Fixed FTS-0001 password check
This commit is contained in:
parent
1442a4babc
commit
b3dbbdbb6c
@ -48,6 +48,9 @@ v0.37.6 10-Aug-2003
|
||||
Set the EMSI receive failure count to 20 instead of 6, we can
|
||||
now even accept buggy maindoor sessions and still display a
|
||||
banner.
|
||||
For FTS-0001 sessions the mail password was used instead of the
|
||||
session password. Also improved the password check.
|
||||
The product code was not entered in the FTS-0001 packet headers.
|
||||
|
||||
mbsetup:
|
||||
In the nodes setup a switch is added to fallback to the wrong
|
||||
|
2
TODO
2
TODO
@ -113,6 +113,8 @@ mbcico:
|
||||
N: FTS-0001 sessions always are secure, the password check is not
|
||||
good.
|
||||
|
||||
N: The FTS-0001 incoming hello packet is not after a session.
|
||||
|
||||
mbfile:
|
||||
L: Add a check to see if the magic filenames are (still) valid.
|
||||
|
||||
|
@ -258,7 +258,7 @@ int chkftnmsgid(char *);
|
||||
/*
|
||||
* From getheader.c
|
||||
*/
|
||||
int getheader(faddr *, faddr *, FILE *, char *);
|
||||
int getheader(faddr *, faddr *, FILE *, char *, int);
|
||||
|
||||
|
||||
|
||||
@ -384,7 +384,7 @@ int getarchiver(char *);
|
||||
/*
|
||||
* From packet.c
|
||||
*/
|
||||
FILE *openpkt(FILE *, faddr *, char);
|
||||
FILE *openpkt(FILE *, faddr *, char, int);
|
||||
void closepkt(void);
|
||||
|
||||
|
||||
|
@ -1,11 +1,11 @@
|
||||
/*****************************************************************************
|
||||
*
|
||||
* $Id$
|
||||
* File ..................: ftnmsg.c
|
||||
* Purpose ...............: Fidonet mailer
|
||||
* Last modification date : 09-Nov-2000
|
||||
*
|
||||
*****************************************************************************
|
||||
* Copyright (C) 1997-2000
|
||||
* Copyright (C) 1997-2003
|
||||
*
|
||||
* Michiel Broek FIDO: 2:280/2802
|
||||
* Beekmansbos 10
|
||||
@ -75,7 +75,7 @@ FILE *ftnmsghdr(ftnmsg *fmsg, FILE *pkt, faddr *route, char flavor, char *Pid)
|
||||
|
||||
if (route == NULL)
|
||||
route = fmsg->to;
|
||||
pkt = openpkt(pkt, route, flavor);
|
||||
pkt = openpkt(pkt, route, flavor, FALSE);
|
||||
if (pkt == NULL)
|
||||
return NULL;
|
||||
|
||||
|
@ -50,11 +50,15 @@ char pktpwd[9];
|
||||
* 2 - Read header error
|
||||
* 3 - Not for me
|
||||
* 4 - Password error
|
||||
* 5 - Unsecure session
|
||||
*
|
||||
* If session is TRUE, the password is checked as being the session password,
|
||||
* otherwise it is checked as the mail password.
|
||||
*/
|
||||
int getheader(faddr *f, faddr *t, FILE *pkt, char *pname)
|
||||
int getheader(faddr *f, faddr *t, FILE *pkt, char *pname, int session)
|
||||
{
|
||||
unsigned char buffer[0x3a];
|
||||
int i, pwdok, capword, prodx, major, minor = 0, tome = FALSE;
|
||||
int i, capword, prodx, major, minor = 0, tome = FALSE;
|
||||
char *p, *prodn = NULL, *fa, *ta, buf[5];
|
||||
long year, month, day, hour, min, sec;
|
||||
|
||||
@ -189,25 +193,43 @@ int getheader(faddr *f, faddr *t, FILE *pkt, char *pname)
|
||||
buf[4] = '\0';
|
||||
}
|
||||
|
||||
pwdok = TRUE;
|
||||
if (noderecord(f)) {
|
||||
if (strcasecmp(nodes.Epasswd, pktpwd) != 0) {
|
||||
pwdok = FALSE;
|
||||
if (strlen(pktpwd))
|
||||
Syslog('!', "Password : got \"%s\", expected \"%s\"", pktpwd, nodes.Epasswd);
|
||||
}
|
||||
} else {
|
||||
Syslog('+', "Node not in setup");
|
||||
}
|
||||
|
||||
if (prodn)
|
||||
free(prodn);
|
||||
|
||||
if (!tome)
|
||||
return 3;
|
||||
else if (!pwdok && nodes.MailPwdCheck)
|
||||
return 4;
|
||||
else
|
||||
|
||||
if (session) {
|
||||
/*
|
||||
* FTS-0001 session setup mode.
