Dariaceli's Git
Browse code

fix typo in comments

Dario Rodriguez authored on 23/07/2014 16:48:27
Showing 1 changed files
src/kakumei_session.c
History View file @ f9834c6
... ... 
@@ -4,7 +4,7 @@
4 4 
  * Session handling for kakumei.
5 5 
  *
6 6 
  * Author: Dario Rodriguez dario@softhome.net
7 
- * This progran is licensed under the terms of the Affero GPL v1+
7 
+ * This program is licensed under the terms of the Affero GPL v1+
8 8 
  */
9 9
10 10 
 #include <sys/stat.h>
Browse code

add authid cookie to complement the session in QUERY_STRING

Dario Rodriguez authored on 13/07/2014 21:41:07
Showing 1 changed files
src/kakumei_session.c
History View file @ 84929fe
... ... 
@@ -18,21 +18,22 @@
18 18 
 #include "kakumei_session.h"
19 19
20 20 
 char *
21 
-session_new(kakumei *ka, char *user, char *session, int sessionsize)
21 
+session_new(kakumei *ka, char *user, char *session, int sessionsize, char *authid, int authidsize)
22 22 
 {
23 23 
         static int init=0;
24 24 
         MHASH td;
25 25 
         struct timeval tv;
26 26 
         struct timezone tz;
27 
-        int i;
27 
+        int i,k;
28 28 
         long n;
29 29 
         char c;
30 30 
         char binhash[32];
31 31 
         char filename[1024];
32 32 
         int len;
33 33 
         int fd;
34 
-        char oldsession[SESSIONSIZE];
35 
-        if(ka==NULL || user==NULL || session==NULL || sessionsize<SESSIONSIZE || kakumei_uservalid(ka,user)!=0)
34 
+        int authidlen;
35 
+        char oldsession[SESSIONSIZE+1];
36 
+        if(ka==NULL || user==NULL || session==NULL || sessionsize<(SESSIONSIZE+1) || authidsize<(AUTHIDSIZE+1)|| kakumei_uservalid(ka,user)!=0)
36 37 
                 return(NULL);
37 38 
         if(init==0) {
38 39 
                 gettimeofday(&tv,&tz);
... ... 
@@ -50,7 +51,7 @@ session_new(kakumei *ka, char *user, char *session, int sessionsize)
50 51 
                 mhash(td,&n,sizeof(n));
51 52 
         }
52 53 
         mhash_deinit(td,&binhash);
53 
-        for(i=0;i<sizeof(binhash) && i<SESSIONSIZE;i++) {
54 
+        for(i=0;i<sizeof(binhash) && i<(SESSIONSIZE/2);i++) {
54 55 
                 c=(((unsigned char *)binhash)[i]>>4);
55 56 
                 c=(c>=10)?(c-10+'a'):c+'0';
56 57 
                 session[i<<1]=c;
... ... 
@@ -58,7 +59,16 @@ session_new(kakumei *ka, char *user, char *session, int sessionsize)
58 59 
                 c=(c>=10)?(c-10+'a'):c+'0';
59 60 
                 session[(i<<1)+1]=c;
60 61 
         }
61 
-        session[SESSIONSIZE-1]='\0';
62 
+        session[SESSIONSIZE]='\0';
63 
+        for(k=0;i<sizeof(binhash) && k<(AUTHIDSIZE/2);i++,k++) {
64 
+                c=(((unsigned char *)binhash)[i]>>4);
65 
+                c=(c>=10)?(c-10+'a'):c+'0';
66 
+                authid[k<<1]=c;
67 
