]> SAFE projects GIT repository - jmp/mailleur/commitdiff
Working with dig_getchallenge and "trouble QUIT" received
authorJean-Marc Pigeon (Delson) <jmp@safe.ca>
Sun, 6 Jul 2025 20:06:45 +0000 (16:06 -0400)
committerJean-Marc Pigeon (Delson) <jmp@safe.ca>
Sun, 6 Jul 2025 20:06:45 +0000 (16:06 -0400)
lib/lvleml.c
lib/unidig.c

index b0502cf23b706074b46b8b508f6b1ef43fe08e5c..6b444e181e4c4e7f68ecec4e1ed3b5b455104080 100644 (file)
@@ -398,11 +398,15 @@ while (proceed==true) {
       char *line;
 
       if (tcp_getline(contact->socptr,delay,&line)>0) {
-        char *res;
 
-        res=cnv_getb64(line);
-        (void) snprintf(answer,sizeof(answer),"%s",res);
-        res=rou_freestr(res);
+        //if a clear text QUIT is received because of deep trouble
+        if (strcasecmp(line,"QUIT")!=0) {
+          char *res;
+
+          res=cnv_getb64(line);
+          (void) snprintf(answer,sizeof(answer),"%s",res);
+          res=rou_freestr(res);
+          }
         line=rou_freestr(line);
         }
       if (strlen(answer)==0)
@@ -477,14 +481,14 @@ static char *get_auth_digest_md5(CONTYP *contact,int delay)
 #define OPEP    "lvleml.c:get_auth_digest_md5,"
 
 char *decoded;
-char challenge[300];
+char *challenge;
 char answer[300];
 RSPTYP *resp;
 int phase;
 _Bool proceed;
 
 decoded=(char *)0;
-(void) memset(challenge,'\000',sizeof(challenge));
+challenge=(char *)0;
 (void) memset(answer,'\000',sizeof(answer));
 resp=(RSPTYP *)0;
 phase=0;
@@ -492,21 +496,11 @@ proceed=true;
 while (proceed==true) {
   (void) rou_alert(0,"%s JMPDBG phase='%d'",OPEP,phase);
   switch (phase) {
-    case 0      :  {    //Building the challenge sequence
-      char *nchal;
-      
-      #define   FMT     "realm=\"%s\",nonce=\"%s\",qop=\"auth\",algorithm=md5-sess,charset=utf-8"
-      char *nonce;
-
-      //nonce=cnv_getrndstr(20);
-      nonce=strdup("abcdef");
-      (void) snprintf(challenge,sizeof(challenge),FMT,contact->locname,nonce);
-      nonce=rou_freestr(nonce);
-      nchal=dig_getchallenge();
-      (void) rou_alert(0,"good chal=<%s>",challenge);
-      (void) rou_alert(0,"bad chal=<%s>",nchal);
-      (void) strcpy(challenge,nchal);
-      }
+    case 0      :       //Building the challenge sequence
+      if ((challenge=dig_getchallenge())==(char *)0) {
+        (void) rou_alert(0,"%s Unable to get challeng sequence (Bug!)",OPEP);
+        phase=999;
+        }
       break;
     case 1      :  {    //sending challenge to remote
       char *b64;
@@ -514,17 +508,24 @@ while (proceed==true) {
       b64=cnv_setb64(challenge);
       (void) transmit(contact,true,"%d %s",SENDB64,b64);
       b64=rou_freestr(b64);
+      challenge=rou_freestr(challenge); 
       }
       break;
     case 2      :  {    //getting the challenge answer
       char *line;
 
       if (tcp_getline(contact->socptr,delay,&line)>0) {
-        char *res;
-
-        res=cnv_getb64(line);
-        (void) snprintf(answer,sizeof(answer),"%s",res);
-        (void) rou_alert(0,"JMPDBG Got <%s>",answer);
+        (void) rou_alert(0,"%s challenge answer=<%s>",OPEP,line);
+        //if a clear text QUIT is received because of deep trouble
+        if (strcasecmp(line,"QUIT")!=0) {
+          char *res;
+
+          res=cnv_getb64(line);
+          (void) snprintf(answer,sizeof(answer),"%s",res);
+          res=rou_freestr(res);
+          (void) rou_alert(0,"JMPDBG Got <%s>",answer);
+          }
+        line=rou_freestr(line); 
         }
       if (strlen(answer)==0)
         phase=999;      //no need to go further
@@ -550,124 +551,6 @@ return decoded;
 
