void processIAC(int hSocket, _MODULE_DATA* _psSessionData, char** buffer, int* nReceiveBufferSize)
{
unsigned char* bufTemp = (unsigned char*)*buffer;
/* We're not that friendly. Refuse to do anything asked of us. */
while (*bufTemp == IAC) /* IAC (0xFF) */
{
writeError(ERR_DEBUG_MODULE, "Handling IAC Command...");
if ((bufTemp[1] == 0xfc || bufTemp[1] == 0xfe) && bufTemp[2] == 0x22)
{
writeError(ERR_DEBUG_MODULE, "TELNETD peer does not like linemode");
}
if (bufTemp[1] == WILL) /* WILL (0xFB), WONT (0xFC) */
{
/* AS/400 devices appear to request and require "Echo" and "Suppress Go Ahead" */
if (_psSessionData->nMode == MODE_AS400)
if ((bufTemp[2] == TELOPT_ECHO) || (bufTemp[2] == TELOPT_SGA))
bufTemp[1] = DO;
else
bufTemp[1] = DONT;
else
bufTemp[1] = DONT;
medusaSend(hSocket, bufTemp, 3, 0);
}
else if (bufTemp[1] == DO) /* DO (0xFD), DONT (0xFE) */
{
bufTemp[1] = WONT;
medusaSend(hSocket, bufTemp, 3, 0);
}
bufTemp += 3; /* Process three bytes at a time */
}
if (*bufTemp == 0)
{
writeError(ERR_DEBUG_MODULE, "Getting more data");
free(*buffer);
*nReceiveBufferSize = 0;
*buffer = medusaReceiveLineDelay(hSocket, nReceiveBufferSize, RECEIVE_DELAY_1, RECEIVE_DELAY_2);
if (*buffer != NULL)
(*buffer)[*nReceiveBufferSize] = 0; // Make certain buffer is null-terminated
else
{
// No data
*buffer = NULL;
return;
}
writeError(ERR_DEBUG_MODULE, "Next pass buffer: %s", *buffer);
if ((unsigned char)*buffer[0] == IAC)
{
writeError(ERR_DEBUG_MODULE, "More commands waiting...");
}
}
}
/*
http://www.technoids.org/saslmech.html
C: AUTH PLAIN
S: 334
C: AHdlbGRvbgB3M2xkMG4=
S: 235 2.0.0 OK Authenticated
*/
int sendAuthPLAIN(int hSocket, char* szLogin, char* szPassword)
{
unsigned char* bufReceive = NULL;
unsigned char* bufSend = NULL;
unsigned char* szTmpBuf = NULL;
unsigned char* szTmpBuf64 = NULL;
int nSendBufferSize = 0;
int nReceiveBufferSize = 0;
writeError(ERR_DEBUG_MODULE, "[%s] Initiating PLAIN Authentication Attempt.", MODULE_NAME);
/* --- Send initial AUTH PLAIN command --- */
bufSend = malloc(12 + 1);
memset(bufSend, 0, 12 + 1);
sprintf((char *)bufSend, "AUTH PLAIN\r\n");
if (medusaSend(hSocket, bufSend, strlen((char *)bufSend), 0) < 0)
{
writeError(ERR_ERROR, "[%s] Failed: medusaSend was not successful", MODULE_NAME);
}
FREE(bufSend);
/* Server should respond with a 334 response code */
nReceiveBufferSize = 0;
if ((medusaReceiveRegex(hSocket, &bufReceive, &nReceiveBufferSize, "^334 .*\r\n") == FAILURE) || (bufReceive == NULL))
{
writeError(ERR_ERROR, "[%s] SMTP server did not respond with \"334 \" to AUTH PLAIN request.", MODULE_NAME);
FREE(bufReceive);
return FAILURE;
}
/* Send logon credentials: B64(USERNAME\0USERNAME\0PASSWORD) */
nSendBufferSize = strlen(szLogin) + 1 + strlen(szLogin) + 1 + strlen(szPassword);
szTmpBuf = malloc(nSendBufferSize + 1);
memset(szTmpBuf, 0, nSendBufferSize + 1);
strncpy((char *)szTmpBuf, szLogin, strlen((char *)szLogin));
strncpy((char *)szTmpBuf + strlen(szLogin) + 1, szLogin, strlen(szLogin));
strncpy((char *)szTmpBuf + strlen(szLogin) + 1 + strlen(szLogin) + 1, szPassword, strlen(szPassword));
szTmpBuf64 = malloc((2 * nSendBufferSize + 2) + 1);
memset(szTmpBuf64, 0, (2 * nSendBufferSize + 2) + 1);
base64_encode((char *)szTmpBuf, nSendBufferSize, (char *)szTmpBuf64);
FREE(szTmpBuf);
bufSend = malloc(strlen((char *)szTmpBuf64) + 2 + 1);
memset(bufSend, 0, strlen((char *)szTmpBuf64) + 2 + 1);
sprintf((char *)bufSend, "%s\r\n", szTmpBuf64);
FREE(szTmpBuf64);
if (medusaSend(hSocket, bufSend, strlen((char *)bufSend), 0) < 0)
{
writeError(ERR_ERROR, "[%s] Failed: medusaSend was not successful", MODULE_NAME);
}
FREE(bufSend);
return SUCCESS;
}
int sendAuthUSER(int hSocket, _MODULE_DATA* _psSessionData, char* szLogin, char* szPassword)
{
unsigned char bufSend[BUF_SIZE];
unsigned char* bufReceive = NULL;
int nReceiveBufferSize = 0;
int nRet = FAILURE;
writeError(ERR_DEBUG_MODULE, "[%s] Initiating USER (clear-text) Authentication Attempt.", MODULE_NAME);
/* send username */
memset(bufSend, 0, sizeof(bufSend));
if (_psSessionData->szDomain)
sprintf(bufSend, "USER %.100s@%.150s\r\n", szLogin, _psSessionData->szDomain);
else
sprintf(bufSend, "USER %.250s\r\n", szLogin);
if (medusaSend(hSocket, bufSend, strlen(bufSend), 0) < 0)
{
writeError(ERR_ERROR, "%s failed: medusaSend was not successful", MODULE_NAME);
}
nReceiveBufferSize = 0;
if ((medusaReceiveRegex(hSocket, &bufReceive, &nReceiveBufferSize, "\\+OK.*\r\n|-ERR.*\r\n") == FAILURE) || (bufReceive == NULL))
{
writeError(ERR_ERROR, "[%s] Failed: Server did not respond as expected to USER authentication attempt: %s", MODULE_NAME, bufReceive);
return FAILURE;
}
else if (strstr(bufReceive, " signing off."))
{
writeError(ERR_DEBUG_MODULE, "[%s] Server informed us it was signing off. Restarting connection.", MODULE_NAME);
nRet = MSTATE_NEW;
return(nRet);
}
else if (strstr(bufReceive, "ERR Cleartext login on this server requires the use of transport level security (SSL/TLS)"))
{
writeError(ERR_ERROR, "[%s] Server requires use of SSL/TLS.", MODULE_NAME);
return FAILURE;
}
else if (strstr(bufReceive, "ERR Clear text passwords have been disabled for this protocol."))
{
writeError(ERR_ERROR, "[%s] Server does not accept clear-text password authentication.", MODULE_NAME);
return FAILURE;
}
/* send password */
memset(bufSend, 0, sizeof(bufSend));
sprintf(bufSend, "PASS %.250s\r\n", szPassword);
if (medusaSend(hSocket, bufSend, strlen(bufSend), 0) < 0)
{
writeError(ERR_ERROR, "%s failed: medusaSend was not successful", MODULE_NAME);
}
return SUCCESS;
}
/*
EHLO foo
250-spamfirewall.domain.com
250-PIPELINING
250-SIZE 100000000
250-VRFY
250-ETRN
250 8BITMIME
*/
int sayEHLO(int hSocket, _MODULE_DATA* _psSessionData)
{
unsigned char bufSend[BUF_SIZE];
unsigned char* bufReceive;
int nReceiveBufferSize = 0;
/* send helo string */
memset(bufSend, 0, sizeof(bufSend));
sprintf(bufSend, "EHLO %.250s\r\n", _psSessionData->szEHLO);
if (medusaSend(hSocket, bufSend, strlen(bufSend), 0) < 0)
{
writeError(ERR_ERROR, "%s failed: medusaSend was not successful", MODULE_NAME);
}
nReceiveBufferSize = 0;
bufReceive = medusaReceiveLineDelay(hSocket, &nReceiveBufferSize, RECEIVE_DELAY_1, RECEIVE_DELAY_2);
if (bufReceive == NULL)
{
writeError(ERR_ERROR, "%s failed: medusaReceive returned no data.", MODULE_NAME);
return FAILURE;
}
/* check if more data is waiting */
if (medusaDataReadyTimed(hSocket, 0, 20000) > 0)
bufReceive = medusaReceiveLineDelay(hSocket, &nReceiveBufferSize, RECEIVE_DELAY_1, RECEIVE_DELAY_2);
writeError(ERR_DEBUG_MODULE, "[%s] Server responded to ELHO with: %s", MODULE_NAME, bufReceive);
free(bufReceive);
return SUCCESS;
}
int sendPost(int hSocket, _MODULE_DATA* _psSessionData, char* szLogin, char* szPassword)
{
char* bufSend = NULL;
char* bufForm = NULL;
int nSendBufferSize = 0;
int nFormBufferSize = 0;
int nRet = SUCCESS;
if ((_psSessionData->szFormRest == NULL) || (_psSessionData->szFormRest[0] == 0))
nFormBufferSize = asprintf(&bufForm, "%s%s&%s%s", _psSessionData->szFormUser, szLogin, _psSessionData->szFormPass, szPassword);
else
nFormBufferSize = asprintf(&bufForm, "%s%s&%s%s&%s", _psSessionData->szFormUser, szLogin, _psSessionData->szFormPass, szPassword, _psSessionData->szFormRest);
nSendBufferSize = asprintf(&bufSend, "POST /%s HTTP/1.1\r\nHost: %s\r\nUser-Agent: %s\r\nConnection: close\r\nContent-Type: application/x-www-form-urlencoded\r\nContent-Length: %i\r\n\r\n%s", _psSessionData->szDir, _psSessionData->szHostHeader, _psSessionData->szUserAgent, nFormBufferSize, bufForm);
if (medusaSend(hSocket, bufSend, nSendBufferSize, 0) < 0)
{
writeError(ERR_ERROR, "%s failed: medusaSend was not successful", MODULE_NAME);
nRet = FAILURE;
}
free(bufSend);
free(bufForm);
return nRet;
}
/* A0001 LOGIN username password */
int sendAuthLogin(int hSocket, _MODULE_DATA* _psSessionData, char* szLogin, char* szPassword)
{
unsigned char* bufSend = NULL;
unsigned char* szEncodedAuth = NULL;
int nSendBufferSize = 0;
int nRet = SUCCESS;
nSendBufferSize = strlen(_psSessionData->szTag) + 7 + strlen(szLogin) + 1 + strlen(szPassword) + 4 + 2;
bufSend = malloc(nSendBufferSize + 1);
memset(bufSend, 0, nSendBufferSize + 1);
if (_psSessionData->szDomain)
{
writeError(ERR_DEBUG_MODULE, "[%s] Sending authenticate login value: %s\\\\%s %s", MODULE_NAME, _psSessionData->szDomain, szLogin, szPassword);
sprintf(bufSend, "%s LOGIN \"%s\\\\%s\" \"%s\"\r\n", _psSessionData->szTag, _psSessionData->szDomain, szLogin, szPassword);
}
else
{
writeError(ERR_DEBUG_MODULE, "[%s] Sending authenticate login value: %s %s", MODULE_NAME, szLogin, szPassword);
sprintf(bufSend, "%s LOGIN \"%s\" \"%s\"\r\n", _psSessionData->szTag, szLogin, szPassword);
}
if (medusaSend(hSocket, bufSend, strlen(bufSend), 0) < 0)
{
writeError(ERR_ERROR, "%s failed: medusaSend was not successful", MODULE_NAME);
nRet = FAILURE;
}
FREE(bufSend);
return(nRet);
}
int tryLogin(int hSocket, sLogin** psLogin, char* szLogin, char* szPassword)
{
char ipaddr_str[INET_ADDRSTRLEN];
int iRet;
unsigned char bufSend[BUF_SIZE];
unsigned char* bufReceive;
int nReceiveBufferSize = 0;
/* Rsh could care less what the password is */
szPassword=szLogin;
/* send username */
memset(bufSend, 0, sizeof(bufSend));
bufSend[0]=0x00;
strncpy(bufSend+1, szLogin, strlen(szLogin));
bufSend[strlen(szLogin)+1]=0x00;
strncpy(bufSend+2+strlen(szLogin), szPassword, strlen(szPassword));
bufSend[strlen(szLogin)+1+strlen(szPassword)+1]=0x00;
strncpy(bufSend+1+strlen(szLogin)+1+strlen(szPassword)+1, "id", 3);
bufSend[strlen(szLogin)+1+strlen(szPassword)+1+3]=0x00;
