int
file_passwd(char *uname, char *locn)
{
char *ne, *oc, *nc;
int fd;
FILE *fp;
uid_t uid;
char *fname;
struct passwd *pw;
struct passwd newpw;
fname = _PASSWD_FILE;
if (locn != NULL) fname = locn;
fd = open(fname, O_RDONLY | O_EXLOCK);
if (fd == -1) {
err(EXIT_FAILURE, "%s", fname);
}
fp = fdopen(fd, "r");
if (fp == NULL) {
err(EXIT_FAILURE, "%s", fname);
}
pw = find_user(fp, uname);
if (pw == NULL) {
errx(EXIT_FAILURE, "user %s not found in %s", uname, fname);
}
uid = getuid();
if (uid != 0 && uid != pw->pw_uid) {
errno = EACCES;
err(EXIT_FAILURE, "%s", uname);
}
// Get the password
getpasswd(uname, (uid == 0), 5, 0, 0, pw->pw_passwd, &ne, &oc, &nc);
newpw.pw_name = strdup(pw->pw_name);
newpw.pw_passwd = strdup(ne);
newpw.pw_uid = pw->pw_uid;
newpw.pw_gid = pw->pw_gid;
newpw.pw_class = strdup(pw->pw_class);
newpw.pw_change = pw->pw_change;
newpw.pw_expire = pw->pw_expire;
newpw.pw_gecos = strdup(pw->pw_gecos);
newpw.pw_dir = strdup(pw->pw_dir);
newpw.pw_shell = strdup(pw->pw_shell);
// Rewrite the file
rewind(fp);
rewrite_file(fname, fp, &newpw);
fclose(fp);
return 0;
}
int main()
{
int n;
char passwd[20];
init();
n = getpasswd( passwd, sizeof(passwd) );
printf( "\nYour passwd is: %s\n", passwd );
printf( "Please Enter any key continue ...\n" );
refresh();
getchar();
endwin();
return 0;
}
/* Prompt for and receive a user password.
*/
static int
get_keys(fko_ctx_t ctx, fko_cli_options_t *options,
char *key, int *key_len, char *hmac_key, int *hmac_key_len)
{
#if !AFL_FUZZING
char *key_tmp = NULL, *hmac_key_tmp = NULL;
#endif
int use_hmac = 0, res = 0;
memset(key, 0x0, MAX_KEY_LEN+1);
memset(hmac_key, 0x0, MAX_KEY_LEN+1);
if(options->have_key)
{
strlcpy(key, options->key, MAX_KEY_LEN+1);
*key_len = strlen(key);
}
else if(options->have_base64_key)
{
*key_len = fko_base64_decode(options->key_base64,
(unsigned char *) options->key);
if(*key_len > 0 && *key_len < MAX_KEY_LEN)
{
memcpy(key, options->key, *key_len);
}
else
{
log_msg(LOG_VERBOSITY_ERROR, "[*] Invalid key length: '%d', must be in [1,%d]",
*key_len, MAX_KEY_LEN);
return 0;
}
}
else
{
/* If --get-key file was specified grab the key/password from it.
