Fixed FTS-0001 password check

This commit is contained in:
Michiel Broek 2003-08-24 16:27:57 +00:00
parent 1442a4babc
commit b3dbbdbb6c
9 changed files with 217 additions and 163 deletions

View File

@ -48,6 +48,9 @@ v0.37.6 10-Aug-2003
Set the EMSI receive failure count to 20 instead of 6, we can
now even accept buggy maindoor sessions and still display a
banner.
For FTS-0001 sessions the mail password was used instead of the
session password. Also improved the password check.
The product code was not entered in the FTS-0001 packet headers.
mbsetup:
In the nodes setup a switch is added to fallback to the wrong

2
TODO
View File

@ -113,6 +113,8 @@ mbcico:
N: FTS-0001 sessions always are secure, the password check is not
good.
N: The FTS-0001 incoming hello packet is not after a session.
mbfile:
L: Add a check to see if the magic filenames are (still) valid.

View File

@ -258,7 +258,7 @@ int chkftnmsgid(char *);
/*
* From getheader.c
*/
int getheader(faddr *, faddr *, FILE *, char *);
int getheader(faddr *, faddr *, FILE *, char *, int);
@ -384,7 +384,7 @@ int getarchiver(char *);
/*
* From packet.c
*/
FILE *openpkt(FILE *, faddr *, char);
FILE *openpkt(FILE *, faddr *, char, int);
void closepkt(void);

View File

@ -1,11 +1,11 @@
/*****************************************************************************
*
* $Id$
* File ..................: ftnmsg.c
* Purpose ...............: Fidonet mailer
* Last modification date : 09-Nov-2000
*
*****************************************************************************
* Copyright (C) 1997-2000
* Copyright (C) 1997-2003
*
* Michiel Broek FIDO: 2:280/2802
* Beekmansbos 10
@ -75,7 +75,7 @@ FILE *ftnmsghdr(ftnmsg *fmsg, FILE *pkt, faddr *route, char flavor, char *Pid)
if (route == NULL)
route = fmsg->to;
pkt = openpkt(pkt, route, flavor);
pkt = openpkt(pkt, route, flavor, FALSE);
if (pkt == NULL)
return NULL;

View File

@ -50,11 +50,15 @@ char pktpwd[9];
* 2 - Read header error
* 3 - Not for me
* 4 - Password error
* 5 - Unsecure session
*
* If session is TRUE, the password is checked as being the session password,
* otherwise it is checked as the mail password.
*/
int getheader(faddr *f, faddr *t, FILE *pkt, char *pname)
int getheader(faddr *f, faddr *t, FILE *pkt, char *pname, int session)
{
unsigned char buffer[0x3a];
int i, pwdok, capword, prodx, major, minor = 0, tome = FALSE;
int i, capword, prodx, major, minor = 0, tome = FALSE;
char *p, *prodn = NULL, *fa, *ta, buf[5];
long year, month, day, hour, min, sec;
@ -189,25 +193,43 @@ int getheader(faddr *f, faddr *t, FILE *pkt, char *pname)
buf[4] = '\0';
}
pwdok = TRUE;
if (noderecord(f)) {
if (strcasecmp(nodes.Epasswd, pktpwd) != 0) {
pwdok = FALSE;
if (strlen(pktpwd))
Syslog('!', "Password : got \"%s\", expected \"%s\"", pktpwd, nodes.Epasswd);
}
} else {
Syslog('+', "Node not in setup");
}
if (prodn)
free(prodn);
if (!tome)
return 3;
else if (!pwdok && nodes.MailPwdCheck)
return 4;
else
if (session) {
/*
* FTS-0001 session setup mode.
*/
if (noderecord(f) && strlen(nodes.Spasswd)) {
if (strcasecmp(nodes.Spasswd, pktpwd) == 0) {
return 0; /* Secure session */
} else {
Syslog('!', "Password : got \"%s\", expected \"%s\"", pktpwd, nodes.Spasswd);
return 4; /* Bad password */
}
} else {
Syslog('+', "Node not in setup or no password set");
return 5; /* Unsecure session */
}
} else {
/*
* Mail password check
*/
if (noderecord(f) && nodes.MailPwdCheck && strlen(nodes.Epasswd)) {
if (strcasecmp(nodes.Epasswd, pktpwd) == 0) {
return 0; /* Password Ok */
} else {
Syslog('!', "Password : got \"%s\", expected \"%s\"", pktpwd, nodes.Epasswd);
return 4; /* Bad password */
}
} else {
return 0; /* Not checked, still Ok */
}
}
return 0;
}

