if (td->authorizations[i]->name_length == len &&
!memcmp( td->authorizations[i]->name, name, len ))
{
memcpy( &td->authorizations[i], &td->authorizations[i+1],
sizeof(td->authorizations[i]) * (--td->authNum - i) );
break;
}
}
#endif
static void
mergeSessionArgs( int cansave )
{
char *mfname;
const char *fname;
int i, needsave;
mfname = 0;
fname = ".dmrc";
if ((!curdmrc || newdmrc) && *dmrcDir)
if (strApp( &mfname, dmrcDir, "/", curuser, fname, (char *)0 ))
fname = mfname;
needsave = 0;
if (!curdmrc) {
curdmrc = iniLoad( fname );
if (!curdmrc) {
strDup( &curdmrc, "[Desktop]\nSession=default\n" );
needsave = 1;
}
}
if (newdmrc) {
curdmrc = iniMerge( curdmrc, newdmrc );
needsave = 1;
}
if (needsave && cansave)
if (!iniSave( curdmrc, fname ) && errno == ENOENT && mfname) {
for (i = 0; mfname[i]; i++)
if (mfname[i] == '/') {
mfname[i] = 0;
mkdir( mfname, 0755 );
mfname[i] = '/';
}
iniSave( curdmrc, mfname );
}
if (mfname)
free( mfname );
}
static int
createClientLog( const char *log )
{
char randstr[32], *randstrp = 0, *lname;
int lfd;
for (;;) {
struct expando macros[] = {
{ 'd', 0, td->name },
{ 'u', 0, curuser },
{ 'r', 0, randstrp },
{ 0, 0, 0 }
};
if (!(lname = expandMacros( log, macros )))
exit( 1 );
unlink( lname );
if ((lfd = open( lname, O_WRONLY|O_CREAT|O_EXCL, 0600 )) >= 0) {
dup2( lfd, 1 );
dup2( lfd, 2 );
close( lfd );
free( lname );
return TRUE;
}
if (errno != EEXIST || !macros[2].uses) {
free( lname );
return FALSE;
}
logInfo( "Session log file %s not usable, trying another one.\n",
lname );
free( lname );
sprintf( randstr, "%d", secureRandom() );
randstrp = randstr;
}
}
void
sessionExit( int status )
{
int pid;
#ifdef USE_PAM
int pretc;
#endif
if (removeAuth) {
switch (source( systemEnviron, td->reset, td_setup )) {
case 0:
case wcCompose( 0, 0, 127 ):
break;
default:
logError( "Reset script returned non-zero exit code\n" );
break;
}
sessreg( td, 0, 0, 0 );
switch (Fork( &pid )) {
case 0:
#if defined(USE_PAM) && defined(HAVE_INITGROUPS)
if (restoreGids() && setUid( curuser, curuid ))
#else
if (setUser( curuser, curuid, curgid ))
#endif
{
removeUserAuthorization( td );
#ifdef K5AUTH
krb5Destroy( td->name );
#endif /* K5AUTH */
#if !defined(USE_PAM) && !defined(_AIX)
# ifdef KERBEROS
if (krbtkfile[0]) {
(void)dest_tkt();
# ifdef AFS
if (k_hasafs())
(void)k_unlog();
# endif
}
# endif
#endif /* !USE_PAM && !_AIX*/
}
exit( 0 );
case -1:
logError( "Cannot clean up session: fork() failed: %m" );
break;
default:
Wait4( &pid );
break;
}
}
#ifdef USE_PAM
if (removeCreds) {
# ifdef HAVE_INITGROUPS
restoreGids();
# endif
if (removeSession) {
pretc = pam_close_session( pamh, 0 );
reInitErrorLog();
if (pretc != PAM_SUCCESS)
logError( "pam_close_session() failed: %s\n",
pam_strerror( pamh, pretc ) );
}
pretc = pam_setcred( pamh, PAM_DELETE_CRED );
reInitErrorLog();
if (pretc != PAM_SUCCESS)
logError( "pam_setcred(DELETE_CRED) failed: %s\n",
pam_strerror( pamh, pretc ) );
resetGids();
}
if (pamh) {
pam_end( pamh, PAM_SUCCESS );
reInitErrorLog();
}
#endif
finishGreet();
/* make sure the server gets reset after the session is over */
if (td->serverPid >= 2) {
if (!td->terminateServer && td->resetSignal)
