/*
* Calculates a SHA1 hash digest, if openssl library was available
* on the system, or a less secure MD5 hash digest.
*/
static Octstr *our_hash_func(Octstr *os)
{
#ifdef HAVE_LIBSSL
/* use openssl's SHA1 */
EVP_MD_CTX mdctx;
const EVP_MD *md;
unsigned char md_value[EVP_MAX_MD_SIZE];
unsigned int md_len;
Octstr *ret;
md = EVP_get_digestbyname("sha1");
EVP_MD_CTX_init(&mdctx);
EVP_DigestInit_ex(&mdctx, md, NULL);
EVP_DigestUpdate(&mdctx, octstr_get_cstr(os), octstr_len(os));
EVP_DigestFinal_ex(&mdctx, md_value, &md_len);
EVP_MD_CTX_cleanup(&mdctx);
ret = octstr_create_from_data((char*) md_value, md_len);
octstr_binary_to_hex(ret, 0);
return ret;
#else
/* fallback to our own MD5 if we don't have openssl available */
return md5digest(os);
#endif
}
int main(int argc, char **argv)
{
Octstr *data, *enc;
gwlib_init();
get_and_set_debugs(argc, argv, NULL);
if (argc < 2)
panic(0, "Syntax: %s <txt>\n", argv[0]);
data = octstr_create(argv[1]);
enc = md5(data);
debug("",0,"MD5:");
octstr_dump(enc, 0);
octstr_destroy(enc);
enc = md5digest(data);
debug("",0,"MD5 (digest):");
octstr_dump(enc, 0);
#ifdef HAVE_LIBSSL
OpenSSL_add_all_digests();
octstr_destroy(enc);
enc = our_hash_func(data);
debug("",0,"SHA1:");
octstr_dump(enc, 0);
octstr_binary_to_hex(enc, 0);
debug("",0,"SHA1 (digest):");
octstr_dump(enc, 0);
#endif
octstr_destroy(data);
octstr_destroy(enc);
gwlib_shutdown();
return 0;
}
static char *uri2thumbpath(request_rec *r, const char *uri, const char *size)
{
server_config *conf
= ap_get_module_config(r->server->module_config, &thumb_module);
char *path = "";
char *digest = md5digest(r, uri);
int i;
for (i = 0; i < conf->thumb_dir_depth; i++) {
char sub[2] = "";
strncpy(sub, digest + i, 1);
path = apr_pstrcat(r->pool, path,
apr_pstrcat(r->pool, "/", sub, NULL), NULL);
}
path = apr_pstrcat(r->pool, conf->thumb_root, "/",
size, path, "/", digest, ".jpg", NULL);
ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r,
"Thumbnail path: %s", path);
return path;
}
int main(int argc, char *argv[])
{
// Check number of arguments
if (argc < 3)
{
printf("Usage: %s plain_file rainbow_file\n", argv[0]);
exit(1);
}
// Open dictionary for reading in text mode
FILE *df = fopen(argv[1], "r");
if (!df)
{
printf("Can't open %s for reading.\n", argv[1]);
exit(1);
}
// Open rainbow file for writing and reading in binary mode
FILE *rf = fopen(argv[2], "w+b");
if (!rf)
{
printf("Can't open %s for writing.\n", argv[2]);
exit(1);
}
char pw[21];
int count = 0;
int loc = 0;
struct entry blank = { .pass = ""};
while (fgets(pw, 21, df) != NULL)
{
// Trim newline
pw[strcspn(pw, "\n")] = '\0';
// Hash it
unsigned char *ph = md5digest(pw, strlen(pw));
// Put hash and plain into entry
struct entry e;
memcpy(e.hash, ph, 16);
strcpy(e.pass, pw);
// Extract first 3 bytes and make an int out of them.
int idx = ph[0] * 65536 + ph[1] * 256 + ph[2];
// Store entry at that location in file
int file_location = idx * sizeof(struct entry);
struct entry tmp;
// Seek to the file location
if (fseek(rf, file_location, SEEK_SET) < 0)
{
printf("fseek: %s\n", strerror(errno));
}
// Find the first unused slot
int fread_result;
do
{
// Read the entry here
fread_result = fread(&tmp, sizeof(struct entry), 1, rf);
}
while (fread_result && memcmp(&blank, &tmp, sizeof(struct entry)) != 0);
// Found a blank spot. Need to return to it.