+                c=(((unsigned char *)binhash)[i]&0xf);
68 
+                c=(c>=10)?(c-10+'a'):c+'0';
69 
+                authid[(k<<1)+1]=c;
70 
+        }
71 
+        authid[AUTHIDSIZE]='\0';
62 72 
         /* save the hash */
63 73 
         mkdir(DATADIR,0700);
64 74 
         mkdir(SESSIONSDIR,0700);
... ... 
@@ -67,7 +77,8 @@ session_new(kakumei *ka, char *user, char *session, int sessionsize)
67 77 
         if((fd=open(filename,O_WRONLY|O_TRUNC|O_CREAT,0600))==-1)
68 78 
                 return(NULL);
69 79 
         len=strlen(user);
70 
-        if(write(fd,user,len)!=len) {
80 
+        authidlen=strlen(authid);
81 
+        if(write(fd,user,len)!=len || write(fd,"\n",1)!=1 || write(fd,authid,authidlen)!=authidlen) {
71 82 
                 close(fd),fd=-1;
72 83 
                 return(NULL);
73 84 
         }
... ... 
@@ -93,11 +104,14 @@ session_new(kakumei *ka, char *user, char *session, int sessionsize)
93 104 
 }
94 105
95 106 
 char *
96 
-session_check(kakumei *ka, char *session, char *user, int usersize)
107 
+session_check(kakumei *ka, char *session, char *authid, char *user, int usersize)
97 108 
 {
98 109 
         int i;
99 110 
         int fd;
100 111 
         char filename[1024];
112 
+        char sesbuf[MAXUSERSIZE+AUTHIDSIZE+2];
113 
+        char *sep;
114 
+        int len;
101 115 
         if(ka==NULL || session==NULL || session[0]=='\0' || user==NULL || usersize<(MAXUSERSIZE+1))
102 116 
                 return(NULL);
103 117 
         for(i=0;session[i]!='\0';i++) {
... ... 
@@ -110,11 +124,25 @@ session_check(kakumei *ka, char *session, char *user, int usersize)
110 124 
         filename[sizeof(filename)-1]='\0';
111 125 
         if((fd=open(filename,O_RDONLY))==-1)
112 126 
                 return(NULL);
113 
-        memset(user,0,usersize);
114 
-        read(fd,user,usersize-1);
127 
+        memset(sesbuf,0,sizeof(sesbuf));
128 
+        read(fd,sesbuf,sizeof(sesbuf));
129 
+        sesbuf[sizeof(sesbuf)-1]='\0';
115 130 
         close(fd),fd=-1;
131 
+        if((sep=strchr(sesbuf,'\n'))==NULL)
132 
+                return(NULL); /* invalid format */
133 
+        *sep='\0';
134 
+        memset(user,0,usersize);
135 
+        strncpy(user,sesbuf,usersize);
136 
+        user[usersize-1]='\0';
137 
+        /* position sep to authid and trim the last '\n' if it exists */
138 
+        sep++;
139 
+        if((len=strlen(sep))>0 && sep[len-1]=='\n')
140 
+                sep[len-1]='\0';
141 
+        /* check validity */
142 
+        if(strcmp(authid,sep)!=0)
143 
+                return(NULL); /* authid doesn't match */
116 144 
         if(kakumei_uservalid(ka,user)!=0)
117 
-                return(NULL);
145 
+                return(NULL); /* invalid user */
118 146 
         return(user);
119 147 
 }
120 148
Browse code