terminateProcess( td->serverPid, td->resetSignal );
} else
resetServer( td );
debug( "display %s exiting with status %d\n", td->name, status );
exit( status );
}
int
startClient( volatile int *pid )
{
const char *home, *sessargs, *desksess;
char **env, *xma;
char **argv, *fname, *str;
#ifdef USE_PAM
char ** volatile pam_env;
# ifndef HAVE_PAM_GETENVLIST
char **saved_env;
# endif
int pretc;
#else
# ifdef _AIX
char *msg;
char **theenv;
extern char **newenv; /* from libs.a, this is set up by setpenv */
# endif
#endif
#ifdef HAVE_SETUSERCONTEXT
extern char **environ;
#endif
char *failsafeArgv[2];
char *buf, *buf2;
int i;
if (strCmp( dmrcuser, curuser )) {
if (curdmrc) { free( curdmrc ); curdmrc = 0; }
if (dmrcuser) { free( dmrcuser ); dmrcuser = 0; }
}
#if defined(USE_PAM) || defined(_AIX)
if (!(p = getpwnam( curuser ))) {
logError( "getpwnam(%s) failed.\n", curuser );
pError:
displayStr( V_MSG_ERR, 0 );
return 0;
}
#endif
#ifndef USE_PAM
# ifdef _AIX
msg = NULL;
loginsuccess( curuser, hostname, tty, &msg );
if (msg) {
debug( "loginsuccess() - %s\n", msg );
free( (void *)msg );
}
# else /* _AIX */
# if defined(KERBEROS) && defined(AFS)
if (krbtkfile[0] != '\0') {
if (k_hasafs()) {
int fail = 0;
if (k_setpag() == -1) {
logError( "setpag() for %s failed\n", curuser );
fail = 1;
}
if ((ret = k_afsklog( NULL, NULL )) != KSUCCESS) {
logError( "AFS Warning: %s\n", krb_get_err_text( ret ) );
fail = 1;
}
if (fail)
displayMsg( V_MSG_ERR,
"Warning: Problems during Kerberos4/AFS setup." );
}
}
# endif /* KERBEROS && AFS */
# endif /* _AIX */
#endif /* !PAM */
curuid = p->pw_uid;
curgid = p->pw_gid;
env = baseEnv( curuser );
xma = 0;
strApp( &xma, "method=", curtype, (char *)0 );
if (td_setup)
strApp( &xma, ",auto", (char *)0 );
if (xma) {
env = setEnv( env, "XDM_MANAGED", xma );
free( xma );
}
if (td->autoLock && cursource == PWSRC_AUTOLOGIN)
env = setEnv( env, "DESKTOP_LOCKED", "true" );
env = setEnv( env, "PATH", curuid ? td->userPath : td->systemPath );
env = setEnv( env, "SHELL", p->pw_shell );
env = setEnv( env, "HOME", p->pw_dir );
#if !defined(USE_PAM) && !defined(_AIX) && defined(KERBEROS)
if (krbtkfile[0] != '\0')
env = setEnv( env, "KRBTKFILE", krbtkfile );
#endif
userEnviron = inheritEnv( env, envvars );
env = systemEnv( curuser );
systemEnviron = setEnv( env, "HOME", p->pw_dir );
debug( "user environment:\n%[|''>'\n's"
"system environment:\n%[|''>'\n's"
"end of environments\n",
userEnviron,
systemEnviron );
/*
* for user-based authorization schemes,
* add the user to the server's allowed "hosts" list.
*/
for (i = 0; i < td->authNum; i++) {
#ifdef SECURE_RPC
if (td->authorizations[i]->name_length == 9 &&
!memcmp( td->authorizations[i]->name, "SUN-DES-1", 9 ))
{
XHostAddress addr;
char netname[MAXNETNAMELEN+1];
char domainname[MAXNETNAMELEN+1];
getdomainname( domainname, sizeof(domainname) );
user2netname( netname, curuid, domainname );
addr.family = FamilyNetname;
addr.length = strlen( netname );
addr.address = netname;
XAddHost( dpy, &addr );
}
#endif
#ifdef K5AUTH
if (td->authorizations[i]->name_length == 14 &&
!memcmp( td->authorizations[i]->name, "MIT-KERBEROS-5", 14 ))
{
/* Update server's auth file with user-specific info.
