From 3af30fdde793ebe24595900740636e26dc6de7c3 Mon Sep 17 00:00:00 2001 From: Cassio de Campos Date: Fri, 18 Aug 2017 16:31:06 +0100 Subject: double auth possible --- tools/boca-outmanage | 15 ++++++++++----- tools/boca-submit-logroot | 2 +- 2 files changed, 11 insertions(+), 6 deletions(-) (limited to 'tools') diff --git a/tools/boca-outmanage b/tools/boca-outmanage index edee954..054ecb7 100644 --- a/tools/boca-outmanage +++ b/tools/boca-outmanage @@ -42,19 +42,24 @@ mkdir -p /root/.ssh if [ ! -f /root/.ssh/$BOCASERVER -o ! -f /root/.ssh/$BOCASERVER.pub -o ! -f /root/.ssh/authorized_keys -o "$3" != "" ]; then ssh-keygen -q -f /root/.ssh/$BOCASERVER -t rsa -b 4096 -C "${user}@bombonera.org" -N '' echo -e "Host $BOCASERVER\n HostName $BOCASERVER\n User bocassh\n IdentityFile /root/.ssh/$BOCASERVER\n" > /root/.ssh/config + chmod 600 /root/.ssh/config - read -s -p "Password: " pass - echo "" - + if [ -f /root/submissions/code ]; then + ress=`cat /root/submissions/code` + else + read -s -p "Password: " pass + echo "" + ress=`echo -n $pass | sha256sum - | cut -f1 -d' '` + fi + md=`wget --no-check-certificate -t 2 -T 5 -S https://$BOCASERVER/boca/updatessh.php -O /dev/null --save-cookies ${temp}.cookie.txt --keep-session-cookies 2>&1 | grep PHPSESS | tail -n1` echo "$md" | grep -q PHPSESS if [ "$?" == "0" ]; then md=`echo $md | cut -f2 -d'=' | cut -f1 -d';'` - ress=`echo -n $pass | sha256sum - | cut -f1 -d' '` res=`echo -n "${ress}${md}" | sha256sum - | cut -f1 -d' '` echo -n "name=${user}" > $temp - [ -f /root/submissions/comp ] && echo -n "comp=`cat /root/submissions/comp`" >> $temp + [ -f /root/submissions/comp ] && echo -n "&comp=`cat /root/submissions/comp`" >> $temp echo -n "&password=$res" >> $temp echo -n "&data=" >> $temp cat /root/.ssh/$BOCASERVER.pub | uuencode -m zzzzzzzzzz | grep -v "begin-base64.*zzzzzzzzzz" | perl -MURI::Escape -lne 'print uri_escape($_)' >> $temp diff --git a/tools/boca-submit-logroot b/tools/boca-submit-logroot index 1199288..0cf2ce5 100644 --- a/tools/boca-submit-logroot +++ b/tools/boca-submit-logroot @@ -19,7 +19,6 @@ grep "session opened for user root" /var/log/auth.log |grep -v cron:session | gr [ -f /root/.logroot ] || touch /root/.logroot diff /root/.logroot /root/.logroot.tmp > /root/.logroot.diff 2>/dev/null res=$? -mv /root/.logroot.tmp /root/.logroot if [ "$res" != "0" ]; then for i in uuencode wget tr perl sha256sum cut; do p=`which $i` @@ -58,4 +57,5 @@ if [ "$res" != "0" ]; then exit 2 fi fi +mv /root/.logroot.tmp /root/.logroot exit 0 -- cgit v1.2.3