📄 des_auth.c
字号:
ENC_Decrypt(req->ws_server->ws_master.ws_key,(CHAR *)xor_mask,2);
ENC_Decrypt(req->ws_server->ws_master.ws_key,(CHAR *)cypher_a,2);
ENC_Decrypt(req->ws_server->ws_master.ws_key,(CHAR *)cypher_b,2);
/* XOR our decrypted user and passwd with the
* decrypted salt
*/
for(i=0; i<16; i++)
{
cypher_a[i] ^= xor_mask[i];
cypher_b[i] ^= xor_mask[i];
}
cypher_a[16]=0; /* make sure there is a null */
cypher_b[16]=0; /* in case we decrypt to garbage */
#ifdef NU_WEBSERV_DEBUG
printf("string 1:%s\n",cypher_a);
printf("string 2:%s\n",cypher_b);
#endif
if(DES_Auth_Delete_Entry((CHAR *)cypher_a,(CHAR *)cypher_b) != NU_SUCCESS)
{
/*
* If the add entry fails then send a response.
* http://XXX.XXX.XXX.XXX/duserf.htm"
*/
strcpy(fail, "http://");
strcat(fail, (CHAR *)NU_ITOA((INT)WS_Master_Server.ws_ip[0], temp, 10));
strcat(fail, ".");
strcat(fail, (CHAR *)NU_ITOA((INT)WS_Master_Server.ws_ip[1], temp, 10));
strcat(fail, ".");
strcat(fail, (CHAR *)NU_ITOA((INT)WS_Master_Server.ws_ip[2], temp, 10));
strcat(fail, ".");
strcat(fail, (CHAR *)NU_ITOA((INT)WS_Master_Server.ws_ip[3], temp, 10));
strcat(fail, "/duserf.htm");
WS_Write_To_Net(req, fail, strlen(fail), WS_FILETRNSFR);
}
else
{
/*
* If successful then redirect the URL to
* http://XXX.XXX.XXX.XXX/delus.htm"
*/
strcpy(success, "http://");
strcat(success, (CHAR *)NU_ITOA((INT)WS_Master_Server.ws_ip[0], temp, 10));
strcat(success, ".");
strcat(success, (CHAR *)NU_ITOA((INT)WS_Master_Server.ws_ip[1], temp, 10));
strcat(success, ".");
strcat(success, (CHAR *)NU_ITOA((INT)WS_Master_Server.ws_ip[2], temp, 10));
strcat(success, ".");
strcat(success, (CHAR *)NU_ITOA((INT)WS_Master_Server.ws_ip[3], temp, 10));
strcat(success, "/delus.htm");
WS_Write_To_Net(req, success, strlen(success), WS_FILETRNSFR);
}
return(WS_REQ_PROCEED);
}
/************************************************************************
*
* FUNCTION
*
* DES_Auth_Add_Entry
*
* DESCRIPTION
*
* This function dynamically adds a user id and password combination
* into the Nucleus WebServ's database.
*
* INPUTS
*
* *user_id
* *password
*
* OUTPUTS
*
* -1 The user already exists
* NU_MEM_ALLOC Could not allocate memory
* NU_SUCCESS Success
*
************************************************************************/
static INT16 DES_Auth_Add_Entry(CHAR *user_id, CHAR *password)
{
INT16 found = 0;
WPW_INFO_NODE *apwlist_info;
/* First Verify that the user does not exist */
for(apwlist_info = DES_Pw_List_Info.wpw_list_head ; apwlist_info ; apwlist_info = apwlist_info->wpw_list_next)
{
if(strncmp(apwlist_info->wpw_user,user_id,strlen(apwlist_info->wpw_user)) == 0 )
{
if (strncmp(apwlist_info->wpw_password, password, strlen(apwlist_info->wpw_password)) == 0 )
{
found++;
break;
}
}
}
if(found)
return(-1);
/* Allocate Memory for the new database entry */
if (NU_Allocate_Memory (&System_Memory, (VOID **)&apwlist_info,
sizeof (WPW_INFO_NODE),
NU_NO_SUSPEND) != NU_SUCCESS)
{
return (NU_MEM_ALLOC);
}
/* Setup the New User id to add */
strcpy(apwlist_info->wpw_user, user_id);
/* Setup the password name */
strcpy(apwlist_info->wpw_password ,password);
/* Add this host to the list. */
DLL_Enqueue((tqe_t *) &DES_Pw_List_Info, (tqe_t *) apwlist_info);
return(NU_SUCCESS);
}
/************************************************************************
*
* FUNCTION
*
* DES_Auth_Delete_Entry
*
* DESCRIPTION
*
* This function is used to dynamically delete a combination
* of user id and password from the Nucleus WebServ's database.