* Don't need to AddHost because X server will do that
* automatically when it reads the cache we are about
* to point it at.
*/
XauDisposeAuth( td->authorizations[i] );
td->authorizations[i] =
krb5GetAuthFor( 14, "MIT-KERBEROS-5", td->name );
saveServerAuthorizations( td, td->authorizations, td->authNum );
}
#endif
}
if (*dmrcDir)
mergeSessionArgs( TRUE );
debug( "now starting the session\n" );
#ifdef USE_PAM
# ifdef HAVE_SETUSERCONTEXT
if (setusercontext( lc, p, p->pw_uid, LOGIN_SETGROUP )) {
logError( "setusercontext(groups) for %s failed: %m\n",
curuser );
goto pError;
}
# else
if (!setGid( curuser, curgid ))
goto pError;
# endif
# ifndef HAVE_PAM_GETENVLIST
if (!(pam_env = initStrArr( 0 ))) {
resetGids();
goto pError;
}
saved_env = environ;
environ = pam_env;
# endif
removeCreds = 1; /* set it first - i don't trust PAM's rollback */
pretc = pam_setcred( pamh, 0 );
reInitErrorLog();
# ifndef HAVE_PAM_GETENVLIST
pam_env = environ;
environ = saved_env;
# endif
# ifdef HAVE_INITGROUPS
/* This seems to be a strange place for it, but do it:
- after the initial groups are set
- after pam_setcred might have set something, even in the error case
- before pam_setcred(DELETE_CRED) might need it
*/
if (!saveGids())
goto pError;
# endif
if (pretc != PAM_SUCCESS) {
logError( "pam_setcred() for %s failed: %s\n",
curuser, pam_strerror( pamh, pretc ) );
resetGids();
return 0;
}
removeSession = 1; /* set it first - same as above */
pretc = pam_open_session( pamh, 0 );
reInitErrorLog();
if (pretc != PAM_SUCCESS) {
logError( "pam_open_session() for %s failed: %s\n",
curuser, pam_strerror( pamh, pretc ) );
resetGids();
return 0;
}
/* we don't want sessreg and the startup/reset scripts run with user
credentials. unfortunately, we can reset only the gids. */
resetGids();
# define D_LOGIN_SETGROUP LOGIN_SETGROUP
#else /* USE_PAM */
# define D_LOGIN_SETGROUP 0
#endif /* USE_PAM */
removeAuth = 1;
chownCtrl( &td->ctrl, curuid );
endpwent();
#if !defined(USE_PAM) && defined(USESHADOW) && !defined(_AIX)
endspent();
#endif
ctltalk.pipe = &ctlpipe;
ASPrintf( &buf, "sub-daemon for display %s", td->name );
ASPrintf( &buf2, "client for display %s", td->name );
switch (gFork( &ctlpipe, buf, buf2, 0, 0, mstrtalk.pipe, pid )) {
case 0:
gCloseOnExec( ctltalk.pipe );
if (Setjmp( ctltalk.errjmp ))
exit( 1 );
gCloseOnExec( mstrtalk.pipe );
if (Setjmp( mstrtalk.errjmp ))
goto cError;
#ifndef NOXDMTITLE
setproctitle( "%s'", td->name );
#endif
strApp( &prog, " '", (char *)0 );
reInitErrorLog();
setsid();
sessreg( td, getpid(), curuser, curuid );
/* We do this here, as we want to have the session as parent. */
switch (source( systemEnviron, td->startup, td_setup )) {
case 0:
break;
case wcCompose( 0, 0, 127 ):
goto cError;
default: /* Explicit failure => message already displayed. */
logError( "Startup script returned non-zero exit code\n" );
exit( 1 );
}
/* Memory leaks are ok here as we exec() soon. */
#if defined(USE_PAM) || !defined(_AIX)
# ifdef USE_PAM
/* pass in environment variables set by libpam and modules it called */
# ifdef HAVE_PAM_GETENVLIST
pam_env = pam_getenvlist( pamh );
reInitErrorLog();
# endif
if (pam_env)
for (; *pam_env; pam_env++)
userEnviron = putEnv( *pam_env, userEnviron );
# endif
# ifdef HAVE_SETLOGIN
if (setlogin( curuser ) < 0) {
logError( "setlogin for %s failed: %m\n", curuser );
goto cError;
}
# define D_LOGIN_SETLOGIN LOGIN_SETLOGIN
# else
# define D_LOGIN_SETLOGIN 0
# endif
# if defined(USE_PAM) && defined(HAVE_INITGROUPS)
if (!restoreGids())
goto cError;
# endif
# ifndef HAVE_SETUSERCONTEXT
# ifdef USE_PAM
if (!setUid( curuser, curuid ))
goto cError;
# else
if (!setUser( curuser, curuid, curgid ))
goto cError;
# endif
# else /* !HAVE_SETUSERCONTEXT */
/*
* Destroy environment.
