int SMTPLogin(STREAM *S, int Caps, const char *User, const char *Pass) { char *Tempstr=NULL, *Base64=NULL, *ptr; int len, result=FALSE; if (Caps & CAP_AUTH_LOGIN) { Tempstr=CopyStr(Tempstr, "AUTH LOGIN\r\n"); if (SMTPInteract(Tempstr, S)) { Base64=EncodeBytes(Base64, User, StrLen(User), ENCODE_BASE64); Tempstr=MCopyStr(Tempstr, Base64, "\r\n", NULL); if (SMTPInteract(Tempstr, S)) { Base64=EncodeBytes(Base64, Pass, StrLen(Pass), ENCODE_BASE64); Tempstr=MCopyStr(Tempstr, Base64, "\r\n", NULL); if (SMTPInteract(Tempstr, S)) result=TRUE; } } } else if (Caps & CAP_AUTH_PLAIN) { Tempstr=SetStrLen(Tempstr, StrLen(User) + StrLen(Pass) +10); //this isn't what it looks like. The '\0' here do not terminate the string //as this authentication system uses a string with '\0' as separators len=StrLen(User); ptr=Tempstr; memcpy(ptr, User, len); ptr+=len; *ptr='\0'; ptr++; len=StrLen(Pass); memcpy(ptr, Pass, len); ptr+=len; *ptr='\0'; ptr++; Base64=EncodeBytes(Base64, Tempstr, ptr-Tempstr, ENCODE_BASE64); Tempstr=MCopyStr(Tempstr, "AUTH PLAIN ", Base64, "\r\n",NULL); if (SMTPInteract(Tempstr, S)) result=TRUE; } DestroyString(Tempstr); DestroyString(Base64); return(result); }
int HashFinish(HASH *Hash, int Encoding, char **Return) { char *Token=NULL, *Bytes=NULL, *Hashed=NULL, *ptr; int len; ptr=GetToken(Hash->Type, "\\S", &Token, 0); len=Hash->Finish(Hash, &Bytes); while (StrValid(ptr)) { ptr=GetToken(ptr, "\\S", &Token, 0); len=HashBytes(&Hashed, Token, Bytes, len, 0); Bytes=SetStrLen(Bytes, len); memcpy(Bytes,Hashed,len); } if (Encoding > 0) { *Return=EncodeBytes(*Return, Bytes, len, Encoding); len=StrLen(*Return); } else { *Return=SetStrLen(*Return, len); memcpy(*Return, Bytes, len); } DestroyString(Hashed); DestroyString(Token); DestroyString(Bytes); return(len); }
int PBK2DF2(char **Return, char *Type, char *Bytes, int Len, char *Salt, int SaltLen, uint32_t Rounds, int Encoding) { char *Tempstr=NULL, *Hash=NULL; uint32_t RoundsBE; int i, len, hlen; //Network byte order is big endian RoundsBE=htonl(Rounds); Tempstr=SetStrLen(Tempstr, Len + SaltLen + 20); memcpy(Tempstr, Bytes, Len); memcpy(Tempstr+Len, Salt, SaltLen); memcpy(Tempstr+Len+SaltLen, &RoundsBE, sizeof(uint32_t)); len=Len+SaltLen+sizeof(uint32_t); for (i=0; i <Rounds; i++) { hlen=HashBytes(&Hash, Type, Tempstr, len, 0); Tempstr=SetStrLen(Tempstr, Len + hlen + 20); memcpy(Tempstr, Bytes, Len); memcpy(Tempstr+Len, Hash, hlen); len=Len + hlen; } *Return=EncodeBytes(*Return, Hash, hlen, Encoding); DestroyString(Tempstr); DestroyString(Hash); StrLen(*Return); }
int HashFinishWhirlpool(THash *Hash, int Encoding, char **HashStr) { int count, len; char *Tempstr=NULL, *DigestBuff=NULL; DigestBuff=(char *) calloc(1,WHIRLPOOL_DIGESTBYTES+1); WHIRLPOOLfinalize((WHIRLPOOLstruct *) Hash->Ctx, DigestBuff); free(Hash->Ctx); if (Encoding > 0) { *HashStr=EncodeBytes(*HashStr, DigestBuff, WHIRLPOOL_DIGESTBYTES, Encoding); len=StrLen(*HashStr); } else { len=WHIRLPOOL_DIGESTBYTES; *HashStr=SetStrLen(*HashStr,len); memcpy(*HashStr,DigestBuff,len); } DestroyString(DigestBuff); DestroyString(Tempstr); return(len); }
