1 /* DIGEST-MD5 SASL plugin
6 * $Id: digestmd5.c,v 1.180 2006/04/26 17:39:26 mel Exp $
9 * Copyright (c) 1998-2003 Carnegie Mellon University. All rights reserved.
11 * Redistribution and use in source and binary forms, with or without
12 * modification, are permitted provided that the following conditions
15 * 1. Redistributions of source code must retain the above copyright
16 * notice, this list of conditions and the following disclaimer.
18 * 2. Redistributions in binary form must reproduce the above copyright
19 * notice, this list of conditions and the following disclaimer in
20 * the documentation and/or other materials provided with the
23 * 3. The name "Carnegie Mellon University" must not be used to
24 * endorse or promote products derived from this software without
25 * prior written permission. For permission or any other legal
26 * details, please contact
27 * Office of Technology Transfer
28 * Carnegie Mellon University
30 * Pittsburgh, PA 15213-3890
31 * (412) 268-4387, fax: (412) 268-7395
32 * tech-transfer@andrew.cmu.edu
34 * 4. Redistributions of any form whatsoever must retain the following
36 * "This product includes software developed by Computing Services
37 * at Carnegie Mellon University (http://www.cmu.edu/computing/)."
39 * CARNEGIE MELLON UNIVERSITY DISCLAIMS ALL WARRANTIES WITH REGARD TO
40 * THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
41 * AND FITNESS, IN NO EVENT SHALL CARNEGIE MELLON UNIVERSITY BE LIABLE
42 * FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
43 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN
44 * AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING
45 * OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
54 #include <sys/types.h>
63 # include <openssl/des.h>
64 # include <openssl/opensslv.h>
65 # if (OPENSSL_VERSION_NUMBER >= 0x0090700f) && \
66 !defined(OPENSSL_ENABLE_OLD_DES_SUPPORT)
67 # define des_cblock DES_cblock
68 # define des_key_schedule DES_key_schedule
69 # define des_key_sched(k,ks) \
70 DES_key_sched((k),&(ks))
71 # define des_cbc_encrypt(i,o,l,k,iv,e) \
72 DES_cbc_encrypt((i),(o),(l),&(k),(iv),(e))
73 # define des_ede2_cbc_encrypt(i,o,l,k1,k2,iv,e) \
74 DES_ede2_cbc_encrypt((i),(o),(l),&(k1),&(k2),(iv),(e))
75 # endif /* OpenSSL 0.9.7+ w/o old DES support */
76 # else /* system DES library */
84 # include <winsock2.h>
86 # include <netinet/in.h>
92 #include "plugin_common.h"
95 extern int strcasecmp(const char *s1, const char *s2);
96 #endif /* end WIN32 */
99 #include <sasl_md5_plugin_decl.h>
102 /* external definitions */
105 /* gotta define gethostname ourselves on suns */
106 extern int gethostname(char *, int);
116 /* MAX_UIN32_DIV_10 * 10 + MAX_UIN32_MOD_10 == 2^32-1 == 4294967295 */
117 #define MAX_UIN32_DIV_10 429496729
118 #define MAX_UIN32_MOD_10 5
120 #define DEFAULT_BUFSIZE 0xFFFF
121 #define MAX_SASL_BUFSIZE 0xFFFFFF
123 /***************************** Common Section *****************************/
125 static const char plugin_id[] = "$Id: digestmd5.c,v 1.180 2006/04/26 17:39:26 mel Exp $";
128 #define NONCE_SIZE (32) /* arbitrary */
131 #define DIGEST_NOLAYER (1)
132 #define DIGEST_INTEGRITY (2)
133 #define DIGEST_PRIVACY (4)
137 typedef unsigned char HASH[HASHLEN + 1];
138 #define HASHHEXLEN 32
139 typedef unsigned char HASHHEX[HASHHEXLEN + 1];
144 const char *SEALING_CLIENT_SERVER="Digest H(A1) to client-to-server sealing key magic constant";
145 const char *SEALING_SERVER_CLIENT="Digest H(A1) to server-to-client sealing key magic constant";