if (fread_result)
{
if (fseek(rf, -sizeof(struct entry), SEEK_CUR) < 0)
printf("Can't fseek back 1 entry\n");
}
// Write to disk
if (!fwrite(&e, sizeof(struct entry), 1, rf))
printf("Can't write to file\n");
if (count % 10000 == 0) printf("%d\n", count);
count++;
loc += strlen(pw) + 1;
}
fclose(rf);
fclose(df);
}
void send_file(per_request *reqInfo, struct stat *fi, char allow_options)
{
FILE *f;
#ifdef BLACKOUT_CODE
int isblack = FALSE;
#endif /* BLACKOUT_CODE */
if ((reqInfo->method != M_GET) && (reqInfo->method != M_HEAD)) {
sprintf(error_msg,"%s to non-script",methods[reqInfo->method]);
die(reqInfo,SC_NOT_IMPLEMENTED,error_msg);
}
set_content_type(reqInfo,reqInfo->filename);
if((allow_options & OPT_INCLUDES) && (!reqInfo->outh_content_encoding[0])) {
#ifdef XBITHACK
if((fi->st_mode & S_IXUSR) ||
(!strcmp(reqInfo->outh_content_type,INCLUDES_MAGIC_TYPE))) {
#else
if(!strcmp(reqInfo->outh_content_type,INCLUDES_MAGIC_TYPE)) {
#endif /* XBITHACK */
reqInfo->bytes_sent = 0;
send_parsed_file(reqInfo, allow_options & OPT_INCNOEXEC);
log_transaction(reqInfo);
return;
}
}
if (reqInfo->path_info[0]) {
strcat(reqInfo->filename,reqInfo->path_info);
strcat(reqInfo->url,reqInfo->path_info);
sprintf(error_msg,"No file matching URL: %s",reqInfo->url);
log_reason(reqInfo, error_msg, reqInfo->filename);
die(reqInfo,SC_NOT_FOUND,reqInfo->url);
}
if(!(f=FOpen(reqInfo->filename,"r"))) {
if (errno == EACCES) {
log_reason(reqInfo,"(1) file permissions deny server access",
reqInfo->filename);
/* we've already established that it exists */
die(reqInfo,SC_FORBIDDEN,reqInfo->url);
} else {
/* We know an error occured, of an unexpected variety.
* This could be due to no more file descriptors. We have this
* child exit after this stage so that errors of state are
* swept under the carpet.
*/
standalone = 0;
sprintf(error_msg,"File Open error, errno=%d",errno);
log_reason(reqInfo,error_msg,reqInfo->filename);
die(reqInfo,SC_SERVER_ERROR,error_msg);
}
}
reqInfo->bytes_sent = 0;
#ifdef BLACKOUT_CODE
if (!strcmp(reqInfo->outh_content_type,BLACKOUT_MAGIC_TYPE)) {
isblack = TRUE;
strcpy(reqInfo->outh_content_type,"text/html");
}
#endif /* BLACKOUT_CODE */
if(reqInfo->http_version != P_HTTP_0_9) {
/* No length dependent headers since black is parsed */
#ifdef BLACKOUT_CODE
if (isblack == FALSE) {
#endif /* BLACKOUT_CODE */
#ifdef CONTENT_MD5
reqInfo->outh_content_md5 = (unsigned char *)md5digest(f);
#endif /* CONTENT_MD5 */
set_content_length(reqInfo,fi->st_size);
if (set_last_modified(reqInfo,fi->st_mtime)) {
FClose(f);
return;
}
}
if (reqInfo->http_version != P_HTTP_0_9) {
send_http_header(reqInfo);
}
#ifdef BLACKOUT_CODE
}
#endif /* BLACKOUT_CODE */
if(reqInfo->method != M_HEAD) {
#ifdef BLACKOUT_CODE
if (isblack == TRUE)
send_fp_black(reqInfo,f,NULL);
