int tryLogin(int hSocket, sLogin** psLogin, char* szLogin, char* szPassword)
{
char ipaddr_str[INET_ADDRSTRLEN];
int iRet;
unsigned char bufSend[BUF_SIZE];
unsigned char* bufReceive;
int nReceiveBufferSize = 0;
/* Rsh could care less what the password is */
szPassword=szLogin;
/* send username */
memset(bufSend, 0, sizeof(bufSend));
bufSend[0]=0x00;
strncpy(bufSend+1, szLogin, strlen(szLogin));
bufSend[strlen(szLogin)+1]=0x00;
strncpy(bufSend+2+strlen(szLogin), szPassword, strlen(szPassword));
bufSend[strlen(szLogin)+1+strlen(szPassword)+1]=0x00;
strncpy(bufSend+1+strlen(szLogin)+1+strlen(szPassword)+1, "id", 3);
bufSend[strlen(szLogin)+1+strlen(szPassword)+1+3]=0x00;
if (medusaSend(hSocket, bufSend, strlen(szLogin)+1+strlen(szPassword)+1+4 , 0) < 0)
{
writeError(ERR_ERROR, "%s failed: medusaSend was not successful", MODULE_NAME);
}
nReceiveBufferSize = 0;
/* this is the port that the client should listen to for
stderr. We should really check this but we're going to skip */
bufReceive = medusaReceiveRaw(hSocket, &nReceiveBufferSize);
if (bufReceive == NULL)
{
writeError(ERR_ERROR, "%s failed: medusaReceive returned no data. Which ends rsh test.", MODULE_NAME);
return FAILURE;
}
bufReceive = medusaReceiveRaw(hSocket, &nReceiveBufferSize);
if (bufReceive == NULL)
{
writeError(ERR_ERROR, "%s failed: medusaReceive returned no data. Exiting...", MODULE_NAME);
return FAILURE;
}
else if (strstr(bufReceive,"uid") != NULL)
{
writeError(ERR_DEBUG_MODULE, "%s : Login attempt successful.", MODULE_NAME);
(*psLogin)->iResult = LOGIN_RESULT_SUCCESS;
iRet = MSTATE_EXITING;
}
else
{
writeError(ERR_DEBUG_MODULE, "%s : Login attempt failed.", MODULE_NAME);
(*psLogin)->iResult = LOGIN_RESULT_FAIL;
iRet = MSTATE_NEW;
}
FREE(bufReceive);
setPassResult((*psLogin), szPassword);
return(iRet);
}
int tryLogin(int hSocket, sLogin** psLogin, _CVS_DATA* _psSessionData, char* szLogin, char* szPassword)
{
int iRet, nSendBufferSize, nReceiveBufferSize;
unsigned int i;
unsigned char* bufReceive;
char *szAuth, *szPassTmp;
/* evil cvs encryption sheme...
