From: Jean-Marc Pigeon (Delson) Date: Wed, 9 Jul 2025 02:30:18 +0000 (-0400) Subject: Allowing to change realm for authentication failed (not possible at protocol level) X-Git-Tag: tag-0.13~12 X-Git-Url: https://jmp-git.ovh.safe.ca/?a=commitdiff_plain;h=aed35cbde37fe09497bf507c2295d69df6220759;p=jmp%2Fmailleur Allowing to change realm for authentication failed (not possible at protocol level) --- diff --git a/lib/devsql.c b/lib/devsql.c index 80e0bf9..3af2067 100644 --- a/lib/devsql.c +++ b/lib/devsql.c @@ -49,6 +49,7 @@ const FLDTYP usrfield[]={ {4,"mxspace"}, {5,"locked"}, {6,"hash"}, + {7,"realm"}, {0,(char *)0} }; @@ -382,6 +383,9 @@ while (proceed==true) { case 6 : //'email:realm:password' MD5 usr->hash=strdup(locval); break; + case 7 : //'realm + usr->realm=strdup(locval); + break; default : (void) rou_alert(0,"%s field <%d:%s> not implemented (Bug?)", OPEP,usrfield[i].num,usrfield[i].name); diff --git a/lib/lvleml.c b/lib/lvleml.c index 3cf5230..06d4965 100644 --- a/lib/lvleml.c +++ b/lib/lvleml.c @@ -655,6 +655,8 @@ static void get_auth_digest_md5(CONTYP *contact,char **rmtpass) char *challenge; RSPTYP *resp; +char realm[200]; +char usrrealm[200]; char answer[300]; char hash[40]; int phase; @@ -662,6 +664,11 @@ _Bool proceed; *rmtpass=strdup("$1(ukn as digest_md5)"); challenge=(char *)0; +(void) memset(realm,'\000',sizeof(realm)); +(void) memset(usrrealm,'\000',sizeof(usrrealm)); +(void) strncpy(realm,REALM,sizeof(realm)-1); +if ((getenv("REALM"))!=(char *)0) + (void) strncpy(realm,getenv("REALM"),sizeof(realm)-1); resp=(RSPTYP *)0; (void) memset(answer,'\000',sizeof(answer)); (void) memset(hash,'\000',sizeof(hash)); @@ -670,13 +677,15 @@ proceed=true; while (proceed==true) { //(void) rou_alert(0,"%s JMPDBG phase='%d'",OPEP,phase); switch (phase) { - case 0 : //Building the challenge sequence - if ((challenge=dig_getchallenge())==(char *)0) { + case 0 : //assign the reaml challeng + break; + case 1 : //Building the challenge sequence + if ((challenge=dig_getchallenge(realm))==(char *)0) { (void) rou_alert(0,"%s Unable to get challenge sequence (Bug!)",OPEP); phase=999; } break; - case 1 : { //sending challenge to remote + case 2 : { //sending challenge to remote char *b64; b64=cnv_setb64(challenge); @@ -684,7 +693,7 @@ while (proceed==true) { b64=rou_freestr(b64); } break; - case 2 : { //getting the challenge answer + case 3 : { //getting the challenge answer char *line; if (tcp_getline(contact->socptr,contact->delay,&line)>0) { @@ -703,17 +712,17 @@ while (proceed==true) { phase=999; //no need to go further } break; - case 3 : //Parsing the answer + case 4 : //Parsing the answer if ((resp=dig_parseresp(answer))==(RSPTYP *)0) phase=999; //Unable to parse answer break; - case 4 : //checking if we have a user name + case 5 : //checking if we have a user name if (resp->username==(char *)0) { (void) rou_alert(0,"%s No username in challenge answer!",OPEP); phase=999; //Unable to parse answer } break; - case 5 : { //getting the user name and password + case 6 : { //getting the user name and password USRTYP *usr; contact->authname=rou_freestr(contact->authname); @@ -721,6 +730,8 @@ while (proceed==true) { if (sql_mngusr(contact->sqlptr,sql_select,resp->username,&usr)==true) { if (usr->hash!=(char *)0) (void) strncpy(hash,usr->hash,sizeof(hash)-1); + if (usr->realm!=(char *)0) + (void) strncpy(usrrealm,usr->realm,sizeof(usrrealm)-1); usr=sql_freeusr(usr); } if (strlen(hash)==0) { @@ -729,7 +740,7 @@ while (proceed==true) { } } break; - case 6 : { //sending the rspauth sequence. + case 7 : { //sending the rspauth sequence. char *HAS; char *rspauth; char *b64; @@ -745,7 +756,7 @@ while (proceed==true) { HAS=rou_freestr(HAS); } break; - case 7 : { //waiting client to send an empty line + case 8 : { //waiting client to send an empty line char *line; int count; @@ -755,9 +766,13 @@ while (proceed==true) { (void) rou_alert(0,"%s delay expired to get remote empty line (network?)", OPEP); line=rou_freestr(line); //EMPTY Line! + if (strcmp(realm,usrrealm)!=0) { + (void) strncpy(realm,usrrealm,sizeof(realm)-1); + phase=0; + } } break; - case 8 : { //comparing result. + case 9 : { //comparing result. char *HA0; if ((HA0=dig_hashresp(resp,"AUTHENTICATE",hash))==(char *)0) { diff --git a/lib/unidig.c b/lib/unidig.c index fa31f90..aea7e8c 100644 --- a/lib/unidig.c +++ b/lib/unidig.c @@ -353,7 +353,7 @@ return plain; /* challenge as an B64 string. */ /* */ /********************************************************/ -PUBLIC char *dig_getchallenge() +PUBLIC char *dig_getchallenge(char *realm) { #define OPEP "unidig.c:dig_getchallenge," @@ -368,11 +368,8 @@ static char *comp[]={ }; char *challenge; -char *realm; challenge=(char *)calloc(MAXBUF,sizeof(char)); -if ((realm=getenv("REALM"))==(char *)0) - realm=REALM; for (int num=0;comp[num]!=(char *)0;num++) { char loc[MAXBUF/2]; diff --git a/lib/unidig.h b/lib/unidig.h index 8b1856c..1e48b4c 100644 --- a/lib/unidig.h +++ b/lib/unidig.h @@ -42,7 +42,7 @@ extern char *dig_cryptmd5(const void *key,unsigned char *seq); //Procedure to generate a DISGEST-MD5 challaneg as a //b64 string. -extern char *dig_getchallenge(); +extern char *dig_getchallenge(char *realm); //Procedure to compute local response to challenge and //check if the remote session is the same diff --git a/lib/unisql.c b/lib/unisql.c index 909a356..c1b9e30 100644 --- a/lib/unisql.c +++ b/lib/unisql.c @@ -106,6 +106,7 @@ PUBLIC USRTYP *sql_freeusr(USRTYP *usr) { if (usr!=(USRTYP *)0) { + usr->realm=rou_freestr(usr->realm); usr->hash=rou_freestr(usr->hash); usr->passwd=rou_freestr(usr->passwd); usr->email=rou_freestr(usr->email); diff --git a/lib/unisql.h b/lib/unisql.h index e0dcab8..ba59dea 100644 --- a/lib/unisql.h +++ b/lib/unisql.h @@ -21,6 +21,7 @@ typedef enum { typedef struct { char *email; //user emails char *passwd; //user password + char *realm; //user realm u_int lock; //account is lock u_long space; //user space used u_long mxspace; //user maximun space