add the editor and the posts part

Dario Rodriguez authored on 26/06/2014 22:41:33
Showing 1 changed files
src/kakumei_session.c
History View file @ 966a3c7
... ... 
@@ -110,7 +110,7 @@ session_check(kakumei *ka, char *session, char *user, int usersize)
110 110 
         filename[sizeof(filename)-1]='\0';
111 111 
         if((fd=open(filename,O_RDONLY))==-1)
112 112 
                 return(NULL);
113 
-        memset(user,0,sizeof(usersize));
113 
+        memset(user,0,usersize);
114 114 
         read(fd,user,usersize-1);
115 115 
         close(fd),fd=-1;
116 116 
         if(kakumei_uservalid(ka,user)!=0)
Browse code

fix session handling (wasn't deleting old sessions)

Dario Rodriguez authored on 26/06/2014 19:29:31
Showing 1 changed files
src/kakumei_session.c
History View file @ 94b5403
... ... 
@@ -13,6 +13,7 @@
13 13 
 #include <fcntl.h>
14 14 
 #include <time.h>
15 15 
 #include <mhash.h>
16 
+#include "loglib.h"
16 17 
 #include "kakumei.h"
17 18 
 #include "kakumei_session.h"
18 19
... ... 
@@ -49,7 +50,7 @@ session_new(kakumei *ka, char *user, char *session, int sessionsize)
49 50 
                 mhash(td,&n,sizeof(n));
50 51 
         }
51 52 
         mhash_deinit(td,&binhash);
52 
-        for(i=0;i<sizeof(binhash);i++) {
53 
+        for(i=0;i<sizeof(binhash) && i<SESSIONSIZE;i++) {
53 54 
                 c=(((unsigned char *)binhash)[i]>>4);
54 55 
                 c=(c>=10)?(c-10+'a'):c+'0';
55 56 
                 session[i<<1]=c;
... ... 
@@ -57,7 +58,7 @@ session_new(kakumei *ka, char *user, char *session, int sessionsize)
57 58 
                 c=(c>=10)?(c-10+'a'):c+'0';
58 59 
                 session[(i<<1)+1]=c;
59 60 
         }
60 
-        session[sizeof(binhash)]='\0';
61 
+        session[SESSIONSIZE-1]='\0';
61 62 
         /* save the hash */
62 63 
         mkdir(DATADIR,0700);
63 64 
         mkdir(SESSIONSDIR,0700);
... ... 
@@ -100,7 +101,7 @@ session_check(kakumei *ka, char *session, char *user, int usersize)
100 101 
         if(ka==NULL || session==NULL || session[0]=='\0' || user==NULL || usersize<(MAXUSERSIZE+1))
101 102 
                 return(NULL);
102 103 
         for(i=0;session[i]!='\0';i++) {
103 
-                if(!(session[i]>='0' && session[i]<='0') &&
104 
+                if(!(session[i]>='0' && session[i]<='9') &&
104 105 
                    !(session[i]>='a' && session[i]<='f')) {
105 106 
                         return(NULL);
106 107 
                 }
... ... 
@@ -125,7 +126,7 @@ session_del(kakumei *ka, char *session)
125 126 
         if(ka==NULL || session==NULL || session[0]=='\0')
126 127 
                 return(-1);
127 128 
         for(i=0;session[i]!='\0';i++) {
128 
-                if(!(session[i]>='0' && session[i]<='0') &&
129 
+                if(!(session[i]>='0' && session[i]<='9') &&
129 130 
                    !(session[i]>='a' && session[i]<='f')) {
130 131 
                         return(-1);
131 132 
                 }
Browse code

fix password processing (workaround to issues with libscrypt: don't use scrypt_hash, check that the salt is small)

Dario Rodriguez authored on 26/06/2014 11:58:59
Showing 1 changed files
src/kakumei_session.c
History View file @ 13b4e7d
... ... 
@@ -51,10 +51,10 @@ session_new(kakumei *ka, char *user, char *session, int sessionsize)
51 51 
         mhash_deinit(td,&binhash);
52 52 
         for(i=0;i<sizeof(binhash);i++) {
53 53 
                 c=(((unsigned char *)binhash)[i]>>4);
54 
-                c=(c>=10)?(c-10+'a'):c;
54 
+                c=(c>=10)?(c-10+'a'):c+'0';
55 55 
                 session[i<<1]=c;
56 56 
                 c=(((unsigned char *)binhash)[i]&0xf);
57 
-                c=(c>=10)?(c-10+'a'):c;
57 
+                c=(c>=10)?(c-10+'a'):c+'0';
58 58 
                 session[(i<<1)+1]=c;
59 59 
         }
60 60 
         session[sizeof(binhash)]='\0';
... ... 
@@ -72,6 +72,8 @@ session_new(kakumei *ka, char *user, char *session, int sessionsize)
72 72 
         }
73 73 
         close(fd),fd=-1;
74 74 
         /* delete the previous session of the user */
75 
+        mkdir(DATADIR,0700);
76 
+        mkdir(USERSDIR,0700);
75 77 
         snprintf(filename,sizeof(filename)-1,"%s/%s/session",USERSDIR,user);
76 78 
         filename[sizeof(filename)-1]='\0';
77 79 
         if((fd=open(filename,O_RDONLY))!=-1) {
Browse code