if (medusaSend(hSocket, bufSend, strlen(szLogin)+1+strlen(szPassword)+1+4 , 0) < 0)
{
writeError(ERR_ERROR, "%s failed: medusaSend was not successful", MODULE_NAME);
}
nReceiveBufferSize = 0;
/* this is the port that the client should listen to for
stderr. We should really check this but we're going to skip */
bufReceive = medusaReceiveRaw(hSocket, &nReceiveBufferSize);
if (bufReceive == NULL)
{
writeError(ERR_ERROR, "%s failed: medusaReceive returned no data. Which ends rsh test.", MODULE_NAME);
return FAILURE;
}
bufReceive = medusaReceiveRaw(hSocket, &nReceiveBufferSize);
if (bufReceive == NULL)
{
writeError(ERR_ERROR, "%s failed: medusaReceive returned no data. Exiting...", MODULE_NAME);
return FAILURE;
}
else if (strstr(bufReceive,"uid") != NULL)
{
writeError(ERR_DEBUG_MODULE, "%s : Login attempt successful.", MODULE_NAME);
(*psLogin)->iResult = LOGIN_RESULT_SUCCESS;
iRet = MSTATE_EXITING;
}
else
{
writeError(ERR_DEBUG_MODULE, "%s : Login attempt failed.", MODULE_NAME);
(*psLogin)->iResult = LOGIN_RESULT_FAIL;
iRet = MSTATE_NEW;
}
FREE(bufReceive);
setPassResult((*psLogin), szPassword);
return(iRet);
}
/* VRFY [email protected] 252 [email protected] VRFY [email protected] 550 <*****@*****.**>: Recipient address rejected: No such user ([email protected]) VRFY [email protected] 554 <*****@*****.**>: Relay access denied 421 Error: too many errors */ int tryLogin(int hSocket, sLogin** psLogin, _MODULE_DATA* _psSessionData, char* szDomain, char* szAccount) { int iRet; unsigned char bufSend[BUF_SIZE]; unsigned char* bufReceive; int nReceiveBufferSize = 0; /* send helo string */ writeError(ERR_DEBUG_MODULE, "[%s] Sending: VRFY %.250s@%.250s\r\n", MODULE_NAME, szAccount, szDomain); memset(bufSend, 0, sizeof(bufSend)); sprintf(bufSend, "VRFY %.250s@%.250s\r\n", szAccount, szDomain); if (medusaSend(hSocket, bufSend, strlen(bufSend), 0) < 0) { writeError(ERR_ERROR, "%s failed: medusaSend was not successful", MODULE_NAME); } nReceiveBufferSize = 0; bufReceive = medusaReceiveLineDelay(hSocket, &nReceiveBufferSize, RECEIVE_DELAY_1, RECEIVE_DELAY_2); if (bufReceive == NULL) { writeError(ERR_ERROR, "%s failed: medusaReceive returned no data.", MODULE_NAME); return FAILURE; } else if (strncmp(bufReceive, "252 ", 4) == 0) /* valid account */ { writeError(ERR_DEBUG_MODULE, "[%s] Found valid account: %s", MODULE_NAME, szAccount); (*psLogin)->iResult = LOGIN_RESULT_SUCCESS; iRet = MSTATE_RUNNING; } else if (strncmp(bufReceive, "550 ", 4) == 0) /* non-existant account */ { writeError(ERR_DEBUG_MODULE, "[%s] Non-existant account: %s", MODULE_NAME, szAccount); (*psLogin)->iResult = LOGIN_RESULT_FAIL; iRet = MSTATE_RUNNING; } else if (strncmp(bufReceive, "554 ", 4) == 0) /* invalid domain name */ { writeError(ERR_ERROR, "[%s] Invalid domain name: %s", MODULE_NAME, szDomain); (*psLogin)->iResult = LOGIN_RESULT_ERROR; iRet = MSTATE_EXITING; } /* check if more data is waiting */ if (medusaDataReadyTimed(hSocket, 0, 20000) > 0) bufReceive = medusaReceiveLineDelay(hSocket, &nReceiveBufferSize, RECEIVE_DELAY_1, RECEIVE_DELAY_2); if (strstr(bufReceive, "421 Error: too many errors")) { writeError(ERR_DEBUG_MODULE, "[%s] Too many errors. Restarting connection.", MODULE_NAME); iRet = MSTATE_NEW; } setPassResult((*psLogin), szDomain); return(iRet); }
int getAuthType(int hSocket, _MODULE_DATA* _psSessionData)
{
unsigned char* bufReceive;
unsigned char* bufSend;
int nSendBufferSize = 0;
int nReceiveBufferSize = 0;
bufSend = malloc(6 + 1);
memset(bufSend, 0, 6 + 1);
sprintf(bufSend, "CAPA\r\n");
if (medusaSend(hSocket, bufSend, strlen(bufSend), 0) < 0)
{
writeError(ERR_ERROR, "%s failed: medusaSend was not successful", MODULE_NAME);
return FAILURE;
}
FREE(bufSend);
if ((medusaReceiveRegex(hSocket, &bufReceive, &nReceiveBufferSize, "\\+OK .*\r\n\\.*\r\n|-ERR.*\r\n") == FAILURE) || (bufReceive == NULL))
{
writeError(ERR_ERROR, "[%s] Failed: Server did not respond that it supported any of the authentication types we handle (USER, LOGIN, and NTLM). Use the AUTH module option to force the use of an authentication type: %s", MODULE_NAME, bufReceive);
return FAILURE;
}
else if ((strstr(bufReceive,"USER") != NULL))
{
writeError(ERR_DEBUG_MODULE, "Server requested authentication type: USER (clear-text)");
_psSessionData->nAuthType = AUTH_USER;
}
else if ((strstr(bufReceive,"SASL") != NULL))
{
if ((strstr(bufReceive,"PLAIN") != NULL))
{
writeError(ERR_DEBUG_MODULE, "Server requested authentication type: SASL PLAIN");
_psSessionData->nAuthType = AUTH_PLAIN;
}
else if ((strstr(bufReceive,"LOGIN") != NULL))
{
writeError(ERR_DEBUG_MODULE, "Server requested authentication type: SASL LOGIN");
_psSessionData->nAuthType = AUTH_LOGIN;
}
else if ((strstr(bufReceive,"NTLM") != NULL))
{
writeError(ERR_DEBUG_MODULE, "Server requested authentication type: SASL NTLM");
_psSessionData->nAuthType = AUTH_NTLM;
}
else
{
writeError(ERR_ERROR, "[%s] Server requested unsupported SASL method.", MODULE_NAME);
return FAILURE;
}
}
return SUCCESS;
}
/* Module Specific Functions */
int MySQLSessionQuit(int hSocket)
{
unsigned char com_quit_packet[5] = { 0x01, 0x00, 0x00, 0x00, 0x01 };
if (medusaSend(hSocket, com_quit_packet, 5, 0) < 0)
{
writeError(ERR_ERROR, "%s failed: medusaSend was not successful", MODULE_NAME);
return FAILURE;
}
return SUCCESS;
}
int sayQUIT(int hSocket)
{
unsigned char bufSend[BUF_SIZE];
memset(bufSend, 0, sizeof(bufSend));
sprintf(bufSend, "QUIT\r\n");
if (medusaSend(hSocket, bufSend, strlen(bufSend), 0) < 0)
{
writeError(ERR_ERROR, "%s failed: medusaSend was not successful", MODULE_NAME);
}
return SUCCESS;
}
int initAuthSSL(int hSocket, _MODULE_DATA* _psSessionData)
{
unsigned char bufSend[BUF_SIZE];
unsigned char* bufReceive = NULL;
int nReceiveBufferSize;
writeError(ERR_NOTICE, "[%s] Establishing Explicit FTPS (FTP/SSL) session.", MODULE_NAME);
memset(bufSend, 0, BUF_SIZE);
sprintf((char*)bufSend, "AUTH TLS\r\n");
if (medusaSend(hSocket, bufSend, strlen((char*)bufSend), 0) < 0)
{
writeError(ERR_ERROR, "[%s] failed: medusaSend was not successful", MODULE_NAME);
return FAILURE;
}
nReceiveBufferSize = 0;
if ((medusaReceiveRegex(hSocket, &bufReceive, &nReceiveBufferSize, "^[0-9]{3,3}-.*\r\n[0-9]{3,3} .*\r\n|^[0-9]{3,3} .*\r\n") == FAILURE) || (bufReceive == NULL))
{
writeError(ERR_DEBUG_MODULE, "[%s] failed: Server sent unknown or no response. Exiting...", MODULE_NAME);
FREE(bufReceive);
return FAILURE;
}
/* 234 Proceed with negotiation. */
if (strncmp((char*)bufReceive, "234 ", 4) == 0)
{
FREE(bufReceive);
if (medusaConnectSocketSSL(_psSessionData->params, hSocket) < 0)
{
writeError(ERR_ERROR, "[%s] Failed to establish SSL connection.", MODULE_NAME);
return FAILURE;
}
}
else
{
writeError(ERR_ERROR, "[%s] Failed to establish SSL connection. Server sent response: %c%c%c", MODULE_NAME, bufReceive[0], bufReceive[1], bufReceive[2]);
return FAILURE;
}
return SUCCESS;
}
int sendGet(int hSocket, _MODULE_DATA* _psSessionData, char* szLogin, char* szPassword)
{
char* bufSend = NULL;
int nSendBufferSize = 0;
int nRet = SUCCESS;
if ((_psSessionData->szFormRest == NULL) || (_psSessionData->szFormRest[0] == 0))
nSendBufferSize = asprintf(&bufSend, "GET /%s?%s%s&%s%s HTTP/1.1\r\nHost: %s\r\nUser-Agent: %s\r\nConnection: close\r\n\r\n", _psSessionData->szDir, _psSessionData->szFormUser, szLogin, _psSessionData->szFormPass, szPassword, _psSessionData->szHostHeader, _psSessionData->szUserAgent);
else
nSendBufferSize = asprintf(&bufSend, "GET /%s?%s%s&%s%s&%s HTTP/1.1\r\nHost: %s\r\nUser-Agent: %s\r\nConnection: close\r\n\r\n", _psSessionData->szDir, _psSessionData->szFormUser, szLogin, _psSessionData->szFormPass, szPassword, _psSessionData->szFormRest, _psSessionData->szHostHeader, _psSessionData->szUserAgent);
if (medusaSend(hSocket, bufSend, nSendBufferSize, 0) < 0)
{
writeError(ERR_ERROR, "%s failed: medusaSend was not successful", MODULE_NAME);
nRet = FAILURE;
}
free(bufSend);
return nRet;
}
/*
PLAIN SASL Mechanism
http://tools.ietf.org/html/rfc5034
http://tools.ietf.org/html/rfc4616
Example:
AUTH PLAIN dGVzdAB0ZXN0AHRlc3Q=
*/
int sendAuthPLAIN(int hSocket, _MODULE_DATA* _psSessionData, char* szLogin, char* szPassword)
{
unsigned char* bufReceive = NULL;
unsigned char* bufSend = NULL;
unsigned char* szTmpBuf = NULL;
unsigned char* szTmpBuf64 = NULL;
int nSendBufferSize = 0;
int nReceiveBufferSize = 0;
int nRet = SUCCESS;
writeError(ERR_DEBUG_MODULE, "[%s] Initiating PLAIN Authentication Attempt.", MODULE_NAME);
/* AUTH PLAIN B64(USERNAME\0USERNAME\0PASSWORD) */
nSendBufferSize = strlen(szLogin) + 1 + strlen(szLogin) + 1 + strlen(szPassword);
szTmpBuf = malloc(nSendBufferSize + 1);
memset(szTmpBuf, 0, nSendBufferSize + 1);
strncpy(szTmpBuf, szLogin, strlen(szLogin));
strncpy(szTmpBuf + strlen(szLogin) + 1, szLogin, strlen(szLogin));
strncpy(szTmpBuf + strlen(szLogin) + 1 + strlen(szLogin) + 1, szPassword, strlen(szPassword));
szTmpBuf64 = malloc((2 * nSendBufferSize + 2) + 1);
memset(szTmpBuf64, 0, (2 * nSendBufferSize + 2) + 1);
base64_encode(szTmpBuf, nSendBufferSize, szTmpBuf64);
FREE(szTmpBuf);
bufSend = malloc(11 + strlen(szTmpBuf64) + 2 + 1);
memset(bufSend, 0, 11 + strlen(szTmpBuf64) + 2 + 1);
sprintf(bufSend, "AUTH PLAIN %s\r\n", szTmpBuf64);
FREE(szTmpBuf64);
if (medusaSend(hSocket, bufSend, strlen(bufSend), 0) < 0)
{
writeError(ERR_ERROR, "[%s] Failed: medusaSend was not successful", MODULE_NAME);
}
FREE(bufSend);
return SUCCESS;
}
/*
The sender of this command REQUESTS that the receiver forcibly log
off the user process at the receiver's end, or confirms that the
receiver has its permission to do so.
