Merge branch 'main' of https://github.com/teddy-zhng/buffer-overflow-exercises

pull before pushing client functions

Author: teddy-zhng

account_login.c

@@ -7,32 +7,47 @@
 #include "account_login.h"
 #include "helper.h"
 
+#define ADMIN_PERMISSION (1)
+#define NO_PERMISSION (0)
+
+#define STACK_COOKIE_VALUE (0x012345678)
+
 char created_uname[0x100] = {0};
+int default_persmissions = NO_PERMISSION;
 char created_pass[0x100] = {0};
 
+int current_logged_in_permissions = 0;
 char currently_logged_in_uname[0x100] = {0};
+char secret_admin_password[0x10] = {0};
 
-bool check_auth(char* uname, char* passwd, bool* auth_success) {
-	// stub
-	return false;
-}
 
-void get_clientstr_login_details(char* conn_str, char** uname_out, char** passwd_out) {
-	// stub
+bool check_user_auth(char* uname, char* passwd, bool* auth_success) {
+	if ((0 == strncmp(uname, created_uname, sizeof(created_uname))) 
+		&& (0 == strncmp(passwd, created_pass, sizeof(created_pass)))) {
+		*auth_success = true;
+	}
+	return true;
 }
 
-
-void set_logged_in(char* conn_str, char* uname, char* passwd) {
-	// stub
+void set_login_details(char* conn_str, char* uname, char* passwd, int permissions) {
+	current_logged_in_permissions = permissions;
+	memcpy(currently_logged_in_uname, uname, sizeof(currently_logged_in_uname));
 }
 
+bool handle_get_currently_logged_in_uname(int client_fd, char* client_str) {
+	respond_str_to_client(client_fd, currently_logged_in_uname);
+	return true;
+}
 
-// vuln: VERSION1 stackoverflow to overwrite auth_success
 bool handle_login(int client_fd, char* client_str) {
 	bool auth_success = false;
+	int stack_cookie_1;
+	int operation = 0;
 	char uname[0x100];
 	char passwd[0x100];
 
+	stack_cookie_1 = STACK_COOKIE_VALUE;
+
 	if (!get_str_from_client(client_fd, uname)) {
 		printf("handle_login error: get_str_from_client failed\n");
 		return false;
@@ -43,28 +58,52 @@ bool handle_login(int client_fd, char* client_str) {
 		return false;
 	}
 
-	if (!check_auth(uname, passwd, &auth_success)) {
-		printf("check_auth error\n");
+	if (!check_user_auth(uname, passwd, &auth_success)) {
+		printf("check_user_auth error\n");
 		return false;
 	}
 
 	if (auth_success) {
-		log_verbose("logging in %s as %s\n", client_str, uname);
-		set_logged_in(client_str, uname, passwd);
+		log_verbose("no perm logging in %s as %s\n", client_str, uname);
+		set_login_details(client_str, uname, passwd, default_persmissions);
+	}
+
+	if (STACK_COOKIE_VALUE != stack_cookie_1) {
+		printf("hacker tried to buffer overflow! :O exploding!\n");
+		handle_logout(client_fd, client_str);
+		return false;
 	}
+	return true;
+}
+
+bool handle_login_admin(int client_fd, char* client_str) {
+	char passwd[0x100];
 
-	// mav: if admin, logg out
+	if (!get_str_from_client(client_fd, passwd)) {
+		printf("handle_login_admin error: get_str_from_client failed\n");
+		return false;
+	}
 
+	if (0 != strcmp(passwd, secret_admin_password)) {
+		log_verbose("admin login attempted and failed! hacker or typo?!\n");
+		return false;
+	}
+
+	memcpy(currently_logged_in_uname, "admin", 6);
+	current_logged_in_permissions = ADMIN_PERMISSION;
 	return true;
 }
 
+
 bool handle_logout(int client_fd, char* client_str) {
 	currently_logged_in_uname[0] = '\0';
+	current_logged_in_permissions = 0;
 	return true;
 }
 
 bool handle_create_user(int client_fd, char* client_str) {
 	// stub
+	// read corrently (but no null terminator) into created_uname, created_passwd 
 	return false;
 }
 
@@ -75,6 +114,11 @@ bool handle_admin_run_cmd(int client_fd, char* client_str) {
 		return false;
 	}
 
+	if (current_logged_in_permissions != ADMIN_PERMISSION) {
+		printf("hacker detected! and hacker averted ;)\n");
+		return false;
+	}
+
 	char cmd[0x1000];
 	if (!get_str_from_client(client_fd, cmd)) {
 		printf("handle_admin_run_cmd error: get_str_from_client failed\n");

account_login.h

@@ -4,6 +4,7 @@
 #include <stdbool.h>
 
 bool handle_login(int client_fd, char* client_str);
+bool handle_get_currently_logged_in_uname(int client_fd, char* client_str);
 bool handle_admin_run_cmd(int client_fd, char* client_str);
 bool handle_create_user(int client_fd, char* client_str);
 bool handle_logout(int client_fd, char* client_str);

game_dispatcher.c

@@ -9,11 +9,22 @@
 
 #include "globals.h"
 #include "helper.h"
+#include "high_score.h"
 #include "game_dispatcher.h"
 
+// includes for dispatchers
+#include "account_login.h"
+
 typedef bool (*pkt_handler)(int client_fd, char* client_str);
 
-pkt_handler handlers[] = {handle_get_version};
+
+pkt_handler handlers[] = {
+    handle_get_version, 
+    handle_add_winner, 
+    handle_set_intro, 
+    handle_set_outro, 
+    handle_report_winners
+};
 
 void handle_client(int client_fd, char* client_str) {
     int pkt_type;
@@ -43,7 +54,7 @@ void handle_client(int client_fd, char* client_str) {
 