147 const char *SIGNING_CLIENT_SERVER="Digest session key to client-to-server signing key magic constant";
148 const char *SIGNING_SERVER_CLIENT="Digest session key to server-to-client signing key magic constant";
156 #define NEED_ESCAPING "\"\\"
158 #define REALM_CHAL_PREFIX "Available realms:"
160 static char *quote (char *str);
164 /* function definitions for cipher encode/decode */
165 typedef int cipher_function_t(struct context *,
172 typedef int cipher_init_t(struct context *, unsigned char [16],
174 typedef void cipher_free_t(struct context *);
176 enum Context_type { SERVER = 0, CLIENT = 1 };
178 typedef struct cipher_context cipher_context_t;
180 /* cached auth info used for fast reauth */
181 typedef struct reauth_entry {
184 unsigned char *nonce;
185 unsigned int nonce_count;
186 unsigned char *cnonce;
191 } s; /* server stuff */
196 struct digest_cipher *cipher;
197 unsigned long server_maxbuf;
198 } c; /* client stuff */
202 typedef struct reauth_cache {
204 enum Context_type i_am; /* are we the client or server? */
209 reauth_entry_t *e; /* fixed-size hash table of entries */
212 /* global context for reauth use */
213 typedef struct digest_glob_context {
214 reauth_cache_t *reauth;
215 } digest_glob_context_t;
217 /* context that stores info */
218 typedef struct context {
219 int state; /* state in the authentication we are in */
220 enum Context_type i_am; /* are we the client or server? */
222 reauth_cache_t *reauth;
226 unsigned char *nonce;
227 unsigned int nonce_count;
228 unsigned char *cnonce;
230 /* only used by the client */
234 char *response_value;
237 unsigned int rec_seqnum; /* for checking integrity */
242 HASH HA1; /* Kcc or Kcs */
244 /* copy of utils from the params structures */
245 const sasl_utils_t *utils;
247 /* For general use */
249 unsigned out_buf_len;
251 /* for encoding/decoding */
252 buffer_info_t *enc_in_buf;
253 char *encode_buf, *decode_buf, *decode_packet_buf;
254 unsigned encode_buf_len, decode_buf_len, decode_packet_buf_len;
256 decode_context_t decode_context;
258 /* if privacy mode is used use these functions for encode and decode */
259 cipher_function_t *cipher_enc;
260 cipher_function_t *cipher_dec;
261 cipher_init_t *cipher_init;
262 cipher_free_t *cipher_free;
263 struct cipher_context *cipher_enc_context;
264 struct cipher_context *cipher_dec_context;
267 struct digest_cipher {
270 int n; /* bits to make privacy key */
271 int flag; /* a bitmask to make things easier for us */
273 cipher_function_t *cipher_enc;
274 cipher_function_t *cipher_dec;
275 cipher_init_t *cipher_init;
276 cipher_free_t *cipher_free;
279 static const unsigned char *COLON = ":";
281 /* Hashes a string to produce an unsigned short */
282 static unsigned hash(const char *str)
287 while (str && *str) {
297 static void CvtHex(HASH Bin, HASHHEX Hex)
302 for (i = 0; i < HASHLEN; i++) {
303 j = (Bin[i] >> 4) & 0xf;
305 Hex[i * 2] = (j + '0');
307 Hex[i * 2] = (j + 'a' - 10);
310 Hex[i * 2 + 1] = (j + '0');
312 Hex[i * 2 + 1] = (j + 'a' - 10);
314 Hex[HASHHEXLEN] = '\0';
318 * calculate request-digest/response-digest as per HTTP Digest spec
321 DigestCalcResponse(const sasl_utils_t * utils,
322 HASHHEX HA1, /* HEX(H(A1)) */
323 unsigned char *pszNonce, /* nonce from server */
324 unsigned int pszNonceCount, /* 8 hex digits */
325 unsigned char *pszCNonce, /* client nonce */
326 unsigned char *pszQop, /* qop-value: "", "auth",
328 unsigned char *pszDigestUri, /* requested URL */
329 unsigned char *pszMethod,
