Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- /* This file has been generated by the Hex-Rays decompiler.
- Copyright (c) 2007-2010 Hex-Rays <info@hex-rays.com>
- Detected compiler: GNU C++
- */
- #include <defs.h>
- #include <stdarg.h>
- //-------------------------------------------------------------------------
- // Data declarations
- extern char format[]; // idb
- extern char aUnableToCreate[]; // idb
- extern char aUnableToSetReu[]; // idb
- extern char aUnableToBindSo[]; // idb
- extern char aUnableToListen[]; // idb
- extern char aFailedToFindUs[]; // idb
- extern char aDrop_privsFail[]; // idb
- extern char aSetgidCurrentG[]; // idb
- extern char aSetgidCurrentU[]; // idb
- extern char a250DDD[]; // idb
- extern char a250Youdont_own[21]; // weak
- extern char a2508bitmime[15]; // weak
- extern char a250Youdont_o_0[21]; // weak
- extern char a221Youdont_own[21]; // weak
- extern char a2502_1_5Ok[15]; // weak
- extern char a550InvalidSend[21]; // weak
- extern char s2[]; // idb
- extern char a550UnknownOrIn[35]; // weak
- extern char a354EndDataWith[38]; // weak
- extern char a_[]; // idb
- extern char a__0[]; // idb
- extern char a2502_0_0OkQueu[37]; // weak
- extern char a334Vxnlcm5hbwu[19]; // weak
- extern char a334Ugfzc3dvcmq[19]; // weak
- extern char s[]; // idb
- extern char aZenata[]; // idb
- extern char modes[]; // idb
- extern char a220Youdont_own[]; // idb
- extern char a502Huh_[10]; // weak
- extern void *_progname; // weak
- extern void *p_4696; // weak
- extern __int16 svc_port; // weak
- extern char svc_user[]; // idb
- extern char cmds[33]; // weak
- extern int (__cdecl *handlers[3])(FILE *s); // weak
- extern int _CTOR_LIST__; // weak
- extern int _JCR_LIST__; // weak
- extern char completed_4698; // weak
- extern int environ; // weak
- extern time_t base; // idb
- extern int secret; // weak
- //-------------------------------------------------------------------------
- // Function declarations
- void (*__cdecl init_proc())(void);
- int setuid(__uid_t uid);
- int fprintf(FILE *stream, const char *format, ...);
- time_t time(time_t *timer);
- int seteuid(__uid_t uid);
- int chdir(const char *path);
- struct passwd *getpwnam(const char *name);
- __pid_t wait4(__pid_t pid, void *stat_loc, int options, struct rusage *usage);
- __pid_t fork(void);
- int _init_tls(void); // weak
- int accept(int fd, struct sockaddr *addr, socklen_t *addr_len);
- char *fgets(char *s, int n, FILE *stream);
- __gid_t getgid(void);
- int setgid(__gid_t gid);
- char *strncpy(char *dest, const char *src, size_t n);
- char *ctime(const time_t *timer);
- char *strchr(const char *s, int c);
- ssize_t recv(int fd, void *buf, size_t n, int flags);
- int socket(int domain, int type, int protocol);
- int fflush(FILE *stream);
- int listen(int fd, int n);
- void *memset(void *s, int c, size_t n);
- int setsockopt(int fd, int level, int optname, const void *optval, socklen_t optlen);
- int setegid(__gid_t gid);
- int vasprintf(char **, const char *, va_list);
- int initgroups(const char *, __gid_t group);
- int __cdecl setresgid(_DWORD, _DWORD); // weak
- int strcmp(const char *s1, const char *s2);
