source-git / meanwhile

Clone
Source Code
GIT

Blame samples/login_server.c.fix-glib-headers

c8 c8s master
  1.   014ca433f4766faec58bfe73c0b36e557f6bb2c7
  2.   samples
  3.   login_server.c.fix-glib-headers
Blob History Raw
Packit ee6627
Packit ee6627 
/*
Packit ee6627 
  Login-parsing Faux Server
Packit ee6627 
  The Meanwhile Project
Packit ee6627
Packit ee6627 
  This is a tool to aide in reverse engineering different types of
Packit ee6627 
  authentication schemes.
Packit ee6627
Packit ee6627 
  Christopher O'Brien <siege@preoccupied.net>
Packit ee6627 
*/
Packit ee6627
Packit ee6627
Packit ee6627 
#include <stdio.h>
Packit ee6627 
#include <stdlib.h>
Packit ee6627 
#include <string.h>
Packit ee6627 
#include <sys/socket.h>
Packit ee6627 
#include <netdb.h>
Packit ee6627 
#include <netinet/in.h>
Packit ee6627 
#include <unistd.h>
Packit ee6627
Packit ee6627 
#include <glib.h>
Packit ee6627 
#include <glib/glist.h>
Packit ee6627
Packit ee6627 
#include <mw_cipher.h>
Packit ee6627 
#include <mw_common.h>
Packit ee6627 
#include <mw_message.h>
Packit ee6627
Packit ee6627
Packit ee6627 
/** the server socket or the connected socket */
Packit ee6627 
static int sock;
Packit ee6627
Packit ee6627 
/** the io channel */
Packit ee6627 
static GIOChannel *chan;
Packit ee6627
Packit ee6627 
/** the listening event on the io channel */
Packit ee6627 
static int chan_io;
Packit ee6627
Packit ee6627
Packit ee6627 
static guchar *sbuf;
Packit ee6627 
static gsize sbuf_size;
Packit ee6627 
static gsize sbuf_recv;
Packit ee6627
Packit ee6627
Packit ee6627 
struct mwMpi *private, *public;
Packit ee6627
Packit ee6627
Packit ee6627 
static void hexout(const char *txt, const guchar *buf, gsize len) {
Packit ee6627 
  FILE *fp;
Packit ee6627
Packit ee6627 
  if(txt) fprintf(stdout, "\n%s\n", txt);
Packit ee6627 
  fflush(stdout);
Packit ee6627
Packit ee6627 
  fp = popen("hexdump -C", "w");
Packit ee6627 
  fwrite(buf, len, 1, fp);
Packit ee6627 
  fflush(fp);
Packit ee6627 
  pclose(fp);
Packit ee6627 
}
Packit ee6627
Packit ee6627
Packit ee6627 
static void send_msg(struct mwMessage *msg) {
Packit ee6627 
  struct mwPutBuffer *b;
Packit ee6627 
  struct mwOpaque o = { 0, 0 };
Packit ee6627
Packit ee6627 
  b = mwPutBuffer_new();
Packit ee6627 
  mwMessage_put(b, msg);
Packit ee6627 
  mwPutBuffer_finalize(&o, b);
Packit ee6627
Packit ee6627 
  b = mwPutBuffer_new();
Packit ee6627 
  mwOpaque_put(b, &o);
Packit ee6627 
  mwOpaque_clear(&o);
Packit ee6627 
  mwPutBuffer_finalize(&o, b);
Packit ee6627
Packit ee6627 
  if(sock) write(sock, o.data, o.len);
Packit ee6627
Packit ee6627 
  hexout("sent:", o.data, o.len);
Packit ee6627
Packit ee6627 
  mwOpaque_clear(&o);
Packit ee6627 
}
Packit ee6627
Packit ee6627
Packit ee6627 
static void handshake_ack() {