int HashFinishJH(THash *Hash, int Encoding, char **HashStr) { int count, len; char *Tempstr=NULL, *DigestBuff=NULL; DigestBuff=(char *) calloc(1,1024); len=JHFinal((hashState *) Hash->Ctx, DigestBuff); free(Hash->Ctx); if (Encoding > 0) { *HashStr=EncodeBytes(*HashStr, DigestBuff, len, Encoding); len=StrLen(*HashStr); } else { *HashStr=SetStrLen(*HashStr,len); memcpy(*HashStr,DigestBuff,len); } DestroyString(DigestBuff); DestroyString(Tempstr); return(len); }
int HashFinishSHA512(THash *Hash, int Encoding, char **HashStr) { int count, len; char *Tempstr=NULL, *DigestBuff=NULL; DigestBuff=(char *) calloc(1,SHA2_SHA512_DIGEST_LENGTH+1); SHA2_SHA512_Final(DigestBuff, (SHA2_SHA512_CTX *) Hash->Ctx); free(Hash->Ctx); if (Encoding > 0) { *HashStr=EncodeBytes(*HashStr, DigestBuff, SHA2_SHA512_DIGEST_LENGTH, Encoding); len=StrLen(*HashStr); } else { len=SHA2_SHA512_DIGEST_LENGTH; *HashStr=SetStrLen(*HashStr,len); memcpy(*HashStr,DigestBuff,len); } DestroyString(DigestBuff); DestroyString(Tempstr); return(len); }
int HashFinishSHA1(THash *Hash, int Encoding, char **HashStr) { int count, len; char *Tempstr=NULL, *DigestBuff=NULL; DigestBuff=(char *) calloc(1,SHA1LEN+1); sha1_finish_ctx((struct sha1_ctx *) Hash->Ctx, DigestBuff); free(Hash->Ctx); if (Encoding > 0) { *HashStr=EncodeBytes(*HashStr, DigestBuff, SHA1LEN, Encoding); len=StrLen(*HashStr); } else { len=SHA1LEN; *HashStr=SetStrLen(*HashStr,len); memcpy(*HashStr,DigestBuff,len); } DestroyString(DigestBuff); DestroyString(Tempstr); return(len); }
int HashFinishMD5(THash *Hash, int Encoding, char **HashStr) { int count, len; char *Tempstr=NULL, *DigestBuff=NULL; DigestBuff=(char *) calloc(1,MD5LEN+1); MD5Final(DigestBuff, (MD5_CTX *) Hash->Ctx); free(Hash->Ctx); if (Encoding > 0) { *HashStr=EncodeBytes(*HashStr, DigestBuff, MD5LEN, Encoding); len=StrLen(*HashStr); } else { len=MD5LEN; *HashStr=SetStrLen(*HashStr,len); memcpy(*HashStr,DigestBuff,len); } DestroyString(DigestBuff); DestroyString(Tempstr); return(len); }
int HashFinishCRC(THash *Hash, int Encoding, char **HashStr) { unsigned long crc; int len; len=sizeof(unsigned long); crc32Finish((unsigned long *) Hash->Ctx); //crc=htonl((unsigned long *) Hash->Ctx); free(Hash->Ctx); if (Encoding > 0) { *HashStr=EncodeBytes(*HashStr, (char *) &crc, len, Encoding); return(StrLen(*HashStr)); } else { *HashStr=SetStrLen(*HashStr,len); memcpy(*HashStr,&crc,len); return(len); } }