- int printf(const char *format, ...);
- FILE *fdopen(int fd, const char *modes);
- int close(int fd);
- void srand(unsigned int seed);
- int rand(void);
- int __cdecl setresuid(_DWORD, _DWORD); // weak
- __sighandler_t signal(int sig, __sighandler_t handler);
- __gid_t getegid(void);
- size_t fwrite(const void *ptr, size_t size, size_t n, FILE *s);
- ssize_t send(int fd, const void *buf, size_t n, int flags);
- void _exit(int status);
- void exit(int status);
- void err(int status, const char *format, ...);
- int bind(int fd, const struct sockaddr *addr, socklen_t len);
- void free(void *ptr);
- __uid_t getuid(void);
- int atexit(void (*func)(void));
- size_t strlen(const char *s);
- __uid_t geteuid(void);
- ssize_t read(int fd, void *buf, size_t nbytes);
- void __fastcall start(int a1, void (*func)(void), int a3);
- void __cdecl start1(void (*func)(void), int a2, void **a3);
- void __cdecl _do_global_dtors_aux();
- int __cdecl frame_dummy();
- int __cdecl main();
- __pid_t __cdecl sigchld();
- signed int __cdecl readAll(int fd, int a2, unsigned int a3);
- int __cdecl read_until_delim(int fd, int password, unsigned int size, char is_10);
- signed int __cdecl sendMsg(int fd, const char *s, int a3);
- signed int __cdecl sendAll(int fd, int a2, unsigned int a3);
- int sendFormat(int fd, const char *a2, ...);
- int __cdecl init(unsigned __int16 a1);
- int __cdecl _bswap16(__int16 a1);
- void __cdecl loop(int fd, int (__cdecl *a2)(_DWORD));
- int __cdecl drop_privs_user(const char *name);
- int __cdecl drop_privs(struct_a1 *SID); // idb
- int __cdecl status(FILE *stream); // idb
- int __cdecl ehlo(FILE *s); // idb
- int __cdecl helo(FILE *s); // idb
- int __cdecl quit(FILE *s); // idb
- int __cdecl mail(FILE *a1, const char *s);
- int __cdecl rcpt(FILE *hOutput, const char *s); // idb
- int __cdecl data(FILE *s, char *cadena); // idb
- int __cdecl auth(FILE *stream); // idb
- signed int __cdecl lookup(int Arg1); // idb
- int __cdecl client_callback(int fd); // idb
- void (*__cdecl _do_global_ctors_aux())(void);
- void __cdecl term_proc();
- char *ctime(const time_t *timer);
- int initgroups(const char *, __gid_t group);
- int strcmp(const char *s1, const char *s2);
- FILE *fdopen(int fd, const char *modes);
- ssize_t read(int fd, void *buf, size_t nbytes);
- //----- (08048944) --------------------------------------------------------
- void (*__cdecl init_proc())(void)
- {
- frame_dummy();
- return _do_global_ctors_aux();
- }
- //----- (08048C60) --------------------------------------------------------
- void __fastcall start(int a1, void (*func)(void), int a3)
- {
- start1(func, v4, 8);
- }
- //----- (08048C80) --------------------------------------------------------
- void __cdecl start1(void (*func)(void), int a2, void **a3)
- {
- void *v3; // eax@2
- char v4; // dl@3
- void *v5; // eax@4
- int v6; // eax@9
- environ = &a3[a2 + 1];
- if ( a2 > 0 )
- {
- v3 = *a3;
- if ( *a3 )
- {
- _progname = *a3;
- v4 = *v3;
- if ( *v3 )
- {
- v5 = v3 + 1;
- do
- {
- while ( v4 != 47 )
- {
- v4 = *v5;
- v5 = v5 + 1;
- if ( !v4 )
- goto LABEL_8;
- }
- _progname = v5;
- v4 = *v5;
- v5 = v5 + 1;
