rename accountopt.[ch] to purpleaccountoption.[ch]
[pidgin-git.git] / libpurple / protocols / jabber / auth_digest_md5.c
blobc71d1f1394b692fb58791770dfa1c9519dc72a60
1 /*
2 * purple - Jabber Protocol Plugin
4 * Purple is the legal property of its developers, whose names are too numerous
5 * to list here. Please refer to the COPYRIGHT file distributed with this
6 * source distribution.
8 * This program is free software; you can redistribute it and/or modify
9 * it under the terms of the GNU General Public License as published by
10 * the Free Software Foundation; either version 2 of the License, or
11 * (at your option) any later version.
13 * This program is distributed in the hope that it will be useful,
14 * but WITHOUT ANY WARRANTY; without even the implied warranty of
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 * GNU General Public License for more details.
18 * You should have received a copy of the GNU General Public License
19 * along with this program; if not, write to the Free Software
20 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02111-1301 USA
23 #include "internal.h"
25 #include "debug.h"
26 #include "util.h"
27 #include "xmlnode.h"
29 #include "auth_digest_md5.h"
30 #include "auth.h"
31 #include "jabber.h"
33 static JabberSaslState
34 digest_md5_start(JabberStream *js, PurpleXmlNode *packet, PurpleXmlNode **response,
35 char **error)
37 PurpleXmlNode *auth = purple_xmlnode_new("auth");
38 purple_xmlnode_set_namespace(auth, NS_XMPP_SASL);
39 purple_xmlnode_set_attrib(auth, "mechanism", "DIGEST-MD5");
41 *response = auth;
42 return JABBER_SASL_STATE_CONTINUE;
45 /* Parts of this algorithm are inspired by stuff in libgsasl */
46 GHashTable* jabber_auth_digest_md5_parse(const char *challenge)
48 const char *token_start, *val_start, *val_end, *cur;
49 GHashTable *ret = g_hash_table_new_full(g_str_hash, g_str_equal,
50 g_free, g_free);
52 cur = challenge;
53 while(*cur != '\0') {
54 /* Find the end of the token */
55 gboolean in_quotes = FALSE;
56 char *name, *value = NULL;
57 token_start = cur;
58 while (*cur != '\0' && (in_quotes || *cur != ',')) {
59 if (*cur == '"')
60 in_quotes = !in_quotes;
61 cur++;
64 /* Find start of value. */
65 val_start = strchr(token_start, '=');
66 if (val_start == NULL || val_start > cur)
67 val_start = cur;
69 if (token_start != val_start) {
70 name = g_strndup(token_start, val_start - token_start);
72 if (val_start != cur) {
73 val_start++;
74 while (val_start != cur && (*val_start == ' ' || *val_start == '\t'
75 || *val_start == '\r' || *val_start == '\n'
76 || *val_start == '"'))
77 val_start++;
79 val_end = cur;
80 while (val_end >= val_start && (*val_end == ' ' || *val_end == ',' || *val_end == '\t'
81 || *val_end == '\r' || *val_end == '\n'
82 || *val_end == '"' || *val_end == '\0'))
83 val_end--;
85 if (val_end - val_start + 1 >= 0)
86 value = g_strndup(val_start, val_end - val_start + 1);
89 g_hash_table_replace(ret, name, value);
92 /* Find the start of the next token, if there is one */
93 if (*cur != '\0') {
94 cur++;
95 while (*cur == ' ' || *cur == ',' || *cur == '\t'
96 || *cur == '\r' || *cur == '\n')
97 cur++;
101 return ret;
104 static char *
105 generate_response_value(JabberID *jid, const char *passwd, const char *nonce,
106 const char *cnonce, const char *a2, const char *realm)
108 GChecksum *hash;
109 gsize digest_len = 16;
111 gchar *a1, *convnode=NULL, *convpasswd = NULL, *ha1, *ha2, *kd, *x, *z;
113 if((convnode = g_convert(jid->node, -1, "iso-8859-1", "utf-8",
114 NULL, NULL, NULL)) == NULL) {
115 convnode = g_strdup(jid->node);
117 if(passwd && ((convpasswd = g_convert(passwd, -1, "iso-8859-1",
118 "utf-8", NULL, NULL, NULL)) == NULL)) {
119 convpasswd = g_strdup(passwd);
122 hash = g_checksum_new(G_CHECKSUM_MD5);
124 x = g_strdup_printf("%s:%s:%s", convnode, realm, convpasswd ? convpasswd : "");
125 g_checksum_update(hash, (const guchar *)x, -1);
127 a1 = g_strdup_printf("xxxxxxxxxxxxxxxx:%s:%s", nonce, cnonce);
129 g_checksum_get_digest(hash, (guint8 *)a1, &digest_len);
130 g_checksum_free(hash);
132 ha1 = g_compute_checksum_for_string(G_CHECKSUM_MD5, a1, -1);
133 ha2 = g_compute_checksum_for_string(G_CHECKSUM_MD5, a2, -1);
135 kd = g_strdup_printf("%s:%s:00000001:%s:auth:%s", ha1, nonce, cnonce, ha2);
137 z = g_compute_checksum_for_string(G_CHECKSUM_MD5, kd, -1);
139 g_free(convnode);
140 g_free(convpasswd);
141 g_free(x);
142 g_free(a1);
143 g_free(ha1);
144 g_free(ha2);
145 g_free(kd);
147 return z;
150 static JabberSaslState
151 digest_md5_handle_challenge(JabberStream *js, PurpleXmlNode *packet,
152 PurpleXmlNode **response, char **msg)
154 PurpleXmlNode *reply = NULL;
155 char *enc_in = purple_xmlnode_get_data(packet);
156 char *dec_in;
157 char *enc_out;
158 gsize size = 0;
159 GHashTable *parts;
160 JabberSaslState state = JABBER_SASL_STATE_CONTINUE;
162 if (!enc_in) {
163 *msg = g_strdup(_("Invalid response from server"));
164 return JABBER_SASL_STATE_FAIL;
167 dec_in = (char *)g_base64_decode(enc_in, &size);
168 purple_debug_misc("jabber", "decoded challenge (%"
169 G_GSIZE_FORMAT "): %s\n",
170 size,
171 dec_in);
173 parts = jabber_auth_digest_md5_parse(dec_in);
175 if (g_hash_table_lookup(parts, "rspauth")) {
176 char *rspauth = g_hash_table_lookup(parts, "rspauth");
177 char *expected_rspauth = js->auth_mech_data;
179 if (rspauth && purple_strequal(rspauth, expected_rspauth)) {
180 reply = purple_xmlnode_new("response");
181 purple_xmlnode_set_namespace(reply, NS_XMPP_SASL);
182 } else {
183 *msg = g_strdup(_("Invalid challenge from server"));
184 state = JABBER_SASL_STATE_FAIL;
186 g_free(js->auth_mech_data);
187 js->auth_mech_data = NULL;
188 } else {
189 /* assemble a response, and send it */
190 /* see RFC 2831 */
191 char *realm;
192 char *nonce;
194 /* Make sure the auth string contains everything that should be there.
195 This isn't everything in RFC2831, but it is what we need. */
197 nonce = g_hash_table_lookup(parts, "nonce");
199 /* we're actually supposed to prompt the user for a realm if
200 * the server doesn't send one, but that really complicates things,
201 * so i'm not gonna worry about it until is poses a problem to
202 * someone, or I get really bored */
203 realm = g_hash_table_lookup(parts, "realm");
204 if(!realm)
205 realm = js->user->domain;
207 if (nonce == NULL || realm == NULL) {
208 *msg = g_strdup(_("Invalid challenge from server"));
209 state = JABBER_SASL_STATE_FAIL;
210 } else {
211 GString *response = g_string_new("");
212 char *a2;
213 char *auth_resp;
214 char *cnonce;
216 cnonce = g_strdup_printf("%x%u%x", g_random_int(), (int)time(NULL),
217 g_random_int());
219 a2 = g_strdup_printf("AUTHENTICATE:xmpp/%s", realm);
220 auth_resp = generate_response_value(js->user,
221 purple_connection_get_password(js->gc), nonce, cnonce, a2, realm);
222 g_free(a2);
224 a2 = g_strdup_printf(":xmpp/%s", realm);
225 js->auth_mech_data = generate_response_value(js->user,
226 purple_connection_get_password(js->gc), nonce, cnonce, a2, realm);
227 g_free(a2);
229 g_string_append_printf(response, "username=\"%s\"", js->user->node);
230 g_string_append_printf(response, ",realm=\"%s\"", realm);
231 g_string_append_printf(response, ",nonce=\"%s\"", nonce);
232 g_string_append_printf(response, ",cnonce=\"%s\"", cnonce);
233 g_string_append_printf(response, ",nc=00000001");
234 g_string_append_printf(response, ",qop=auth");
235 g_string_append_printf(response, ",digest-uri=\"xmpp/%s\"", realm);
236 g_string_append_printf(response, ",response=%s", auth_resp);
237 g_string_append_printf(response, ",charset=utf-8");
239 g_free(auth_resp);
240 g_free(cnonce);
242 enc_out = g_base64_encode((guchar *)response->str, response->len);
244 purple_debug_misc("jabber", "decoded response (%"
245 G_GSIZE_FORMAT "): %s\n",
246 response->len, response->str);
248 reply = purple_xmlnode_new("response");
249 purple_xmlnode_set_namespace(reply, NS_XMPP_SASL);
250 purple_xmlnode_insert_data(reply, enc_out, -1);
252 g_free(enc_out);
254 g_string_free(response, TRUE);
258 g_free(enc_in);
259 g_free(dec_in);
260 g_hash_table_destroy(parts);
262 *response = reply;
263 return state;
266 static void
267 digest_md5_dispose(JabberStream *js)
269 g_free(js->auth_mech_data);
270 js->auth_mech_data = NULL;
273 static JabberSaslMech digest_md5_mech = {
274 10, /* priority */
275 "DIGEST-MD5", /* name */
276 digest_md5_start,
277 digest_md5_handle_challenge,
278 NULL, /* handle_success */
279 NULL, /* handle_failure */
280 digest_md5_dispose,
283 JabberSaslMech *jabber_auth_get_digest_md5_mech(void)
285 return &digest_md5_mech;