From dce0ef0f3c15f9e38e57d4a14c904c339affac4e Mon Sep 17 00:00:00 2001
From: John Hodge <tpg@mutabah.net>
Date: Sat, 4 Dec 2010 17:43:22 +0800
Subject: [PATCH] Working on password-based user auth

---
 proto.txt                 |  2 +-
 src/client/Makefile       |  2 +-
 src/client/main.c         | 56 ++++++++++++++++++++++++++++++++++++---
 src/cokebank_basic/main.c | 14 +---------
 src/server/Makefile       |  2 +-
 src/server/common.h       |  1 -
 src/server/handler_door.c |  4 +--
 src/server/server.c       | 40 +++++++++++++++++++++++++++-
 8 files changed, 97 insertions(+), 24 deletions(-)

diff --git a/proto.txt b/proto.txt
index 1619830..e68ed76 100644
--- a/proto.txt
+++ b/proto.txt
@@ -27,7 +27,7 @@ general they will be limited to the standard alpha-numeric set
 === User Auth ===
 c	USER <username>\n
 s	100 SALT <string>\n or 100 User Set\n	(If no salt used)
-c	PASS <hash>\n	(Hex-Encoded SHA-512 Hash of <username><salt><password>)
+c	PASS <hash>\n	(Hex-Encoded SHA-1 Hash of <username><salt><password>)
 s	200 Auth OK\n or 401 Auth Failure\n
 User is now authenticated
 --- Alternate Method (Implicit Trust Authentication) ---
diff --git a/src/client/Makefile b/src/client/Makefile
index 8c376c3..eda60fe 100644
--- a/src/client/Makefile
+++ b/src/client/Makefile
@@ -1,6 +1,6 @@
 
 CFLAGS := -Wall -Werror -g
-LDFLAGS := -g -lncurses
+LDFLAGS := -g -lncurses -lssl
 
 BIN := ../../dispense
 OBJ := main.o
diff --git a/src/client/main.c b/src/client/main.c
index 1f38f7e..c82d12d 100644
--- a/src/client/main.c
+++ b/src/client/main.c
@@ -22,6 +22,7 @@
 #include <sys/socket.h>
 #include <netinet/in.h>
 #include <arpa/inet.h>
+#include <openssl/sha.h>	// SHA1
 
 // === TYPES ===
 typedef struct sItem {
@@ -46,8 +47,7 @@ char	*gsDispenseServer = "localhost";
  int	giDispensePort = 11020;
 tItem	*gaItems;
  int	giNumItems;
-regex_t	gArrayRegex;
-regex_t	gItemRegex;
+regex_t	gArrayRegex, gItemRegex, gSaltRegex;
 
 // === CODE ===
 int main(int argc, char *argv[])
@@ -61,6 +61,8 @@ int main(int argc, char *argv[])
 	CompileRegex(&gArrayRegex, "^([0-9]{3})\\s+([A-Za-z]+)\\s+([0-9]+)", REG_EXTENDED);	//
 	// > Code Type Ident Price Desc
 	CompileRegex(&gItemRegex, "^([0-9]{3})\\s+(.+?)\\s+(.+?)\\s+([0-9]+)\\s+(.+)$", REG_EXTENDED);
+	// > Code 'SALT' salt
+	CompileRegex(&gSaltRegex, "^([0-9]{3})\\s+(.+)\\s+(.+)$", REG_EXTENDED);
 	
 	// Connect to server
 	sock = OpenConnection(gsDispenseServer, giDispensePort);
@@ -156,8 +158,6 @@ int main(int argc, char *argv[])
 		printf("%3i %s\n", gaItems[i].Price, gaItems[i].Desc);
 	}
 	
-	Authenticate(sock);
-	
 	// and choose what to dispense
 	// TODO: ncurses interface (with separation between item classes)
 	// - Hmm... that would require standardising the item ID to be <class>:<index>
@@ -194,6 +194,8 @@ int main(int argc, char *argv[])
 	}
 	#endif
 	