330 HASHHEX HEntity, /* H(entity body) if qop="auth-int" */
331 HASHHEX Response /* request-digest or response-digest */
340 /* calculate H(A2) */
341 utils->MD5Init(&Md5Ctx);
343 if (pszMethod != NULL) {
344 utils->MD5Update(&Md5Ctx, pszMethod, strlen((char *) pszMethod));
346 utils->MD5Update(&Md5Ctx, (unsigned char *) COLON, 1);
348 /* utils->MD5Update(&Md5Ctx, (unsigned char *) "AUTHENTICATE:", 13); */
349 utils->MD5Update(&Md5Ctx, pszDigestUri, strlen((char *) pszDigestUri));
350 if (strcasecmp((char *) pszQop, "auth") != 0) {
351 /* append ":00000000000000000000000000000000" */
352 utils->MD5Update(&Md5Ctx, COLON, 1);
353 utils->MD5Update(&Md5Ctx, HEntity, HASHHEXLEN);
355 utils->MD5Final(HA2, &Md5Ctx);
358 /* calculate response */
359 utils->MD5Init(&Md5Ctx);
360 utils->MD5Update(&Md5Ctx, HA1, HASHHEXLEN);
361 utils->MD5Update(&Md5Ctx, COLON, 1);
362 utils->MD5Update(&Md5Ctx, pszNonce, strlen((char *) pszNonce));
363 utils->MD5Update(&Md5Ctx, COLON, 1);
365 sprintf(ncvalue, "%08x", pszNonceCount);
366 utils->MD5Update(&Md5Ctx, ncvalue, strlen(ncvalue));
367 utils->MD5Update(&Md5Ctx, COLON, 1);
368 utils->MD5Update(&Md5Ctx, pszCNonce, strlen((char *) pszCNonce));
369 utils->MD5Update(&Md5Ctx, COLON, 1);
370 utils->MD5Update(&Md5Ctx, pszQop, strlen((char *) pszQop));
371 utils->MD5Update(&Md5Ctx, COLON, 1);
373 utils->MD5Update(&Md5Ctx, HA2Hex, HASHHEXLEN);
374 utils->MD5Final(RespHash, &Md5Ctx);
375 CvtHex(RespHash, Response);
378 static bool UTF8_In_8859_1(const unsigned char *base, int len)
380 const unsigned char *scan, *end;
383 for (scan = base; scan < end; ++scan) {
385 break; /* abort if outside 8859-1 */
386 if (*scan >= 0xC0 && *scan <= 0xC3) {
387 if (++scan == end || *scan < 0x80 || *scan > 0xBF)
392 /* if scan >= end, then this is a 8859-1 string. */
393 return (scan >= end);
397 * if the string is entirely in the 8859-1 subset of UTF-8, then translate to
398 * 8859-1 prior to MD5
400 static void MD5_UTF8_8859_1(const sasl_utils_t * utils,
403 const unsigned char *base,
406 const unsigned char *scan, *end;
411 /* if we found a character outside 8859-1, don't alter string */
412 if (!In_ISO_8859_1) {
413 utils->MD5Update(ctx, base, len);
416 /* convert to 8859-1 prior to applying hash */
418 for (scan = base; scan < end && *scan < 0xC0; ++scan);
420 utils->MD5Update(ctx, base, scan - base);
423 cbuf = ((scan[0] & 0x3) << 6) | (scan[1] & 0x3f);
424 utils->MD5Update(ctx, &cbuf, 1);
430 static void DigestCalcSecret(const sasl_utils_t * utils,
431 unsigned char *pszUserName,
432 unsigned char *pszRealm,
433 unsigned char *Password,
441 /* Chris Newman clarified that the following text in DIGEST-MD5 spec
442 is bogus: "if name and password are both in ISO 8859-1 charset"
443 We shoud use code example instead */
445 utils->MD5Init(&Md5Ctx);
447 /* We have to convert UTF-8 to ISO-8859-1 if possible */
448 In_8859_1 = UTF8_In_8859_1(pszUserName, strlen((char *) pszUserName));
449 MD5_UTF8_8859_1(utils, &Md5Ctx, In_8859_1,
450 pszUserName, strlen((char *) pszUserName));
452 utils->MD5Update(&Md5Ctx, COLON, 1);
454 /* a NULL realm is equivalent to the empty string */
455 if (pszRealm != NULL && pszRealm[0] != '\0') {
456 /* We have to convert UTF-8 to ISO-8859-1 if possible */
457 In_8859_1 = UTF8_In_8859_1(pszRealm, strlen((char *) pszRealm));
458 MD5_UTF8_8859_1(utils, &Md5Ctx, In_8859_1,
459 pszRealm, strlen((char *) pszRealm));
462 utils->MD5Update(&Md5Ctx, COLON, 1);
464 /* We have to convert UTF-8 to ISO-8859-1 if possible */
