Bug#841748: marked as done (esniper: needs update for recent eBay changes)

Fri, 18 Nov 2016 21:06:22 -0800 

Your message dated Sat, 19 Nov 2016 05:03:32 +0000
with message-id <[email protected]>
and subject line Bug#841748: fixed in esniper 2.32.0-1
has caused the Debian Bug report #841748,
regarding esniper: needs update for recent eBay changes
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
841748: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=841748
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message --- 
Package: esniper
Version: 2.31.0-1.1
Severity: serious
Tags: patch
Control: forwarded -1 https://sourceforge.net/p/esniper/bugs/709

Recent changes on eBay broke authentication in esniper effectively rendering 
the latter useless. Fortunately upstream already fixed the problem:

 * https://sourceforge.net/p/esniper/bugs/705
 * https://sourceforge.net/p/esniper/bugs/709

The attached patch fixes the problem -- please apply it ASAP (I shall be 
happy to NMU if that's all right with you).

Also last upload was a while ago and it would be nice to update packaging, 
add Vcs links, create public repository on collab-maint, etc.

Please let me know if you need any help.

-- 
Regards,
 Dmitry Smirnov
 GPG key : 4096R/52B6BBD953968D1B

Last-Update: 2016-10-18
Forwarded: not-needed
Bug-Debian:
Bug-Upstream: https://sourceforge.net/p/esniper/bugs/705
Bug-Upstream: https://sourceforge.net/p/esniper/bugs/709
Origin: upstream, https://sourceforge.net/p/esniper/bugs/_discuss/thread/4c63a3a9/39ff/attachment/auction.c
Description: fix authentication.

--- a/auction.c
+++ b/auction.c
@@ -26,8 +26,9 @@
 
 /* for strcasestr  prototype in string.h */
 #define _GNU_SOURCE
 
+#include "util.h"
 #include "auction.h"
 #include "buffer.h"
 #include "http.h"
 #include "html.h"
@@ -387,11 +388,107 @@
 	}
 	return ret;
 }
 
+// MSP Oct. 2016
 static const char LOGIN_1_URL[] = "https://%s/ws/eBayISAPI.dll?SignIn";;
-static const char LOGIN_2_URL[] = "https://%s/ws/eBayISAPI.dll?SignInWelcome&userid=%s&pass=%s&keepMeSignInOption=1";;
+static const char LOGIN_2_URL[] = "https://%s/ws/eBayISAPI.dll?co_partnerId=2&siteid=0&UsingSSL=1";;
+static const char LOGIN_DATA[] = "refId=&regUrl=%s&MfcISAPICommand=SignInWelcome&bhid=DEF_CI&UsingSSL=1&inputversion=2&lse=false&lsv=&mid=%s&kgver=1&kgupg=1&kgstate=&omid=&hmid=&rhr=f&srt=%s&siteid=0&co_partnerId=2&ru=&pp=&pa1=&pa2=&pa3=&i1=-1&pageType=-1&rtmData=&usid=%s&afbpmName=sess1&kgct=&userid_otp=&sgnBt=Continue&otp=&keepMeSignInOption3=1&userid=%s&%s=%s&runId2=%s&%s=%s&pass=%s&keepMeSignInOption2=1&keepMeSignInOption=1";
 