*
* INPUTS
*
* *user_id
* *password
*
* OUTPUTS
*
* -1 Could not find user
* NU_SUCCESS Success
*
************************************************************************/
static INT16 DES_Auth_Delete_Entry(CHAR *user_id, CHAR *password)
{
WPW_INFO_NODE *apwlist_info;
INT found = 0;
/* Searches to see if the name being asked to delete is availble */
for(apwlist_info = DES_Pw_List_Info.wpw_list_head ; apwlist_info ; apwlist_info = apwlist_info->wpw_list_next)
{
if(strncmp(apwlist_info->wpw_user, user_id, strlen(apwlist_info->wpw_user)) == 0 )
{
if (strncmp(apwlist_info->wpw_password, password, strlen(apwlist_info->wpw_password)) == 0)
{
found++;
break;
}
}
}
if (found)
{
/* If entry is found remove it from the list and delete it. */
DLL_Remove((tqe_t *)&DES_Pw_List_Info,(tqe_t *) apwlist_info);
NU_Deallocate_Memory(apwlist_info);
}
else
return(-1);
return(NU_SUCCESS);
}
/* respond to a client request for authentication
* by sending a packet of random bits to be
* combined with the authentication data the user enters
*/
/************************************************************************
*
* FUNCTION
*
* DES_Send_Auth_Salt
*
* DESCRIPTION
*
*
*
* INPUTS
*
* *req
*
* OUTPUTS
*
* None
*
************************************************************************/
static VOID DES_Send_Auth_Salt(WS_REQUEST * req)
{
CHAR salt[(WPW_SALT_BYTES * 2) + 2];
CHAR nacl[WPW_SALT_BYTES];
INT j;
CHAR *s;
DES_Make_New_Salt(nacl); /* create a new random number */
#ifdef NU_WEBSERV_DEBUG
s = salt;
for(j = 0; j < WPW_SALT_BYTES; j++)
{
HTTP_Bin_To_Hex(nacl[j], s);
s += 2;
}
*s=0;
printf("random number(before encrypt): %s\n", salt);
#endif
ENC_Encrypt(req->ws_server->ws_master.ws_key, nacl,2);
s = salt;
for(j = 0; j < WPW_SALT_BYTES; j++)
{
HTTP_Bin_To_Hex(nacl[j], s);
s += 2;
}
*s = 0;
#ifdef NU_WEBSERV_DEBUG
printf("random number(after encrypt): %s\n",salt);
#endif
/* send it to the applet */
UTL_Zero(req->ws_rdata->ws_obuf, WS_OUT_BUFSZ);
WS_Write_To_Net(req, salt, strlen(salt), WS_FILETRNSFR);
}
/* 128 bit pseudo random Shift Register Generator (SRG)
*
* This routine stores a new 64 bit random number
* in the passed array. This routine is
* endian and word size independent.
*/
/************************************************************************
*
* FUNCTION
*
* DES_Make_New_Salt
*
* DESCRIPTION
*
*
*
* INPUTS
*
* *salt
*
* OUTPUTS
*
* None
*
************************************************************************/
static VOID DES_Make_New_Salt(CHAR *salt)
{
UINT8 r;
INT i, j, k;
/* taps at certain bits are xor'ed
* with the shift out bit and fed
* back into the shift in bit.
*/
r = DES_Reg[WPW_SRG_SIZE-1];
for( i=0; i<(WPW_SRG_SIZE-1); i++)
{
switch(i)
{
case 6: case 9: case 18:
case 31:case 42:case 54:
case 68:case 90:case 110:
r = (r ^ DES_Reg[i]); /* xor shift out bit with random stages */
};
DES_Reg[ (WPW_SRG_SIZE -1) -i ] = DES_Reg[ (WPW_SRG_SIZE -1) -(i+1) ];
}
DES_Reg[0] = r; /* and feed it back into the shift in bit */
k=0;
for( i = 0; i < WPW_SRG_SIZE - 1; i += 8)
{
for(j = 0; j < 7; j++)
{ /* pack the bits back into bytes */
salt[k] |= DES_Reg[i + j];
salt[k] <<=1;
}
salt[k] |= DES_Reg[i + j];
k++;
}
}
#endif /* WS_AUTH_PLUGIN */
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -