API tools faq
paste
Advertisement
FlyFar

apop.c

FlyFar
May 15th, 2024
536
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
C 2.24 KB | Cybersecurity | 0 0
raw download clone embed print report
  1.  
  2. #include <stdio.h>
  3. #include <string.h>
  4.  
  5. #include <unistd.h>
  6. #include <time.h>
  7. #include <pwd.h>
  8.  
  9. /* syslog by A. van Veen <Andre.C.VanVeen@ruhr-uni-bochum.de> 1999-04-11
  10. /**************************************************************************/
  11. #ifndef NO_SYSLOG
  12. #include <syslog.h>
  13. #endif
  14. /**************************************************************************/
  15. #include <sys/types.h>
  16.  
  17. #include "pop3.h"
  18.  
  19. /* added by Glynn Clements <glynn@sensei.co.uk> 1997-06-02 */
  20.  
  21. /**************************************************************************/
  22.  
  23. static char timestamp[256];
  24. static int stamplen;
  25.  
  26. /**************************************************************************/
  27.  
  28. char *
  29. apop_timestamp()
  30. {
  31.     time_t t;
  32.     struct tm *tm;
  33.  
  34.     time(&t);
  35.     tm = localtime(&t);
  36.     strftime(timestamp, sizeof(timestamp), "<%a %b %d %H:%M:%S %Y>", tm);
  37.  
  38.     return timestamp;
  39. }
  40.  
  41. /**************************************************************************/
  42.  
  43. /* Verify a usercode/password-hash */
  44. int
  45. verify_user_apop(user, pass)
  46. char *user;
  47. char *pass;
  48. {
  49.     char buff[1024];
  50.     int userlen, passlen;
  51.     FILE *fp;
  52.     char *p, *q;
  53.     struct passwd *pwd;
  54.  
  55.     for (p = user; *p; p++)
  56.         *p = tolower(*p);
  57.     userlen = p - user;
  58.  
  59.     pwd = getpwnam(user);
  60.     if (!pwd) return -1;    /* User not found, return error */
  61.  
  62.     fp = fopen(APOP_PASSWORD_FILE, "r");
  63.     if (!fp)
  64.     {
  65. #ifndef NO_SYSLOG
  66.         syslog( SYSLOGPRI, "Could not open %s", APOP_PASSWORD_FILE);
  67. #endif
  68.         return -1;
  69.     }
  70.  
  71.     while (1)
  72.     {
  73.         if (feof(fp))
  74.         {
  75. #ifndef NO_SYSLOG
  76.             syslog( SYSLOGPRI, "User not found in %s: %s",
  77.                 APOP_PASSWORD_FILE, user);
  78. #endif
  79.             return -1;
  80.         }
  81.  
  82.         fgets(buff, sizeof(buff), fp);
  83.         if (strncmp(buff, user, userlen) != 0)
  84.             continue;
  85.         if (buff[userlen] != ':')
  86.             continue;
  87.  
  88.         q = timestamp + strlen(timestamp);
  89.         for (p = buff + userlen + 1; *p && *p != '\n'; p++, q++)
  90.             *q = *p;
  91.         passlen = q - timestamp;
  92.         break;
  93.     }
  94.     fclose(fp);
  95.  
  96.     do_md5_string(timestamp, passlen, buff);
  97.     if (strcmp(pass, buff) != 0) return -1;
  98.  
  99.     if (setuid(pwd->pw_uid) < 0)
  100.     {
  101. #ifndef NO_SYSLOG
  102.         syslog( SYSLOGPRI, "[APOP]: Could not setuid()");
  103. #endif
  104.         return -1;
  105.     }
  106.  
  107.     return 0;
  108. }
  109.  
  110. /**************************************************************************/
  111.  
  112.  
Tags: malware Linux source code trojan
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!