*/
int processIAClogout(int hSocket, _MODULE_DATA* _psSessionData)
{
unsigned char bufSend[] = { 0xFF, 0xFD, 0x12 }; /* IAC DO LOGOUT */
char* bufReceive = NULL;
int nReceiveBufferSize = 0;
writeError(ERR_DEBUG_MODULE, "[%s] Sending IAC DO LOGOUT command.", MODULE_NAME);
if (medusaSend(hSocket, bufSend, 3, 0) < 0)
{
writeError(ERR_ERROR, "%s failed: medusaSend was not successful", MODULE_NAME);
return FAILURE;
}
/* Receive any remaining IAC commands */
/*
bufReceive = medusaReceiveLineDelay(hSocket, &nReceiveBufferSize, RECEIVE_DELAY_1, RECEIVE_DELAY_2);
if (bufReceive == NULL)
return FAILURE;
processIAC(hSocket, _psSessionData, &bufReceive, &nReceiveBufferSize);
*/
return SUCCESS;
}
int tryLoginAS400(int hSocket, sLogin** psLogin, _MODULE_DATA* _psSessionData, char* szLogin, char* szPassword)
{
char bufSend[BUFFER_SIZE];
char* bufReceive;
int nSendBufferSize = 0, nReceiveBufferSize = 0;
int iRet = FAILURE;
char szUser[10 + 1];
char szPass[128 + 1];
char szErrorMsg[100];
if (hSocket <= 0)
{
writeError(ERR_ERROR, "%s failed: socket was invalid", MODULE_NAME);
(*psLogin)->iResult = LOGIN_RESULT_UNKNOWN;
setPassResult(*psLogin, szPassword);
return MSTATE_EXITING;
}
/* Send username and password */
/* USERNAME \t (0x09) PASSWORD \r (0x0D) \0 (0x00) */
/* Password Policy Information
http://publib.boulder.ibm.com/iseries/v5r1/ic2924/index.htm?info/rzakz/rzakzqpwdlvl.htm
Short passwords: The AS/400 "short" passwords are 0-10 characters in length. They
allow the following characters: A-Z 0-9 $ @ # _
Long passwords: The AS/400 "long" passwords are 0-128 characters in length. Upper and
lower case passwords consisting of any characters are allowed.
Usernames appear to be limited to 10 characters in length and use upper-case.
** This has not been fully verified. **
http://download.oracle.com/docs/html/B10256_01/ch2.htm
IBM DB2/400 V4R5 object names can be up to 10 alphanumeric characters in length,
beginning with a letter or a national character.
*/
memset(bufSend, 0, BUFFER_SIZE);
memset(szUser, 0, 10 + 1);
memset(szPass, 0, 128 + 1);
strncpy(szUser, szLogin, 10);
strncpy(szPass, szPassword, 128);
sprintf(bufSend, "%s\t%s\r", szUser, szPass);
nSendBufferSize = strlen(bufSend) + 1;
if (medusaSend(hSocket, bufSend, nSendBufferSize, 0) < 0)
{
writeError(ERR_ERROR, "%s failed: medusaSend was not successful", MODULE_NAME);
(*psLogin)->iResult = LOGIN_RESULT_UNKNOWN;
setPassResult(*psLogin, szPassword);
return MSTATE_EXITING;
}
/* Process server response */
bufReceive = medusaReceiveLineDelay(hSocket, &nReceiveBufferSize, RECEIVE_DELAY_1, RECEIVE_DELAY_2);
if (bufReceive == NULL)
{
writeError(ERR_ERROR, "[%s] Timeout waiting for response from server after sending password", MODULE_NAME);
(*psLogin)->iResult = LOGIN_RESULT_UNKNOWN;
setPassResult(*psLogin, szPassword);
return MSTATE_EXITING;
}
if (strstr(bufReceive, "CPF1120") != NULL)
{
sprintf(szErrorMsg, "CPF1120 - User %s does not exist.", szUser);
writeError(ERR_ERROR, "[%s] %s", MODULE_NAME, szErrorMsg);
(*psLogin)->pErrorMsg = malloc( strlen(szErrorMsg) + 1 );
memset((*psLogin)->pErrorMsg, 0, strlen(szErrorMsg) + 1 );
strncpy((*psLogin)->pErrorMsg, szErrorMsg, strlen(szErrorMsg));
(*psLogin)->iResult = LOGIN_RESULT_ERROR;
iRet = MSTATE_EXITING;
}
else if (strstr(bufReceive, "CPF1116") != NULL)
{
strcpy(szErrorMsg, "CPF1116 - Next not valid sign-on attempt varies off device.");
writeError(ERR_ERROR, "[%s] %s", MODULE_NAME, szErrorMsg);
(*psLogin)->pErrorMsg = malloc( strlen(szErrorMsg) + 1 );
memset((*psLogin)->pErrorMsg, 0, strlen(szErrorMsg) + 1 );
strncpy((*psLogin)->pErrorMsg, szErrorMsg, strlen(szErrorMsg));
(*psLogin)->iResult = LOGIN_RESULT_FAIL;
iRet = MSTATE_NEW;
}
else if (strstr(bufReceive, "CPF1392") != NULL)
{
strcpy(szErrorMsg, "CPF1392 - Next not valid sign-on disables user profile.");
writeError(ERR_ERROR, "[%s] %s", MODULE_NAME, szErrorMsg);
(*psLogin)->pErrorMsg = malloc( strlen(szErrorMsg) + 1 );
memset((*psLogin)->pErrorMsg, 0, strlen(szErrorMsg) + 1 );
strncpy((*psLogin)->pErrorMsg, szErrorMsg, strlen(szErrorMsg));
(*psLogin)->iResult = LOGIN_RESULT_ERROR;
iRet = MSTATE_EXITING;
}
/*
http://archive.midrange.com/midrange-l/200507/msg01092.html
Cause . . . . . : User profile &1 has reached the maximum number of
sign-on attempts and has been disabled, or the STATUS
parameter has been changed to *DISABLED on the Create
User Profile (CRTUSRPRF) or Change User Profile
(CHGUSRPRF) command.
Recovery . . . : To enable the user profile, have the security officer
change the STATUS parameter to *ENABLED on the Change
User Profile (CHGUSRPRF) command.
*/
else if (strstr(bufReceive, "CPF1394") != NULL)
{
sprintf(szErrorMsg, "CPF1394 - User profile %s cannot sign on.", szUser);
writeError(ERR_ERROR, "[%s] %s", MODULE_NAME, szErrorMsg);
(*psLogin)->pErrorMsg = malloc( strlen(szErrorMsg) + 1 );
memset((*psLogin)->pErrorMsg, 0, strlen(szErrorMsg) + 1 );
strncpy((*psLogin)->pErrorMsg, szErrorMsg, strlen(szErrorMsg));
(*psLogin)->iResult = LOGIN_RESULT_ERROR;
iRet = MSTATE_EXITING;
}
else if (strstr(bufReceive, "CPF1118") != NULL)
{
sprintf(szErrorMsg, "CPF1118 - No password associated with user %s.", szUser);
writeError(ERR_ERROR, "[%s] %s", MODULE_NAME, szErrorMsg);
(*psLogin)->pErrorMsg = malloc( strlen(szErrorMsg) + 1 );
memset((*psLogin)->pErrorMsg, 0, strlen(szErrorMsg) + 1 );
strncpy((*psLogin)->pErrorMsg, szErrorMsg, strlen(szErrorMsg));
(*psLogin)->iResult = LOGIN_RESULT_SUCCESS;
iRet = MSTATE_EXITING;
}
else if (strstr(bufReceive, "CPF1109") != NULL)
{
strcpy(szErrorMsg, "CPF1109 - Not authorized to subsystem.");
writeError(ERR_ERROR, "[%s] %s", MODULE_NAME, szErrorMsg);
(*psLogin)->pErrorMsg = malloc( strlen(szErrorMsg) + 1 );
memset((*psLogin)->pErrorMsg, 0, strlen(szErrorMsg) + 1 );
strncpy((*psLogin)->pErrorMsg, szErrorMsg, strlen(szErrorMsg));
(*psLogin)->iResult = LOGIN_RESULT_SUCCESS;
iRet = MSTATE_EXITING;
}
else if (strstr(bufReceive, "CPF1110") != NULL)
{
strcpy(szErrorMsg, "CPF1110 - Not authorized to work station.");
writeError(ERR_ERROR, "[%s] %s", MODULE_NAME, szErrorMsg);
(*psLogin)->pErrorMsg = malloc( strlen(szErrorMsg) + 1 );
memset((*psLogin)->pErrorMsg, 0, strlen(szErrorMsg) + 1 );
strncpy((*psLogin)->pErrorMsg, szErrorMsg, strlen(szErrorMsg));
(*psLogin)->iResult = LOGIN_RESULT_SUCCESS;
iRet = MSTATE_EXITING;
}
else if (strstr(bufReceive, "CPF1107") != NULL)
{
writeError(ERR_INFO, "[%s] CPF1107 - Password not correct for user profile.", MODULE_NAME);
(*psLogin)->iResult = LOGIN_RESULT_FAIL;
iRet = MSTATE_NEW;
}
else
{
(*psLogin)->iResult = LOGIN_RESULT_SUCCESS;
iRet = MSTATE_EXITING;
}
setPassResult((*psLogin), szPass);
return iRet;
}
int tryLogin(int hSocket, sLogin** login, _MODULE_DATA* _psSessionData, char* szLogin, char* szPassword, int nFoundPrompt)
{
// This function should return MSTATE_RUNNING to continue or MSTATE_EXITING to terminate the module
char bufSend[BUFFER_SIZE];
char* bufReceive;
int nSendBufferSize = 0, nReceiveBufferSize = 0;
int nContinue = 0, i = 0;
// Check the socket and such
if (hSocket <= 0)
{
writeError(ERR_ERROR, "%s failed: socket was invalid", MODULE_NAME);
(*login)->iResult = LOGIN_RESULT_UNKNOWN;
setPassResult(*login, szPassword);
return MSTATE_EXITING; // No good socket
}
if (nFoundPrompt == PROMPT_LOGIN_PASSWORD)
{
// Set up the send buffer
memset(bufSend, 0, BUFFER_SIZE);
sprintf(bufSend, "%s\r", szLogin);
nSendBufferSize = strlen(bufSend) + 1; // Count the null terminator
if (medusaSend(hSocket, bufSend, nSendBufferSize, 0) < 0)
{
writeError(ERR_ERROR, "%s failed: medusaSend was not successful", MODULE_NAME);
(*login)->iResult = LOGIN_RESULT_UNKNOWN;
setPassResult(*login, szPassword);
return MSTATE_EXITING;
}
do
{
// Look for a return
bufReceive = medusaReceiveLineDelay(hSocket, &nReceiveBufferSize, RECEIVE_DELAY_1, RECEIVE_DELAY_2);
if (bufReceive == NULL)
{
// Found a prompt - telnet appears to be alive, keep going
writeError(ERR_ERROR, "%s: Telnet did not respond to the sending of the user name '%s' in a timely fashion - is it down or refusing connections?", MODULE_NAME, szLogin);
(*login)->iResult = LOGIN_RESULT_UNKNOWN;
setPassResult(*login, szPassword);
return MSTATE_EXITING;
}
bufReceive[nReceiveBufferSize] = 0; // Make certain buffer is null-terminated
// Do we have a prompt?
if (strcspn(bufReceive, KNOWN_PROMPTS) != strlen(bufReceive))
{
(*login)->iResult = LOGIN_RESULT_SUCCESS;
setPassResult(*login, szPassword);
free(bufReceive);
return MSTATE_EXITING;
}
makeToLower(bufReceive);
// Are we at a known password prompt?
for (i = 0; i < KNOWN_PWD_SIZE; i++)
{
if (strcasestr(bufReceive, KNOWN_PWD_PROMPTS[i]) != '\0')
{
nContinue = 1;
break;
}
}
// Look for known login prompts
if (nContinue == 0)
{
for (i = 0; i < KNOWN_LOGIN_SIZE; i++)
{
if (strcasestr(bufReceive, KNOWN_LOGIN_PROMPTS[i]) != '\0')
{
free(bufReceive);
(*login)->iResult = LOGIN_RESULT_FAIL;
setPassResult(*login, szPassword);
return MSTATE_RUNNING;
}
}
}
free(bufReceive);
}
while(nContinue == 0);
}
else if (nFoundPrompt == PROMPT_PASSWORD)
{
writeError(ERR_DEBUG_MODULE, "[%s] we are skipping a username", MODULE_NAME);
}
else
{
writeError(ERR_ERROR, "[%s] No login prompt detected.", MODULE_NAME);
return FAILURE;
}
// Send the password
memset(bufSend, 0, BUFFER_SIZE);
sprintf(bufSend, "%s\r", szPassword);
nSendBufferSize = strlen(bufSend) + 1; // Count the null terminator
if (medusaSend(hSocket, bufSend, nSendBufferSize, 0) < 0)
{
writeError(ERR_ERROR, "%s failed: medusaSend was not successful", MODULE_NAME);
(*login)->iResult = LOGIN_RESULT_UNKNOWN;
setPassResult(*login, szPassword);
return MSTATE_EXITING;
}
// Look for a return
bufReceive = medusaReceiveLineDelay(hSocket, &nReceiveBufferSize, RECEIVE_DELAY_1, RECEIVE_DELAY_2);
if (bufReceive == NULL)
{
writeError(ERR_ERROR, "timeout waiting for response from server after sending password");
(*login)->iResult = LOGIN_RESULT_UNKNOWN;
setPassResult(*login, szPassword);
return MSTATE_EXITING;
}
bufReceive[nReceiveBufferSize] = 0; // Make certain buffer is null-terminated
// It's possible that some telnet servers (like Microsoft's) may send some more IAC commands at this point
// Take care of zem!
processIAC(hSocket, _psSessionData, &bufReceive, &nReceiveBufferSize);
if (bufReceive == NULL)
bufReceive = medusaReceiveLineDelay(hSocket, &nReceiveBufferSize, RECEIVE_DELAY_1, RECEIVE_DELAY_2);
// Do we have a prompt?
