From: Jean-Marc Pigeon (Delson) Date: Tue, 1 Jul 2025 01:46:41 +0000 (-0400) Subject: AUTH plain/LOGIN sequence seems to be ready to be againt authentication X-Git-Tag: tag-0.12~61 X-Git-Url: https://jmp-git.ovh.safe.ca/?a=commitdiff_plain;h=7d621ae8bbbe8ec4717f45aa351fac636eefaa79;p=jmp%2Fmailleur AUTH plain/LOGIN sequence seems to be ready to be againt authentication --- diff --git a/data-feed/feedxx.tst b/data-feed/feedxx.tst index c3aeb9a..309efa7 100644 --- a/data-feed/feedxx.tst +++ b/data-feed/feedxx.tst @@ -3,12 +3,29 @@ R:220 mailleur.example.com, ESMTP (cleartext) mailleur... #==================================================== #-sending authentication request via BASE64 #https://www.base64encode.org/ +#AUTH LOGIN #-Usernanme 'webmaster@example.com' --> 'd2VibWFzdGVyQGV4YW1wbGUuY29t' #-password 'mailleur' --> 'bWFpbGxldXI=" -S:AUTH LOGIN d2VibWFzdGVyQGV4YW1wbGUuY29t +#AUTH PLAIN +#-full seq "authid\0webmaster@example.com\0mailleur' +# --> YXV0aGlkXDB3ZWJtYXN0ZXJAZXhhbXBsZS5jb21cMG1haWxsZXVy +# authid will be discarded by authentication procedure +#authid can be missing +S:AUTH PLAIN +R:334 5.7.1 Please provide auth sequence +S:YXV0aGlkXDB3ZWJtYXN0ZXJAZXhhbXBsZS5jb21cMG1haWxsZXVy +R:235 5.7.4 Authentication successful +S:AUTH PLAIN YXV0aGlkXDB3ZWJtYXN0ZXJAZXhhbXBsZS5jb21cMG1haWxsZXVy +R:235 5.7.4 Authentication successful +S:AUTH LOGIN +#requesting Username: +R:334 VXNlcm5hbWU6 +#sending 'webmaster@example.com' as B64 +S:d2VibWFzdGVyQGV4YW1wbGUuY29t +#requesting Password: R:334 UGFzc3dvcmQ6 -#-le mot de passe est 'badpass' -S:bWFpbGxldXI= -R:535 1 authentication failed +#sending 'mailleur' as B64 +S:bWFpbGxldXIK +R:235 5.7.4 Authentication successful S:QUIT R:221 2.0.0 Bye, closing connection... diff --git a/lib/lvleml.c b/lib/lvleml.c index 5ad0c17..c8009af 100644 --- a/lib/lvleml.c +++ b/lib/lvleml.c @@ -308,56 +308,117 @@ return status; /* NULL if unable to extract login */ /* */ /********************************************************/ -static void getauth(CONTYP *contact,char *buffer) +static void getauth(CONTYP *contact,int delay,char *buffer) { #define OPEP "lvleml.c:getauth," -static char *vocloc[]={"plain ","login ",(char *)0}; +static char *vocloc[]={"plain","login",(char *)0}; static char *logdat[]={"VXNlcm5hbWU6", //Username: in B64 "UGFzc3dvcmQ6", //Password: in B64 (char *)0}; + int code; +char *decoded; +char local[200]; int phase; _Bool proceed; code=-1; +decoded=(char *)0; +(void) memset(local,'\000',sizeof(memset)); phase=0; proceed=(strlen(buffer)>0); while (proceed==true) { - (void) rou_alert(0,"%s JMPDBG phase='%d' buffer=<%s>",OPEP,phase,buffer); + //(void) rou_alert(0,"%s JMPDBG phase='%d'",OPEP,phase); switch (phase) { - case 0 : //check the authentication type + case 0 : //are we encrypted and on the right port + break; + case 1 : //check buffer + if ((buffer==(char *)0)||(strlen(buffer)==0)) { + (void) transmit(contact,true,"%d 5.7.0 Missing auth type",FAILED); + phase=999; //No need to go further + } + break; + case 2 : //check the authentication type + (void) strncpy(local,buffer,sizeof(local)-1); for (code=0;vocloc[code]!=(char *)0;code++) { - if (strncasecmp(buffer,vocloc[code],strlen(vocloc[code]))==0) { + if (strncasecmp(local,vocloc[code],strlen(vocloc[code]))==0) { register int taille; register char *ptr; taille=strlen(vocloc[code]); - ptr=buffer+taille; - (void) memcpy(buffer,ptr,strlen(ptr)+1); + ptr=local+taille+1; + (void) memcpy(local,ptr,strlen(ptr)+1); break; } } if (vocloc[code]==(char *)0) { - (void) rou_alert(0,"%s auth type <%s> unknown (Bug?)",OPEP,buffer); + (void) rou_alert(0,"%s auth type <%s> unknown (Bug?)",OPEP,local); (void) transmit(contact,true,"%d 5.7.0 bad authentication type",BADPAR); phase=999; //Trouble Trouble } break; - case 1 : //working accoring auth mode - (void) rou_alert(0,"%s clean buffer=<%s>",OPEP,cnv_getb64(buffer)); + case 3 : //getting "username password" accorind login type switch (code) { - case 0 : //plain auth - + case 0 : //AUTH PLAIN + if (strlen(local)==0) { + char *line; + int got; + + line=(char *)0; + (void) transmit(contact,true,"%d 5.7.1 Please provide auth sequence", + SENDB64); + got=tcp_getline(contact->socptr,delay,&line); + if (got>0) { + (void) strncpy(local,line,sizeof(local)-1); + line=rou_freestr(line); + } + } + if (strlen(local)>0) + decoded=cnv_getb64(local); break; - case 1 : //login auth + case 1 : //AUTH LOGIN + (void) strcpy(local,""); + for (int i=0;i<2;i++) { + char *line; + char *ptr; + int got; + + (void) strcat(local,IOBNULL); + (void) transmit(contact,true,"%d %s",SENDB64,logdat[i]); + got=tcp_getline(contact->socptr,delay,&line); + if (got<=0) { + (void) strcpy(local,""); + (void) transmit(contact,true,"%d 5.7.3 auth sequence missing", + UKNUSER); + phase=999; //trouble trouble + break; //eiting from loop then current phase + } + if ((ptr=cnv_getb64(line))!=(char *)0) { + (void) strncat(local,ptr,(sizeof(local)-1)-strlen(ptr)); + ptr=rou_freestr(ptr); + } + line=rou_freestr(line); + } + if(strlen(local)>0) + decoded=strdup(local); break; default : //not yet implemented (void) rou_alert(0,"%s auth type <%d> not yet implemented",OPEP); break; } break; + case 4 : //do we have a decoded sequence + if (decoded==(char *)0) { + (void) transmit(contact,true,"%d 5.7.2 auth sequence missing",UKNUSER); + phase=999; //trouble trouble + } + break; + case 5 : //check password + (void) rou_alert(0,"JMPDBG decoded=<%s>",decoded); + (void) transmit(contact,true,"%d 5.7.4 Authentication successful",IDOK); + break; default : //SAFE Guard proceed=false; break; @@ -1678,7 +1739,7 @@ while (proceed==true) { (void) checkfrom(contact,line); break; case c_auth : //Auth request - (void) getauth(contact,line); + (void) getauth(contact,delay,line); break; case c_rcpt : //Doing rpt scanning if (checkto(contact,line)==false) { diff --git a/lib/subcnv.h b/lib/subcnv.h index 037bb29..c200cac 100644 --- a/lib/subcnv.h +++ b/lib/subcnv.h @@ -9,7 +9,7 @@ #define SUBCNV //base64 char 0 coding -#define IOBNULL "\\000" +#define IOBNULL "\\0" //Procedure to convert a plain ASCII B64 sequence //to a plain ASCII sequence diff --git a/lib/unieml.h b/lib/unieml.h index b738215..a40f219 100644 --- a/lib/unieml.h +++ b/lib/unieml.h @@ -17,7 +17,9 @@ #define CRLF "\r\n" //EOL within SMTP protocol #define SIGNON 220 //signon information #define QUITOK 221 //status on quit +#define IDOK 235 //Authentication ID OK #define CMDOK 250 //Everything OK +#define SENDB64 334 //send a B64 sequence #define DATAOK 354 //Ready to accept EMAIL data #define ERRPROC 451 //local processing error #define NOANSWR 460 //no answer from remote @@ -30,6 +32,7 @@ #define UKNUSER 551 //Unknown user #define MALABRT 552 //email data rejected #define NOTEML 553 //Not an email address +#define FAILED 554 //transaction failed #define NORELAY 555 //remote do not relay email #define MISSMX 563 //NO MX found for recipient