implement kakumei_session.c

Dario Rodriguez authored on 25/06/2014 20:18:39
Showing 1 changed files
src/kakumei_session.c
History View file @ a931e92
... ... 
@@ -9,24 +9,128 @@
9 9
10 10 
 #include <sys/stat.h>
11 11 
 #include <sys/types.h>
12 
+#include <sys/time.h>
13 
+#include <fcntl.h>
14 
+#include <time.h>
15 
+#include <mhash.h>
12 16 
 #include "kakumei.h"
13 17 
 #include "kakumei_session.h"
14 18
15 19 
 char *
16 20 
 session_new(kakumei *ka, char *user, char *session, int sessionsize)
17 21 
 {
22 
+        static int init=0;
23 
+        MHASH td;
24 
+        struct timeval tv;
25 
+        struct timezone tz;
26 
+        int i;
27 
+        long n;
28 
+        char c;
29 
+        char binhash[32];
30 
+        char filename[1024];
31 
+        int len;
32 
+        int fd;
33 
+        char oldsession[SESSIONSIZE];
34 
+        if(ka==NULL || user==NULL || session==NULL || sessionsize<SESSIONSIZE || kakumei_uservalid(ka,user)!=0)
35 
+                return(NULL);
36 
+        if(init==0) {
37 
+                gettimeofday(&tv,&tz);
38 
+                srandom(tv.tv_sec+getpid()+tv.tv_usec);
39 
+                init=1;
40 
+        }
41 
+        /* generate a not-entirely-trivial-to-guess hash */
42 
+        if((td=mhash_init(MHASH_SHA256))==MHASH_FAILED)
43 
+                return(NULL);
44 
+        gettimeofday(&tv,&tz);
45 
+        mhash(td,&tv,sizeof(tv));
46 
+        mhash(td,user,strlen(user));
47 
+        for(i=0;i<20;i++) {
48 
+                n=random();
49 
+                mhash(td,&n,sizeof(n));
50 
+        }
51 
+        mhash_deinit(td,&binhash);
52 
+        for(i=0;i<sizeof(binhash);i++) {
53 
+                c=(((unsigned char *)binhash)[i]>>4);
54 
+                c=(c>=10)?(c-10+'a'):c;
55 
+                session[i<<1]=c;
56 
+                c=(((unsigned char *)binhash)[i]&0xf);
57 
+                c=(c>=10)?(c-10+'a'):c;
58 
+                session[(i<<1)+1]=c;
59 
+        }
60 
+        session[sizeof(binhash)]='\0';
61 
+        /* save the hash */
18 62 
         mkdir(DATADIR,0700);
19 63 
         mkdir(SESSIONSDIR,0700);
20 
-
64 
+        snprintf(filename,sizeof(filename)-1,"%s/%s",SESSIONSDIR,session);
65 
+        filename[sizeof(filename)-1]='\0';
66 
+        if((fd=open(filename,O_WRONLY|O_TRUNC|O_CREAT,0600))==-1)
67 
+                return(NULL);
68 
+        len=strlen(user);
69 
+        if(write(fd,user,len)!=len) {
70 
+                close(fd),fd=-1;
71 
+                return(NULL);
72 
+        }
73 
+        close(fd),fd=-1;
74 
+        /* delete the previous session of the user */
75 
+        snprintf(filename,sizeof(filename)-1,"%s/%s/session",USERSDIR,user);
76 
+        filename[sizeof(filename)-1]='\0';
77 
+        if((fd=open(filename,O_RDONLY))!=-1) {
78 
+                memset(oldsession,0,sizeof(oldsession));
79 
+                read(fd,oldsession,sizeof(oldsession)-1);
80 
+                close(fd),fd=-1;
81 
+                session_del(ka,oldsession);
82 
+        }
83 
+        /* write the current session */
84 
+        if((fd=open(filename,O_WRONLY|O_TRUNC|O_CREAT,0600))!=-1) {
85 
+                write(fd,session,strlen(session));
86 
+                close(fd),fd=-1;
87 
+        }
88 
+        /* success */
89 
+        return(session);
21 90 
 }
22 91
23 
-int
24 
-session_check(kakumei *ka, char *session)
92 
+char *
93 
+session_check(kakumei *ka, char *session, char *user, int usersize)
25 94 
 {
95 
+        int i;
96 
+        int fd;
97 
+        char filename[1024];
98 
+        if(ka==NULL || session==NULL || session[0]=='\0' || user==NULL || usersize<(MAXUSERSIZE+1))
99 
+                return(NULL);
100 
+        for(i=0;session[i]!='\0';i++) {
101 
+                if(!(session[i]>='0' && session[i]<='0') &&
102 
+                   !(session[i]>='a' && session[i]<='f')) {
103 
+                        return(NULL);
104 
+                }
105 
+        }
106 
+        snprintf(filename,sizeof(filename)-1,"%s/%s",SESSIONSDIR,session);
107 
+        filename[sizeof(filename)-1]='\0';
108 
+        if((fd=open(filename,O_RDONLY))==-1)
109 
+                return(NULL);
110 
+        memset(user,0,sizeof(usersize));
111 
+        read(fd,user,usersize-1);
112 
+        close(fd),fd=-1;
113 
+        if(kakumei_uservalid(ka,user)!=0)
114 
+                return(NULL);
115 
+        return(user);
26 116 
 }
27 117
28 118 
 int
29 119 
 session_del(kakumei *ka, char *session)
30 120 
 {
121 
+        int i;
122 
+        char filename[1024];
123 
+        if(ka==NULL || session==NULL || session[0]=='\0')
124 
+                return(-1);
125 
+        for(i=0;session[i]!='\0';i++) {
126 
+                if(!(session[i]>='0' && session[i]<='0') &&
127 
+                   !(session[i]>='a' && session[i]<='f')) {
128 
+                        return(-1);
129 
+                }
130 
+        }
131 
+        snprintf(filename,sizeof(filename)-1,"%s/%s",SESSIONSDIR,session);
132 
+        filename[sizeof(filename)-1]='\0';
133 
+        unlink(filename);
134 
+        return(0);
31 135 
 }
32 136
Browse code