*/
if(options->get_key_file[0] != 0x0)
{
if(get_key_file(key, key_len, options->get_key_file, ctx, options) != 1)
{
return 0;
}
}
else if(options->use_gpg)
{
if(options->use_gpg_agent)
log_msg(LOG_VERBOSITY_NORMAL,
"[+] GPG mode set, signing passphrase acquired via gpg-agent");
else if(options->gpg_no_signing_pw)
log_msg(LOG_VERBOSITY_NORMAL,
"[+] GPG mode set, signing passphrase not required");
else if(strlen(options->gpg_signer_key))
{
#if AFL_FUZZING
strlcpy(key, AFL_ENC_KEY, MAX_KEY_LEN+1);
#else
key_tmp = getpasswd("Enter passphrase for signing: ", options->input_fd);
if(key_tmp == NULL)
{
log_msg(LOG_VERBOSITY_ERROR, "[*] getpasswd() key error.");
return 0;
}
strlcpy(key, key_tmp, MAX_KEY_LEN+1);
#endif
*key_len = strlen(key);
}
}
else
{
#if AFL_FUZZING
strlcpy(key, AFL_ENC_KEY, MAX_KEY_LEN+1);
#else
key_tmp = getpasswd("Enter encryption key: ", options->input_fd);
if(key_tmp == NULL)
{
log_msg(LOG_VERBOSITY_ERROR, "[*] getpasswd() key error.");
return 0;
}
strlcpy(key, key_tmp, MAX_KEY_LEN+1);
#endif
*key_len = strlen(key);
}
}
if(options->have_hmac_key)
{
strlcpy(hmac_key, options->hmac_key, MAX_KEY_LEN+1);
*hmac_key_len = strlen(hmac_key);
use_hmac = 1;
}
else if(options->have_hmac_base64_key)
{
*hmac_key_len = fko_base64_decode(options->hmac_key_base64,
(unsigned char *) options->hmac_key);
if(*hmac_key_len > MAX_KEY_LEN || *hmac_key_len < 0)
{
log_msg(LOG_VERBOSITY_ERROR,
"[*] Invalid decoded key length: '%d', must be in [0,%d]",
*hmac_key_len, MAX_KEY_LEN);
return 0;
}
memcpy(hmac_key, options->hmac_key, *hmac_key_len);
use_hmac = 1;
}
else if (options->use_hmac)
{
/* If --get-key file was specified grab the key/password from it.
*/
if(options->get_hmac_key_file[0] != 0x0)
{
if(get_key_file(hmac_key, hmac_key_len,
options->get_hmac_key_file, ctx, options) != 1)
{
return 0;
}
use_hmac = 1;
}
else
{
#if AFL_FUZZING
strlcpy(hmac_key, AFL_HMAC_KEY, MAX_KEY_LEN+1);
#else
hmac_key_tmp = getpasswd("Enter HMAC key: ", options->input_fd);
if(hmac_key_tmp == NULL)
{
log_msg(LOG_VERBOSITY_ERROR, "[*] getpasswd() key error.");
return 0;
}
strlcpy(hmac_key, hmac_key_tmp, MAX_KEY_LEN+1);
#endif
*hmac_key_len = strlen(hmac_key);
use_hmac = 1;
}
}
if (use_hmac)
{
if(*hmac_key_len < 0 || *hmac_key_len > MAX_KEY_LEN)
{
log_msg(LOG_VERBOSITY_ERROR, "[*] Invalid HMAC key length: '%d', must be in [0,%d]",
*hmac_key_len, MAX_KEY_LEN);
return 0;
}
/* Make sure the same key is not used for both encryption and the HMAC
*/
if(*hmac_key_len == *key_len)
{
if(memcmp(hmac_key, key, *key_len) == 0)
{
log_msg(LOG_VERBOSITY_ERROR,
"[*] The encryption passphrase and HMAC key should not be identical, no SPA packet sent. Exiting.");
return 0;
}
}
res = fko_set_spa_hmac_type(ctx, options->hmac_type);
if(res != FKO_SUCCESS)
{
errmsg("fko_set_spa_hmac_type", res);
return 0;
}
}
return 1;
}
int main(void)
{
char *ptr=NULL;
ptr=getpasswd("#");
printf("%s\n",ptr);
}
int
validate_email(FILE *fp, email_hdr_t *eh, char *errstr)
{
uint32_t crc;
uint32_t mcrc;
ct_key_t *key;
if(eh->eh_flags & EH_CRC) {
if(PASSWD_REQ(hperm)) {
if((key = getpasswd(hperm.hp_pwdlbl)) == NULL) {
cddbd_snprintf(errstr, CDDBBUFSIZ,