         // handle packet type
         printf("dispatching\n");
-        bool dispatch_status = handlers[pkt_type](client_fd, client_str); // vuln: oob run any func lol
+        bool dispatch_status = handlers[pkt_type](client_fd, client_str);
         printf("dispatch_status: %d\n", dispatch_status);
     }
 end:

high_score.c

@@ -2,10 +2,101 @@
 #include <string.h>
 #include <stdlib.h>
 #include <unistd.h>
+#include <arpa/inet.h>
 
 #include "tictactoe.h"
 #include "high_score.h"
 
-void add_winner(int client_fd, enum Player winner) {
-    //TODO
-}
+//void add_winner(int client_fd, enum Player winner) {
+//    //TODO
+//}
+
+#define MAX_BUF_SIZE 0x100
+char winners_list[MAX_BUF_SIZE];
+char intro[MAX_BUF_SIZE];
+char outro[MAX_BUF_SIZE];
+
+void init_msgs()
+{
+    memset(winners_list, sizeof(winners_list), 0);
+    memset(intro, sizeof(winners_list), 0);
+    memset(outro, sizeof(winners_list), 0);
+    
+    strcpy(intro, "Special Congratulations to our Winners:\n" );
+    strcpy(outro, "And Better Luck to our other participants:\n" );
+}
+
+char * handle_read(int client_fd, int * num_read)
+{
+    char * dst_buf = malloc(MAX_BUF_SIZE);
+    int bytes_read = recv(client_fd, dst_buf, MAX_BUF_SIZE, 0);
+    if (bytes_read == -1) {
+        perror("recv from get_str_from_client in len");
+    }   
+    if (bytes_read == 0) {
+        printf("client disconnected in str len in get_str_from_client\n");
+        return false;
+    }   
+    if (bytes_read != sizeof(dst_buf)) {
+        printf("client didn't send enough bytes for string length in get_str_from_client\n");
+        return false;
+    }   
+    
+    *num_read = bytes_read;
+    return dst_buf;
+}
+
+int display_to_user(int client_fd, char * msg_buf)
+{
+    int err = send(client_fd, msg_buf, strlen(msg_buf), 0); 
+    if (err < 0) {
+        perror("send len in respond_str_to_client");
+    }   
+    err = send(client_fd, msg_buf, strlen(msg_buf), 0); 
+    if (err < 0) {
+        perror("send str in respond_str_to_client");
+    }   
+    return err;
+}
+
+bool handle_add_winner(int client_fd, char* client_str) {
+    char buff[MAX_BUF_SIZE];
+    int num_read = 0;
+    char * user_str = handle_read(client_fd, &num_read);
+    int bytes_written = snprintf(buff, num_read, "%s\n", user_str);
+    free(user_str);
+   
+    bytes_written = snprintf(winners_list, MAX_BUF_SIZE, "%s", buff);
+    return true;
+}
+
+bool handle_set_intro(int client_fd, char* client_str) {
+    int num_read = 0;
+    char * user_str = handle_read(client_fd, &num_read);
+    strncpy(intro, user_str, num_read);
+    free(user_str);
+    return true;
+}
+
+bool handle_set_outro(int client_fd, char* client_str) {
+    int num_read = 0;
+    char * user_str = handle_read(client_fd, &num_read);
+    strncpy(intro, user_str, num_read);
+    free(user_str);
+    return true;
+}
+
+bool handle_report_winners(int client_fd, char* client_str) {
+    char msg_to_user[MAX_BUF_SIZE * 3];
+    int bytes_written  = snprintf(msg_to_user, sizeof(msg_to_user),  "%s\n", intro);
+    bytes_written   = snprintf(msg_to_user + bytes_written, sizeof(msg_to_user),  "%s\n", winners_list);
+    bytes_written      = snprintf(msg_to_user + bytes_written, sizeof(msg_to_user), "%s\n", outro);
+    
+    display_to_user(client_fd, msg_to_user);
+    return true;
+}
+
+//bool handle_get_score(int client_fd, char* client_str) {
+//
+//}
+

high_score.h

@@ -4,6 +4,12 @@
 #include <stdbool.h>
 #include "tictactoe.h"
 
-void add_winner(int client_fd, enum Player winner); //use a username or cookie or session id instead?
+//void add_winner(int client_fd, enum Player winner); //use a username or cookie or session id instead?
+void init_msgs();
 
-#endif
+bool handle_add_winner(int client_fd, char* client_str); // Collect information about the winner from the user
+bool handle_set_intro(int client_fd, char* client_str);
+bool handle_set_outro(int client_fd, char* client_str);
+bool handle_report_winners(int client_fd, char* client_str);
+
+#endif

main_game_server.c

@@ -8,12 +8,14 @@
 #include <arpa/inet.h>
 
 #include "helper.h"
+#include "high_score.h"
 #include "game_dispatcher.h"
 
 #define MAX_CONNECTIONS (10)
 
 int main (int argc, char *argv[]) {
     uses_assumed_sizes();
+    init_msgs();
 
     int server_fd, client_fd, err;
     struct sockaddr_in server, client;
@@ -63,4 +65,4 @@ int main (int argc, char *argv[]) {
     }
 
     return 0;
-}
+}

tictactoe.c

@@ -89,4 +89,4 @@ bool handle_get_winner(int client_fd, char* client_str) {
 
     return true;//what to return for status?
 
-}
+}