else
#endif /* BLACKOUT_CODE */
send_fp(reqInfo,f,NULL);
}
log_transaction(reqInfo);
FClose(f);
}
void send_dir(per_request *reqInfo,struct stat *finfo, char allow_options) {
char *name_ptr, *end_ptr;
char *ifile, *temp_name;
ifile = newString(HUGE_STRING_LEN,STR_TMP);
temp_name = newString(HUGE_STRING_LEN,STR_TMP);
/* Path Alias (pa) array should now have the trailing slash */
/* if (pa[0] != '/') { */
if ((reqInfo->filename[strlen(reqInfo->filename) - 1] != '/') &&
(reqInfo->path_info[0] != '/')) {
strcpy_dir(ifile,reqInfo->url);
construct_url(temp_name,reqInfo->hostInfo,ifile);
escape_url(temp_name);
die(reqInfo,SC_REDIRECT_PERM,temp_name);
}
/* Don't allow PATH_INFO to directory indexes as a compromise for
error messages for files which don't exist */
if ((reqInfo->path_info[0] != '\0') || (strlen(reqInfo->path_info) > 1)) {
strcat(reqInfo->filename,reqInfo->path_info);
strcat(reqInfo->url,reqInfo->path_info);
sprintf(error_msg,"No file matching URL: %s",reqInfo->url);
log_reason(reqInfo, error_msg, reqInfo->filename);
freeString(temp_name);
freeString(ifile);
die(reqInfo,SC_NOT_FOUND,reqInfo->url);
}
strncpy(temp_name, reqInfo->hostInfo->index_names, HUGE_STRING_LEN-1);
end_ptr = name_ptr = temp_name;
while (*name_ptr) {
while (*name_ptr && isspace (*name_ptr)) ++name_ptr;
end_ptr = name_ptr;
if (strchr(end_ptr, ' ') ) {
end_ptr = strchr(name_ptr, ' ');
*end_ptr = '\0';
end_ptr++;
} else
end_ptr += strlen(end_ptr);
make_full_path(reqInfo->filename,name_ptr,ifile);
if(stat(ifile,finfo) == -1) {
if(! *end_ptr && (allow_options & OPT_INDEXES)) {
if (reqInfo->path_info[0]) {
strcat(reqInfo->filename,reqInfo->path_info);
strcat(reqInfo->url,reqInfo->path_info);
log_reason(reqInfo,"file does not exist",reqInfo->filename);
freeString(ifile);
freeString(temp_name);
die(reqInfo,SC_NOT_FOUND,reqInfo->url);
}
if ((reqInfo->method != M_GET) && (reqInfo->method != M_HEAD)) {
sprintf(error_msg,"%s to non-script",methods[reqInfo->method]);
freeString(ifile);
freeString(temp_name);
die(reqInfo,SC_NOT_IMPLEMENTED,error_msg);
}
index_directory(reqInfo);
freeString(ifile);
freeString(temp_name);
return;
} else if (! *end_ptr) {
log_reason(reqInfo,"(2) file permissions deny server access",
reqInfo->filename);
freeString(ifile);
freeString(temp_name);
die(reqInfo,SC_FORBIDDEN,reqInfo->url);
}
} else {
strcpy(reqInfo->filename,ifile);
probe_content_type(reqInfo,reqInfo->filename);
if(!strcmp(reqInfo->outh_content_type,CGI_MAGIC_TYPE))
send_cgi(reqInfo,finfo,allow_options);
else
send_file(reqInfo,finfo,allow_options);
freeString(ifile);
freeString(temp_name);
return;
}
name_ptr = end_ptr;
}
}
// --------------------------------------------------------------------------
// AuthDIGEST_MD5: Performs a Digest-MD5 authentication with the server.