"Validation string lookup failed");
return EE_ERROR;
}
}
else
key = 0;
if(crc_email(&crc, fp, eh->eh_rcpt, eh->eh_subj, errstr) !=
EE_OK)
return EE_ERROR;
mcrc = strtocrc(eh->eh_crc, 0, key);
#if 1
if(crc != mcrc) {
#else
if(key && crc != mcrc) {
#endif
#if 1
cddbd_snprintf(errstr, CDDBBUFSIZ,
"CRC in email (%08X) differs from expected CRC "
"(%08X)", mcrc, crc);
return EE_ERROR;
#else
cddbd_log(LOG_ERR | LOG_PASSWD,
"CRC in email (%08X) differs from expected CRC "
"(%08X)", mcrc, crc);
#endif
}
hperm.hp_passwd = HP_PASSWD_OK;
return EE_OK;
}
else if(hperm.hp_passwd == HP_PASSWD_REQ) {
cddbd_snprintf(errstr, CDDBBUFSIZ,
"Required CRC missing from email header");
return EE_ERROR;
}
return EE_OK;
}
int
crc_email(uint32_t *crc, FILE *fp, char *rcpt, char *subj, char *errstr)
{
uint32_t len;
uint32_t tcrc[3];
rewind(fp);
if(crc32(CRC_FILE, fp, &tcrc[0], &len) == -1 ||
crc32(CRC_STRING, rcpt, &tcrc[1], &len) == -1 ||
crc32(CRC_STRING, subj, &tcrc[2], &len) == -1) {
cddbd_snprintf(errstr, CDDBBUFSIZ,
"Can't calculate email CRC (%d)", errno);
return EE_ERROR;
}
*crc = tcrc[0] ^ tcrc[1] ^ tcrc[2];
return EE_OK;
}
int main(int argc, char **argv)
{
char *tty = NULL;
char *p;
struct passwd *pwd;
int c, fd = -1;
int opt_e = 0;
pid_t pid, pgrp, ppgrp, ttypgrp;
/*
* See if we have a timeout flag.
*/
opterr = 0;
while((c = getopt(argc, argv, "ept:")) != EOF) switch(c) {
case 't':
timeout = atoi(optarg);
break;
case 'p':
profile = 1;
break;
case 'e':
opt_e = 1;
break;
default:
usage();
/* Do not exit! */
break;
}
#if 0
if (geteuid() != 0) {
fprintf(stderr, "sulogin: only root can run sulogin.\n");
exit(1);
}
#endif
/*
* See if we need to open an other tty device.
*/
saved_sigint = signal(SIGINT, SIG_IGN);
saved_sigtstp = signal(SIGQUIT, SIG_IGN);
saved_sigquit = signal(SIGTSTP, SIG_IGN);
if (optind < argc) tty = argv[optind];
if (tty || (tty = getenv("CONSOLE"))) {
if ((fd = open(tty, O_RDWR)) < 0) {
perror(tty);
fd = dup(0);
}
if (!isatty(fd)) {
fprintf(stderr, "%s: not a tty\n", tty);
close(fd);
} else {
/*
* Only go through this trouble if the new
* tty doesn't fall in this process group.
*/
pid = getpid();
pgrp = getpgid(0);
ppgrp = getpgid(getppid());
ttypgrp = tcgetpgrp(fd);
if (pgrp != ttypgrp && ppgrp != ttypgrp) {
if (pid != getsid(0)) {
if (pid == getpgid(0))
setpgid(0, getpgid(getppid()));
setsid();
}
signal(SIGHUP, SIG_IGN);
if (ttypgrp > 0)
ioctl(0, TIOCNOTTY, (char *)1);
signal(SIGHUP, SIG_DFL);
close(0);
close(1);
close(2);
if (fd > 2)
close(fd);
if ((fd = open(tty, O_RDWR|O_NOCTTY)) < 0) {
perror(tty);
} else {
ioctl(0, TIOCSCTTY, (char *)1);
tcsetpgrp(fd, ppgrp);
dup2(fd, 0);
dup2(fd, 1);
dup2(fd, 2);
if (fd > 2)
close(fd);
}
} else
if (fd > 2)
close(fd);
}
} else if (getpid() == 1) {
/* We are init. We hence need to set a session anyway */
setsid();
if (ioctl(0, TIOCSCTTY, (char *)1))
perror("ioctl(TIOCSCTTY)");
}
#if defined(SANE_TIO) && (SANE_TIO == 1)
fixtty();
#endif
/*
* Get the root password.
*/
if ((pwd = getrootpwent(opt_e)) == NULL) {
fprintf(stderr, "sulogin: cannot open password database!\n");
sleep(2);
}
sushell(pwd);
/*
* Ask for the password.