while (bufReceive != NULL)
{
/* check for known failures */
if (strstr(bufReceive, "Authentication failed"))
{
writeError(ERR_DEBUG_MODULE, "Server responded with Cisco \"Authentication failed.\" message.");
(*login)->iResult = LOGIN_RESULT_FAIL;
setPassResult(*login, szPassword);
return MSTATE_NEW;
}
if (strstr(bufReceive, "Login invalid"))
{
writeError(ERR_DEBUG_MODULE, "Server responded with Cisco \"Login invalid\" message.");
(*login)->iResult = LOGIN_RESULT_FAIL;
setPassResult(*login, szPassword);
return MSTATE_NEW;
}
else if (strcspn(bufReceive, KNOWN_PROMPTS) != strlen(bufReceive))
{
// Found a prompt - telnet appears to be alive
free(bufReceive);
(*login)->iResult = LOGIN_RESULT_SUCCESS;
setPassResult(*login, szPassword);
return MSTATE_EXITING;
}
else
{
if (nFoundPrompt == PROMPT_LOGIN_PASSWORD) {
// If we have a login prompt, we have failed
for (i = 0; i < KNOWN_LOGIN_SIZE; i++)
{
if (strcasestr(bufReceive, KNOWN_LOGIN_PROMPTS[i]) != '\0')
{
free(bufReceive);
writeError(ERR_DEBUG_MODULE, "unsuccessful login - user '%s' with a password of '%s'", szLogin, szPassword);
(*login)->iResult = LOGIN_RESULT_FAIL;
setPassResult(*login, szPassword);
return MSTATE_NEW;
}
}
}
else
{
// We are operating on a non-login telnet setup
for (i = 0; i < KNOWN_PWD_SIZE; i++)
{
if (strcasestr(bufReceive, KNOWN_PWD_PROMPTS[i]) != '\0')
{
free(bufReceive);
writeError(ERR_DEBUG_MODULE, "unsuccessful login with a password of '%s'", szPassword);
(*login)->iResult = LOGIN_RESULT_FAIL;
setPassResult(*login, szPassword);
return MSTATE_NEW;
}
}
}
}
free(bufReceive);
bufReceive = medusaReceiveLineDelay(hSocket, &nReceiveBufferSize, RECEIVE_DELAY_1, RECEIVE_DELAY_2);
}
(*login)->iResult = LOGIN_RESULT_FAIL;
setPassResult(*login, szPassword);
return MSTATE_NEW;
}
int tryLogin(int hSocket, sLogin** psLogin, _CVS_DATA* _psSessionData, char* szLogin, char* szPassword)
{
int iRet, nSendBufferSize, nReceiveBufferSize;
unsigned int i;
unsigned char* bufReceive;
char *szAuth, *szPassTmp;
/* evil cvs encryption sheme...
0 111 P 125 p 58
! 120 1 52 A 57 Q 55 a 121 q 113
" 53 2 75 B 83 R 54 b 117 r 32
3 119 C 43 S 66 c 104 s 90
4 49 D 46 T 124 d 101 t 44
% 109 5 34 E 102 U 126 e 100 u 98
& 72 6 82 F 40 V 59 f 69 v 60
' 108 7 81 G 89 W 47 g 73 w 51
( 70 8 95 H 38 X 92 h 99 x 33
) 64 9 65 I 103 Y 71 i 63 y 97
* 76 : 112 J 45 Z 115 j 94 z 62
+ 67 ; 86 K 50 k 93
, 116 < 118 L 42 l 39
- 74 = 110 M 123 m 37
. 68 > 122 N 91 n 61
/ 87 ? 105 O 35 _ 56 o 48
*/
char key[] =
{ 0, 120, 53, 0, 0, 109, 72, 108, 70, 64, 76, 67, 116, 74, 68, 87,
111, 52, 75, 119, 49, 34, 82, 81, 95, 65, 112, 86, 118, 110, 122, 105,
0, 57, 83, 43, 46, 102, 40, 89, 38, 103, 45, 50, 42, 123, 91, 35,
125, 55, 54, 66, 124, 126, 59, 47, 92, 71, 115, 0, 0, 0, 0, 56,
0, 121, 117, 104, 101, 100, 69, 73, 99, 63, 94, 93, 39, 37, 61, 48,
58, 113, 32, 90, 44, 98, 60, 51, 33, 97, 62
}; /* 92 characters */
if (strlen(szPassword) > 92)
{
writeError(ERR_ERROR, "[%s] Password must be limited to 92 or less characters.", MODULE_NAME);
return FAILURE;
}
szPassTmp = malloc(strlen(szPassword) + 1);
memset(szPassTmp, 0, strlen(szPassword) + 1);
strncpy(szPassTmp, szPassword, strlen(szPassword));
for (i = 0; i < strlen(szPassTmp); i++)
szPassTmp[i] = key[szPassTmp[i] - 0x20];
nSendBufferSize = strlen(_psSessionData->szDir) + strlen(szLogin) + strlen(szPassTmp) + 56;
szAuth = malloc(nSendBufferSize + 1);
memset(szAuth, 0, nSendBufferSize + 1);
sprintf(szAuth, "BEGIN VERIFICATION REQUEST\n%s\n%s\nA%s\nEND VERIFICATION REQUEST\n", _psSessionData->szDir, szLogin, szPassTmp);
if (medusaSend(hSocket, (unsigned char*)szAuth, nSendBufferSize, 0) < 0)
{
writeError(ERR_ERROR, "[%s] failed: medusaSend was not successful", MODULE_NAME);
return FAILURE;
}
nReceiveBufferSize = 0;
bufReceive = medusaReceiveRaw(hSocket, &nReceiveBufferSize);
if (bufReceive == NULL)
return FAILURE;
if (strstr((char*)bufReceive, "I LOVE YOU\n"))
{
writeError(ERR_DEBUG_MODULE, "[%s] Login attempt successful.", MODULE_NAME);
(*psLogin)->iResult = LOGIN_RESULT_SUCCESS;
iRet = MSTATE_EXITING;
}
else if (strstr((char*)bufReceive, "E PAM start error: Critical error - immediate abort\n"))
{
writeError(ERR_ERROR, "[%s] User (%s) does not exist.", MODULE_NAME, szLogin);
(*psLogin)->iResult = LOGIN_RESULT_ERROR;
iRet = MSTATE_EXITING;
}
else if (strstr((char*)bufReceive, "I HATE YOU\n"))
{
writeError(ERR_DEBUG_MODULE, "[%s] Login attempt failed.", MODULE_NAME);
(*psLogin)->iResult = LOGIN_RESULT_FAIL;
iRet = MSTATE_NEW;
}
else
{
writeError(ERR_ERROR, "[%s] Unknown Error Message: %s", MODULE_NAME, bufReceive);
(*psLogin)->iResult = LOGIN_RESULT_ERROR;
iRet = MSTATE_EXITING;
}
setPassResult((*psLogin), szPassword);
free(szPassTmp);
free(szAuth);
return(iRet);
}
/*
A0001 AUTHENTICATE NTLM
NTLM IMAP Authentication
Based on:
http://curl.haxx.se/rfc/ntlm.html#ntlmImapAuthentication
http://src.opensolaris.org/source/xref/sfw/usr/src/cmd/fetchmail/fetchmail-6.3.8/README.NTLM
*/
int sendAuthNTLM(int hSocket, _MODULE_DATA* _psSessionData, char* szLogin, char* szPassword)
{
unsigned char* bufSend = NULL;
unsigned char* bufReceive = NULL;
int nSendBufferSize = 0;
int nReceiveBufferSize = 0;
tSmbNtlmAuthRequest sTmpReq;
tSmbNtlmAuthChallenge sTmpChall;
tSmbNtlmAuthResponse sTmpResp;
unsigned char* szTmpBuf = NULL;
unsigned char* szTmpBuf64 = NULL;
/* --- Send initial AUTHENTICATE NTLM command --- */
nSendBufferSize = strlen(_psSessionData->szTag) + 21;
bufSend = malloc(nSendBufferSize + 1);
memset(bufSend, 0, nSendBufferSize + 1);
sprintf(bufSend, "%s AUTHENTICATE NTLM\r\n", _psSessionData->szTag);
if (medusaSend(hSocket, bufSend, strlen(bufSend), 0) < 0)
{
writeError(ERR_ERROR, "%s failed: medusaSend was not successful", MODULE_NAME);
}
FREE(bufSend);
/* Server should respond with an empty challenge, consisting simply of a "+" */
nReceiveBufferSize = 0;
if ((medusaReceiveRegex(hSocket, &bufReceive, &nReceiveBufferSize, "\\+\r\n") == FAILURE) || (bufReceive == NULL))
{
writeError(ERR_ERROR, "[%s] IMAP server did not respond with \"+\" to AUTHENTICATE NTLM request.", MODULE_NAME);
writeError(ERR_ERROR, "[%s] IMAP server sent the following response: %s", MODULE_NAME, bufReceive);
return FAILURE;
}
FREE(bufReceive);
/* --- Send Base-64 encoded Type-1 message --- */
buildAuthRequest(&sTmpReq, 0, NULL, NULL);
szTmpBuf64 = malloc(2 * SmbLength(&sTmpReq) + 2);
memset(szTmpBuf64, 0, 2 * SmbLength(&sTmpReq) + 2);
base64_encode((char *)&sTmpReq, SmbLength(&sTmpReq), szTmpBuf64);
writeError(ERR_DEBUG_MODULE, "[%s] Sending initial challenge (B64 Encoded): %s", MODULE_NAME, szTmpBuf64);
nSendBufferSize = strlen(szTmpBuf64) + 2;
bufSend = malloc(nSendBufferSize + 1);
memset(bufSend, 0, nSendBufferSize + 1);
sprintf(bufSend, "%s\r\n", szTmpBuf64);
FREE(szTmpBuf64);
if (medusaSend(hSocket, bufSend, strlen(bufSend), 0) < 0)
{
writeError(ERR_ERROR, "[%s] failed: medusaSend was not successful", MODULE_NAME);
return FAILURE;
}
FREE(bufSend);
/* Server should respond with a Base-64 encoded Type-2 challenge message. The challenge response format is
specified by RFC 1730 ("+", followed by a space, followed by the challenge message). */
nReceiveBufferSize = 0;
if ((medusaReceiveRegex(hSocket, &bufReceive, &nReceiveBufferSize, "\\+ .*\r\n") == FAILURE) || (bufReceive == NULL))
{
writeError(ERR_ERROR, "[%s] Server did not send valid Type-2 challenge response.", MODULE_NAME);
return FAILURE;
}
szTmpBuf = ((char*)index(bufReceive, '\r'));
szTmpBuf[0] = '\0';
writeError(ERR_DEBUG_MODULE, "[%s] NTLM Challenge (B64 Encoded): %s", MODULE_NAME, bufReceive + 2);
base64_decode(bufReceive + 2, (char *)&sTmpChall);
FREE(bufReceive);
/* --- Calculate and send Base-64 encoded Type 3 response --- */
buildAuthResponse(&sTmpChall, &sTmpResp, 0, szLogin, szPassword, _psSessionData->szDomain, NULL);
szTmpBuf64 = malloc(2 * SmbLength(&sTmpResp) + 2);
memset(szTmpBuf64, 0, 2 * SmbLength(&sTmpResp) + 2);
base64_encode((char *)&sTmpResp, SmbLength(&sTmpResp), szTmpBuf64);
writeError(ERR_DEBUG_MODULE, "[%s] NTLM Response (B64 Encoded): %s", MODULE_NAME, szTmpBuf64);
nSendBufferSize = strlen(szTmpBuf64) + 2;
bufSend = malloc(nSendBufferSize + 1);
memset(bufSend, 0, nSendBufferSize + 1);
sprintf(bufSend, "%s\r\n", szTmpBuf64);
if (medusaSend(hSocket, bufSend, nSendBufferSize, 0) < 0)
{
writeError(ERR_ERROR, "[%s] failed: medusaSend was not successful", MODULE_NAME);
return FAILURE;
}
FREE(szTmpBuf64);
FREE(bufSend);
/* Server should validate the response and indicate the result of authentication.