|
||||
*/
|
||||
if (noderecord(f) && strlen(nodes.Spasswd)) {
|
||||
if (strcasecmp(nodes.Spasswd, pktpwd) == 0) {
|
||||
return 0; /* Secure session */
|
||||
} else {
|
||||
Syslog('!', "Password : got \"%s\", expected \"%s\"", pktpwd, nodes.Spasswd);
|
||||
return 4; /* Bad password */
|
||||
}
|
||||
} else {
|
||||
Syslog('+', "Node not in setup or no password set");
|
||||
return 5; /* Unsecure session */
|
||||
}
|
||||
} else {
|
||||
/*
|
||||
* Mail password check
|
||||
*/
|
||||
if (noderecord(f) && nodes.MailPwdCheck && strlen(nodes.Epasswd)) {
|
||||
if (strcasecmp(nodes.Epasswd, pktpwd) == 0) {
|
||||
return 0; /* Password Ok */
|
||||
} else {
|
||||
Syslog('!', "Password : got \"%s\", expected \"%s\"", pktpwd, nodes.Epasswd);
|
||||
return 4; /* Bad password */
|
||||
}
|
||||
} else {
|
||||
return 0; /* Not checked, still Ok */
|
||||
}
|
||||
}
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
||||
|
24
lib/packet.c
24
lib/packet.c
@ -4,7 +4,7 @@
|
||||
* Purpose ...............: Fidonet mailer
|
||||
*
|
||||
*****************************************************************************
|
||||
* Copyright (C) 1997-2002
|
||||
* Copyright (C) 1997-2003
|
||||
*
|
||||
* Michiel Broek FIDO: 2:280/2802
|
||||
* Beekmansbos 10
|
||||
@ -47,7 +47,7 @@ static faddr pktroute =
|
||||
|
||||
|
||||
|
||||
FILE *openpkt(FILE *pkt, faddr *addr, char flavor)
|
||||
FILE *openpkt(FILE *pkt, faddr *addr, char flavor, int session)
|
||||
{
|
||||
off_t pos;
|
||||
struct flock fl;
|
||||
@ -64,9 +64,7 @@ FILE *openpkt(FILE *pkt, faddr *addr, char flavor)
|
||||
if (pktfp) {
|
||||
Syslog('P', "packet opened, check address");
|
||||
if (metric(addr,&pktroute) == 0) {
|
||||
if ((CFG.maxpktsize == 0L) ||
|
||||
((fstat(fileno(pktfp),&st) == 0) &&
|
||||
(st.st_size < CFG.maxpktsize))) {
|
||||
if ((CFG.maxpktsize == 0L) || ((fstat(fileno(pktfp),&st) == 0) && (st.st_size < CFG.maxpktsize))) {
|
||||
Syslog('P', "return existing fp");
|
||||
return pktfp;
|
||||
}
|
||||
@ -112,7 +110,11 @@ FILE *openpkt(FILE *pkt, faddr *addr, char flavor)
|
||||
pos = ftell(pkt);
|
||||
if (pos <= 0L) {
|
||||
Syslog('P', "creating new .pkt");
|
||||
Syslog('s', "openpkt() create .pkt in %s mode", session?"session":"mail");
|
||||
|
||||
/*
|
||||
* Write .PKT header, see FSC-0039 rev. 4
|
||||
*/
|
||||
memset(&buffer, 0, sizeof(buffer));
|
||||
t = time(NULL);
|
||||
ptm = localtime(&t);
|
||||
@ -136,19 +138,27 @@ FILE *openpkt(FILE *pkt, faddr *addr, char flavor)
|
||||
buffer[0x15] = (bestaka->net & 0xff00) >> 8;
|
||||
buffer[0x16] = (addr->net & 0x00ff);
|
||||