+	Authenticate(sock);
+	
 	if( i >= 0 )
 	{	
 		// Dispense!
@@ -483,6 +485,8 @@ void Authenticate(int Socket)
 	struct passwd	*pwd;
 	char	buf[512];
 	 int	responseCode;
+	char	salt[32];
+	regmatch_t	matches[4];
 	
 	// Get user name
 	pwd = getpwuid( getuid() );
@@ -500,6 +504,50 @@ void Authenticate(int Socket)
 	case 200:	// Authenticated, return :)
 		return ;
 	case 401:	// Untrusted, attempt password authentication
+		sendf(Socket, "USER %s\n", pwd->pw_name);
+		printf("Using username %s\n", pwd->pw_name);
+		
+		recv(Socket, buf, 511, 0);
+		trim(buf);
+		// TODO: Get Salt
+		// Expected format: 100 SALT <something> ...
+		// OR             : 100 User Set
+		printf("string = '%s'\n", buf);
+		RunRegex(&gSaltRegex, buf, 4, matches, "Malformed server response");
+		if( atoi(buf) != 100 ) {
+			exit(-1);	// ERROR
+		}
+		if( memcmp( buf+matches[2].rm_so, "SALT", matches[2].rm_eo - matches[2].rm_so) == 0) {
+			// Set salt
+			memcpy( salt, buf + matches[3].rm_so, matches[3].rm_eo - matches[3].rm_so );
+			salt[ matches[3].rm_eo - matches[3].rm_so ] = 0;
+			printf("Salt: '%s'\n", salt);
+		}
+		
+		fflush(stdout);
+		{
+			 int	ofs = strlen(pwd->pw_name)+strlen(salt);
+			char	tmp[ofs+20];
+			char	*pass = getpass("Password: ");
+			uint8_t	h[20];
+			
+			strcpy(tmp, pwd->pw_name);
+			strcat(tmp, salt);
+			SHA1( (unsigned char*)pass, strlen(pass), h );
+			memcpy(tmp+ofs, h, 20);
+			
+			// Hash all that
+			SHA1( (unsigned char*)tmp, ofs+20, h );
+			sprintf(buf, "%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x",
+				h[ 0], h[ 1], h[ 2], h[ 3], h[ 4], h[ 5], h[ 6], h[ 7], h[ 8], h[ 9],
+				h[10], h[11], h[12], h[13], h[14], h[15], h[16], h[17], h[18], h[19]
+				);
+			printf("Final hash: '%s'\n", buf);
+			fflush(stdout);	// Debug
+		}
+		
+		sendf(Socket, "PASS %s\n", buf);
+		recv(Socket, buf, 511, 0);
 		break;
 	case 404:	// Bad Username
 		fprintf(stderr, "Bad Username '%s'\n", pwd->pw_name);
diff --git a/src/cokebank_basic/main.c b/src/cokebank_basic/main.c
index 96888c0..62d49b8 100644
--- a/src/cokebank_basic/main.c
+++ b/src/cokebank_basic/main.c
@@ -11,6 +11,7 @@
 #include <stdio.h>
 #include <pwd.h>
 #include <string.h>
+#include <openssl/sha.h>
 #include "common.h"
 
 #define HACK_TPG_NOAUTH	1
@@ -132,16 +133,3 @@ int GetUserID(const char *Username)
 	return ret;
 }
 
-/**
- * \brief Authenticate a user
- * \return User ID, or -1 if authentication failed
- */
-int GetUserAuth(const char *Username, const char *Password)
-{
-	#if HACK_TPG_NOAUTH
-	if( strcmp(Username, "tpg") == 0 )
-		return GetUserID("tpg");
-	#endif
-	return -1;
-}
-
diff --git a/src/server/Makefile b/src/server/Makefile
index 10e64eb..85678a8 100644
--- a/src/server/Makefile
+++ b/src/server/Makefile
@@ -3,7 +3,7 @@
 
 OBJ := main.o server.o logging.o
 OBJ += dispense.o itemdb.o
-OBJ += handler_coke.o handler_snack.o
+OBJ += handler_coke.o handler_snack.o handler_door.o
 BIN := ../../dispsrv
 