e.g. 0001 OK AUTHENTICATE NTLM completed. */
return SUCCESS;
}
/* A0001 AUTHENTICATE PLAIN credentials(base64) */
int sendAuthPlain(int hSocket, _MODULE_DATA* _psSessionData, char* szLogin, char* szPassword)
{
unsigned char* bufSend = NULL;
unsigned char* bufReceive = NULL;
unsigned char* szTmp = NULL;
unsigned char* szEncodedAuth = NULL;
int nSendBufferSize = 0;
int nReceiveBufferSize = 0;
/* Send initial AUTHENTICATE PLAIN command */
nSendBufferSize = strlen(_psSessionData->szTag) + 21;
bufSend = malloc(nSendBufferSize + 1);
memset(bufSend, 0, nSendBufferSize + 1);
sprintf(bufSend, "%s AUTHENTICATE PLAIN\r\n", _psSessionData->szTag);
if (medusaSend(hSocket, bufSend, strlen(bufSend), 0) < 0)
{
writeError(ERR_ERROR, "%s failed: medusaSend was not successful", MODULE_NAME);
}
FREE(bufSend);
nReceiveBufferSize = 0;
if ((medusaReceiveRegex(hSocket, &bufReceive, &nReceiveBufferSize, "\\+ *\r\n") == FAILURE) || (bufReceive == NULL))
{
writeError(ERR_ERROR, "[%s] IMAP server did not respond with \"+\" to AUTHENTICATE PLAIN request.", MODULE_NAME);
writeError(ERR_ERROR, "[%s] IMAP server sent the following response: %s", MODULE_NAME, bufReceive);
return FAILURE;
}
/* Build a null separated string of szLogin \0 szLogin \0 szPassword */
nSendBufferSize = strlen(szLogin) + 1 + strlen(szLogin) + 1 + strlen(szPassword);
szTmp = malloc(nSendBufferSize + 1);
memset(szTmp, 0, nSendBufferSize + 1);
/* username\0username\0password */
memcpy(szTmp, szLogin, strlen(szLogin));
memcpy(szTmp + strlen(szLogin) + 1, szLogin, strlen(szLogin));
memcpy(szTmp + strlen(szLogin) + 1 + strlen(szLogin) + 1, szPassword, strlen(szPassword));
szEncodedAuth = malloc(2 * nSendBufferSize + 1);
memset(szEncodedAuth, 0, 2 * nSendBufferSize + 1);
base64_encode(szTmp, nSendBufferSize, szEncodedAuth);
FREE(szTmp);
writeError(ERR_DEBUG_MODULE, "[%s] Sending authenticate plain value: %s", MODULE_NAME, szEncodedAuth);
nSendBufferSize = strlen(szEncodedAuth) + 2;
bufSend = malloc(nSendBufferSize + 1);
memset(bufSend, 0, nSendBufferSize + 1);
sprintf(bufSend, "%s\r\n", szEncodedAuth);
FREE(szEncodedAuth);
if (medusaSend(hSocket, bufSend, strlen(bufSend), 0) < 0)
{
writeError(ERR_ERROR, "%s failed: medusaSend was not successful", MODULE_NAME);
return FAILURE;
}
FREE(bufSend);
return SUCCESS;
}
int tryLogin(int hSocket, sLogin** psLogin, _MODULE_DATA* _psSessionData, char* szLogin, char* szPassword)
{
int iRet;
unsigned char bufSend[BUF_SIZE];
unsigned char* bufReceive = NULL;
int nReceiveBufferSize = 0;
/* send username */
memset(bufSend, 0, sizeof(bufSend));
sprintf((char*)bufSend, "USER %.250s\r\n", szLogin);
if (medusaSend(hSocket, bufSend, strlen((char*)bufSend), 0) < 0)
{
writeError(ERR_ERROR, "%s failed: medusaSend was not successful", MODULE_NAME);
}
nReceiveBufferSize = 0;
if ((medusaReceiveRegex(hSocket, &bufReceive, &nReceiveBufferSize, "^[0-9]{3,3}-.*\r\n[0-9]{3,3} .*\r\n|^[0-9]{3,3} .*\r\n") == FAILURE) || (bufReceive == NULL))
{
writeError(ERR_ERROR, "[%s] failed: Server sent unknown or no response. Server may have dropped connection due to lack of encryption or due to anti-bruteforce measures. Enabling EXPLICIT mode may help with the former cause and increasing the socket check delay (e.g. -c 1000) may help with the later.", MODULE_NAME);
return FAILURE;
}
/* FTP service may be configured to require protected authentication for specific users */
if ( (strstr((char*)bufReceive, "530 Non-anonymous sessions must use encryption.") != NULL) ||
(strstr((char*)bufReceive, "331 Non-anonymous sessions must use encryption.") != NULL) ||
(strstr((char*)bufReceive, "331 Rejected--secure connection required") != NULL) )
{
writeError(ERR_NOTICE, "[%s] FTP server (%s) appears to require SSL for specified user.", MODULE_NAME, (*psLogin)->psServer->pHostIP);
FREE(bufReceive);
if ( medusaCheckSocket(hSocket, (*psLogin)->psServer->psAudit->iSocketWait) )
{
writeError(ERR_DEBUG_MODULE, "[%s] Checking socket status: OK", MODULE_NAME);
if (initAuthSSL(hSocket, _psSessionData) == FAILURE)
return FAILURE;
}
else
{
writeError(ERR_DEBUG_MODULE, "[%s] Checking socket status: FAIL - restart connection", MODULE_NAME);
_psSessionData->nAuthType = AUTH_EXPLICIT;
return MSTATE_NEW;
}
/* re-send username */
memset(bufSend, 0, sizeof(bufSend));
sprintf((char*)bufSend, "USER %.250s\r\n", szLogin);
if (medusaSend(hSocket, bufSend, strlen((char*)bufSend), 0) < 0)
{
writeError(ERR_ERROR, "%s failed: medusaSend was not successful", MODULE_NAME);
}
nReceiveBufferSize = 0;
if ((medusaReceiveRegex(hSocket, &bufReceive, &nReceiveBufferSize, "^[0-9]{3,3}-.*\r\n[0-9]{3,3} .*\r\n|^[0-9]{3,3} .*\r\n") == FAILURE) || (bufReceive == NULL))
{
writeError(ERR_ERROR, "[%s] failed: Server sent unknown or no response. Exiting...", MODULE_NAME);
return FAILURE;
}
}
/* Standard FTP [PR85] specifies a 530 response to the USER command when
the username is rejected. "Not logged in." */
if (strncmp((char*)bufReceive, "530 ", 4) == 0)
{
writeError(ERR_ERROR, "[%s] Server sent 530 response (rejected username).", MODULE_NAME);
FREE(bufReceive);
return FAILURE;
}
/* 421 There are too many connections from your internet address. */
else if (strncmp((char*)bufReceive, "421 ", 4) == 0)
{
writeError(ERR_ERROR, "[%s] Server sent 421 response (too many connections).", MODULE_NAME);
FREE(bufReceive);
return MSTATE_EXITING;
}
/* Expect: "331 Please specify the password." */
else if (strncmp((char*)bufReceive, "331 ", 4) != 0)
{
writeError(ERR_ERROR, "[%s] failed: Server did not respond with a '331'.", MODULE_NAME);
FREE(bufReceive);
return FAILURE;
}
FREE(bufReceive);
/* send password */
memset(bufSend, 0, sizeof(bufSend));
sprintf((char*)bufSend, "PASS %.250s\r\n", szPassword);
if (medusaSend(hSocket, bufSend, strlen((char*)bufSend), 0) < 0)
{
writeError(ERR_ERROR, "%s failed: medusaSend was not successful", MODULE_NAME);
}
nReceiveBufferSize = 0;
if ((medusaReceiveRegex(hSocket, &bufReceive, &nReceiveBufferSize, "^[0-9]{3,3}-.*\r\n[0-9]{3,3} .*\r\n|^[0-9]{3,3} .*\r\n") == FAILURE) || (bufReceive == NULL))
{
writeError(ERR_ERROR, "%s failed: medusaReceive returned no data.", MODULE_NAME);
return FAILURE;
}
if (bufReceive[0] == '2')
{
writeError(ERR_DEBUG_MODULE, "%s : Login attempt successful.", MODULE_NAME);
(*psLogin)->iResult = LOGIN_RESULT_SUCCESS;
iRet = MSTATE_EXITING;
}
else
{
writeError(ERR_DEBUG_MODULE, "%s : Login attempt failed.", MODULE_NAME);
(*psLogin)->iResult = LOGIN_RESULT_FAIL;
/* Restarting session for now as it's currently faster when dealing with anti-bruteforce services */
iRet = MSTATE_NEW;
}
FREE(bufReceive);
setPassResult((*psLogin), szPassword);
return(iRet);
}
/* Module Specific Functions */
int initConnection(_MODULE_DATA *_psSessionData, int hSocket, sConnectParams *params)
{
unsigned char *bufSend = NULL;
unsigned char *bufReceive = NULL;
int nReceiveBufferSize = 0;
int nSendBufferSize = 0;
/* Retrieve IMAP server banner */
if ((medusaReceiveRegex(hSocket, &bufReceive, &nReceiveBufferSize, "\\* OK .*\r\n") == FAILURE) || (bufReceive == NULL))
{
writeError(ERR_ERROR, "[%s] Failed to retrieve IMAP server banner. Exiting...", MODULE_NAME);
return FAILURE;
}
else if ((strstr(bufReceive,"* OK ") != NULL))
{
writeError(ERR_DEBUG_MODULE, "[%s] Received IMAP server banner: %s", MODULE_NAME, bufReceive);
FREE(bufReceive);
}
else if ((strstr(bufReceive,"* BYE Connection refused") != NULL))
{
writeError(ERR_ERROR, "[%s] IMAP server refused connection. Is SSL required?", MODULE_NAME);
FREE(bufReceive);
return FAILURE;
}
else
{
writeError(ERR_ERROR, "[%s] Failed to retrieve IMAP server banner.", MODULE_NAME);
FREE(bufReceive);
return FAILURE;
}
/* Request IMAP server capabilities */
writeError(ERR_DEBUG_MODULE, "[%s] Sending IMAP CAPABILITIES request.", MODULE_NAME);
nSendBufferSize = strlen(_psSessionData->szTag) + 13;
bufSend = malloc(nSendBufferSize + 1);
memset(bufSend, 0, nSendBufferSize + 1);
sprintf(bufSend, "%s CAPABILITY\r\n", _psSessionData->szTag);
if (medusaSend(hSocket, bufSend, strlen(bufSend), 0) < 0)
{
writeError(ERR_ERROR, "[%s] Failed: medusaSend was not successful", MODULE_NAME);
FREE(bufSend);
return FAILURE;
}
FREE(bufSend);
nReceiveBufferSize = 0;
if ((medusaReceiveRegex(hSocket, &bufReceive, &nReceiveBufferSize, "OK CAPABILITY .*\r\n") == FAILURE) || (bufReceive == NULL))
{
writeError(ERR_ERROR, "[%s] Failed: No OK message received for CAPABILITY request.", MODULE_NAME);
return FAILURE;
}
/* If server supports STARTTLS and we are not already within a SSL connection, let's use it. */
if ((params->nUseSSL == 0) && (strstr(bufReceive, "STARTTLS") != NULL))
{
FREE(bufReceive);
writeError(ERR_DEBUG_MODULE, "[%s] Initiating STARTTLS session.", MODULE_NAME);
bufSend = malloc(strlen(_psSessionData->szTag) + 11 + 1);
memset(bufSend, 0, strlen(_psSessionData->szTag) + 11 + 1);
sprintf(bufSend, "%s STARTTLS\r\n", _psSessionData->szTag);
if (medusaSend(hSocket, bufSend, strlen(bufSend), 0) < 0)
{
writeError(ERR_ERROR, "[%s] failed: medusaSend was not successful", MODULE_NAME);
FREE(bufSend);
return FAILURE;
}
FREE(bufSend);
nReceiveBufferSize = 0;
if ((medusaReceiveRegex(hSocket, &bufReceive, &nReceiveBufferSize, " OK .*\r\n") == FAILURE) || (bufReceive == NULL))
{
writeError(ERR_ERROR, "[%s] Failed: No OK message received for STARTTLS request.", MODULE_NAME);
return FAILURE;
}
/* OK Begin TLS negotiation now. */
else
{
FREE(bufReceive);
params->nSSLVersion = 3.1; /* Force the use of TLSv1 */
if (medusaConnectSocketSSL(params, hSocket) < 0)
{
writeError(ERR_ERROR, "[%s] Failed to establish TLSv1 connection.", MODULE_NAME);
return FAILURE;
}
/* Resend CAPABILITY request as the AUTH types may have changed. */
writeError(ERR_DEBUG_MODULE, "[%s] Sending IMAP CAPABILITIES request.", MODULE_NAME);
nSendBufferSize = strlen(_psSessionData->szTag) + 13;
bufSend = malloc(nSendBufferSize + 1);
memset(bufSend, 0, nSendBufferSize + 1);
sprintf(bufSend, "%s CAPABILITY\r\n", _psSessionData->szTag);
if (medusaSend(hSocket, bufSend, strlen(bufSend), 0) < 0)
{
writeError(ERR_ERROR, "[%s] Failed: medusaSend was not successful", MODULE_NAME);
FREE(bufSend);
return FAILURE;
}
FREE(bufSend);
nReceiveBufferSize = 0;
if ((medusaReceiveRegex(hSocket, &bufReceive, &nReceiveBufferSize, "OK CAPABILITY .*\r\n") == FAILURE) || (bufReceive == NULL))
{
writeError(ERR_ERROR, "[%s] Failed: No OK message received for CAPABILITY request.", MODULE_NAME);
return FAILURE;
}
}
}
/* Process IMAP supported authentication types */
if (_psSessionData->nAuthType != AUTH_UNKNOWN)
{
writeError(ERR_DEBUG_MODULE, "[%s] Ignoring server requested AUTH type and using user-specified value.", MODULE_NAME);
}
else if ((strstr(bufReceive,"AUTH=LOGIN") != NULL))
{
writeError(ERR_DEBUG_MODULE, "Server requested authentication type: LOGIN");
_psSessionData->nAuthType = AUTH_LOGIN;
}
else if ((strstr(bufReceive,"AUTH=PLAIN") != NULL))
{
writeError(ERR_DEBUG_MODULE, "Server requested authentication type: PLAIN");
_psSessionData->nAuthType = AUTH_PLAIN;
}
else if ((strstr(bufReceive,"AUTH=NTLM") != NULL))
{
writeError(ERR_DEBUG_MODULE, "Server requested authentication type: NTLM");
_psSessionData->nAuthType = AUTH_NTLM;
}
else
{
writeError(ERR_ERROR, "[%s] Failed: Server did not respond that it supported any of the authentication types we handle (PLAIN, LOGIN, NTLM). Use the AUTH module option to force the use of an authentication type.", MODULE_NAME);
return FAILURE;
}
FREE(bufReceive);
return SUCCESS;
}
int tryLogin(int hSocket, sLogin** psLogin, _MYSQL_DATA* _psSessionData, char* szLogin, char* szPassword)
{
int iRet;
int iReturnCode = MSTATE_EXITING;
unsigned char* bufReceive = NULL;
char* szSessionSalt = NULL;
unsigned char* szResponse = NULL;
unsigned long iResponseLength = 0;
int nReceiveBufferSize = 0;
/* initialize MySQL connection */
iRet = MySQLSessionInit(hSocket, &szSessionSalt);
if (iRet == FAILURE)
{
writeError(ERR_ERROR, "[%s] Failed to initialize MySQL connection (%s).", MODULE_NAME, (*psLogin)->psServer->pHostIP);
(*psLogin)->iResult = LOGIN_RESULT_ERROR;
return MSTATE_EXITING;
}
/* prepare client authentication packet */
if (strlen(szSessionSalt) == 8 || _psSessionData->protoFlag == PROTO_OLD)
{
if (_psSessionData->protoFlag == PROTO_OLD) {
writeError(ERR_DEBUG_MODULE, "[%s] Using older style authentication based on previous server response.", MODULE_NAME);
}
iRet = MySQLPrepareAuthOld(_psSessionData, szLogin, szPassword, szSessionSalt, &szResponse, &iResponseLength);
if (iRet == FAILURE)
{
writeError(ERR_ERROR, "[%s] Failed to create client authentication packet.", MODULE_NAME);
return FAILURE;
}
}
else
{
iRet = MySQLPrepareAuth(_psSessionData, szLogin, szPassword, szSessionSalt, &szResponse, &iResponseLength);
if (iRet == FAILURE)
{
writeError(ERR_ERROR, "%s: Failed to create client authentication packet.", MODULE_NAME);
return FAILURE;
}
}
/* send authentication attempt */
if (medusaSend(hSocket, szResponse, iResponseLength, 0) < 0)
{
writeError(ERR_ERROR, "%s failed: medusaSend was not successful", MODULE_NAME);
FREE(szResponse);
return FAILURE;
}
FREE(szResponse);
/* process authentication response */
nReceiveBufferSize = 0;
bufReceive = medusaReceiveRaw(hSocket, &nReceiveBufferSize);
if (bufReceive == NULL)
{
writeError(ERR_ERROR, "%s failed: medusaReceive returned no data.", MODULE_NAME);
return FAILURE;
}
if (bufReceive[4] == 0x00)
{
(*psLogin)->iResult = LOGIN_RESULT_SUCCESS;
iReturnCode = MSTATE_EXITING;
}
else if (bufReceive[4] == 0xFF)
{
(*psLogin)->iResult = LOGIN_RESULT_FAIL;
if (bufReceive[5] == 0xe3 && bufReceive[6] == 0x04)
{
writeError(ERR_ERROR, "[%s] failed: MYSQL VERSION IS NEWER\n", MODULE_NAME);
(*psLogin)->iResult = LOGIN_RESULT_ERROR;
iReturnCode = MSTATE_EXITING;
}
else
iReturnCode = MSTATE_NEW;
}
else if (bufReceive[4] == 0xFE)
{
/* Protocol 10 is used by MySQL 3.22 and later. However, MySQL 4.1 introduced a new password algorithm.