465 In_8859_1 = UTF8_In_8859_1(Password, PasswordLen);
466 MD5_UTF8_8859_1(utils, &Md5Ctx, In_8859_1,
467 Password, PasswordLen);
469 utils->MD5Final(HA1, &Md5Ctx);
472 static unsigned char *create_nonce(const sasl_utils_t * utils)
474 unsigned char *base64buf;
477 char *ret = (char *) utils->malloc(NONCE_SIZE);
481 utils->rand(utils->rpool, (char *) ret, NONCE_SIZE);
483 /* base 64 encode it so it has valid chars */
484 base64len = (NONCE_SIZE * 4 / 3) + (NONCE_SIZE % 3 ? 4 : 0);
486 base64buf = (unsigned char *) utils->malloc(base64len + 1);
487 if (base64buf == NULL) {
488 utils->seterror(utils->conn, 0, "Unable to allocate final buffer");
493 * Returns SASL_OK on success, SASL_BUFOVER if result won't fit
495 if (utils->encode64(ret, NONCE_SIZE,
496 (char *) base64buf, base64len, NULL) != SASL_OK) {
505 static int add_to_challenge(const sasl_utils_t *utils,
506 char **str, unsigned *buflen, unsigned *curlen,
508 unsigned char *value,
511 int namesize = strlen(name);
512 int valuesize = strlen((char *) value);
515 ret = _plug_buf_alloc(utils, str, buflen,
516 *curlen + 1 + namesize + 2 + valuesize + 2);
517 if(ret != SASL_OK) return ret;
529 /* Check if the value needs quoting */
530 if (strpbrk ((char *)value, NEED_ESCAPING) != NULL) {
531 char * quoted = quote ((char *) value);
532 valuesize = strlen(quoted);
533 /* As the quoted string is bigger, make sure we have enough
535 ret = _plug_buf_alloc(utils, str, buflen,
536 *curlen + 1 + namesize + 2 + valuesize + 2);
537 if (ret == SASL_OK) {
538 strcat(*str, quoted);
545 strcat(*str, (char *) value);
550 strcat(*str, (char *) value);
553 *curlen = *curlen + 1 + namesize + 2 + valuesize + 2;
557 static char *skip_lws (char *s)
561 /* skipping spaces: */
562 while (s[0] == ' ' || s[0] == HT || s[0] == CR || s[0] == LF) {
563 if (s[0] == '\0') break;
570 /* Same as skip_lws, but do this right to left */
571 /* skip LWSP at the end of the value (if any), skip_r_lws returns pointer to
572 the first LWSP character, NUL (if there were none) or NULL if the value
573 is entirely from LWSP characters */
574 static char *skip_r_lws (char *s)
582 if (len == 0) return NULL;
584 /* the last character before terminating NUL */
587 /* skipping spaces: */
588 while (end > s && (end[0] == ' ' || end[0] == HT || end[0] == CR || end[0] == LF)) {
592 /* If all string from spaces, return NULL */
593 if (end == s && (end[0] == ' ' || end[0] == HT || end[0] == CR || end[0] == LF)) {
600 static char *skip_token (char *s, int caseinsensitive)
605 if (s[0]==DEL || s[0]=='(' || s[0]==')' || s[0]=='<' || s[0]=='>' ||
606 s[0]=='@' || s[0]==',' || s[0]==';' || s[0]==':' || s[0]=='\\' ||
607 s[0]=='\'' || s[0]=='/' || s[0]=='[' || s[0]==']' || s[0]== '?' ||
608 s[0]=='=' || s[0]== '{' || s[0]== '}') {
609 if (caseinsensitive == 1) {
610 if (!isupper((unsigned char) s[0]))
621 /* Convert a string to 32 bit unsigned integer.
622 Any number of trailing spaces is allowed, but not a string
623 entirely comprised of spaces */
624 static bool str2ul32 (char *str, unsigned long * value)
635 str = skip_lws (str);
636 if (str[0] == '\0') {
641 while (str[0] != '\0') {
643 if (!isdigit((int)c)) {
647 /* Will overflow after adding additional digit */
648 if (n > MAX_UIN32_DIV_10) {
650 } else if (n == MAX_UIN32_DIV_10 && ((unsigned) (c - '0') > MAX_UIN32_MOD_10)) {
654 n = n * 10 + (unsigned) (c - '0');
662 /* NULL - error (unbalanced quotes),
663 otherwise pointer to the first character after the value.