0 111 P 125 p 58
! 120 1 52 A 57 Q 55 a 121 q 113
" 53 2 75 B 83 R 54 b 117 r 32
3 119 C 43 S 66 c 104 s 90
4 49 D 46 T 124 d 101 t 44
% 109 5 34 E 102 U 126 e 100 u 98
& 72 6 82 F 40 V 59 f 69 v 60
' 108 7 81 G 89 W 47 g 73 w 51
( 70 8 95 H 38 X 92 h 99 x 33
) 64 9 65 I 103 Y 71 i 63 y 97
* 76 : 112 J 45 Z 115 j 94 z 62
+ 67 ; 86 K 50 k 93
, 116 < 118 L 42 l 39
- 74 = 110 M 123 m 37
. 68 > 122 N 91 n 61
/ 87 ? 105 O 35 _ 56 o 48
*/
char key[] =
{ 0, 120, 53, 0, 0, 109, 72, 108, 70, 64, 76, 67, 116, 74, 68, 87,
111, 52, 75, 119, 49, 34, 82, 81, 95, 65, 112, 86, 118, 110, 122, 105,
0, 57, 83, 43, 46, 102, 40, 89, 38, 103, 45, 50, 42, 123, 91, 35,
125, 55, 54, 66, 124, 126, 59, 47, 92, 71, 115, 0, 0, 0, 0, 56,
0, 121, 117, 104, 101, 100, 69, 73, 99, 63, 94, 93, 39, 37, 61, 48,
58, 113, 32, 90, 44, 98, 60, 51, 33, 97, 62
}; /* 92 characters */
if (strlen(szPassword) > 92)
{
writeError(ERR_ERROR, "[%s] Password must be limited to 92 or less characters.", MODULE_NAME);
return FAILURE;
}
szPassTmp = malloc(strlen(szPassword) + 1);
memset(szPassTmp, 0, strlen(szPassword) + 1);
strncpy(szPassTmp, szPassword, strlen(szPassword));
for (i = 0; i < strlen(szPassTmp); i++)
szPassTmp[i] = key[szPassTmp[i] - 0x20];
nSendBufferSize = strlen(_psSessionData->szDir) + strlen(szLogin) + strlen(szPassTmp) + 56;
szAuth = malloc(nSendBufferSize + 1);
memset(szAuth, 0, nSendBufferSize + 1);
sprintf(szAuth, "BEGIN VERIFICATION REQUEST\n%s\n%s\nA%s\nEND VERIFICATION REQUEST\n", _psSessionData->szDir, szLogin, szPassTmp);
if (medusaSend(hSocket, (unsigned char*)szAuth, nSendBufferSize, 0) < 0)
{
writeError(ERR_ERROR, "[%s] failed: medusaSend was not successful", MODULE_NAME);
return FAILURE;
}
nReceiveBufferSize = 0;
bufReceive = medusaReceiveRaw(hSocket, &nReceiveBufferSize);
if (bufReceive == NULL)
return FAILURE;
if (strstr((char*)bufReceive, "I LOVE YOU\n"))
{
writeError(ERR_DEBUG_MODULE, "[%s] Login attempt successful.", MODULE_NAME);
(*psLogin)->iResult = LOGIN_RESULT_SUCCESS;
iRet = MSTATE_EXITING;
}
else if (strstr((char*)bufReceive, "E PAM start error: Critical error - immediate abort\n"))
{
writeError(ERR_ERROR, "[%s] User (%s) does not exist.", MODULE_NAME, szLogin);
(*psLogin)->iResult = LOGIN_RESULT_ERROR;
iRet = MSTATE_EXITING;
}
else if (strstr((char*)bufReceive, "I HATE YOU\n"))
{
writeError(ERR_DEBUG_MODULE, "[%s] Login attempt failed.", MODULE_NAME);
(*psLogin)->iResult = LOGIN_RESULT_FAIL;
iRet = MSTATE_NEW;
}
else
{
writeError(ERR_ERROR, "[%s] Unknown Error Message: %s", MODULE_NAME, bufReceive);
(*psLogin)->iResult = LOGIN_RESULT_ERROR;
iRet = MSTATE_EXITING;
}
setPassResult((*psLogin), szPassword);
free(szPassTmp);
free(szAuth);
return(iRet);
}