- }
- while ( v4 );
- }
- }
- }
- LABEL_8:
- atexit(func);
- atexit(term_proc);
- init_proc();
- v6 = main();
- exit(v6);
- }
- // 80489E8: using guessed type int _init_tls(void);
- // 804A000: using guessed type void *_progname;
- // 804A234: using guessed type int environ;
- //----- (08048D20) --------------------------------------------------------
- void __cdecl _do_global_dtors_aux()
- {
- void (*v0)(void); // edx@4
- if ( !completed_4698 )
- {
- while ( 1 )
- {
- v0 = *p_4696;
- if ( !*p_4696 )
- break;
- p_4696 = p_4696 + 4;
- v0();
- }
- completed_4698 = 1;
- }
- }
- // 804A008: using guessed type void *p_4696;
- // 804A230: using guessed type char completed_4698;
- //----- (08048D50) --------------------------------------------------------
- int __cdecl frame_dummy()
- {
- int result; // eax@1
- result = _JCR_LIST__;
- if ( _JCR_LIST__ )
- result = 0;
- return result;
- }
- // 804A164: using guessed type int _JCR_LIST__;
- //----- (08048D80) --------------------------------------------------------
- int __cdecl main()
- {
- int hSocket; // ST20_4@1
- hSocket = init(svc_port);
- drop_privs_user("digger");
- time(&base);
- srand(base);
- secret = rand();
- loop(hSocket, client_callback);
- return 0;
- }
- // 804A020: using guessed type __int16 svc_port;
- // 804A23C: using guessed type int secret;
- //----- (08048E00) --------------------------------------------------------
- __pid_t __cdecl sigchld()
- {
- __pid_t result; // eax@1
- char stat_loc; // [sp+24h] [bp-4h]@1
- do
- result = wait4(-1, &stat_loc, 1, 0);
- while ( result > 0 );
- return result;
- }
- //----- (08048E30) --------------------------------------------------------
- signed int __cdecl readAll(int fd, int a2, unsigned int a3)
- {
- unsigned int i; // [sp+20h] [bp-8h]@1
- ssize_t v6; // [sp+24h] [bp-4h]@2
- for ( i = 0; i < a3; i += v6 )
- {
- v6 = recv(fd, (a2 + i), a3 - i, 0);
- if ( v6 <= 0 )
- return -1;
- }
- return i;
- }
- //----- (08048EA0) --------------------------------------------------------
- int __cdecl read_until_delim(int fd, int password, unsigned int size, char is_10)
- {
- char buf; // [sp+23h] [bp-5h]@2
- unsigned int i; // [sp+24h] [bp-4h]@1
- for ( i = 0; ; ++i )
- {
- if ( read(fd, &buf, 1u) <= 0 )
- return -1;
- if ( buf == is_10 )
- break;
- if ( i >= size )
- return -1;
- *(password + i) = buf;
- }
- return i;
- }
- //----- (08048F20) --------------------------------------------------------
- signed int __cdecl sendMsg(int fd, const char *s, int a3)
- {
- unsigned int v4; // [sp+14h] [bp-14h]@2
- size_t v5; // [sp+24h] [bp-4h]@1
- v5 = strlen(s);
- if ( a3 )
- v4 = v5 + 1;
- else
- v4 = v5;
- return sendAll(fd, s, v4);
- }
- //----- (08048F70) --------------------------------------------------------
- signed int __cdecl sendAll(int fd, int a2, unsigned int a3)
- {
- unsigned int i; // [sp+20h] [bp-8h]@1
- ssize_t v6; // [sp+24h] [bp-4h]@2
- for ( i = 0; i < a3; i += v6 )
- {
- v6 = send(fd, (a2 + i), a3 - i, 0);
- if ( !v6 )
- return -1;
- }
- return i;
- }
- //----- (08048FE0) --------------------------------------------------------
- int sendFormat(int fd, const char *a2, ...)
