From e9cda7ec15f4406da1fb55e9f6ec4198cbc515bf Mon Sep 17 00:00:00 2001 From: Tomek Dubrownik Date: Mon, 30 Apr 2012 23:32:57 +0200 Subject: [PATCH 1/4] find card in ldap --- terminal/CMakeLists.txt | 6 ++- terminal/hash-one.c | 11 +++++ terminal/ldap.c | 91 ++++++++++++++++++++++++++++++++++++++--- 3 files changed, 101 insertions(+), 7 deletions(-) create mode 100644 terminal/hash-one.c diff --git a/terminal/CMakeLists.txt b/terminal/CMakeLists.txt index 1506ff3..7356de1 100644 --- a/terminal/CMakeLists.txt +++ b/terminal/CMakeLists.txt @@ -1,6 +1,8 @@ project(hf-terminal) add_executable(hf-terminal main.c tts.c base64.c ldap.c nfc.c) -set(CMAKE_C_FLAGS "-std=c99") +add_executable(hash-one hash-one.c ldap.c) +set(CMAKE_C_FLAGS "-std=c99 -g") -target_link_libraries(hf-terminal nfc m) +target_link_libraries(hf-terminal nfc m ldap crypto) +target_link_libraries(hash-one m crypto ldap) diff --git a/terminal/hash-one.c b/terminal/hash-one.c new file mode 100644 index 0000000..322ebcf --- /dev/null +++ b/terminal/hash-one.c @@ -0,0 +1,11 @@ +#include +#include "ldap.h" + +int main(int argc, char** argv) { + char hash[130]; + if(argc < 3) + return 1; + hash_mifare(argv[1], argv[2], hash); + printf("%s\n", hash); + return 0; +} diff --git a/terminal/ldap.c b/terminal/ldap.c index ae2a908..21d7234 100644 --- a/terminal/ldap.c +++ b/terminal/ldap.c @@ -1,9 +1,90 @@ +//sorry +#define LDAP_DEPRECATED 1 + +#include +#include +#include +#include +#include +#include +#include +#include "config.h" + +static char* ldap_attrs_hashes[] = { + "uid", + "mifareIDHash", + 0, +}; + +int hash_mifare(char *MifareID, char *salt, char* target) { + SHA256_CTX sha_c; + bzero(target, 130); + SHA256_Init(&sha_c); + SHA256_Update(&sha_c, salt, strnlen(salt, 64)); + SHA256_Update(&sha_c, MifareID, strnlen(MifareID, 64)); + strncat(target, salt, 63); + strcat(target, "$"); + unsigned char hash[65]; + SHA256_Final(hash, &sha_c); + target = target + strnlen(target, 64); + for(int i = 0; i < SHA256_DIGEST_LENGTH; ++i) { + sprintf(target, "%02x", hash[i]); + target += 2; + } + *(target + 1) = 0; +} + int ldap_dn_by_mifare(char *MifareID, char *DNOut, int *DNLength) { - // TODO: actually implement thid. tkd? + int i; + + LDAP *ld; + LDAPMessage *msg, *entry; + int result = 0, version = LDAP_VERSION3, nentries; + unsigned char **values, crypt_hash[130], + entry_salt[20]; - strncpy(DNOut, "q3k", *DNLength); - *DNLength = strlen("q3k"); - - return 0; + if(LDAP_SUCCESS != (result = ldap_initialize(&ld, LDAP_URL))) { + goto finalize; + } + if(LDAP_SUCCESS != (result = ldap_set_option(ld, LDAP_OPT_PROTOCOL_VERSION, &version))) { + goto finalize; + } +/* if(LDAP_SUCCESS != (result = ldap_start_tls_s(ld, NULL, NULL))) { + goto finalize; + }*/ + if(LDAP_SUCCESS != (result = ldap_bind_s(ld, LDAP_DN, LDAP_PW, LDAP_AUTH_SIMPLE))) { + goto finalize; + } + if(LDAP_SUCCESS != (result = ldap_search_s(ld, LDAP_BASE, LDAP_SCOPE_SUBTREE, + LDAP_FILTER_HASHES, ldap_attrs_hashes, 0, &msg))) { + goto search_finalize; + } + nentries = ldap_count_entries(ld, msg); + result = LDAP_NO_SUCH_OBJECT; + for(entry = ldap_first_entry(ld, msg); entry != NULL; entry = ldap_next_entry(ld, entry)) { + values = ldap_get_values(ld, entry, "mifareIDHash"); + if(values) { + for(i = 0; values[i] != NULL; ++i) { + bzero(entry_salt, 20); + int hash_len = strcspn(values[i], "$"); + strncpy(entry_salt, values[i], hash_len); + hash_mifare(MifareID, entry_salt, crypt_hash); + if(!strncmp(crypt_hash, values[i], 128)) { + char *dn = ldap_get_dn(ld, entry); + strncpy(DNOut, dn, *DNLength); + DNOut[*DNLength - 1] = 0; + *DNLength = strlen(dn); + ldap_memfree(dn); + result = 0; + } + } + ldap_value_free(values); + } + } +search_finalize: + ldap_msgfree(msg); +finalize: + ldap_unbind_s(ld); + return result; } From 343fc2dc5885112d99a924e38c8ecf0cf47dbc17 Mon Sep 17 00:00:00 2001 From: Tomek Dubrownik Date: Mon, 30 Apr 2012 23:35:04 +0200 Subject: [PATCH 2/4] config.h template --- terminal/config.h.dist | 10 ++++++++++ 1 file changed, 10 insertions(+) create mode 100644 terminal/config.h.dist diff --git a/terminal/config.h.dist b/terminal/config.h.dist new file mode 100644 index 0000000..c36d48c --- /dev/null +++ b/terminal/config.h.dist @@ -0,0 +1,10 @@ +#ifndef __FRIDGE_CONFIG__ +#define __FRIDGE_CONFIG__ + +#define LDAP_URL "ldap://ldap.somecorp.com" +#define LDAP_DN "cn=somecn,dc=somecorp,dc=com" +#define LDAP_PW "password" +#define LDAP_BASE "ou=Peole,dc=somecorp,dc=com" +#define LDAP_FILTER_HASHES "objectClass=hsMember" + +#endif From d5ad4466825bb18931429cb3c614fce329cf20ec Mon Sep 17 00:00:00 2001 From: Tomek Dubrownik Date: Tue, 1 May 2012 03:31:29 +0200 Subject: [PATCH 3/4] binary consts removed (gcc) --- terminal/base64.c | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/terminal/base64.c b/terminal/base64.c index d5055bc..2e707e6 100644 --- a/terminal/base64.c +++ b/terminal/base64.c @@ -113,10 +113,10 @@ void bin_to_b64(char *out, char* in, unsigned int in_length) char a, b, c; a = in[i * 3]; b = in[i * 3 + 1]; c = in[i * 3 + 2]; - out[i * 4 ] = b64_lut[ (a & 0b11111100) >> 2 ]; - out[i * 4 + 1] = b64_lut[((a & 0b00000011) << 4 ) | ((b & 0b11110000) >> 4)]; - out[i * 4 + 2] = b64_lut[((b & 0b00001111) << 2) | ((c & 0b11000000) >> 6)]; - out[i * 4 + 3] = b64_lut[ c & 0b00111111 ]; + out[i * 4 ] = b64_lut[ (a & 252) >> 2 ]; + out[i * 4 + 1] = b64_lut[((a & 3) << 4 ) | ((b & 240) >> 4)]; + out[i * 4 + 2] = b64_lut[((b & 15) << 2) | ((c & 192) >> 6)]; + out[i * 4 + 3] = b64_lut[ c & 63 ]; } unsigned int final_length = complete_quads * 4; @@ -126,8 +126,8 @@ void bin_to_b64(char *out, char* in, unsigned int in_length) case 1: { char a = in[complete_quads * 3]; - out[complete_quads * 4 ] = b64_lut[(a & 0b11111100) >> 2]; - out[complete_quads * 4 + 1] = b64_lut[(a & 0b00000011) << 4]; + out[complete_quads * 4 ] = b64_lut[(a & 252) >> 2]; + out[complete_quads * 4 + 1] = b64_lut[(a & 3) << 4]; out[complete_quads * 4 + 2] = '='; out[complete_quads * 4 + 3] = '='; final_length += 4; @@ -137,9 +137,9 @@ void bin_to_b64(char *out, char* in, unsigned int in_length) { char a, b; a = in[complete_quads * 3]; b = in[complete_quads * 3 + 1]; - out[complete_quads * 4 ] = b64_lut[ (a & 0b11111100) >> 2 ]; - out[complete_quads * 4 + 1] = b64_lut[((a & 0b00000011) << 4) | ((b & 0b11110000) >> 4)]; - out[complete_quads * 4 + 2] = b64_lut[((b & 0b00001111) << 2) ]; + out[complete_quads * 4 ] = b64_lut[ (a & 252) >> 2 ]; + out[complete_quads * 4 + 1] = b64_lut[((a & 3) << 4) | ((b & 240) >> 4)]; + out[complete_quads * 4 + 2] = b64_lut[((b & 15) << 2) ]; out[complete_quads * 4 + 3] = '='; final_length += 4; break; From 657398da2fefecddd3353cb92c5cc21ac6aafcb7 Mon Sep 17 00:00:00 2001 From: Tomek Dubrownik Date: Tue, 1 May 2012 06:17:38 +0200 Subject: [PATCH 4/4] NO_SUCH_CARD retcode --- terminal/ldap.c | 2 ++ terminal/ldap.h | 1 + terminal/nfc.c | 2 +- 3 files changed, 4 insertions(+), 1 deletion(-) diff --git a/terminal/ldap.c b/terminal/ldap.c index 21d7234..b1ed620 100644 --- a/terminal/ldap.c +++ b/terminal/ldap.c @@ -10,6 +10,8 @@ #include #include "config.h" +const int NO_SUCH_CARD = LDAP_NO_SUCH_OBJECT; + static char* ldap_attrs_hashes[] = { "uid", "mifareIDHash", diff --git a/terminal/ldap.h b/terminal/ldap.h index 24808ad..1a62b38 100644 --- a/terminal/ldap.h +++ b/terminal/ldap.h @@ -2,5 +2,6 @@ #define __LDAP_H__ int ldap_dn_by_mifare(char *MifareID, char *DNOut, int *DNLength); +const int NO_SUCH_CARD; #endif diff --git a/terminal/nfc.c b/terminal/nfc.c index 06af325..27f6574 100644 --- a/terminal/nfc.c +++ b/terminal/nfc.c @@ -45,7 +45,7 @@ void nfc_poll(void) if (LDAPResult > 0) { - if (LDAPResult == 1) + if (LDAPResult == NO_SUCH_CARD) { tts_speak("Nieznana karta."); sleep(5);