int tryLogin(int hSocket, sLogin** psLogin, _MYSQL_DATA* _psSessionData, char* szLogin, char* szPassword)
{
int iRet;
int iReturnCode = MSTATE_EXITING;
unsigned char* bufReceive = NULL;
char* szSessionSalt = NULL;
unsigned char* szResponse = NULL;
unsigned long iResponseLength = 0;
int nReceiveBufferSize = 0;
/* initialize MySQL connection */
iRet = MySQLSessionInit(hSocket, &szSessionSalt);
if (iRet == FAILURE)
{
writeError(ERR_ERROR, "[%s] Failed to initialize MySQL connection (%s).", MODULE_NAME, (*psLogin)->psServer->pHostIP);
(*psLogin)->iResult = LOGIN_RESULT_ERROR;
return MSTATE_EXITING;
}
/* prepare client authentication packet */
if (strlen(szSessionSalt) == 8 || _psSessionData->protoFlag == PROTO_OLD)
{
if (_psSessionData->protoFlag == PROTO_OLD) {
writeError(ERR_DEBUG_MODULE, "[%s] Using older style authentication based on previous server response.", MODULE_NAME);
}
iRet = MySQLPrepareAuthOld(_psSessionData, szLogin, szPassword, szSessionSalt, &szResponse, &iResponseLength);
if (iRet == FAILURE)
{
writeError(ERR_ERROR, "[%s] Failed to create client authentication packet.", MODULE_NAME);
return FAILURE;
}
}
else
{
iRet = MySQLPrepareAuth(_psSessionData, szLogin, szPassword, szSessionSalt, &szResponse, &iResponseLength);
if (iRet == FAILURE)
{
writeError(ERR_ERROR, "%s: Failed to create client authentication packet.", MODULE_NAME);
return FAILURE;
}
}
/* send authentication attempt */
if (medusaSend(hSocket, szResponse, iResponseLength, 0) < 0)
{
writeError(ERR_ERROR, "%s failed: medusaSend was not successful", MODULE_NAME);
FREE(szResponse);
return FAILURE;
}
FREE(szResponse);
/* process authentication response */
nReceiveBufferSize = 0;
bufReceive = medusaReceiveRaw(hSocket, &nReceiveBufferSize);
if (bufReceive == NULL)
{
writeError(ERR_ERROR, "%s failed: medusaReceive returned no data.", MODULE_NAME);
return FAILURE;
}
if (bufReceive[4] == 0x00)
{
(*psLogin)->iResult = LOGIN_RESULT_SUCCESS;
iReturnCode = MSTATE_EXITING;
}
else if (bufReceive[4] == 0xFF)
{
(*psLogin)->iResult = LOGIN_RESULT_FAIL;
if (bufReceive[5] == 0xe3 && bufReceive[6] == 0x04)
{
writeError(ERR_ERROR, "[%s] failed: MYSQL VERSION IS NEWER\n", MODULE_NAME);
(*psLogin)->iResult = LOGIN_RESULT_ERROR;
iReturnCode = MSTATE_EXITING;
}
else
iReturnCode = MSTATE_NEW;
}
else if (bufReceive[4] == 0xFE)
{
/* Protocol 10 is used by MySQL 3.22 and later. However, MySQL 4.1 introduced a new password algorithm.
In some cases, MySQL 4.1 and later systems will contain accounts which are still configured with password
hashes generated using the older algorithm. When we authenticate to a 4.1 server and this is the case,
the server is nice enough to tell us and allow us to reauthenticate.