//
gogoc_status AuthDIGEST_MD5(pal_socket_t socket, net_tools_t *nt, tConf *conf, tBrokerList **broker_list, int version_index)
{
char Buffer[4096], Response[33], cResponse[33], *ChallengeString;
char string[] = "AUTHENTICATE DIGEST-MD5\r\n";
char BufferIn[REDIRECT_RECEIVE_BUFFER_SIZE];
time_t cnonce = pal_time(NULL);
tChallenge c;
sint32_t tsp_status;
// Send authentication mode.
memset(BufferIn, 0, sizeof(BufferIn));
if( nt->netsendrecv(socket, string, sizeof(string), BufferIn, sizeof(BufferIn)) == -1 )
{
Display(LOG_LEVEL_1, ELError, "AuthDIGEST_MD5", STR_NET_FAIL_RW_SOCKET);
return make_status(CTX_TSPAUTHENTICATION, ERR_SOCKET_IO);
}
tsp_status = tspGetStatusCode(BufferIn);
// Check if the reply status indicated a broker redirection.
if( tspIsRedirectStatus(tsp_status) )
{
if( tspHandleRedirect(BufferIn, conf, broker_list) == TSP_REDIRECT_OK )
{
// Return a REDIRECT event.
return make_status(CTX_TSPAUTHENTICATION, EVNT_BROKER_REDIRECTION);
}
else
{
// Redirect error.
return make_status(CTX_TSPAUTHENTICATION, ERR_BROKER_REDIRECTION);
}
}
// Check for error in status.
if( tsp_status == TSP_PROTOCOL_AUTH_FAILED )
{
// Failed authentication.
Display(LOG_LEVEL_1, ELError, "AuthDIGEST_MD5", STR_TSP_AUTH_FAILED_USER, conf->userid);
return make_status(CTX_TSPAUTHENTICATION, ERR_AUTHENTICATION_FAILURE);
}
// Allocate memory for challenge string.
if( (ChallengeString = pal_malloc(pal_strlen(BufferIn) + 1)) == NULL )
{
Display(LOG_LEVEL_1, ELError, "AuthDIGEST_MD5", STR_GEN_MALLOC_ERROR);
return make_status(CTX_TSPAUTHENTICATION, ERR_MEMORY_STARVATION);
}
base64decode(ChallengeString, BufferIn);
ExtractChallenge(&c, ChallengeString);
pal_free(ChallengeString);
{
/*-----------------------------------------------------------*/
/*
Extract from : RFC 2831 Digest SASL Mechanism
Let H(s) be the 16 octet MD5 hash [RFC 1321] of the octet string s.
Let KD(k, s) be H({k, ":", s}), i.e., the 16 octet hash of the string
k, a colon and the string s.
Let HEX(n) be the representation of the 16 octet MD5 hash n as a
string of 32 hex digits (with alphabetic characters always in lower
case, since MD5 is case sensitive).
response-value =
HEX( KD ( HEX(H(A1)),
{ nonce-value, ":" nc-value, ":",
cnonce-value, ":", qop-value, ":", HEX(H(A2)) }))
If authzid is not specified, then A1 is
A1 = { H( { username-value, ":", realm-value, ":", passwd } ),
":", nonce-value, ":", cnonce-value }
If the "qop" directive's value is "auth", then A2 is:
A2 = { "AUTHENTICATE:", digest-uri-value }
*/
char *A1_1Fmt = "%s:%s:%s",
#ifndef WIN32
*A1Fmt = ":%s:%lu",
*ChallRespFmt = "%s:%s:00000001:%lu:%s:%s",
*ResponseFmt = "charset=%s,username=\"%s\",realm=\"%s\",nonce=\"%s\",nc=00000001,cnonce=\"%lu\",digest-uri=\"tsp/%s\",response=%s,qop=auth",
#else
// 64 bit version.