- {
- char *ptr; // [sp+20h] [bp-8h]@1
- int v4; // [sp+24h] [bp-4h]@1
- va_list va; // [sp+38h] [bp+10h]@1
- va_start(va, a2);
- v4 = 0;
- ptr = 0;
- if ( vasprintf(&ptr, a2, va) != -1 && ptr )
- v4 = sendMsg(fd, ptr, 0);
- else
- v4 = -1;
- free(ptr);
- return v4;
- }
- //----- (08049060) --------------------------------------------------------
- int __cdecl init(unsigned __int16 a1)
- {
- int optval; // [sp+18h] [bp-30h]@1
- char s; // [sp+34h] [bp-14h]@1
- char v4; // [sp+35h] [bp-13h]@1
- __int16 v5; // [sp+36h] [bp-12h]@1
- int fd; // [sp+44h] [bp-4h]@3
- optval = 1;
- memset(&s, 0, 0x10u);
- v4 = 2;
- v5 = _bswap16(a1);
- if ( signal(20, sigchld) == -1 )
- err(-1, "Unable to set SIGCHLD handler");
- fd = socket(2, 1, 0);
- if ( fd == -1 )
- err(-1, "Unable to create socket");
- if ( setsockopt(fd, 65535, 4, &optval, 4u) == -1 )
- err(-1, "Unable to set reuse");
- if ( bind(fd, &s, 0x10u) == -1 )
- err(-1, "Unable to bind socket");
- if ( listen(fd, 20) == -1 )
- err(-1, "Unable to listen on socket");
- return fd;
- }
- //----- (080491B0) --------------------------------------------------------
- int __cdecl _bswap16(__int16 a1)
- {
- int result; // eax@1
- BYTE1(result) = a1;
- LOBYTE(result) = HIBYTE(a1);
- return result;
- }
- //----- (080491D0) --------------------------------------------------------
- void __cdecl loop(int fd, int (__cdecl *a2)(_DWORD))
- {
- socklen_t addr_len; // [sp+24h] [bp-24h]@2
- struct sockaddr addr; // [sp+28h] [bp-20h]@2
- int v4; // [sp+38h] [bp-10h]@1
- int hSocket; // [sp+3Ch] [bp-Ch]@2
- int v6; // [sp+40h] [bp-8h]@3
- int status; // [sp+44h] [bp-4h]@5
- v4 = 1;
- while ( v4 )
- {
- addr_len = 16;
- hSocket = accept(fd, &addr, &addr_len);
- if ( hSocket != -1 )
- {
- v6 = fork();
- if ( v6 != -1 )
- {
- if ( !v6 )
- {
- close(fd);
- status = a2(hSocket);
- close(hSocket);
- exit(status);
- }
- close(hSocket);
- }
- }
- }
- }
- //----- (08049260) --------------------------------------------------------
- int __cdecl drop_privs_user(const char *name)
- {
- struct passwd *username; // [sp+24h] [bp-4h]@1
- username = getpwnam(name);
- if ( !username )
- err(-1, "Failed to find user %s\n", name);
- if ( drop_privs(username) == -1 )
- err(-1, "drop_privs failed!\n");
- return 0;
- }
- //----- (080492C0) --------------------------------------------------------
- int __cdecl drop_privs(struct_a1 *SID)
- {
- int v1; // ebx@8
- __gid_t v2; // eax@8
- int v3; // ebx@12
- __uid_t v4; // eax@12
- int retval; // [sp+10h] [bp-18h]@2
- __uid_t userid; // [sp+18h] [bp-10h]@1
- __gid_t groupid; // [sp+1Ch] [bp-Ch]@1
- userid = getuid();
- groupid = getgid();
- initgroups(SID->pchar0, SID->groupid);
- if ( setresgid(SID->groupid, SID->groupid) >= 0 )
- {
- if ( setresuid(SID->userid, SID->userid) >= 0 )
- {
- if ( SID->groupid == groupid || setgid(groupid) == -1 && setegid(groupid) == -1 )
- {
- if ( SID->userid == userid || setuid(userid) == -1 && seteuid(userid) == -1 )
- {
- if ( getgid() == SID->groupid && getegid() == SID->groupid )
- {
- if ( getuid() == SID->userid && geteuid() == SID->userid )
- retval = chdir(SID->dir);
- else
- retval = -1;
- }
- else
- {
- retval = -1;
- }
- }
- else
- {
- v3 = SID->userid;
- v4 = getuid();
