From: Jean-Marc Pigeon (Delson) Date: Tue, 1 Jul 2025 14:50:19 +0000 (-0400) Subject: Authentication is working X-Git-Tag: tag-0.12~59 X-Git-Url: https://jmp-git.ovh.safe.ca/?a=commitdiff_plain;h=39f3fb150df16ebb7159aae4c731e8dc3f8cf719;p=jmp%2Fmailleur Authentication is working --- diff --git a/app/Makefile b/app/Makefile index adb60be..a6724cb 100644 --- a/app/Makefile +++ b/app/Makefile @@ -48,6 +48,7 @@ LIBMAIL = ../lib/libmail.a LIBS = $(LIBMAIL) \ -luuid \ -lcrypto \ + -lcrypt \ -lssl \ #-------------------------------------------------------------------- diff --git a/data-feed/feedxx.tst b/data-feed/feedxx.tst index 309efa7..dd1fe11 100644 --- a/data-feed/feedxx.tst +++ b/data-feed/feedxx.tst @@ -14,9 +14,9 @@ R:220 mailleur.example.com, ESMTP (cleartext) mailleur... S:AUTH PLAIN R:334 5.7.1 Please provide auth sequence S:YXV0aGlkXDB3ZWJtYXN0ZXJAZXhhbXBsZS5jb21cMG1haWxsZXVy -R:235 5.7.4 Authentication successful +R:235 5.7.5 Authentication successful S:AUTH PLAIN YXV0aGlkXDB3ZWJtYXN0ZXJAZXhhbXBsZS5jb21cMG1haWxsZXVy -R:235 5.7.4 Authentication successful +R:235 5.7.5 Authentication successful S:AUTH LOGIN #requesting Username: R:334 VXNlcm5hbWU6 @@ -25,7 +25,7 @@ S:d2VibWFzdGVyQGV4YW1wbGUuY29t #requesting Password: R:334 UGFzc3dvcmQ6 #sending 'mailleur' as B64 -S:bWFpbGxldXIK -R:235 5.7.4 Authentication successful +S:bWFpbGxldXI= +R:235 5.7.5 Authentication successful S:QUIT R:221 2.0.0 Bye, closing connection... diff --git a/lib/lvleml.c b/lib/lvleml.c index 8c25d3b..e6d8b7a 100644 --- a/lib/lvleml.c +++ b/lib/lvleml.c @@ -38,7 +38,6 @@ static void freesessid(CONTYP *contact) { -(void) rou_alert(0,"JMPDBG freesessid contact->session='%p'",contact->session); if (contact->session!=(SESTYP *)0) { if (contact->mailfrom!=(char *)0) { contact->session->sfrom=strdup(contact->mailfrom); @@ -59,7 +58,6 @@ if (contact->session!=(SESTYP *)0) { static void getsessid(CONTYP *contact) { -(void) rou_alert(0,"JMPDBG getsessid!"); if (contact!=(CONTYP *)0) { char *newsid; @@ -305,6 +303,133 @@ return status; */ /********************************************************/ /* */ +/* Procedure to manage authentication in "plain" */ +/* mode, return "decoded", NULL if not extracted */ +/* */ +/********************************************************/ +static char *get_auth_plain(CONTYP *contact,int delay,char *received) + +{ +char *decoded; +char local[200]; + +decoded=(char *)0; +(void) memset(local,'\000',sizeof(local)); +(void) strncpy(local,received,sizeof(local)-1); +if (strlen(local)==0) { + char *line; + int got; + + line=(char *)0; + (void) transmit(contact,true,"%d 5.7.1 Please provide auth sequence",SENDB64); + got=tcp_getline(contact->socptr,delay,&line); + if (got>0) { + (void) strncpy(local,line,sizeof(local)-1); + line=rou_freestr(line); + } + } +if (strlen(local)>0) + decoded=cnv_getb64(local); +return decoded; +} +/* +^L +*/ +/********************************************************/ +/* */ +/* Procedure to manage authentication in "login" */ +/* mode, return "decoded", NULL if not extracted */ +/* */ +/********************************************************/ +static char *get_auth_login(CONTYP *contact,int delay) + +{ +static char *logdat[]={"VXNlcm5hbWU6", //Username: in B64 + "UGFzc3dvcmQ6", //Password: in B64 + (char *)0}; +char *decoded; +char local[200]; + +decoded=(char *)0; +(void) memset(local,'\000',sizeof(local)); +for (int i=0;i<2;i++) { + char *line; + char *ptr; + int got; + + (void) strcat(local,IOBNULL); + (void) transmit(contact,true,"%d %s",SENDB64,logdat[i]); + got=tcp_getline(contact->socptr,delay,&line); + if (got<=0) { + (void) strcpy(local,""); + (void) transmit(contact,true,"%d 5.7.2 auth sequence missing",UKNUSER); + break; //exiting from loop + } + if ((ptr=cnv_getb64(line))!=(char *)0) { + (void) rou_alert(0,"JMPDBG line[%d]=<%s> ptr=<%s>",i,line,ptr); + (void) strncat(local,ptr,(sizeof(local)-1)-strlen(ptr)); + ptr=rou_freestr(ptr); + } + (void) rou_alert(0,"JMPDBG local[%d]=<%s>",i,local); + line=rou_freestr(line); + } +if (strlen(local)>0) + decoded=strdup(local); +return decoded; +} +/* +^L +*/ +/********************************************************/ +/* */ +/* Procedure to check if the password submitted */ +/* Match with the user provided. */ +/* */ +/********************************************************/ +static _Bool checklogin(SQLPTR *sqlptr,char *sequence) + +{ +_Bool isok; +char *data[3]; + +isok=false; +(void) memset(data,'\000',sizeof(data)); +for (int i=0;i<3;i++) { + char *ptr; + + if ((ptr=strstr(sequence,IOBNULL))!=(char *)0) + *ptr='\000'; + data[i]=strdup(sequence); + if (ptr==(char *)0) + break; //no more data available + ptr+=strlen(IOBNULL); + (void) memmove(sequence,ptr,strlen(ptr)+1); + } +if ((data[1]!=(char *)0)&&(data[2]!=(char *)0)) { + if ((strlen(data[1])>0)&&(strlen(data[2])>0)) { + USRTYP *usr; + + usr=(USRTYP *)0; + (void) rou_alert(0,"JMPDBG name=<%s> pass=<%s>",data[1],data[2]); + if (sql_mngusr(sqlptr,sql_select,data[1],&usr)==true) { + char *crypted; + + crypted=crypt(data[2],usr->passwd); + if ((crypted!=(char *)0)&&(strcmp(crypted,usr->passwd)==0)) + isok=true; //Passord match + usr=sql_freeusr(usr); + } + } + } +for (int i=0;i<3;i++) + data[i]=rou_freestr(data[i]); +return isok; +} +/* +^L +*/ +/********************************************************/ +/* */ /* Procedure to extract authentication info. */ /* return a login sequence as */ /* 'username password' if successful */ @@ -317,9 +442,6 @@ static void getauth(CONTYP *contact,int delay,char *buffer) #define OPEP "lvleml.c:getauth," static char *vocloc[]={"plain","login",(char *)0}; -static char *logdat[]={"VXNlcm5hbWU6", //Username: in B64 - "UGFzc3dvcmQ6", //Password: in B64 - (char *)0}; int code; char *decoded; @@ -365,65 +487,30 @@ while (proceed==true) { case 3 : //getting "username password" accorind login type switch (code) { case 0 : //AUTH PLAIN - if (strlen(local)==0) { - char *line; - int got; - - line=(char *)0; - (void) transmit(contact,true,"%d 5.7.1 Please provide auth sequence", - SENDB64); - got=tcp_getline(contact->socptr,delay,&line); - if (got>0) { - (void) strncpy(local,line,sizeof(local)-1); - line=rou_freestr(line); - } - } - if (strlen(local)>0) - decoded=cnv_getb64(local); + if ((decoded=get_auth_plain(contact,delay,local))==(char *)0) + phase=999; break; case 1 : //AUTH LOGIN - (void) strcpy(local,""); - for (int i=0;i<2;i++) { - char *line; - char *ptr; - int got; - - (void) strcat(local,IOBNULL); - (void) transmit(contact,true,"%d %s",SENDB64,logdat[i]); - got=tcp_getline(contact->socptr,delay,&line); - if (got<=0) { - (void) strcpy(local,""); - (void) transmit(contact,true,"%d 5.7.3 auth sequence missing", - UKNUSER); - phase=999; //trouble trouble - break; //eiting from loop then current phase - } - if ((ptr=cnv_getb64(line))!=(char *)0) { - (void) strncat(local,ptr,(sizeof(local)-1)-strlen(ptr)); - ptr=rou_freestr(ptr); - } - line=rou_freestr(line); - } - if(strlen(local)>0) - decoded=strdup(local); + if ((decoded=get_auth_login(contact,delay))==(char *)0) + phase=999; break; default : //not yet implemented + (void) transmit(contact,true,"%d 5.7.3 Unknown auth mode",FAILED); (void) rou_alert(0,"%s auth type <%d> not yet implemented",OPEP); + phase=999; break; } break; - case 4 : //do we have a decoded sequence - if (decoded==(char *)0) { - (void) transmit(contact,true,"%d 5.7.2 auth sequence missing",UKNUSER); - phase=999; //trouble trouble - } - break; - case 5 : //check password + case 4 : //we have a decoded sequence, check password (void) rou_alert(0,"JMPDBG decoded=<%s>",decoded); - break; - case 6 : //everything is fine + if (checklogin(contact->sqlptr,decoded)==false) { + (void) transmit(contact,true,"%d 5.7.4 authentication failed",BADAUTH); + phase=999; + } decoded=rou_freestr(decoded); - (void) transmit(contact,true,"%d 5.7.4 Authentication successful",IDOK); + break; + case 5 : //everything is fine + (void) transmit(contact,true,"%d 5.7.5 Authentication successful",IDOK); break; default : //SAFE Guard proceed=false; @@ -1908,7 +1995,7 @@ _Bool proceed; phase=0; proceed=true; while (proceed==true) { - (void) rou_alert(0,"JMPDBG %s phase='%d'",OPEP,phase); + //(void) rou_alert(0,"JMPDBG %s phase='%d'",OPEP,phase); switch (phase){ case 0 : //check for binding if (contact==(CONTYP *)0) { diff --git a/lib/unieml.h b/lib/unieml.h index a40f219..3e89e3a 100644 --- a/lib/unieml.h +++ b/lib/unieml.h @@ -26,6 +26,7 @@ #define BADPAR 501 //error in parameters #define CMDBAD 502 //command not implemented #define BADSEQ 503 //out of sequence command +#define BADAUTH 504 //Posting user Authentication not successful #define DATRJC 521 //Data Rejected #define EXPIRED 536 //Contract date expired #define REJECT 550 //E-mail/domain rejected