From afa6aaa9cb82db98acde42b296e3862cd3ae3623 Mon Sep 17 00:00:00 2001 From: "Jean-Marc Pigeon (Delson)" Date: Wed, 2 Jul 2025 11:08:10 -0400 Subject: [PATCH] Better way to scan auth_plain sequence --- data-feed/feedxx.tst | 2 + data-feed/feedyy.tst | 17 +++++++++ lib/lvleml.c | 88 ++++++++++++++++++++++++++++---------------- 3 files changed, 75 insertions(+), 32 deletions(-) create mode 100644 data-feed/feedyy.tst diff --git a/data-feed/feedxx.tst b/data-feed/feedxx.tst index e8299bb..e596bd9 100644 --- a/data-feed/feedxx.tst +++ b/data-feed/feedxx.tst @@ -27,6 +27,8 @@ R:334 UGFzc3dvcmQ6 #sending 'mailleur' as B64 S:bWFpbGxldXI= R:235 5.7.5 Authentication successful +S:AUTH PLAIN AHVzZXIxQG1haWxwb3N0Zy5leGFtcGxlLmNvbQBtYWlsbGV1cg== +R:504 5.7.4 authentication failed S:AUTH PLAIN QmlncmVfYmlncmUgbm91c2Vy R:504 5.7.4 authentication failed S:AUTH PLAIN cG9zdG1hc3RlckBleGFtcGxlLmNvbSBub3Bhc3N3ZA== diff --git a/data-feed/feedyy.tst b/data-feed/feedyy.tst new file mode 100644 index 0000000..fd756ac --- /dev/null +++ b/data-feed/feedyy.tst @@ -0,0 +1,17 @@ +T:(feed05) sending a small email after beeing authenticated +R:220 mailleur.example.com, ESMTP (cleartext) mailleur... +#==================================================== +#-sending authentication request via BASE64 +#https://www.base64encode.org/ +#AUTH LOGIN +#-Usernanme 'webmaster@example.com' --> 'd2VibWFzdGVyQGV4YW1wbGUuY29t' +#-password 'mailleur' --> 'bWFpbGxldXI=" +#AUTH PLAIN +#-full seq "authid\0webmaster@example.com\0mailleur' +# --> YXV0aGlkXDB3ZWJtYXN0ZXJAZXhhbXBsZS5jb21cMG1haWxsZXVy +# authid will be discarded by authentication procedure +#authid can be missing +S:AUTH PLAIN AHVzZXIxQG1haWxwb3N0Zy5leGFtcGxlLmNvbQBtYWlsbGV1cg== +R:504 5.7.4 authentication failed +S:QUIT +R:221 2.0.0 Bye, closing connection... diff --git a/lib/lvleml.c b/lib/lvleml.c index b72fd6a..362aacd 100644 --- a/lib/lvleml.c +++ b/lib/lvleml.c @@ -310,12 +310,14 @@ return status; static char *get_auth_plain(CONTYP *contact,int delay,char *received) { +#define OPEP "lvleml.c:get_auth_plain," char *decoded; char local[200]; decoded=(char *)0; (void) memset(local,'\000',sizeof(local)); (void) strncpy(local,received,sizeof(local)-1); +(void) rou_alert(0,"%s received=<%s",OPEP,received); if (strlen(local)==0) { char *line; int got; @@ -331,7 +333,10 @@ if (strlen(local)==0) { } if (strlen(local)>0) decoded=cnv_getb64(local); +(void) rou_alert(0,"%s decoded=<%s",OPEP,decoded); return decoded; + +#undef OPEP } /* ^L @@ -382,6 +387,39 @@ return decoded; */ /********************************************************/ /* */ +/* Procedure to split a plain authentication string*/ +/* Match with the user provided. */ +/* */ +/********************************************************/ +static void split_auth_plain(char *sequence,char *data[3]) + +{ +char *locdata[3]; +char *dup; +char *ptr; +int count; + +(void) memset(locdata,'\000',sizeof(locdata)); +dup=strdup(sequence); +ptr=dup; +for (count=0;(count<3)&&(ptr!=(char *)0);count++) { + char *mark; + + if ((mark=strstr(ptr,IOBNULL))!=(char *)0) { + *mark='\000'; + mark+=strlen(IOBNULL); + } + locdata[count]=strdup(ptr); + ptr=mark; + } +(void) memmove(data,locdata,sizeof(locdata)); +dup=rou_freestr(dup); +} +/* +^L +*/ +/********************************************************/ +/* */ /* Procedure to check if the password submitted */ /* Match with the user provided. */ /* */ @@ -394,30 +432,18 @@ char *data[3]; isok=false; (void) memset(data,'\000',sizeof(data)); -for (int i=0;i<3;i++) { - char *ptr; - - if ((ptr=strstr(sequence,IOBNULL))!=(char *)0) - *ptr='\000'; - data[i]=strdup(sequence); - if (ptr==(char *)0) - break; //no more data available - ptr+=strlen(IOBNULL); - (void) memmove(sequence,ptr,strlen(ptr)+1); - } +(void) split_auth_plain(sequence,data); if ((data[1]!=(char *)0)&&(data[2]!=(char *)0)) { - if ((strlen(data[1])>0)&&(strlen(data[2])>0)) { - USRTYP *usr; + USRTYP *usr; - usr=(USRTYP *)0; - if (sql_mngusr(sqlptr,sql_select,data[1],&usr)==true) { - char *crypted; + usr=(USRTYP *)0; + if (sql_mngusr(sqlptr,sql_select,data[1],&usr)==true) { + char *crypted; - crypted=crypt(data[2],usr->passwd); - if ((crypted!=(char *)0)&&(strcmp(crypted,usr->passwd)==0)) - isok=true; //Passord match - usr=sql_freeusr(usr); - } + crypted=crypt(data[2],usr->passwd); + if ((crypted!=(char *)0)&&(strcmp(crypted,usr->passwd)==0)) + isok=true; //Passord match + usr=sql_freeusr(usr); } } for (int i=0;i<3;i++) @@ -504,19 +530,17 @@ while (proceed==true) { break; case 4 : //we have a decoded sequence, check password if (checklogin(contact->sqlptr,decoded)==false) { - char *fmt; - char *user; - char *pass; - - user=decoded; - if ((pass=strchr(decoded,' '))!=(char *)0) { - *pass='\000'; - pass++; - } - fmt="Auth Rejected status='%d' for user=<%s> pass=<%s>"; - (void) log_fprintlog(contact->logptr,true,fmt,BADAUTH,user,pass); + char *data[3]; + const char *fmt; + + (void) memset(data,'\000',sizeof(data)); + (void) split_auth_plain(decoded,data); + fmt=" Auth Rejected status='%d' for user=<%s> pass=<%s>"; + (void) log_fprintlog(contact->logptr,true,fmt,BADAUTH,data[1],data[2]); (void) sleep(2); (void) transmit(contact,true,"%d 5.7.4 authentication failed",BADAUTH); + for (int i=0;i<3;i++) + data[i]=rou_freestr(data[i]); phase=999; } decoded=rou_freestr(decoded); -- 2.47.3