From f763a4394aa480b99b3e797282565f74ac858f7a Mon Sep 17 00:00:00 2001 From: Ladar Levison Date: Tue, 14 Jun 2016 01:32:32 -0500 Subject: SMTP authentication fixed. STACIE values stored in the db using b64 mod. --- dev/scripts/auth/legacy.pl | 25 ++++++++++++++----------- dev/scripts/test/t.authlogin.sh | 12 ++++++------ dev/scripts/test/t.authplain.sh | 16 ++++++++-------- dev/scripts/test/t.authstacie.sh | 6 +++--- dev/scripts/test/t.camel.sh | 29 +++++++++++++++-------------- dev/scripts/test/t.imap.body.sh | 2 +- dev/scripts/test/t.imap.purge.sh | 2 +- dev/scripts/test/t.imap.sh | 2 +- dev/scripts/test/t.inbound.attachment.1.sh | 8 ++++---- dev/scripts/test/t.inbound.attachment.2.sh | 6 +++--- dev/scripts/test/t.inbound.sh | 15 ++++++++++++--- dev/scripts/test/t.outbound.sh | 4 ++-- dev/scripts/test/t.pop.sh | 10 ++++++++-- res/sql/Data.sql | 2 +- sandbox/etc/magma.sandbox.config | 2 +- src/servers/smtp/smtp.c | 6 +++--- 16 files changed, 83 insertions(+), 64 deletions(-) diff --git a/dev/scripts/auth/legacy.pl b/dev/scripts/auth/legacy.pl index ce8882ce..8e979eae 100755 --- a/dev/scripts/auth/legacy.pl +++ b/dev/scripts/auth/legacy.pl @@ -16,15 +16,18 @@ if (length($userid) == 0 or length($inpass) == 0) { } -$key = sha512_base64($userid . $salt . $inpass); -$token = sha512_base64($inpass, sha512($inpass, sha512($userid . $salt . $inpass))); - -$key =~ s/\//\_/g; -$key =~ s/\+/\-/g; -$token =~ s/\//\_/g; -$token =~ s/\+/\-/g; - -print "key = " . $key . "\n"; -print "token = " . $token . "\n"; - +$key1 = sha512_base64($userid . $salt . $inpass); +$key2 = sha512_hex($userid . $salt . $inpass); +$token1 = sha512_base64($inpass, sha512($inpass, sha512($userid . $salt . $inpass))); +$token2 = sha512_hex($inpass, sha512($inpass, sha512($userid . $salt . $inpass))); + +$key1 =~ s/\//\_/g; +$key1 =~ s/\+/\-/g; +$token1 =~ s/\//\_/g; +$token1 =~ s/\+/\-/g; + +print "key[b64] = " . $key1 . "\n"; +print "key[hex] = " . $key2 . "\n"; +print "token[b64] = " . $token1 . "\n"; +print "token[hex] = " . $token2 . "\n"; diff --git a/dev/scripts/test/t.authlogin.sh b/dev/scripts/test/t.authlogin.sh index 21f2206b..7cd63a0b 100755 --- a/dev/scripts/test/t.authlogin.sh +++ b/dev/scripts/test/t.authlogin.sh @@ -7,18 +7,18 @@ echo "" -# Success (ladar/test) +# Success (magma/password) tput setaf 6; echo "Valid AUTH LOGIN requests:"; tput sgr0 echo "" -printf "AUTH LOGIN bGFkYXI=\r\ndGVzdA==\r\nQUIT\r\n" | nc localhost 7000 +printf "AUTH LOGIN bWFnbWE=\r\ncGFzc3dvcmQ=\r\nQUIT\r\n" | nc localhost 7000 echo "" -printf "AUTH LOGIN\r\nbGFkYXI=\r\ndGVzdA==\r\nQUIT\r\n" | nc localhost 7000 +printf "AUTH LOGIN\r\nbWFnbWE=\r\ncGFzc3dvcmQ=\r\nQUIT\r\n" | nc localhost 7000 echo "" -# Fail (ladar/password) +# Fail (magma/invalidpassword) tput setaf 6; echo "Invalid AUTH LOGIN requests:"; tput sgr0 echo "" -printf "AUTH LOGIN bGFkYXI=\r\ncGFzc3dvcmQ=\r\nQUIT\r\n" | nc localhost 7000 +printf "AUTH LOGIN bWFnbWE=\r\naW52YWxpZHBhc3N3b3Jk\r\nQUIT\r\n" | nc localhost 7000 echo "" -printf "AUTH LOGIN\r\nbGFkYXI=\r\ncGFzc3dvcmQ=\r\nQUIT\r\n" | nc localhost 7000 +printf "AUTH LOGIN\r\nbWFnbWE=\r\naW52YWxpZHBhc3N3b3Jk\r\nQUIT\r\n" | nc localhost 7000 echo "" diff --git a/dev/scripts/test/t.authplain.sh b/dev/scripts/test/t.authplain.sh index d4e9d54d..125667e7 100755 --- a/dev/scripts/test/t.authplain.sh +++ b/dev/scripts/test/t.authplain.sh @@ -7,18 +7,18 @@ echo "" -# Success (ladar/test) +# Success (magma/password) tput setaf 6; echo "Valid AUTH PLAIN requests:"; tput sgr0 echo "" -printf "AUTH PLAIN AGxhZGFyQGxhdmFiaXQuY29tAHRlc3Q=\r\nQUIT\r\n" | nc localhost 7000 +printf "AUTH PLAIN bWFnbWEAbWFnbWEAcGFzc3dvcmQ=\r\nQUIT\r\n" | nc localhost 7000 echo "" -printf "AUTH PLAIN\r\nAGxhZGFyQGxhdmFiaXQuY29tAHRlc3Q=\r\nQUIT\r\n" | nc localhost 7000 +printf "AUTH PLAIN\r\nbWFnbWEAbWFnbWEAcGFzc3dvcmQ=\r\nQUIT\r\n" | nc localhost 7000 echo "" -# Fail (ladar/password) +# Fail (magma/invalidpassword) tput setaf 6; echo "Invalid AUTH PLAIN requests:"; tput sgr0 echo "" -printf "AUTH PLAIN AGxhZGFyQGxhdmFiaXQuY29tAHBhc3N3b3Jk\r\nQUIT\r\n" | nc localhost 7000 -echo "" -printf "AUTH PLAIN\r\nAGxhZGFyQGxhdmFiaXQuY29tAHBhc3N3b3Jk\r\nQUIT\r\n" | nc localhost 7000 -echo "" \ No newline at end of file +printf "AUTH PLAIN bWFnbWEAbWFnbWEAaW52YWxpZHBhc3N3b3Jk\r\nQUIT\r\n" | nc localhost 7000 +echo "" +printf "AUTH PLAIN\r\nbWFnbWEAbWFnbWEAaW52YWxpZHBhc3N3b3Jk\r\nQUIT\r\n" | nc localhost 7000 +echo "" diff --git a/dev/scripts/test/t.authstacie.sh b/dev/scripts/test/t.authstacie.sh index b86d796b..8bd85473 100755 --- a/dev/scripts/test/t.authstacie.sh +++ b/dev/scripts/test/t.authstacie.sh @@ -10,11 +10,11 @@ echo "" # Success (ladar/test) tput setaf 6; echo "Valid STACIE login over POP:"; tput sgr0 echo "" -printf "USER stacie\r\nPASS test\r\nQUIT\r\n" | nc localhost 8000 +printf "USER stacie\r\nPASS password\r\nQUIT\r\n" | nc localhost 8000 echo "" # Fail (ladar/password) tput setaf 6; echo "Invalid STACIE login over POP:"; tput sgr0 echo "" -printf "USER stacie\r\nPASS stacie\r\nQUIT\r\n" | nc localhost 8000 -echo "" +printf "USER stacie\r\nPASS password\r\nQUIT\r\n" | nc localhost 8000 +echo "" diff --git a/dev/scripts/test/t.camel.sh b/dev/scripts/test/t.camel.sh index 610be1e8..d04d0978 100755 --- a/dev/scripts/test/t.camel.sh +++ b/dev/scripts/test/t.camel.sh @@ -5,13 +5,14 @@ export RANDOM=$SEED export IDNUM="1" export USERID="magma" +export PASSWORD="password" export COOKIES=`mktemp` export SQLHOST="localhost" export