int tryLogin(int hSocket, sLogin** psLogin, char* szLogin, char* szPassword) { char ipaddr_str[INET_ADDRSTRLEN]; int iRet; unsigned char bufSend[BUF_SIZE]; unsigned char* bufReceive; int nReceiveBufferSize = 0; /* Rsh could care less what the password is */ szPassword=szLogin; /* send username */ memset(bufSend, 0, sizeof(bufSend)); bufSend[0]=0x00; strncpy(bufSend+1, szLogin, strlen(szLogin)); bufSend[strlen(szLogin)+1]=0x00; strncpy(bufSend+2+strlen(szLogin), szPassword, strlen(szPassword)); bufSend[strlen(szLogin)+1+strlen(szPassword)+1]=0x00; strncpy(bufSend+1+strlen(szLogin)+1+strlen(szPassword)+1, "id", 3); bufSend[strlen(szLogin)+1+strlen(szPassword)+1+3]=0x00; if (medusaSend(hSocket, bufSend, strlen(szLogin)+1+strlen(szPassword)+1+4 , 0) < 0) { writeError(ERR_ERROR, "%s failed: medusaSend was not successful", MODULE_NAME); } nReceiveBufferSize = 0; /* this is the port that the client should listen to for stderr. We should really check this but we're going to skip */ bufReceive = medusaReceiveRaw(hSocket, &nReceiveBufferSize); if (bufReceive == NULL) { writeError(ERR_ERROR, "%s failed: medusaReceive returned no data. Which ends rsh test.", MODULE_NAME); return FAILURE; } bufReceive = medusaReceiveRaw(hSocket, &nReceiveBufferSize); if (bufReceive == NULL) { writeError(ERR_ERROR, "%s failed: medusaReceive returned no data. Exiting...", MODULE_NAME); return FAILURE; } else if (strstr(bufReceive,"uid") != NULL) { writeError(ERR_DEBUG_MODULE, "%s : Login attempt successful.", MODULE_NAME); (*psLogin)->iResult = LOGIN_RESULT_SUCCESS; iRet = MSTATE_EXITING; } else { writeError(ERR_DEBUG_MODULE, "%s : Login attempt failed.", MODULE_NAME); (*psLogin)->iResult = LOGIN_RESULT_FAIL; iRet = MSTATE_NEW; } FREE(bufReceive); setPassResult((*psLogin), szPassword); return(iRet); }
int tryLogin(int hSocket, sLogin** psLogin, _CVS_DATA* _psSessionData, char* szLogin, char* szPassword) { int iRet, nSendBufferSize, nReceiveBufferSize; unsigned int i; unsigned char* bufReceive; char *szAuth, *szPassTmp; /* evil cvs encryption sheme... 0 111 P 125 p 58 ! 120 1 52 A 57 Q 55 a 121 q 113 " 53 2 75 B 83 R 54 b 117 r 32 3 119 C 43 S 66 c 104 s 90 4 49 D 46 T 124 d 101 t 44 % 109 5 34 E 102 U 126 e 100 u 98 & 72 6 82 F 40 V 59 f 69 v 60 ' 108 7 81 G 89 W 47 g 73 w 51 ( 70 8 95 H 38 X 92 h 99 x 33 ) 64 9 65 I 103 Y 71 i 63 y 97 * 76 : 112 J 45 Z 115 j 94 z 62 + 67 ; 86 K 50 k 93 , 116 < 118 L 42 l 39 - 74 = 110 M 123 m 37 . 68 > 122 N 91 n 61 / 87 ? 105 O 35 _ 56 o 48 */ char key[] = { 0, 120, 53, 0, 0, 109, 72, 108, 70, 64, 76, 67, 116, 74, 68, 87, 111, 52, 75, 119, 49, 34, 82, 81, 95, 65, 112, 86, 118, 110, 122, 105, 0, 57, 83, 43, 46, 102, 40, 89, 38, 103, 45, 50, 42, 123, 91, 35, 125, 55, 54, 66, 124, 126, 59, 47, 92, 71, 115, 0, 0, 0, 0, 56, 0, 121, 117, 104, 101, 100, 69, 73, 99, 63, 94, 93, 39, 37, 61, 48, 58, 113, 32, 90, 44, 98, 60, 51, 33, 97, 62 }; /* 92 characters */ if (strlen(szPassword) > 92) { writeError(ERR_ERROR, "[%s] Password must be limited to 92 or less characters.", MODULE_NAME); return FAILURE; } szPassTmp = malloc(strlen(szPassword) + 1); memset(szPassTmp, 0, strlen(szPassword) + 1); strncpy(szPassTmp, szPassword, strlen(szPassword)); for (i = 0; i < strlen(szPassTmp); i++) szPassTmp[i] = key[szPassTmp[i] - 0x20]; nSendBufferSize = strlen(_psSessionData->szDir) + strlen(szLogin) + strlen(szPassTmp) + 56; szAuth = malloc(nSendBufferSize + 1); memset(szAuth, 0, nSendBufferSize + 1); sprintf(szAuth, "BEGIN VERIFICATION REQUEST\n%s\n%s\nA%s\nEND VERIFICATION REQUEST\n", _psSessionData->szDir, szLogin, szPassTmp); if (medusaSend(hSocket, (unsigned char*)szAuth, nSendBufferSize, 0) < 0) { writeError(ERR_ERROR, "[%s] failed: medusaSend was not successful", MODULE_NAME); return FAILURE; } nReceiveBufferSize = 0; bufReceive = medusaReceiveRaw(hSocket, &nReceiveBufferSize); if (bufReceive == NULL) return FAILURE; if (strstr((char*)bufReceive, "I LOVE YOU\n")) { writeError(ERR_DEBUG_MODULE, "[%s] Login attempt successful.", MODULE_NAME); (*psLogin)->iResult = LOGIN_RESULT_SUCCESS; iRet = MSTATE_EXITING; } else if (strstr((char*)bufReceive, "E PAM start error: Critical error - immediate abort\n")) { writeError(ERR_ERROR, "[%s] User (%s) does not exist.", MODULE_NAME, szLogin); (*psLogin)->iResult = LOGIN_RESULT_ERROR; iRet = MSTATE_EXITING; } else if (strstr((char*)bufReceive, "I HATE YOU\n")) { writeError(ERR_DEBUG_MODULE, "[%s] Login attempt failed.", MODULE_NAME); (*psLogin)->iResult = LOGIN_RESULT_FAIL; iRet = MSTATE_NEW; } else { writeError(ERR_ERROR, "[%s] Unknown Error Message: %s", MODULE_NAME, bufReceive); (*psLogin)->iResult = LOGIN_RESULT_ERROR; iRet = MSTATE_EXITING; } setPassResult((*psLogin), szPassword); free(szPassTmp); free(szAuth); return(iRet); }
int tryLogin(int hSocket, sLogin** psLogin, _MYSQL_DATA* _psSessionData, char* szLogin, char* szPassword) { int iRet; int iReturnCode = MSTATE_EXITING; unsigned char* bufReceive = NULL; char* szSessionSalt = NULL; unsigned char* szResponse = NULL; unsigned long iResponseLength = 0; int nReceiveBufferSize = 0; /* initialize MySQL connection */ iRet = MySQLSessionInit(hSocket, &szSessionSalt); if (iRet == FAILURE) { writeError(ERR_ERROR, "[%s] Failed to initialize MySQL connection (%s).", MODULE_NAME, (*psLogin)->psServer->pHostIP); (*psLogin)->iResult = LOGIN_RESULT_ERROR; return MSTATE_EXITING; } /* prepare client authentication packet */ if (strlen(szSessionSalt) == 8 || _psSessionData->protoFlag == PROTO_OLD) { if (_psSessionData->protoFlag == PROTO_OLD) { writeError(ERR_DEBUG_MODULE, "[%s] Using older style authentication based on previous server response.", MODULE_NAME); } iRet = MySQLPrepareAuthOld(_psSessionData, szLogin, szPassword, szSessionSalt, &szResponse, &iResponseLength); if (iRet == FAILURE) { writeError(ERR_ERROR, "[%s] Failed to create client authentication packet.", MODULE_NAME); return FAILURE; } } else { iRet = MySQLPrepareAuth(_psSessionData, szLogin, szPassword, szSessionSalt, &szResponse, &iResponseLength); if (iRet == FAILURE) { writeError(ERR_ERROR, "%s: Failed to create client authentication packet.", MODULE_NAME); return FAILURE; } } /* send authentication attempt */ if (medusaSend(hSocket, szResponse, iResponseLength, 0) < 0) { writeError(ERR_ERROR, "%s failed: medusaSend was not successful", MODULE_NAME); FREE(szResponse); return FAILURE; } FREE(szResponse); /* process authentication response */ nReceiveBufferSize = 0; bufReceive = medusaReceiveRaw(hSocket, &nReceiveBufferSize); if (bufReceive == NULL) { writeError(ERR_ERROR, "%s failed: medusaReceive returned no data.", MODULE_NAME); return FAILURE; } if (bufReceive[4] == 0x00) { (*psLogin)->iResult = LOGIN_RESULT_SUCCESS; iReturnCode = MSTATE_EXITING; } else if (bufReceive[4] == 0xFF) { (*psLogin)->iResult = LOGIN_RESULT_FAIL; if (bufReceive[5] == 0xe3 && bufReceive[6] == 0x04) { writeError(ERR_ERROR, "[%s] failed: MYSQL VERSION IS NEWER\n", MODULE_NAME); (*psLogin)->iResult = LOGIN_RESULT_ERROR; iReturnCode = MSTATE_EXITING; } else iReturnCode = MSTATE_NEW; } else if (bufReceive[4] == 0xFE) { /* Protocol 10 is used by MySQL 3.22 and later. However, MySQL 4.1 introduced a new password algorithm. In some cases, MySQL 4.1 and later systems will contain accounts which are still configured with password hashes generated using the older algorithm. When we authenticate to a 4.1 server and this is the case, the server is nice enough to tell us and allow us to reauthenticate. */ writeError(ERR_DEBUG_MODULE, "[%s] Server requested older authentication type. It is likely the remote account exists and has an older style password hash.", MODULE_NAME); (*psLogin)->iResult = LOGIN_RESULT_FAIL; /* Attempt authentication again using old-style password hash and existing connection */ _psSessionData->protoFlag = PROTO_OLD; iRet = MySQLPrepareAuthNewOld(_psSessionData, szPassword, szSessionSalt, &szResponse, &iResponseLength); if (iRet == FAILURE) { writeError(ERR_ERROR, "[%s] Failed to create client authentication packet.", MODULE_NAME); return FAILURE; } /* send authentication attempt */ if (medusaSend(hSocket, szResponse, iResponseLength, 0) < 0) { writeError(ERR_ERROR, "[%s] medusaSend was not successful", MODULE_NAME); FREE(szResponse); return FAILURE; } FREE(szResponse); /* process authentication response */ FREE(bufReceive); nReceiveBufferSize = 0; bufReceive = medusaReceiveRaw(hSocket, &nReceiveBufferSize); if (bufReceive == NULL) { writeError(ERR_ERROR, "%s failed: medusaReceive returned no data.", MODULE_NAME); return FAILURE; } if (bufReceive[4] == 0x00) { (*psLogin)->iResult = LOGIN_RESULT_SUCCESS; iReturnCode = MSTATE_EXITING; } else if (bufReceive[4] == 0xFF) { (*psLogin)->iResult = LOGIN_RESULT_FAIL; if (bufReceive[5] == 0xe3 && bufReceive[6] == 0x04) { writeError(ERR_ERROR, "%s failed: MYSQL VERSION IS NEWER\n", MODULE_NAME); (*psLogin)->iResult = LOGIN_RESULT_ERROR; iReturnCode = MSTATE_EXITING; } else iReturnCode = MSTATE_NEW; } /* End of the weird downshift resend case */ } else { writeError(ERR_ERROR, "%s: Unknown response code received from server: %X", MODULE_NAME, bufReceive[4]); (*psLogin)->iResult = LOGIN_RESULT_UNKNOWN; iReturnCode = MSTATE_EXITING; } /* close MySQL connection */ iRet = MySQLSessionQuit(hSocket); if (iRet == FAILURE) { writeError(ERR_ERROR, "%s: Failed to terminate MySQL connection.", MODULE_NAME); return FAILURE; } FREE(bufReceive); setPassResult((*psLogin), szPassword); return(iReturnCode); }
int MySQLSessionInit(int hSocket, char** szSessionSalt) { unsigned char* bufReceive; char* szServerVersion; int nReceiveBufferSize = 0; int newerauth = 0; bufReceive = medusaReceiveRaw(hSocket, &nReceiveBufferSize); if (bufReceive == NULL) { writeError(ERR_ERROR, "%s failed: medusaReceive returned no data.", MODULE_NAME); return FAILURE; } /* check protocol version */ if (bufReceive[4] == 0xff) { if (strstr((char*)bufReceive + 7, "is not allowed to connect to this MySQL server")) { writeError(ERR_WARNING, "%s: Server responded that host is not allowed to connect to MySQL service.", MODULE_NAME); FREE(bufReceive); return FAILURE; } else { writeError(ERR_ERROR, "%s: Failed