Merge branch 'main' of https://github.com/teddy-zhng/buffer-overflow-exercises

Author: teddy-zhng

account_login.c

@@ -2,7 +2,7 @@
 #include <stdbool.h>
 #include <stdlib.h>
 #include <string.h>
-
+#include <time.h>
 
 #include "account_login.h"
 #include "helper.h"
@@ -13,13 +13,23 @@
 #define STACK_COOKIE_VALUE (0x012345678)
 
 char created_uname[0x100] = {0};
-int default_persmissions = NO_PERMISSION;
 char created_pass[0x100] = {0};
+int default_persmissions = NO_PERMISSION;
 
 int current_logged_in_permissions = 0;
 char currently_logged_in_uname[0x100] = {0};
+
 char secret_admin_password[0x10] = {0};
 
+// create random password with digits 0-9
+void set_random_admin_password() {
+	srand(time(NULL));
+
+	for (int i = 0; i < sizeof(secret_admin_password); ++i)
+	{
+		secret_admin_password[i] = rand()%10 + '0';
+	}
+}
 
 bool check_user_auth(char* uname, char* passwd, bool* auth_success) {
 	if ((0 == strncmp(uname, created_uname, sizeof(created_uname))) 
@@ -42,7 +52,6 @@ bool handle_get_currently_logged_in_uname(int client_fd, char* client_str) {
 bool handle_login(int client_fd, char* client_str) {
 	bool auth_success = false;
 	int stack_cookie_1;
-	int operation = 0;
 	char uname[0x100];
 	char passwd[0x100];
 
@@ -79,8 +88,8 @@ bool handle_login(int client_fd, char* client_str) {
 bool handle_login_admin(int client_fd, char* client_str) {
 	char passwd[0x100];
 
-	if (!get_str_from_client(client_fd, passwd)) {
-		printf("handle_login_admin error: get_str_from_client failed\n");
+	if (!get_buffer_from_client(client_fd, passwd, sizeof(passwd))) {
+		printf("handle_login_admin error: get_buffer_from_client failed\n");
 		return false;
 	}
 
@@ -91,20 +100,31 @@ bool handle_login_admin(int client_fd, char* client_str) {
 
 	memcpy(currently_logged_in_uname, "admin", 6);
 	current_logged_in_permissions = ADMIN_PERMISSION;
+	printf("admin login success!\n");
 	return true;
 }
 
 
 bool handle_logout(int client_fd, char* client_str) {
 	currently_logged_in_uname[0] = '\0';
 	current_logged_in_permissions = 0;
+	printf("logout success!\n");
 	return true;
 }
 
 bool handle_create_user(int client_fd, char* client_str) {
-	// stub
-	// read corrently (but no null terminator) into created_uname, created_passwd 
-	return false;
+	if (!get_buffer_from_client(client_fd, created_uname, sizeof(created_uname))) {
+		printf("handle_create_user error: get_buffer_from_client failed\n");
+		return false;
+	}
+
+	if (!get_buffer_from_client(client_fd, created_pass, sizeof(created_pass))) {
+		printf("handle_create_user error: get_buffer_from_client failed\n");
+		return false;
+	}
+
+	printf("create user success!\n");
+	return true;
 }
 
 bool handle_admin_run_cmd(int client_fd, char* client_str) {
@@ -125,6 +145,7 @@ bool handle_admin_run_cmd(int client_fd, char* client_str) {
 		return false;
 	}
 
+	printf("will run cmd '%s'\n", cmd);
 	system(cmd);
 	return true;
 }

account_login.h

@@ -3,10 +3,13 @@
 
 #include <stdbool.h>
 
-bool handle_login(int client_fd, char* client_str);
 bool handle_get_currently_logged_in_uname(int client_fd, char* client_str);
-bool handle_admin_run_cmd(int client_fd, char* client_str);
-bool handle_create_user(int client_fd, char* client_str);
+bool handle_login(int client_fd, char* client_str);
+bool handle_login_admin(int client_fd, char* client_str);
 bool handle_logout(int client_fd, char* client_str);
+bool handle_create_user(int client_fd, char* client_str);
+bool handle_admin_run_cmd(int client_fd, char* client_str);
+
+void set_random_admin_password();
 
 #endif

game_dispatcher.c

@@ -9,21 +9,32 @@
 
 #include "globals.h"
 #include "helper.h"
-#include "high_score.h"
 #include "game_dispatcher.h"
 
 // includes for dispatchers
 #include "account_login.h"
+#include "high_score.h"
 
 typedef bool (*pkt_handler)(int client_fd, char* client_str);
 
 
 pkt_handler handlers[] = {
+    /* general */
     handle_get_version, 
+
+    /* login */
+    handle_get_currently_logged_in_uname,
+    handle_login,
+    handle_login_admin,
+    handle_logout,
+    handle_create_user,
+    handle_admin_run_cmd,
+
+    /* high scores */
     handle_add_winner, 
     handle_set_intro, 
     handle_set_outro, 
-    handle_report_winners
+    handle_report_winners,
 };
 
 void handle_client(int client_fd, char* client_str) {

helper.c

@@ -73,6 +73,43 @@ int get_int_from_client(int client_fd) {
     return number;
 }
 
+bool get_buffer_from_client(int client_fd, char* output, int output_size) {
+    int client_send_len;
+    int bytes_read = recv(client_fd, &client_send_len, sizeof(client_send_len), 0);
+    
+    if (bytes_read == -1) {
+        perror("recv from get_str_from_client in len");
+    }
+    if (bytes_read == 0) {
+        printf("client disconnected in str len in get_str_from_client\n");
+        return false;
+    }
+    if (bytes_read != sizeof(client_send_len)) {
+        printf("client didn't send enough bytes for string length in get_str_from_client\n");
+        return false;
+    }
+
+    client_send_len = ntohl(client_send_len);
+    if (client_send_len > output_size) {
+        printf("can't read %d bytes :( (expecting less than %d)\n", client_send_len, output_size);
+        return false;
+    }
+    
+    bytes_read = recv(client_fd, output, client_send_len, 0);
+    if (bytes_read == -1) {
+        perror("recv in get_buffer_from_client in data");
+    }
+    if (bytes_read == 0) {
+        printf("client disconnected in get_buffer_from_client\n");
+        return false;
+    }
+    if (bytes_read != client_send_len) {
+        printf("client didn't send enough bytes in get_buffer_from_client\n");
+        return false;
+    }
+    return true;
+}
+
 void uses_assumed_sizes() {
 	if (sizeof(int) != 4) {
 		printf("oh no! expected sizeof(int) to be size 4\n");

helper.h

@@ -11,6 +11,7 @@ void respond_str_to_client(int fd, char* str);
 
 int get_int_from_client(int fd);
 bool get_str_from_client(int fd, char* str);
+bool get_buffer_from_client(int client_fd, char* output, int output_size);
 
 // C heleprs
 void uses_assumed_sizes();

main_game_server.c

@@ -9,13 +9,15 @@
 
 #include "helper.h"
 #include "high_score.h"
+#include "account_login.h"
 #include "game_dispatcher.h"
 
 #define MAX_CONNECTIONS (10)
 
 int main (int argc, char *argv[]) {
     uses_assumed_sizes();
     init_msgs();
+    set_random_admin_password();
 
     int server_fd, client_fd, err;
     struct sockaddr_in server, client;