00001
00002 Buffer* Base64_DHspki = NULL;
00003 Buffer* Base64_RSAspki = NULL;
00004
00005 Buffer* CRYPT_SharedKey = NULL;
00006 EVP_CIPHER* CRYPT_Type = NULL;
00007 DH* DHkey = NULL;
00008
00009 Buffer* User_ID = NULL;
00010 Buffer* User_Passwd = NULL;
00011 Buffer* User_Salt = NULL;
00012
00013 int No_isNet_Chlng = FALSE;
00014 int Use_isNet_Ldap = FALSE;
00015 int Use_isNet_Crypt = FALSE;
00016
00017
00018
00019 #ifdef ENABLE_LDAP
00020 JBXL_LDAP_Host* LdapHost = NULL;
00021 JBXL_LDAP_Dn* LdapBind = NULL;
00022 #endif
00023
00024
00026
00027
00028
00046 int command_USERID(Buffer operand, Buffer comment, int sock)
00047 {
00048 char* pass = NULL;
00049 char* salt0 = NULL;
00050 char* salt1 = NULL;
00051 char* salt2 = NULL;
00052 Buffer buf;
00053
00054 UNUSED(comment);
00055
00056 pass = get_passwd((char*)operand.buf);
00057 if (pass==NULL) {
00058 tcp_send_crypt_mesg(sock, (char*)"ERR 121 passwd get error.\r\n", CRYPT_SharedKey, CRYPT_Type);
00059 DEBUG_MODE PRINT_MESG("ERR 121 passwd get error.\n");
00060 return 121;
00061 }
00062
00063 if (No_isNet_Chlng==TRUE && Use_isNet_Crypt==FALSE) {
00064 tcp_send_crypt_mesg(sock, (char*)"ERR 122 both No Challenge Key mode and No Crypt mode are not used.\r\n", CRYPT_SharedKey, CRYPT_Type);
00065 DEBUG_MODE PRINT_MESG("ERR 122 both No Challenge Key mode and No Crypt mode are not used.\n");
00066 return 122;
00067 }
00068
00069 if (No_isNet_Chlng==FALSE && Use_isNet_Ldap==TRUE) {
00070 tcp_send_crypt_mesg(sock, (char*)"ERR 123 both Challenge Key mode and Ldap mode are not used.\r\n", CRYPT_SharedKey, CRYPT_Type);
00071 DEBUG_MODE PRINT_MESG("ERR 123 both Challenge Key mode and Ldap mode are not used.\n");
00072 return 123;
00073 }
00074
00075 if (User_ID!=NULL) del_Buffer(&User_ID);
00076 if (User_Passwd!=NULL) del_Buffer(&User_Passwd);
00077 if (User_Salt!=NULL) del_Buffer(&User_Salt);
00078 User_ID = new_Buffer(0);
00079 User_Passwd = new_Buffer(0);
00080 User_Salt = new_Buffer(0);
00081 *User_ID = dup_Buffer(operand);
00082 *User_Passwd = make_Buffer_bystr(pass);
00083
00084
00085 if (strlen(pass)<=2) {
00086 #ifdef ENABLE_LDAP
00087 int cc;
00088 if (!strcmp((const char*)User_Passwd->buf, "*") && Use_isNet_Ldap) {
00089 LdapHost = new_LDAP_Host();
00090 LdapBind = new_LDAP_Dn();
00091 read_ldap_config(NULL, LdapHost, LdapBind);
00092 LDAP* ld = open_ldap_connection(LdapHost, LdapBind);
00093
00094 if (ld!=NULL) {
00095 cc = simple_check_ldap_passwd(ld, (char*)User_ID->buf, NULL, LdapBind);
00096 close_ldap_connection(ld, &LdapHost, &LdapBind);
00097 if (cc==1) {
00098 cc = tcp_send_crypt_mesg(sock, (char*)"OK\r\n", CRYPT_SharedKey, CRYPT_Type);
