otpauthexternal

otpauthexternal Commit Details


Date:2013-09-18 00:13:00 (11 years 3 months ago)
Author:Natalie Adams
Branch:default
Commit:9c220acc3279
Parents: 11c279922597
Message:Removing uneeded pointers
Changes:
Motp.c (7 diffs)

File differences

otp.c
191191
192192
193193
194
194
195195
196
197
198
199
200
201
202
203
204
205
196
197
198
199
200
201
202
203
204
205
206
206207
207208
208209
209
210
210211
211
212
213
214
212
213
214
215
216
215217
216218
217219
218
220
219221
220222
221223
222224
223225
224226
225
227
226228
227229
228
229
230
231
230232
231233
232234
233235
234236
235237
236
237
238
239
238240
239241
240
241
242
243
242244
243245
244246
245
246
247
248
247249
248250
249251
250252
251
252
253
254
253255
254256
255
256
257
258
257259
258260
259
260
261
262
261263
262264
263265
......
267269
268270
269271
270
271
272
273
272274
273275
274276
275277
276278
277279
278
279
280
281
280282
281283
282284
283285
284
285
286
287
288
286289
287290
288291
289
290
292
293
291294
292295
293
296
297
298
299
294300
295301
296302
......
315321
316322
317323
318
324
319325
320326
321
327
322328
323329
324330
......
336342
337343
338344
339
345
340346
341347
342348
343349
344350
345351
346
352
347353
348354
349355
350356
351357
352
358
353359
354360
355361
356362
357363
358
364
359365
360366
361367
362368
363369
364
370
365371
366372
367373
368374
369375
370
376
371377
372378
373379
374380
375381
376
382
377383
378384
379385
380386
381387
382
388
383389
384390
385391
386392
387393
388
394
389395
390396
391397
392398
393399
394400
401
402
403
404
405
406
407
408
395409
396410
397
398
411
412
399413
400414
401415
......
416430
417431
418432
419
433
420434
421
435
436
422437
423438
439
424440
425
441
426442
427443
428444
429
445
430446
431447
432448
433
434
449
450
451
435452
436453
437454
......
439456
440457
441458
442
443
459
460
461
444462
445463
446
464
447465
448466
449467
450
451
452
453
468
469
470
471
454472
455473
456474
......
462480
463481
464482
465
483
466484
467
468
485
486
487
469488
470489
471
472
490
491
492
473493
474494
475495
476
477
478
496
497
498
479499
480500
481501
char * password;
} User;
DB * initDBStruct()
DB initDBStruct()
{
DB * d = (DB *)malloc(sizeof(*d));
memset(d->dbhost, '\0', 255);
memset(d->dbname, '\0', 255);
memset(d->dbuser, '\0', 255);
memset(d->dbpass, '\0', 255);
memset(d->dbtable, '\0', 255);
strcpy(d->passfield, "password");
strcpy(d->otpfield, "otpkey");
d->dbport = 3306;
d->type = UNDEFINEDDB;
//DB * d = (DB *)malloc(sizeof(*d));
DB d;
memset(d.dbhost, '\0', 255);
memset(d.dbname, '\0', 255);
memset(d.dbuser, '\0', 255);
memset(d.dbpass, '\0', 255);
memset(d.dbtable, '\0', 255);
strcpy(d.passfield, "password");
strcpy(d.otpfield, "otpkey");
d.dbport = 3306;
d.type = UNDEFINEDDB;
return d;
}
User * initUserStruct()
User initUserStruct()
{
User * u = (User *)malloc(sizeof(*u));
u->otp = NULL;
u->password = NULL;
u->user = NULL;
//User * u = (User *)malloc(sizeof(*u));
User u;
u.otp = NULL;
u.password = NULL;
u.user = NULL;
return u;
}
User * getMySQLUser(char * user, DB * db)
User getMySQLUser(char * user, DB db)
{
char q[512];
char q2[512];
int strp = 0;
MYSQL_RES *result;
MYSQL_ROW row;
User * u;
User u;
MYSQL *con;
memset(q, '\0', 512);
if (db->type != MYSQLDB)
return NULL;
if (db.type != MYSQLDB)
return u;
con = mysql_init(NULL);
u = initUserStruct();
if (con == NULL)
{
fprintf(stderr, "%s\n", mysql_error(con));
free(u);
return NULL;
//free(u);
return u;
}
if (mysql_real_connect(con, db->dbhost, db->dbuser, db->dbpass, db->dbname,
db->dbport, NULL, 0) == NULL)
if (mysql_real_connect(con, db.dbhost, db.dbuser, db.dbpass, db.dbname,
db.dbport, NULL, 0) == NULL)
{
fprintf(stderr, "%s\n", mysql_error(con));
mysql_close(con);
free(u);
return NULL;
//free(u);
return u;
}
strncpy(q, "SELECT ", 7);
strp += 7;
strncpy(q + strp, db->passfield, strlen(db->passfield));
strp += strlen(db->passfield);
strncpy(q + strp, db.passfield, strlen(db.passfield));
strp += strlen(db.passfield);
strncpy(q + strp, ",", 1);
strp += 1;
strncpy(q + strp, db->otpfield, strlen(db->otpfield));
strp += strlen(db->otpfield);
strncpy(q + strp, db.otpfield, strlen(db.otpfield));
strp += strlen(db.otpfield);
strncpy(q + strp, " FROM ", 6);