* We need to do this before setusercontext() because that may
* set or reset some environment variables.
*/
if (!(environ = initStrArr( 0 )))
goto cError;
/*
* Set the user's credentials: uid, gid, groups,
* environment variables, resource limits, and umask.
*/
if (setusercontext( lc, p, p->pw_uid,
LOGIN_SETALL & ~(D_LOGIN_SETGROUP|D_LOGIN_SETLOGIN) ) < 0)
{
logError( "setusercontext for %s failed: %m\n", curuser );
goto cError;
}
for (i = 0; environ[i]; i++)
userEnviron = putEnv( environ[i], userEnviron );
# endif /* !HAVE_SETUSERCONTEXT */
#else /* PAM || !_AIX */
/*
* Set the user's credentials: uid, gid, groups,
* audit classes, user limits, and umask.
*/
if (setpcred( curuser, NULL ) == -1) {
logError( "setpcred for %s failed: %m\n", curuser );
goto cError;
}
/*
* Set the users process environment. Store protected variables and
* obtain updated user environment list. This call will initialize
* global 'newenv'.
*/
if (setpenv( curuser, PENV_INIT | PENV_ARGV | PENV_NOEXEC,
userEnviron, NULL ) != 0)
{
logError( "Cannot set %s's process environment\n", curuser );
goto cError;
}
userEnviron = newenv;
#endif /* _AIX */
/*
* for user-based authorization schemes,
* use the password to get the user's credentials.
*/
#ifdef SECURE_RPC
/* do like "keylogin" program */
if (!curpass[0])
logInfo( "No password for NIS provided.\n" );
else {
char netname[MAXNETNAMELEN+1], secretkey[HEXKEYBYTES+1];
int nameret, keyret;
int len;
int key_set_ok = 0;
struct key_netstarg netst;
nameret = getnetname( netname );
debug( "user netname: %s\n", netname );
len = strlen( curpass );
if (len > 8)
bzero( curpass + 8, len - 8 );
keyret = getsecretkey( netname, secretkey, curpass );
debug( "getsecretkey returns %d, key length %d\n",
keyret, strlen( secretkey ) );
netst.st_netname = netname;
memcpy( netst.st_priv_key, secretkey, HEXKEYBYTES );
memset( netst.st_pub_key, 0, HEXKEYBYTES );
if (key_setnet( &netst ) < 0)
debug( "Could not set secret key.\n" );
/* is there a key, and do we have the right password? */
if (keyret == 1) {
if (*secretkey) {
keyret = key_setsecret( secretkey );
debug( "key_setsecret returns %d\n", keyret );
if (keyret == -1)
logError( "Failed to set NIS secret key\n" );
else
key_set_ok = 1;
} else {
/* found a key, but couldn't interpret it */
logError( "Password incorrect for NIS principal %s\n",
nameret ? netname : curuser );
}
}
if (!key_set_ok)
nukeAuth( 9, "SUN-DES-1" );
bzero( secretkey, strlen( secretkey ) );
}
#endif
#ifdef K5AUTH
/* do like "kinit" program */
if (!curpass[0])
logInfo( "No password for Kerberos5 provided.\n" );
else
if ((str = krb5Init( curuser, curpass, td->name )))
userEnviron = setEnv( userEnviron, "KRB5CCNAME", str );
else
nukeAuth( 14, "MIT-KERBEROS-5" );
#endif /* K5AUTH */
if (td->autoReLogin) {
gSet( &mstrtalk );
gSendInt( D_ReLogin );
gSendStr( curuser );
gSendStr( curpass );
gSendStr( newdmrc );
}
if (curpass)
bzero( curpass, strlen( curpass ) );
setUserAuthorization( td );
home = getEnv( userEnviron, "HOME" );
if (home && chdir( home ) < 0) {
logError( "Cannot chdir to %s's home %s: %m\n", curuser, home );
sendStr( V_MSG_ERR, "Cannot enter home directory. Using /.\n" );
chdir( "/" );
userEnviron = setEnv( userEnviron, "HOME", "/" );
home = 0;
}
if (home || td->clientLogFile[0] == '/') {
if (!createClientLog( td->clientLogFile )) {
