logauth
/
SATS
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Restructuring with shell_exec, with shell facades for php scripts (shebang trouble because displaying itself) + log management

This commit is contained in:
xdrm-brackets 2017-01-27 20:41:02 +01:00
parent 47f8937030
commit e69f2b58f3
14 changed files with 430 additions and 250 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
lib/api/auth
View File

@ -1,8 +0,0 @@
#!/usr/bin/php
<?php
// will return "token" with is the cyclic hash
// and optionnally "renew" if the secret has changed
?>

3
lib/api/request Executable file
View File

@ -0,0 +1,3 @@
#!/bin/sh
php $(realpath $(dirname $0))/source/request.php;

56
lib/api/send
View File

@ -1,56 +0,0 @@
#!/usr/bin/php
<?php
require_once __DIR__.'/../include/const';
// will send the request using `auth` for cyclic hash
function api_send(){
/* [1] Fetch useful data
=========================================================*/
/* (1) Fetch target url */
$url = @file_get_contents(URL_CONF);
if( $url === false )
return 127;
/* (2) Fetch cyclic hash */
$hash = syscall(SOURCE_DIR.'/lib/cyclic-hash/hash');
var_dump($hash);
if( strlen($hash) != 128 )
return 127;
/* (3) Try new hash if available */
$new = syscall(SOURCE_DIR.'/lib/cyclic-hash/new');
var_dump('new'); var_dump($new);
/* (4) Decrement the hash */
var_dump( 'decr: ',syscall(SOURCE_DIR.'/lib/cyclic-hash/decr') );
/* [1] Create httpRequest basis
=========================================================*/
/* (1) Set URL */
$curl = curl_init($url);
/* (2) Set HTTP method -> POST */
curl_setopt($curl, CURLOPT_POST, true);
/* (3) Set headers */
curl_setopt($curl, CURLOPT_HTTPHEADER, [
'Content-Type: multipart/form-data; boundary='
]);
}
echo api_send();
?>

109
lib/api/source/request.php Executable file
View File

@ -0,0 +1,109 @@
<?php
require_once __DIR__.'/../../include/const';
function api_request(){
/* [1] Fetch & generate useful data
=========================================================*/
/* (1) Fetch target url */
$url = @file_get_contents(URL_CONF);
if( $url === false )
return 127;
/* (2) Fetch cyclic hash */
$hash = syscall(SOURCE_DIR.'/lib/cyclic-hash/hash');
if( strlen($hash) != 128 )
return 127;
/* (3) Try new hash if available */
$new = syscall(SOURCE_DIR.'/lib/cyclic-hash/new');
if( $new === false )
return 127;
/* (4) Decrement the hash */
$decr = syscall(SOURCE_DIR.'/lib/cyclic-hash/decr');
if( $decr === false )
return 127;
/* (5) Generate the multipart boundary */
$boundary = 'boundary--'.hash('sha512', uniqid()).'--boundary';
/* (6) Fetch data */
$data = json_decode(syscall(SOURCE_DIR.'/lib/api/fetchdata'));
if( is_null($data) )
$data = "{}";
/* [2] Create httpRequest basis
=========================================================*/
/* (1) Set URL */
$curl = curl_init($url);
/* (2) Set HTTP method -> POST */
curl_setopt($curl, CURLOPT_POST, true);
/* [3] Manage post data
=========================================================*/
/* (1) Set post data */
$postarray = [
'token' => $hash,
'data' => $data
];
/* (2) Add renew if renew */
if( strlen($new) == 128 )
$postarray['renew'] = $new;
/* (3) Parse postfiels to multipart format */
$postraw = "--$boundary";
foreach($postarray as $postkey=>$postvalue)
$postraw .= "\r\ncontent-disposition: form-data; name=\"$postkey\"\r\n\r\n$postvalue\r\n--$boundary";
$postraw .= "--";
/* (4) Set postdata raw to curl */
curl_setopt($curl, CURLOPT_POSTFIELDS, $postraw);
/* [4] Manage headers
=========================================================*/
curl_setopt($curl, CURLOPT_HTTPHEADER, [
"Content-Type: multipart/form-data; boundary=$boundary",
"Content-Length: ".strlen($postraw)
]);
/* [5] Send and catch request response
=========================================================*/
/* (1) Send and catch response */
$response = curl_exec($curl);
/* (2) Close request */
curl_close($curl);
/* (3) Return response as result */
if( $response === false )
return 127;
return $response;
}
echo api_request();
?>