664 The function performs work in place. */
665 static char *unquote (char *qstr)
671 if(!qstr) return NULL;
673 if (qstr[0] == '"') {
677 for (endvalue = qstr; endvalue[0] != '\0'; endvalue++, outptr++) {
679 outptr[0] = endvalue[0];
682 else if (endvalue[0] == '\\') {
684 outptr--; /* Will be incremented at the end of the loop */
686 else if (endvalue[0] == '"') {
690 outptr[0] = endvalue[0];
694 if (endvalue[0] != '"') {
698 while (outptr <= endvalue) {
704 else { /* not qouted value (token) */
705 /* qstr already contains output */
706 endvalue = skip_token(qstr,0);
712 /* Unlike unquote, this function returns an allocated quoted copy */
713 static char *quote (char *str)
718 int num_to_escape; /* How many characters need escaping */
720 if (!str) return NULL;
723 p = strpbrk (str, NEED_ESCAPING);
726 p = strpbrk (p + 1, NEED_ESCAPING);
729 if (num_to_escape == 0) {
730 return (strdup (str));
733 result = malloc (strlen(str) + num_to_escape + 1);
734 for (p = str, outp = result; *p; p++) {
735 if (*p == '"' || *p == '\\') {
748 static void get_pair(char **in, char **name, char **value)
756 if (curp == NULL) return;
757 if (curp[0] == '\0') return;
759 /* skipping spaces: */
760 curp = skip_lws(curp);
764 curp = skip_token(curp,1);
766 /* strip wierd chars */
767 if (curp[0] != '=' && curp[0] != '\0') {
771 curp = skip_lws(curp);
773 if (curp[0] != '=') { /* No '=' sign */
781 curp = skip_lws(curp);
783 *value = (curp[0] == '"') ? curp+1 : curp;
785 endpair = unquote (curp);
786 if (endpair == NULL) { /* Unbalanced quotes */
790 if (endpair[0] != ',') {
791 if (endpair[0]!='\0') {
796 endpair = skip_lws(endpair);
798 /* syntax check: MUST be '\0' or ',' */
799 if (endpair[0] == ',') {
801 endpair++; /* skipping <,> */
802 } else if (endpair[0] != '\0') {
811 struct des_context_s {
812 des_key_schedule keysched; /* key schedule for des initialization */
813 des_cblock ivec; /* initial vector for encoding */
814 des_key_schedule keysched2; /* key schedule for 3des initialization */
817 typedef struct des_context_s des_context_t;
819 /* slide the first 7 bytes of 'inbuf' into the high seven bits of the
820 first 8 bytes of 'keybuf'. 'keybuf' better be 8 bytes long or longer. */
821 static void slidebits(unsigned char *keybuf, unsigned char *inbuf)
823 keybuf[0] = inbuf[0];
824 keybuf[1] = (inbuf[0]<<7) | (inbuf[1]>>1);
825 keybuf[2] = (inbuf[1]<<6) | (inbuf[2]>>2);
826 keybuf[3] = (inbuf[2]<<5) | (inbuf[3]>>3);
827 keybuf[4] = (inbuf[3]<<4) | (inbuf[4]>>4);
828 keybuf[5] = (inbuf[4]<<3) | (inbuf[5]>>5);
829 keybuf[6] = (inbuf[5]<<2) | (inbuf[6]>>6);
830 keybuf[7] = (inbuf[6]<<1);
833 /******************************
837 *****************************/
839 static int dec_3des(context_t *text,
842 unsigned char digest[16] __attribute__((unused)),
846 des_context_t *c = (des_context_t *) text->cipher_dec_context;
849 des_ede2_cbc_encrypt((void *) input,
857 /* now chop off the padding */
858 padding = output[inputlen - 11];
859 if (padding < 1 || padding > 8) {
860 /* invalid padding length */
863 /* verify all padding is correct */
864 for (p = 1; p <= padding; p++) {
865 if (output[inputlen - 10 - p] != padding) {
870 /* chop off the padding */
871 *outputlen = inputlen - padding - 10;
876 static int enc_3des(context_t *text,
879 unsigned char digest[16],
883 des_context_t *c = (des_context_t *) text->cipher_enc_context;
887 /* determine padding length */
888 paddinglen = 8 - ((inputlen + 10) % 8);