 LINKFLAGS := -g ../../cokebank.so
diff --git a/src/server/common.h b/src/server/common.h
index d790c82..f2eea0c 100644
--- a/src/server/common.h
+++ b/src/server/common.h
@@ -73,6 +73,5 @@ extern int	Transfer(int SourceUser, int DestUser, int Ammount, const char *Reaso
 extern int	GetBalance(int User);
 extern char	*GetUserName(int User);
 extern int	GetUserID(const char *Username);
-extern int	GetUserAuth(const char *Username, const char *Password);
 
 #endif
diff --git a/src/server/handler_door.c b/src/server/handler_door.c
index c132e07..1ffcc85 100644
--- a/src/server/handler_door.c
+++ b/src/server/handler_door.c
@@ -57,12 +57,12 @@ int Door_CanDispense(int User, int Item)
  */
 int Door_DoDispense(int User, int Item)
 {
-	char	tmp[32], *status;
-	regmatch_t	matches[4];
 
 	// Sanity please
 	if( Item != 0 )	return -1;
 	
+	// Check if user is in door
+	
 	// llogin or other
 
 	return 0;
diff --git a/src/server/server.c b/src/server/server.c
index 44f3fa7..5d375ee 100644
--- a/src/server/server.c
+++ b/src/server/server.c
@@ -50,6 +50,7 @@ char	*Server_Cmd_ENUMITEMS(tClient *Client, char *Args);
 char	*Server_Cmd_ITEMINFO(tClient *Client, char *Args);
 char	*Server_Cmd_DISPENSE(tClient *Client, char *Args);
 // --- Helpers ---
+ int	GetUserAuth(const char *Salt, const char *Username, const uint8_t *Hash);
 void	HexBin(uint8_t *Dest, char *Src, int BufSize);
 
 // === GLOBALS ===
@@ -307,7 +308,7 @@ char *Server_Cmd_PASS(tClient *Client, char *Args)
 	
 	// TODO: Decrypt password passed
 	
-	Client->UID = GetUserAuth(Client->Username, "");
+	Client->UID = GetUserAuth(Client->Salt, Client->Username, clienthash);
 
 	if( Client->UID != -1 ) {
 		Client->bIsAuthed = 1;
@@ -503,6 +504,43 @@ char *Server_Cmd_GIVE(tClient *Client, char *Args)
 	}
 }
 
+/**
+ * \brief Authenticate a user
+ * \return User ID, or -1 if authentication failed
+ */
+int GetUserAuth(const char *Salt, const char *Username, const uint8_t *ProvidedHash)
+{
+	#if 0
+	uint8_t	h[20];
+	 int	ofs = strlen(Username) + strlen(Salt);
+	char	input[ ofs + 40 + 1];
+	char	tmp[4 + strlen(Username) + 1];	// uid=%s
+	#endif
+	
+	#if HACK_TPG_NOAUTH
+	if( strcmp(Username, "tpg") == 0 )
+		return GetUserID("tpg");
+	#endif
+	
+	#if 0
+	//
+	strcpy(input, Username);
+	strcpy(input, Salt);
+	// TODO: Get user's SHA-1 hash
+	sprintf(tmp, "uid=%s", Username);
+	ldap_search_s(ld, "", LDAP_SCOPE_BASE, tmp, "userPassword", 0, res);
+	
+	sprintf(input+ofs, "%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x",
+		h[ 0], h[ 1], h[ 2], h[ 3], h[ 4], h[ 5], h[ 6], h[ 7], h[ 8], h[ 9],
+		h[10], h[11], h[12], h[13], h[14], h[15], h[16], h[17], h[18], h[19]
+		);
+	// Then create the hash from the provided salt
+	// Compare that with the provided hash
+	#endif
+	
+	return -1;
+}
+
 // --- INTERNAL HELPERS ---
 // TODO: Move to another file
 void HexBin(uint8_t *Dest, char *Src, int BufSize)
-- 
2.20.1