//This function checks the Paths configured in the server for virtual //documents like cgi scripts or streams, or for directories to which we //are allowed access from outside chroot int VPathProcess(STREAM *S, HTTPSession *Session, int Flags) { ListNode *Curr=NULL, *Default=NULL; TPathItem *PI=NULL; char *Path=NULL, *Tempstr=NULL, *ptr; HTTPSession *VPathSession=NULL; int result=FALSE; Curr=ListGetNext(Settings.VPaths); while (Curr) { if (StrLen(Curr->Tag) < 2) Default=Curr; else if (strncmp(Session->Path,Curr->Tag,StrLen(Curr->Tag))==0) break; Curr=ListGetNext(Curr); } //If Curr is set then we found a VPath if (! Curr) Curr=Default; if (! Curr) return(FALSE); if (Curr) { VPathSession=HTTPSessionClone(Session); PI=(TPathItem *) Curr->Item; result=TRUE; //Some things are configureable on a VPath basis. Set those up. if (PI->CacheTime) VPathSession->CacheTime=PI->CacheTime; if (StrLen(PI->User)) VPathSession->RealUser=CopyStr(VPathSession->RealUser, PI->User); if (StrLen(PI->Group)) VPathSession->Group=CopyStr(VPathSession->Group, PI->Group); VPathSession->Flags &= ~SESSION_UPLOAD; if (PI->Flags & PATHITEM_UPLOAD) VPathSession->Flags |= SESSION_UPLOAD; // if (Flags & HEADERS_POST) HTTPServerHandlePost(S,Session,PI->Type); LogToFile(Settings.LogPath,"APPLYING VPATH: %d [%s] -> [%s] %d",PI->Type,Curr->Tag,PI->Path,VPathSession->Flags & SESSION_UPLOAD); switch (PI->Type) { case PATHTYPE_CGI: LogToFile(Settings.LogPath,"CGI EXEC REQUEST: Script='%s' Path='%s'",GetBasename(Session->Path), PI->Path); ChrootProcessRequest(S, VPathSession, "EXEC", GetBasename(VPathSession->Path), PI->Path); //Don't reuse this session after CGI. CGI program will not send a 'Content-Length' Session->Flags &= ~SESSION_REUSE; break; case PATHTYPE_EXTFILE: VPathHandleFilePath(S,VPathSession,PI,Flags); break; case PATHTYPE_STREAM: HTTPServerHandleStream(S,VPathSession,PI->Path,Flags); break; case PATHTYPE_LOGOUT: VPathSession->Path=FormatStr(VPathSession->Path,"%d-%d-%d",getpid(),time(NULL),rand()); HTTPServerHandleRegister(VPathSession, LOGIN_CHANGE); Path=FormatURL(Path, VPathSession, "/"); Path=MCatStr(Path,"?Logout=",VPathSession->Path,NULL); VPathSession->Flags &= ~SESSION_KEEPALIVE; HTTPServerSendResponse(S, VPathSession, "302", "", Path); break; case PATHTYPE_URL: ChrootProcessRequest(S, VPathSession, "PROXY", PI->Path, ""); break; case PATHTYPE_PROXY: if (StrLen(VPathSession->UserName)) { //We don't normally copy Password into VPATH, so we need to get it from 'Session' if (StrLen(PI->Password)) VPathSession->Password=CopyStr(VPathSession->Password, Session->Password); else VPathSession->Password=CopyStr(VPathSession->Password, Session->Password); Path=MCopyStr(Path,VPathSession->UserName,":",VPathSession->Password,NULL); Tempstr=EncodeBytes(Tempstr, Path, StrLen(Path), ENCODE_BASE64); VPathSession->RemoteAuthenticate=MCopyStr(VPathSession->RemoteAuthenticate,"Basic ",Tempstr,NULL); } Path=MCopyStr(Path,PI->Path,VPathSession->Path+StrLen(PI->URL),NULL); ChrootProcessRequest(S, VPathSession, "PROXY", Path, ""); break; case PATHTYPE_MIMEICONS: VPathMimeIcons(S,VPathSession, PI, Flags); break; default: //We didn't find a VPATH to handle this, so return false result=FALSE; break; } // HTTPSessionDestroy(VPathSession); } DestroyString(Tempstr); DestroyString(Path); return(result); }