schulze/EDA263
Archived
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

kollade lite mer, setuid funkar inte remote på skoldatorerna alls....

Browse Source 
skrev in "TODO" på grejer vi bör kolla på också
This commit is contained in:
parken 2022-01-31 16:38:30 +01:00
parent 9df42871ff
commit 383abfc185
1 changed files with 97 additions and 27 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

124
lab1/login_linux.c
View File

@ -2,6 +2,10 @@
/* gcc -std=gnu99 -Wall -g -o mylogin login_linux.c -lcrypt */ /* gcc -std=gnu99 -Wall -g -o mylogin login_linux.c -lcrypt */
/* Note, makepass.c is first used to create hashed password
then, info is manually saved in file passdb */
#include <stdlib.h> #include <stdlib.h>
#include <unistd.h> #include <unistd.h>
#include <stdio.h> #include <stdio.h>
@ -12,6 +16,8 @@
#include <sys/types.h> #include <sys/types.h>
#include <crypt.h> #include <crypt.h>
#include "pwent.h" /* Step 2 */ #include "pwent.h" /* Step 2 */
#include <termios.h>
#include <stdbool.h>
#define TRUE 1 #define TRUE 1
#define FALSE 0 #define FALSE 0
@ -24,15 +30,14 @@ void sighandler() {
signal(SIGINT, SIG_IGN); /* This will catch ctrl+c and ignore it*/ signal(SIGINT, SIG_IGN); /* This will catch ctrl+c and ignore it*/
//signal(SIGTSTP, SIG_IGN); /* This will catch ctrl+z and ignore it*/ //signal(SIGTSTP, SIG_IGN); /* This will catch ctrl+z and ignore it*/
/* add signalhandling routines here */ //signal(SIGTERM,SIG_IGN); //TODO block termios kanske...
/* see 'man 2 signal' */
} }
int main(int argc, char *argv[]) { int main(int argc, char *argv[]) {
//struct passwd *passwddata /* Step 1 */ //struct passwd *passwddata /* Step 1 */
mypwent *passwddata; /* Step 2 */ mypwent *passwddata; /* Step 2 */
/* see pwent.h */
char important1[LENGTH] = "**IMPORTANT 1**"; char important1[LENGTH] = "**IMPORTANT 1**";
@ -40,9 +45,10 @@ int main(int argc, char *argv[]) {
char important2[LENGTH] = "**IMPORTANT 2**"; char important2[LENGTH] = "**IMPORTANT 2**";
//char *c_pass; //you might want to use this variable later... //char *c_pass; //you might want to use this variable later... TODO
char prompt[] = "password: "; //char prompt[] = "password: ";
char *user_pass; //char *user_pass;
char user_pass[LENGTH]; // TODO la till denna
sighandler(); sighandler();
@ -53,68 +59,132 @@ int main(int argc, char *argv[]) {
printf("Value of variable 'important2' before input of login name: %s\n", printf("Value of variable 'important2' before input of login name: %s\n",
important2); important2);
//////////////////////////////////////////////////////////////////////////////////////////
printf("login: "); printf("login: ");
fflush(NULL); /* Flush all output buffers */ fflush(NULL); /* Flush all output buffers */
__fpurge(stdin); /* Purge any data in stdin buffer */ __fpurge(stdin); /* Purge any data in stdin buffer */
bool okusername = true;
/* using fgets instead of gets to avoid buffer overflow attacks*/
if (fgets(user,sizeof(user),stdin) == NULL ) { if (fgets(user,sizeof(user),stdin) == NULL ) {
clearerr(stdin); //if EOF only, clear error // if error or EOF (ctrl+d)
continue; ///* overflow attacks. */ // TODO need for more error handling ?
clearerr(stdin);
okusername = false;
} }
user[strlen(user)-1] = '\0'; //replacing \n with \0
if (strlen(user) == sizeof(user)-1 || strlen(user) == 1){
// too long username or no username was entered
okusername = false;
}
else{
// replacing \n with \0
user[strcspn(user,"\n")] = '\0';
}
//////////////////////////////////////////////////////////////////////////////////////////
/* check to see if important variable is intact after input of login name - do not remove */ /* check to see if important variable is intact after input of login name - do not remove */
printf("Value of variable 'important 1' after input of login name: %*.*s\n", printf("Value of variable 'important 1' after input of login name: %*.*s\n",
LENGTH - 1, LENGTH - 1, important1); LENGTH - 1, LENGTH - 1, important1);
printf("Value of variable 'important 2' after input of login name: %*.*s\n", printf("Value of variable 'important 2' after input of login name: %*.*s\n",