implement kakumei_pass, add ÃÃlibscrypt to Makefile

Dario Rodriguez authored on 25/06/2014 19:22:09
Showing 1 changed files
src/kakumei_session.c
History View file @ c446149
... ... 
@@ -7,12 +7,16 @@
7 7 
  * This progran is licensed under the terms of the Affero GPL v1+
8 8 
  */
9 9
10 
+#include <sys/stat.h>
11 
+#include <sys/types.h>
10 12 
 #include "kakumei.h"
11 13 
 #include "kakumei_session.h"
12 14
13 15 
 char *
14 16 
 session_new(kakumei *ka, char *user, char *session, int sessionsize)
15 17 
 {
18 
+        mkdir(DATADIR,0700);
19 
+        mkdir(SESSIONSDIR,0700);
16 20
17 21 
 }
18 22
Browse code

put session handling in separate source file

Dario Rodriguez authored on 25/06/2014 17:02:32
Showing 1 changed files
src/kakumei_session.c
History View file @ 0104d9f
1 1 
new file mode 100644
... ... 
@@ -0,0 +1,28 @@
1 
+/*
2 
+ * kakumei_session.c
3 
+ *
4 
+ * Session handling for kakumei.
5 
+ *
6 
+ * Author: Dario Rodriguez dario@softhome.net
7 
+ * This progran is licensed under the terms of the Affero GPL v1+
8 
+ */
9 
+
10 
+#include "kakumei.h"
11 
+#include "kakumei_session.h"
12 
+
13 
+char *
14 
+session_new(kakumei *ka, char *user, char *session, int sessionsize)
15 
+{
16 
+
17 
+}
18 
+
19 
+int
20 
+session_check(kakumei *ka, char *session)
21 
+{
22 
+}
23 
+
24 
+int
25 
+session_del(kakumei *ka, char *session)
26 
+{
27 
+}
28 
+