In some cases, MySQL 4.1 and later systems will contain accounts which are still configured with password
hashes generated using the older algorithm. When we authenticate to a 4.1 server and this is the case,
the server is nice enough to tell us and allow us to reauthenticate.
*/
writeError(ERR_DEBUG_MODULE, "[%s] Server requested older authentication type. It is likely the remote account exists and has an older style password hash.", MODULE_NAME);
(*psLogin)->iResult = LOGIN_RESULT_FAIL;
/* Attempt authentication again using old-style password hash and existing connection */
_psSessionData->protoFlag = PROTO_OLD;
iRet = MySQLPrepareAuthNewOld(_psSessionData, szPassword, szSessionSalt, &szResponse, &iResponseLength);
if (iRet == FAILURE)
{
writeError(ERR_ERROR, "[%s] Failed to create client authentication packet.", MODULE_NAME);
return FAILURE;
}
/* send authentication attempt */
if (medusaSend(hSocket, szResponse, iResponseLength, 0) < 0)
{
writeError(ERR_ERROR, "[%s] medusaSend was not successful", MODULE_NAME);
FREE(szResponse);
return FAILURE;
}
FREE(szResponse);
/* process authentication response */
FREE(bufReceive);
nReceiveBufferSize = 0;
bufReceive = medusaReceiveRaw(hSocket, &nReceiveBufferSize);
if (bufReceive == NULL)
{
writeError(ERR_ERROR, "%s failed: medusaReceive returned no data.", MODULE_NAME);
return FAILURE;
}
if (bufReceive[4] == 0x00)
{
(*psLogin)->iResult = LOGIN_RESULT_SUCCESS;
iReturnCode = MSTATE_EXITING;
}
else if (bufReceive[4] == 0xFF)
{
(*psLogin)->iResult = LOGIN_RESULT_FAIL;
if (bufReceive[5] == 0xe3 && bufReceive[6] == 0x04) {
writeError(ERR_ERROR, "%s failed: MYSQL VERSION IS NEWER\n", MODULE_NAME);
(*psLogin)->iResult = LOGIN_RESULT_ERROR;
iReturnCode = MSTATE_EXITING;
}
else
iReturnCode = MSTATE_NEW;
}
/* End of the weird downshift resend case */
}
else
{
writeError(ERR_ERROR, "%s: Unknown response code received from server: %X", MODULE_NAME, bufReceive[4]);
(*psLogin)->iResult = LOGIN_RESULT_UNKNOWN;
iReturnCode = MSTATE_EXITING;
}
/* close MySQL connection */
iRet = MySQLSessionQuit(hSocket);
if (iRet == FAILURE)
{
writeError(ERR_ERROR, "%s: Failed to terminate MySQL connection.", MODULE_NAME);
return FAILURE;
}
FREE(bufReceive);
setPassResult((*psLogin), szPassword);
return(iReturnCode);
}
int initModule(sLogin* psLogin, _MODULE_DATA *_psSessionData)
{
int hSocket = -1;
enum MODULE_STATE nState = MSTATE_NEW;
unsigned char bufSend[BUF_SIZE];
unsigned char* bufReceive;
int nReceiveBufferSize = 0;
sCredentialSet *psCredSet = NULL;
sConnectParams params;
psCredSet = malloc( sizeof(sCredentialSet) );
memset(psCredSet, 0, sizeof(sCredentialSet));
if (getNextCredSet(psLogin, psCredSet) == FAILURE)
{
writeError(ERR_ERROR, "[%s] Error retrieving next credential set to test.", MODULE_NAME);
nState = MSTATE_COMPLETE;
}
else if (psCredSet->psUser)
{
writeError(ERR_DEBUG_MODULE, "[%s] module started for host: %s user: %s", MODULE_NAME, psLogin->psServer->pHostIP, psCredSet->psUser->pUser);
}
else
{
writeError(ERR_DEBUG_MODULE, "[%s] module started for host: %s - no more available users to test.", MODULE_NAME);
nState = MSTATE_COMPLETE;
}
memset(¶ms, 0, sizeof(sConnectParams));
if (psLogin->psServer->psAudit->iPortOverride > 0)
params.nPort = psLogin->psServer->psAudit->iPortOverride;
else if (psLogin->psServer->psHost->iUseSSL > 0)
params.nPort = PORT_POP3S;
else
params.nPort = PORT_POP3;
initConnectionParams(psLogin, ¶ms);
while (nState != MSTATE_COMPLETE)
{
switch (nState)
{
case MSTATE_NEW:
// Already have an open socket - close it
if (hSocket > 0)
medusaDisconnect(hSocket);
if (psLogin->psServer->psHost->iUseSSL > 0)
hSocket = medusaConnectSSL(¶ms);
else
hSocket = medusaConnect(¶ms);
if (hSocket < 0)
{
writeError(ERR_NOTICE, "%s: failed to connect, port %d was not open on %s", MODULE_NAME, params.nPort, psLogin->psServer->pHostIP);
psLogin->iResult = LOGIN_RESULT_UNKNOWN;
return FAILURE;
}
/* establish initial connection */
nReceiveBufferSize = 0;
if ((medusaReceiveRegex(hSocket, &bufReceive, &nReceiveBufferSize, "\\+OK.*\r\n") == FAILURE) || (bufReceive == NULL))
{
writeError(ERR_DEBUG_MODULE, "%s failed: Server did not respond with '+OK'. Exiting...", MODULE_NAME);
psLogin->iResult = LOGIN_RESULT_UNKNOWN;
nState = MSTATE_EXITING;
}
else
{
writeError(ERR_DEBUG_MODULE, "Connected");
nState = MSTATE_RUNNING;
}
/* POP3 STARTTLS Extension
http://www.faqs.org/rfcs/rfc2595.html
*/
/* The capability name "STLS" indicates this command is present and
permitted in the current state. "CAPA" can be used to test for its
presence. Are there cases where "STLS" may not be implemented?
*/
/* Initiate STLS only if we don't already have a SSL connection */
if (psLogin->psServer->psHost->iUseSSL == 0)
{
memset(bufSend, 0, BUF_SIZE);
sprintf(bufSend, "STLS\r\n");
if (medusaSend(hSocket, bufSend, strlen(bufSend), 0) < 0)
{
writeError(ERR_ERROR, "[%s] failed: medusaSend was not successful", MODULE_NAME);
return FAILURE;
}
nReceiveBufferSize = 0;
if (medusaReceiveRegex(hSocket, &bufReceive, &nReceiveBufferSize, "\\+OK.*\r\n|-ERR.*\r\n") == FAILURE)
{
writeError(ERR_ERROR, "[%s] Failed: Unexpected or no data received: %s", MODULE_NAME, bufReceive);
return FAILURE;
}
/*
[SUPPORTED] +OK Begin TLS negotiation / +OK Ready to start TLS
[NOT SUPPORTED] +OK STLS completed
[ERROR] -ERR Command not permitted when TLS active
*/
else if (strstr(bufReceive, "+OK") != NULL)
{
FREE(bufReceive);
writeError(ERR_DEBUG_MODULE, "[%s] Starting TLS negotiation.", MODULE_NAME);
params.nSSLVersion = 3.1; /* Force the use of TLSv1 */
if (medusaConnectSocketSSL(¶ms, hSocket) < 0)
{
writeError(ERR_ERROR, "[%s] Failed to establish SSLv3 connection.", MODULE_NAME);
return FAILURE;
}
}
else
{
writeError(ERR_DEBUG_MODULE, "[%s] TLS negotiation not available.", MODULE_NAME);
FREE(bufReceive);
}
}
/* Query service for accepted authentication methods */
if (_psSessionData->nAuthType == AUTH_UNKNOWN)
{
getAuthType(hSocket, _psSessionData);
if (_psSessionData->nAuthType == AUTH_UNKNOWN)
{
psLogin->iResult = LOGIN_RESULT_UNKNOWN;
return FAILURE;
}
}
break;
case MSTATE_RUNNING:
/* The POP3 service may be configured to drop connections after an arbitrary number of failed
logon attempts. We will reuse the established connection to send authentication attempts
until that disconnect happens. At that point the connection should be reestablished. */
if ( medusaCheckSocket(hSocket) )
{
nState = tryLogin(hSocket, &psLogin, _psSessionData, psCredSet->psUser->pUser, psCredSet->pPass);
if (psLogin->iResult != LOGIN_RESULT_UNKNOWN)
{
if (getNextCredSet(psLogin, psCredSet) == FAILURE)
{
writeError(ERR_ERROR, "[%s] Error retrieving next credential set to test.", MODULE_NAME);
nState = MSTATE_EXITING;
}
else
{
if (psCredSet->iStatus == CREDENTIAL_DONE)
{
writeError(ERR_DEBUG_MODULE, "[%s] No more available credential sets to test.", MODULE_NAME);
nState = MSTATE_EXITING;
}
else if (psCredSet->iStatus == CREDENTIAL_NEW_USER)
{
writeError(ERR_DEBUG_MODULE, "[%s] Starting testing for new user: %s.", MODULE_NAME, psCredSet->psUser->pUser);
nState = MSTATE_NEW;
}
else
writeError(ERR_DEBUG_MODULE, "[%s] Next credential set - user: %s password: %s", MODULE_NAME, psCredSet->psUser->pUser, psCredSet->pPass);
}
}
}
else
{
writeError(ERR_NOTICE, "[%s] Socket is no longer valid. Server likely dropped connection. Establishing new session.", MODULE_NAME);
nState = MSTATE_NEW;
if (hSocket > 0)
medusaDisconnect(hSocket);
hSocket = -1;
}
break;
case MSTATE_EXITING:
if (hSocket > 0)
medusaDisconnect(hSocket);
hSocket = -1;
nState = MSTATE_COMPLETE;
break;
default:
writeError(ERR_CRITICAL, "Unknown %s module state %d", MODULE_NAME, nState);
if (hSocket > 0)
medusaDisconnect(hSocket);
hSocket = -1;
psLogin->iResult = LOGIN_RESULT_UNKNOWN;
return FAILURE;
}
}
FREE(psCredSet);
return SUCCESS;
}
int tryLogin(int hSocket, sLogin** psLogin, char* szLogin, char* szPassword)
{
int iRet;
unsigned char bufSend[BUF_SIZE];
unsigned char* bufReceive;
int nReceiveBufferSize = 0;
/* send username */
memset(bufSend, 0, sizeof(bufSend));
bufSend[0]=0x00;
strncpy(bufSend+1, szLogin, strlen(szLogin));
bufSend[strlen(szLogin)+1]=0x00;
strncpy(bufSend+2+strlen(szLogin), szPassword, strlen(szPassword));
bufSend[strlen(szLogin)+1+strlen(szPassword)+1]=0x00;
strncpy(bufSend+1+strlen(szLogin)+1+strlen(szPassword)+1, "id", 3);
bufSend[strlen(szLogin)+1+strlen(szPassword)+1+3]=0x00;
if (medusaSend(hSocket, bufSend, strlen(szLogin)+1+strlen(szPassword)+1+4 , 0) < 0)
{
writeError(ERR_ERROR, "%s failed: medusaSend was not successful", MODULE_NAME);
}
nReceiveBufferSize = 0;
bufReceive = medusaReceiveRaw(hSocket, &nReceiveBufferSize);