*/
writeError(ERR_DEBUG_MODULE, "[%s] Server requested older authentication type. It is likely the remote account exists and has an older style password hash.", MODULE_NAME);
(*psLogin)->iResult = LOGIN_RESULT_FAIL;
/* Attempt authentication again using old-style password hash and existing connection */
_psSessionData->protoFlag = PROTO_OLD;
iRet = MySQLPrepareAuthNewOld(_psSessionData, szPassword, szSessionSalt, &szResponse, &iResponseLength);
if (iRet == FAILURE)
{
writeError(ERR_ERROR, "[%s] Failed to create client authentication packet.", MODULE_NAME);
return FAILURE;
}
/* send authentication attempt */
if (medusaSend(hSocket, szResponse, iResponseLength, 0) < 0)
{
writeError(ERR_ERROR, "[%s] medusaSend was not successful", MODULE_NAME);
FREE(szResponse);
return FAILURE;
}
FREE(szResponse);
/* process authentication response */
FREE(bufReceive);
nReceiveBufferSize = 0;
bufReceive = medusaReceiveRaw(hSocket, &nReceiveBufferSize);
if (bufReceive == NULL)
{
writeError(ERR_ERROR, "%s failed: medusaReceive returned no data.", MODULE_NAME);
return FAILURE;
}
if (bufReceive[4] == 0x00)
{
(*psLogin)->iResult = LOGIN_RESULT_SUCCESS;
iReturnCode = MSTATE_EXITING;
}
else if (bufReceive[4] == 0xFF)
{
(*psLogin)->iResult = LOGIN_RESULT_FAIL;
if (bufReceive[5] == 0xe3 && bufReceive[6] == 0x04) {
writeError(ERR_ERROR, "%s failed: MYSQL VERSION IS NEWER\n", MODULE_NAME);
(*psLogin)->iResult = LOGIN_RESULT_ERROR;
iReturnCode = MSTATE_EXITING;
}
else
iReturnCode = MSTATE_NEW;
}
/* End of the weird downshift resend case */
}
else
{
writeError(ERR_ERROR, "%s: Unknown response code received from server: %X", MODULE_NAME, bufReceive[4]);
(*psLogin)->iResult = LOGIN_RESULT_UNKNOWN;
iReturnCode = MSTATE_EXITING;
}
/* close MySQL connection */
iRet = MySQLSessionQuit(hSocket);
if (iRet == FAILURE)
{
writeError(ERR_ERROR, "%s: Failed to terminate MySQL connection.", MODULE_NAME);
return FAILURE;
}
FREE(bufReceive);
setPassResult((*psLogin), szPassword);
return(iReturnCode);
}
int MySQLSessionInit(int hSocket, char** szSessionSalt)
{
unsigned char* bufReceive;
char* szServerVersion;
int nReceiveBufferSize = 0;
int newerauth = 0;
bufReceive = medusaReceiveRaw(hSocket, &nReceiveBufferSize);
if (bufReceive == NULL)
{
writeError(ERR_ERROR, "%s failed: medusaReceive returned no data.", MODULE_NAME);
return FAILURE;
}
/* check protocol version */
if (bufReceive[4] == 0xff)
{
if (strstr((char*)bufReceive + 7, "is not allowed to connect to this MySQL server"))
{
writeError(ERR_WARNING, "%s: Server responded that host is not allowed to connect to MySQL service.", MODULE_NAME);
FREE(bufReceive);
return FAILURE;
}
else
{
writeError(ERR_ERROR, "%s: Failed to retrieve server version: %s", MODULE_NAME, bufReceive + 7);
FREE(bufReceive);
return FAILURE;
}
}
if (bufReceive[4] < 10)
{
writeError(ERR_ERROR, "%s: Server responded requesting protocol version (%d). Version 10 support required.", MODULE_NAME, bufReceive[4]);
FREE(bufReceive);
return FAILURE;
}
else if (bufReceive[4] > 10)
{
writeError(ERR_WARNING, "%s: Server responded requesting protocol version (%d). Support for versions >10 is unknown.", MODULE_NAME, bufReceive[4]);