strp += 6;
strncpy(q + strp, db->dbtable, strlen(db->dbtable));
strp += strlen(db->dbtable);
strncpy(q + strp, db.dbtable, strlen(db.dbtable));
strp += strlen(db.dbtable);
strncpy(q + strp, " WHERE login = '", 16);
strp += 16;
mysql_real_escape_string(con, q2, user, strlen(user));
if (mysql_query(con, q) > 0)
{
mysql_close(con);
free(u);
return NULL;
//free(u);
return u;
}
result = mysql_store_result(con);
if (result == 0)
{
mysql_close(con);
free(u);
return NULL;
//free(u);
return u;
}
row = mysql_fetch_row(result);
if (row != NULL)
{
u->user = user;
u->password = row[0];
u.user = user;
u.password = malloc( sizeof(char) * 255);
strcpy(u.password, row[0]);
} else {
mysql_free_result(result);
mysql_close(con);
free(u);
return NULL;
//free(u);
return u;
}
if (strcmp(row[1], "") != 0)
u->otp = row[1];
{
u.otp = malloc( sizeof(char) * 255);
strcpy(u.otp, row[1]);
}
mysql_free_result(result);
mysql_close(con);
// future
// linger 300
DB * readConfig(char * config_path)
DB readConfig(char * config_path)
{
FILE *ifp;
DB * d;
DB d;
char config[255];
char value[255];
ifp = fopen(config_path, "r");
{
if (strcmp(value, "mysql") == 0)
{
d->type = MYSQLDB;
d.type = MYSQLDB;
}
continue;
}
if (strcmp(config, "dbhost") == 0)
{
strcpy(d->dbhost, value);
strcpy(d.dbhost, value);
continue;
}
if (strcmp(config, "dbport") == 0)
{
sprintf(value, "%d", &d->dbport);
sprintf(value, "%d", &d.dbport);
continue;
}
if (strcmp(config, "dbuser") == 0)
{
strcpy(d->dbuser, value);
strcpy(d.dbuser, value);
continue;
}
if (strcmp(config, "dbpass") == 0)
{
strcpy(d->dbpass, value);
strcpy(d.dbpass, value);
continue;
}
if (strcmp(config, "dbtable") == 0)
{
strcpy(d->dbtable, value);
strcpy(d.dbtable, value);
continue;
}
if (strcmp(config, "dbname") == 0)
{
strcpy(d->dbname, value);
strcpy(d.dbname, value);
continue;
}
if (strcmp(config, "dbpassfield") == 0)
{
strcpy(d->passfield, value);
strcpy(d.passfield, value);
continue;
}
if (strcmp(config, "dbotpfield") == 0)
{
strcpy(d->otpfield, value);
strcpy(d.otpfield, value);
continue;
}
}
return d;
}
void freemem(User u)
{
if (u.password != NULL)
free(u.password);
if (u.otp != NULL)
free(u.otp);
}
int authotp(char * user_name, char * user_passwd) //, char * config_path)
{
DB * db;
User * user;
DB db;
User user;
unsigned char outHash[20];
char * ret;
char * ret2;
//db = readConfig(getenv("OTPCONFIG"));
db = readConfig("/etc/apache2/configotp");
user = getMySQLUser(user_name, db);
if (user == NULL)
if (user.user == NULL)
{
free(db);
//free(db);
freemem(user);
exit(1);
}
// if user does not have a OTP set - just verify password
if (user->otp == NULL)
if (user.otp == NULL)
{
hash("SHA1", user_passwd, strlen(user_passwd), outHash);
ret = b64encode(outHash, 20);
if (strcmp(ret, user->password) == 0)
if (strcmp(ret, user.password) == 0)
retcode = 0;
else
retcode = 1;
free(db);
free(user);
//free(db);
//free(user);
freemem(user);
exit(retcode);
} else {
// password should be in the form {OTP}{PASSWORD}
if (strlen(user_passwd) < 7) // 6 OTP digits and 1 char for password
{
printf("password not long enough!");
free(db);
free(user);
//free(db);
//free(user);
freemem(user);
exit(1);
}
for(keylen = 0; keylen < sizeof(newkey) && user->otp[ik] != '\0'; keylen++)
for(keylen = 0; keylen < sizeof(newkey) && user.otp[ik] != '\0'; keylen++)
{
for(i = 0; i < 2; i++)
{
if (isdigit(user->otp[ik]))
nibs[i] = user->otp[ik] - '0';
else if (isxdigit(user->otp[ik]))
nibs[i] = tolower(user->otp[ik]) - 'a' + 10;
if (isdigit(user.otp[ik]))
nibs[i] = user.otp[ik] - '0';
else if (isxdigit(user.otp[ik]))
nibs[i] = tolower(user.otp[ik]) - 'a' + 10;
ik++;
}
newkey[keylen] = (nibs[0] << 4) | nibs[1];
strcpy(password, user_passwd + 6);
hash("SHA1", password, strlen(password), outHash);
ret2 = b64encode(outHash, 20);
if (strcmp(ret2, user->password) == 0 && strcmp(buf10, inotp) == 0)
if (strcmp(ret2, user.password) == 0 && strcmp(buf10, inotp) == 0)
{
free(user);
free(db);
//free(user);
//free(db);
freemem(user);
exit(0);
} else {
free(user);
free(db);
//free(user);
//free(db);
freemem(user);
exit(1);
}
}
free(user);
free(db);
//free(user);
//free(db);
freemem(user);
return 0;
}

Archive Download the corresponding diff file

Branches

Tags

Page rendered in 0.41553s using 14 queries.