- printf("setgid current uid: %d target uid: %d\n", v4, v3);
- retval = -1;
- }
- }
- else
- {
- v1 = SID->groupid;
- v2 = getgid();
- printf("setgid current gid: %d target gid: %d\n", v2, v1);
- retval = -1;
- }
- }
- else
- {
- retval = -1;
- }
- }
- else
- {
- retval = -1;
- }
- return retval;
- }
- // 8048AF8: using guessed type int __cdecl setresgid(_DWORD, _DWORD);
- // 8048B68: using guessed type int __cdecl setresuid(_DWORD, _DWORD);
- //----- (08049470) --------------------------------------------------------
- int __cdecl status(FILE *stream)
- {
- int v1; // ST34_4@1
- unsigned int v2; // ST38_4@1
- v1 = secret;
- v2 = time(0) - base;
- fprintf(stream, "250 %d:%d:%d\r\n", v2 / 0xE10, v2 % 0xE10 / 0x3C, v2 % 0x3C);
- if ( v1 != secret )
- _exit(1);
- return 0;
- }
- // 804A23C: using guessed type int secret;
- //----- (08049570) --------------------------------------------------------
- int __cdecl ehlo(FILE *s)
- {
- int v1; // ST24_4@1
- v1 = secret;
- fwrite("250-youdont.own.me\r\n", 1u, 0x14u, s);
- fwrite("250 8BITMIME\r\n", 1u, 0xEu, s);
- if ( v1 != secret )
- _exit(1);
- return 0;
- }
- // 804A23C: using guessed type int secret;
- //----- (080495F0) --------------------------------------------------------
- int __cdecl helo(FILE *s)
- {
- int v1; // ST24_4@1
- v1 = secret;
- fwrite("250 youdont.own.me\r\n", 1u, 0x14u, s);
- if ( v1 != secret )
- _exit(1);
- return 0;
- }
- // 804A23C: using guessed type int secret;
- //----- (08049640) --------------------------------------------------------
- signed int __cdecl quit(FILE *s)
- {
- int v1; // ST24_4@1
- v1 = secret;
- fwrite("221 youdont.own.me\r\n", 1u, 0x14u, s);
- if ( v1 != secret )
- _exit(1);
- return 1;
- }
- // 804A23C: using guessed type int secret;
- //----- (08049690) --------------------------------------------------------
- int __cdecl mail(FILE *a1, const char *s)
- {
- int v3; // [sp+1Ch] [bp-Ch]@1
- char *user; // [sp+20h] [bp-8h]@1
- v3 = secret;
- user = strchr(s, ':');
- if ( user )
- {
- if ( strchr(user + 1, '@') )
- fwrite("250 2.1.5 Ok\r\n", 1u, 0xEu, a1);
- else
- fwrite("550 Invalid sender\r\n", 1u, 0x14u, a1);
- }
- else
- {
- fwrite("550 Invalid sender\r\n", 1u, 0x14u, a1);
- }
- if ( v3 != secret )
- _exit(1);
- return 0;
- }
- // 804A23C: using guessed type int secret;
- //----- (08049770) --------------------------------------------------------
- int __cdecl rcpt(FILE *hOutput, const char *s)
- {
- int canary; // [sp+1Ch] [bp-Ch]@1
- char *user; // [sp+20h] [bp-8h]@1
- char *domain; // [sp+24h] [bp-4h]@2
- canary = secret;
- user = strchr(s, ':');
- if ( user )
- {
- domain = strchr(user + 1, '@');
- if ( domain )
- {
- if ( strcmp(domain + 1, "youdont.own.me") )
- fwrite("550 Unknown or invalid recipient\r\n", 1u, 0x22u, hOutput);
- else
- fwrite("250 2.1.5 Ok\r\n", 1u, 0xEu, hOutput);
- }
- else
- {
- fwrite("550 Unknown or invalid recipient\r\n", 1u, 0x22u, hOutput);
- }
- }
- else
- {
- fwrite("550 Unknown or invalid recipient\r\n", 1u, 0x22u, hOutput);
- }
- if ( canary != secret )
- _exit(1);
- return 0;
- }
- // 804A23C: using guessed type int secret;
- //----- (08049890) --------------------------------------------------------
- int __cdecl data(FILE *s, char *cadena)
- {
