char *decoded;
char *challenge;
-char answer[300];
+char *curpass;
RSPTYP *resp;
+char answer[300];
int phase;
_Bool proceed;
decoded=(char *)0;
challenge=(char *)0;
-(void) memset(answer,'\000',sizeof(answer));
+curpass=(char *)0;
resp=(RSPTYP *)0;
+(void) memset(answer,'\000',sizeof(answer));
phase=0;
proceed=true;
while (proceed==true) {
//(void) rou_alert(0,"%s JMPDBG phase='%d'",OPEP,phase);
switch (phase) {
case 0 : //Building the challenge sequence
- if ((challenge=dig_getchallenge(contact->locname))==(char *)0) {
+ if ((challenge=dig_getchallenge())==(char *)0) {
(void) rou_alert(0,"%s Unable to get challenge sequence (Bug!)",OPEP);
phase=999;
}
b64=cnv_setb64(challenge);
(void) transmit(contact,true,"%d %s",SENDB64,b64);
b64=rou_freestr(b64);
- challenge=rou_freestr(challenge);
}
break;
case 2 : { //getting the challenge answer
if ((resp=dig_parseresp(answer))==(RSPTYP *)0)
phase=999; //Unable to parse answer
break;
- case 4 : //getting the user name and password
+ case 4 : { //getting the user name and password
+ USRTYP *usr;
+
+ if (sql_mngusr(contact->sqlptr,sql_select,resp->username,&usr)==true) {
+ if (usr->passwd!=(char *)0)
+ curpass=strdup(usr->passwd);
+ usr=sql_freeusr(usr);
+ }
+ if (curpass==(char *)0)
+ phase=999; //No user found
+ }
break;
case 5 : { //sending the rspauth sequence.
char *HAS;
char *rspauth;
char *b64;
- if ((HAS=dig_hashresp(resp,"","xxx"))==(char *)0) {
+ if ((HAS=dig_hashresp(resp,"",curpass))==(char *)0) {
(void) rou_alert(0,"%s Unable to get the hash rspauth (Bug!)",OPEP);
break;
}
char *line;
int count;
+ line=(char *)0;
count=tcp_getline(contact->socptr,delay,&line);
- if (count>0)
- rou_freestr(line); //EMPTY Line!
+ if (count<0)
+ (void) rou_alert(0,"%s delay expired to get remote empty line (network?)",
+ OPEP);
+ line=rou_freestr(line); //EMPTY Line!
}
break;
case 7 : { //comparing result.
char *HA0;
- if ((HA0=dig_hashresp(resp,"AUTHENTICATE","xxx"))==(char *)0) {
+ if ((HA0=dig_hashresp(resp,"AUTHENTICATE",curpass))==(char *)0) {
(void) rou_alert(0,"%s Unable to get the hash response (Bug!)",OPEP);
break;
}
break;
case 8 : //comparing answer
(void) rou_alert(0,"JMPDBG Bingo!");
- (void) rou_asprintf(&decoded,"%s%s%s%s",IOBNULL,resp->username,IOBNULL,"mailleur2");
+ (void) rou_asprintf(&decoded,"%s%s%s%s",IOBNULL,resp->username,
+ IOBNULL,curpass);
break;
default : //SAFE Guard
proceed=false;
phase++;
}
(void) rou_alert(0,"%s JMPDBG decoded=<%s>",OPEP,decoded);
+resp=dig_freeresp(resp);
+curpass=rou_freestr(curpass);
+challenge=rou_freestr(challenge);
return decoded;
#undef OPEP
#include <time.h>
-#define APPNAME "mailleur" //application name
-
-#define ITSOK 0 //to check errno against no error
+#define APPNAME "mailleur" //application name
+#define REALM APPNAME"-email" //application REALM (DIGEST-MD5)
+#define ITSOK 0 //to check errno against no error
//defining database #define
#define USE_NODB 0 //No DB TYPE defined
extern char *rootdir; //application root directory
extern char *appname; //application "official" name
-extern char execname[]; ///Application exec/binary name
+extern char execname[]; //Application exec/binary name
//--- Routines implemented within subrou.c ---------
/* challenge as an B64 string. */
/* */
/********************************************************/
-PUBLIC char *dig_getchallenge(char *realm)
+PUBLIC char *dig_getchallenge()
{
#define OPEP "unidig.c:dig_getchallenge,"
static char *comp[]={
"realm=\"%s\"", //the LOCAL realm
",nonce=\"%s\"",
- ",maxbuf=%d",
",qop=%s",
",algorithm=%s",
",charset=%s",
};
char *challenge;
+char *realm;
challenge=(char *)calloc(MAXBUF,sizeof(char));
+if ((realm=getenv("REALM"))==(char *)0)
+ realm=REALM;
for (int num=0;comp[num]!=(char *)0;num++) {
char loc[MAXBUF/2];
nonce=rou_freestr(nonce);
}
break;
- case 2 : //maxbuf
- (void) snprintf(loc,sizeof(loc),comp[num],MAXBUF);
- break;
- case 3 : //qop
+ case 2 : //qop
(void) snprintf(loc,sizeof(loc),comp[num],"auth");
break;
- case 4 : //algorithm
+ case 3 : //algorithm
(void) snprintf(loc,sizeof(loc),comp[num],ALGO);
break;
- case 5 : //charset
+ case 4 : //charset
(void) snprintf(loc,sizeof(loc),comp[num],CHARSET);
break;
default : //none expect field BUG!