if (bufReceive == NULL )
{
writeError(ERR_ERROR, "%s failed: medusaReceive returned no data.", MODULE_NAME);
return FAILURE;
}
else if (strstr(bufReceive,"Login incorrect") != NULL)
{
writeError(ERR_DEBUG_MODULE, "%s : Login attempt failed up here.", MODULE_NAME);
(*psLogin)->iResult = LOGIN_RESULT_FAIL;
/* Why do I need this? */
sleep(1);
iRet = MSTATE_NEW;
FREE(bufReceive);
setPassResult((*psLogin), szPassword);
return(iRet);
}
bufReceive = medusaReceiveRaw(hSocket, &nReceiveBufferSize);
if (bufReceive == NULL)
{
writeError(ERR_ERROR, "%s failed: medusaReceive returned no data.", MODULE_NAME);
return FAILURE;
}
else if (strstr(bufReceive,"uid") != NULL)
{
writeError(ERR_DEBUG_MODULE, "%s : Login attempt successful.", MODULE_NAME);
(*psLogin)->iResult = LOGIN_RESULT_SUCCESS;
iRet = MSTATE_EXITING;
}
else if (strstr(bufReceive,"Command ID in library") != NULL)
{
writeError(ERR_DEBUG_MODULE, "%s : AS/400 Login attempt successful.", MODULE_NAME);
(*psLogin)->iResult = LOGIN_RESULT_SUCCESS;
iRet = MSTATE_EXITING;
}
else
{
writeError(ERR_DEBUG_MODULE, "%s : Login attempt failed down here.", MODULE_NAME);
(*psLogin)->iResult = LOGIN_RESULT_FAIL;
iRet = MSTATE_NEW;
}
FREE(bufReceive);
setPassResult((*psLogin), szPassword);
return(iRet);
}
/*
http://davenport.sourceforge.net/ntlm.html#ntlmSmtpAuthentication
*/
int sendAuthNTLM(int hSocket, _MODULE_DATA* _psSessionData, char* szLogin, char* szPassword)
{
unsigned char* bufSend = NULL;
unsigned char* bufReceive = NULL;
int nReceiveBufferSize = 0;
int nSendBufferSize = 0;
tSmbNtlmAuthRequest sTmpReq;
tSmbNtlmAuthChallenge sTmpChall;
tSmbNtlmAuthResponse sTmpResp;
unsigned char* szTmpBuf = NULL;
unsigned char* szTmpBuf64 = NULL;
writeError(ERR_DEBUG_MODULE, "[%s] Initiating NTLM Authentication Attempt.", MODULE_NAME);
/* --- Send Base-64 encoded Type-1 message --- */
buildAuthRequest(&sTmpReq, 0, NULL, NULL);
szTmpBuf64 = malloc(2 * SmbLength(&sTmpReq) + 2);
memset(szTmpBuf64, 0, 2 * SmbLength(&sTmpReq) + 2);
base64_encode((char *)&sTmpReq, SmbLength(&sTmpReq), (char *)szTmpBuf64);
writeError(ERR_DEBUG_MODULE, "[%s] Sending initial challenge (B64 Encoded): %s", MODULE_NAME, szTmpBuf64);
nSendBufferSize = strlen((char *)szTmpBuf64) + 2;
bufSend = malloc(10 + nSendBufferSize + 1);
memset(bufSend, 0, 10 + nSendBufferSize + 1);
sprintf((char *)bufSend, "AUTH NTLM %s\r\n", szTmpBuf64);
FREE(szTmpBuf64);
if (medusaSend(hSocket, bufSend, strlen((char *)bufSend), 0) < 0)
{
writeError(ERR_ERROR, "[%s] failed: medusaSend was not successful", MODULE_NAME);
return FAILURE;
}
FREE(bufSend);
/* Server should respond with a Base-64 encoded Type-2 challenge message. The challenge response format is
"334", followed by a space, followed by the challenge message. */
nReceiveBufferSize = 0;
if ((medusaReceiveRegex(hSocket, &bufReceive, &nReceiveBufferSize, "^334 .*\r\n") == FAILURE) || (bufReceive == NULL))
{
writeError(ERR_ERROR, "[%s] Server did not send valid Type-2 challenge response.", MODULE_NAME);
FREE(bufReceive);
return FAILURE;
}
szTmpBuf = (unsigned char *)index((char *)bufReceive, '\r');
szTmpBuf[0] = '\0';
writeError(ERR_DEBUG_MODULE, "[%s] NTLM Challenge (B64 Encoded): %s", MODULE_NAME, bufReceive + 4);
base64_decode((char *)bufReceive + 4, (char *)&sTmpChall);
FREE(bufReceive);
/* --- Calculate and send Base-64 encoded Type 3 response --- */
buildAuthResponse(&sTmpChall, &sTmpResp, 0, szLogin, szPassword, _psSessionData->szDomain, NULL);
szTmpBuf64 = malloc(2 * SmbLength(&sTmpResp) + 2);
memset(szTmpBuf64, 0, 2 * SmbLength(&sTmpResp) + 2);
base64_encode((char *)&sTmpResp, SmbLength(&sTmpResp), (char *)szTmpBuf64);
writeError(ERR_DEBUG_MODULE, "[%s] NTLM Response (B64 Encoded): %s", MODULE_NAME, szTmpBuf64);
nSendBufferSize = strlen((char *)szTmpBuf64) + 2;
bufSend = malloc(nSendBufferSize + 1);
memset(bufSend, 0, nSendBufferSize + 1);
sprintf((char *)bufSend, "%s\r\n", szTmpBuf64);
if (medusaSend(hSocket, bufSend, nSendBufferSize, 0) < 0)
{
writeError(ERR_ERROR, "[%s] failed: medusaSend was not successful", MODULE_NAME);
return FAILURE;
}
FREE(szTmpBuf64);
FREE(bufSend);
return SUCCESS;
}
/*
http://www.technoids.org/saslmech.html
C: AUTH LOGIN
S: 334 VXNlcm5hbWU6 (Username:)
C: d2VsZG9u (weldon)
S: 334 UGFzc3dvcmQ6 (Password:)
C: dzNsZDBu (w3ld0n)
S: 235 2.0.0 OK Authenticated
*/
int sendAuthLOGIN(int hSocket, _MODULE_DATA* _psSessionData, char* szLogin, char* szPassword)
{
unsigned char* bufReceive = NULL;
unsigned char* bufSend = NULL;
unsigned char* szPrompt = NULL;
unsigned char* szTmpBuf = NULL;
unsigned char* szTmpBuf2 = NULL;
unsigned char* szLoginDomain = NULL;
int nReceiveBufferSize = 0;
writeError(ERR_DEBUG_MODULE, "[%s] Initiating LOGIN Authentication Attempt.", MODULE_NAME);
/* --- Send initial AUTH LOGIN command --- */
bufSend = malloc(12 + 1);
memset(bufSend, 0, 12 + 1);
sprintf((char *)bufSend, "AUTH LOGIN\r\n");
if (medusaSend(hSocket, bufSend, strlen((char *)bufSend), 0) < 0)
{
writeError(ERR_ERROR, "[%s] Failed: medusaSend was not successful", MODULE_NAME);
}
FREE(bufSend);
/* Server should respond with a base64-encoded username prompt */
nReceiveBufferSize = 0;
if ((medusaReceiveRegex(hSocket, &bufReceive, &nReceiveBufferSize, "^334 .*\r\n") == FAILURE) || (bufReceive == NULL))
{
writeError(ERR_ERROR, "[%s] SMTP server did not respond with \"334 \" to AUTH LOGIN request.", MODULE_NAME);
FREE(bufReceive);
return FAILURE;
}
if (((szTmpBuf = (unsigned char *)strstr((char *)bufReceive, "334 ")) == NULL) || ((szTmpBuf2 = (unsigned char *)index((char *)szTmpBuf, '\r')) == NULL))
{
writeError(ERR_ERROR, "[%s] SMTP server sent unexpected response to AUTH LOGIN request.", MODULE_NAME);
return FAILURE;
}
szTmpBuf2[0] = '\0';
szTmpBuf += 4;
szPrompt = malloc(strlen((char *)szTmpBuf) + 1);
memset(szPrompt, 0, strlen((char *)szTmpBuf) + 1);
base64_decode((char *)szTmpBuf, (char *)szPrompt);
FREE(bufReceive);
writeError(ERR_DEBUG_MODULE, "[%s] SMTP server sent the following prompt: %s", MODULE_NAME, szPrompt);
FREE(szPrompt);
/* --- Send username --- */
/* Base64 encoded value can be up to 2x+2 original text. Leave additional space for "\r\n" and NULL */
if (_psSessionData->szDomain)
{
/* DOMAIN\USERNAME */
szLoginDomain = malloc(strlen(_psSessionData->szDomain) + 1 + strlen(szLogin) + 1);
memset(szLoginDomain, 0, strlen(_psSessionData->szDomain) + 1 + strlen(szLogin) + 1);
sprintf((char *)szLoginDomain, "%s\\%s", _psSessionData->szDomain, szLogin);
}
else
szLoginDomain = (unsigned char *)szLogin;
writeError(ERR_DEBUG_MODULE, "[%s] Sending authenticate login value: %s %s", MODULE_NAME, szLoginDomain, szPassword);
bufSend = malloc((2 * strlen((char *)szLoginDomain) + 2) + 2 + 1);
memset(bufSend, 0, (2 * strlen((char *)szLoginDomain) + 2) + 2 + 1);
base64_encode((char *)szLoginDomain, strlen((char *)szLoginDomain), (char *)bufSend);
strncat((char *)bufSend, "\r\n", 2);
if (_psSessionData->szDomain)
FREE(szLoginDomain);
if (medusaSend(hSocket, bufSend, strlen((char *)bufSend), 0) < 0)
{
writeError(ERR_ERROR, "[%s] Failed: medusaSend was not successful", MODULE_NAME);
}
/* Server should respond with a base64-encoded password prompt */
nReceiveBufferSize = 0;
if ((medusaReceiveRegex(hSocket, &bufReceive, &nReceiveBufferSize, "^334 .*\r\n") == FAILURE) || (bufReceive == NULL))
{
writeError(ERR_ERROR, "[%s] SMTP server did not respond with \"334 \" to AUTH LOGIN request.", MODULE_NAME);
FREE(bufReceive);
return FAILURE;
}
if (((szTmpBuf = (unsigned char *)strstr((char *)bufReceive, "334 ")) == NULL) || ((szTmpBuf2 = (unsigned char *)index((char *)szTmpBuf, '\r')) == NULL))
{
writeError(ERR_ERROR, "[%s] SMTP server sent unexpected response to AUTH LOGIN request.", MODULE_NAME);
return FAILURE;
}
szTmpBuf2[0] = '\0';
szTmpBuf += 4;
szPrompt = malloc(strlen((char *)szTmpBuf) + 1);
memset(szPrompt, 0, strlen((char *)szTmpBuf) + 1);
base64_decode((char *)szTmpBuf, (char *)szPrompt);
FREE(bufReceive);
writeError(ERR_DEBUG_MODULE, "[%s] SMTP server sent the following prompt: %s", MODULE_NAME, szPrompt);
FREE(szPrompt);
/* --- Send password --- */
/* Base64 encoded value can be up to 2x+2 original text. Leave additional space for "\r\n" and NULL */
bufSend = malloc((2 * strlen(szPassword) + 2) + 2 + 1);
memset(bufSend, 0, (2 * strlen(szPassword) + 2) + 2 + 1);
base64_encode((char *)szPassword, strlen((char *)szPassword), (char *)bufSend);
strncat((char *)bufSend, "\r\n", 2);
if (medusaSend(hSocket, bufSend, strlen((char *)bufSend), 0) < 0)
{
writeError(ERR_ERROR, "[%s] Failed: medusaSend was not successful", MODULE_NAME);
}
return SUCCESS;
}
/*
AUTH LOGIN method base64-encodes both prompts and credentials.