logWarn( "Session log file according to %s cannot be created: %m\n",
td->clientLogFile );
goto tmperr;
}
} else {
tmperr:
if (!createClientLog( td->clientLogFallback ))
logError( "Fallback session log file according to %s cannot be created: %m\n",
td->clientLogFallback );
/* Could inform the user, but I guess this is only confusing. */
}
if (!*dmrcDir)
mergeSessionArgs( home != 0 );
if (!(desksess = iniEntry( curdmrc, "Desktop", "Session", 0 )))
desksess = "failsafe"; /* only due to OOM */
gSet( &mstrtalk );
gSendInt( D_User );
gSendInt( curuid );
gSendStr( curuser );
gSendStr( desksess );
close( mstrtalk.pipe->fd.w );
userEnviron = setEnv( userEnviron, "DESKTOP_SESSION", desksess );
for (i = 0; td->sessionsDirs[i]; i++) {
fname = 0;
if (strApp( &fname, td->sessionsDirs[i], "/", desksess, ".desktop", (char *)0 )) {
if ((str = iniLoad( fname ))) {
if (!strCmp( iniEntry( str, "Desktop Entry", "Hidden", 0 ), "true" ) ||
!(sessargs = iniEntry( str, "Desktop Entry", "Exec", 0 )))
sessargs = "";
free( str );
free( fname );
goto gotit;
}
free( fname );
}
}
if (!strcmp( desksess, "failsafe" ) ||
!strcmp( desksess, "default" ) ||
!strcmp( desksess, "custom" ))
sessargs = desksess;
else
sessargs = "";
gotit:
if (!(argv = parseArgs( (char **)0, td->session )) ||
!(argv = addStrArr( argv, sessargs, -1 )))
exit( 1 );
if (argv[0] && *argv[0]) {
debug( "executing session %\"[s\n", argv );
execute( argv, userEnviron );
logError( "Session %\"s execution failed: %m\n", argv[0] );
} else
logError( "Session has no command/arguments\n" );
failsafeArgv[0] = td->failsafeClient;
failsafeArgv[1] = 0;
execute( failsafeArgv, userEnviron );
logError( "Failsafe client %\"s execution failed: %m\n",
failsafeArgv[0] );
cError:
sendStr( V_MSG_ERR, 0 );
exit( 1 );
case -1:
free( buf );
return 0;
}
debug( "StartSession, fork succeeded %d\n", *pid );
free( buf );
gSet( &ctltalk );
if (!Setjmp( ctltalk.errjmp ))
while (gRecvCmd( &i )) {
buf = gRecvStr();
displayStr( i, buf );
free( buf );
gSet( &ctltalk );
gSendInt( 0 );
}
gClosen( ctltalk.pipe );
finishGreet();
return 1;
}
main(void)
{
//===Hier sollten Variablen deklariert werden ============================
//unsigned char i = 0;
//char text[60];
//int x,y;
//===Hier die notwendigen Initialisierungsschritte =======================
//=(1)== Port-Initialisierung ============================================
init_Port(); // Initialisierung der Port Register
//(2)=== Clock-System-Initialisierung ====================================
//== XT2() oder Dco() als Taktquelle einstellen
//== durch Ein- oder Auskommentieren
//== DCO ist bei LPM Einsatz bevorzugt muß zyklisch kalibriert werden
//== XT2 ist quarzstabil muß nicht zyklisch kalibriert werden
//
//XT2 (); // XT2 Taktquelle aktivieren mit 7.3728MHz
DCO (); // Dco Taktquelle aktivieren mit 7.3728MHz
// beachte DELTA
//=(3)== Timer-Initialisierung= ==========================================
init_Timer_A(); // Init Timer für Sekundeninterrupt
// !! noch leere Funktion
//=(4)== USART-Initialisierung ===========================================
init_UART1(); // UART-RS232 mit 115.2kBit/s initialisieren
// !! noch leere Funktion
//=(5)== CC1100-Transceiver-Initialisierung ==============================
init_UART0_SPI(); // CC1100 SPI UART initalisieren
init_CC1100_POWERDOWN(); // CC1100 init und in RX Mode setzen
// !!!Interrupte sind ab jetzt freigegeben!!
