session.cpp

一百个病毒的源代码 包括熊猫烧香等 极其具有研究价值

   if(ses_file_handle == NULL)
   {
      syslog(LOG_MAIL | LOG_ERR,
		"Could not create session file (%s)",strerror(errno));
      return(-1);
   } 

   fprintf(ses_file_handle,"loginname=%s\n",user_ses.loginname);
   if(user_ses.name != NULL)
      fprintf(ses_file_handle,"name=%s\n",user_ses.name);
   fprintf(ses_file_handle,"remoteip=%s\n",user_ses.remoteip);

   fclose(ses_file_handle);

   return(0);
}

///////////////////////////////////////////////////////////////////////
//This will delete the users session file from the local state directory 
//   user_ses.sessionid required

int logout_session(void)
{
   int err=0;
   char* ses_filename;

   if(user_ses.sessionid == NULL)
      return(-1);

   ses_filename=create_ses_filename();

   if(ses_filename == NULL)
      return(-1);

   setuid(euid);
   err=file_exists(ses_filename);

   if(err == 0)
   {
      setuid(ruid);
      syslog(LOG_MAIL | LOG_ERR,"Cannot delete file that does not exist");
      free(ses_filename);
      return(-1);
   }
   if(err == -1)
   {
      setuid(ruid);
      return(-1);
   }

   err=unlink(ses_filename);
   setuid(ruid);

   if(err != 0)
   {
      syslog(LOG_MAIL | LOG_ERR,"Could not delete session file %s (%s)",
			ses_filename,strerror(errno));
      free(ses_filename);
      return(-1);
   }

   free(ses_filename);

   return(0); 
}

///////////////////////////////////////////////////////////////////////
//This function will clean up old out-dated sessions from the local
//   state directory

int cleanup_sessions(void)
{
   DIR* dirptr=NULL;
   struct dirent* direntptr=NULL;
   struct stat file_stat;
   int err=0;
   char* old_cwd=NULL;

   if( (old_cwd=getcwd(NULL,0)) == NULL)
   {
      syslog(LOG_MAIL | LOG_ERR,"error during getcwd");
      return(-1);
   }

   setuid(euid);

   if( chdir(LOCKDIR) != 0)
   {
      setuid(ruid);
      syslog(LOG_MAIL | LOG_ERR,"could not chdir(LOCKDIR) (%s)",
				strerror(errno));
      return(-1);
   }

   dirptr=opendir(LOCKDIR);

   if(dirptr == NULL)
   {
      syslog(LOG_MAIL | LOG_ERR,
	"could not open LOCKDIR for reading (%s)",strerror(errno));

      return(-1);
   }

   while( (direntptr=readdir(dirptr)) != NULL )
   {
      if( strncmp(direntptr->d_name,SESPREFIX,sizeof(SESPREFIX)-1) == 0) 
      {
         if( stat(direntptr->d_name,&file_stat) == 0 ) 
         {
            if( difftime(time(NULL),file_stat.st_atime) > TIMEOUTVALUE )
            {
              err=unlink(direntptr->d_name);

              if(err != 0)
                 syslog(LOG_MAIL | LOG_ERR,"Could not delete file %s (%s)",
			direntptr->d_name,strerror(errno));
              else
                 syslog(LOG_MAIL | LOG_INFO,
			"Session file %s deleted. Timed out.",
			direntptr->d_name);
            }
         }
         else
            syslog(LOG_MAIL | LOG_ERR,"stat failed on %s (%s)",
			direntptr->d_name,
			strerror(errno));
      }
   }

   closedir(dirptr);

   setuid(ruid);

   return(0);
}

///////////////////////////////////////////////////////////////////////
//This will overwrite the password stored in memory. This way if we
//   get and error and core dump, the plaintext user password is not
//   stored on the system.

int destroy_passwd(char* passwd)
{
   if(passwd == NULL)
      return(-1);

   while(*passwd != '\0')
   {
      *passwd='\0';
      passwd++;
   }

   return(0);
}

///////////////////////////////////////////////////////////////////////

int init_user_ses(void)
{
   user_ses.sessionid=NULL;
   user_ses.loginname=NULL;
   user_ses.name=NULL;
   user_ses.remoteip=NULL;

   return(0);
}

///////////////////////////////////////////////////////////////////////
//This will free up memory used by the current session

int destroy_user_ses(void)
{
   if(user_ses.sessionid != NULL)
   {
      free(user_ses.sessionid);
      user_ses.sessionid=NULL;
   }
   if(user_ses.loginname != NULL)
   {
      free(user_ses.loginname);
      user_ses.loginname=NULL;
   }
   if(user_ses.name != NULL)
   {
      free(user_ses.name);
      user_ses.name=NULL;
   }
   if(user_ses.remoteip != NULL)
   {
      free(user_ses.remoteip);
      user_ses.remoteip=NULL;
   }

