From: John Hodge Date: Fri, 7 Jan 2011 07:33:09 +0000 (+0800) Subject: Moved GetUserAuth out to Cokebank (removes potential duplication) X-Git-Url: https://git.ucc.asn.au/?p=tpg%2Fopendispense2.git;a=commitdiff_plain;h=e1fdf2ccb6a7b5301e44aaf7927fdb49f511a30d Moved GetUserAuth out to Cokebank (removes potential duplication) - Also did some cleanup changes (placed TODOs) - Removed `dispense acct =` because it will mess up the accounting logs. --- diff --git a/src/client/main.c b/src/client/main.c index 2d03c28..17971dc 100644 --- a/src/client/main.c +++ b/src/client/main.c @@ -166,11 +166,18 @@ int main(int argc, char *argv[]) } } + // Show user information Dispense_ShowUser(sock, argv[i+1]); close(sock); return 0; } + else if( strcmp(arg, "give") == 0 ) + { + // TODO: `dispense give` + printf("TODO: Implement `dispense give`\n"); + return 0; + } else if( strcmp(arg, "user") == 0 ) { // Check argument count @@ -237,7 +244,9 @@ int main(int argc, char *argv[]) if( gsItemPattern ) { - + // TODO: Implement `dispense ` + printf("TODO: Implement `dispense `\n"); + i = -1; } else if( gbUseNCurses ) { @@ -295,7 +304,7 @@ void ShowUsage(void) " Give some of your money away\n" " dispense acct []\n" " Show user balances\n" - " dispense acct [+-=] \"\"\n" + " dispense acct [+-] \"\"\n" " Alter a account value (Coke members only)\n" " dispense user add \n" " Create new coke account (Wheel members only)\n" diff --git a/src/cokebank.h b/src/cokebank.h index 09e6d18..a16c3ae 100644 --- a/src/cokebank.h +++ b/src/cokebank.h @@ -33,5 +33,6 @@ extern char *GetUserName(int User); extern int GetUserID(const char *Username); extern int CreateUser(const char *Username); extern int GetMaxID(void); +extern int GetUserAuth(const char *Salt, const char *Username, const char *Password); #endif diff --git a/src/cokebank_basic/main.c b/src/cokebank_basic/main.c index 9ddb85e..87bfc9e 100644 --- a/src/cokebank_basic/main.c +++ b/src/cokebank_basic/main.c @@ -8,22 +8,36 @@ * for full details. */ #include +#include #include #include #include #include "common.h" +// === HACKS === +#define HACK_TPG_NOAUTH 1 +#define HACK_ROOT_NOAUTH 1 + // === PROTOTYPES === void Init_Cokebank(const char *Argument); int Transfer(int SourceUser, int DestUser, int Ammount, const char *Reason); int GetBalance(int User); char *GetUserName(int User); - int GetUserID(const char *Username); - int GetUserAuth(const char *Username, const char *Password); + int GetUserID(const char *Username); int GetMaxID(void); + int GetUserAuth(const char *Salt, const char *Username, const char *PasswordString); +#if USE_LDAP +char *ReadLDAPValue(const char *Filter, char *Value); +#endif +void HexBin(uint8_t *Dest, int BufSize, char *Src); // === GLOBALS === FILE *gBank_LogFile; +#if USE_LDAP +char *gsLDAPServer = "mussel"; + int giLDAPPort = 389; +LDAP *gpLDAP; +#endif // === CODE === /** @@ -31,6 +45,11 @@ FILE *gBank_LogFile; */ void Init_Cokebank(const char *Argument) { + #if USE_LDAP + int rv; + #endif + + // Open Cokebank gBank_File = fopen(Argument, "rb+"); if( !gBank_File ) { gBank_File = fopen(Argument, "wb+"); @@ -39,14 +58,51 @@ void Init_Cokebank(const char *Argument) perror("Opening coke bank"); } + // Open log file + // TODO: Do I need this? gBank_LogFile = fopen("cokebank.log", "a"); if( !gBank_LogFile ) gBank_LogFile = stdout; + // Read in cokebank fseek(gBank_File, 0, SEEK_END); giBank_NumUsers = ftell(gBank_File) / sizeof(gaBank_Users[0]); fseek(gBank_File, 0, SEEK_SET); gaBank_Users = malloc( giBank_NumUsers * sizeof(gaBank_Users[0]) ); fread(gaBank_Users, sizeof(gaBank_Users[0]), giBank_NumUsers, gBank_File); + + #if USE_LDAP + // Connect to LDAP + rv = ldap_create(&gpLDAP); + if(rv) { + fprintf(stderr, "ldap_create: %s\n", ldap_err2string(rv)); + exit(1); + } + rv = ldap_initialize(&gpLDAP, "ldap://mussel:389"); + if(rv) { + fprintf(stderr, "ldap_initialize: %s\n", ldap_err2string(rv)); + exit(1); + } + { int ver = LDAP_VERSION3; ldap_set_option(gpLDAP, LDAP_OPT_PROTOCOL_VERSION, &ver); } + # if 0 + rv = ldap_start_tls_s(gpLDAP, NULL, NULL); + if(rv) { + fprintf(stderr, "ldap_start_tls_s: %s\n", ldap_err2string(rv)); + exit(1); + } + # endif + { + struct berval cred; + struct berval *servcred; + cred.bv_val = "secret"; + cred.bv_len = 6; + rv = ldap_sasl_bind_s(gpLDAP, "cn=root,dc=ucc,dc=gu,dc=uwa,dc=edu,dc=au", + "", &cred, NULL, NULL, NULL); + if(rv) { + fprintf(stderr, "ldap_start_tls_s: %s\n", ldap_err2string(rv)); + exit(1); + } + } + #endif } /** @@ -122,3 +178,139 @@ int GetMaxID(void) return giBank_NumUsers; } +/** + * \brief Authenticate a user + * \return User ID, or -1 if authentication failed + */ +int GetUserAuth(const char *Salt, const char *Username, const char *PasswordString) +{ + #if USE_LDAP + uint8_t hash[20]; + uint8_t h[20]; + int ofs = strlen(Username) + strlen(Salt); + char input[ ofs + 40 + 1]; + char tmp[4 + strlen(Username) + 1]; // uid=%s + char *passhash; + #endif + + #if HACK_TPG_NOAUTH + if( strcmp(Username, "tpg") == 0 ) + return GetUserID("tpg"); + #endif + #if HACK_ROOT_NOAUTH + if( strcmp(Username, "root") == 0 ) { + int ret = GetUserID("root"); + if( ret == -1 ) + return CreateUser("root"); + return ret; + } + #endif + + #if USE_LDAP + HexBin(hash, 20, PasswordString); + + // Build string to hash + strcpy(input, Username); + strcpy(input, Salt); + + // TODO: Get user's SHA-1 hash + sprintf(tmp, "uid=%s", Username); + printf("tmp = '%s'\n", tmp); + passhash = ReadLDAPValue(tmp, "userPassword"); + if( !passhash ) { + return -1; + } + printf("LDAP hash '%s'\n", passhash); + + sprintf(input+ofs, "%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x", + h[ 0], h[ 1], h[ 2], h[ 3], h[ 4], h[ 5], h[ 6], h[ 7], h[ 8], h[ 9], + h[10], h[11], h[12], h[13], h[14], h[15], h[16], h[17], h[18], h[19] + ); + // Then create the hash from the provided salt + // Compare that with the provided hash + + + if( giDebugLevel ) { + int i; + printf("Client %i: Password hash ", Client->ID); + for(i=0;ibv_val, attrValues[0]->bv_len); + + ldap_value_free_len(attrValues); + + + return ret; +} +#endif + +// TODO: Move to another file +void HexBin(uint8_t *Dest, int BufSize, char *Src) +{ + int i; + for( i = 0; i < BufSize; i ++ ) + { + uint8_t val = 0; + + if('0' <= *Src && *Src <= '9') + val |= (*Src-'0') << 4; + else if('A' <= *Src && *Src <= 