Packit ee6627 
  struct mwMsgHandshakeAck *msg;
Packit ee6627
Packit ee6627 
  msg = (struct mwMsgHandshakeAck *)
Packit ee6627 
    mwMessage_new(mwMessage_HANDSHAKE_ACK);
Packit ee6627
Packit ee6627 
  msg->major = 0x1e;
Packit ee6627 
  msg->minor = 0x1d;
Packit ee6627
Packit ee6627 
  mwMpi_randDHKeypair(private, public);
Packit ee6627 
  mwMpi_export(public, &msg->data);
Packit ee6627
Packit ee6627 
  msg->magic = 0x01234567;
Packit ee6627 
  hexout("sending pubkey:", msg->data.data, msg->data.len);
Packit ee6627
Packit ee6627 
  send_msg(MW_MESSAGE(msg));
Packit ee6627 
  mwMessage_free(MW_MESSAGE(msg));
Packit ee6627 
}
Packit ee6627
Packit ee6627
Packit ee6627 
static void handle_login(struct mwMsgLogin *msg) {
Packit ee6627 
  struct mwGetBuffer *gb;
Packit ee6627 
  struct mwOpaque a, b, c;
Packit ee6627 
  guint16 z;
Packit ee6627 
  struct mwMpi *remote, *shared;
Packit ee6627 
  guchar iv[8];
Packit ee6627
Packit ee6627 
  remote = mwMpi_new();
Packit ee6627 
  shared = mwMpi_new();
Packit ee6627
Packit ee6627 
  mwIV_init(iv);
Packit ee6627
Packit ee6627 
  gb = mwGetBuffer_wrap(&msg->auth_data);
Packit ee6627 
  guint16_get(gb, &z);
Packit ee6627 
  mwOpaque_get(gb, &a);
Packit ee6627 
  mwOpaque_get(gb, &b);
Packit ee6627 
  mwGetBuffer_free(gb);
Packit ee6627
Packit ee6627 
  mwMpi_import(remote, &a);
Packit ee6627 
  mwOpaque_clear(&a);
Packit ee6627
Packit ee6627 
  mwMpi_calculateDHShared(shared, remote, private);
Packit ee6627 
  mwMpi_export(shared, &a);
Packit ee6627 
  hexout("shared key:", a.data, a.len);
Packit ee6627
Packit ee6627 
  mwDecrypt(a.data+(a.len-16), 16, iv, &b, &c);
Packit ee6627 
  hexout("decrypted to:", c.data, c.len);
Packit ee6627
Packit ee6627 
  mwOpaque_clear(&a);
Packit ee6627 
  mwOpaque_clear(&b);
Packit ee6627 
  mwOpaque_clear(&c);
Packit ee6627
Packit ee6627 
  mwMpi_free(remote);
Packit ee6627 
  mwMpi_free(shared);
Packit ee6627 
}
Packit ee6627
Packit ee6627
Packit ee6627 
static void done() {
Packit ee6627 
  close(sock);
Packit ee6627 
  exit(0);
Packit ee6627 
}
Packit ee6627
Packit ee6627
Packit ee6627 
static void side_process(const guchar *buf, gsize len) {
Packit ee6627 
  struct mwOpaque o = { .len = len, .data = (guchar *) buf };
Packit ee6627 
  struct mwGetBuffer *b;
Packit ee6627 
  guint16 type;
Packit ee6627
Packit ee6627 
  if(! len) return;
Packit ee6627
Packit ee6627 
  b = mwGetBuffer_wrap(&o);
Packit ee6627 
  type = guint16_peek(b);
Packit ee6627
Packit ee6627 
  hexout("received:", buf, len);
Packit ee6627
Packit ee6627 
  switch(type) {
Packit ee6627 
  case mwMessage_HANDSHAKE:
Packit ee6627 
    printf("got handshake, sending handshake_ack\n");
Packit ee6627 
    handshake_ack();
Packit ee6627 
    break;
Packit ee6627
Packit ee6627 
  case mwMessage_LOGIN:
Packit ee6627 
    printf("got login, attempting to decipher\n");
Packit ee6627 
    {
Packit ee6627 
      struct mwMsgLogin *msg = (struct mwMsgLogin *) mwMessage_get(b);
Packit ee6627 
      handle_login(msg);
Packit ee6627 
      mwMessage_free(MW_MESSAGE(msg));
Packit ee6627 
      done();
Packit ee6627 
    }
Packit ee6627 
    break;
Packit ee6627
Packit ee6627 
  case mwMessage_CHANNEL_DESTROY:
Packit ee6627 
    printf("channel destroy\n");
Packit ee6627 
    done();
Packit ee6627 
    break;
Packit ee6627
Packit ee6627 
  default:
Packit ee6627 
    ;
Packit ee6627 
  }
Packit ee6627
Packit ee6627 
  mwGetBuffer_free(b);
Packit ee6627 
}
Packit ee6627
Packit ee6627
Packit ee6627 
static void sbuf_free() {
Packit ee6627 
  g_free(sbuf);
Packit ee6627 
  sbuf = NULL;
Packit ee6627 
  sbuf_size = 0;
Packit ee6627 
  sbuf_recv = 0;
Packit ee6627 
}
Packit ee6627
Packit ee6627
Packit ee6627 
#define ADVANCE(b, n, count) { b += count; n -= count; }
Packit ee6627
Packit ee6627
Packit ee6627 
/* handle input to complete an existing buffer */
Packit ee6627 
static gsize side_recv_cont(const guchar *b, gsize n) {
Packit ee6627
Packit ee6627 
  gsize x = sbuf_size - sbuf_recv;
Packit ee6627
Packit ee6627 
  if(n < x) {
Packit ee6627 
    memcpy(sbuf + sbuf_recv, b, n);
Packit ee6627 
    sbuf_recv += n;
Packit ee6627 
    return 0;
Packit ee6627
Packit ee6627 
  } else {
Packit ee6627 
    memcpy(sbuf + sbuf_recv, b, x);
Packit ee6627 
    ADVANCE(b, n, x);
Packit ee6627
Packit ee6627 
    if(sbuf_size == 4) {
Packit ee6627 
      struct mwOpaque o = { .len = 4, .data = sbuf };
Packit ee6627 
      struct mwGetBuffer *gb = mwGetBuffer_wrap(&o);
Packit ee6627 
      x = guint32_peek(gb);
Packit ee6627 
      mwGetBuffer_free(gb);
Packit ee6627
Packit ee6627 
      if(n < x) {
Packit ee6627 
	guchar *t;
Packit ee6627 
	x += 4;
Packit ee6627 
	t = (guchar *) g_malloc(x);
Packit ee6627 
	memcpy(t, sbuf, 4);
Packit ee6627 
	memcpy(t+4, b, n);
Packit ee6627
Packit ee6627 
	sbuf_free();
Packit ee6627
Packit ee6627 
	sbuf = t;
Packit ee6627 
	sbuf_size = x;
Packit ee6627 
	sbuf_recv = n + 4;
Packit ee6627 
	return 0;
Packit ee6627
Packit ee6627 
      } else {
Packit ee6627 
	sbuf_free();
Packit ee6627 
	side_process(b, x);
Packit ee6627 
	ADVANCE(b, n, x);
Packit ee6627 
      }
Packit ee6627
Packit ee6627 
    } else {
Packit ee6627 
      side_process(sbuf+4, sbuf_size-4);
Packit ee6627 
      sbuf_free();
Packit ee6627 
    }
Packit ee6627 
  }
Packit ee6627
Packit ee6627 
  return n;
Packit ee6627 
}
Packit ee6627
Packit ee6627
Packit ee6627 
/* handle input when there's nothing previously buffered */
Packit ee6627 
static gsize side_recv_empty(const guchar *b, gsize n) {
Packit ee6627 
  struct mwOpaque o = { .len = n, .data = (guchar *) b };