*A1Fmt = ":%s:%I64d",
*ChallRespFmt = "%s:%s:00000001:%I64d:%s:%s",
*ResponseFmt = "charset=%s,username=\"%s\",realm=\"%s\",nonce=\"%s\",nc=00000001,cnonce=\"%I64d\",digest-uri=\"tsp/%s\",response=%s,qop=auth",
#endif
*A2Fmt = "%s:tsp/%s",
A1[33], A1_1[33], A2[33], cA2[33], *String;
size_t len;
/*-----------------------------------------------------------*/
/* Build HEX(H(A2)) & HEX(H(cA2)) */
len = pal_strlen(A2Fmt) + 12 /* AUTHENTICATE */ + pal_strlen(conf->server) + 1;
if( (String = pal_malloc(len)) == NULL )
{
Display(LOG_LEVEL_1, ELError, "AuthDIGEST_MD5", STR_GEN_MALLOC_ERROR);
return make_status(CTX_TSPAUTHENTICATION, ERR_MEMORY_STARVATION);
}
pal_snprintf(String, len, A2Fmt, "AUTHENTICATE", conf->server);
#if defined(_DEBUG) || defined(DEBUG)
printf("A2 = %s\n", String);
#endif
strncpy(A2, md5(String, pal_strlen(String)), 33);
pal_snprintf(String, len, A2Fmt, "", conf->server);
#if defined(_DEBUG) || defined(DEBUG)
printf("cA2 = %s\n", String);
#endif
strncpy(cA2, md5(String, pal_strlen(String)), 33);
pal_free(String);
/*-----------------------------------------------------------*/
/* Build HEX(H(A1)) */
/* A1_1 = { username-value, ":", realm-value, ":", passwd } */
/* A1 = { H( A1_1 ), ":", nonce-value, ":", cnonce-value } */
len = pal_strlen(A1_1Fmt) + pal_strlen(conf->userid) +
pal_strlen(c.realm) + pal_strlen(conf->passwd) + 1;
if( (String = pal_malloc(len)) == NULL )
{
Display(LOG_LEVEL_1, ELError, "AuthDIGEST_MD5", STR_GEN_MALLOC_ERROR);
return make_status(CTX_TSPAUTHENTICATION, ERR_MEMORY_STARVATION);
}
pal_snprintf(String, len, A1_1Fmt, conf->userid, c.realm, conf->passwd);
#if defined(_DEBUG) || defined(DEBUG)
printf("A1_1 = %s\n", String);
#endif
md5digest(String, pal_strlen(String), A1_1);
pal_free(String);
len = 16 /* A1_1 */ + 1 +
pal_strlen(c.nonce) + 16 /* cnonce */ + 1;
if( (String = pal_malloc(len)) == NULL )
{
Display(LOG_LEVEL_1, ELError, "AuthDIGEST_MD5", STR_GEN_MALLOC_ERROR);
return make_status(CTX_TSPAUTHENTICATION, ERR_MEMORY_STARVATION);
}
memcpy(String, A1_1, 16);
pal_snprintf(String + 16, len - 16, A1Fmt, c.nonce, cnonce);
#ifdef SUPPORT_MD5_BUG1455
A1_1[16] = '\0';
if ((pal_strlen(A1_1) < 16) &&
!((pal_strlen(TSPProtoVerStr[version_index]) > 5) ||
(strcmp(TSPProtoVerStr[version_index], CLIENT_VERSION_STRING_2_0_0) > 0)))
strncpy(A1, md5(String, pal_strlen(String)), 33);
else
#endif /* SUPPORT_MD5_BUG1455 */
strncpy(A1, md5(String, 16 + pal_strlen(String + 16)), 33);
pal_free(String);
#if defined(_DEBUG) || defined(DEBUG)
printf("A1 = [%s]\n", A1);
#endif
/*-----------------------------------------------------------*/
/* Build server's and client's challenge responses */
len = pal_strlen(ChallRespFmt) + 32 /* md5(A1) */ + pal_strlen(c.nonce) +16 /* cnonce */ + pal_strlen(c.qop) + 32 /* md5(A2) */ + 1;
if((String = pal_malloc(len)) == NULL)
{
Display(LOG_LEVEL_1, ELError, "AuthDIGEST_MD5", STR_GEN_MALLOC_ERROR);
return make_status(CTX_TSPAUTHENTICATION, ERR_MEMORY_STARVATION);
}
pal_snprintf(String, len, ChallRespFmt, A1, c.nonce, cnonce, c.qop, A2);
#if defined(_DEBUG) || defined(DEBUG)
printf("Response = [%s]\n", String);
#endif
strncpy(Response, md5(String, pal_strlen(String)), 33);
#if defined(_DEBUG) || defined(DEBUG)
printf("MD5 Response = %s\n", Response);
#endif
pal_snprintf(String, len, ChallRespFmt, A1, c.nonce, cnonce, c.qop, cA2);
#if defined(_DEBUG) || defined(DEBUG)
printf("cResponse = [%s]\n", String);
#endif
strncpy(cResponse, md5(String, pal_strlen(String)), 33);
#if defined(_DEBUG) || defined(DEBUG)
printf("MD5 cResponse = %s\n", cResponse);
#endif
pal_free(String);
/*-----------------------------------------------------------*/
/* Build Response */
{
char userid[512]; // UserId is theorically limited to 253 chars.
