From d907aa5f700fb9211f8109c5fc1a584491d6816e Mon Sep 17 00:00:00 2001 From: "Jean-Marc Pigeon (Delson)" Date: Fri, 4 Jul 2025 05:29:48 -0400 Subject: [PATCH] cram_md5 seems working fine --- lib/lvleml.c | 81 ++++++++++++++++++++++++++++++++++++---------------- lib/lvleml.h | 1 + 2 files changed, 58 insertions(+), 24 deletions(-) diff --git a/lib/lvleml.c b/lib/lvleml.c index 7c65ab2..cb06f43 100644 --- a/lib/lvleml.c +++ b/lib/lvleml.c @@ -258,10 +258,12 @@ static _Bool addreceived(CONTYP *contact,FILE *data) { _Bool status; time_t curtime; +const char *esmtp; int phase; _Bool proceed; status=true; +esmtp="ESMTP"; curtime=time((time_t *)0); phase=0; proceed=true; @@ -272,11 +274,14 @@ while (proceed==true) { contact->peername,contact->peerip,contact->mailfrom); break; case 1 : //Inserting the Receive information - (void) fprintf(data,"\tby %s ([%s:%s]/%s-%s) with ESMTP\n", + if (contact->authenticated==true) + esmtp="ESMTPA"; + (void) fprintf(data,"\tby %s ([%s:%s]/%s-%s) with %s\n", contact->locname, contact->locip, contact->locserv, - appname,rou_getversion()); + appname,rou_getversion(), + esmtp); break; case 2 : //Inserting TLS information if (soc_iscrypted(contact->socptr)==true) { @@ -368,7 +373,7 @@ decoded=(char *)0; phase=0; proceed=true; while (proceed==true) { - (void) rou_alert(0,"%s JMPDBG phase='%d'",OPEP,phase); + //(void) rou_alert(0,"%s JMPDBG phase='%d'",OPEP,phase); switch (phase) { case 0 : { //Building the challenge sequence TIMESPEC cur; @@ -431,14 +436,13 @@ while (proceed==true) { char *local; char *hexa; - (void) rou_alert(0,"%s passwd=<%s>",OPEP,passwd); local=cnv_hashmd5(passwd,(unsigned char *)challenge); hexa=cnv_tohexa(local); //(void) rou_alert(0,"%s anwr=<%s>",OPEP,answer); //(void) rou_alert(0,"%s hexa=<%s>",OPEP,hexa); - if (strcmp(hexa,answer)==0) - (void) rou_asprintf(&decoded,"%s%s%s%s", - IOBNULL,name,IOBNULL,passwd); + if (strcmp(hexa,answer)!=0) + (void) strncpy(passwd,"$1(ukn as cram_d5)",sizeof(passwd)-1); + (void) rou_asprintf(&decoded,"%s%s%s%s",IOBNULL,name,IOBNULL,passwd); hexa=rou_freestr(hexa); local=rou_freestr(local); } @@ -449,7 +453,7 @@ while (proceed==true) { } phase++; } -(void) rou_alert(0,"%s JMPDBG decoded=<%s>",OPEP,decoded); +//(void) rou_alert(0,"%s JMPDBG decoded=<%s>",OPEP,decoded); return decoded; #undef OPEP @@ -659,30 +663,60 @@ dup=rou_freestr(dup); static _Bool checklogin(SQLPTR *sqlptr,char *sequence) { +#define OPEP "lvleml.c:checklogin," + _Bool isok; char *data[3]; +int phase; +_Bool proceed; isok=false; (void) memset(data,'\000',sizeof(data)); -(void) split_auth_plain(sequence,data); -if ((data[1]!=(char *)0)&&(data[2]!=(char *)0)) { - USRTYP *usr; +phase=0; +proceed=true; +while (proceed==true) { + switch (phase) { + case 0 : //make sure we have data + (void) split_auth_plain(sequence,data); + if ((data[1]==(char *)0)||(data[2]==(char *)0)) { + (void) rou_alert(0,"%s missing data from <%s> (Bug?)",OPEP,sequence); + phase=999; //No need to go further + } + break; + case 1 : //do we have valide data? + if ((strlen(data[1])==0)||(strlen(data[2])==0)) { + (void) rou_alert(0,"%s data[1]=<%s> or data[2]=<%s> missing (Bug?)", + OPEP,data[1],data[2]); + phase=999; //No need to go further + } + break; + case 2 : { //checking user password + USRTYP *usr; - usr=(USRTYP *)0; - if (sql_mngusr(sqlptr,sql_select,data[1],&usr)==true) { - char *crypted; + usr=(USRTYP *)0; + if (sql_mngusr(sqlptr,sql_select,data[1],&usr)==true) { + char *crypted; - crypted=usr->passwd; - if (usr->passwd[0]=='$') - crypted=crypt(data[2],usr->passwd); - if ((crypted!=(char *)0)&&(strcmp(crypted,usr->passwd)==0)) - isok=true; //Passord match - usr=sql_freeusr(usr); + crypted=data[2]; + if (usr->passwd[0]=='$') + crypted=crypt(data[2],usr->passwd); + if ((crypted!=(char *)0)&&(strcmp(crypted,usr->passwd)==0)) + isok=true; //Passord match + usr=sql_freeusr(usr); + } + } + break; + default : //SAFE Guard + proceed=false; + break; } + phase++; } for (int i=0;i<3;i++) data[i]=rou_freestr(data[i]); return isok; + +#undef OPEP } /* ^L @@ -774,7 +808,7 @@ while (proceed==true) { break; case 5 : //we have a decoded sequence, check password isok=checklogin(contact->sqlptr,decoded); - (void) rou_alert(0,"%s checklogin='%d'",OPEP,isok); + contact->authenticated=true; break; case 6 : //we have login status if (strlen(decoded)>0) { //always @@ -2121,9 +2155,8 @@ while (proceed==true) { (void) checkfrom(contact,line); break; case c_auth : //Auth request - (void) getauth(contact,delay,line); - status=1; //JMPDBGevery thing fine - proceed=false; + if (getauth(contact,delay,line)==false) + proceed=false; //Authentication failed break; case c_rcpt : //Doing rpt scanning if (checkto(contact,line)==false) { diff --git a/lib/lvleml.h b/lib/lvleml.h index 7e2e596..0f69b07 100644 --- a/lib/lvleml.h +++ b/lib/lvleml.h @@ -20,6 +20,7 @@ typedef struct { SQLPTR *sqlptr; //established contact database access char *fqdn; //fully qualified domain from peer char *locip; //socket local IP num + _Bool authenticated; //Link is authenticated AFNTYP **localafn; //local IP as an AFNUM char *locname; //socket local hostname char *locserv; //local service port -- 2.47.3