00099 return 0;
00100 }
00101 else {
00102 cc = tcp_send_crypt_mesg(sock, (char*)"ERR 128 USERID error with LDAP.\r\n", CRYPT_SharedKey, CRYPT_Type);
00103 DEBUG_MODE PRINT_MESG("ERR 128 USERID error with LDAP.\n");
00104 return 128;
00105 }
00106 }
00107 else {
00108 cc = tcp_send_crypt_mesg(sock, (char*)"ERR 127 USERID connection error with LDAP.\r\n", CRYPT_SharedKey, CRYPT_Type);
00109 DEBUG_MODE PRINT_MESG("ERR 127 USERID connection error with LDAP.\n");
00110 return 127;
00111 }
00112 }
00113 #endif
00114 tcp_send_crypt_mesg(sock, (char*)"OK\r\n", CRYPT_SharedKey, CRYPT_Type);
00115 return 0;
00116 }
00117
00118
00119 if (pass[0]=='$') {
00120 int lsalt = 0;
00121 if (pass[1]=='1') lsalt = LEN_DOLLAR_SALT;
00122
00123 else if (pass[1]=='5') lsalt = LEN_DOLLAR5_SALT;
00124 else if (pass[1]=='6') lsalt = LEN_DOLLAR6_SALT;
00125
00126 if (lsalt!=0) {
00127 *User_Salt = make_Buffer(lsalt*2 + 5);
00128 salt0 = cut_str(pass, 0, 2);
00129 salt1 = cut_str(pass, 0, lsalt-1);
00130 salt2 = randstr(lsalt-4);
00131 copy_s2Buffer(salt1, User_Salt);
00132 cat_s2Buffer("\r\n", User_Salt);
00133 cat_s2Buffer(salt0, User_Salt);
00134 cat_s2Buffer(salt2, User_Salt);
00135 cat_s2Buffer("$", User_Salt);
00136 }
00137 }
00138
00139 else if (strlen((const char*)pass)==LEN_DESPASS) {
00140 *User_Salt = make_Buffer(LEN_DESSALT*2 + 5);
00141 salt1 = cut_str(pass, 0, LEN_DESSALT-1);
00142 salt2 = randstr(LEN_DESSALT);
00143 copy_s2Buffer(salt1, User_Salt);
00144 cat_s2Buffer ("\r\n", User_Salt);
00145 cat_s2Buffer (salt2, User_Salt);
00146 }
00147
00148 freeNull(pass);
00149 freeNull(salt0);
00150 freeNull(salt1);
00151 freeNull(salt2);
00152
00153 if (User_Salt->buf!=NULL) {
00154 tcp_send_crypt_mesg(sock, (char*)"OK\r\n", CRYPT_SharedKey, CRYPT_Type);
00155 if (No_isNet_Chlng==FALSE) {
00156 buf = make_Buffer(LBUF);
00157 copy_Buffer(User_Salt, &buf);
00158 cat_s2Buffer("\r\nEND\r\n", &buf);
00159 tcp_send_crypt_sBuffer(sock, &buf, CRYPT_SharedKey, CRYPT_Type);
00160 free_Buffer(&buf);
00161 }
00162 }
00163 else {
00164 tcp_send_crypt_mesg(sock, (char*)"ERR 129 USERID error.\r\n", CRYPT_SharedKey, CRYPT_Type);
00165 DEBUG_MODE PRINT_MESG("ERR 129 USERID error.\n");
00166 return 129;
00167 }
00168
00169 return 0;
00170 }
00171
00172
00173
00189 int command_PASSWD(Buffer operand, Buffer comment, int sock)
00190 {
00191 char* opass = NULL;
00192 char* npass = NULL;
00193 char* salt = NULL;
00194
00195 UNUSED(comment);
00196
00197 if (User_Passwd==NULL) {
00198 tcp_send_crypt_mesg(sock, (char*)"ERR 131 system has not a your password.\r\n", CRYPT_SharedKey, CRYPT_Type);