}
/* check server version */
szServerVersion = (char*)bufReceive + 5;
if (!(strstr(szServerVersion, "3.") || strstr(szServerVersion, "4.") || strstr(szServerVersion, "5.") ))
{
writeError(ERR_ERROR, "%s: Server responded requesting version (%d). Only versions 3.x, 4.x, and 5.x are currently supported.", MODULE_NAME, szServerVersion);
FREE(bufReceive);
return FAILURE;
}
if ((strstr(szServerVersion, "4.1") || strstr(szServerVersion, "5.") ))
{
newerauth=1;
writeError(ERR_DEBUG_MODULE, "%s: Server version %s is using newer auth method.", MODULE_NAME, szServerVersion);
}
if (newerauth)
{
/* retrieve session salt for newer auth */
*szSessionSalt = malloc(22);
memset(*szSessionSalt, 0, 22);
memcpy(*szSessionSalt, bufReceive + strlen(szServerVersion) + 10, 9);
memcpy(*szSessionSalt+8 , bufReceive + strlen(szServerVersion) + 37 , 12);
if (strlen(*szSessionSalt) != 20)
{
writeError(ERR_ERROR, "%s: Failed to retrieve valid session salt.", MODULE_NAME);
FREE(bufReceive);
return FAILURE;
}
else
{
writeError(ERR_DEBUG_MODULE, "%s: Retrieved session salt: %s", MODULE_NAME, *szSessionSalt);
}
}
else
{
/* use the older salt code */
*szSessionSalt = malloc(10);
memset(*szSessionSalt, 0, 10);
memcpy(*szSessionSalt, bufReceive + strlen(szServerVersion) + 10, 9);
if (strlen(*szSessionSalt) != 8) {
writeError(ERR_ERROR, "%s: Failed to retrieve valid session salt.", MODULE_NAME);
FREE(bufReceive);
return FAILURE;
}
else
{
writeError(ERR_DEBUG_MODULE, "%s: Retrieved session salt: %s.", MODULE_NAME, *szSessionSalt);
}
}
FREE(bufReceive);
return SUCCESS;
}
int tryLogin(int hSocket, sLogin** psLogin, char* szLogin, char* szPassword)
{
int iRet;
unsigned char bufSend[BUF_SIZE];
unsigned char* bufReceive;
int nReceiveBufferSize = 0;
/* send username */
memset(bufSend, 0, sizeof(bufSend));
bufSend[0]=0x00;
strncpy(bufSend+1, szLogin, strlen(szLogin));
bufSend[strlen(szLogin)+1]=0x00;
strncpy(bufSend+2+strlen(szLogin), szPassword, strlen(szPassword));
bufSend[strlen(szLogin)+1+strlen(szPassword)+1]=0x00;
strncpy(bufSend+1+strlen(szLogin)+1+strlen(szPassword)+1, "id", 3);
bufSend[strlen(szLogin)+1+strlen(szPassword)+1+3]=0x00;
if (medusaSend(hSocket, bufSend, strlen(szLogin)+1+strlen(szPassword)+1+4 , 0) < 0)
{
writeError(ERR_ERROR, "%s failed: medusaSend was not successful", MODULE_NAME);
}
nReceiveBufferSize = 0;
bufReceive = medusaReceiveRaw(hSocket, &nReceiveBufferSize);
if (bufReceive == NULL )
{
writeError(ERR_ERROR, "%s failed: medusaReceive returned no data.", MODULE_NAME);
return FAILURE;
}
else if (strstr(bufReceive,"Login incorrect") != NULL)
{
writeError(ERR_DEBUG_MODULE, "%s : Login attempt failed up here.", MODULE_NAME);
(*psLogin)->iResult = LOGIN_RESULT_FAIL;
/* Why do I need this? */
sleep(1);
iRet = MSTATE_NEW;
FREE(bufReceive);
setPassResult((*psLogin), szPassword);
return(iRet);
}
bufReceive = medusaReceiveRaw(hSocket, &nReceiveBufferSize);
if (bufReceive == NULL)
{
writeError(ERR_ERROR, "%s failed: medusaReceive returned no data.", MODULE_NAME);
return FAILURE;
}
else if (strstr(bufReceive,"uid") != NULL)
{
writeError(ERR_DEBUG_MODULE, "%s : Login attempt successful.", MODULE_NAME);