+// MSP Oct. 2016
+const char* pszId="id=\"";
+const char* pszId2="value=\"";
+
+typedef struct _headerattr
+{
+  char* pszName;
+  int   iOccurence;
+  int   iDirection;
+  char* pszValue;
+} HEADERATTR, HEADERVALS;
+
+const int USER_NUM=0;
+const int PASS_NUM=1;
+
+const int REGURL=0;
+const int MID=1;
+const int SRT=2;
+const int USID=3;
+const int RUNID2=4;
+
+typedef enum searchtype { searchAttribute, searchValue } SEARCHTYPE;
+
+HEADERATTR headerattrs[] = {"<label for=\"userid\">", 1, 1, NULL,
+                            "\"password\"", 1, -1, NULL};
+
+HEADERVALS headervals[] = {"regUrl", 1, 1, NULL,
+                           "mid", 1, 1, NULL,
+                           "srt", 1, 1, NULL,
+                           "usid", 1, 1, NULL,
+                           "runId2", 1, 1, NULL};
+
+void signinFormError(HEADERATTR* searchdef, SEARCHTYPE searchfor)
+{
+	printf("Error in function %s(): %s not found!\nPlease report at https://sourceforge.net/p/esniper/bugs/705/\n";,
+				(searchfor == searchAttribute ? "findattr" : "searchvalue"), searchdef->pszName);
+	// Abort
+	abort();
+}
+
+int signinFormSearch(char* pSrc, size_t SrcLen, HEADERATTR* searchdef, SEARCHTYPE searchfor)
+{
+	char* pszStart = pSrc;
+	char* pszEnd = pSrc+SrcLen;
+	char* pszSearch = NULL;
+	char szPattern[128];
+	char szRes[4096];
+	int  i;
+
+	if( searchfor == searchAttribute )
+		strcpy(szPattern, searchdef->pszName);
+	else
+		sprintf(szPattern, "name=\"%s\"", searchdef->pszName);
+
+	for(i=0; i < searchdef->iOccurence; i++)
+	{
+		pszSearch = strstr(pszStart, szPattern);
+		if( pszSearch == NULL ) return 1;
+		pszStart=pszSearch;
+		pszStart+=strlen(szPattern);
+	}
+
+	while( pSrc != pszSearch && pszEnd != pszSearch )
+	{
+                pszSearch+=(searchdef->iDirection);
+
+		if( !strncmp(pszSearch, (searchfor == searchAttribute ? pszId : pszId2), 
+                                        (searchfor == searchAttribute ? strlen(pszId) : strlen(pszId2))) )
+		{
+		    pszSearch+=((searchfor == searchAttribute ? strlen(pszId) : strlen(pszId2)));
+                    memset(szRes, '\0', sizeof(szRes));
+		    for(i=0;
+                        ((searchfor == searchValue) || isdigit(*pszSearch)) && ((char)*pszSearch) != '"' && i<sizeof(szRes);
+                        szRes[i++]=*pszSearch++);
+		    searchdef->pszValue = (char *)myMalloc(strlen(szRes)+1);
+		    strncpy(searchdef->pszValue, (char*) &szRes, strlen(szRes)+1);
+		    if (options.debug) dlog("%s(): %s=%s", (searchfor == searchAttribute ? "findattr" : "searchvalue"), 
+                                                           searchdef->pszName, searchdef->pszValue);
+		    return 0;
+		}
+	}
+
+	return 1;
+}
+
+int findattr(char* pSrc, size_t SrcLen, HEADERATTR* attr)
+{
+	return signinFormSearch(pSrc, SrcLen, attr, searchAttribute);
+}
+
+int getvals(char* pSrc, size_t SrcLen, HEADERVALS* vals)
+{
+	return signinFormSearch(pSrc, SrcLen, vals, searchValue);
+}
 
 /*
  * Force an ebay login.
  *
@@ -413,12 +510,13 @@
 ebayLogin(auctionInfo *aip, time_t interval)
 {
 	memBuf_t *mp = NULL;
 	size_t urlLen;
-	char *url, *logUrl;
+	char *url, *data, *logdata;
 	pageInfo_t *pp;
 	int ret = 0;
 	char *password;
+	int i;	
 
 	/* negative value forces login */
 	if (loginTime > 0) {
 		if (interval == 0)
@@ -437,23 +535,81 @@
 	mp = httpGet(url, NULL);
 	free(url);
 	if (!mp)
 		return httpError(aip);
+
+	// Get all atrributes and values needed (MSP Oct. 2016)
+	for(i=0; i < sizeof(headerattrs)/sizeof(HEADERATTR); i++) if(findattr(mp->readptr, mp->size, &headerattrs[i])) signinFormError(&headerattrs[i], searchAttribute);
+	for(i=0; i < sizeof(headervals)/sizeof(HEADERVALS); i++) if(getvals(mp->readptr, mp->size, &headervals[i])) signinFormError(&headervals[i], searchValue); 
+
 	freeMembuf(mp);
 	mp = NULL;
 