to retrieve server version: %s", MODULE_NAME, bufReceive + 7); FREE(bufReceive); return FAILURE; } } if (bufReceive[4] < 10) { writeError(ERR_ERROR, "%s: Server responded requesting protocol version (%d). Version 10 support required.", MODULE_NAME, bufReceive[4]); FREE(bufReceive); return FAILURE; } else if (bufReceive[4] > 10) { writeError(ERR_WARNING, "%s: Server responded requesting protocol version (%d). Support for versions >10 is unknown.", MODULE_NAME, bufReceive[4]); } /* check server version */ szServerVersion = (char*)bufReceive + 5; if (!(strstr(szServerVersion, "3.") || strstr(szServerVersion, "4.") || strstr(szServerVersion, "5.") )) { writeError(ERR_ERROR, "%s: Server responded requesting version (%d). Only versions 3.x, 4.x, and 5.x are currently supported.", MODULE_NAME, szServerVersion); FREE(bufReceive); return FAILURE; } if ((strstr(szServerVersion, "4.1") || strstr(szServerVersion, "5.") )) { newerauth=1; writeError(ERR_DEBUG_MODULE, "%s: Server version %s is using newer auth method.", MODULE_NAME, szServerVersion); } if (newerauth) { /* retrieve session salt for newer auth */ *szSessionSalt = malloc(22); memset(*szSessionSalt, 0, 22); memcpy(*szSessionSalt, bufReceive + strlen(szServerVersion) + 10, 9); memcpy(*szSessionSalt+8 , bufReceive + strlen(szServerVersion) + 37 , 12); if (strlen(*szSessionSalt) != 20) { writeError(ERR_ERROR, "%s: Failed to retrieve valid session salt.", MODULE_NAME); FREE(bufReceive); return FAILURE; } else { writeError(ERR_DEBUG_MODULE, "%s: Retrieved session salt: %s", MODULE_NAME, *szSessionSalt); } } else { /* use the older salt code */ *szSessionSalt = malloc(10); memset(*szSessionSalt, 0, 10); memcpy(*szSessionSalt, bufReceive + strlen(szServerVersion) + 10, 9); if (strlen(*szSessionSalt) != 8) { writeError(ERR_ERROR, "%s: Failed to retrieve valid session salt.", MODULE_NAME); FREE(bufReceive); return FAILURE; } else { writeError(ERR_DEBUG_MODULE, "%s: Retrieved session salt: %s.", MODULE_NAME, *szSessionSalt); } } FREE(bufReceive); return SUCCESS; }
int tryLogin(int hSocket, sLogin** psLogin, char* szLogin, char* szPassword) { int iRet; unsigned char bufSend[BUF_SIZE]; unsigned char* bufReceive; int nReceiveBufferSize = 0; /* send username */ memset(bufSend, 0, sizeof(bufSend)); bufSend[0]=0x00; strncpy(bufSend+1, szLogin, strlen(szLogin)); bufSend[strlen(szLogin)+1]=0x00; strncpy(bufSend+2+strlen(szLogin), szPassword, strlen(szPassword)); bufSend[strlen(szLogin)+1+strlen(szPassword)+1]=0x00; strncpy(bufSend+1+strlen(szLogin)+1+strlen(szPassword)+1, "id", 3); bufSend[strlen(szLogin)+1+strlen(szPassword)+1+3]=0x00; if (medusaSend(hSocket, bufSend, strlen(szLogin)+1+strlen(szPassword)+1+4 , 0) < 0) { writeError(ERR_ERROR, "%s failed: medusaSend was not successful", MODULE_NAME); } nReceiveBufferSize = 0; bufReceive = medusaReceiveRaw(hSocket, &nReceiveBufferSize); if (bufReceive == NULL ) { writeError(ERR_ERROR, "%s failed: medusaReceive returned no data.", MODULE_NAME); return FAILURE; } else if (strstr(bufReceive,"Login incorrect") != NULL) { writeError(ERR_DEBUG_MODULE, "%s : Login attempt failed up here.", MODULE_NAME); (*psLogin)->iResult = LOGIN_RESULT_FAIL; /* Why do I need this? */ sleep(1); iRet = MSTATE_NEW; FREE(bufReceive); setPassResult((*psLogin), szPassword); return(iRet); } bufReceive = medusaReceiveRaw(hSocket, &nReceiveBufferSize); if (bufReceive == NULL) { writeError(ERR_ERROR, "%s failed: medusaReceive returned no data.", MODULE_NAME); return FAILURE; } else if (strstr(bufReceive,"uid") != NULL) { writeError(ERR_DEBUG_MODULE, "%s : Login attempt successful.", MODULE_NAME); (*psLogin)->iResult = LOGIN_RESULT_SUCCESS; iRet = MSTATE_EXITING; } else if (strstr(bufReceive,"Command ID in library") != NULL) { writeError(ERR_DEBUG_MODULE, "%s : AS/400 Login attempt successful.", MODULE_NAME); (*psLogin)->iResult = LOGIN_RESULT_SUCCESS; iRet = MSTATE_EXITING; } else { writeError(ERR_DEBUG_MODULE, "%s : Login attempt failed down here.", MODULE_NAME); (*psLogin)->iResult = LOGIN_RESULT_FAIL; iRet = MSTATE_NEW; } FREE(bufReceive); setPassResult((*psLogin), szPassword); return(iRet); }
int tryLogin(int hSocket, sLogin** psLogin, char* szLogin, char* szPassword) { char ipaddr_str[INET_ADDRSTRLEN]; int iRet; unsigned char bufSend[BUF_SIZE]; unsigned char* bufReceive; int nReceiveBufferSize = 0; /* send username */ memset(bufSend, 0, sizeof(bufSend)); bufSend[0]=0x00; strncpy(bufSend+1, szLogin, strlen(szLogin)); bufSend[strlen(szLogin)+1]=0x00; strncpy(bufSend+2+strlen(szLogin), szLogin, strlen(szLogin)); bufSend[strlen(szLogin)+1+strlen(szLogin)+1]=0x00; strncpy(bufSend+1+strlen(szLogin)+1+strlen(szLogin)+1, "xterm", 5); bufSend[strlen(szLogin)+1+strlen(szLogin)+1+7]=0x00; if (medusaSend(hSocket, bufSend, strlen(szLogin)+1+strlen(szLogin)+1+7 , 0) < 0) { writeError(ERR_ERROR, "%s failed: medusaSend was not successful", MODULE_NAME); } nReceiveBufferSize = 0; bufReceive = medusaReceiveRaw(hSocket, &nReceiveBufferSize); if (bufReceive == NULL) { writeError(ERR_ERROR, "%s failed: medusaReceive returned no data.", MODULE_NAME); return FAILURE; } bufReceive = medusaReceiveRaw(hSocket, &nReceiveBufferSize); if (bufReceive == NULL) { writeError(ERR_ERROR, "%s failed: medusaReceive returned no data.", MODULE_NAME); return FAILURE; } else if (strstr(bufReceive,"Incorrect") != NULL) { writeError(ERR_DEBUG_MODULE, "%s : Login attempt failed here.", MODULE_NAME); (*psLogin)->iResult = LOGIN_RESULT_FAIL; iRet = MSTATE_NEW; } else if (strstr(bufReceive,"Password") != NULL) { writeError(ERR_DEBUG_MODULE, "%s : Login attempt asked for password.", MODULE_NAME); sprintf(bufSend,"%s\r",szPassword); if (medusaSend(hSocket, bufSend, strlen(bufSend) , 0) < 0) { writeError(ERR_ERROR, "%s failed: medusaSend was not successful", MODULE_NAME); } nReceiveBufferSize = 0; bufReceive = medusaReceiveRaw(hSocket, &nReceiveBufferSize); if (bufReceive == NULL) { writeError(ERR_ERROR, "%s failed: medusaReceive returned no data.", MODULE_NAME); return FAILURE; } else if (strstr(bufReceive,"incorrect") != NULL) { writeError(ERR_DEBUG_MODULE, "%s : Login attempt failed here.", MODULE_NAME); (*psLogin)->iResult = LOGIN_RESULT_FAIL; iRet = MSTATE_NEW; } else { /* We can't tell for sure but it wasn't a failure or a password prompt */ writeError(ERR_DEBUG_MODULE, "%s : Login attempt succeeded via password send.", MODULE_NAME); (*psLogin)->iResult = LOGIN_RESULT_SUCCESS; iRet = MSTATE_EXITING; } } else { /* We can't tell for sure but it wasn't a failure or a password prompt */ writeError(ERR_INFO, "%s : Login attempt succeeded via .rhosts", MODULE_NAME); (*psLogin)->iResult = LOGIN_RESULT_SUCCESS; iRet = MSTATE_EXITING; } FREE(bufReceive); setPassResult((*psLogin), szPassword); return(iRet); }