Changeset d8e0484 for protocols/jabber/sasl.c
- Timestamp:
- 2006-09-22T22:49:40Z (18 years ago)
- Branches:
- master
- Children:
- 5e202b0
- Parents:
- fe7a554
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
protocols/jabber/sasl.c
rfe7a554 rd8e0484 71 71 xt_add_attr( reply, "xmlns", SASL_NS ); 72 72 73 if( sup_digest && 0)73 if( sup_digest ) 74 74 { 75 75 xt_add_attr( reply, "mechanism", "DIGEST-MD5" ); … … 107 107 } 108 108 109 static char *sasl_get_part( char *data, char *field ) 110 { 111 int i, len; 112 113 len = strlen( field ); 114 115 if( g_strncasecmp( data, field, len ) == 0 && data[len] == '=' ) 116 { 117 i = strlen( field ) + 1; 118 } 119 else 120 { 121 for( i = 0; data[i]; i ++ ) 122 { 123 /* If we have a ", skip until it's closed again. */ 124 if( data[i] == '"' ) 125 { 126 i ++; 127 while( data[i] != '"' || data[i-1] == '\\' ) 128 i ++; 129 } 130 131 /* If we got a comma, we got a new field. Check it. */ 132 if( data[i] == ',' && 133 g_strncasecmp( data + i + 1, field, len ) == 0 && 134 data[i+len+1] == '=' ) 135 { 136 i += len + 2; 137 break; 138 } 139 } 140 } 141 142 if( data[i] == '"' ) 143 { 144 int j; 145 char *ret; 146 147 i ++; 148 len = 0; 149 while( data[i+len] != '"' || data[i+len-1] == '\\' ) 150 len ++; 151 152 ret = g_strndup( data + i, len ); 153 for( i = j = 0; ret[i]; i ++ ) 154 { 155 if( ret[i] == '\\' ) 156 { 157 ret[j++] = ret[++i]; 158 } 159 else 160 { 161 ret[j++] = ret[i]; 162 } 163 } 164 ret[j] = 0; 165 166 return ret; 167 } 168 else if( data[i] ) 169 { 170 len = 0; 171 while( data[i+len] && data[i+len] != ',' ) 172 len ++; 173 174 return g_strndup( data + i, len ); 175 } 176 else 177 { 178 return NULL; 179 } 180 } 181 109 182 xt_status sasl_pkt_challenge( struct xt_node *node, gpointer data ) 110 183 { 111 return XT_HANDLED; 184 struct gaim_connection *gc = data; 185 struct jabber_data *jd = gc->proto_data; 186 struct xt_node *reply = NULL; 187 char *nonce = NULL, *realm = NULL, *cnonce = NULL, cnonce_bin[30]; 188 char *digest_uri = NULL; 189 char *dec = NULL; 190 char *s = NULL; 191 xt_status ret = XT_ABORT; 192 193 if( node->text_len == 0 ) 194 goto error; 195 196 dec = frombase64( node->text ); 197 198 if( !( s = sasl_get_part( dec, "rspauth" ) ) ) 199 { 200 /* See RFC 2831 for for information. */ 201 md5_state_t A1, A2, H; 202 md5_byte_t A1r[16], A2r[16], Hr[16]; 203 char A1h[33], A2h[33], Hh[33]; 204 int i; 205 206 nonce = sasl_get_part( dec, "nonce" ); 207 realm = sasl_get_part( dec, "realm" ); 208 209 if( !nonce || !realm ) 210 goto error; 211 212 random_bytes( (unsigned char *) cnonce_bin, sizeof( cnonce_bin ) ); 213 cnonce = base64_encode( cnonce_bin, sizeof( cnonce_bin ) ); 214 digest_uri = g_strdup_printf( "%s/%s", "xmpp", jd->server ); 215 216 /* Generate the MD5 hash of username:realm:password, 217 I decided to call it H. */ 218 md5_init( &H ); 219 s = g_strdup_printf( "%s:%s:%s", jd->username, realm, gc->acc->pass ); 220 md5_append( &H, (unsigned char *) s, strlen( s ) ); 221 g_free( s ); 222 md5_finish( &H, Hr ); 223 224 /* Now generate the hex. MD5 hash of H:nonce:cnonce, called A1. */ 225 md5_init( &A1 ); 226 s = g_strdup_printf( ":%s:%s", nonce, cnonce ); 227 md5_append( &A1, Hr, 16 ); 228 md5_append( &A1, (unsigned char *) s, strlen( s ) ); 229 g_free( s ); 230 md5_finish( &A1, A1r ); 231 for( i = 0; i < 16; i ++ ) 232 sprintf( A1h + i * 2, "%02x", A1r[i] ); 233 234 /* A2... */ 235 md5_init( &A2 ); 236 s = g_strdup_printf( "%s:%s", "AUTHENTICATE", digest_uri ); 237 md5_append( &A2, (unsigned char *) s, strlen( s ) ); 238 g_free( s ); 239 md5_finish( &A2, A2r ); 240 for( i = 0; i < 16; i ++ ) 241 sprintf( A2h + i * 2, "%02x", A2r[i] ); 242 243 /* Final result: A1:nonce:00000001:cnonce:auth:A2. Let's reuse H for it. */ 244 md5_init( &H ); 245 s = g_strdup_printf( "%s:%s:%s:%s:%s:%s", A1h, nonce, "00000001", cnonce, "auth", A2h ); 246 md5_append( &H, (unsigned char *) s, strlen( s ) ); 247 g_free( s ); 248 md5_finish( &H, Hr ); 249 for( i = 0; i < 16; i ++ ) 250 sprintf( Hh + i * 2, "%02x", Hr[i] ); 251 252 /* Now build the SASL response string: */ 253 g_free( dec ); 254 dec = g_strdup_printf( "username=\"%s\",realm=\"%s\",nonce=\"%s\",cnonce=\"%s\"," 255 "nc=%08x,qop=auth,digest-uri=\"%s\",response=%s,charset=%s", 256 jd->username, realm, nonce, cnonce, 1, digest_uri, Hh, "utf-8" ); 257 s = tobase64( dec ); 258 } 259 else 260 { 261 /* We found rspauth, but don't really care... */ 262 g_free( s ); 263 s = NULL; 264 } 265 266 reply = xt_new_node( "response", s, NULL ); 267 xt_add_attr( reply, "xmlns", SASL_NS ); 268 269 if( !jabber_write_packet( gc, reply ) ) 270 goto silent_error; 271 272 ret = XT_HANDLED; 273 goto silent_error; 274 275 error: 276 hide_login_progress( gc, "Incorrect SASL challenge received" ); 277 signoff( gc ); 278 279 silent_error: 280 g_free( digest_uri ); 281 g_free( cnonce ); 282 g_free( nonce ); 283 g_free( realm ); 284 g_free( dec ); 285 g_free( s ); 286 xt_free_node( reply ); 287 288 return ret; 112 289 } 113 290
Note: See TracChangeset
for help on using the changeset viewer.