{
_Bool status;
time_t curtime;
+const char *esmtp;
int phase;
_Bool proceed;
status=true;
+esmtp="ESMTP";
curtime=time((time_t *)0);
phase=0;
proceed=true;
contact->peername,contact->peerip,contact->mailfrom);
break;
case 1 : //Inserting the Receive information
- (void) fprintf(data,"\tby %s ([%s:%s]/%s-%s) with ESMTP\n",
+ if (contact->authenticated==true)
+ esmtp="ESMTPA";
+ (void) fprintf(data,"\tby %s ([%s:%s]/%s-%s) with %s\n",
contact->locname,
contact->locip,
contact->locserv,
- appname,rou_getversion());
+ appname,rou_getversion(),
+ esmtp);
break;
case 2 : //Inserting TLS information
if (soc_iscrypted(contact->socptr)==true) {
phase=0;
proceed=true;
while (proceed==true) {
- (void) rou_alert(0,"%s JMPDBG phase='%d'",OPEP,phase);
+ //(void) rou_alert(0,"%s JMPDBG phase='%d'",OPEP,phase);
switch (phase) {
case 0 : { //Building the challenge sequence
TIMESPEC cur;
char *local;
char *hexa;
- (void) rou_alert(0,"%s passwd=<%s>",OPEP,passwd);
local=cnv_hashmd5(passwd,(unsigned char *)challenge);
hexa=cnv_tohexa(local);
//(void) rou_alert(0,"%s anwr=<%s>",OPEP,answer);
//(void) rou_alert(0,"%s hexa=<%s>",OPEP,hexa);
- if (strcmp(hexa,answer)==0)
- (void) rou_asprintf(&decoded,"%s%s%s%s",
- IOBNULL,name,IOBNULL,passwd);
+ if (strcmp(hexa,answer)!=0)
+ (void) strncpy(passwd,"$1(ukn as cram_d5)",sizeof(passwd)-1);
+ (void) rou_asprintf(&decoded,"%s%s%s%s",IOBNULL,name,IOBNULL,passwd);
hexa=rou_freestr(hexa);
local=rou_freestr(local);
}
}
phase++;
}
-(void) rou_alert(0,"%s JMPDBG decoded=<%s>",OPEP,decoded);
+//(void) rou_alert(0,"%s JMPDBG decoded=<%s>",OPEP,decoded);
return decoded;
#undef OPEP
static _Bool checklogin(SQLPTR *sqlptr,char *sequence)
{
+#define OPEP "lvleml.c:checklogin,"
+
_Bool isok;
char *data[3];
+int phase;
+_Bool proceed;
isok=false;
(void) memset(data,'\000',sizeof(data));
-(void) split_auth_plain(sequence,data);
-if ((data[1]!=(char *)0)&&(data[2]!=(char *)0)) {
- USRTYP *usr;
+phase=0;
+proceed=true;
+while (proceed==true) {
+ switch (phase) {
+ case 0 : //make sure we have data
+ (void) split_auth_plain(sequence,data);
+ if ((data[1]==(char *)0)||(data[2]==(char *)0)) {
+ (void) rou_alert(0,"%s missing data from <%s> (Bug?)",OPEP,sequence);
+ phase=999; //No need to go further
+ }
+ break;
+ case 1 : //do we have valide data?
+ if ((strlen(data[1])==0)||(strlen(data[2])==0)) {
+ (void) rou_alert(0,"%s data[1]=<%s> or data[2]=<%s> missing (Bug?)",
+ OPEP,data[1],data[2]);
+ phase=999; //No need to go further
+ }
+ break;
+ case 2 : { //checking user password
+ USRTYP *usr;
- usr=(USRTYP *)0;
- if (sql_mngusr(sqlptr,sql_select,data[1],&usr)==true) {
- char *crypted;
+ usr=(USRTYP *)0;
+ if (sql_mngusr(sqlptr,sql_select,data[1],&usr)==true) {
+ char *crypted;
- crypted=usr->passwd;
- if (usr->passwd[0]=='$')
- crypted=crypt(data[2],usr->passwd);
- if ((crypted!=(char *)0)&&(strcmp(crypted,usr->passwd)==0))
- isok=true; //Passord match
- usr=sql_freeusr(usr);
+ crypted=data[2];
+ if (usr->passwd[0]=='$')
+ crypted=crypt(data[2],usr->passwd);
+ if ((crypted!=(char *)0)&&(strcmp(crypted,usr->passwd)==0))
+ isok=true; //Passord match
+ usr=sql_freeusr(usr);
+ }
+ }
+ break;
+ default : //SAFE Guard
+ proceed=false;
+ break;
}
+ phase++;
}
for (int i=0;i<3;i++)
data[i]=rou_freestr(data[i]);
return isok;
+
+#undef OPEP
}
/*
^L
break;
case 5 : //we have a decoded sequence, check password
isok=checklogin(contact->sqlptr,decoded);
- (void) rou_alert(0,"%s checklogin='%d'",OPEP,isok);
+ contact->authenticated=true;
break;
case 6 : //we have login status
if (strlen(decoded)>0) { //always
(void) checkfrom(contact,line);
break;
case c_auth : //Auth request
- (void) getauth(contact,delay,line);
- status=1; //JMPDBGevery thing fine
- proceed=false;
+ if (getauth(contact,delay,line)==false)
+ proceed=false; //Authentication failed
break;
case c_rcpt : //Doing rpt scanning
if (checkto(contact,line)==false) {
vps2: / jmp / mailleur / commitdiff