From: Jean-Marc Pigeon (Delson) Date: Sun, 6 Jul 2025 22:42:32 +0000 (-0400) Subject: digest-md5 Realm is now dynamic (server local name) X-Git-Tag: tag-0.12~12 X-Git-Url: https://jmp-git.ovh.safe.ca/?a=commitdiff_plain;h=549cc3daa94c3007709c6586c132bb3595f3663b;p=jmp%2Fmailleur digest-md5 Realm is now dynamic (server local name) --- diff --git a/lib/lvleml.c b/lib/lvleml.c index 0a2dbac..c810cd2 100644 --- a/lib/lvleml.c +++ b/lib/lvleml.c @@ -493,7 +493,7 @@ while (proceed==true) { //(void) rou_alert(0,"%s JMPDBG phase='%d'",OPEP,phase); switch (phase) { case 0 : //Building the challenge sequence - if ((challenge=dig_getchallenge())==(char *)0) { + if ((challenge=dig_getchallenge(contact->locname))==(char *)0) { (void) rou_alert(0,"%s Unable to get challeng sequence (Bug!)",OPEP); phase=999; } diff --git a/lib/unidig.c b/lib/unidig.c index 2a0c207..0fd8dbc 100644 --- a/lib/unidig.c +++ b/lib/unidig.c @@ -169,7 +169,6 @@ PUBLIC RSPTYP *dig_parseresp(char *response) RSPTYP *resp; resp=(RSPTYP *)0; -(void) rou_alert(0,"JMPDBG in dig_parseresp <%s>",response); if ((response!=(char *)0)&&(strlen(response)>0)) { char *cpy; char *next; @@ -231,14 +230,12 @@ while (proceed==true) { case 2 : //doing hashing (void) EVP_DigestInit_ex(mdctx,EVP_md5(),(ENGINE *)0); (void) EVP_DigestUpdate(mdctx,seq,length); - (void) rou_alert(0,"%s digestup de of <%s> '%d' long",OPEP,seq,length); break; case 3 : { //assign memory unsigned int s; md5=calloc(1,sizeof(MD5TYP)); (void) EVP_DigestFinal_ex(mdctx,(unsigned char *)md5,&s); - (void) rou_alert(0,"%s got digest of '%d' char",OPEP,s); EVP_MD_CTX_free(mdctx); } break; @@ -318,7 +315,7 @@ return hashmd5; /* challenge as an B64 string. */ /* */ /********************************************************/ -PUBLIC char *dig_getchallenge() +PUBLIC char *dig_getchallenge(char *realm) { #define OPEP "unidig.c:dig_getchallenge," @@ -342,7 +339,7 @@ for (int num=0;comp[num]!=(char *)0;num++) { (void) memset(loc,'\000',sizeof(loc)); switch (num) { case 0 : //realm - (void) snprintf(loc,sizeof(loc),comp[num],REALM); + (void) snprintf(loc,sizeof(loc),comp[num],realm); break; case 1 : { //nonce char *nonce; @@ -412,19 +409,20 @@ while (proceed==true) { switch (phase) { case 0 : { //computing hash HA1 MD5TYP *A1; - char second[300]; + char *ptr; + int max; (void) snprintf(seq,sizeof(seq),"%s:%s:%s",resp->username,resp->realm,secret); - (void) rou_alert(0,"JMDPBG seq1=<%s>",seq); A1=dig_hashmd5((unsigned char *)seq,strlen(seq)); - //algorithm value is "MD5-sess" + //starting algorithm value is "MD5-sess" (void) memset(seq,'\000',sizeof(seq)); (void) memmove(seq,(char *)A1,sizeof(MD5TYP)); - (void) snprintf(second,sizeof(seq),":%s:%s",resp->nonce,resp->cnonce); - (void) strcat(seq+sizeof(MD5TYP),second); - (void) rou_alert(0,"JMDPBG seq2=<%s>",seq); (void) free(A1); - A1=dig_hashmd5((unsigned char *)seq,sizeof(MD5TYP)+strlen(second)); + ptr=seq+sizeof(MD5TYP); + max=sizeof(seq)-sizeof(MD5TYP); + (void) snprintf(ptr,max,":%s:%s",resp->nonce,resp->cnonce); + A1=dig_hashmd5((unsigned char *)seq,sizeof(MD5TYP)+strlen(ptr)); + //ending algorithm value is "MD5-sess" HA1=cnv_tohexa((char *)A1,sizeof(MD5TYP)); (void) free(A1); } diff --git a/lib/unidig.h b/lib/unidig.h index 8f97661..1cb2eb1 100644 --- a/lib/unidig.h +++ b/lib/unidig.h @@ -8,8 +8,6 @@ #ifndef UNIDIG #define UNIDIG -#define REALM APPNAME".email" - typedef struct { //DIGEST-MD5 challange response structure char *username; //username requesting authentication char *realm; //Challenge realm @@ -41,7 +39,7 @@ extern char *dig_cryptmd5(const void *key,unsigned char *seq); //Procedure to generate a DISGEST-MD5 challaneg as a //b64 string. -extern char *dig_getchallenge(); +extern char *dig_getchallenge(char *realm); //Procedure to compute local response to challenge and //check if the remote session is the same