char * cc;
size_t i;
// Escape malicious " and \ from conf->userid.
for(cc=conf->userid, i=0; *cc && i<512; cc++, i++)
{
// Prepend a backslash (\).
if( *cc == '"' || *cc == '\\' )
userid[i++] = '\\';
// Copy character.
userid[i] = *cc;
}
userid[i] = '\0';
len = pal_strlen(ResponseFmt) + pal_strlen(c.charset) + pal_strlen(userid) +
pal_strlen(c.realm) + pal_strlen(c.nonce) + 16 /*cnonce*/ +
pal_strlen(conf->server) + 32 /* md5 response */;
if( (String = pal_malloc(len)) == NULL )
{
Display(LOG_LEVEL_1, ELError, "AuthDIGEST_MD5", STR_GEN_MALLOC_ERROR);
return make_status(CTX_TSPAUTHENTICATION, ERR_MEMORY_STARVATION);
}
pal_snprintf(String, len, ResponseFmt, c.charset, userid, c.realm, c.nonce, cnonce, conf->server, Response);
memset(Buffer, 0, sizeof(Buffer));
base64encode(Buffer, String, (int)pal_strlen(String));
pal_free(String);
}
}
// Send authentication data.
memset(BufferIn, 0, sizeof(BufferIn));
if( nt->netprintf(socket, BufferIn, sizeof(BufferIn), "%s\r\n", Buffer) == -1 )
{
Display(LOG_LEVEL_1, ELError, "AuthDIGEST_MD5", STR_NET_FAIL_W_SOCKET);
return make_status(CTX_TSPAUTHENTICATION, ERR_SOCKET_IO);
}
tsp_status = tspGetStatusCode(BufferIn);
// Check if the reply status indicated a broker redirection.
if( tspIsRedirectStatus(tsp_status) )
{
if( tspHandleRedirect(BufferIn, conf, broker_list) == TSP_REDIRECT_OK )
{
// Return a REDIRECT event.
return make_status(CTX_TSPAUTHENTICATION, EVNT_BROKER_REDIRECTION);
}
else
{
// Redirect error.
return make_status(CTX_TSPAUTHENTICATION, ERR_BROKER_REDIRECTION);
}
}
/*-----------------------------------------------------------*/
/* Verify server response */
if( tsp_status == TSP_PROTOCOL_AUTH_FAILED )
{
// Failed authentication.
Display(LOG_LEVEL_1, ELError, "AuthDIGEST_MD5", STR_TSP_AUTH_FAILED_USER, conf->userid);
return make_status(CTX_TSPAUTHENTICATION, ERR_AUTHENTICATION_FAILURE);
}
if( (ChallengeString = pal_malloc(pal_strlen(BufferIn) + 1)) == NULL )
{
Display(LOG_LEVEL_1, ELError, "AuthDIGEST_MD5", STR_GEN_MALLOC_ERROR);
return make_status(CTX_TSPAUTHENTICATION, ERR_MEMORY_STARVATION);
}
base64decode(ChallengeString, BufferIn);
ExtractChallenge(&c, ChallengeString);
pal_free(ChallengeString);
if( memcmp(c.rspauth, cResponse, 32) )
{
Display(LOG_LEVEL_1, ELError, "AuthDIGEST_MD5", STR_MISC_INVALID_MD5_RESPONSE);
return make_status(CTX_TSPAUTHENTICATION, ERR_AUTHENTICATION_FAILURE);
}
// Receive reply.
