int file_passwd(char *uname, char *locn) { char *ne, *oc, *nc; int fd; FILE *fp; uid_t uid; char *fname; struct passwd *pw; struct passwd newpw; fname = _PASSWD_FILE; if (locn != NULL) fname = locn; fd = open(fname, O_RDONLY | O_EXLOCK); if (fd == -1) { err(EXIT_FAILURE, "%s", fname); } fp = fdopen(fd, "r"); if (fp == NULL) { err(EXIT_FAILURE, "%s", fname); } pw = find_user(fp, uname); if (pw == NULL) { errx(EXIT_FAILURE, "user %s not found in %s", uname, fname); } uid = getuid(); if (uid != 0 && uid != pw->pw_uid) { errno = EACCES; err(EXIT_FAILURE, "%s", uname); } // Get the password getpasswd(uname, (uid == 0), 5, 0, 0, pw->pw_passwd, &ne, &oc, &nc); newpw.pw_name = strdup(pw->pw_name); newpw.pw_passwd = strdup(ne); newpw.pw_uid = pw->pw_uid; newpw.pw_gid = pw->pw_gid; newpw.pw_class = strdup(pw->pw_class); newpw.pw_change = pw->pw_change; newpw.pw_expire = pw->pw_expire; newpw.pw_gecos = strdup(pw->pw_gecos); newpw.pw_dir = strdup(pw->pw_dir); newpw.pw_shell = strdup(pw->pw_shell); // Rewrite the file rewind(fp); rewrite_file(fname, fp, &newpw); fclose(fp); return 0; }
int main() { int n; char passwd[20]; init(); n = getpasswd( passwd, sizeof(passwd) ); printf( "\nYour passwd is: %s\n", passwd ); printf( "Please Enter any key continue ...\n" ); refresh(); getchar(); endwin(); return 0; }
/* Prompt for and receive a user password. */ static int get_keys(fko_ctx_t ctx, fko_cli_options_t *options, char *key, int *key_len, char *hmac_key, int *hmac_key_len) { #if !AFL_FUZZING char *key_tmp = NULL, *hmac_key_tmp = NULL; #endif int use_hmac = 0, res = 0; memset(key, 0x0, MAX_KEY_LEN+1); memset(hmac_key, 0x0, MAX_KEY_LEN+1); if(options->have_key) { strlcpy(key, options->key, MAX_KEY_LEN+1); *key_len = strlen(key); } else if(options->have_base64_key) { *key_len = fko_base64_decode(options->key_base64, (unsigned char *) options->key); if(*key_len > 0 && *key_len < MAX_KEY_LEN) { memcpy(key, options->key, *key_len); } else { log_msg(LOG_VERBOSITY_ERROR, "[*] Invalid key length: '%d', must be in [1,%d]", *key_len, MAX_KEY_LEN); return 0; } } else { /* If --get-key file was specified grab the key/password from it. */ if(options->get_key_file[0] != 0x0) { if(get_key_file(key, key_len, options->get_key_file, ctx, options) != 1) { return 0; } } else if(options->use_gpg) { if(options->use_gpg_agent) log_msg(LOG_VERBOSITY_NORMAL, "[+] GPG mode set, signing passphrase acquired via gpg-agent"); else if(options->gpg_no_signing_pw) log_msg(LOG_VERBOSITY_NORMAL, "[+] GPG mode set, signing passphrase not required"); else if(strlen(options->gpg_signer_key)) { #if AFL_FUZZING strlcpy(key, AFL_ENC_KEY, MAX_KEY_LEN+1); #else key_tmp = getpasswd("Enter passphrase for signing: ", options->input_fd); if(key_tmp == NULL) { log_msg(LOG_VERBOSITY_ERROR, "[*] getpasswd() key error."); return 0; } strlcpy(key, key_tmp, MAX_KEY_LEN+1); #endif *key_len = strlen(key); } } else { #if AFL_FUZZING strlcpy(key, AFL_ENC_KEY, MAX_KEY_LEN+1); #else key_tmp = getpasswd("Enter encryption key: ", options->input_fd); if(key_tmp == NULL) { log_msg(LOG_VERBOSITY_ERROR, "[*] getpasswd() key error."); return 0; } strlcpy(key, key_tmp, MAX_KEY_LEN+1); #endif *key_len = strlen(key); } } if(options->have_hmac_key) { strlcpy(hmac_key, options->hmac_key, MAX_KEY_LEN+1); *hmac_key_len = strlen(hmac_key); use_hmac = 1; } else if(options->have_hmac_base64_key) { *hmac_key_len = fko_base64_decode(options->hmac_key_base64, (unsigned char *) options->hmac_key); if(*hmac_key_len > MAX_KEY_LEN || *hmac_key_len < 0) { log_msg(LOG_VERBOSITY_ERROR, "[*] Invalid decoded key length: '%d', must be in [0,%d]", *hmac_key_len, MAX_KEY_LEN); return 0; } memcpy(hmac_key, options->hmac_key, *hmac_key_len); use_hmac = 1; } else if (options->use_hmac) { /* If --get-key file was specified grab the key/password from it. */ if(options->get_hmac_key_file[0] != 0x0) { if(get_key_file(hmac_key, hmac_key_len, options->get_hmac_key_file, ctx, options) != 1) { return 0; } use_hmac = 1; } else { #if AFL_FUZZING strlcpy(hmac_key, AFL_HMAC_KEY, MAX_KEY_LEN+1); #else hmac_key_tmp = getpasswd("Enter HMAC key: ", options->input_fd); if(hmac_key_tmp == NULL) { log_msg(LOG_VERBOSITY_ERROR, "[*] getpasswd() key error."); return 0; } strlcpy(hmac_key, hmac_key_tmp, MAX_KEY_LEN+1); #endif *hmac_key_len = strlen(hmac_key); use_hmac = 1; } } if (use_hmac) { if(*hmac_key_len < 0 || *hmac_key_len > MAX_KEY_LEN) { log_msg(LOG_VERBOSITY_ERROR, "[*] Invalid HMAC key length: '%d', must be in [0,%d]", *hmac_key_len, MAX_KEY_LEN); return 0; } /* Make sure the same key is not used for both encryption and the HMAC */ if(*hmac_key_len == *key_len) { if(memcmp(hmac_key, key, *key_len) == 0) { log_msg(LOG_VERBOSITY_ERROR, "[*] The encryption passphrase and HMAC key should not be identical, no SPA packet sent. Exiting."); return 0; } } res = fko_set_spa_hmac_type(ctx, options->hmac_type); if(res != FKO_SUCCESS) { errmsg("fko_set_spa_hmac_type", res); return 0; } } return 1; }
int main(void) { char *ptr=NULL; ptr=getpasswd("#"); printf("%s\n",ptr); }
int validate_email(FILE *fp, email_hdr_t *eh, char *errstr) { uint32_t crc; uint32_t mcrc; ct_key_t *key; if(eh->eh_flags & EH_CRC) { if(PASSWD_REQ(hperm)) { if((key = getpasswd(hperm.hp_pwdlbl)) == NULL) { cddbd_snprintf(errstr, CDDBBUFSIZ, "Validation string lookup failed"); return EE_ERROR; } } else key = 0; if(crc_email(&crc, fp, eh->eh_rcpt, eh->eh_subj, errstr) != EE_OK) return EE_ERROR; mcrc = strtocrc(eh->eh_crc, 0, key); #if 1 if(crc != mcrc) { #else if(key && crc != mcrc) { #endif #if 1 cddbd_snprintf(errstr, CDDBBUFSIZ, "CRC in email (%08X) differs from expected CRC " "(%08X)", mcrc, crc); return EE_ERROR; #else cddbd_log(LOG_ERR | LOG_PASSWD, "CRC in email (%08X) differs from expected CRC " "(%08X)", mcrc, crc); #endif } hperm.hp_passwd = HP_PASSWD_OK; return EE_OK; } else if(hperm.hp_passwd == HP_PASSWD_REQ) { cddbd_snprintf(errstr, CDDBBUFSIZ, "Required CRC missing from email header"); return EE_ERROR; } return EE_OK; } int crc_email(uint32_t *crc, FILE *fp, char *rcpt, char *subj, char *errstr) { uint32_t len; uint32_t tcrc[3]; rewind(fp); if(crc32(CRC_FILE, fp, &tcrc[0], &len) == -1 || crc32(CRC_STRING, rcpt, &tcrc[1], &len) == -1 || crc32(CRC_STRING, subj, &tcrc[2], &len) == -1) { cddbd_snprintf(errstr, CDDBBUFSIZ, "Can't calculate email CRC (%d)", errno); return EE_ERROR; } *crc = tcrc[0] ^ tcrc[1] ^ tcrc[2]; return EE_OK; }
int main(int argc, char **argv) { char *tty = NULL; char *p; struct passwd *pwd; int c, fd = -1; int opt_e = 0; pid_t pid, pgrp, ppgrp, ttypgrp; /* * See if we have a timeout flag. */ opterr = 0; while((c = getopt(argc, argv, "ept:")) != EOF) switch(c) { case 't': timeout = atoi(optarg); break; case 'p': profile = 1; break; case 'e': opt_e = 1; break; default: usage(); /* Do not exit! */ break; } #if 0 if (geteuid() != 0) { fprintf(stderr, "sulogin: only root can run sulogin.\n"); exit(1); } #endif /* * See if we need to open an other tty device. */ saved_sigint = signal(SIGINT, SIG_IGN); saved_sigtstp = signal(SIGQUIT, SIG_IGN); saved_sigquit = signal(SIGTSTP, SIG_IGN); if (optind < argc) tty = argv[optind]; if (tty || (tty = getenv("CONSOLE"))) { if ((fd = open(tty, O_RDWR)) < 0) { perror(tty); fd = dup(0); } if (!isatty(fd)) { fprintf(stderr, "%s: not a tty\n", tty); close(fd); } else { /* * Only go through this trouble if the new * tty doesn't fall in this process group. */ pid = getpid(); pgrp = getpgid(0); ppgrp = getpgid(getppid()); ttypgrp = tcgetpgrp(fd); if (pgrp != ttypgrp && ppgrp != ttypgrp) { if (pid != getsid(0)) { if (pid == getpgid(0)) setpgid(0, getpgid(getppid())); setsid(); } signal(SIGHUP, SIG_IGN); if (ttypgrp > 0) ioctl(0, TIOCNOTTY, (char *)1); signal(SIGHUP, SIG_DFL); close(0); close(1); close(2); if (fd > 2) close(fd); if ((fd = open(tty, O_RDWR|O_NOCTTY)) < 0) { perror(tty); } else { ioctl(0, TIOCSCTTY, (char *)1); tcsetpgrp(fd, ppgrp); dup2(fd, 0); dup2(fd, 1); dup2(fd, 2); if (fd > 2) close(fd); } } else if (fd > 2) close(fd); } } else if (getpid() == 1) { /* We are init. We hence need to set a session anyway */ setsid(); if (ioctl(0, TIOCSCTTY, (char *)1)) perror("ioctl(TIOCSCTTY)"); } #if defined(SANE_TIO) && (SANE_TIO == 1) fixtty(); #endif /* * Get the root password. */ if ((pwd = getrootpwent(opt_e)) == NULL) { fprintf(stderr, "sulogin: cannot open password database!\n"); sleep(2); } sushell(pwd); /* * Ask for the password. */ while(pwd) { if ((p = getpasswd(pwd->pw_passwd)) == NULL) break; if (pwd->pw_passwd[0] == 0 || strcmp(crypt(p, pwd->pw_passwd), pwd->pw_passwd) == 0) sushell(pwd); saved_sigquit = signal(SIGQUIT, SIG_IGN); saved_sigtstp = signal(SIGTSTP, SIG_IGN); saved_sigint = signal(SIGINT, SIG_IGN); printf("Login incorrect.\n"); } /* * User pressed Control-D. */ return 0; }