890 /* now construct the full stuff to be ciphered */
891 memcpy(output, input, inputlen); /* text */
892 memset(output+inputlen, paddinglen, paddinglen);/* pad */
893 memcpy(output+inputlen+paddinglen, digest, 10); /* hmac */
895 len=inputlen+paddinglen+10;
897 des_ede2_cbc_encrypt((void *) output,
910 static int init_3des(context_t *text,
911 unsigned char enckey[16],
912 unsigned char deckey[16])
915 unsigned char keybuf[8];
917 /* allocate enc & dec context */
918 c = (des_context_t *) text->utils->malloc(2 * sizeof(des_context_t));
919 if (c == NULL) return SASL_NOMEM;
921 /* setup enc context */
922 slidebits(keybuf, enckey);
923 if (des_key_sched((des_cblock *) keybuf, c->keysched) < 0)
926 slidebits(keybuf, enckey + 7);
927 if (des_key_sched((des_cblock *) keybuf, c->keysched2) < 0)
929 memcpy(c->ivec, ((char *) enckey) + 8, 8);
931 text->cipher_enc_context = (cipher_context_t *) c;
933 /* setup dec context */
935 slidebits(keybuf, deckey);
936 if (des_key_sched((des_cblock *) keybuf, c->keysched) < 0)
939 slidebits(keybuf, deckey + 7);
940 if (des_key_sched((des_cblock *) keybuf, c->keysched2) < 0)
943 memcpy(c->ivec, ((char *) deckey) + 8, 8);
945 text->cipher_dec_context = (cipher_context_t *) c;
951 /******************************
955 *****************************/
957 static int dec_des(context_t *text,
960 unsigned char digest[16] __attribute__((unused)),
964 des_context_t *c = (des_context_t *) text->cipher_dec_context;
967 des_cbc_encrypt((void *) input,
974 /* Update the ivec (des_cbc_encrypt implementations tend to be broken in
976 memcpy(c->ivec, input + (inputlen - 8), 8);
978 /* now chop off the padding */
979 padding = output[inputlen - 11];
980 if (padding < 1 || padding > 8) {
981 /* invalid padding length */
984 /* verify all padding is correct */
985 for (p = 1; p <= padding; p++) {
986 if (output[inputlen - 10 - p] != padding) {
991 /* chop off the padding */
992 *outputlen = inputlen - padding - 10;
997 static int enc_des(context_t *text,
1000 unsigned char digest[16],
1002 unsigned *outputlen)
1004 des_context_t *c = (des_context_t *) text->cipher_enc_context;
1008 /* determine padding length */
1009 paddinglen = 8 - ((inputlen+10) % 8);
1011 /* now construct the full stuff to be ciphered */
1012 memcpy(output, input, inputlen); /* text */
1013 memset(output+inputlen, paddinglen, paddinglen);/* pad */
1014 memcpy(output+inputlen+paddinglen, digest, 10); /* hmac */
1016 len = inputlen + paddinglen + 10;
1018 des_cbc_encrypt((void *) output,
1025 /* Update the ivec (des_cbc_encrypt implementations tend to be broken in
1027 memcpy(c->ivec, output + (len - 8), 8);
1034 static int init_des(context_t *text,
1035 unsigned char enckey[16],
1036 unsigned char deckey[16])
1039 unsigned char keybuf[8];
1041 /* allocate enc context */
1042 c = (des_context_t *) text->utils->malloc(2 * sizeof(des_context_t));
1043 if (c == NULL) return SASL_NOMEM;
1045 /* setup enc context */
1046 slidebits(keybuf, enckey);
1047 des_key_sched((des_cblock *) keybuf, c->keysched);
1049 memcpy(c->ivec, ((char *) enckey) + 8, 8);
1051 text->cipher_enc_context = (cipher_context_t *) c;
1053 /* setup dec context */
1055 slidebits(keybuf, deckey);
1056 des_key_sched((des_cblock *) keybuf, c->keysched);
1058 memcpy(c->ivec, ((char *) deckey) + 8, 8);
1060 text->cipher_dec_context = (cipher_context_t *) c;
1065 static void free_des(context_t *text)
1067 /* free des contextss. only cipher_enc_context needs to be free'd,
