int match_command_match(struct mail_ctx *mctx, struct expritem *ei) { struct match_command_data *data = ei->data; struct account *a = mctx->account; struct mail *m = mctx->mail; struct io *io = mctx->io; struct msg msg; struct msgbuf msgbuf; struct userdata *ud; char *user; set_wrapped(m, '\n'); /* * We are called as the child so to change uid this needs to be done * largely in the parent. */ memset(&msg, 0, sizeof msg); msg.type = MSG_COMMAND; msg.id = m->idx; msg.data.account = a; msg.data.cmddata = data; user = conf.cmd_user; if (data->user.str != NULL) user = replacestr(&data->user, m->tags, m, &m->rml); if ((ud = user_lookup(user, conf.user_order)) == NULL) { log_warnx("%s: bad user: %s", a->name, user); return (MATCH_ERROR); } if (data->user.str != NULL) xfree(user); msg.data.uid = ud->uid; msg.data.gid = ud->gid; update_tags(&m->tags, ud); user_free(ud); msgbuf.buf = m->tags; msgbuf.len = STRB_SIZE(m->tags); mail_send(m, &msg); if (privsep_send(io, &msg, &msgbuf) != 0) fatalx("privsep_send error"); reset_tags(&m->tags); mctx->msgid = msg.id; return (MATCH_PARENT); }
int cmd_nick(Channel *channel, User *speaker, const char *text) { int i; Channel *ch; char buf[256]; if(!user_name_is_valid(text)) return 0; if(user_lookup(text) != NULL) /* Refuse if nick is in use. */ return 0; /* Before doing the change, go through all channels and notify. */ snprintf(buf, sizeof buf, "%s is now known as %s\n", user_get_name(speaker), text); for(i = 0; (ch = channel_index(i)) != NULL; i++) { if(channel_user_is_member(ch, speaker)) channel_hear(ch, NULL, buf); } user_set_name(speaker, text); return 1; }
PAM_EXTERN int pam_sm_authenticate(pam_handle_t *pamh, int flags UNUSED, int argc, const char **argv) { const char *username; const void *password; const char *database = NULL; const char *cryptmode = NULL; int retval = PAM_AUTH_ERR, ctrl; /* parse arguments */ ctrl = _pam_parse(pamh, argc, argv, &database, &cryptmode); if (database == NULL) { pam_syslog(pamh, LOG_ERR, "can not get the database name"); return PAM_SERVICE_ERR; } /* Get the username */ retval = pam_get_user(pamh, &username, NULL); if ((retval != PAM_SUCCESS) || (!username)) { pam_syslog(pamh, LOG_ERR, "can not get the username"); return PAM_SERVICE_ERR; } if ((ctrl & PAM_USE_FPASS_ARG) == 0 && (ctrl & PAM_TRY_FPASS_ARG) == 0) { /* Converse to obtain a password */ retval = obtain_authtok(pamh); if (retval != PAM_SUCCESS) { pam_syslog(pamh, LOG_ERR, "can not obtain password from user"); return retval; } } /* Check if we got a password */ retval = pam_get_item(pamh, PAM_AUTHTOK, &password); if (retval != PAM_SUCCESS || password == NULL) { if ((ctrl & PAM_TRY_FPASS_ARG) != 0) { /* Converse to obtain a password */ retval = obtain_authtok(pamh); if (retval != PAM_SUCCESS) { pam_syslog(pamh, LOG_ERR, "can not obtain password from user"); return retval; } retval = pam_get_item(pamh, PAM_AUTHTOK, &password); } if (retval != PAM_SUCCESS || password == NULL) { pam_syslog(pamh, LOG_ERR, "can not recover user password"); return PAM_AUTHTOK_RECOVERY_ERR; } } if (ctrl & PAM_DEBUG_ARG) pam_syslog(pamh, LOG_INFO, "Verify user `%s' with a password", username); /* Now use the username to look up password in the database file */ retval = user_lookup(pamh, database, cryptmode, username, password, ctrl); switch (retval) { case -2: /* some sort of system error. The log was already printed */ return PAM_SERVICE_ERR; case -1: /* incorrect password */ pam_syslog(pamh, LOG_WARNING, "user `%s' denied access (incorrect password)", username); return PAM_AUTH_ERR; case 1: /* the user does not exist in the database */ if (ctrl & PAM_DEBUG_ARG) pam_syslog(pamh, LOG_NOTICE, "user `%s' not found in the database", username); return PAM_USER_UNKNOWN; case 0: /* Otherwise, the authentication looked good */ pam_syslog(pamh, LOG_NOTICE, "user '%s' granted access", username); return PAM_SUCCESS; default: /* we don't know anything about this return value */ pam_syslog(pamh, LOG_ERR, "internal module error (retval = %d, user = `%s'", retval, username); return PAM_SERVICE_ERR; } /* should not be reached */ return PAM_IGNORE; }