int main(int argc, char **argv) { char *tty = NULL; char *p; struct passwd *pwd; int c, fd = -1; int opt_e = 0; pid_t pid, pgrp, ppgrp, ttypgrp; struct sigaction saved_sighup; static const struct option longopts[] = { { "login-shell", 0, 0, 'p' }, { "timeout", 1, 0, 't' }, { "force", 0, 0, 'e' }, { "help", 0, 0, 'h' }, { "version", 0, 0, 'V' }, { NULL, 0, 0, 0 } }; setlocale(LC_ALL, ""); bindtextdomain(PACKAGE, LOCALEDIR); textdomain(PACKAGE); atexit(close_stdout); /* * See if we have a timeout flag. */ while ((c = getopt_long(argc, argv, "ehpt:V", longopts, NULL)) != -1) { switch(c) { case 't': timeout = strtou32_or_err(optarg, _("invalid timeout argument")); break; case 'p': profile = 1; break; case 'e': opt_e = 1; break; case 'V': printf(UTIL_LINUX_VERSION); return EXIT_SUCCESS; case 'h': usage(stdout); return EXIT_SUCCESS; default: usage(stderr); /* Do not exit! */ break; } } if (geteuid() != 0) errx(EXIT_FAILURE, _("only root can run this program.")); /* * See if we need to open an other tty device. */ mask_signal(SIGQUIT, SIG_IGN, &saved_sigquit); mask_signal(SIGTSTP, SIG_IGN, &saved_sigtstp); mask_signal(SIGINT, SIG_IGN, &saved_sigint); if (optind < argc) tty = argv[optind]; if (tty || (tty = getenv("CONSOLE"))) { if ((fd = open(tty, O_RDWR)) < 0) { warn(_("cannot open %s"), tty); fd = dup(0); } if (!isatty(fd)) { warn(_("%s: not a tty"), tty); close(fd); } else { /* * Only go through this trouble if the new tty doesn't * fall in this process group. */ pid = getpid(); pgrp = getpgid(0); ppgrp = getpgid(getppid()); ttypgrp = tcgetpgrp(fd); if (pgrp != ttypgrp && ppgrp != ttypgrp) { if (pid != getsid(0)) { if (pid == getpgid(0)) setpgid(0, getpgid(getppid())); setsid(); } sigaction(SIGHUP, NULL, &saved_sighup); if (ttypgrp > 0) ioctl(0, TIOCNOTTY, (char *)1); sigaction(SIGHUP, &saved_sighup, NULL); close(0); close(1); close(2); if (fd > 2) close(fd); if ((fd = open(tty, O_RDWR|O_NOCTTY)) < 0) warn(_("cannot open %s"), tty); else { ioctl(0, TIOCSCTTY, (char *)1); tcsetpgrp(fd, ppgrp); dup2(fd, 0); dup2(fd, 1); dup2(fd, 2); if (fd > 2) close(fd); } } else if (fd > 2) close(fd); } } else if (getpid() == 1) { /* We are init. We hence need to set a session anyway */ setsid(); if (ioctl(0, TIOCSCTTY, (char *)1)) warn(_("TIOCSCTTY: ioctl failed")); } fixtty(); /* * Get the root password. */ if ((pwd = getrootpwent(opt_e)) == NULL) { warnx(_("cannot open password database.")); sleep(2); } /* * Ask for the password. */ while (pwd) { if ((p = getpasswd(pwd->pw_passwd)) == NULL) break; if (pwd->pw_passwd[0] == 0 || strcmp(crypt(p, pwd->pw_passwd), pwd->pw_passwd) == 0) sushell(pwd); mask_signal(SIGQUIT, SIG_IGN, &saved_sigquit); mask_signal(SIGTSTP, SIG_IGN, &saved_sigtstp); mask_signal(SIGINT, SIG_IGN, &saved_sigint); fprintf(stderr, _("Login incorrect\n\n")); } /* * User pressed Control-D. */ return EXIT_SUCCESS; }
/*********************parent process tcp connection use to manage************************/ void client_mgr(char *ip, int serverPort, int pipefd, int pid) { int flag = 0; char *p; char name[256], passwd[256]; char realName[512]; int err, fd, i; struct sockaddr_in sa; char buf[4096]; SSL_CTX* ctx; SSL* ssl; //create a TCP socket fd = socket (AF_INET, SOCK_STREAM, 0); CHK_ERR(fd, "socket"); memset (&sa, 0, sizeof(sa)); sa.sin_family = AF_INET; sa.sin_addr.s_addr = inet_addr(ip); sa.sin_port = htons(serverPort); //connect step err = connect(fd, (struct sockaddr*) &sa, sizeof(sa)); CHK_ERR(err, "connect"); sleep(2); puts("Please input the common name: "); scanf("%s", realName); setupCTX(&ctx); //build SSL on the TCP connection ssl = SSL_new(ctx); CHK_NULL(ssl); SSL_set_fd (ssl, fd); err = SSL_connect(ssl); CHK_SSL(err); //check certificate SSL_CTX_load_verify_locations(ctx, CACERT, NULL); SSL_CTX_set_verify(ctx, SSL_VERIFY_PEER, NULL); int result = SSL_get_verify_result(ssl); if(result == X509_V_OK || result == X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN) { printf("The certificate is valid.\n"); } else { printf("Invalid certificate %d\n", result); exit(1); } X509* server_cert = SSL_get_peer_certificate(ssl); CHK_NULL(server_cert); char *str = X509_NAME_oneline(X509_get_subject_name(server_cert),0,0); CHK_NULL(str); OPENSSL_free(str); str = X509_NAME_oneline(X509_get_issuer_name(server_cert),0,0); CHK_NULL(str); OPENSSL_free(str); X509_NAME *xname = X509_get_subject_name(server_cert); X509_NAME_get_text_by_NID(xname, NID_commonName, commonName, 512); if( strcasecmp(commonName, realName) !=0 ) { printf("commonName is wrong.\n"); exit(1); } printf("commonName is right.\n"); printf("Server authentication is successful.\n"); //release! X509_free(server_cert); sleep(2); while(!flag) { //handle the login part printf("username: "******"%s",name); getchar(); //safe mode set_disp_mode(STDIN_FILENO, 0); getpasswd(passwd, sizeof(passwd)); p = passwd; while(*p != '\n') p++; *p = '\0'; //OK! set_disp_mode(STDIN_FILENO, 1); sendName(ssl, name); sendPass(ssl, passwd); SSL_read(ssl, buf, sizeof(buf) - 1); putchar(10); if( buf[0] == 'o' ) { puts("Connect successfully"); flag = 1; } else { puts("wrong password, please try again!"); } } //clean the password for security reason memset(passwd, 0, sizeof(passwd)); genKey(key); sendKey(ssl, key); while (1) { talkToudp(key, pipefd, 'k'); printf("1. ipnut 'q' to quit.\n"); printf("2. input 'c' to change the key.\n"); scanf("%s", buf); if (strlen(buf) == 1) { if (buf[0]=='q') { break; } else if( buf[0]=='r'){ genKey(key); sendKey(ssl, key); } } else { printf("Invalid.\n"); continue; } } memset(key, 0, KEYSIZE); memset(IV, 0, IVSIZE); sendKey(ssl, key); sleep(1); kill(pid, SIGTERM); wait(0); SSL_shutdown(ssl); /* send SSL/TLS close_notify */ close(fd); SSL_free(ssl); SSL_CTX_free(ctx); }