if( nt->netrecv(socket, Buffer, sizeof(Buffer) ) == -1 )
{
Display(LOG_LEVEL_1, ELError, "AuthDIGEST_MD5", STR_NET_FAIL_R_SOCKET);
return make_status(CTX_TSPAUTHENTICATION, ERR_SOCKET_IO);
}
tsp_status = tspGetStatusCode(Buffer);
// Check if the reply status indicated a broker redirection.
if( tspIsRedirectStatus(tsp_status) )
{
if( tspHandleRedirect(Buffer, conf, broker_list) == TSP_REDIRECT_OK )
{
// Return a REDIRECT event.
return make_status(CTX_TSPAUTHENTICATION, EVNT_BROKER_REDIRECTION);
}
else
{
// Redirect error.
return make_status(CTX_TSPAUTHENTICATION, ERR_BROKER_REDIRECTION);
}
}
// Check if authentication was successful.
switch( tsp_status )
{
case TSP_PROTOCOL_SUCCESS:
break;
case TSP_PROTOCOL_AUTH_FAILED:
Display(LOG_LEVEL_1, ELError, "AuthDIGEST_MD5", STR_TSP_AUTH_FAILED_USER, conf->userid);
return make_status(CTX_TSPAUTHENTICATION, ERR_AUTHENTICATION_FAILURE);
default:
Display(LOG_LEVEL_1, ELError, "AuthDIGEST_MD5", STR_TSP_UNKNOWN_ERR_AUTH_FAILED, tspGetTspStatusStr(tsp_status));
return make_status(CTX_TSPAUTHENTICATION, ERR_TSP_GENERIC_ERROR);
}
// Successful MD5 authentication.
return make_status(CTX_TSPAUTHENTICATION, SUCCESS);
}
void get_packet(u_char *args, const struct pcap_pkthdr *header, const u_char *packet)
{
const struct eap_header *eap_header
= (struct eap_header *) (&packet[ETH_HLEN+AUTH_HLEN]);
ehid = eap_header->eap_id;
switch (eap_header->eap_code) {
case EAP_CODE_REQUEST:
switch (eap_header->eap_type) {
case EAP_REQUEST_IDENTITY:
if (state == STARTED) {
fprintf(stdout, "Identification Received\n");
state = IDENTIFIED;
send_eap_packet(EAP_RESPONSE_IDENTITY);
}
else {
fprintf(stdout, "Warning: we haven't started\n");
}
return;
case EAP_REQUEST_NOTIFICATION:
/* got this packet if authentication failed or in use*/
fprintf(stdout, "Server Notification: %s\n",
packet+ETH_HLEN+AUTH_HLEN+EAP_HLEN);
send_eap_packet(EAP_RESPONSE_MD5_CHALLENGE);
return;
case EAP_REQUEST_MD5_CHALLENGE:
state = AUTHED;
fprintf(stdout, "MD5 Challenge Received\n");
memcpy(md5_challenge,
packet+ETH_HLEN+AUTH_HLEN+EAP_HLEN+0x01,
0x10);
md5digest();
send_eap_packet(EAP_RESPONSE_MD5_CHALLENGE);
return;
}
case EAP_CODE_SUCCESS:
state = ONLINE;
fprintf(stdout, "Login Successfully\n");
if ( system(dhclientcmd) == -1 ) {
fprintf(stderr, "Error while executing dhclient\n");
error_handle(-2);
}
dhcp = 1;
get_ip();
if ( init_udp() == -1) {
error_handle(-2);
}
init_daemon();
alarm(31);
return;
case EAP_CODE_FAILURE:
if ( state == ONLINE || state == AUTHED) {
fprintf(stdout, "Logout\n");
pcap_breakloop(handle);
}
return;
}
fprintf(stderr, "FATAL: Unknown packet[eap_code(%02x), eap_id(%02x), eap_type(%02x)]\n", eap_header->eap_code, eap_header->eap_id, eap_header->eap_type);
fprintf(stderr, "Waring: I won't respond to this unknown packet\n");
return;
}