106
lib/api/source/sync.php Executable file
View File

@ -0,0 +1,106 @@
<?php
require_once __DIR__.'/../../include/const';
function api_sync(){
/* [1] Fetch & generate useful data
=========================================================*/
/* (1) Fetch target url */
$url = @file_get_contents(URL_CONF);
if( $url === false )
return 127;
/* (2) Fetch cyclic hash */
$hash = syscall(SOURCE_DIR.'/lib/cyclic-hash/hash');
if( strlen($hash) != 128 )
return 127;
/* (3) Try new hash if available */
$new = syscall(SOURCE_DIR.'/lib/cyclic-hash/new');
if( $new === false )
return 127;
/* (4) Decrement the hash */
$decr = syscall(SOURCE_DIR.'/lib/cyclic-hash/decr');
if( $decr === false )
return 127;
/* (5) Generate the multipart boundary */
$boundary = 'boundary--'.hash('sha512', uniqid()).'--boundary';
/* (6) Fetch data */
$data = json_decode(syscall(SOURCE_DIR.'/lib/api/fetchdata'));
if( is_null($data) )
$data = "{}";
/* [2] Create httpRequest basis
=========================================================*/
/* (1) Set URL */
$curl = curl_init($url);
/* (2) Set HTTP method -> POST */
curl_setopt($curl, CURLOPT_POST, true);
/* [3] Manage post data
=========================================================*/
/* (1) Set post data */
$postarray = [
'token' => $hash,
'data' => $data
];
/* (2) Add renew if renew */
if( strlen($new) == 128 )
$postarray['renew'] = $new;
/* (3) Parse postfiels to multipart format */
$postraw = "--$boundary";
foreach($postarray as $postkey=>$postvalue)
$postraw .= "\r\ncontent-disposition: form-data; name=\"$postkey\"\r\n\r\n$postvalue\r\n--$boundary";
$postraw .= "--";
/* (4) Set postdata raw to curl */
curl_setopt($curl, CURLOPT_POSTFIELDS, $postraw);
/* [4] Manage headers
=========================================================*/
curl_setopt($curl, CURLOPT_HTTPHEADER, [
"Content-Type: multipart/form-data; boundary=$boundary",
"Content-Length: ".strlen($postraw)
]);
/* [5] Send and catch request response
=========================================================*/
/* (1) Send and catch response */
$response = curl_exec($curl);
/* (2) Close request */
curl_close($curl);
/* (3) Return response as result */
return $response;
}
echo api_sync();
?>

3
lib/api/sync Executable file
View File

@ -0,0 +1,3 @@
#!/bin/sh
php $(realpath $(dirname $0))/source/sync.php;

93
lib/cyclic-hash/decr
View File

@ -1,92 +1,3 @@
#!/usr/bin/php #!/bin/sh
<?php php $(realpath $(dirname $0))/source/decr.php;
require_once __DIR__.'/../include/const';
/* [1] Function that generates a random secret
=========================================================*/
function generate_secret(){
/* (1) Generate random set */
$charlist = '0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ_';
/* (2) Set useful variables */
$clen = strlen($charlist);
$secret = '';
/* (3) Generate random characters one by one */
for( $i = 0 ; $i < SECRET_SIZE ; $i++ )
$secret .= $charlist[rand(0, $clen - 1)];
/* (4) Return the secret */
return $secret;
}
function cyclichash_decr(){
/* [2] Fetch necessary data
=========================================================*/
/* (1) Fetch secret file */
$secret = @file_get_contents(SECRET_CONF);
/* (2) Check secret file format */
if( !is_string($secret) || !preg_match("/^(.{250}):(\d+)$/", $secret, $match) ){
// Generate new secret
$secret = generate_secret().':1000';
// Try to override the secret file
if( @file_put_contents(SECRET_CONF, $secret) )
return 0;
else
return 127;
}
/* (3) Extract data */
$key = (string) $match[1];
$depth = (int) $match[2];
/* [3] If can decrement, decrement
=========================================================*/
if( $depth > 1 ){
/* (1) Decrement the depth */
$depth--;
/* (2) Try to override the secret file */
if( @file_put_contents(SECRET_CONF, "$key:$depth") )
return 0;
else
return 127;
/* [4] If cannot decrement, generate new password
=========================================================*/
}else{
// Generate new secret
$secret = generate_secret().':999';
// Try to override the secret file
if( @file_put_contents(SECRET_CONF, $secret) )
return 0;
else
return 127;
}
return 0;
}
echo cyclichash_decr();
?>