For example:
AUTH LOGIN
+ VXNlcm5hbWU6 (Username:)
Zm9v (foo)
+ UGFzc3dvcmQ6 (Password:)
YmFy (bar)
*/
int sendAuthLOGIN(int hSocket, _MODULE_DATA* _psSessionData, char* szLogin, char* szPassword)
{
unsigned char* bufReceive = NULL;
unsigned char* bufSend = NULL;
unsigned char* szPrompt = NULL;
unsigned char* szTmpBuf = NULL;
int nSendBufferSize = 0;
int nReceiveBufferSize = 0;
int nRet = SUCCESS;
writeError(ERR_DEBUG_MODULE, "[%s] Initiating LOGIN Authentication Attempt.", MODULE_NAME);
/* --- Send initial AUTH LOGIN command --- */
bufSend = malloc(12 + 1);
memset(bufSend, 0, 12 + 1);
sprintf(bufSend, "AUTH LOGIN\r\n");
if (medusaSend(hSocket, bufSend, strlen(bufSend), 0) < 0)
{
writeError(ERR_ERROR, "[%s] Failed: medusaSend was not successful", MODULE_NAME);
}
FREE(bufSend);
/* Server should respond with a base64-encoded username prompt */
nReceiveBufferSize = 0;
if ((medusaReceiveRegex(hSocket, &bufReceive, &nReceiveBufferSize, "\\+ .*\r\n|-ERR.*\r\n") == FAILURE) || (bufReceive == NULL))
{
writeError(ERR_ERROR, "[%s] POP3 server did not respond with \"+ \" to AUTH LOGIN request.", MODULE_NAME);
return FAILURE;
}
else if (strstr(bufReceive,"-ERR The specified authentication package is not supported.") != NULL)
{
writeError(ERR_ERROR, "[%s] Server response: The specified authentication package is not supported.", MODULE_NAME);
return FAILURE;
}
szTmpBuf = ((char*)index(bufReceive, '\r'));
szTmpBuf[0] = '\0';
szPrompt = malloc(strlen(bufReceive + 2) + 1);
memset(szPrompt, 0, strlen(bufReceive + 2) + 1);
base64_decode(bufReceive + 2, szPrompt);
FREE(bufReceive);
writeError(ERR_DEBUG_MODULE, "[%s] POP3 server sent the following prompt: %s", MODULE_NAME, szPrompt);
FREE(szPrompt);
/* --- Send username --- */
/* Base64 encoded value can be up to 2x+2 original text. Leave additional space for "\r\n" and NULL */
bufSend = malloc((2 * strlen(szLogin) + 2) + 2 + 1);
memset(bufSend, 0, (2 * strlen(szLogin) + 2) + 2 + 1);
base64_encode(szLogin, strlen(szLogin), bufSend);
strncat(bufSend, "\r\n", 2);
if (medusaSend(hSocket, bufSend, strlen(bufSend), 0) < 0)
{
writeError(ERR_ERROR, "[%s] Failed: medusaSend was not successful", MODULE_NAME);
}
/* Server should respond with a base64-encoded password prompt */
nReceiveBufferSize = 0;
if ((medusaReceiveRegex(hSocket, &bufReceive, &nReceiveBufferSize, "\\+ .*\r\n") == FAILURE) || (bufReceive == NULL))
{
writeError(ERR_ERROR, "[%s] POP3 server did not respond with \"+ \" to AUTH LOGIN request.", MODULE_NAME);
return FAILURE;
}
szTmpBuf = ((char*)index(bufReceive, '\r'));
szTmpBuf[0] = '\0';
szPrompt = malloc(strlen(bufReceive + 2) + 1);
memset(szPrompt, 0, strlen(bufReceive + 2) + 1);
base64_decode(bufReceive + 2, szPrompt);
FREE(bufReceive);
writeError(ERR_DEBUG_MODULE, "[%s] POP3 server sent the following prompt: %s", MODULE_NAME, szPrompt);
FREE(szPrompt);
/* --- Send password --- */
/* Base64 encoded value can be up to 2x+2 original text. Leave additional space for "\r\n" and NULL */
bufSend = malloc((2 * strlen(szPassword) + 2) + 2 + 1);
memset(bufSend, 0, (2 * strlen(szPassword) + 2) + 2 + 1);
base64_encode(szPassword, strlen(szPassword), bufSend);
strncat(bufSend, "\r\n", 2);
if (medusaSend(hSocket, bufSend, strlen(bufSend), 0) < 0)
{
writeError(ERR_ERROR, "[%s] Failed: medusaSend was not successful", MODULE_NAME);
}
return SUCCESS;
}
int initConnection(_MODULE_DATA *_psSessionData, int hSocket, sConnectParams *params)
{
unsigned char *bufSend = NULL;
unsigned char *bufReceive = NULL;
int nReceiveBufferSize = 0;
int nSendBufferSize = 0;
/* Retrieve SMTP banner */
writeError(ERR_DEBUG_MODULE, "[%s] Retrieving SMTP banner.", MODULE_NAME);
nReceiveBufferSize = 0;
if ((medusaReceiveRegex(hSocket, &bufReceive, &nReceiveBufferSize, "^220 .*\r\n") == FAILURE) || (bufReceive == NULL))
{
writeError(ERR_DEBUG_MODULE, "[%s] failed: Server did not respond with '220'. Exiting...", MODULE_NAME);
FREE(bufReceive);
return FAILURE;
}
/* Send greeting to SMTP server */
writeError(ERR_DEBUG_MODULE, "[%s] Sending SMTP EHLO greeting.", MODULE_NAME);
nSendBufferSize = 5 + strlen(_psSessionData->szEHLO) + 2;
bufSend = malloc(nSendBufferSize + 1);
memset(bufSend, 0, nSendBufferSize + 1);
sprintf((char *)bufSend, "EHLO %s\r\n", _psSessionData->szEHLO);
if (medusaSend(hSocket, bufSend, strlen((char *)bufSend), 0) < 0)
{
writeError(ERR_ERROR, "[%s] Failed: medusaSend was not successful", MODULE_NAME);
FREE(bufSend);
return FAILURE;
}
FREE(bufSend);
nReceiveBufferSize = 0;
if ((medusaReceiveRegex(hSocket, &bufReceive, &nReceiveBufferSize, "250 .*\r\n") == FAILURE) || (bufReceive == NULL))
{
writeError(ERR_ERROR, "[%s] failed: Server did not respond with '250'. Exiting...", MODULE_NAME);
FREE(bufReceive);
return FAILURE;
}
/* If server supports STARTTLS and we are not already within a SSL connection, let's use it. */
if ((params->nUseSSL == 0) && (strstr((char *)bufReceive, "STARTTLS") != NULL))
{
FREE(bufReceive);
writeError(ERR_DEBUG_MODULE, "[%s] Initiating STARTTLS session.", MODULE_NAME);
bufSend = malloc(10 + 1);
memset(bufSend, 0, 10 + 1);
sprintf((char *)bufSend, "STARTTLS\r\n");
if (medusaSend(hSocket, bufSend, strlen((char *)bufSend), 0) < 0)
{
writeError(ERR_ERROR, "[%s] failed: medusaSend was not successful", MODULE_NAME);
FREE(bufSend);
return FAILURE;
}
FREE(bufSend);
nReceiveBufferSize = 0;
if ((medusaReceiveRegex(hSocket, &bufReceive, &nReceiveBufferSize, "^220 .*\r\n") == FAILURE) || (bufReceive == NULL))
{
writeError(ERR_ERROR, "[%s] failed: Server did not respond with '220'. Exiting...", MODULE_NAME);
FREE(bufReceive);
return FAILURE;
}
else
{
FREE(bufReceive);
params->nSSLVersion = 3.1; /* Force the use of TLSv1 */
if (medusaConnectSocketSSL(params, hSocket) < 0)
{
writeError(ERR_ERROR, "[%s] Failed to establish SSLv3 connection.", MODULE_NAME);
return FAILURE;
}
/* Resend EHLO greeting as the AUTH types may have changed. */
writeError(ERR_DEBUG_MODULE, "[%s] Sending SMTP EHLO greeting.", MODULE_NAME);
nSendBufferSize = 5 + strlen(_psSessionData->szEHLO) + 2;
bufSend = malloc(nSendBufferSize + 1);
memset(bufSend, 0, nSendBufferSize + 1);
sprintf((char *)bufSend, "EHLO %s\r\n", _psSessionData->szEHLO);
if (medusaSend(hSocket, bufSend, strlen((char *)bufSend), 0) < 0)
{
writeError(ERR_ERROR, "[%s] Failed: medusaSend was not successful", MODULE_NAME);
FREE(bufSend);
return FAILURE;
}
FREE(bufSend);
nReceiveBufferSize = 0;
if ((medusaReceiveRegex(hSocket, &bufReceive, &nReceiveBufferSize, "250 .*\r\n") == FAILURE) || (bufReceive == NULL))
{
writeError(ERR_ERROR, "[%s] failed: Server did not respond with '250'. Exiting...", MODULE_NAME);
FREE(bufReceive);
return FAILURE;
}
}
}
/* Process SMTP supported authentication types */
if (_psSessionData->nAuthType != AUTH_UNKNOWN)
{
writeError(ERR_DEBUG_MODULE, "[%s] Ignoring server requested AUTH type and using user-specified value.", MODULE_NAME);
}
else if ((strstr((char *)bufReceive, "AUTH=LOGIN") != NULL))
{
writeError(ERR_DEBUG_MODULE, "Detected authentication type: LOGIN");
_psSessionData->nAuthType = AUTH_LOGIN;
}
else if ((strstr((char *)bufReceive, "AUTH=PLAIN") != NULL))
{
writeError(ERR_DEBUG_MODULE, "Detected authentication type: PLAIN");
_psSessionData->nAuthType = AUTH_PLAIN;
}
else if ((strstr((char *)bufReceive, "AUTH ") != NULL))
{
if ((strstr((char *)bufReceive, "LOGIN") != NULL))
{
writeError(ERR_DEBUG_MODULE, "Detected authentication type: LOGIN");
_psSessionData->nAuthType = AUTH_LOGIN;
}
else if ((strstr((char *)bufReceive, "PLAIN") != NULL))
{
writeError(ERR_DEBUG_MODULE, "Detected authentication type: PLAIN");
_psSessionData->nAuthType = AUTH_PLAIN;
}
else if ((strstr((char *)bufReceive, "NTLM") != NULL))
{
writeError(ERR_DEBUG_MODULE, "Detected authentication type: NTLM");
_psSessionData->nAuthType = AUTH_NTLM;
}
}
else
{
writeError(ERR_ERROR, "%s failed: Server did not respond that it supported LOGIN, PLAIN or NTLM as an authentication type. Use the AUTH module option to force the use of an authentication type.", MODULE_NAME);
return FAILURE;
}
FREE(bufReceive);
return SUCCESS;
}
int tryLogin(int hSocket, sLogin** psLogin, char* szLogin, char* szPassword)
{
char ipaddr_str[INET_ADDRSTRLEN];
int iRet;
unsigned char bufSend[BUF_SIZE];
unsigned char* bufReceive;
int nReceiveBufferSize = 0;
/* send username */
memset(bufSend, 0, sizeof(bufSend));
bufSend[0]=0x00;
strncpy(bufSend+1, szLogin, strlen(szLogin));
bufSend[strlen(szLogin)+1]=0x00;
strncpy(bufSend+2+strlen(szLogin), szLogin, strlen(szLogin));
bufSend[strlen(szLogin)+1+strlen(szLogin)+1]=0x00;
strncpy(bufSend+1+strlen(szLogin)+1+strlen(szLogin)+1, "xterm", 5);
bufSend[strlen(szLogin)+1+strlen(szLogin)+1+7]=0x00;
if (medusaSend(hSocket, bufSend, strlen(szLogin)+1+strlen(szLogin)+1+7 , 0) < 0)
{
writeError(ERR_ERROR, "%s failed: medusaSend was not successful", MODULE_NAME);
}
nReceiveBufferSize = 0;
bufReceive = medusaReceiveRaw(hSocket, &nReceiveBufferSize);
if (bufReceive == NULL)
{
writeError(ERR_ERROR, "%s failed: medusaReceive returned no data.", MODULE_NAME);
return FAILURE;
}
bufReceive = medusaReceiveRaw(hSocket, &nReceiveBufferSize);
if (bufReceive == NULL)
{
writeError(ERR_ERROR, "%s failed: medusaReceive returned no data.", MODULE_NAME);
return FAILURE;
}
else if (strstr(bufReceive,"Incorrect") != NULL)
{
writeError(ERR_DEBUG_MODULE, "%s : Login attempt failed here.", MODULE_NAME);
(*psLogin)->iResult = LOGIN_RESULT_FAIL;
iRet = MSTATE_NEW;
}
else if (strstr(bufReceive,"Password") != NULL)
{
writeError(ERR_DEBUG_MODULE, "%s : Login attempt asked for password.", MODULE_NAME);
sprintf(bufSend,"%s\r",szPassword);
if (medusaSend(hSocket, bufSend, strlen(bufSend) , 0) < 0)
{
writeError(ERR_ERROR, "%s failed: medusaSend was not successful", MODULE_NAME);
}
nReceiveBufferSize = 0;
bufReceive = medusaReceiveRaw(hSocket, &nReceiveBufferSize);
if (bufReceive == NULL)
{
writeError(ERR_ERROR, "%s failed: medusaReceive returned no data.", MODULE_NAME);
return FAILURE;
}
else if (strstr(bufReceive,"incorrect") != NULL)
{
writeError(ERR_DEBUG_MODULE, "%s : Login attempt failed here.", MODULE_NAME);
(*psLogin)->iResult = LOGIN_RESULT_FAIL;
iRet = MSTATE_NEW;
}
else {
/* We can't tell for sure but it wasn't a failure or a password prompt */
writeError(ERR_DEBUG_MODULE, "%s : Login attempt succeeded via password send.", MODULE_NAME);
(*psLogin)->iResult = LOGIN_RESULT_SUCCESS;
iRet = MSTATE_EXITING;
}
}
else
{
/* We can't tell for sure but it wasn't a failure or a password prompt */
writeError(ERR_INFO, "%s : Login attempt succeeded via .rhosts", MODULE_NAME);
(*psLogin)->iResult = LOGIN_RESULT_SUCCESS;
iRet = MSTATE_EXITING;
}
FREE(bufReceive);
setPassResult((*psLogin), szPassword);
return(iRet);
}
