search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Migrate certificates, icons, logs to XDG dirs
[pidgin-git.git] / libpurple / protocols / jabber / auth_digest_md5.c
blob3de3fc7d15188073975887d842d44ed4d4640c45
1 /*
2 * purple - Jabber Protocol Plugin
3 *
4 * Purple is the legal property of its developers, whose names are too numerous
5 * to list here. Please refer to the COPYRIGHT file distributed with this
6 * source distribution.
7 *
8 * This program is free software; you can redistribute it and/or modify
9 * it under the terms of the GNU General Public License as published by
10 * the Free Software Foundation; either version 2 of the License, or
11 * (at your option) any later version.
12 *
13 * This program is distributed in the hope that it will be useful,
14 * but WITHOUT ANY WARRANTY; without even the implied warranty of
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 * GNU General Public License for more details.
17 *
18 * You should have received a copy of the GNU General Public License
19 * along with this program; if not, write to the Free Software
20 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02111-1301 USA
21 *
22 */
23 #include "internal.h"
24
25 #include "debug.h"
26 #include "ciphers/md5hash.h"
27 #include "util.h"
28 #include "xmlnode.h"
29
30 #include "auth_digest_md5.h"
31 #include "auth.h"
32 #include "jabber.h"
33
34 static JabberSaslState
35 digest_md5_start(JabberStream *js, PurpleXmlNode *packet, PurpleXmlNode **response,
36 char **error)
37 {
38 PurpleXmlNode *auth = purple_xmlnode_new("auth");
39 purple_xmlnode_set_namespace(auth, NS_XMPP_SASL);
40 purple_xmlnode_set_attrib(auth, "mechanism", "DIGEST-MD5");
41
42 *response = auth;
43 return JABBER_SASL_STATE_CONTINUE;
44 }
45
46 /* Parts of this algorithm are inspired by stuff in libgsasl */
47 GHashTable* jabber_auth_digest_md5_parse(const char *challenge)
48 {
49 const char *token_start, *val_start, *val_end, *cur;
50 GHashTable *ret = g_hash_table_new_full(g_str_hash, g_str_equal,
51 g_free, g_free);
52
53 cur = challenge;
54 while(*cur != '\0') {
55 /* Find the end of the token */
56 gboolean in_quotes = FALSE;
57 char *name, *value = NULL;
58 token_start = cur;
59 while(*cur != '\0' && (in_quotes || (!in_quotes && *cur != ','))) {
60 if (*cur == '"')
61 in_quotes = !in_quotes;
62 cur++;
63 }
64
65 /* Find start of value. */
66 val_start = strchr(token_start, '=');
67 if (val_start == NULL || val_start > cur)
68 val_start = cur;
69
70 if (token_start != val_start) {
71 name = g_strndup(token_start, val_start - token_start);
72
73 if (val_start != cur) {
74 val_start++;
75 while (val_start != cur && (*val_start == ' ' || *val_start == '\t'
76 || *val_start == '\r' || *val_start == '\n'
77 || *val_start == '"'))
78 val_start++;
79
80 val_end = cur;
81 while (val_end >= val_start && (*val_end == ' ' || *val_end == ',' || *val_end == '\t'
82 || *val_end == '\r' || *val_end == '\n'
83 || *val_end == '"' || *val_end == '\0'))
84 val_end--;
85
86 if (val_end - val_start + 1 >= 0)
87 value = g_strndup(val_start, val_end - val_start + 1);
88 }
89
90 g_hash_table_replace(ret, name, value);
91 }
92
93 /* Find the start of the next token, if there is one */
94 if (*cur != '\0') {
95 cur++;
96 while (*cur == ' ' || *cur == ',' || *cur == '\t'
97 || *cur == '\r' || *cur == '\n')
98 cur++;
99 }
100 }
101
102 return ret;
103 }
104
105 static char *
106 generate_response_value(JabberID *jid, const char *passwd, const char *nonce,
107 const char *cnonce, const char *a2, const char *realm)
108 {
109 PurpleHash *hash;
110 guchar result[16];
111 size_t a1len;
112
113 gchar *a1, *convnode=NULL, *convpasswd = NULL, *ha1, *ha2, *kd, *x, *z;
114
115 if((convnode = g_convert(jid->node, -1, "iso-8859-1", "utf-8",
116 NULL, NULL, NULL)) == NULL) {
117 convnode = g_strdup(jid->node);
118 }
119 if(passwd && ((convpasswd = g_convert(passwd, -1, "iso-8859-1",
120 "utf-8", NULL, NULL, NULL)) == NULL)) {
121 convpasswd = g_strdup(passwd);
122 }
123
124 hash = purple_md5_hash_new();
125
126 x = g_strdup_printf("%s:%s:%s", convnode, realm, convpasswd ? convpasswd : "");
127 purple_hash_append(hash, (const guchar *)x, strlen(x));
128 purple_hash_digest(hash, result, sizeof(result));
129
130 a1 = g_strdup_printf("xxxxxxxxxxxxxxxx:%s:%s", nonce, cnonce);
131 a1len = strlen(a1);
132 g_memmove(a1, result, 16);
133
134 purple_hash_reset(hash);
135 purple_hash_append(hash, (const guchar *)a1, a1len);
136 purple_hash_digest(hash, result, sizeof(result));
137
138 ha1 = purple_base16_encode(result, 16);
139
140 purple_hash_reset(hash);
141 purple_hash_append(hash, (const guchar *)a2, strlen(a2));
142 purple_hash_digest(hash, result, sizeof(result));
143
144 ha2 = purple_base16_encode(result, 16);
145
146 kd = g_strdup_printf("%s:%s:00000001:%s:auth:%s", ha1, nonce, cnonce, ha2);
147
148 purple_hash_reset(hash);
149 purple_hash_append(hash, (const guchar *)kd, strlen(kd));
150 purple_hash_digest(hash, result, sizeof(result));
151 g_object_unref(hash);
152
153 z = purple_base16_encode(result, 16);
154
155 g_free(convnode);
156 g_free(convpasswd);
157 g_free(x);
158 g_free(a1);
159 g_free(ha1);
160 g_free(ha2);
161 g_free(kd);
162
163 return z;
164 }
165
166 static JabberSaslState
167 digest_md5_handle_challenge(JabberStream *js, PurpleXmlNode *packet,
168 PurpleXmlNode **response, char **msg)
169 {
170 PurpleXmlNode *reply = NULL;
171 char *enc_in = purple_xmlnode_get_data(packet);
172 char *dec_in;
173 char *enc_out;
174 GHashTable *parts;
175 JabberSaslState state = JABBER_SASL_STATE_CONTINUE;
176
177 if (!enc_in) {
178 *msg = g_strdup(_("Invalid response from server"));
179 return JABBER_SASL_STATE_FAIL;
180 }
181
182 dec_in = (char *)purple_base64_decode(enc_in, NULL);
183 purple_debug_misc("jabber", "decoded challenge (%"
184 G_GSIZE_FORMAT "): %s\n",
185 strlen(dec_in),
186 dec_in);
187
188 parts = jabber_auth_digest_md5_parse(dec_in);
189
190 if (g_hash_table_lookup(parts, "rspauth")) {
191 char *rspauth = g_hash_table_lookup(parts, "rspauth");
192 char *expected_rspauth = js->auth_mech_data;
193
194 if (rspauth && purple_strequal(rspauth, expected_rspauth)) {
195 reply = purple_xmlnode_new("response");
196 purple_xmlnode_set_namespace(reply, NS_XMPP_SASL);
197 } else {
198 *msg = g_strdup(_("Invalid challenge from server"));
199 state = JABBER_SASL_STATE_FAIL;
200 }
201 g_free(js->auth_mech_data);
202 js->auth_mech_data = NULL;
203 } else {
204 /* assemble a response, and send it */
205 /* see RFC 2831 */
206 char *realm;
207 char *nonce;
208
209 /* Make sure the auth string contains everything that should be there.
210 This isn't everything in RFC2831, but it is what we need. */
211
212 nonce = g_hash_table_lookup(parts, "nonce");
213
214 /* we're actually supposed to prompt the user for a realm if
215 * the server doesn't send one, but that really complicates things,
216 * so i'm not gonna worry about it until is poses a problem to
217 * someone, or I get really bored */
218 realm = g_hash_table_lookup(parts, "realm");
219 if(!realm)
220 realm = js->user->domain;
221
222 if (nonce == NULL || realm == NULL) {
223 *msg = g_strdup(_("Invalid challenge from server"));
224 state = JABBER_SASL_STATE_FAIL;
225 } else {
226 GString *response = g_string_new("");
227 char *a2;
228 char *auth_resp;
229 char *cnonce;
230
231 cnonce = g_strdup_printf("%x%u%x", g_random_int(), (int)time(NULL),
232 g_random_int());
233
234 a2 = g_strdup_printf("AUTHENTICATE:xmpp/%s", realm);
235 auth_resp = generate_response_value(js->user,
236 purple_connection_get_password(js->gc), nonce, cnonce, a2, realm);
237 g_free(a2);
238
239 a2 = g_strdup_printf(":xmpp/%s", realm);
240 js->auth_mech_data = generate_response_value(js->user,
241 purple_connection_get_password(js->gc), nonce, cnonce, a2, realm);
242 g_free(a2);
243
244 g_string_append_printf(response, "username=\"%s\"", js->user->node);
245 g_string_append_printf(response, ",realm=\"%s\"", realm);
246 g_string_append_printf(response, ",nonce=\"%s\"", nonce);
247 g_string_append_printf(response, ",cnonce=\"%s\"", cnonce);
248 g_string_append_printf(response, ",nc=00000001");
249 g_string_append_printf(response, ",qop=auth");
250 g_string_append_printf(response, ",digest-uri=\"xmpp/%s\"", realm);
251 g_string_append_printf(response, ",response=%s", auth_resp);
252 g_string_append_printf(response, ",charset=utf-8");
253
254 g_free(auth_resp);
255 g_free(cnonce);
256
257 enc_out = purple_base64_encode((guchar *)response->str, response->len);
258
259 purple_debug_misc("jabber", "decoded response (%"
260 G_GSIZE_FORMAT "): %s\n",
261 response->len, response->str);
262
263 reply = purple_xmlnode_new("response");
264 purple_xmlnode_set_namespace(reply, NS_XMPP_SASL);
265 purple_xmlnode_insert_data(reply, enc_out, -1);
266
267 g_free(enc_out);
268
269 g_string_free(response, TRUE);
270 }
271 }
272
273 g_free(enc_in);
274 g_free(dec_in);
275 g_hash_table_destroy(parts);
276
277 *response = reply;
278 return state;
279 }
280
281 static void
282 digest_md5_dispose(JabberStream *js)
283 {
284 g_free(js->auth_mech_data);
285 js->auth_mech_data = NULL;
286 }
287
288 static JabberSaslMech digest_md5_mech = {
289 10, /* priority */
290 "DIGEST-MD5", /* name */
291 digest_md5_start,
292 digest_md5_handle_challenge,
293 NULL, /* handle_success */
294 NULL, /* handle_failure */
295 digest_md5_dispose,
296 };
297
298 JabberSaslMech *jabber_auth_get_digest_md5_mech(void)
299 {
300 return &digest_md5_mech;
301 }
Git mirror of Pidgin's Mercurial repository