LENGTH - 1, LENGTH - 1, important2); LENGTH - 1, LENGTH - 1, important2);
// using makepass.c to create hashed password -> saving it manually in passdb //////////////////////////////////////////////////////////////////////////////////////////
// using termios instead of the outdated getpass
// user_pass = getpass(prompt);
user_pass = getpass(prompt); //enter password using deprecated function :/ struct termios old_term_flags, new_term_flags;
passwddata = mygetpwnam(user); //get user info from passdb
/* Turn echoing off so password will not be shown in terminal */
if (tcgetattr(fileno(stdin), &old_term_flags) != 0){
perror("Error");
exit(EXIT_FAILURE);
}
new_term_flags = old_term_flags;
new_term_flags.c_lflag &= ~ECHO;
if (tcsetattr(fileno(stdin), TCSAFLUSH, &new_term_flags) != 0) {
perror("Error");
exit(EXIT_FAILURE);
}
bool okpassword = true;
printf("password: ");
if (fgets(user_pass,sizeof(user_pass),stdin) == NULL ) {
clearerr(stdin);
okpassword = false;
}
if (strlen(user_pass) == sizeof(user_pass)-1 || strlen(user_pass) == 1){
okpassword = false;
}
/* Restore terminal */
if (tcsetattr(fileno(stdin), TCSAFLUSH, &old_term_flags) != 0) {
perror("Error");exit(EXIT_FAILURE);
}
if (!okpassword || !okusername){
printf("\nLogin Incorrect \n \n");
continue;
}
user_pass[strcspn(user_pass, "\n")] = '\0'; // replacing \n with \0
//////////////////////////////////////////////////////////////////////////////////////////
//get user info from passdb
passwddata = mygetpwnam(user);
if (passwddata != NULL) { if (passwddata != NULL) {
/* You have to encrypt user_pass for this to work */
/* Don't forget to include the salt */ if (passwddata->pwfailed >= 10) {
printf("\nToo many failed login attempts. Your account has been locked.\nContact and Admin to unlock your account.\n");
continue;
}
/* Encryp user_pass with salt included */
char *user_pass_encrypted = crypt(user_pass, passwddata->passwd_salt); char *user_pass_encrypted = crypt(user_pass, passwddata->passwd_salt);
if (&user_pass_encrypted == NULL) { if (user_pass_encrypted == NULL) {
perror("Error");exit(EXIT_FAILURE); perror("Error");exit(EXIT_FAILURE);
} }
printf("encryption of typed pass: %s \n", user_pass_encrypted);
if (passwddata->pwfailed >= 10) {
printf("Too many failed login attempts. Your account has been locked.\nContact and Admin to unlock your account.\n");
} else if (!strcmp(user_pass_encrypted, passwddata->passwd)) {
printf(" You're in !\n"); if (!strcmp(user_pass_encrypted, passwddata->passwd)) {
// successfull login
passwddata->pwfailed = 0; passwddata->pwfailed = 0;
passwddata->pwage = passwddata->pwage + 1; passwddata->pwage = passwddata->pwage + 1;
if (mysetpwent(user, passwddata) < 0) { /* execute the command */
if (mysetpwent(user, passwddata) < 0) {
perror("Error");exit(EXIT_FAILURE); perror("Error");exit(EXIT_FAILURE);
} }
if (passwddata->pwage > 100) { if (passwddata->pwage > 100) {
printf(" Your password is OLD!!!!\n"); printf(" Your password is OLD!!!!\n");
// TODO
} }
/* check UID, see setuid(2) */ /* check UID, see setuid(2) */
if (setuid(passwddata->uid) < 0) { /* execute the command */ if (setuid(passwddata->uid) < 0) {
printf(" always here !\n");
perror("Error");exit(EXIT_FAILURE); perror("Error");exit(EXIT_FAILURE);
} }
printf(" cant get here !\n");
/* start a shell, use execve(2) */ /* start a shell, use execve(2) */
if (execve("/bin/bash",NULL,NULL) < 0) { /* execute the command */ if (execve("/bin/bash",NULL,NULL) < 0) {
perror("Error");exit(EXIT_FAILURE); perror("Error");exit(EXIT_FAILURE);
} }
} else { }
else {
// user name exists but password does not match
passwddata->pwfailed = passwddata->pwfailed + 1; passwddata->pwfailed = passwddata->pwfailed + 1;
if (mysetpwent(user, passwddata) < 0) { /* execute the command */ if (mysetpwent(user, passwddata) < 0) {
perror("Error");exit(EXIT_FAILURE); perror("Error");exit(EXIT_FAILURE);
} }
} }
} }
printf("Login Incorrect \n"); printf("\nLogin Incorrect \n \n");
} }
return 0; return 0;
} }