//== Adresse und Funkkanal des Transceivers setzen
//== für die Arbeitsplaetze HWPx (x=1...10) sollten
//== ID=x und channnel=x gesetzt werden
ID = 1; // Adresse
setUid(ID); // Adresse im Transceiver setzen
channel = 1; // Funkkanal
switchFreq(channel); // Funkkanal im Transceiver setzen
//== Soll der Transceiver genutzt werden müssen folgende zwei Zeilen
//== auskommentiert werden:
init_CC1100_IDLE(); // CC1100 in den IDLE Mode setzen
init_CC1100_POWERDOWN();// CC1100 in den PowerDown Mode setzen
//=(6)== LCD-Display-Initialisierung =====================================
dogm_reset(); // Hardware Reset des LCD Controllers
dogm_init(); // Initialisierung der LCD Controller Register
lcd_clear(WHITE); // Grafikspeicher auf dem MSP430 löschen
//lcd_string(BLACK, 15, 25, "MSP430-GESTARTET!"); // Textausgabe
lcd_paint(); // Grafikspeicher auf das LCD Display ausgeben
#define LED_ROT (0x01) // 0 0 1 P4.0
#define LED_GELB (0x02) // 0 1 0 P4.1
#define LED_GRUEN (0x04) // 1 0 0 P4.2
#define LED_ALL (LED_ROT | LED_GELB | LED_GRUEN)
#define LED_ON(led) (BIT_CLR(P4OUT, led))
#define LED_OFF(led) (BIT_SET(P4OUT, led))
#define LED_TOGGLE(led) (BIT_TOGGLE(P4OUT, led))
#define IS_LED_ON(led) (!(P4OUT & led))
#define TASTE_LINKS (0x1)
#define TASTE_RECHTS (0x2)
#define SLEEP_QUANTUM 10000
#define SLEEP(n) do { /* sleep for n seconds */ \
long time = n * 100000; /* wait() sleeps 10*n microseconds */ \
while(time > SLEEP_QUANTUM) { \
wait(SLEEP_QUANTUM); \
time -= SLEEP_QUANTUM; \
} \
wait(time); \
} while(0)
BIT_CLR(P1DIR, TASTE_LINKS);
BIT_CLR(P1IES, TASTE_LINKS); // LH
BIT_SET(P1IE, TASTE_LINKS);
BIT_CLR(P1IFG, TASTE_LINKS);
BIT_SET(P1DIR, BIT2);
_bis_SR_register(GIE);
memset(uart_buffer, 0, sizeof(uart_buffer));
//===Hier die Endlosschleife quasi das Betriebssystem=====================
while(1){
//BIT_SET(P1OUT, BIT2);
//BIT_SET(P1OUT, BIT2);
//SHT11_Read_Sensor();
//sprintf(uart_buffer, "%s %s\r\n", temp_char, humi_char);
//print_buf(uart_buffer);
//lcd_clear(WHITE); // Grafikspeicher auf dem MSP430 löschen
//lcd_string(BLACK, 15, 25, uart_buffer); // Textausgabe
//lcd_paint(); // Grafikspeicher auf das LCD Display ausgeben
//wait(30000);
} // Ende der Endlosschleife
} // Ende Main
void Wiegand37WithFacilityFormat::unSerialize(boost::property_tree::ptree& node)
{
setFacilityCode(node.get_child("FacilityCode").get_value<unsigned short>());
setUid(node.get_child("Uid").get_value<unsigned long long>());
}
int main(int, char **)
{
introduction();
ReaderProviderPtr provider;
ReaderUnitPtr readerUnit;
ChipPtr chip;
std::tie(provider, readerUnit, chip) = pcsc_test_init();
PRINT_TIME("CHip identifier: " <<
logicalaccess::BufferHelper::getHex(chip->getChipIdentifier()));
LLA_ASSERT(chip->getCardType() == "DESFireEV1",
"Chip is not an DESFireEV1, but is " + chip->getCardType() +
" instead.");
auto location_root_node = chip->getRootLocationNode();
auto cmd = std::dynamic_pointer_cast<logicalaccess::DESFireISO7816Commands>(
chip->getCommands());
auto cmdev1 = std::dynamic_pointer_cast<logicalaccess::DESFireEV1ISO7816Commands>(
chip->getCommands());
LLA_ASSERT(cmd && cmdev1, "Cannot get correct command object from chip.");
cmd->selectApplication(0x00);
cmd->authenticate(0);
cmd->erase();
cmdev1->createApplication(0x521, logicalaccess::DESFireKeySettings::KS_DEFAULT, 3,
logicalaccess::DESFireKeyType::DF_KEY_AES,
logicalaccess::FIDS_NO_ISO_FID, 0, std::vector<unsigned char>());
cmd->selectApplication(0x521);
std::shared_ptr<logicalaccess::DESFireKey> key(new logicalaccess::DESFireKey());
key->setKeyType(logicalaccess::DESFireKeyType::DF_KEY_AES);
cmd->authenticate(0, key);
LLA_SUBTEST_PASSED("Authenticate");
logicalaccess::DESFireAccessRights ar;
ar.readAccess = logicalaccess::TaskAccessRights::AR_KEY2;
ar.writeAccess = logicalaccess::TaskAccessRights::AR_KEY1;
ar.readAndWriteAccess = logicalaccess::TaskAccessRights::AR_KEY1;
ar.changeAccess = logicalaccess::TaskAccessRights::AR_KEY1;
cmdev1->createStdDataFile(0x00, logicalaccess::EncryptionMode::CM_ENCRYPT, ar, 4, 0);
cmd->authenticate(1, key);
std::vector<unsigned char> data = {0x01, 0x02, 0x03, 0x04}, tmp;
cmdev1->writeData(0, 0, data, logicalaccess::EncryptionMode::CM_ENCRYPT);
cmd->authenticate(2, key);
tmp = cmdev1->readData(0, 0, 4, logicalaccess::EncryptionMode::CM_ENCRYPT);
LLA_ASSERT(std::equal(data.begin(), data.end(), tmp.begin()),
"read and write data are different!");
LLA_SUBTEST_PASSED("WriteRead");
cmd->authenticate(0x00, key);
cmd->deleteFile(0x00);
cmd->authenticate(0x00, key);
std::shared_ptr<logicalaccess::DESFireKey> newkey(
new logicalaccess::DESFireKey("00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03"));
cmd->changeKey(0x00, newkey);
LLA_SUBTEST_PASSED("ChangeKey");
cmd->selectApplication(0x00);
cmd->authenticate(0);
cmd->deleteApplication(0x521);
auto service = std::dynamic_pointer_cast<logicalaccess::AccessControlCardService>(
chip->getService(logicalaccess::CardServiceType::CST_ACCESS_CONTROL));
LLA_ASSERT(service, "Cannot retrieve access control service from chip.");
auto location = std::make_shared<logicalaccess::DESFireLocation>();
location->aid = 0x522;
location->file = 0;
auto ai = std::make_shared<logicalaccess::DESFireAccessInfo>();
auto format = std::make_shared<logicalaccess::Wiegand26Format>();
format->setUid(1000);
format->setFacilityCode(67);
service->writeFormat(format, location, ai, ai);
auto formattmp = std::make_shared<logicalaccess::Wiegand26Format>();
auto rformat = std::dynamic_pointer_cast<logicalaccess::Wiegand26Format>(
service->readFormat(formattmp, location, ai));
if (!rformat || rformat->getUid() != 1000 || rformat->getFacilityCode() != 67)
THROW_EXCEPTION_WITH_LOG(std::runtime_error, "Bad format");
LLA_SUBTEST_PASSED("ReadFormat");
pcsc_test_shutdown(readerUnit);
return EXIT_SUCCESS;
}