int eap_mschap(struct iked *env, struct iked_sa *sa, struct eap_message *eap) { struct iked_user *usr; struct eap_message *resp; struct eap_mschap_response *msr; struct eap_mschap_peer *msp; struct eap_mschap *ms; struct eap_mschap_success *mss; u_int8_t *ptr, *pass; size_t len, passlen; char *name, *msg; u_int8_t ntresponse[EAP_MSCHAP_NTRESPONSE_SZ]; u_int8_t successmsg[EAP_MSCHAP_SUCCESS_SZ]; struct ibuf *eapmsg = NULL; int ret = -1; if (!sa_stateok(sa, IKEV2_STATE_EAP)) { log_debug("%s: unexpected EAP", __func__); return (0); /* ignore */ } if (sa->sa_hdr.sh_initiator) { log_debug("%s: initiator EAP not supported", __func__); return (-1); } /* Only MSCHAP-V2 */ if (eap->eap_type != EAP_TYPE_MSCHAP_V2) { log_debug("%s: unsupported type EAP-%s", __func__, print_map(eap->eap_type, eap_type_map)); return (-1); } if (betoh16(eap->eap_length) < (sizeof(*eap) + sizeof(*ms))) { log_debug("%s: short message", __func__); return (-1); } ms = (struct eap_mschap *)(eap + 1); ptr = (u_int8_t *)(eap + 1); switch (ms->ms_opcode) { case EAP_MSOPCODE_RESPONSE: msr = (struct eap_mschap_response *)ms; if (betoh16(eap->eap_length) < (sizeof(*eap) + sizeof(*msr))) { log_debug("%s: short response", __func__); return (-1); } ptr += sizeof(*msr); len = betoh16(eap->eap_length) - sizeof(*eap) - sizeof(*msr); if (len == 0 && sa->sa_eapid != NULL) name = strdup(sa->sa_eapid); else name = get_string(ptr, len); if (name == NULL) { log_debug("%s: invalid response name", __func__); return (-1); } if ((usr = user_lookup(env, name)) == NULL) { log_debug("%s: unknown user '%s'", __func__, name); free(name); return (-1); } free(name); if ((pass = string2unicode(usr->usr_pass, &passlen)) == NULL) return (-1); msp = &msr->msr_response.resp_peer; mschap_nt_response(ibuf_data(sa->sa_eap.id_buf), msp->msp_challenge, usr->usr_name, strlen(usr->usr_name), pass, passlen, ntresponse); if (memcmp(ntresponse, msp->msp_ntresponse, sizeof(ntresponse)) != 0) { log_debug("%s: '%s' authentication failed", __func__, usr->usr_name); free(pass); /* XXX should we send an EAP failure packet? */ return (-1); } bzero(&successmsg, sizeof(successmsg)); mschap_auth_response(pass, passlen, ntresponse, ibuf_data(sa->sa_eap.id_buf), msp->msp_challenge, usr->usr_name, strlen(usr->usr_name), successmsg); if ((sa->sa_eapmsk = ibuf_new(NULL, MSCHAP_MSK_SZ)) == NULL) { log_debug("%s: failed to get MSK", __func__); free(pass); return (-1); } mschap_msk(pass, passlen, ntresponse, ibuf_data(sa->sa_eapmsk)); free(pass); log_info("%s: '%s' authenticated", __func__, usr->usr_name); if ((eapmsg = ibuf_static()) == NULL) return (-1); msg = " M=Welcome"; if ((resp = ibuf_advance(eapmsg, sizeof(*resp))) == NULL) goto done; resp->eap_code = EAP_CODE_REQUEST; resp->eap_id = eap->eap_id + 1; resp->eap_length = htobe16(sizeof(*resp) + sizeof(*mss) + sizeof(successmsg) + strlen(msg)); resp->eap_type = EAP_TYPE_MSCHAP_V2; if ((mss = ibuf_advance(eapmsg, sizeof(*mss))) == NULL) goto done; mss->mss_opcode = EAP_MSOPCODE_SUCCESS; mss->mss_id = msr->msr_id; mss->mss_length = htobe16(sizeof(*mss) + sizeof(successmsg) + strlen(msg)); if (ibuf_add(eapmsg, successmsg, sizeof(successmsg)) != 0) goto done; if (ibuf_add(eapmsg, msg, strlen(msg)) != 0) goto done; break; case EAP_MSOPCODE_SUCCESS: if ((eapmsg = ibuf_static()) == NULL) return (-1); if ((resp = ibuf_advance(eapmsg, sizeof(*resp))) == NULL) goto done; resp->eap_code = EAP_CODE_RESPONSE; resp->eap_id = eap->eap_id; resp->eap_length = htobe16(sizeof(*resp) + sizeof(*ms)); resp->eap_type = EAP_TYPE_MSCHAP_V2; if ((ms = ibuf_advance(eapmsg, sizeof(*ms))) == NULL) goto done; ms->ms_opcode = EAP_MSOPCODE_SUCCESS; break; case EAP_MSOPCODE_FAILURE: case EAP_MSOPCODE_CHANGE_PASSWORD: case EAP_MSOPCODE_CHALLENGE: default: log_debug("%s: EAP-%s unsupported " "responder operation %s", __func__, print_map(eap->eap_type, eap_type_map), print_map(ms->ms_opcode, eap_msopcode_map)); return (-1); } if (eapmsg != NULL) ret = ikev2_send_ike_e(env, sa, eapmsg, IKEV2_PAYLOAD_EAP, IKEV2_EXCHANGE_IKE_AUTH, 1); if (ret == 0) sa_state(env, sa, IKEV2_STATE_AUTH_SUCCESS); done: ibuf_release(eapmsg); return (ret); }