'F') + val |= (*Src-'A'+10) << 4; + else if('a' <= *Src && *Src <= 'f') + val |= (*Src-'a'+10) << 4; + else + break; + Src ++; + + if('0' <= *Src && *Src <= '9') + val |= (*Src-'0'); + else if('A' <= *Src && *Src <= 'F') + val |= (*Src-'A'+10); + else if('a' <= *Src && *Src <= 'f') + val |= (*Src-'a'+10); + else + break; + Src ++; + + Dest[i] = val; + } + for( ; i < BufSize; i++ ) + Dest[i] = 0; +} + diff --git a/src/server/server.c b/src/server/server.c index 1253c8c..d3bb49b 100644 --- a/src/server/server.c +++ b/src/server/server.c @@ -19,10 +19,6 @@ #include #include -// HACKS -#define HACK_TPG_NOAUTH 1 -#define HACK_ROOT_NOAUTH 1 - #define DEBUG_TRACE_CLIENT 0 // Statistics @@ -72,11 +68,7 @@ void Server_Cmd_USERADD(tClient *Client, char *Args); void Server_Cmd_USERFLAGS(tClient *Client, char *Args); // --- Helpers --- int sendf(int Socket, const char *Format, ...); - int GetUserAuth(const char *Salt, const char *Username, const uint8_t *Hash); void HexBin(uint8_t *Dest, char *Src, int BufSize); -#if USE_LDAP -char *ReadLDAPValue(const char *Filter, char *Value); -#endif // === CONSTANTS === // - Commands @@ -103,11 +95,6 @@ const struct sClientCommand { // === GLOBALS === int giServer_Port = 1020; int giServer_NextClientID = 1; -#if USE_LDAP -char *gsLDAPServer = "mussel"; - int giLDAPPort = 389; -LDAP *gpLDAP; -#endif int giServer_Socket; // === CODE === @@ -118,46 +105,9 @@ void Server_Start(void) { int client_socket; struct sockaddr_in server_addr, client_addr; - #if USE_LDAP - int rv; - #endif atexit(Server_Cleanup); - #if USE_LDAP - // Connect to LDAP - rv = ldap_create(&gpLDAP); - if(rv) { - fprintf(stderr, "ldap_create: %s\n", ldap_err2string(rv)); - exit(1); - } - rv = ldap_initialize(&gpLDAP, "ldap://mussel:389"); - if(rv) { - fprintf(stderr, "ldap_initialize: %s\n", ldap_err2string(rv)); - exit(1); - } - { int ver = LDAP_VERSION3; ldap_set_option(gpLDAP, LDAP_OPT_PROTOCOL_VERSION, &ver); } - # if 0 - rv = ldap_start_tls_s(gpLDAP, NULL, NULL); - if(rv) { - fprintf(stderr, "ldap_start_tls_s: %s\n", ldap_err2string(rv)); - exit(1); - } - # endif - { - struct berval cred; - struct berval *servcred; - cred.bv_val = "secret"; - cred.bv_len = 6; - rv = ldap_sasl_bind_s(gpLDAP, "cn=root,dc=ucc,dc=gu,dc=uwa,dc=edu,dc=au", - "", &cred, NULL, NULL, NULL); - if(rv) { - fprintf(stderr, "ldap_start_tls_s: %s\n", ldap_err2string(rv)); - exit(1); - } - } - #endif - // Create Server giServer_Socket = socket(PF_INET, SOCK_STREAM, IPPROTO_TCP); if( giServer_Socket < 0 ) { @@ -407,29 +357,16 @@ void Server_Cmd_USER(tClient *Client, char *Args) * Usage: PASS */ void Server_Cmd_PASS(tClient *Client, char *Args) -{ - uint8_t clienthash[HASH_LENGTH] = {0}; - - // Read user's hash - HexBin(clienthash, Args, HASH_LENGTH); - +{ // TODO: Decrypt password passed - Client->UID = GetUserAuth(Client->Salt, Client->Username, clienthash); + Client->UID = GetUserAuth(Client->Salt, Client->Username, Args); if( Client->UID != -1 ) { Client->bIsAuthed = 1; sendf(Client->Socket, "200 Auth OK\n"); return ; } - - if( giDebugLevel ) { - int i; - printf("Client %i: Password hash ", Client->ID); - for(i=0;iSocket, "401 Auth