From: Jean-Marc Pigeon (Delson) Date: Sun, 6 Jul 2025 20:06:45 +0000 (-0400) Subject: Working with dig_getchallenge and "trouble QUIT" received X-Git-Tag: tag-0.12~16 X-Git-Url: https://jmp-git.ovh.safe.ca/?a=commitdiff_plain;h=965085de888fee2b40aa746edce1a9cc97b0bdce;p=jmp%2Fmailleur Working with dig_getchallenge and "trouble QUIT" received --- diff --git a/lib/lvleml.c b/lib/lvleml.c index b0502cf..6b444e1 100644 --- a/lib/lvleml.c +++ b/lib/lvleml.c @@ -398,11 +398,15 @@ while (proceed==true) { char *line; if (tcp_getline(contact->socptr,delay,&line)>0) { - char *res; - res=cnv_getb64(line); - (void) snprintf(answer,sizeof(answer),"%s",res); - res=rou_freestr(res); + //if a clear text QUIT is received because of deep trouble + if (strcasecmp(line,"QUIT")!=0) { + char *res; + + res=cnv_getb64(line); + (void) snprintf(answer,sizeof(answer),"%s",res); + res=rou_freestr(res); + } line=rou_freestr(line); } if (strlen(answer)==0) @@ -477,14 +481,14 @@ static char *get_auth_digest_md5(CONTYP *contact,int delay) #define OPEP "lvleml.c:get_auth_digest_md5," char *decoded; -char challenge[300]; +char *challenge; char answer[300]; RSPTYP *resp; int phase; _Bool proceed; decoded=(char *)0; -(void) memset(challenge,'\000',sizeof(challenge)); +challenge=(char *)0; (void) memset(answer,'\000',sizeof(answer)); resp=(RSPTYP *)0; phase=0; @@ -492,21 +496,11 @@ proceed=true; while (proceed==true) { (void) rou_alert(0,"%s JMPDBG phase='%d'",OPEP,phase); switch (phase) { - case 0 : { //Building the challenge sequence - char *nchal; - - #define FMT "realm=\"%s\",nonce=\"%s\",qop=\"auth\",algorithm=md5-sess,charset=utf-8" - char *nonce; - - //nonce=cnv_getrndstr(20); - nonce=strdup("abcdef"); - (void) snprintf(challenge,sizeof(challenge),FMT,contact->locname,nonce); - nonce=rou_freestr(nonce); - nchal=dig_getchallenge(); - (void) rou_alert(0,"good chal=<%s>",challenge); - (void) rou_alert(0,"bad chal=<%s>",nchal); - (void) strcpy(challenge,nchal); - } + case 0 : //Building the challenge sequence + if ((challenge=dig_getchallenge())==(char *)0) { + (void) rou_alert(0,"%s Unable to get challeng sequence (Bug!)",OPEP); + phase=999; + } break; case 1 : { //sending challenge to remote char *b64; @@ -514,17 +508,24 @@ while (proceed==true) { b64=cnv_setb64(challenge); (void) transmit(contact,true,"%d %s",SENDB64,b64); b64=rou_freestr(b64); + challenge=rou_freestr(challenge); } break; case 2 : { //getting the challenge answer char *line; if (tcp_getline(contact->socptr,delay,&line)>0) { - char *res; - - res=cnv_getb64(line); - (void) snprintf(answer,sizeof(answer),"%s",res); - (void) rou_alert(0,"JMPDBG Got <%s>",answer); + (void) rou_alert(0,"%s challenge answer=<%s>",OPEP,line); + //if a clear text QUIT is received because of deep trouble + if (strcasecmp(line,"QUIT")!=0) { + char *res; + + res=cnv_getb64(line); + (void) snprintf(answer,sizeof(answer),"%s",res); + res=rou_freestr(res); + (void) rou_alert(0,"JMPDBG Got <%s>",answer); + } + line=rou_freestr(line); } if (strlen(answer)==0) phase=999; //no need to go further @@ -550,124 +551,6 @@ return decoded; #undef OPEP } -#ifdef BADDIGEST -/* -^L -*/ -/********************************************************/ -/* */ -/* Procedure to manage authentication in */ -/* digest-md5 mode. */ -/* Return a builded "decoded" string from */ -/* the exchange with the remote sereur */ -/* */ -/********************************************************/ -static char *get_auth_md5(CONTYP *contact,int delay) - -{ -#define OPEP "lvleml.c:get_auth_md5," - -char *decoded; -TIMESPEC cur; -char *seq; -char *code; -USRTYP *usr; -char *line; -char *name; //extracted name -int got; -int phase; -_Bool proceed; - -decoded=(char *)0; -(void) clock_gettime(CLOCK_REALTIME,&cur); -cur.tv_nsec/=10000; //100 millisec -//(void) rou_asprintf(&seq,"<%05d-%s@%s>", -// cur.tv_nsec,contact->session->sessid,contact->locname); -//seq=strdup("<01234567890ABCDEFGHIJKLMNOPQRST@mailpostg.example.com>"); -//seq=strdup("username = "); -//seq=strdup("realm=\"elwood.innosoft.com\",nonce=\"OA6MG9tEQGm2hh\",qop=\"auth\",algorithm=md5-sess,charset=utf-8"); -seq=strdup("realm=\"example.com\",nonce=\"0123456789\",algorithm=xmd5"); -(void) rou_alert(0,"%s JMPDBG SEQ=<%s>",OPEP,seq); -code=(char *)0; -usr=(USRTYP *)0; -name=(char *)0; -line=(char *)0; -got=0; -phase=0; -proceed=true; -while (proceed==true) { - (void) rou_alert(0,"%s JMPDBG phase='%d'",OPEP,phase); - switch (phase) { - case 0 : { //preparing a string an sending it - char *b64; - - b64=cnv_setb64(seq); - (void) transmit(contact,true,"%d %s",SENDB64,b64); - got=tcp_getline(contact->socptr,delay,&line); - (void) rou_alert(0,"%s got<%s>",OPEP,line); - if (got<0) - phase=999; //Answer not received in due time - b64=rou_freestr(b64); - } - break; - case 1 : { //extracting code - char *ptr; - - code=cnv_getb64(line); - (void) rou_alert(0,"%s JMPDBG md5 code=<%s>",OPEP,code); - name=(char *)0; - if ((ptr=strchr(code,' '))!=(char *)0) { - *ptr='\000'; - name=strdup(code); - ptr++; - (void) memmove(code,ptr,strlen(ptr)+1); - } - if (name!=(char *)0) { - (void) sql_mngusr(contact->sqlptr,sql_select,name,&usr); - (void) rou_alert(0,"%s JMPDBG md5 name=<%s>",OPEP,name); - } - if (usr==(USRTYP *)0) { - code=rou_freestr(code); - (void) rou_asprintf(&decoded,"%s%s%s%s", - IOBNULL,name,IOBNULL,(char *)0); - phase=999; - } - line=rou_freestr(line); - } - break; - case 2 : { //comparing hmac - char *local; - char *hexa; - - //local=cnv_cryptmd5(usr->passwd,(unsigned char *)seq); - (void) rou_asprintf(&decoded,"%s%s%s%s",IOBNULL,name,IOBNULL,(char *)0); - local=dig_cryptmd5("mailleur",(unsigned char *)seq); - hexa=cnv_tohexa(local); - (void) rou_alert(0,"%s code=<%s>",OPEP,code); - (void) rou_alert(0,"%s hexa=<%s>",OPEP,hexa); - if (strcmp(hexa,code)==0) { - (void) rou_asprintf(&decoded,"%s%s%s%s", - IOBNULL,usr->email,IOBNULL,"mailleur"); - (void) rou_alert(0,"JMPDBG decoded=<%s>",decoded); - } - hexa=rou_freestr(hexa); - local=rou_freestr(local); - usr=sql_freeusr(usr); - } - default : //SAFE Guard - proceed=false; - break; - } - phase++; - } -name=rou_freestr(name); -seq=rou_freestr(seq); -(void) rou_alert(0,"%s JMPDBG decoded=<%s>",OPEP,decoded); -return decoded; - -#undef OPEP -} -#endif /* ^L */ diff --git a/lib/unidig.c b/lib/unidig.c index 4b730ba..9fb6957 100644 --- a/lib/unidig.c +++ b/lib/unidig.c @@ -22,6 +22,33 @@ */ /********************************************************/ /* */ +/* Procedure to scan data and take care of the */ +/* data format "abc\"def" to become abc\"def */ +/* */ +/********************************************************/ +static void scanliteral(char *data) + +{ +if (*data=='"') { + char *ptr; + + (void) memmove(data,data+1,strlen(data)+1); + while ((ptr=strchr(data,'"'))!=(char *)0) { + if (strlen(data)>strlen(ptr)) { + if (*(ptr-1)=='\\') { + data=ptr+1; + continue; + } + } + *ptr='\000'; + } + } +} +/* + +*/ +/********************************************************/ +/* */ /* Procedure to scan ONE entry from the challenge */ /* response. */ /* */ @@ -50,13 +77,7 @@ if (strlen(entry)>0) { *ptr='\000'; ptr++; - if (*ptr=='"') { - char *end; - - (void) memmove(ptr,ptr+1,strlen(ptr)+1); - if ((end=strrchr(ptr,'"'))!=(char *)0) - *end='\000'; //removonge '"' at then end - } + (void) scanliteral(ptr); for (num=0;voc[num]!=(char *)0;num++) { if (strcasecmp(voc[num],entry)!=0) continue; @@ -323,7 +344,7 @@ for (int num=0;comp[num]!=(char *)0;num++) { char *nonce; char *b64; - nonce=cnv_getrndstr(20); + nonce=cnv_getrndstr(30); b64=cnv_setb64(nonce); (void) snprintf(loc,sizeof(loc),comp[num],b64); b64=rou_freestr(b64);