00199 DEBUG_MODE PRINT_MESG("ERR 131 system has not a your password.\n");
00200 return 131;
00201 }
00202
00203 #ifdef ENABLE_LDAP
00204 int cc;
00205 if (!strcmp((const char*)User_Passwd->buf, "*") && Use_isNet_Ldap) {
00206 LdapHost = new_LDAP_Host();
00207 LdapBind = new_LDAP_Dn();
00208 read_ldap_config(NULL, LdapHost, LdapBind);
00209 LDAP* ld = open_ldap_connection(LdapHost, LdapBind);
00210 cc = simple_check_ldap_passwd(ld, (char*)User_ID->buf, (char*)operand.buf, LdapBind);
00211 close_ldap_connection(ld, &LdapHost, &LdapBind);
00212
00213 if (cc==0) {
00214 cc = tcp_send_crypt_mesg(sock, (char*)"OK\r\n", CRYPT_SharedKey, CRYPT_Type);
00215 return 0;
00216 }
00217 else {
00218 cc = tcp_send_crypt_mesg(sock, (char*)"ERR 138 PASSWD error.\r\n", CRYPT_SharedKey, CRYPT_Type);
00219 DEBUG_MODE PRINT_MESG("ERR 138 PASSWD error.\n");
00220 return 138;
00221 }
00222 }
00223 #endif
00224
00225 int lsalt = 0;
00226 if (User_Passwd->buf[0]=='$') {
00227 if (User_Passwd->buf[1]=='1') lsalt = LEN_DOLLAR_SALT;
00228
00229 else if (User_Passwd->buf[1]=='5') lsalt = LEN_DOLLAR5_SALT;
00230 else if (User_Passwd->buf[1]=='6') lsalt = LEN_DOLLAR6_SALT;
00231
00232 opass = (char*)&(User_Passwd->buf[lsalt]);
00233 }
00234 else if (strlen((const char*)User_Passwd->buf)==LEN_DESPASS) {
00235 lsalt = 2;
00236 opass = (char*)&(User_Passwd->buf[lsalt]);
00237 }
00238
00239
00240 if (No_isNet_Chlng==FALSE) {
00241 salt = get_line((char*)User_Salt->buf, 2);
00242 if (salt!=NULL && opass!=NULL) {
00243 npass = (char*)crypt((const char*)opass, (const char*)salt);
00244 npass = &(npass[lsalt]);
00245 }
00246 if (npass!=NULL) {
00247 if (!strcmp((const char*)operand.buf, (const char*)npass)) {
00248 tcp_send_crypt_mesg(sock, (char*)"OK\r\n", CRYPT_SharedKey, CRYPT_Type);
00249 return 0;
00250 }
00251 }
00252 }
00253 else {
00254 salt = get_line((char*)User_Salt->buf, 1);
00255 if (salt!=NULL && operand.buf!=NULL) {
00256 npass = (char*)crypt((const char*)operand.buf, (const char*)salt);
00257 npass = &(npass[lsalt]);
00258 free(salt);
00259 }
00260 if (npass!=NULL && opass!=NULL) {
00261 if (!strcmp((const char*)opass, (const char*)npass)) {
00262 tcp_send_crypt_mesg(sock, (char*)"OK\r\n", CRYPT_SharedKey, CRYPT_Type);
00263 return 0;
00264 }
00265 }
00266 }
00267
00268 tcp_send_crypt_mesg(sock, (char*)"ERR 139 PASSWD error.\r\n", CRYPT_SharedKey, CRYPT_Type);
00269 DEBUG_MODE PRINT_MESG("ERR 139 PASSWD error.\n");
00270 return 139;
00271 }
00272
00273
00274
00290 int command_HELLO(Buffer operand, Buffer comment, int sock)
00291 {
00292 int cc;
00293
00294 UNUSED(operand);
00295 UNUSED(comment);