1068 since cipher_dec_context was allocated at the same time. */
1069 if (text->cipher_enc_context) text->utils->free(text->cipher_enc_context);
1072 #endif /* WITH_DES */
1075 /* quick generic implementation of RC4 */
1076 struct rc4_context_s {
1077 unsigned char sbox[256];
1081 typedef struct rc4_context_s rc4_context_t;
1083 static void rc4_init(rc4_context_t *text,
1084 const unsigned char *key,
1089 /* fill in linearly s0=0 s1=1... */
1094 for (i = 0; i < 256; i++) {
1096 /* j = (j + Si + Ki) mod 256 */
1097 j = (j + text->sbox[i] + key[i % keylen]) % 256;
1099 /* swap Si and Sj */
1100 tmp = text->sbox[i];
1101 text->sbox[i] = text->sbox[j];
1102 text->sbox[j] = tmp;
1105 /* counters initialized to 0 */
1110 static void rc4_encrypt(rc4_context_t *text,
1120 const char *input_end = input + len;
1122 while (input < input_end) {
1125 j = (j + text->sbox[i]) % 256;
1127 /* swap Si and Sj */
1128 tmp = text->sbox[i];
1129 text->sbox[i] = text->sbox[j];
1130 text->sbox[j] = tmp;
1132 t = (text->sbox[i] + text->sbox[j]) % 256;
1136 /* byte K is Xor'ed with plaintext */
1137 *output++ = *input++ ^ K;
1144 static void rc4_decrypt(rc4_context_t *text,
1154 const char *input_end = input + len;
1156 while (input < input_end) {
1159 j = (j + text->sbox[i]) % 256;
1161 /* swap Si and Sj */
1162 tmp = text->sbox[i];
1163 text->sbox[i] = text->sbox[j];
1164 text->sbox[j] = tmp;
1166 t = (text->sbox[i] + text->sbox[j]) % 256;
1170 /* byte K is Xor'ed with plaintext */
1171 *output++ = *input++ ^ K;
1178 static void free_rc4(context_t *text)
1180 /* free rc4 context structures */
1182 if(text->cipher_enc_context) text->utils->free(text->cipher_enc_context);
1183 if(text->cipher_dec_context) text->utils->free(text->cipher_dec_context);
1186 static int init_rc4(context_t *text,
1187 unsigned char enckey[16],
1188 unsigned char deckey[16])
1190 /* allocate rc4 context structures */
1191 text->cipher_enc_context=
1192 (cipher_context_t *) text->utils->malloc(sizeof(rc4_context_t));
1193 if (text->cipher_enc_context == NULL) return SASL_NOMEM;
1195 text->cipher_dec_context=
1196 (cipher_context_t *) text->utils->malloc(sizeof(rc4_context_t));
1197 if (text->cipher_dec_context == NULL) return SASL_NOMEM;
1199 /* initialize them */
1200 rc4_init((rc4_context_t *) text->cipher_enc_context,
1201 (const unsigned char *) enckey, 16);
1202 rc4_init((rc4_context_t *) text->cipher_dec_context,
1203 (const unsigned char *) deckey, 16);
1208 static int dec_rc4(context_t *text,
1211 unsigned char digest[16] __attribute__((unused)),
1213 unsigned *outputlen)
1215 /* decrypt the text part & HMAC */
1216 rc4_decrypt((rc4_context_t *) text->cipher_dec_context,
1217 input, output, inputlen);
1219 /* no padding so we just subtract the HMAC to get the text length */
1220 *outputlen = inputlen - 10;
1225 static int enc_rc4(context_t *text,
1228 unsigned char digest[16],
1230 unsigned *outputlen)
1233 *outputlen = inputlen+10;
1235 /* encrypt the text part */
1236 rc4_encrypt((rc4_context_t *) text->cipher_enc_context,
1241 /* encrypt the HMAC part */
1242 rc4_encrypt((rc4_context_t *) text->cipher_enc_context,
1243 (const char *) digest,
1244 (output)+inputlen, 10);
1249 #endif /* WITH_RC4 */
1251 struct digest_cipher available_ciphers[] =
1254 { "rc4-40", 40, 5, 0x01, &enc_rc4, &dec_rc4, &init_rc4, &free_rc4 },
1255 { "rc4-56", 56, 7, 0x02, &enc_rc4, &dec_rc4, &init_rc4, &free_rc4 },
1256 { "rc4", 128, 16, 0x04, &enc_rc4, &dec_rc4, &init_rc4, &free_rc4 },
