creating user authorization for multiple users with unique passwords

i am trying to create a server with unique user/pw login credentials, however i cant figure out the way to add multiple user /pw t the auth.bat

 

@echo off
rem Example script for performing basic user authorization for virtualhere in windows
rem Also includes a simple password protection mechanism for accessing a device
rem Return 3 if the user needs to provide a username AND password (or the password is incorrect) to use the device
rem Return 2 if the user needs to provide only a password (or the password is incorrect) to use the device
rem Return 1 if the user is allowed to access this device
rem Return 0 if the user is not allowed to access this device
rem Parameters are passed in as:
rem %1 = VENDOR_ID
rem %2 = PRODUCT_ID
rem %3 = CLIENT_ID
rem %4 = CLIENT_IP
rem %5 = PRODUCT_SERIAL
rem %6 = PASSWORD
rem %7 = DEVPATH
rem %8 = NICKNAME
rem %9 = NUM_BINDINGS
rem for help debugging this script, look in the file log.txt to see the arguments passed in
rem and the result of the IF statements below
echo %1 > log.txt
echo %2 >> log.txt
echo %3 >> log.txt
echo %4 >> log.txt
echo %5 >> log.txt
echo %6 >> log.txt
echo %7 >> log.txt
echo %8 >> log.txt
echo %9 >> log.txt
rem "mypassword" = "34819d7beeabb9260a5c854bc85b3e44" as an MD5 hash
rem go here https://passwordsgenerator.net/md5-hash-generator to determine the MD5 hash for the password you want to use

IF %6=="782a385b4c51caf1fa6238ebab78db59" (
  echo "Password ok" >> log.txt
) ELSE (
  echo "Password invalid" >> log.txt
  exit 2
)
ECHO %3 | FIND "(Defamous)" >Nul
if errorlevel 1 (
  echo "NOT authorized" >> log.txt
  EXIT 0
) ELSE (
  echo "Authorized!" >> log.txt
  exit 1
)

any way i try to add another field after the IF function for another hash pw it simply returns an error and the original pw stops working.

appreciate the assistance in advance!

#2

Do you know any languages besides batch files? Eg c# or python or powershell etc?

For complicated user/password setups, it might be easier to write the authorization in some other language and then just call that module directly and return 0, 1, or 2

 

#3

no I am not familiar, however would it be more feasible to create a list of host names (client ID) that are acceptable to limit users and use one password to login all users? for my purposes just being able to track host information that accesses it would be enough to ensure  no malicious use, which i am attempting to  log just each log in 

i am fairly new at this and any help would be much appreciated. 

@echo off
rem Example script for performing basic user authorization for virtualhere in windows
rem Also includes a simple password protection mechanism for accessing a device
rem Return 3 if the user needs to provide a username AND password (or the password is incorrect) to use the device
rem Return 2 if the user needs to provide only a password (or the password is incorrect) to use the device
rem Return 1 if the user is allowed to access this device
rem Return 0 if the user is not allowed to access this device
rem Parameters are passed in as:
rem %1 = VENDOR_ID
rem %2 = PRODUCT_ID
rem %3 = CLIENT_ID
rem %4 = CLIENT_IP
rem %5 = PRODUCT_SERIAL
rem %6 = PASSWORD
rem %7 = DEVPATH
rem %8 = NICKNAME
rem %9 = NUM_BINDINGS
rem for help debugging this script, look in the file log.txt to see the arguments passed in
rem and the result of the IF statements below
echo %1 >> log.txt
echo %2 >> log.txt
echo %3 >> log.txt
echo %4 >> log.txt
echo %5 >> log.txt
echo %6 >> log.txt
echo %7 >> log.txt
echo %8 >> log.txt
echo %9 >> log.txt
rem "mypassword" = "34819d7beeabb9260a5c854bc85b3e44" as an MD5 hash
rem go here https://passwordsgenerator.net/md5-hash-generator to determine the MD5 hash for the password you want to use
IF %6=="782a385b4c51caf1fa6238ebab78db59" (
  echo "Password ok" >> log.txt
) ELSE (
  echo "Password invalid" >> log.txt
  exit 3
)
ECHO %3 | FIND "Stephane Malboeuf" >Nul
if errorlevel 1 (
  echo "NOT authorized" >> log.txt
  echo "%TIME% %DATE%-----------------------------------------------------------------------------------" >> log.txt
  Exit 0
) ELSE (
  echo "Authorized!" >> log.txt
  Echo "%TIME% %DATE% -----------------------------------------------------------------------------------" >> log.txt
  exit 1
)


 

any way i could accomplish a basic list of Clients to have access and log it would be greatly helpful

#4

Change the auth.bat file to look like this:

IF %6=="34819d7beeabb9260a5c854bc85b3e44" (
  echo "Password ok" >> log.txt
) ELSE (
  EXIT 2
)
FINDSTR %3 users.txt >Nul
IF 0==%errorlevel% (
  EXIT 1
) ELSE (
  EXIT 0
)

Then create a file called users.txt like this e.g

" (michael)"
" (stephanie)"
" (barry)"
" (kelly)"

Note that the %3 argument is what needs to go into this users.txt file so it can be matched

#5

much appreciated!

this has definitely moved me forward, now i cant seem to get the log to not be reported to twice with the basic info, why is it doing this?

as well if the user/pw is wrong it seems to loop the login and it attempts to log in until i crash the program.. any idea why this occurs?

 

 

"user" 
"192.168.1.143" 
"MSI EPF USB" 
"USB\ROOT_HUB30\4&B3ACFCA&0&0,USB\VID_1770&PID_FF00\MSI_EPF_USB,10" 
"user" 
"192.168.1.143" 
"MSI EPF USB" 
"USB\ROOT_HUB30\4&B3ACFCA&0&0,USB\VID_1770&PID_FF00\MSI_EPF_USB,10" 
"Password ok" 
"OK after FINDSTR (0)-------------Authorized!  8:44:25.32 2022-12-09------------" 

 

@echo off
echo %3 >> log.txt
echo %4 >> log.txt
echo %5 >> log.txt
echo %7 >> log.txt

IF %6=="782a385b4c51caf1fa6238ebab78db59" (
  echo "Password ok" >> log.txt
) ELSE (
  EXIT 2
)
FINDSTR %3 users.txt >Nul
  echo "OK after FINDSTR (%ERRORLEVEL%)-------------Authorized! %TIME% %DATE%------------" >> log.txt
IF 0==%errorlevel% (
  EXIT 1
) ELSE (
  EXIT 0
)

 

#6

1. Yes this is expected. It will try to use the device first, the server will fail it and say a password is required, then it prompts for the password. This is for backward compatibility and is the way it works. Just dont log if if fails.

2. If the password is wrong it will prompt again for the password. Then you just click cancel on the prompt if you dont know the password.