Packit ee6627 
  struct mwGetBuffer *gb;
Packit ee6627 
  gsize x;
Packit ee6627
Packit ee6627 
  if(n < 4) {
Packit ee6627 
    sbuf = (guchar *) g_malloc0(4);
Packit ee6627 
    memcpy(sbuf, b, n);
Packit ee6627 
    sbuf_size = 4;
Packit ee6627 
    sbuf_recv = n;
Packit ee6627 
    return 0;
Packit ee6627 
  }
Packit ee6627
Packit ee6627 
  gb = mwGetBuffer_wrap(&o);
Packit ee6627 
  x = guint32_peek(gb);
Packit ee6627 
  mwGetBuffer_free(gb);
Packit ee6627 
  if(! x) return n - 4;
Packit ee6627
Packit ee6627 
  if(n < (x + 4)) {
Packit ee6627
Packit ee6627 
    x += 4;
Packit ee6627 
    sbuf = (guchar *) g_malloc(x);
Packit ee6627 
    memcpy(sbuf, b, n);
Packit ee6627 
    sbuf_size = x;
Packit ee6627 
    sbuf_recv = n;
Packit ee6627 
    return 0;
Packit ee6627
Packit ee6627 
  } else {
Packit ee6627 
    ADVANCE(b, n, 4);
Packit ee6627 
    side_process(b, x);
Packit ee6627 
    ADVANCE(b, n, x);
Packit ee6627
Packit ee6627 
    return n;
Packit ee6627 
  }
Packit ee6627 
}
Packit ee6627
Packit ee6627
Packit ee6627 
static gsize side_recv(const guchar *b, gsize n) {
Packit ee6627
Packit ee6627 
  if(n && (sbuf_size == 0) && (*b & 0x80)) {
Packit ee6627 
    ADVANCE(b, n, 1);
Packit ee6627 
  }
Packit ee6627
Packit ee6627 
  if(n == 0) {
Packit ee6627 
    return 0;
Packit ee6627
Packit ee6627 
  } else if(sbuf_size > 0) {
Packit ee6627 
    return side_recv_cont(b, n);
Packit ee6627
Packit ee6627 
  } else {
Packit ee6627 
    return side_recv_empty(b, n);
Packit ee6627 
  }
Packit ee6627 
}
Packit ee6627
Packit ee6627
Packit ee6627 
static void feed_buf(const guchar *buf, gsize n) {
Packit ee6627 
  guchar *b = (guchar *) buf;
Packit ee6627 
  gsize remain = 0;
Packit ee6627
Packit ee6627 
  while(n > 0) {
Packit ee6627 
    remain = side_recv(b, n);
Packit ee6627 
    b += (n - remain);
Packit ee6627 
    n = remain;
Packit ee6627 
  }
Packit ee6627 
}
Packit ee6627
Packit ee6627
Packit ee6627 
static int read_recv() {
Packit ee6627 
  guchar buf[2048];
Packit ee6627 
  int len;
Packit ee6627
Packit ee6627 
  len = read(sock, buf, 2048);
Packit ee6627 
  if(len > 0) feed_buf(buf, (gsize) len);
Packit ee6627
Packit ee6627 
  return len;
Packit ee6627 
}
Packit ee6627
Packit ee6627
Packit ee6627 
static gboolean read_cb(GIOChannel *chan,
Packit ee6627 
			GIOCondition cond,
Packit ee6627 
			gpointer data) {
Packit ee6627 
  int ret = 0;
Packit ee6627
Packit ee6627 
  if(cond & G_IO_IN) {
Packit ee6627 
    ret = read_recv();
Packit ee6627 
    if(ret > 0) return TRUE;
Packit ee6627 
  }
Packit ee6627
Packit ee6627 
  if(sock) {
Packit ee6627 
    g_source_remove(chan_io);
Packit ee6627 
    close(sock);
Packit ee6627 
    sock = 0;
Packit ee6627 
    chan = NULL;
Packit ee6627 
    chan_io = 0;
Packit ee6627 
  }