   return(0);
}

///////////////////////////////////////////////////////////////////////
//This function create a dynanically allocated string that represents
//   the session filename bases on LOCALSTATEDIR/ses_sessionid
//   returns pointer to filename if successful, NULL if memory error

char* create_ses_filename(void)
{
   char* ses_filename;
   size_t size_of_filename;

   if(user_ses.sessionid == NULL)
      return(NULL);

   size_of_filename=sizeof(LOCKDIR "/" SESPREFIX)+
		strlen(user_ses.sessionid)+1;      

   ses_filename=(char*)malloc(size_of_filename);

   if(ses_filename == NULL)
   {
      syslog(LOG_MAIL | LOG_ERR,"Out of memory (%s)",strerror(errno));
      return(NULL);
   }

   strcpy(ses_filename,LOCKDIR "/" SESPREFIX);
   strcat(ses_filename,user_ses.sessionid);

   return(ses_filename);
}

///////////////////////////////////////////////////////////////////////

int cleanup_tmp_files(void)
{
   DIR* tmp_dir=NULL;
   DIR* ses_dir=NULL;
   struct dirent* dir_entry=NULL;
   char* tmp_name=NULL;
   char* ses_name=NULL;
   char* tmp_ptr=NULL;

   int status=0;

   setuid(euid);
   tmp_dir=opendir(TMPDIR);
   setuid(ruid);

   if(tmp_dir == NULL)
   {
      syslog(LOG_MAIL | LOG_ERR,"could not open dir " TMPDIR " (%s)",
				strerror(errno));
      return(-1);
   }


   setuid(euid);
   ses_dir=opendir(LOCKDIR);
   setuid(ruid);

   if(ses_dir == NULL)
   {
      closedir(tmp_dir);
      syslog(LOG_MAIL | LOG_ERR,"could not open dir " LOCKDIR " (%s)",
				strerror(errno));
      return(-1);
   }


   do
   {
      status=0;

      do
      {
         dir_entry=readdir(tmp_dir);

         if(dir_entry == NULL)
            status=-1;
         else if(strncmp(dir_entry->d_name,TMPPREFIX,
			sizeof(TMPPREFIX)-1) == 0)
            status=1;
       
      }
      while(status == 0);

      if(status==1)
      {
         tmp_name=(char*) malloc(sizeof(TMPDIR "/") + 
			strlen(dir_entry->d_name));

         ses_name=strdup( (dir_entry->d_name) + sizeof(TMPPREFIX) -1);

         if(tmp_name == NULL || ses_name == NULL)
         {
            if(tmp_name != NULL)
               free(tmp_name);
            if(ses_name != NULL)
               free(ses_name);

            closedir(tmp_dir);
            closedir(ses_dir);

            syslog(LOG_MAIL | LOG_ERR,"Out of memory");
            return(-1);
         }

         strcpy(tmp_name,TMPDIR "/");
         strcat(tmp_name,dir_entry->d_name);

         tmp_ptr=strrchr(ses_name,'.');

         if(tmp_ptr != NULL)
            *tmp_ptr='\0';

         tmp_ptr=ses_name+sizeof(TMPPREFIX)-1;
     
         status=0;
         rewinddir(ses_dir);

         do
         {
            dir_entry=readdir(ses_dir);

            if(dir_entry == NULL)
               status=2;

            else if(dir_entry->d_name != NULL && 
		strncmp(dir_entry->d_name,SESPREFIX,sizeof(SESPREFIX)-1) == 0)
            {
               if(strcmp( (dir_entry->d_name)+sizeof(SESPREFIX)-1,
				ses_name) == 0)
                  status=1;
            }
         }
         while(status==0);

         if(status != 1)
         {
            syslog(LOG_MAIL | LOG_INFO,"deleting stale tmp file %s",
			tmp_name);

            setuid(euid);

            if(unlink(tmp_name) != 0)
            {
               syslog(LOG_MAIL | LOG_ERR,"Could not delete tmp file (%s)",
				strerror(errno));
               setuid(ruid);
               status=-1;
            }

            setuid(ruid);
         }
         free(tmp_name);
         tmp_name=NULL;
         free(ses_name);
         ses_name=NULL;
      }
   }
   while(status >= 0);



   closedir(tmp_dir);
   closedir(ses_dir);

   return(0);
}

///////////////////////////////////////////////////////////////////////