-	urlLen = sizeof(LOGIN_2_URL) + strlen(options.loginHost) + strlen(options.usernameEscape) - (3*2);
+	// MSP Oct. 2016
+	urlLen = sizeof(LOGIN_2_URL) + strlen(options.loginHost) - (1*2);
 	password = getPassword();
-	url = (char *)myMalloc(urlLen + strlen(password));
-	logUrl = (char *)myMalloc(urlLen + 5);
-
-	sprintf(url, LOGIN_2_URL, options.loginHost, options.usernameEscape, password);
+	url = (char *)myMalloc(urlLen);
+	sprintf(url, LOGIN_2_URL, options.loginHost);
+	data = (char *)myMalloc(	sizeof(LOGIN_DATA)
+                                      + strlen(headerattrs[USER_NUM].pszValue)
+                                      + strlen(headerattrs[PASS_NUM].pszValue)
+                                      + strlen(options.usernameEscape) * 2
+                                      + strlen(password) * 2
+                                      + strlen(headervals[REGURL].pszValue)
+                                      + strlen(headervals[MID].pszValue)
+                                      + strlen(headervals[SRT].pszValue)
+                                      + strlen(headervals[USID].pszValue)
+                                      + strlen(headervals[RUNID2].pszValue)
+				      - (11*2)
+                                      );
+	logdata = (char *)myMalloc(	sizeof(LOGIN_DATA)
+                                      + strlen(headerattrs[USER_NUM].pszValue)
+                                      + strlen(headerattrs[PASS_NUM].pszValue) 
+                                      + strlen(options.usernameEscape) * 2
+                                      + 5 * 2
+                                      + strlen(headervals[REGURL].pszValue)
+                                      + strlen(headervals[MID].pszValue)
+                                      + strlen(headervals[SRT].pszValue)
+                                      + strlen(headervals[USID].pszValue)
+                                      + strlen(headervals[RUNID2].pszValue)
+				      - (11*2)
+                                      );
+	sprintf(data, LOGIN_DATA,	headervals[REGURL].pszValue,
+					headervals[MID].pszValue,
+					headervals[SRT].pszValue,
+					headervals[USID].pszValue,
+					options.usernameEscape,
+					headerattrs[USER_NUM].pszValue,
+					options.usernameEscape,
+					headervals[RUNID2].pszValue,
+                                        headerattrs[PASS_NUM].pszValue,
+					password,
+					password
+					);
 	freePassword(password);
-	sprintf(logUrl, LOGIN_2_URL, options.loginHost, options.usernameEscape, "*****");
-
-	mp = httpGet(url, logUrl);
+	sprintf(logdata, LOGIN_DATA,	headervals[REGURL].pszValue,
+					headervals[MID].pszValue,
+					headervals[SRT].pszValue,
+					headervals[USID].pszValue,
+					options.usernameEscape,
+					headerattrs[USER_NUM].pszValue,
+					options.usernameEscape,
+					headervals[RUNID2].pszValue,
+                                        headerattrs[PASS_NUM].pszValue,
+					"*****",
+					"*****"
+					);
+
+	// MSP Oct. 2016 - Using POST method instead of GET
+	mp = httpPost(url, data, logdata);
+
+	// Free memory (MSP Oct. 2016)
+	for(i=0; i < sizeof(headerattrs)/sizeof(HEADERATTR); free(headerattrs[i++].pszValue));
+	for(i=0; i < sizeof(headervals)/sizeof(HEADERVALS); free(headervals[i++].pszValue));
 	free(url);
-	free(logUrl);
+	free(data);
+	free(logdata);
+
 	if (!mp)
 		return httpError(aip);
 
 	if ((pp = getPageInfo(mp))) {

Attachment: signature.asc
Description: This is a digitally signed message part.


--- End Message ---
--- Begin Message --- 
Source: esniper
Source-Version: 2.32.0-1

We believe that the bug you reported is fixed in the latest version of
esniper, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Dmitry Smirnov <[email protected]> (supplier of updated esniper package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Sat, 19 Nov 2016 15:33:25 +1100
Source: esniper
Binary: esniper
Architecture: source amd64
Version: 2.32.0-1
Distribution: unstable
Urgency: medium
Maintainer: Dima Barsky <[email protected]>
Changed-By: Dmitry Smirnov <[email protected]>
Description:
 esniper    - simple, lightweight tool for sniping ebay auctions
Closes: 841748
Changes:
 esniper (2.32.0-1) unstable; urgency=medium
 .
   * New upstream release [November 2016].
     + fixed eBay authentication (Closes: #841748)
   * Modernised packaging:
     + source format "3.0 (quilt)"; Standards-Version: 3.9.8
   * control:
     + added Homepage
     + added Vcs links to new collab-maint repository
     + Build-Depends:
       + added "libcurl4-dev" alternative
       + removed needless versioning
       + autotools-dev --> dh-autoreconf
       + DH/compat to version 9
   * rules:
     + build with full hardening
     + converted rules to DH style
   * watch:
     + added "uversionmangle" and corrected search pattern.
     + pgpmode=none: upstream provides no tarball signature
     + converted to version=4
   * added "gbp.conf"
   * converted copyright file to copyright-format v1.0
   * Declared myself an Uploader.
Checksums-Sha1:
 775c1875dddb05b9c168a9ebaf9a6b20fe739d37 1947 esniper_2.32.0-1.dsc
 19bd92ef20b8733b27950a46436e584466d22b58 133120 esniper_2.32.0.orig.tar.gz
 c8895429481919500d40170beffce7a56e3eb728 3624 esniper_2.32.0-1.debian.tar.xz
 f2bca31e3cdc6f43e8e9cc8583b7561dea1320ed 80722 
esniper-dbgsym_2.32.0-1_amd64.deb
 3427d39124a6c6cb0459c18d922b10f6c491f42c 5567 esniper_2.32.0-1_amd64.buildinfo
 376672955dc21615b97d9dd51303d2a527a6ab0a 46886 esniper_2.32.0-1_amd64.deb
Checksums-Sha256:
 1608345de91fd740437406ef2c3d339d3e0f8c3388977a3186d0298ccf12e8ff 1947 
esniper_2.32.0-1.dsc
 5ee3e5237c6a12059ae9d38380505d38448c2c12787f9fcc603cdb0a1a519312 133120 
esniper_2.32.0.orig.tar.gz
 9c598a80c2e47a1b965c144aa9c769acce36dd0de1cb4a6d7b34f875c9cdb042 3624 
esniper_2.32.0-1.debian.tar.xz
 f2ebb20fa6cfad0a6b7dbacc44b208ea810b8f381ebcdd0adf9b80d60c2aabdf 80722 
esniper-dbgsym_2.32.0-1_amd64.deb
 e055270d365e450c082a05fec18773e810fe126eb2bd2576fe7978410d04d680 5567 
esniper_2.32.0-1_amd64.buildinfo
 4c0b2280eb7c44c5ff64bc99bdb26c79513cd33ab7e5d67675aadf0eb3a096a0 46886 
esniper_2.32.0-1_amd64.deb
Files:
 3c6ae5b8d5f0fcbddd3902bfbf50cb66 1947 misc extra esniper_2.32.0-1.dsc
 6e750e9fc553e1414a024ab077b6ffc8 133120 misc extra esniper_2.32.0.orig.tar.gz
 0f904be6572375565e1cfa05a0fc64e2 3624 misc extra esniper_2.32.0-1.debian.tar.xz
 364817c3d75b447b0d47962c5de7503c 80722 debug extra 
esniper-dbgsym_2.32.0-1_amd64.deb
 b05824ffa3898b0faebefbbb92be53ae 5567 misc extra 
esniper_2.32.0-1_amd64.buildinfo
 59795336d1c958af77c7fe9902d0af8c 46886 misc extra esniper_2.32.0-1_amd64.deb

-----BEGIN PGP SIGNATURE-----

iQIcBAEBCAAGBQJYL9dfAAoJEFK2u9lTlo0bqfEP/A2nDqoBNoXXw/Rb2DnGvKU/
TDnXsLDeFICE9PmzolpNXNdpiouL2MtDigSs6+KdDLWFv+juiTk4lBBKDK5ysZVq
CtvCsov9nc+HxumJhFXfdX5Qn+PImYmZnIi4JmbaJCkRcax4cuhrgkhxs1oRk2V4
qpL0aLZIVM0AgsXF65XQwUffGHi2torAdirbLCp2jgFyxC0nza2Ge3+06fidkJZl
qIlDb9umR1/vtXzYCnga8skxM7xwZS655uJPQ9+86g+yPrMj69KEYC5pIR7H4bv1
B+ug9rBFaRzp3EsN0Ay8F2levUKA5MqWdeW99G354sbN0O1By4Hyx/bKMNBPp8tz
3RrpbGe8FD01JlPK/O8Wm+9xY9ykIU9WOM+c3q2rm9euTjiYwGvzMFA2gvqfDn5t
PtlTk4dncn9VQjRnYb5k8M9kSfcnx5KpkU8k4Vjle5vWTnpklm84AYWeBGe+5cKf
b5DC0H8ieDW/ppxaQmO05ssqCz60johPhCgC4L8cRbyejXMipzkVWGjoU+VkF3UK
K0c+YfogvSdKcXJCL7j44bN1BFJsl2mDQA2K7ch/hRblHM8spj3biYpfXVOnnWmG
HDqxWZpkomhqGLnDfGS/a38HRG9k/Cs/PX8NyorcQcGh/F/eC46vH4jVh5Xf3Zy1
kcJ8KCSNydygcawHSuO0
=8ciq
-----END PGP SIGNATURE-----

--- End Message ---

Reply via email to