View File

@ -4,7 +4,7 @@
* Purpose ...............: Fidonet mailer
*
*****************************************************************************
* Copyright (C) 1997-2002
* Copyright (C) 1997-2003
*
* Michiel Broek FIDO: 2:280/2802
* Beekmansbos 10
@ -47,7 +47,7 @@ static faddr pktroute =
FILE *openpkt(FILE *pkt, faddr *addr, char flavor)
FILE *openpkt(FILE *pkt, faddr *addr, char flavor, int session)
{
off_t pos;
struct flock fl;
@ -64,9 +64,7 @@ FILE *openpkt(FILE *pkt, faddr *addr, char flavor)
if (pktfp) {
Syslog('P', "packet opened, check address");
if (metric(addr,&pktroute) == 0) {
if ((CFG.maxpktsize == 0L) ||
((fstat(fileno(pktfp),&st) == 0) &&
(st.st_size < CFG.maxpktsize))) {
if ((CFG.maxpktsize == 0L) || ((fstat(fileno(pktfp),&st) == 0) && (st.st_size < CFG.maxpktsize))) {
Syslog('P', "return existing fp");
return pktfp;
}
@ -112,7 +110,11 @@ FILE *openpkt(FILE *pkt, faddr *addr, char flavor)
pos = ftell(pkt);
if (pos <= 0L) {
Syslog('P', "creating new .pkt");
Syslog('s', "openpkt() create .pkt in %s mode", session?"session":"mail");
/*
* Write .PKT header, see FSC-0039 rev. 4
*/
memset(&buffer, 0, sizeof(buffer));
t = time(NULL);
ptm = localtime(&t);
@ -136,19 +138,27 @@ FILE *openpkt(FILE *pkt, faddr *addr, char flavor)
buffer[0x15] = (bestaka->net & 0xff00) >> 8;
buffer[0x16] = (addr->net & 0x00ff);
buffer[0x17] = (addr->net & 0xff00) >> 8;
buffer[0x18] = 0xfe;
buffer[0x18] = (PRODCODE & 0x00ff);
buffer[0x19] = (VERSION_MAJOR & 0x00ff);
memset(&str, 0, 8);
if (session) {
if (noderecord(addr) && strlen(nodes.Epasswd))
sprintf(str, "%s", nodes.Spasswd);
} else {
if (noderecord(addr) && strlen(nodes.Epasswd))
sprintf(str, "%s", nodes.Epasswd);
}
for (i = 0; i < 8; i++)
buffer[0x1a + i] = str[i];
buffer[0x1a + i] = toupper(str[i]); /* FSC-0039 only talks about A-Z, 0-9, so force uppercase */
buffer[0x22] = (bestaka->zone & 0x00ff);
buffer[0x23] = (bestaka->zone & 0xff00) >> 8;
buffer[0x24] = (addr->zone & 0x00ff);
buffer[0x25] = (addr->zone & 0xff00) >> 8;
buffer[0x29] = 1;
buffer[0x2a] = (PRODCODE & 0xff00) >> 8;
buffer[0x2b] = (VERSION_MINOR & 0x00ff);
buffer[0x2c] = 1;
buffer[0x2e] = buffer[0x22];
buffer[0x2f] = buffer[0x23];

