From e0122e79c1f2b0a090ce1ba6bc7439f06fa1d237 Mon Sep 17 00:00:00 2001 From: Mattias Andrée Date: Tue, 13 Apr 2021 01:40:16 +0200 Subject: Make some fixes and add demos MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Mattias Andrée --- demo-login.c | 172 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 172 insertions(+) create mode 100644 demo-login.c (limited to 'demo-login.c') diff --git a/demo-login.c b/demo-login.c new file mode 100644 index 0000000..fd3c750 --- /dev/null +++ b/demo-login.c @@ -0,0 +1,172 @@ +/* See LICENSE file for copyright and license details. */ +#include "libsecauth.h" +#include +#include +#include +#include +#include + +#define PEPPER "pepper" + + +static char * +server_lookup_hash(void) +{ + char *settings; + size_t size, len; + ssize_t r; + int fd; + + fd = open("democonfig", O_RDONLY); + if (fd < 0) { + perror("open"); + return NULL; + } + settings = NULL; + size = 0; + for (len = 0;; len += (size_t)r) { + if (len == size) { + settings = realloc(settings, size += 128); + if (!settings) { + perror("realloc"); + return NULL; + } + } + r = read(fd, &settings[len], size - len); + if (r <= 0) { + if (!r) + break; + perror("read"); + return NULL; + } + } + close(fd); + if (!len || settings[len - 1] != '\n') { + fprintf(stderr, "./democonfig is corrupt\n"); + return NULL; + } + settings[len - 1] = '\0'; + + return settings; +} + +int +main(int argc, char *argv[]) +{ + struct libsecauth_spec spec; + char *message, *settings, *expected; + size_t size, off; + int fd; + ssize_t w; + int r; + + if (argc != 2) { + fprintf(stderr, "usage: %s password", argv[0]); + return 1; + } + + /* -- SERVER -- */ + + settings = server_lookup_hash(); + if (!settings) + return 1; + if (libsecauth_parse_spec(&spec, settings)) { + perror("libsecauth_parse_spec"); + return 1; + } + spec.posthash = NULL; + spec.expected = NULL; + spec.client_rounds -= spec.client_rounds > 0; + spec.server_rounds = 0; + + size = libsecauth_format_spec(&spec, NULL, 0); + message = malloc(size); + if (!message) { + perror("malloc"); + return 1; + } + libsecauth_format_spec(&spec, message, size); + free(settings); + + /* -- CLIENT -- */ + + settings = message; + if (libsecauth_parse_spec(&spec, settings)) { + perror("libsecauth_parse_spec"); + return 1; + } + message = libsecauth_client_hash(&spec, argv[1]); + if (!message) { + perror("libsecauth_client_hash"); + return 1; + } + free(settings); + + /* -- SERVER -- */ + + settings = server_lookup_hash(); + if (!settings) + return 1; + if (libsecauth_parse_spec(&spec, settings)) { + perror("libsecauth_parse_spec"); + return 1; + } + spec.server_rounds += spec.client_rounds > 0; + spec.client_rounds -= spec.client_rounds > 0; + r = libsecauth_server_hash(&spec, message, PEPPER, NULL); + if (r < 0) { + perror("libsecauth_server_hash"); + return 1; + } else if (!r) { + free(settings); + free(message); + printf("Incorrect password\n"); + return 0; + } + printf("Login OK\n"); + + expected = NULL; + if (!spec.client_rounds) { + spec.xferhash = "$1$newsalt1$"; + spec.posthash = "$6$rounds=1000$newsalt2$"; + spec.expected = NULL; + spec.server_rounds = 100; + if (libsecauth_server_hash(&spec, message, PEPPER, &expected) < 0) { + perror("libsecauth_server_hash"); + return 1; + } + spec.client_rounds = spec.server_rounds; + spec.server_rounds = 0; + spec.expected = expected; + printf("password rehashed\n"); + } + free(message); + size = libsecauth_format_spec(&spec, NULL, 0); + message = malloc(size); + if (!message) { + perror("malloc"); + return 1; + } + libsecauth_format_spec(&spec, message, size); + free(settings); + free(expected); + + message[size - 1] = '\n'; + fd = open("democonfig", O_WRONLY | O_TRUNC, 0600); + if (fd < 0) { + perror("open"); + return 1; + } + for (off = 0; off < size; off += (size_t)w) { + w = write(fd, &message[off], size - off); + if (w <= 0) { + perror("write"); + return 1; + } + } + close(fd); + + free(message); + + return 0; +} -- cgit v1.2.3-70-g09d2