00296
00297 cc = tcp_send_crypt_mesg(sock, (char*)"OK\r\n", CRYPT_SharedKey, CRYPT_Type);
00298 return cc;
00299 }
00300
00301
00302
00318 int command_BYE(Buffer operand, Buffer comment, int sock)
00319 {
00320 int cc;
00321
00322 UNUSED(operand);
00323 UNUSED(comment);
00324
00325 cc = tcp_send_crypt_mesg(sock, (char*)"OK\r\n", CRYPT_SharedKey, CRYPT_Type);
00326
00327 return cc;
00328 }
00329
00330
00331
00365 int command_KEYEX(Buffer operand, Buffer comment, int sock)
00366 {
00367 static int keyex;
00368 Buffer buf;
00369
00370 UNUSED(comment);
00371
00372 if (!strcmp("DH", (const char*)operand.buf)) {
00373 if (Base64_DHspki!=NULL) {
00374 Use_isNet_Crypt = TRUE;
00375 keyex = SSL_DH;
00376 tcp_send_crypt_mesg(sock, (char*)"OK\r\n", CRYPT_SharedKey, CRYPT_Type);
00377
00378 buf = make_Buffer(LBUF);
00379 copy_Buffer(Base64_DHspki, &buf);
00380 cat_s2Buffer("\r\nEND\r\n", &buf);
00381 tcp_send_crypt_sBuffer(sock, &buf, CRYPT_SharedKey, CRYPT_Type);
00382 free_Buffer(&buf);
00383 }
00384 else {
00385 tcp_send_crypt_mesg(sock, (char*)"ERR 161 KEYEX DH Error.\r\n", CRYPT_SharedKey, CRYPT_Type);
00386 DEBUG_MODE PRINT_MESG("ERR 161 KEYEX DH Error.\n");
00387 return 161;
00388 }
00389 }
00390
00391 else if (!strcmp("RSA", (const char*)operand.buf)) {
00392 if (Base64_RSAspki!=NULL) {
00393 Use_isNet_Crypt = TRUE;
00394 keyex = SSL_RSA;
00395
00396 tcp_send_crypt_mesg(sock, (char*)"OK\r\n", CRYPT_SharedKey, CRYPT_Type);
00397 buf = make_Buffer(LBUF);
00398 copy_Buffer(Base64_RSAspki, &buf);
00399 cat_s2Buffer("\r\nEND\r\n", &buf);
00400 tcp_send_crypt_sBuffer(sock, &buf, CRYPT_SharedKey, CRYPT_Type);
00401 free_Buffer(&buf);
00402 }
00403 else {
00404 tcp_send_crypt_mesg(sock, (char*)"ERR 162 KEYEX RSA Error.\r\n", CRYPT_SharedKey, CRYPT_Type);
00405 DEBUG_MODE PRINT_MESG("ERR 162 KEYEX RSA Error.\n");
00406 return 162;
00407 }
00408 }
00409
00410 else if (!strcmp("SPKI", (const char*)operand.buf)) {
00411 Buffer dkey;
00412
00413 tcp_send_crypt_mesg(sock, (char*)"OK\r\n", CRYPT_SharedKey, CRYPT_Type);
00414 buf = make_Buffer(LBUF);
00415 tcp_recv_Buffer_wait(sock, &buf, 20);
00416 dkey = get_plain_sBuffer(buf, CRYPT_SharedKey, CRYPT_Type);
00417 free_Buffer(&buf);
00418 chomp_Buffer(&dkey);
00419 buf = decode_base64_Buffer(dkey);
00420 free_Buffer(&dkey);
00421
00422 if (CRYPT_SharedKey!=NULL) free_Buffer(CRYPT_SharedKey);
00423 CRYPT_SharedKey = new_Buffer(0);
00424
00425 if (gen_CRYPT_SharedKey(keyex, buf, CRYPT_SharedKey, (void*)DHkey)) {
00426 tcp_send_crypt_mesg(sock, (char*)"OK\r\n", CRYPT_SharedKey, CRYPT_Type);
00427 }
00428 else {
