diff --git a/INSTALL b/INSTALL index ad0b33c..e90f066 100644 --- a/INSTALL +++ b/INSTALL @@ -22,7 +22,6 @@ New qmail-smtpd startup script is like this. - tcpserver [options] qmail-smtpd Server.Domain cmd5apoppw /bin/true ... + tcpserver [options] qmail-smtpd cmd5apoppw /bin/true ... -where `[options]' is tcpserver's option, -`Server.Domain' is your mail server's FQDN. +where `[options]' is tcpserver's option. diff --git a/global.h b/global.h index e990ee0..f0f7689 100644 --- a/global.h +++ b/global.h @@ -1,6 +1,8 @@ /* GLOBAL.H - RSAREF types and constants */ #include +#include /* for 64bit systems */ +/* cf. http://www.gcd.org/blog/2010/03/556/ */ /* Copyright (C) RSA Laboratories, a division of RSA Data Security, Inc., created 1991. All rights reserved. @@ -22,10 +24,10 @@ typedef unsigned char *POINTER; /* UINT2 defines a two byte word */ -typedef unsigned short int UINT2; +typedef uint16_t UINT2; /* UINT4 defines a four byte word */ -typedef unsigned long int UINT4; +typedef uint32_t UINT4; #ifndef NULL_PTR #define NULL_PTR ((POINTER)0) diff --git a/ht.c b/ht.c index 72b63be..75297a1 100644 --- a/ht.c +++ b/ht.c @@ -1,4 +1,5 @@ #include +#include #include #include #include @@ -6,6 +7,9 @@ #include "hmac_md5.h" #include "base64.h" +#ifndef _PASSWORD_LEN +#define _PASSWORD_LEN 128 +#endif #define L (_PASSWORD_LEN+256) int main(int argc, char *argv[]) { @@ -20,8 +24,8 @@ } pw = getpass("SMTP-AUTH Password: "); b64_pton(argv[2], b6, L*2); + hmac_md5(b6, strlen(b6), pw, strlen(pw), digest); - memset(pw, 0, strlen(pw)); snprintf(d_str, sizeof d_str, "%s ", argv[1]); p = d_str+strlen(d_str); for (i=0; i<16 && p #define LINE_MAX 256 -char up[513]; +unsigned char up[513]; int uplen; static char hextab[]="0123456789abcdef"; @@ -354,17 +354,17 @@ return fp; } -int doit(unsigned char *testlogin, unsigned char *challenge, unsigned char *response) +int doit(unsigned char *testlogin, unsigned char *response, unsigned char *challenge) { - static char line[LINE_MAX + 1]; + static unsigned char line[LINE_MAX + 1]; int found_user= 0; unsigned char *password = NULL; - unsigned char digest[16]; - unsigned char digascii[33]; + static unsigned char digest[16]; + static unsigned char digascii[33]; unsigned char h; FILE *fp; int j; - // char *linepnt; + int result; if (0 >= (fp=getapopfd(testlogin))) _exit(2); @@ -386,9 +386,7 @@ memset(line, 0, sizeof line); return(1); } - hmac_md5(challenge, strlen(challenge), password, strlen(password), digest); - memset(line, 0, sizeof line); digascii[32]=0; @@ -398,15 +396,17 @@ digascii[2*j]=hextab[h]; h=digest[j] & 0x0f; digascii[(2*j)+1]=hextab[h]; - } - return (strcmp(digascii,response) && strcmp(password,challenge)); + } + result = (strcmp(digascii,response) && strcmp(password,response)); + memset(line, 0, sizeof line); + return result; } int main(int argc,char **argv) { - char *login; - char *response; - char *challenge; + unsigned char *login; + unsigned char *response; + unsigned char *challenge; int r; int i; int accepted; @@ -431,12 +431,16 @@ i = 0; login = up + i; while (up[i++]) if (i == uplen) _exit(2); - challenge = up + i; + response = up + i; if (i == uplen) _exit(2); while (up[i++]) if (i == uplen) _exit(2); - response = up + i; + challenge = up + i; +#ifdef QMAIL_SMTPD_AUTH_031 /* It sends 2params in reverse order */ accepted=doit(login, challenge, response); +#else + accepted=doit(login, response, challenge); +#endif for (i = 0;i < sizeof(up);++i) up[i] = 0;