PAM_EXTERN int pam_sm_authenticate(pam_handle_t *pamh, int flags, int argc, const char **argv) { const char *username; const char *password; int retval = PAM_AUTH_ERR; /* parse arguments */ ctrl = _pam_parse(argc, argv); /* Get the username */ retval = pam_get_user(pamh, &username, NULL); if ((retval != PAM_SUCCESS) || (!username)) { if (ctrl & PAM_DEBUG_ARG) _pam_log(LOG_DEBUG,"can not get the username"); return PAM_SERVICE_ERR; } /* Converse just to be sure we have the password */ retval = conversation(pamh); if (retval != PAM_SUCCESS) { _pam_log(LOG_ERR, "could not obtain password for `%s'", username); return -2; } /* Get the password */ retval = pam_get_item(pamh, PAM_AUTHTOK, (const void **)&password); if (retval != PAM_SUCCESS) { _pam_log(LOG_ERR, "Could not retrive user's password"); return -2; } if (ctrl & PAM_DEBUG_ARG) _pam_log(LOG_INFO, "Verify user `%s' with password `%s'", username, password); /* Now use the username to look up password in the database file */ retval = user_lookup(username, password); switch (retval) { case -2: /* some sort of system error. The log was already printed */ return PAM_SERVICE_ERR; case -1: /* incorrect password */ _pam_log(LOG_WARNING, "user `%s' denied access (incorrect password)", username); return PAM_AUTH_ERR; case 1: /* the user does not exist in the database */ if (ctrl & PAM_DEBUG_ARG) _pam_log(LOG_NOTICE, "user `%s' not found in the database", username); return PAM_USER_UNKNOWN; case 0: /* Otherwise, the authentication looked good */ _pam_log(LOG_NOTICE, "user '%s' granted acces", username); return PAM_SUCCESS; default: /* we don't know anything about this return value */ _pam_log(LOG_ERR, "internal module error (retval = %d, user = `%s'", retval, username); return PAM_SERVICE_ERR; } /* should not be reached */ return PAM_IGNORE; }
/* *Main thread for each client. Receives all messages *and passes the data off to the correct function. Receives *a pointer to the file descriptor for the socket the thread *should listen on */ void *client_receive(void *ptr) { int client = *(int *) ptr; int received; int logged_in = 0; packet in_pkt, *client_message_ptr = &in_pkt; while (1) { received = recv(client, &in_pkt, sizeof(packet), 0); if (received) { debugPacket(client_message_ptr); // Responses to not logged in clients if (!logged_in) { if(in_pkt.options == REGISTER) { logged_in = register_user(&in_pkt, client); } else if(in_pkt.options == LOGIN) { logged_in = login(&in_pkt, client); } else if(in_pkt.options == EXIT) { close(client); return NULL; } else { sendError("Not logged in.", client); } } // Responses to logged in clients else if (logged_in) { // Handle option messages for logged in client if (in_pkt.options < 1000) { if(in_pkt.options == REGISTER) { sendError("You may not register while logged in.", client); } else if(in_pkt.options == SETPASS) { set_pass(&in_pkt, client); } else if(in_pkt.options == SETNAME) { set_name(&in_pkt, client); } else if(in_pkt.options == LOGIN) { sendError("Already logged in.", client); } else if(in_pkt.options == EXIT) { exit_client(&in_pkt, client); return NULL; } else if(in_pkt.options == INVITE) { invite(&in_pkt, client); } else if(in_pkt.options == JOIN) { join(&in_pkt, client); } else if(in_pkt.options == LEAVE) { leave(&in_pkt, client); } else if(in_pkt.options == GETALLUSERS) { get_active_users(client); } else if(in_pkt.options == GETUSERS) { get_room_users(&in_pkt, client); } else if(in_pkt.options == GETUSER) { user_lookup(&in_pkt, client); } else if(in_pkt.options == GETROOMS) { get_room_list(client); } else if(in_pkt.options == GETMOTD) { sendMOTD(client); } else if(in_pkt.options == 0) { printf("%s --- Error:%s Abrupt disconnect on logged in client.\n", RED, NORMAL); exit_client(&in_pkt, client); return NULL; } else { printf("%s --- Error:%s Unknown message received from client.\n", RED, NORMAL); } } // Handle conversation message for logged in client else { // Will be treated as a message packet, safe to santize entire buffer sanitizeInput((void *)&in_pkt.buf, 0); send_message(&in_pkt, client); } } memset(&in_pkt, 0, sizeof(packet)); } } return NULL; }