CAMELHOST="http://localhost:10000" export CAMELPATH="$CAMELHOST/portal/camel" # Check and make sure magmad is running before attempting a connection. -PID=`pidof magmad magmad.check` +PID=`pidof magmad magmad.check` if [ -z "$PID" ]; then tput setaf 1; tput bold; echo "Magma process isn't running."; tput sgr0 @@ -22,29 +23,29 @@ wget --quiet --retry-connrefused --connect-timeout=1 --waitretry=1 --tries=0 --o if [ $? != 0 ]; then tput setaf 1; tput bold; echo "tired of waiting on the magma daemon start"; tput sgr0 exit -fi +fi submit() { - - # Client submission in yellow, server responses in red. - tput setaf 3; tput bold; echo "$1"; - + + # Client submission in yellow, server responses in red. + tput setaf 3; tput bold; echo "$1"; + # Submit using cURL # To print the server supplied HTTP headers add --include # export OUTPUT=`curl --silent --cookie "$COOKIES" --cookie-jar "$COOKIES" --data "$1" "$CAMELPATH"` - + # Submit using wget # To print the server supplied HTTP headers add --server-response export OUTPUT=`wget --load-cookies="$COOKIES" --save-cookies="$COOKIES" --quiet --output-document=- --post-data="$1" "$CAMELPATH"` - + if [[ "$OUTPUT" =~ "\"result\":" ]] && [[ ! "$OUTPUT" =~ "\"failed\"" ]]; then - tput setaf 2; tput bold; echo $OUTPUT + tput setaf 2; tput bold; echo $OUTPUT else tput setaf 1; tput bold; echo $OUTPUT - fi - + fi + tput sgr0; echo "" export IDNUM=`expr $IDNUM + 1` } @@ -71,7 +72,7 @@ echo "" tput setaf 6; echo "Camel requests:"; tput sgr0 echo "" -submit "{\"id\":$IDNUM,\"method\":\"auth\",\"params\":{\"username\":\"$USERID\",\"password\":\"test\"}}" +submit "{\"id\":$IDNUM,\"method\":\"auth\",\"params\":{\"username\":\"$USERID\",\"password\":\"$PASSWORD\"}}" submit "{\"id\":$IDNUM,\"method\":\"config.edit\",\"params\":{\"key\":\"value\"}}" submit "{\"id\":$IDNUM,\"method\":\"config.load\"}" submit "{\"id\":$IDNUM,\"method\":\"config.edit\",\"params\":{\"key\":null}}" @@ -91,7 +92,7 @@ foldernum "Lovers"; contactnums "Flight Crew" "1"; submit "{\"id\":$IDNUM,\"meth foldernum "Flight Crew"; submit "{\"id\":$IDNUM,\"method\":\"contacts.list\",\"params\":{\"folderID\":$FOLDERNUM }}" foldernum "Lovers"; submit "{\"id\":$IDNUM,\"method\":\"contacts.list\",\"params\":{\"folderID\":$FOLDERNUM }}" contactnums "Flight Crew" "1"; submit "{\"id\":$IDNUM,\"method\":\"contacts.remove\",\"params\":{\"folderID\":$SOURCENUM, \"contactID\":$CONTACTNUM }}" -contactnums "Lovers" "1"; submit "{\"id\":$IDNUM,\"method\":\"contacts.remove\",\"params\":{\"folderID\":$SOURCENUM, \"contactID\":$CONTACTNUM }}" +contactnums "Lovers" "1"; submit "{\"id\":$IDNUM,\"method\":\"contacts.remove\",\"params\":{\"folderID\":$SOURCENUM, \"contactID\":$CONTACTNUM }}" foldernum "Lovers"; submit "{\"id\":$IDNUM,\"method\":\"contacts.list\",\"params\":{\"folderID\":$FOLDERNUM }}" foldernum "Flight Crew"; submit "{\"id\":$IDNUM,\"method\":\"folders.remove\",\"params\":{\"context\":\"contacts\",\"folderID\":$FOLDERNUM }}" foldernum "Lovers"; submit "{\"id\":$IDNUM,\"method\":\"folders.remove\",\"params\":{\"context\":\"contacts\",\"folderID\":$FOLDERNUM }}" @@ -121,7 +122,7 @@ messagenums "Inbox" "1"; submit "{\"id\":$IDNUM,\"method\":\"messages.load\",\"p foldernum "Duplicate"; messagenums "Inbox" "100"; submit "{\"id\":$IDNUM,\"method\":\"messages.copy\",\"params\":{\"messageIDs\": [$MESSAGENUM], \"sourceFolderID\":$SOURCENUM, \"targetFolderID\":$FOLDERNUM }}" foldernum "Duplicate"; submit "{\"id\":$IDNUM,\"method\":\"folders.remove\",\"params\":{\"context\":\"mail\",\"folderID\":$FOLDERNUM }}" messagenums "Inbox" "100"; submit "{\"id\":$IDNUM,\"method\":\"messages.flag\",\"params\":{\"action\":\"add\", \"flags\":[\"flagged\"], \"messageIDs\": [$MESSAGENUM], \"folderID\":$SOURCENUM }}" -messagenums "Inbox" "100"; submit "{\"id\":$IDNUM,\"method\":\"messages.tags\",\"params\":{\"action\":\"add\", \"tags\":[\"girlie\",\"girlie-$RANDOM\"], \"messageIDs\": [$MESSAGENUM], \"folderID\":$SOURCENUM }}" +messagenums "Inbox" "100"; submit "{\"id\":$IDNUM,\"method\":\"messages.tags\",\"params\":{\"action\":\"add\", \"tags\":[\"girlie\",\"girlie-$RANDOM\"], \"messageIDs\": [$MESSAGENUM], \"folderID\":$SOURCENUM }}" messagenums "Inbox" "100"; submit "{\"id\":$IDNUM,\"method\":\"messages.flag\",\"params\":{\"action\":\"list\", \"messageIDs\": [$MESSAGENUM], \"folderID\":$SOURCENUM }}" messagenums "Inbox" "100"; submit "{\"id\":$IDNUM,\"method\":\"messages.tags\",\"params\":{\"action\":\"list\", \"messageIDs\": [$MESSAGENUM], \"folderID\":$SOURCENUM }}" foldernum "Inbox"; submit "{\"id\":$IDNUM,\"method\":\"messages.list\",\"params\":{\"folderID\":$FOLDERNUM }}" diff --git a/dev/scripts/test/t.imap.body.sh b/dev/scripts/test/t.imap.body.sh index a42fd09a..db0ced5e 100755 --- a/dev/scripts/test/t.imap.body.sh +++ b/dev/scripts/test/t.imap.body.sh @@ -9,7 +9,7 @@ echo "" tput setaf 6; echo "IMAP session:"; tput sgr0 echo "" nc localhost 9000 < -RCPT TO: +RCPT TO: DATA Return-Path: Received: from mail.stranded.org (stranded.org [209.59.192.220]) @@ -43,9 +43,9 @@ Content-Type: text/plain; charset=ISO-8859-1 Awesomeness... --001517511b480725f6049b3c2eda -Content-Type: image/jpeg; +Content-Type: image/jpeg; name="165385_10150133725564402_646419401_8016034_14112_n.jpg" -Content-Disposition: attachment; +Content-Disposition: attachment; filename="165385_10150133725564402_646419401_8016034_14112_n.jpg" Content-Transfer-Encoding: base64 X-Attachment-Id: f_gjn3u6450 @@ -669,4 +669,4 @@ BqS8thKVrcWVYKiN21CBt5JKfxH1BxzTpYsTLT4ZmuSHfBcU0kq2pCx+EHy//wCs1lZRt/YUf//Z --001517511b480725f6049b3c2eda-- . QUIT -EOF \ No newline at end of file +EOF diff --git a/dev/scripts/test/t.inbound.attachment.2.sh b/dev/scripts/test/t.inbound.attachment.2.sh index 285f6ad5..e489a5da 100755 --- a/dev/scripts/test/t.inbound.attachment.2.sh +++ b/dev/scripts/test/t.inbound.attachment.2.sh @@ -13,7 +13,7 @@ tput setaf 6; echo "Inbound Attachmented Message 2:"; tput sgr0 nc localhost 7000 < -RCPT TO: +RCPT TO: DATA Return-Path: Received: from mail.stranded.org (stranded.org [209.59.192.220]) @@ -49,7 +49,7 @@ Content-Type: text/plain; charset=ISO-8859-1 $30 a month for this speed! --- +-- *Scott Schlee* New Media Director Maxim Designs @@ -689,4 +689,4 @@ AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD//2Q== --001636c5b26f6abed1048f70f632-- . QUIT -EOF \ No newline at end of file +EOF diff --git a/dev/scripts/test/t.inbound.sh b/dev/scripts/test/t.inbound.sh index ada77faa..74b6ff1b 100755 --- a/dev/scripts/test/t.inbound.sh +++ b/dev/scripts/test/t.inbound.sh @@ -12,7 +12,16 @@ tput setaf 6; echo "Inbound SMTP request:"; tput sgr0 printf "EHLO localhost\r\nMAIL FROM: \r\n"\ "RCPT TO: \r\nDATA\r\nTo: magma@lavabit.com\r\nFrom: magma@lavabit.com\r\nSubject: Test @ $DATE\r\n\r\n"\ "Hello world!\r\nTesting outbound at $DATE\r\n\r\n.\r\nQUIT\r\n" | nc localhost 7000 + +echo "" +tput setaf 6; echo "Inbound STARTTLS SMTP request:"; tput sgr0 +printf "EHLO localhost\nMAIL FROM: \n"\ +"RCPT TO: \nDATA\nTo: magma@lavabit.com\nFrom: magma@lavabit.com\nSubject: Test @ $DATE\n\n"\ +"Hello world!\nTesting outbound at $DATE\n\n.\nQUIT\n" | openssl s_client -quiet -starttls smtp -crlf -connect localhost:7000 + +echo "" +tput setaf 6; echo "Inbound SMTP over TLS request:"; tput sgr0 +printf "EHLO localhost\nMAIL FROM: \n"\ +"RCPT TO: \nDATA\nTo: magma@lavabit.com\nFrom: magma@lavabit.com\nSubject: Test @ $DATE\n\n"\ +"Hello world!\nTesting outbound at $DATE\n\n.\nQUIT\n" | openssl s_client -quiet -crlf -connect localhost:7500 echo "" -printf "EHLO localhost\r\nMAIL FROM: \r\n"\ -"RCPT TO: \r\nDATA\r\nTo: ladar@lavabit.com\r\nFrom: ladar@lavabit.com\r\nSubject: Test @ $DATE\r\n\r\n"\ -"Hello world!\r\nTesting outbound at $DATE\r\n\r\n.\r\nQUIT\r\n" | nc localhost 7000 \ No newline at end of file diff --git a/dev/scripts/test/t.outbound.sh b/dev/scripts/test/t.outbound.sh index 4fcbc024..f49fd141 100755 --- a/dev/scripts/test/t.outbound.sh +++ b/dev/scripts/test/t.outbound.sh @@ -10,7 +10,7 @@ DATE=`date` echo "" tput setaf 6; echo "Outbound SMTP request:"; tput sgr0 echo "" -printf "EHLO localhost\r\nAUTH PLAIN AGxhZGFyQGxhdmFiaXQuY29tAHRlc3Q=\r\nMAIL FROM: \r\n"\ -"RCPT TO: \r\nDATA\r\nTo: ladar@lavabit.com\r\nFrom: ladar@lavabit.com\r\nSubject: Test @ $DATE\r\n\r\n"\ +printf "EHLO localhost\r\nAUTH PLAIN bWFnbWEAbWFnbWEAcGFzc3dvcmQ=\r\nMAIL FROM: \r\n"\ +"RCPT TO: \r\nDATA\r\nTo: ladar@lavabit.com\r\nFrom: magma@lavabit.com\r\nSubject: Test @ $DATE\r\n\r\n"\ "Hello world!