Packit ee6627
Packit ee6627 
  done();
Packit ee6627
Packit ee6627 
  return FALSE;
Packit ee6627 
}
Packit ee6627
Packit ee6627
Packit ee6627 
static gboolean listen_cb(GIOChannel *chan,
Packit ee6627 
			  GIOCondition cond,
Packit ee6627 
			  gpointer data) {
Packit ee6627
Packit ee6627 
  struct sockaddr_in rem;
Packit ee6627 
  guint len = sizeof(rem);
Packit ee6627
Packit ee6627 
  printf("accepting connection\n");
Packit ee6627
Packit ee6627 
  sock = accept(sock, (struct sockaddr *) &rem, &len;;
Packit ee6627 
  g_assert(sock > 0);
Packit ee6627
Packit ee6627 
  g_source_remove(chan_io);
Packit ee6627 
  chan = g_io_channel_unix_new(sock);
Packit ee6627 
  chan_io = g_io_add_watch(chan, G_IO_IN | G_IO_ERR | G_IO_HUP,
Packit ee6627 
			   read_cb, NULL);
Packit ee6627
Packit ee6627 
  return FALSE;
Packit ee6627 
}
Packit ee6627
Packit ee6627
Packit ee6627 
static void init_socket(int port) {
Packit ee6627 
  /* start listening on the local port specifier */
Packit ee6627
Packit ee6627 
  struct sockaddr_in sin;
Packit ee6627
Packit ee6627 
  sock = socket(PF_INET, SOCK_STREAM, 0);
Packit ee6627 
  g_assert(sock >= 0);
Packit ee6627
Packit ee6627 
  memset(&sin, 0, sizeof(struct sockaddr_in));
Packit ee6627 
  sin.sin_family = PF_INET;
Packit ee6627 
  sin.sin_port = htons(port);
Packit ee6627 
  sin.sin_addr.s_addr = htonl(INADDR_ANY);
Packit ee6627
Packit ee6627 
  if(bind(sock, (struct sockaddr *)&sin, sizeof(sin)) < 0)
Packit ee6627 
    g_assert_not_reached();
Packit ee6627
Packit ee6627 
  if(listen(sock, 1) < 0)
Packit ee6627 
    g_assert_not_reached();
Packit ee6627
Packit ee6627 
  chan = g_io_channel_unix_new(sock);
Packit ee6627 
  chan_io = g_io_add_watch(chan, G_IO_IN | G_IO_ERR | G_IO_HUP,
Packit ee6627 
			   listen_cb, NULL);
Packit ee6627 
}
Packit ee6627
Packit ee6627
Packit ee6627 
int main(int argc, char *argv[]) {
Packit ee6627 
  int port = 0;
Packit ee6627
Packit ee6627 
  private = mwMpi_new();
Packit ee6627 
  public = mwMpi_new();
Packit ee6627
Packit ee6627 
  if(argc > 1) {
Packit ee6627 
    port = atoi(argv[1]);
Packit ee6627 
  }
Packit ee6627
Packit ee6627 
  if(!port) {
Packit ee6627 
    fprintf(stderr,
Packit ee6627 
	    ( " Usage: %s local_port\n"
Packit ee6627 
	      " Creates a locally-running sametime server which prints"
Packit ee6627 
	      " login information to stdout\n" ),
Packit ee6627 
	    argv[0]);
Packit ee6627 
    exit(1);
Packit ee6627 
  }
Packit ee6627
Packit ee6627 
  /* @todo create signal handlers to cleanup socket */
Packit ee6627
Packit ee6627 
  init_socket(port);
Packit ee6627
Packit ee6627 
  g_main_loop_run(g_main_loop_new(NULL, FALSE));
Packit ee6627 
  return 0;
Packit ee6627 
}
Packit ee6627

Powered by Pagure 5.13.3

SSH Hostkey/Fingerprint | Documentation