buffer[0x17] = (addr->net & 0xff00) >> 8;
|
||||
buffer[0x18] = 0xfe;
|
||||
buffer[0x18] = (PRODCODE & 0x00ff);
|
||||
buffer[0x19] = (VERSION_MAJOR & 0x00ff);
|
||||
|
||||
memset(&str, 0, 8);
|
||||
if (session) {
|
||||
if (noderecord(addr) && strlen(nodes.Epasswd))
|
||||
sprintf(str, "%s", nodes.Spasswd);
|
||||
} else {
|
||||
if (noderecord(addr) && strlen(nodes.Epasswd))
|
||||
sprintf(str, "%s", nodes.Epasswd);
|
||||
}
|
||||
for (i = 0; i < 8; i++)
|
||||
buffer[0x1a + i] = str[i];
|
||||
buffer[0x1a + i] = toupper(str[i]); /* FSC-0039 only talks about A-Z, 0-9, so force uppercase */
|
||||
|
||||
buffer[0x22] = (bestaka->zone & 0x00ff);
|
||||
buffer[0x23] = (bestaka->zone & 0xff00) >> 8;
|
||||
buffer[0x24] = (addr->zone & 0x00ff);
|
||||
buffer[0x25] = (addr->zone & 0xff00) >> 8;
|
||||
buffer[0x29] = 1;
|
||||
buffer[0x2a] = (PRODCODE & 0xff00) >> 8;
|
||||
buffer[0x2b] = (VERSION_MINOR & 0x00ff);
|
||||
buffer[0x2c] = 1;
|
||||
buffer[0x2e] = buffer[0x22];
|
||||
buffer[0x2f] = buffer[0x23];
|
||||
|
@ -4,7 +4,7 @@
|
||||
* Purpose ...............: fidonet mailer
|
||||
*
|
||||
*****************************************************************************
|
||||
* Copyright (C) 1997-2002
|
||||
* Copyright (C) 1997-2003
|
||||
*
|
||||
* Michiel Broek FIDO: 2:280/2802
|
||||
* Beekmansbos 10
|
||||
@ -358,9 +358,12 @@ file_list *create_filelist(fa_list *al, char *fl, int create)
|
||||
}
|
||||
}
|
||||
|
||||
/*
|
||||
* For FTS-0001 we need to create at least one packet.
|
||||
*/
|
||||
if (((st == NULL) && (create > 1)) || ((st != NULL) && (packets == 0) && (create > 0))) {
|
||||
Syslog('o', "Create packet for %s", ascfnode(al->addr,0x1f));
|
||||
if ((fp = openpkt(NULL, al->addr, 'o'))) {
|
||||
if ((fp = openpkt(NULL, al->addr, 'o', TRUE))) {
|
||||
memset(&buffer, 0, sizeof(buffer));
|
||||
fwrite(buffer, 1, 2, fp);
|
||||
fclose(fp);
|
||||
|
@ -60,6 +60,7 @@ static int recvfiles(void);
|
||||
static file_list *tosend;
|
||||
extern int Loaded;
|
||||
extern pid_t mypid;
|
||||
extern char *tempinbound;
|
||||
|
||||
|
||||
|
||||
@ -370,9 +371,9 @@ SM_NAMES
|
||||
(char *)"scan_packet",
|
||||
(char *)"recv_file"
|
||||
SM_EDECL
|
||||
int rc = 0, protect = FALSE;
|
||||
int rc = 0, ghc = 0;
|
||||
char recvpktname[16];
|
||||
char *fpath;
|
||||
char *fpath, *tpath;
|
||||
FILE *fp;
|
||||
faddr f, t;
|
||||
fa_list **tmpl;
|
||||
@ -407,18 +408,21 @@ SM_STATE(scan_packet)
|
||||
fpath = xstrcat(fpath,recvpktname);
|
||||
mkdirs(fpath, 0700);
|
||||
fp = fopen(fpath,"r");
|
||||
free(fpath);
|
||||
if (fp == NULL) {
|
||||
WriteError("$cannot open received packet");
|
||||
free(fpath);
|
||||
SM_ERROR;
|
||||
}
|
||||
switch (getheader(&f , &t, fp, recvpktname)) {
|
||||
switch ((ghc = getheader(&f , &t, fp, recvpktname, TRUE))) {
|
||||
case 3: Syslog('+', "remote mistook us for %s",ascfnode(&t,0x1f));
|
||||
fclose(fp);
|
||||
Syslog('s', "Unlink %s rc=%d", fpath, unlink(fpath));
|
||||
free(fpath);
|
||||
SM_ERROR;
|
||||
case 0: Syslog('+', "accepting session");
|
||||
case 0:
|
||||
case 5: Syslog('+', "accepting session");
|
||||
fclose(fp);
|
||||
for (tmpl=&remote;*tmpl;tmpl=&((*tmpl)->next));
|
||||
for (tmpl = &remote; *tmpl; tmpl = &((*tmpl)->next));
|
||||
(*tmpl)=(fa_list*)malloc(sizeof(fa_list));
|
||||
(*tmpl)->next=NULL;
|
||||
(*tmpl)->addr=(faddr*)malloc(sizeof(faddr));
|
||||
@ -457,17 +461,25 @@ SM_STATE(scan_packet)
|
||||
if (nlent)
|
||||
rdoptions(Loaded);
|
||||
|
||||
/*
|
||||
* It appears that if the remote gave no password, the
|
||||
* getheader function fills in a password itself. Maybe
|
||||
* that's the reason why E.C did not switch to protected
|
||||
* inbound, because of the failing password check. MB.
|
||||
*/
|
||||
if (f.name) {
|
||||
if (ghc == 0) {
|
||||
Syslog('+', "Password correct, protected FTS-0001 session");
|
||||
protect = TRUE;
|
||||
inbound_open(remote->addr, TRUE);
|
||||
} else {
|
||||
Syslog('+', "Unsecure FTS-0001 session");
|
||||
inbound_open(remote->addr, FALSE);
|
||||
}
|
||||
inbound_open(remote->addr, protect);
|
||||
/*
|
||||
* Move the packet to the temp inbound so the we can later
|
||||
* move it to the final inbound.
|
||||
*/
|
||||
tpath = xstrcpy(tempinbound);
|
||||
tpath = xstrcat(tpath,(char *)"/");
|
||||
tpath = xstrcat(tpath,recvpktname);
|
||||
|
||||
Syslog('s', "Move %s to %s rc=%d", fpath, tpath, file_mv(fpath, tpath));
|
||||
|
||||
free(fpath);
|
||||
free(tpath);
|
||||
|
||||
tosend = create_filelist(remote,(char *)ALL_MAIL,1);
|
||||
if (rc == 0) {
|
||||
@ -479,6 +491,8 @@ SM_STATE(scan_packet)
|
||||
default:
|
||||
Syslog('+', "received bad packet apparently from",ascfnode(&f,0x1f));
|
||||
fclose(fp);
|
||||
Syslog('s', "Unlink %s rc=%d", fpath, unlink(fpath));
|
||||
free(fpath);
|
||||
SM_ERROR;
|
||||
}
|
||||
|
||||
|
@ -279,7 +279,7 @@ int TossPkt(char *fn)
|
||||
memset(&from, 0, sizeof(faddr));
|
||||
memset(&to, 0, sizeof(faddr));
|
||||
|
||||
if (((rc = getheader(&from, &to, pkt, fn)) != 0)) {
|
||||
if (((rc = getheader(&from, &to, pkt, fn, FALSE)) != 0)) {
|
||||
WriteError("%s, aborting",
|
||||
(rc == 1)?"wrong header type":
|
||||
(rc == 2)?"bad packet header":
|
||||
|
Reference in New Issue
Block a user