00429 tcp_send_crypt_mesg(sock, (char*)"ERR 163 cannot generate Shared KEY.\r\n", CRYPT_SharedKey, CRYPT_Type);
00430 DEBUG_MODE PRINT_MESG("ERR 163 cannot generate Shared KEY.\n");
00431 return 163;
00432 }
00433 free_Buffer(&buf);
00434 }
00435
00436 else if (!strcmp("CHLNG", (const char*)operand.buf)) {
00437 if (!Use_isNet_Ldap) {
00438 No_isNet_Chlng = FALSE;
00439 tcp_send_crypt_mesg(sock, (char*)"OK\r\n", CRYPT_SharedKey, CRYPT_Type);
00440 }
00441 else {
00442 tcp_send_crypt_mesg(sock, (char*)"ERR 164 cannot use Challenge Key mode with LDAP mode.\r\n", CRYPT_SharedKey, CRYPT_Type);
00443 DEBUG_MODE PRINT_MESG("ERR 164 cannot use Challenge Key mode with LDAP mode.\n");
00444 return 164;
00445 }
00446 }
00447
00448 else if (!strcmp("NOCHLNG", (const char*)operand.buf)) {
00449 if (Use_isNet_Crypt==TRUE) {
00450 No_isNet_Chlng = TRUE;
00451 tcp_send_crypt_mesg(sock, (char*)"OK\r\n", CRYPT_SharedKey, CRYPT_Type);
00452 }
00453 else {
00454 tcp_send_crypt_mesg(sock, (char*)"ERR 165 both No Challenge Key mode and No Crypt mode are not used.\r\n", CRYPT_SharedKey, CRYPT_Type);
00455 DEBUG_MODE PRINT_MESG("ERR 165 both No Challenge Key mode and No Crypt mode are not used.\n");
00456 return 165;
00457 }
00458 }
00459
00460 else {
00461 tcp_send_crypt_mesg(sock, (char*)"ERR 169 Unkown KEYEX operand.\n\r", CRYPT_SharedKey, CRYPT_Type);
00462 DEBUG_MODE PRINT_MESG("ERR 169 Unkown KEYEX operand.\r");
00463 return 169;
00464 }
00465
00466 return 0;
00467 }
00468
00469
00470
00488 int command_CRYPT(Buffer operand, Buffer comment, int sock)
00489 {
00490 UNUSED(comment);
00491
00492 if (CRYPT_SharedKey==NULL) {
00493 tcp_send_crypt_mesg(sock, (char*)"ERR 171 No Shared Key.\r\n", NULL, NULL);
00494 DEBUG_MODE PRINT_MESG("ERR 171 No Shared Key.\n");
00495 return 171;
00496 }
00497
00498 if (!strcmp("AES128CBC", (const char*)operand.buf)) {
00499 tcp_send_crypt_mesg(sock, (char*)"OK\r\n", CRYPT_SharedKey, CRYPT_Type);
00500 free(CRYPT_Type);
00501 CRYPT_Type = init_EVPAPI_Buffer(SSL_AES128CBC);
00502 }
00503 else if (!strcmp("3DES3CBC", (const char*)operand.buf)) {
00504 tcp_send_crypt_mesg(sock, (char*)"OK\r\n", CRYPT_SharedKey, CRYPT_Type);
00505 CRYPT_Type = init_EVPAPI_Buffer(SSL_3DES3CBC);
00506 }
00507 else if (!strcmp("RESET", (const char*)operand.buf)) {
00508 tcp_send_crypt_mesg(sock, (char*)"OK\r\n", CRYPT_SharedKey, CRYPT_Type);
00509
00510 }
00511 else {
00512 tcp_send_crypt_mesg(sock, (char*)"ERR 179 Unkown CRYPT operand.\r\n", CRYPT_SharedKey, CRYPT_Type);
00513 DEBUG_MODE PRINT_MESG("ERR 179 Unkown CRYPT operand.\n");
00514 return 179;
00515 }
00516
00517 return 0;
00518 }
00519
00520
00521
