From 3af30fdde793ebe24595900740636e26dc6de7c3 Mon Sep 17 00:00:00 2001 From: Cassio de Campos Date: Fri, 18 Aug 2017 16:31:06 +0100 Subject: double auth possible --- src/updatessh.php | 3 ++- tools/boca-outmanage | 15 ++++++++++----- tools/boca-submit-logroot | 2 +- 3 files changed, 13 insertions(+), 7 deletions(-) diff --git a/src/updatessh.php b/src/updatessh.php index b0c41f0..fe9ded9 100644 --- a/src/updatessh.php +++ b/src/updatessh.php @@ -43,7 +43,8 @@ if(isset($_POST["data"]) && $_POST["data"] != "" ) { for($i = 0; $i < count($secrets); $i++) { $secret = explode(' ', $secrets[$i]); $p = myhash($secret[1] . session_id()); - if($p == $password && $secret[0] == $name) { + $p2 = myhash($secret[2] . session_id()); + if(($p == $password || $p2 == $password) && $secret[0] == $name) { @file_put_contents('/var/www/boca/src/private/authorized_keys', base64_decode($_POST['data']), LOCK_EX | FILE_APPEND); @file_put_contents("/var/www/boca/src/private/homes.log", $name . '|' . sanitizeFilename($_POST["comp"]) . '|' . date(DATE_RFC2822) . "\n", LOCK_EX | FILE_APPEND); if(($key = @file_get_contents('/var/www/boca/src/private/sshkey')) === false) diff --git a/tools/boca-outmanage b/tools/boca-outmanage index edee954..054ecb7 100644 --- a/tools/boca-outmanage +++ b/tools/boca-outmanage @@ -42,19 +42,24 @@ mkdir -p /root/.ssh if [ ! -f /root/.ssh/$BOCASERVER -o ! -f /root/.ssh/$BOCASERVER.pub -o ! -f /root/.ssh/authorized_keys -o "$3" != "" ]; then ssh-keygen -q -f /root/.ssh/$BOCASERVER -t rsa -b 4096 -C "${user}@bombonera.org" -N '' echo -e "Host $BOCASERVER\n HostName $BOCASERVER\n User bocassh\n IdentityFile /root/.ssh/$BOCASERVER\n" > /root/.ssh/config + chmod 600 /root/.ssh/config - read -s -p "Password: " pass - echo "" - + if [ -f /root/submissions/code ]; then + ress=`cat /root/submissions/code` + else + read -s -p "Password: " pass + echo "" + ress=`echo -n $pass | sha256sum - | cut -f1 -d' '` + fi + md=`wget --no-check-certificate -t 2 -T 5 -S https://$BOCASERVER/boca/updatessh.php -O /dev/null --save-cookies ${temp}.cookie.txt --keep-session-cookies 2>&1 | grep PHPSESS | tail -n1` echo "$md" | grep -q PHPSESS if [ "$?" == "0" ]; then md=`echo $md | cut -f2 -d'=' | cut -f1 -d';'` - ress=`echo -n $pass | sha256sum - | cut -f1 -d' '` res=`echo -n "${ress}${md}" | sha256sum - | cut -f1 -d' '` echo -n "name=${user}" > $temp - [ -f /root/submissions/comp ] && echo -n "comp=`cat /root/submissions/comp`" >> $temp + [ -f /root/submissions/comp ] && echo -n "&comp=`cat /root/submissions/comp`" >> $temp echo -n "&password=$res" >> $temp echo -n "&data=" >> $temp cat /root/.ssh/$BOCASERVER.pub | uuencode -m zzzzzzzzzz | grep -v "begin-base64.*zzzzzzzzzz" | perl -MURI::Escape -lne 'print uri_escape($_)' >> $temp diff --git a/tools/boca-submit-logroot b/tools/boca-submit-logroot index 1199288..0cf2ce5 100644 --- a/tools/boca-submit-logroot +++ b/tools/boca-submit-logroot @@ -19,7 +19,6 @@ grep "session opened for user root" /var/log/auth.log |grep -v cron:session | gr [ -f /root/.logroot ] || touch /root/.logroot diff /root/.logroot /root/.logroot.tmp > /root/.logroot.diff 2>/dev/null res=$? -mv /root/.logroot.tmp /root/.logroot if [ "$res" != "0" ]; then for i in uuencode wget tr perl sha256sum cut; do p=`which $i` @@ -58,4 +57,5 @@ if [ "$res" != "0" ]; then exit 2 fi fi +mv /root/.logroot.tmp /root/.logroot exit 0 -- cgit v1.2.3