View File

@ -4,7 +4,7 @@
* Purpose ...............: fidonet mailer
*
*****************************************************************************
* Copyright (C) 1997-2002
* Copyright (C) 1997-2003
*
* Michiel Broek FIDO: 2:280/2802
* Beekmansbos 10
@ -358,9 +358,12 @@ file_list *create_filelist(fa_list *al, char *fl, int create)
}
}
/*
* For FTS-0001 we need to create at least one packet.
*/
if (((st == NULL) && (create > 1)) || ((st != NULL) && (packets == 0) && (create > 0))) {
Syslog('o', "Create packet for %s", ascfnode(al->addr,0x1f));
if ((fp = openpkt(NULL, al->addr, 'o'))) {
if ((fp = openpkt(NULL, al->addr, 'o', TRUE))) {
memset(&buffer, 0, sizeof(buffer));
fwrite(buffer, 1, 2, fp);
fclose(fp);

View File

@ -60,6 +60,7 @@ static int recvfiles(void);
static file_list *tosend;
extern int Loaded;
extern pid_t mypid;
extern char *tempinbound;
@ -370,9 +371,9 @@ SM_NAMES
(char *)"scan_packet",
(char *)"recv_file"
SM_EDECL
int rc = 0, protect = FALSE;
int rc = 0, ghc = 0;
char recvpktname[16];
char *fpath;
char *fpath, *tpath;
FILE *fp;
faddr f, t;
fa_list **tmpl;
@ -407,18 +408,21 @@ SM_STATE(scan_packet)
fpath = xstrcat(fpath,recvpktname);
mkdirs(fpath, 0700);
fp = fopen(fpath,"r");
free(fpath);
if (fp == NULL) {
WriteError("$cannot open received packet");
free(fpath);
SM_ERROR;
}
switch (getheader(&f , &t, fp, recvpktname)) {
switch ((ghc = getheader(&f , &t, fp, recvpktname, TRUE))) {
case 3: Syslog('+', "remote mistook us for %s",ascfnode(&t,0x1f));
fclose(fp);
Syslog('s', "Unlink %s rc=%d", fpath, unlink(fpath));
free(fpath);
SM_ERROR;
case 0: Syslog('+', "accepting session");
case 0:
case 5: Syslog('+', "accepting session");
fclose(fp);
for (tmpl=&remote;*tmpl;tmpl=&((*tmpl)->next));
for (tmpl = &remote; *tmpl; tmpl = &((*tmpl)->next));
(*tmpl)=(fa_list*)malloc(sizeof(fa_list));
(*tmpl)->next=NULL;
(*tmpl)->addr=(faddr*)malloc(sizeof(faddr));
@ -457,17 +461,25 @@ SM_STATE(scan_packet)
if (nlent)
rdoptions(Loaded);
/*
* It appears that if the remote gave no password, the
* getheader function fills in a password itself. Maybe
* that's the reason why E.C did not switch to protected
* inbound, because of the failing password check. MB.
*/
if (f.name) {
if (ghc == 0) {
Syslog('+', "Password correct, protected FTS-0001 session");
protect = TRUE;
inbound_open(remote->addr, TRUE);
} else {
Syslog('+', "Unsecure FTS-0001 session");
inbound_open(remote->addr, FALSE);
}
inbound_open(remote->addr, protect);
/*
* Move the packet to the temp inbound so the we can later
* move it to the final inbound.
*/
tpath = xstrcpy(tempinbound);
tpath = xstrcat(tpath,(char *)"/");
tpath = xstrcat(tpath,recvpktname);
Syslog('s', "Move %s to %s rc=%d", fpath, tpath, file_mv(fpath, tpath));
free(fpath);
free(tpath);
tosend = create_filelist(remote,(char *)ALL_MAIL,1);
if (rc == 0) {
@ -479,6 +491,8 @@ SM_STATE(scan_packet)
default:
Syslog('+', "received bad packet apparently from",ascfnode(&f,0x1f));
fclose(fp);
Syslog('s', "Unlink %s rc=%d", fpath, unlink(fpath));
free(fpath);
SM_ERROR;
}

View File

@ -279,7 +279,7 @@ int TossPkt(char *fn)
memset(&from, 0, sizeof(faddr));
memset(&to, 0, sizeof(faddr));
if (((rc = getheader(&from, &to, pkt, fn)) != 0)) {
if (((rc = getheader(&from, &to, pkt, fn, FALSE)) != 0)) {
WriteError("%s, aborting",
(rc == 1)?"wrong header type":
(rc == 2)?"bad packet header":