- int v3; // [sp+24h] [bp-4h]@1
- v3 = secret;
- fwrite("354 End data with <CR><LF>.<CR><LF>\r\n", 1u, 0x25u, s);
- do
- fgets(cadena, 512, s);
- while ( strcmp(cadena, ".\r\n") && strcmp(cadena, ".\n") );
- fwrite("250 2.0.0 Ok: queued as 9BDF718A98\r\n", 1u, 0x24u, s);
- if ( v3 != secret )
- _exit(1);
- return 0;
- }
- // 804A23C: using guessed type int secret;
- //----- (08049950) --------------------------------------------------------
- int __cdecl auth(FILE *stream)
- {
- char password[64]; // [sp+24h] [bp-64h]@1
- char username[32]; // [sp+64h] [bp-24h]@1
- int canary; // [sp+84h] [bp-4h]@1
- canary = secret;
- fwrite("334 VXNlcm5hbWU6\r\n", 1u, 0x12u, stream);
- fgets(username, 32, stream);
- fwrite("334 UGFzc3dvcmQ6\r\n", 1u, 0x12u, stream);
- fgets(password, 64, stream);
- if ( canary != secret )
- _exit(1);
- return 0;
- }
- // 804A23C: using guessed type int secret;
- //----- (08049A00) --------------------------------------------------------
- signed int __cdecl lookup(int Arg1)
- {
- unsigned int i; // [sp+Ch] [bp-8h]@1
- for ( i = 0; i <= 7; ++i )
- {
- if ( *&cmds[4 * i] == *Arg1 )
- return i;
- }
- return -1;
- }
- //----- (08049A50) --------------------------------------------------------
- signed int __cdecl client_callback(int fd)
- {
- char *time; // eax@1
- signed int retval; // [sp+14h] [bp-134h]@2
- char password[16]; // [sp+24h] [bp-124h]@1
- int rethandler; // [sp+34h] [bp-114h]@1
- FILE *stream; // [sp+38h] [bp-110h]@5
- char cmd; // [sp+3Ch] [bp-10Ch]@1
- char i; // [sp+13Bh] [bp-Dh]@1
- time_t timer; // [sp+13Ch] [bp-Ch]@1
- int canary; // [sp+140h] [bp-8h]@1
- int retcmd; // [sp+144h] [bp-4h]@8
- canary = secret;
- ::time(&timer);
- rethandler = 0;
- time = ctime(&timer);
- strncpy(&cmd, time, 256u);
- i = 0;
- memset(password, 0, 0x10u);
- sendMsg(fd, "Password: ", 0);
- if ( read_until_delim(fd, password, 0xFu, 10) > 0 )
- {
- if ( strcmp(password, "zenata") )
- {
- retval = 1;
- }
- else
- {
- stream = fdopen(fd, "rb+");
- if ( stream )
- {
- fprintf(stream, "220 youdont.own.me C-Mail service ready at %s", &cmd);
- while ( !rethandler )
- {
- if ( fgets(&cmd, 0x100u, stream) )
- {
- retcmd = lookup(&cmd);
- if ( retcmd < 0 )
- fwrite("502 Huh\n?", 1u, 9u, stream);
- else
- rethandler = handlers[retcmd](stream);
- }
- else
- {
- rethandler = 1;
- }
- fflush(stream);
- }
- }
- if ( canary != secret )
- _exit(1);
- retval = 0;
- }
- }
- else
- {
- retval = 1;
- }
- return retval;
- }
- // 804A080: using guessed type int (__cdecl *handlers[3])(FILE *s);
- // 804A23C: using guessed type int secret;
- //----- (08049C70) --------------------------------------------------------
- void (*__cdecl _do_global_ctors_aux())(void)
- {
- void (*result)(void); // eax@1
- int v1; // ebx@2
- result = _CTOR_LIST__;
- if ( _CTOR_LIST__ != -1 )
- {
- v1 = 0;
- do
- {
- result();
- result = *(v1 + 134521168);
- v1 -= 4;
- }
- while ( result != -1 );
- }
- return result;
- }
- // 804A154: using guessed type int _CTOR_LIST__;
- //----- (08049C9C) --------------------------------------------------------
- void __cdecl term_proc()
- {
- _do_global_dtors_aux();
- }
- // ALL OK, 29 function(s) have been successfully decompiled
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement