author | Michael Krelin <hacker@klever.net> | 2009-04-06 20:27:39 (UTC) |
---|---|---|
committer | Michael Krelin <hacker@klever.net> | 2009-04-06 20:27:39 (UTC) |
commit | 51d8a8a4ac6ef6096c393fd602df34c6bf8f6366 (patch) (unidiff) | |
tree | 8126f60fac6562b14c965e41d19983d81312638a /src/eyetil.cc | |
parent | de964540e5a58b3a9195c642ef7a0745ee3b2344 (diff) | |
download | iii-51d8a8a4ac6ef6096c393fd602df34c6bf8f6366.zip iii-51d8a8a4ac6ef6096c393fd602df34c6bf8f6366.tar.gz iii-51d8a8a4ac6ef6096c393fd602df34c6bf8f6366.tar.bz2 |
better nonce generation and session credentials verification
based on the patch from Chris Davies
Signed-off-by: Michael Krelin <hacker@klever.net>
-rw-r--r-- | src/eyetil.cc | 17 |
1 files changed, 17 insertions, 0 deletions
diff --git a/src/eyetil.cc b/src/eyetil.cc index fe816a6..7669cb6 100644 --- a/src/eyetil.cc +++ b/src/eyetil.cc | |||
@@ -1,146 +1,163 @@ | |||
1 | #include <stdlib.h> | 1 | #include <stdlib.h> |
2 | #include <sys/stat.h> | 2 | #include <sys/stat.h> |
3 | #include <syslog.h> | 3 | #include <syslog.h> |
4 | #include <iostream> | 4 | #include <iostream> |
5 | #include <cassert> | 5 | #include <cassert> |
6 | #include <stdexcept> | 6 | #include <stdexcept> |
7 | #include <algorithm> | 7 | #include <algorithm> |
8 | #include <numeric> | 8 | #include <numeric> |
9 | #include <openssl/md5.h> | 9 | #include <openssl/md5.h> |
10 | #include "eyetil.h" | 10 | #include "eyetil.h" |
11 | 11 | ||
12 | #include "config.h" | ||
13 | #ifdef HAVE_LIBUUID | ||
14 | # include <uuid/uuid.h> | ||
15 | #endif | ||
16 | |||
12 | binary_t& binary_t::from_hex(const std::string& h) { | 17 | binary_t& binary_t::from_hex(const std::string& h) { |
13 | std::string::size_type hs = h.length(); | 18 | std::string::size_type hs = h.length(); |
14 | if(hs&1) | 19 | if(hs&1) |
15 | throw std::runtime_error("odd number of characters in hexadecimal number"); | 20 | throw std::runtime_error("odd number of characters in hexadecimal number"); |
16 | int rvs = hs>>1; | 21 | int rvs = hs>>1; |
17 | resize(rvs); | 22 | resize(rvs); |
18 | const unsigned char *hp = (const unsigned char*)h.data(); | 23 | const unsigned char *hp = (const unsigned char*)h.data(); |
19 | iterator oi=begin(); | 24 | iterator oi=begin(); |
20 | char t[3] = { 0,0,0 }; | 25 | char t[3] = { 0,0,0 }; |
21 | for(int i=0;i<rvs;++i) { | 26 | for(int i=0;i<rvs;++i) { |
22 | t[0]=*(hp++); t[1]=*(hp++); | 27 | t[0]=*(hp++); t[1]=*(hp++); |
23 | *(oi++) = strtol(t,0,16); | 28 | *(oi++) = strtol(t,0,16); |
24 | } | 29 | } |
25 | return *this; | 30 | return *this; |
26 | } | 31 | } |
27 | 32 | ||
28 | binary_t& binary_t::from_data(const void *d,size_t s) { | 33 | binary_t& binary_t::from_data(const void *d,size_t s) { |
29 | resize(s); | 34 | resize(s); |
30 | std::copy((const unsigned char*)d,(const unsigned char *)d+s, | 35 | std::copy((const unsigned char*)d,(const unsigned char *)d+s, |
31 | begin() ); | 36 | begin() ); |
32 | return *this; | 37 | return *this; |
33 | } | 38 | } |
34 | 39 | ||
40 | binary_t& binary_t::make_nonce() { | ||
41 | #ifdef HAVE_LIBUUID | ||
42 | uuid_t uuid; | ||
43 | uuid_generate(uuid); | ||
44 | from_data((unsigned char*)uuid,sizeof(uuid)); | ||
45 | #else | ||
46 | resize(16); | ||
47 | std::generate_n(begin(),16,rand); | ||
48 | #endif /* HAVE_LIBUUID */ | ||
49 | return *this; | ||
50 | } | ||
51 | |||
35 | std::string binary_t::hex() const { | 52 | std::string binary_t::hex() const { |
36 | std::string rv; | 53 | std::string rv; |
37 | rv.reserve((size()<<1)+1); | 54 | rv.reserve((size()<<1)+1); |
38 | char t[3] = {0,0,0}; | 55 | char t[3] = {0,0,0}; |
39 | for(const_iterator i=begin(),ie=end();i!=ie;++i) { | 56 | for(const_iterator i=begin(),ie=end();i!=ie;++i) { |
40 | int rc = snprintf(t,sizeof(t),"%02x",*i); | 57 | int rc = snprintf(t,sizeof(t),"%02x",*i); |
41 | assert(rc<sizeof(t)); | 58 | assert(rc<sizeof(t)); |
42 | rv += t; | 59 | rv += t; |
43 | } | 60 | } |
44 | return rv; | 61 | return rv; |
45 | } | 62 | } |
46 | 63 | ||
47 | binary_t binary_t::md5() const { | 64 | binary_t binary_t::md5() const { |
48 | binary_t rv(MD5_DIGEST_LENGTH); | 65 | binary_t rv(MD5_DIGEST_LENGTH); |
49 | if(!MD5( | 66 | if(!MD5( |
50 | (const unsigned char*)&(front()),size(), | 67 | (const unsigned char*)&(front()),size(), |
51 | (unsigned char*)&(rv.front()) )) | 68 | (unsigned char*)&(rv.front()) )) |
52 | throw std::runtime_error("failed to md5()"); | 69 | throw std::runtime_error("failed to md5()"); |
53 | return rv; | 70 | return rv; |
54 | } | 71 | } |
55 | 72 | ||
56 | static void make_path_for_template(const std::string& p,mode_t m) { | 73 | static void make_path_for_template(const std::string& p,mode_t m) { |
57 | struct stat st; | 74 | struct stat st; |
58 | std::string pp; | 75 | std::string pp; |
59 | for(std::string::size_type sl=p.find('/',1); | 76 | for(std::string::size_type sl=p.find('/',1); |
60 | sl!=std::string::npos; | 77 | sl!=std::string::npos; |
61 | sl=p.find('/',sl+1)) { | 78 | sl=p.find('/',sl+1)) { |
62 | if(stat( (pp=p.substr(0,sl)).c_str() ,&st) | 79 | if(stat( (pp=p.substr(0,sl)).c_str() ,&st) |
63 | || !S_ISDIR(st.st_mode)) { | 80 | || !S_ISDIR(st.st_mode)) { |
64 | if(mkdir(pp.c_str(),m)) | 81 | if(mkdir(pp.c_str(),m)) |
65 | throw std::runtime_error("failed to mkdir()"); | 82 | throw std::runtime_error("failed to mkdir()"); |
66 | } | 83 | } |
67 | } | 84 | } |
68 | } | 85 | } |
69 | 86 | ||
70 | tmpdir_t::tmpdir_t(const std::string& dt) : dir(dt) { | 87 | tmpdir_t::tmpdir_t(const std::string& dt) : dir(dt) { |
71 | make_path_for_template(dt,0777); | 88 | make_path_for_template(dt,0777); |
72 | if(!mkdtemp((char*)dir.data())) | 89 | if(!mkdtemp((char*)dir.data())) |
73 | throw std::runtime_error("failed to mkdtmp()"); | 90 | throw std::runtime_error("failed to mkdtmp()"); |
74 | } | 91 | } |
75 | tmpdir_t::~tmpdir_t() { | 92 | tmpdir_t::~tmpdir_t() { |
76 | assert(!dir.empty()); | 93 | assert(!dir.empty()); |
77 | if(rmdir(dir.c_str())) { | 94 | if(rmdir(dir.c_str())) { |
78 | syslog(LOG_WARNING,"Failed to remove '%s' directory",dir.c_str()); | 95 | syslog(LOG_WARNING,"Failed to remove '%s' directory",dir.c_str()); |
79 | } | 96 | } |
80 | } | 97 | } |
81 | 98 | ||
82 | std::string tmpdir_t::get_file(const std::string& f) { | 99 | std::string tmpdir_t::get_file(const std::string& f) { |
83 | std::string::size_type ls = f.rfind('/'); | 100 | std::string::size_type ls = f.rfind('/'); |
84 | return dir+'/'+( | 101 | return dir+'/'+( |
85 | (ls==std::string::npos) | 102 | (ls==std::string::npos) |
86 | ? f | 103 | ? f |
87 | : f.substr(ls+1) | 104 | : f.substr(ls+1) |
88 | ); | 105 | ); |
89 | } | 106 | } |
90 | 107 | ||
91 | tarchive_t::tarchive_t(void *p,size_t s) : a(archive_read_new()), e(0) { | 108 | tarchive_t::tarchive_t(void *p,size_t s) : a(archive_read_new()), e(0) { |
92 | if(!a) throw std::runtime_error("failed to archive_read_new()"); | 109 | if(!a) throw std::runtime_error("failed to archive_read_new()"); |
93 | if(archive_read_support_format_tar(a)) { | 110 | if(archive_read_support_format_tar(a)) { |
94 | archive_read_finish(a); | 111 | archive_read_finish(a); |