41
lib/cyclic-hash/hash
View File

@ -1,40 +1,3 @@
#!/usr/bin/php #!/bin/sh
<?php
require_once __DIR__.'/../include/const';
function cyclichash_hash(){
/* [1] Fetch necessary data
=========================================================*/
/* (1) Fetch secret file */
$secret = @file_get_contents(SECRET_CONF);
/* (2) Check secret file format */
if( !is_string($secret) || !preg_match("/^(.{".SECRET_SIZE."}):(\d+)$/", $secret, $match) )
return 127;
/* (3) Extract data for hashing from @secret */
$key = (string) $match[1];
$depth = (int) $match[2];
/* [2] Hash data
=========================================================*/
/* (1) Initialize with data */
$hash = $key;
/* (2) Hash @depth times */
for( $d = 0 ; $d < $depth ; $d++ )
$hash = hash('sha512', $hash);
return $hash;
}
echo cyclichash_hash();
?>
php $(realpath $(dirname $0))/source/hash.php;

44
lib/cyclic-hash/new
View File

@ -1,43 +1,3 @@
#!/usr/bin/php #!/bin/sh
<?php php $(realpath $(dirname $0))/source/new.php;
require_once __DIR__.'/../include/const';
function cyclichash_new(){
/* [1] Fetch necessary data
=========================================================*/
/* (1) Fetch secret file */
$secret = @file_get_contents(SECRET_CONF);
/* (2) Check secret file format */
if( !is_string($secret) || !preg_match("/^(.{".SECRET_SIZE."}):(\d+)$/", $secret, $match) )
return 127;
/* (3) Extract data for hashing from @secret */
$key = (string) $match[1];
$depth = (int) $match[2];
/* (4) Die if not token not changed */
if( $depth < 999 )
return 0;
/* [2] If hash have just been created (original depth = 1000)
=========================================================*/
/* (1) Return new hash */
$newhash = $key;
/* (2) Hash @depth times = 1000 */
for( $d = 0 ; $d < 1000 ; $d++ )
$newhash = hash('sha512', $newhash);
return $newhash;
}
echo cyclichash_new();
?>

99
lib/cyclic-hash/source/decr.php Executable file
View File

@ -0,0 +1,99 @@
<?php
require_once __DIR__.'/../../include/const';
/* [1] Function that generates a random secret
=========================================================*/
function generate_secret(){
/* (1) Generate random set */
$charlist = '0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ_';
/* (2) Set useful variables */
$clen = strlen($charlist);
$secret = '';
/* (3) Generate random characters one by one */
for( $i = 0 ; $i < SECRET_SIZE ; $i++ )
$secret .= $charlist[rand(0, $clen - 1)];
/* (4) Return the secret */
return $secret;
}
function cyclichash_decr(){
/* [2] Fetch necessary data
=========================================================*/
/* (1) Fetch secret file */
$secret = @file_get_contents(SECRET_CONF);
/* (2) Check secret file format */
if( !is_string($secret) || !preg_match("/^(.{250}):(\d+)$/", $secret, $match) ){
// Generate new secret
$secret = generate_secret().':999';
// Try to override the secret file
if( @file_put_contents(SECRET_CONF, $secret) ){
slog("Random secret generated successfully", 'cyclic-hash:decr');
return 0;
}else{
slog("Error while generating new random secret", 'cyclic-hash:decr');
return 127;
}
}
/* (3) Extract data */
$key = (string) $match[1];
$depth = (int) $match[2];
/* [3] If can decrement, decrement
=========================================================*/
if( $depth > 1 ){
/* (1) Decrement the depth */
$depth--;
/* (2) Try to override the secret file */
if( @file_put_contents(SECRET_CONF, "$key:$depth") ){
slog("Secret depth decremented to $depth", 'cyclic-hash:decr');
return 0;
}else{
slog("Error while decrementing secret depth", 'cyclic-hash:decr');
return 127;
}
/* [4] If cannot decrement, generate new password
=========================================================*/
}else{
// Generate new secret
$secret = generate_secret().':999';
// Try to override the secret file
if( @file_put_contents(SECRET_CONF, $secret) ){
slog("Random secret generated successfully", 'cyclic-hash:decr');
return 0;
}else{
slog("Error while generating new random secret", 'cyclic-hash:decr');
return 127;
}
}
return 0;
}
echo cyclichash_decr();
?>