Failure\n"); } @@ -964,58 +901,6 @@ void Server_Cmd_USERFLAGS(tClient *Client, char *Args) sendf(Client->Socket, "200 User Updated\n"); } -/** - * \brief Authenticate a user - * \return User ID, or -1 if authentication failed - */ -int GetUserAuth(const char *Salt, const char *Username, const uint8_t *ProvidedHash) -{ - #if USE_LDAP - uint8_t h[20]; - int ofs = strlen(Username) + strlen(Salt); - char input[ ofs + 40 + 1]; - char tmp[4 + strlen(Username) + 1]; // uid=%s - char *passhash; - #endif - - #if HACK_TPG_NOAUTH - if( strcmp(Username, "tpg") == 0 ) - return GetUserID("tpg"); - #endif - #if HACK_ROOT_NOAUTH - if( strcmp(Username, "root") == 0 ) { - int ret = GetUserID("root"); - if( ret == -1 ) - return CreateUser("root"); - return ret; - } - #endif - - #if USE_LDAP - // Build string to hash - strcpy(input, Username); - strcpy(input, Salt); - - // TODO: Get user's SHA-1 hash - sprintf(tmp, "uid=%s", Username); - printf("tmp = '%s'\n", tmp); - passhash = ReadLDAPValue(tmp, "userPassword"); - if( !passhash ) { - return -1; - } - printf("LDAP hash '%s'\n", passhash); - - sprintf(input+ofs, "%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x", - h[ 0], h[ 1], h[ 2], h[ 3], h[ 4], h[ 5], h[ 6], h[ 7], h[ 8], h[ 9], - h[10], h[11], h[12], h[13], h[14], h[15], h[16], h[17], h[18], h[19] - ); - // Then create the hash from the provided salt - // Compare that with the provided hash - #endif - - return -1; -} - // --- INTERNAL HELPERS --- int sendf(int Socket, const char *Format, ...) { @@ -1040,40 +925,6 @@ int sendf(int Socket, const char *Format, ...) } } -// TODO: Move to another file -void HexBin(uint8_t *Dest, char *Src, int BufSize) -{ - int i; - for( i = 0; i < BufSize; i ++ ) - { - uint8_t val = 0; - - if('0' <= *Src && *Src <= '9') - val |= (*Src-'0') << 4; - else if('A' <= *Src && *Src <= 'F') - val |= (*Src-'A'+10) << 4; - else if('a' <= *Src && *Src <= 'f') - val |= (*Src-'a'+10) << 4; - else - break; - Src ++; - - if('0' <= *Src && *Src <= '9') - val |= (*Src-'0'); - else if('A' <= *Src && *Src <= 'F') - val |= (*Src-'A'+10); - else if('a' <= *Src && *Src <= 'f') - val |= (*Src-'a'+10); - else - break; - Src ++; - - Dest[i] = val; - } - for( ; i < BufSize; i++ ) - Dest[i] = 0; -} - /** * \brief Decode a Base64 value */ @@ -1116,40 +967,3 @@ int UnBase64(uint8_t *Dest, char *Src, int BufSize) return Src - start_src; } - -#if USE_LDAP -char *ReadLDAPValue(const char *Filter, char *Value) -{ - LDAPMessage *res, *res2; - struct berval **attrValues; - char *attrNames[] = {Value,NULL}; - char *ret; - struct timeval timeout; - int rv; - - timeout.tv_sec = 5; - timeout.tv_usec = 0; - - rv = ldap_search_ext_s(gpLDAP, "", LDAP_SCOPE_BASE, Filter, - attrNames, 0, NULL, NULL, &timeout, 1, &res - ); - printf("ReadLDAPValue: rv = %i\n", rv); - if(rv) { - fprintf(stderr, "LDAP Error reading '%s' with filter '%s'\n%s\n", - Value, Filter, - ldap_err2string(rv) - ); - return NULL; - } - - res2 = ldap_first_entry(gpLDAP, res); - attrValues = ldap_get_values_len(gpLDAP, res2, Value); - - ret = strndup(attrValues[0]->bv_val, attrValues[0]->bv_len); - - ldap_value_free_len(attrValues); - - - return ret; -} -#endif