subversion/libsvn_ra_svn/cram.c

   1 /*
   2  * cram.c :  Minimal standalone CRAM-MD5 implementation
   3  *
   4  * ====================================================================
   5  * Copyright (c) 2000-2004 CollabNet.  All rights reserved.
   6  *
   7  * This software is licensed as described in the file COPYING, which
   8  * you should have received as part of this distribution.  The terms
   9  * are also available at http://subversion.tigris.org/license-1.html.
  10  * If newer versions of this license are posted there, you may use a
  11  * newer version instead, at your option.
  12  *
  13  * This software consists of voluntary contributions made by many
  14  * individuals.  For exact contribution history, see the revision
  15  * history and logs, available at http://subversion.tigris.org/.
  16  * ====================================================================
  17  */
  18
  19
  20 \f
  21 #define APR_WANT_STRFUNC
  22 #define APR_WANT_STDIO
  23 #include <apr_want.h>
  24 #include <apr_general.h>
  25 #include <apr_strings.h>
  26 #include <apr_network_io.h>
  27 #include <apr_time.h>
  28 #include <apr_md5.h>
  29
  30 #include "svn_types.h"
  31 #include "svn_string.h"
  32 #include "svn_error.h"
  33 #include "svn_ra_svn.h"
  34 #include "svn_config.h"
  35 #include "svn_private_config.h"
  36
  37 #include "ra_svn.h"
  38
  39 static int hex_to_int(char c)
  40 {
  41   return (c >= '0' && c <= '9') ? c - '0'
  42     : (c >= 'a' && c <= 'f') ? c - 'a' + 10
  43     : -1;
  44 }
  45
  46 static char int_to_hex(int v)
  47 {
  48   return (v < 10) ? '0' + v : 'a' + (v - 10);
  49 }
  50
  51 static svn_boolean_t hex_decode(unsigned char *hashval, const char *hexval)
  52 {
  53   int i, h1, h2;
  54
  55   for (i = 0; i < APR_MD5_DIGESTSIZE; i++)
  56     {
  57       h1 = hex_to_int(hexval[2 * i]);
  58       h2 = hex_to_int(hexval[2 * i + 1]);
  59       if (h1 == -1 || h2 == -1)
  60         return FALSE;
  61       hashval[i] = (h1 << 4) | h2;
  62     }
  63   return TRUE;
  64 }
  65
  66 static void hex_encode(char *hexval, const unsigned char *hashval)
  67 {
  68   int i;
  69
  70   for (i = 0; i < APR_MD5_DIGESTSIZE; i++)
  71     {
  72       hexval[2 * i] = int_to_hex((hashval[i] >> 4) & 0xf);
  73       hexval[2 * i + 1] = int_to_hex(hashval[i] & 0xf);
  74     }
  75 }
  76
  77 static void compute_digest(unsigned char *digest, const char *challenge,
  78                            const char *password)
  79 {
  80   unsigned char secret[64];
  81   apr_size_t len = strlen(password), i;
  82   apr_md5_ctx_t ctx;
  83
  84   /* Munge the password into a 64-byte secret. */
  85   memset(secret, 0, sizeof(secret));
  86   if (len <= sizeof(secret))
  87     memcpy(secret, password, len);
  88   else
  89     apr_md5(secret, password, len);
  90
  91   /* Compute MD5(secret XOR opad, MD5(secret XOR ipad, challenge)),
  92    * where ipad is a string of 0x36 and opad is a string of 0x5c. */
  93   for (i = 0; i < sizeof(secret); i++)
  94     secret[i] ^= 0x36;
  95   apr_md5_init(&ctx);
  96   apr_md5_update(&ctx, secret, sizeof(secret));
  97   apr_md5_update(&ctx, challenge, strlen(challenge));
  98   apr_md5_final(digest, &ctx);
  99   for (i = 0; i < sizeof(secret); i++)
 100     secret[i] ^= (0x36 ^ 0x5c);
 101   apr_md5_init(&ctx);
 102   apr_md5_update(&ctx, secret, sizeof(secret));
 103   apr_md5_update(&ctx, digest, APR_MD5_DIGESTSIZE);
 104   apr_md5_final(digest, &ctx);
 105 }
 106
 107 /* Fail the authentication, from the server's perspective. */
 108 static svn_error_t *fail(svn_ra_svn_conn_t *conn, apr_pool_t *pool,
 109                          const char *msg)
 110 {
 111   SVN_ERR(svn_ra_svn_write_tuple(conn, pool, "w(c)", "failure", msg));
 112   return svn_ra_svn_flush(conn, pool);
 113 }
 114
 115 /* If we can, make the nonce with random bytes.  If we can't... well,
 116  * it just has to be different each time.  The current time isn't
 117  * absolutely guaranteed to be different for each connection, but it
 118  * should prevent replay attacks in practice. */
 119 static apr_status_t make_nonce(apr_uint64_t *nonce)
 120 {
 121 #if APR_HAS_RANDOM
 122   return apr_generate_random_bytes((unsigned char *) nonce, sizeof(*nonce));
 123 #else
 124   *nonce = apr_time_now();
 125   return APR_SUCCESS;
 126 #endif
 127 }
 128
 129 svn_error_t *svn_ra_svn_cram_server(svn_ra_svn_conn_t *conn, apr_pool_t *pool,
 130                                     svn_config_t *pwdb, const char **user,
 131                                     svn_boolean_t *success)
 132 {
 133   apr_status_t status;
 134   apr_uint64_t nonce;
 135   char hostbuf[APRMAXHOSTLEN + 1];
 136   unsigned char cdigest[APR_MD5_DIGESTSIZE], sdigest[APR_MD5_DIGESTSIZE];
 137   const char *challenge, *sep, *password;
 138   svn_ra_svn_item_t *item;
 139   svn_string_t *resp;
 140
 141   *success = FALSE;
 142
 143   /* Send a challenge. */
 144   status = make_nonce(&nonce);
 145   if (!status)
 146     status = apr_gethostname(hostbuf, sizeof(hostbuf), pool);
 147   if (status)
 148     return fail(conn, pool, "Internal server error in authentication");
 149   challenge = apr_psprintf(pool,
 150                            "<%" APR_UINT64_T_FMT ".%" APR_TIME_T_FMT "@%s>",
 151                            nonce, apr_time_now(), hostbuf);
 152   SVN_ERR(svn_ra_svn_write_tuple(conn, pool, "w(c)", "step", challenge));
 153
 154   /* Read the client's response and decode it into *user and cdigest. */
 155   SVN_ERR(svn_ra_svn_read_item(conn, pool, &item));
 156   if (item->kind != SVN_RA_SVN_STRING)  /* Very wrong; don't report failure */
 157     return SVN_NO_ERROR;
 158   resp = item->u.string;
 159   sep = strrchr(resp->data, ' ');
 160   if (!sep || resp->len - (sep + 1 - resp->data) != APR_MD5_DIGESTSIZE * 2
 161       || !hex_decode(cdigest, sep + 1))
 162     return fail(conn, pool, "Malformed client response in authentication");
 163   *user = apr_pstrmemdup(pool, resp->data, sep - resp->data);
 164
 165   /* Verify the digest against the password in pwfile. */
 166   svn_config_get(pwdb, &password, SVN_CONFIG_SECTION_USERS, *user, NULL);
 167   if (!password)
 168     return fail(conn, pool, "Username not found");
 169   compute_digest(sdigest, challenge, password);
 170   if (memcmp(cdigest, sdigest, sizeof(sdigest)) != 0)
 171     return fail(conn, pool, "Password incorrect");
 172
 173   *success = TRUE;
 174   return svn_ra_svn_write_tuple(conn, pool, "w()", "success");
 175 }
 176
 177 svn_error_t *svn_ra_svn__cram_client(svn_ra_svn_conn_t *conn, apr_pool_t *pool,
 178                                      const char *user, const char *password,
 179                                      const char **message)
 180 {
 181   const char *status, *str, *reply;
 182   unsigned char digest[APR_MD5_DIGESTSIZE];
 183   char hex[2 * APR_MD5_DIGESTSIZE + 1];
 184
 185   /* Read the server challenge. */
 186   SVN_ERR(svn_ra_svn_read_tuple(conn, pool, "w(?c)", &status, &str));
 187   if (strcmp(status, "failure") == 0 && str)
 188     {
 189       *message = str;
 190       return SVN_NO_ERROR;
 191     }
 192   else if (strcmp(status, "step") != 0 || !str)
 193     return svn_error_create(SVN_ERR_RA_NOT_AUTHORIZED, NULL,
 194                             _("Unexpected server response to authentication"));
 195
 196   /* Write our response. */
 197   compute_digest(digest, str, password);
 198   hex_encode(hex, digest);
 199   hex[sizeof(hex) - 1] = '\0';
 200   reply = apr_psprintf(pool, "%s %s", user, hex);
 201   SVN_ERR(svn_ra_svn_write_cstring(conn, pool, reply));
 202
 203   /* Read the success or failure response from the server. */
 204   SVN_ERR(svn_ra_svn_read_tuple(conn, pool, "w(?c)", &status, &str));
 205   if (strcmp(status, "failure") == 0 && str)
 206     {
 207       *message = str;
 208       return SVN_NO_ERROR;
 209     }
 210   else if (strcmp(status, "success") != 0 || str)
 211     return svn_error_create(SVN_ERR_RA_NOT_AUTHORIZED, NULL,
 212                             _("Unexpected server response to authentication"));
 213
 214   *message = NULL;
 215   return SVN_NO_ERROR;
 216 }