42
lib/cyclic-hash/source/hash.php Executable file
View File

@ -0,0 +1,42 @@
#!/usr/bin/php
<?php
require_once __DIR__.'/../../include/const';
function cyclichash_hash(){
/* [1] Fetch necessary data
=========================================================*/
/* (1) Fetch secret file */
$secret = @file_get_contents(SECRET_CONF);
/* (2) Check secret file format */
if( !is_string($secret) || !preg_match("/^(.{".SECRET_SIZE."}):(\d+)$/", $secret, $match) )
return 127;
/* (3) Extract data for hashing from @secret */
$key = (string) $match[1];
$depth = (int) $match[2];
/* [2] Hash data
=========================================================*/
/* (1) Initialize with data */
$hash = $key;
/* (2) Hash @depth times */
for( $d = 0 ; $d < $depth ; $d++ )
$hash = hash('sha512', $hash);
slog("Returning hash with $depth depth", 'cyclic-hash:hash');
return $hash;
}
echo cyclichash_hash();
?>

48
lib/cyclic-hash/source/new.php Executable file
View File

@ -0,0 +1,48 @@
#!/usr/bin/php
<?php
require_once __DIR__.'/../../include/const';
function cyclichash_new(){
/* [1] Fetch necessary data
=========================================================*/
/* (1) Fetch secret file */
$secret = @file_get_contents(SECRET_CONF);
/* (2) Check secret file format */
if( !is_string($secret) || !preg_match("/^(.{".SECRET_SIZE."}):(\d+)$/", $secret, $match) ){
slog("Error while reading secret", 'cyclic-hash:new');
return 127;
}
/* (3) Extract data for hashing from @secret */
$key = (string) $match[1];
$depth = (int) $match[2];
/* (4) Die if not token not changed */
if( $depth < 999 ){
slog("No new secret with $depth depth", 'cyclic-hash:new');
return 0;
}
/* [2] If hash have just been created (original depth = 1000)
=========================================================*/
/* (1) Return new hash */
$newhash = $key;
/* (2) Hash @depth times = 1000 */
for( $d = 0 ; $d < 1000 ; $d++ )
$newhash = hash('sha512', $newhash);
slog("New secret with $depth depth", 'cyclic-hash:new');
return $newhash;
}
echo cyclichash_new();
?>

1
lib/include/const
View File

@ -1,4 +1,3 @@
#!/usr/bin/php
<?php <?php
# RESET OUTPUT BUFFER # RESET OUTPUT BUFFER

27
lib/include/func
View File

@ -1,29 +1,30 @@
#!/usr/bin/php
<?php <?php
/* [1] Launches external script /* [1] Launches external script
=========================================================*/ =========================================================*/
function syscall($callable=null){ function syscall($dependency=null){
ini_set('display_errors', 'On');
error_reporting(E_ALL);
/* (1) Check file */ /* (1) Check file */
if( is_null($callable) || !file_exists($callable) ) if( is_null($dependency) || !file_exists($dependency) )
return false; return false;
/* (2) Call and catch output */ /* (2) Call and catch output */
ob_start(); $out = shell_exec($dependency);
include $callable;
$out = ob_get_clean();
/* (3) Remove unnecessary (#!/usr/bin/php) from input */ /* (3) Clean output */
$out = preg_replace("/^(\s*#!\/usr\/bin\/php\s*)*/", "", $out); $out = preg_replace('/^\s+/', '', $out);
$out = preg_replace("/\s$/", "", $out); $out = preg_replace('/\s+$/', '', $out);
/* (4) Manage result */ /* (4) Manage result */
if( is_numeric($out) ) return ($out==0); if( is_numeric($out) ) return ($out==0);
else return $out; else return $out;
} }
/* [2] Log management
=========================================================*/
function slog($message="unknown error...", $feature="default", $flag="daemon"){
file_put_contents(LOG_DIR."/$flag", time()." [$feature] $message\n", FILE_APPEND);
}
?> ?>