 #undef  OPEP
 }
-#ifdef BADDIGEST
-/*
-^L
-*/
-/********************************************************/
-/*                                                      */
-/*     Procedure to manage authentication in           */
-/*      digest-md5 mode.                                */
-/*      Return a builded "decoded" string from          */
-/*      the exchange with the remote sereur             */
-/*                                                      */
-/********************************************************/
-static char *get_auth_md5(CONTYP *contact,int delay)
-
-{
-#define OPEP    "lvleml.c:get_auth_md5,"
-
-char *decoded;
-TIMESPEC cur;
-char *seq;
-char *code;
-USRTYP *usr;
-char *line;
-char *name;       //extracted name
-int got;
-int phase;
-_Bool proceed;
-
-decoded=(char *)0;
-(void) clock_gettime(CLOCK_REALTIME,&cur);
-cur.tv_nsec/=10000;     //100 millisec
-//(void) rou_asprintf(&seq,"<%05d-%s@%s>",
-//                         cur.tv_nsec,contact->session->sessid,contact->locname);
-//seq=strdup("<01234567890ABCDEFGHIJKLMNOPQRST@mailpostg.example.com>");
-//seq=strdup("username = <jmp@safe.ca>");
-//seq=strdup("realm=\"elwood.innosoft.com\",nonce=\"OA6MG9tEQGm2hh\",qop=\"auth\",algorithm=md5-sess,charset=utf-8");
-seq=strdup("realm=\"example.com\",nonce=\"0123456789\",algorithm=xmd5");
-(void) rou_alert(0,"%s JMPDBG SEQ=<%s>",OPEP,seq);
-code=(char *)0;
-usr=(USRTYP *)0;
-name=(char *)0;
-line=(char *)0;
-got=0;
-phase=0;
-proceed=true;
-while (proceed==true) {
-  (void) rou_alert(0,"%s JMPDBG phase='%d'",OPEP,phase);
-  switch (phase) {
-    case 0      :  {    //preparing a string an sending it
-      char *b64;
-
-      b64=cnv_setb64(seq);
-      (void) transmit(contact,true,"%d %s",SENDB64,b64);
-      got=tcp_getline(contact->socptr,delay,&line);
-      (void) rou_alert(0,"%s got<%s>",OPEP,line);
-      if (got<0) 
-        phase=999;      //Answer not received in due time
-      b64=rou_freestr(b64);
-      }
-      break;
-    case 1      :  {    //extracting code
-      char *ptr;
-
-      code=cnv_getb64(line);
-      (void) rou_alert(0,"%s JMPDBG md5 code=<%s>",OPEP,code);
-      name=(char *)0;
-      if ((ptr=strchr(code,' '))!=(char *)0) {
-        *ptr='\000';
-        name=strdup(code);
-        ptr++;
-        (void) memmove(code,ptr,strlen(ptr)+1);
-        }
-      if (name!=(char *)0) {
-        (void) sql_mngusr(contact->sqlptr,sql_select,name,&usr);
-        (void) rou_alert(0,"%s JMPDBG md5 name=<%s>",OPEP,name);
-        }
-      if (usr==(USRTYP *)0) {
-        code=rou_freestr(code);
-        (void) rou_asprintf(&decoded,"%s%s%s%s",
-                                      IOBNULL,name,IOBNULL,(char *)0);
-        phase=999;
-        }
-      line=rou_freestr(line);
-      }
-      break;
-    case 2      :  {     //comparing hmac
-      char *local;
-      char *hexa;
-
-      //local=cnv_cryptmd5(usr->passwd,(unsigned char *)seq); 
-      (void) rou_asprintf(&decoded,"%s%s%s%s",IOBNULL,name,IOBNULL,(char *)0);
-      local=dig_cryptmd5("mailleur",(unsigned char *)seq); 
-      hexa=cnv_tohexa(local);
-      (void) rou_alert(0,"%s code=<%s>",OPEP,code);
-      (void) rou_alert(0,"%s hexa=<%s>",OPEP,hexa);
-      if (strcmp(hexa,code)==0) {
-        (void) rou_asprintf(&decoded,"%s%s%s%s",
-                                      IOBNULL,usr->email,IOBNULL,"mailleur");
-        (void) rou_alert(0,"JMPDBG decoded=<%s>",decoded);
-        }
-      hexa=rou_freestr(hexa);
-      local=rou_freestr(local);
-      usr=sql_freeusr(usr);
-      }
-    default     :       //SAFE Guard
-      proceed=false;
-      break;
-    }
-  phase++;
-  }
-name=rou_freestr(name);
-seq=rou_freestr(seq);
-(void) rou_alert(0,"%s JMPDBG decoded=<%s>",OPEP,decoded);
-return decoded;
-
-#undef  OPEP
-}
-#endif
 /*
 ^L
 */
index 4b730bab3e062d8b3268c707cae33853e8c842e4..9fb6957e402d666633296d974a8a734e4f3ecee2 100644 (file)
 */
 /********************************************************/
 /*                                                      */
+/*      Procedure to scan data and take care of the     */
+/*      data format "abc\"def" to become abc\"def       */
+/*                                                      */
+/********************************************************/
+static void scanliteral(char *data)
+
+{
+if (*data=='"') {
+  char *ptr;
+
+  (void) memmove(data,data+1,strlen(data)+1);
+  while ((ptr=strchr(data,'"'))!=(char *)0) {
+    if (strlen(data)>strlen(ptr)) {
+      if (*(ptr-1)=='\\') {
+        data=ptr+1;
+        continue;
+        }
+      }
+    *ptr='\000';
+    }
+  }
+}
+/*
+\f
+*/
+/********************************************************/
+/*                                                      */
 /*      Procedure to scan ONE entry from the challenge  */
 /*      response.                                       */
 /*                                                      */
@@ -50,13 +77,7 @@ if (strlen(entry)>0) {
 
     *ptr='\000';
     ptr++;
-    if (*ptr=='"') {
-      char *end;
-
-      (void) memmove(ptr,ptr+1,strlen(ptr)+1);
-      if ((end=strrchr(ptr,'"'))!=(char *)0)
-        *end='\000';    //removonge '"' at then end
-      }
+    (void) scanliteral(ptr);
     for (num=0;voc[num]!=(char *)0;num++) {
       if (strcasecmp(voc[num],entry)!=0)
         continue;
@@ -323,7 +344,7 @@ for (int num=0;comp[num]!=(char *)0;num++) {
       char *nonce;
       char *b64;
 
-      nonce=cnv_getrndstr(20);
+      nonce=cnv_getrndstr(30);
       b64=cnv_setb64(nonce); 
       (void) snprintf(loc,sizeof(loc),comp[num],b64);
       b64=rou_freestr(b64);