95 | throw std::runtime_error("failed to archive_read_support_format_tar()"); | 112 | throw std::runtime_error("failed to archive_read_support_format_tar()"); |
96 | } | 113 | } |
97 | if(archive_read_open_memory(a,p,s)) { | 114 | if(archive_read_open_memory(a,p,s)) { |
98 | archive_read_finish(a); | 115 | archive_read_finish(a); |
99 | throw std::runtime_error("failed to archive_read_open_memory()"); | 116 | throw std::runtime_error("failed to archive_read_open_memory()"); |
100 | } | 117 | } |
101 | } | 118 | } |
102 | tarchive_t::~tarchive_t() { | 119 | tarchive_t::~tarchive_t() { |
103 | assert(a); | 120 | assert(a); |
104 | archive_read_finish(a); | 121 | archive_read_finish(a); |
105 | } | 122 | } |
106 | 123 | ||
107 | bool tarchive_t::read_next_header() { | 124 | bool tarchive_t::read_next_header() { |
108 | assert(a); | 125 | assert(a); |
109 | return archive_read_next_header(a,&e)==ARCHIVE_OK; | 126 | return archive_read_next_header(a,&e)==ARCHIVE_OK; |
110 | } | 127 | } |
111 | 128 | ||
112 | std::string tarchive_t::entry_pathname() { | 129 | std::string tarchive_t::entry_pathname() { |
113 | assert(a); assert(e); | 130 | assert(a); assert(e); |
114 | return archive_entry_pathname(e); | 131 | return archive_entry_pathname(e); |
115 | } | 132 | } |
116 | 133 | ||
117 | bool tarchive_t::read_data_into_fd(int fd) { | 134 | bool tarchive_t::read_data_into_fd(int fd) { |
118 | assert(a); | 135 | assert(a); |
119 | return archive_read_data_into_fd(a,fd)==ARCHIVE_OK; | 136 | return archive_read_data_into_fd(a,fd)==ARCHIVE_OK; |
120 | } | 137 | } |
121 | 138 | ||
122 | #pragma pack(1) | 139 | #pragma pack(1) |
123 | struct block512_t { | 140 | struct block512_t { |
124 | enum { words = 512 / sizeof(uint16_t) }; | 141 | enum { words = 512 / sizeof(uint16_t) }; |
125 | uint16_t data[words]; | 142 | uint16_t data[words]; |
126 | 143 | ||
127 | static uint16_t tcpcksum(block512_t& data) { | 144 | static uint16_t tcpcksum(block512_t& data) { |
128 | uint32_t sum = std::accumulate(data.data,data.data+words,0); | 145 | uint32_t sum = std::accumulate(data.data,data.data+words,0); |
129 | while(uint32_t hw = sum>>16) sum = (sum&0xffff)+hw; | 146 | while(uint32_t hw = sum>>16) sum = (sum&0xffff)+hw; |
130 | return ~sum; | 147 | return ~sum; |
131 | } | 148 | } |
132 | 149 | ||
133 | }; | 150 | }; |
134 | #pragma pack() | 151 | #pragma pack() |
135 | 152 | ||
136 | binary_t integrity_digest(const void *ptr,size_t size,const std::string& ukey) { | 153 | binary_t integrity_digest(const void *ptr,size_t size,const std::string& ukey) { |
137 | binary_t key; key.from_hex(ukey); | 154 | binary_t key; key.from_hex(ukey); |
138 | std::vector<uint16_t> blksums; blksums.reserve(size/sizeof(block512_t)); | 155 | std::vector<uint16_t> blksums; blksums.reserve(size/sizeof(block512_t)); |
139 | block512_t *db = (block512_t*)ptr, | 156 | block512_t *db = (block512_t*)ptr, |
140 | *de = db + size/sizeof(block512_t); | 157 | *de = db + size/sizeof(block512_t); |
141 | std::transform( db, de, std::back_inserter(blksums), block512_t::tcpcksum ); | 158 | std::transform( db, de, std::back_inserter(blksums), block512_t::tcpcksum ); |
142 | binary_t subject; | 159 | binary_t subject; |
143 | subject.from_data((void*)&(blksums.front()),blksums.size()*sizeof(uint16_t)); | 160 | subject.from_data((void*)&(blksums.front()),blksums.size()*sizeof(uint16_t)); |
144 | std::copy( key.begin(), key.end(), std::back_inserter(subject) ); | 161 | std::copy( key.begin(), key.end(), std::back_inserter(subject) ); |
145 | return subject.md5(); | 162 | return subject.md5(); |
146 | } | 163 | } |