(*psLogin)->iResult = LOGIN_RESULT_SUCCESS;
iRet = MSTATE_EXITING;
}
else if (strstr(bufReceive,"Command ID in library") != NULL)
{
writeError(ERR_DEBUG_MODULE, "%s : AS/400 Login attempt successful.", MODULE_NAME);
(*psLogin)->iResult = LOGIN_RESULT_SUCCESS;
iRet = MSTATE_EXITING;
}
else
{
writeError(ERR_DEBUG_MODULE, "%s : Login attempt failed down here.", MODULE_NAME);
(*psLogin)->iResult = LOGIN_RESULT_FAIL;
iRet = MSTATE_NEW;
}
FREE(bufReceive);
setPassResult((*psLogin), szPassword);
return(iRet);
}
int tryLogin(int hSocket, sLogin** psLogin, char* szLogin, char* szPassword)
{
char ipaddr_str[INET_ADDRSTRLEN];
int iRet;
unsigned char bufSend[BUF_SIZE];
unsigned char* bufReceive;
int nReceiveBufferSize = 0;
/* send username */
memset(bufSend, 0, sizeof(bufSend));
bufSend[0]=0x00;
strncpy(bufSend+1, szLogin, strlen(szLogin));
bufSend[strlen(szLogin)+1]=0x00;
strncpy(bufSend+2+strlen(szLogin), szLogin, strlen(szLogin));
bufSend[strlen(szLogin)+1+strlen(szLogin)+1]=0x00;
strncpy(bufSend+1+strlen(szLogin)+1+strlen(szLogin)+1, "xterm", 5);
bufSend[strlen(szLogin)+1+strlen(szLogin)+1+7]=0x00;
if (medusaSend(hSocket, bufSend, strlen(szLogin)+1+strlen(szLogin)+1+7 , 0) < 0)
{
writeError(ERR_ERROR, "%s failed: medusaSend was not successful", MODULE_NAME);
}
nReceiveBufferSize = 0;
bufReceive = medusaReceiveRaw(hSocket, &nReceiveBufferSize);
if (bufReceive == NULL)
{
writeError(ERR_ERROR, "%s failed: medusaReceive returned no data.", MODULE_NAME);
return FAILURE;
}
bufReceive = medusaReceiveRaw(hSocket, &nReceiveBufferSize);
if (bufReceive == NULL)
{
writeError(ERR_ERROR, "%s failed: medusaReceive returned no data.", MODULE_NAME);
return FAILURE;
}
else if (strstr(bufReceive,"Incorrect") != NULL)
{
writeError(ERR_DEBUG_MODULE, "%s : Login attempt failed here.", MODULE_NAME);
(*psLogin)->iResult = LOGIN_RESULT_FAIL;
iRet = MSTATE_NEW;
}
else if (strstr(bufReceive,"Password") != NULL)
{
writeError(ERR_DEBUG_MODULE, "%s : Login attempt asked for password.", MODULE_NAME);
sprintf(bufSend,"%s\r",szPassword);
if (medusaSend(hSocket, bufSend, strlen(bufSend) , 0) < 0)
{
writeError(ERR_ERROR, "%s failed: medusaSend was not successful", MODULE_NAME);
}
nReceiveBufferSize = 0;
bufReceive = medusaReceiveRaw(hSocket, &nReceiveBufferSize);
if (bufReceive == NULL)
{
writeError(ERR_ERROR, "%s failed: medusaReceive returned no data.", MODULE_NAME);
return FAILURE;
}
else if (strstr(bufReceive,"incorrect") != NULL)
{
writeError(ERR_DEBUG_MODULE, "%s : Login attempt failed here.", MODULE_NAME);
(*psLogin)->iResult = LOGIN_RESULT_FAIL;
iRet = MSTATE_NEW;
}
else {
/* We can't tell for sure but it wasn't a failure or a password prompt */
writeError(ERR_DEBUG_MODULE, "%s : Login attempt succeeded via password send.", MODULE_NAME);
(*psLogin)->iResult = LOGIN_RESULT_SUCCESS;
iRet = MSTATE_EXITING;
}
}
else
{
/* We can't tell for sure but it wasn't a failure or a password prompt */
writeError(ERR_INFO, "%s : Login attempt succeeded via .rhosts", MODULE_NAME);
(*psLogin)->iResult = LOGIN_RESULT_SUCCESS;
iRet = MSTATE_EXITING;
}
FREE(bufReceive);
setPassResult((*psLogin), szPassword);
return(iRet);
}