\r\nTesting outbound at $DATE\r\n\r\n.\r\nQUIT\r\n" | nc localhost 7000 diff --git a/dev/scripts/test/t.pop.sh b/dev/scripts/test/t.pop.sh index 988e2cc4..4060f4e3 100755 --- a/dev/scripts/test/t.pop.sh +++ b/dev/scripts/test/t.pop.sh @@ -6,6 +6,12 @@ # Description: Used for testing the POP protocol handler. echo "" -tput setaf 6; echo "POP session:"; tput sgr0 +tput setaf 6; echo "POP session [Should Fail]:"; tput sgr0 echo "" -printf "USER ladar\r\nPASS test\r\nSTAT\r\nRETR 1\r\nQUIT\r\n" | nc localhost 8000 +printf "USER magma\r\nPASS password\r\nQUIT\r\n" | nc localhost 8000 | grep -E "^\+|^\-" +echo "" +tput setaf 6; echo "Secure POP session [Should Work]:"; tput sgr0 +echo "" +printf "USER magma\r\nPASS password\r\nSTAT\r\RETR 1\r\nQUIT\r\n" | openssl s_client -quiet -connect localhost:8500 -quiet 2>&1 | grep -E "^\+|^\-" + + diff --git a/res/sql/Data.sql b/res/sql/Data.sql index e155f9db..c1e8a234 100644 --- a/res/sql/Data.sql +++ b/res/sql/Data.sql @@ -219,5 +219,5 @@ INSERT INTO `Profile` VALUES (1,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NUL -- ORDER BY: `usernum` /*!40000 ALTER TABLE `Users` DISABLE KEYS */; -INSERT INTO `Users` VALUES (1,'magma',NULL, NULL,0,'2e11d362d66c4b5be60341ce5f3302b676b39d1181132c9f00524bb92ef8981bef3a828958742d5eb7e4bcf8e84a2bf432a1e5c1deeaf4cf2b46a1d082182ff1',0,'BASIC',0,0,NULL,1,1,0,0,134217728,0,'0000-00-00','0000-00-00'),(2,'princess', NULL, NULL,0,'3bf5c8a4750b86535fc4ee0944723ec80ce342a31d019f8d850b2b69b85ff9edb537e573ff276e297f6ab4eec9bdfc54ce4a7e1adf3c0fcbbbdc21525493df48',0,'BASIC',0,0,NULL,1,1,0,0,134217728,0,'0000-00-00','0000-00-00'),(3,'ladar', NULL, NULL,0,'46c3c0f5c777aacbdb0c25b14d6889b98efa62fa0ae551ec067d7aa126392805e3e3a2ce07d36df7e715e24f35c88105fff5a9eebff0532f990644cf07a4751f',0,'BASIC',0,0,NULL,1,1,0,0,134217728,0,'0000-00-00','0000-00-00'),(4,'stacie','5e3230d89ad63d4b89e2d95847ee7c4ccc7ba55b29c6b4f1ad9f8b0d90da6adc88e71b603dbbf6f8869144097b9b0196b8c10a44ef9be7333f44e8ec9fe382355747282a7c24b107eedd23cce47190314331d7a61e71d6c5fc2415c30bf0205a997e3a59e6346a41874fdc52f41f0ead9bb0d65606020fdf1a65a372b5ad241e','f29f9d4a2701fec4976acc069994ffcb29427d7031e1dadc8c0842db65fd15a4600f817669650954c54e6270238158350710fee0fbba82d119e8187c7eb2d534',0,NULL,0,'BASIC',0,0,NULL,1,1,0,0,134217728,0,'0000-00-00','0000-00-00'); +INSERT INTO `Users` VALUES (1,'magma',NULL, NULL,0,'42a7ead6550ee52360222a0e8783645216c3bb4ade95ab531be13cd3060dcdd085fb534e424e067bc4edfe27a87277daaad6428fee737b3adc3c55608fb23ea5',0,'BASIC',0,0,NULL,1,1,0,0,134217728,0,'0000-00-00','0000-00-00'),(2,'princess', NULL, NULL,0,'3a5799cbc019beebd5e779a62343a76ff949c829b792ebe2c2fae406eda57268ce200db1ada838936b0ac6804115d60e83e88189705bd3f52f1723f29ce9cfa1',0,'BASIC',0,0,NULL,1,1,0,0,134217728,0,'0000-00-00','0000-00-00'),(3,'ladar', NULL, NULL,0,'eb5ff977cd0ef6487677b4961995088d3a86caa2e6710829a28047017406e493b6839fbdf69d2e4ee290fee1181ba1a4c105afe7c507e91e5773d71d0461adba',0,'BASIC',0,0,NULL,1,1,0,0,134217728,0,'0000-00-00','0000-00-00'),(4,'stacie','MOgx1F13HmoSGt05L2AvYwjWVqS_NmEU1b6eaWE9EOb819su6Z2qUvxdsQyx1CCL_xlCYhh2OJhaoxN0UlUIjvZ-yz08TBaWZ7Z0B3ZNrBtTs3OOio4K7pMkDLpXxCjjS2eboU7nNxn1sdrgKLICOZSWtPIDJmAAIyr9GOPF-x4','MAtbJr6lIPOmrYuQMQaPzDq8mNRN8qp9MefYk8vyxnL3DrsuzFeSMhGL5Ew4tDTYA1hNzqroJaoGB8jWpUKAwA',0,NULL,0,'BASIC',0,0,NULL,1,1,0,0,134217728,0,'0000-00-00','0000-00-00'); /*!40000 ALTER TABLE `Users` ENABLE KEYS */; diff --git a/sandbox/etc/magma.sandbox.config b/sandbox/etc/magma.sandbox.config index e872d7da..825d1161 100755 --- a/sandbox/etc/magma.sandbox.config +++ b/sandbox/etc/magma.sandbox.config @@ -55,7 +55,7 @@ magma.iface.virus.signatures = sandbox/virus/ magma.iface.virus.available = false magma.library.file = ./magmad.so -magma.library.unload = false +magma.library.unload = true magma.spool = sandbox/spool/ magma.output.path = sandbox/logs/ diff --git a/src/servers/smtp/smtp.c b/src/servers/smtp/smtp.c index 10839ede..2e1bd3c2 100644 --- a/src/servers/smtp/smtp.c +++ b/src/servers/smtp/smtp.c @@ -380,7 +380,7 @@ void smtp_auth_login(connection_t *con) { } // Validate that an argument was extracted using the above logic. - if (!argument || !(username = base64_decode(argument, NULL)) || st_empty(username)) { + if (!argument || !(username = base64_decode(argument, NULL)) || st_empty(username)) { con_write_bl(con, "501 INVALID AUTH SYNTAX\r\n", 25); st_cleanup(argument, username); return; @@ -405,7 +405,7 @@ void smtp_auth_login(connection_t *con) { argument = NULL; // Create the authentication context. - if ((state = auth_login(&username, &password, &auth)) || !auth) { + if ((state = auth_login(username, password, &auth)) || !auth) { if (state < 0) { con_write_bl(con, "423 INTERNAL SERVER ERROR - PLEASE TRY AGAIN LATER\r\n", 52); } @@ -420,7 +420,7 @@ void smtp_auth_login(connection_t *con) { st_cleanup(username, password); // Authorize the user, and securely delete the keys. - if ((state = smtp_fetch_authorization(auth->username, auth->tokens.verification, &outbound)) < 0) { + if ((state = smtp_fetch_authorization(auth->username, auth->tokens.verification, &outbound)) <= 0) { if (state == -4) { con_write_bl(con, "535 AUTHENTICATION FAILURE - THIS ACCOUNT HAS BEEN LOCKED AT THE REQUEST OF THE USER\r\n", 86); } -- cgit v1.2.3