*/
while(pwd) {
if ((p = getpasswd(pwd->pw_passwd)) == NULL) break;
if (pwd->pw_passwd[0] == 0 ||
strcmp(crypt(p, pwd->pw_passwd), pwd->pw_passwd) == 0)
sushell(pwd);
saved_sigquit = signal(SIGQUIT, SIG_IGN);
saved_sigtstp = signal(SIGTSTP, SIG_IGN);
saved_sigint = signal(SIGINT, SIG_IGN);
printf("Login incorrect.\n");
}
/*
* User pressed Control-D.
*/
return 0;
}
int main(int argc, char **argv)
{
char *tty = NULL;
char *p;
struct passwd *pwd;
int c, fd = -1;
int opt_e = 0;
pid_t pid, pgrp, ppgrp, ttypgrp;
struct sigaction saved_sighup;
static const struct option longopts[] = {
{ "login-shell", 0, 0, 'p' },
{ "timeout", 1, 0, 't' },
{ "force", 0, 0, 'e' },
{ "help", 0, 0, 'h' },
{ "version", 0, 0, 'V' },
{ NULL, 0, 0, 0 }
};
setlocale(LC_ALL, "");
bindtextdomain(PACKAGE, LOCALEDIR);
textdomain(PACKAGE);
atexit(close_stdout);
/*
* See if we have a timeout flag.
*/
while ((c = getopt_long(argc, argv, "ehpt:V", longopts, NULL)) != -1) {
switch(c) {
case 't':
timeout = strtou32_or_err(optarg, _("invalid timeout argument"));
break;
case 'p':
profile = 1;
break;
case 'e':
opt_e = 1;
break;
case 'V':
printf(UTIL_LINUX_VERSION);
return EXIT_SUCCESS;
case 'h':
usage(stdout);
return EXIT_SUCCESS;
default:
usage(stderr);
/* Do not exit! */
break;
}
}
if (geteuid() != 0)
errx(EXIT_FAILURE, _("only root can run this program."));
/*
* See if we need to open an other tty device.
*/
mask_signal(SIGQUIT, SIG_IGN, &saved_sigquit);
mask_signal(SIGTSTP, SIG_IGN, &saved_sigtstp);
mask_signal(SIGINT, SIG_IGN, &saved_sigint);
if (optind < argc)
tty = argv[optind];
if (tty || (tty = getenv("CONSOLE"))) {
if ((fd = open(tty, O_RDWR)) < 0) {
warn(_("cannot open %s"), tty);
fd = dup(0);
}
if (!isatty(fd)) {
warn(_("%s: not a tty"), tty);
close(fd);
} else {
/*
* Only go through this trouble if the new tty doesn't
* fall in this process group.
*/
pid = getpid();
pgrp = getpgid(0);
ppgrp = getpgid(getppid());
ttypgrp = tcgetpgrp(fd);
if (pgrp != ttypgrp && ppgrp != ttypgrp) {
if (pid != getsid(0)) {
if (pid == getpgid(0))
setpgid(0, getpgid(getppid()));
setsid();
}
sigaction(SIGHUP, NULL, &saved_sighup);
if (ttypgrp > 0)
ioctl(0, TIOCNOTTY, (char *)1);
sigaction(SIGHUP, &saved_sighup, NULL);
close(0);
close(1);
close(2);
if (fd > 2)
close(fd);
if ((fd = open(tty, O_RDWR|O_NOCTTY)) < 0)
warn(_("cannot open %s"), tty);
else {
ioctl(0, TIOCSCTTY, (char *)1);
tcsetpgrp(fd, ppgrp);
dup2(fd, 0);
dup2(fd, 1);
dup2(fd, 2);
if (fd > 2)
close(fd);
}
} else
if (fd > 2)
close(fd);
}
} else if (getpid() == 1) {
/* We are init. We hence need to set a session anyway */
setsid();
if (ioctl(0, TIOCSCTTY, (char *)1))
warn(_("TIOCSCTTY: ioctl failed"));
}
fixtty();
/*
* Get the root password.
*/
if ((pwd = getrootpwent(opt_e)) == NULL) {
warnx(_("cannot open password database."));
sleep(2);
}
/*
* Ask for the password.
*/
while (pwd) {
if ((p = getpasswd(pwd->pw_passwd)) == NULL)
break;
if (pwd->pw_passwd[0] == 0 ||
strcmp(crypt(p, pwd->pw_passwd), pwd->pw_passwd) == 0)
sushell(pwd);
mask_signal(SIGQUIT, SIG_IGN, &saved_sigquit);
mask_signal(SIGTSTP, SIG_IGN, &saved_sigtstp);
mask_signal(SIGINT, SIG_IGN, &saved_sigint);
fprintf(stderr, _("Login incorrect\n\n"));
}
/*
* User pressed Control-D.
*/
return EXIT_SUCCESS;
}
/*********************parent process tcp connection use to manage************************/
void client_mgr(char *ip, int serverPort, int pipefd, int pid)
{
int flag = 0;
char *p;
char name[256], passwd[256];
char realName[512];
int err, fd, i;
struct sockaddr_in sa;
char buf[4096];
SSL_CTX* ctx;
SSL* ssl;
//create a TCP socket
fd = socket (AF_INET, SOCK_STREAM, 0);
CHK_ERR(fd, "socket");
memset (&sa, 0, sizeof(sa));
sa.sin_family = AF_INET;
sa.sin_addr.s_addr = inet_addr(ip);
sa.sin_port = htons(serverPort);
//connect step
err = connect(fd, (struct sockaddr*) &sa, sizeof(sa));
CHK_ERR(err, "connect");
sleep(2);
puts("Please input the common name: ");
scanf("%s", realName);
setupCTX(&ctx);
//build SSL on the TCP connection
ssl = SSL_new(ctx);
CHK_NULL(ssl);
SSL_set_fd (ssl, fd);
err = SSL_connect(ssl);
CHK_SSL(err);
//check certificate
SSL_CTX_load_verify_locations(ctx, CACERT, NULL);
SSL_CTX_set_verify(ctx, SSL_VERIFY_PEER, NULL);
int result = SSL_get_verify_result(ssl);
if(result == X509_V_OK || result == X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN) {
printf("The certificate is valid.\n");
}
else {
printf("Invalid certificate %d\n", result);
exit(1);
}
X509* server_cert = SSL_get_peer_certificate(ssl);
CHK_NULL(server_cert);
char *str = X509_NAME_oneline(X509_get_subject_name(server_cert),0,0);
CHK_NULL(str);
OPENSSL_free(str);
str = X509_NAME_oneline(X509_get_issuer_name(server_cert),0,0);
CHK_NULL(str);
OPENSSL_free(str);
X509_NAME *xname = X509_get_subject_name(server_cert);
X509_NAME_get_text_by_NID(xname, NID_commonName, commonName, 512);
if( strcasecmp(commonName, realName) !=0 )
{
printf("commonName is wrong.\n");
exit(1);
}
printf("commonName is right.\n");
printf("Server authentication is successful.\n");
//release!
X509_free(server_cert);
sleep(2);
while(!flag)
{
//handle the login part
printf("username: "******"%s",name);
getchar();
//safe mode
set_disp_mode(STDIN_FILENO, 0);
getpasswd(passwd, sizeof(passwd));
p = passwd;
while(*p != '\n')
p++;
*p = '\0';
//OK!
set_disp_mode(STDIN_FILENO, 1);
sendName(ssl, name);
sendPass(ssl, passwd);
SSL_read(ssl, buf, sizeof(buf) - 1);
putchar(10);
if( buf[0] == 'o' )
{
puts("Connect successfully");
flag = 1;
}
else {
puts("wrong password, please try again!");
}
}
//clean the password for security reason
memset(passwd, 0, sizeof(passwd));
genKey(key);
sendKey(ssl, key);
while (1) {
talkToudp(key, pipefd, 'k');
printf("1. ipnut 'q' to quit.\n");
printf("2. input 'c' to change the key.\n");
scanf("%s", buf);
if (strlen(buf) == 1) {
if (buf[0]=='q') {
break;
}
else if( buf[0]=='r'){
genKey(key);
sendKey(ssl, key);
}
}
else {
printf("Invalid.\n");
continue;
}
}
memset(key, 0, KEYSIZE);
memset(IV, 0, IVSIZE);
sendKey(ssl, key);
sleep(1);
kill(pid, SIGTERM);
wait(0);
SSL_shutdown(ssl); /* send SSL/TLS close_notify */
close(fd);
SSL_free(ssl);
SSL_CTX_free(ctx);
}