1259 { "des", 55, 16, 0x08, &enc_des, &dec_des, &init_des, &free_des },
1260 { "3des", 112, 16, 0x10, &enc_3des, &dec_3des, &init_3des, &free_des },
1262 { NULL, 0, 0, 0, NULL, NULL, NULL, NULL }
1265 static int create_layer_keys(context_t *text,
1266 const sasl_utils_t *utils,
1267 HASH key, int keylen,
1268 char enckey[16], char deckey[16])
1272 utils->MD5Init(&Md5Ctx);
1273 utils->MD5Update(&Md5Ctx, key, keylen);
1274 if (text->i_am == SERVER) {
1275 utils->MD5Update(&Md5Ctx, (const unsigned char *) SEALING_SERVER_CLIENT,
1276 strlen(SEALING_SERVER_CLIENT));
1278 utils->MD5Update(&Md5Ctx, (const unsigned char *) SEALING_CLIENT_SERVER,
1279 strlen(SEALING_CLIENT_SERVER));
1281 utils->MD5Final((unsigned char *) enckey, &Md5Ctx);
1283 utils->MD5Init(&Md5Ctx);
1284 utils->MD5Update(&Md5Ctx, key, keylen);
1285 if (text->i_am != SERVER) {
1286 utils->MD5Update(&Md5Ctx, (const unsigned char *)SEALING_SERVER_CLIENT,
1287 strlen(SEALING_SERVER_CLIENT));
1289 utils->MD5Update(&Md5Ctx, (const unsigned char *)SEALING_CLIENT_SERVER,
1290 strlen(SEALING_CLIENT_SERVER));
1292 utils->MD5Final((unsigned char *) deckey, &Md5Ctx);
1294 /* create integrity keys */
1296 utils->MD5Init(&Md5Ctx);
1297 utils->MD5Update(&Md5Ctx, text->HA1, HASHLEN);
1298 if (text->i_am == SERVER) {
1299 utils->MD5Update(&Md5Ctx, (const unsigned char *)SIGNING_SERVER_CLIENT,
1300 strlen(SIGNING_SERVER_CLIENT));
1302 utils->MD5Update(&Md5Ctx, (const unsigned char *)SIGNING_CLIENT_SERVER,
1303 strlen(SIGNING_CLIENT_SERVER));
1305 utils->MD5Final(text->Ki_send, &Md5Ctx);
1308 utils->MD5Init(&Md5Ctx);
1309 utils->MD5Update(&Md5Ctx, text->HA1, HASHLEN);
1310 if (text->i_am != SERVER) {
1311 utils->MD5Update(&Md5Ctx, (const unsigned char *)SIGNING_SERVER_CLIENT,
1312 strlen(SIGNING_SERVER_CLIENT));
1314 utils->MD5Update(&Md5Ctx, (const unsigned char *)SIGNING_CLIENT_SERVER,
1315 strlen(SIGNING_CLIENT_SERVER));
1317 utils->MD5Final(text->Ki_receive, &Md5Ctx);
1322 static const unsigned short version = 1;
1326 * len, CIPHER(Kc, {msg, pag, HMAC(ki, {SeqNum, msg})[0..9]}), x0001, SeqNum
1329 * len, HMAC(ki, {SeqNum, msg})[0..9], x0001, SeqNum
1331 static int digestmd5_encode(void *context,
1332 const struct iovec *invec,
1334 const char **output,
1335 unsigned *outputlen)
1337 context_t *text = (context_t *) context;
1339 unsigned int tmpnum;
1340 unsigned short int tmpshort;
1343 struct buffer_info *inblob, bufinfo;
1345 if(!context || !invec || !numiov || !output || !outputlen) {
1346 PARAMERROR(text->utils);
1347 return SASL_BADPARAM;
1351 ret = _plug_iovec_to_buf(text->utils, invec, numiov, &text->enc_in_buf);
1352 if (ret != SASL_OK) return ret;
1353 inblob = text->enc_in_buf;
1355 /* avoid the data copy */
1356 bufinfo.data = invec[0].iov_base;
1357 bufinfo.curlen = invec[0].iov_len;
1361 /* make sure the output buffer is big enough for this blob */
1362 ret = _plug_buf_alloc(text->utils, &(text->encode_buf),
1363 &(text->encode_buf_len),
1364 (4 + /* for length */
1365 inblob->curlen + /* for content */
1367 8 + /* maximum pad */
1368 6)); /* for ver and seqnum */
1369 if(ret != SASL_OK) return ret;
1371 /* skip by the length for now */
1372 out = (text->encode_buf)+4;
1374 /* construct (seqnum, msg)
1376 * Use the output buffer so that the message text is already in place
1377 * for an integrity-only layer.
1379 tmpnum = htonl(text->seqnum);
1380 memcpy(text->encode_buf, &tmpnum, 4);
1381 memcpy(text->encode_buf + 4, inblob->data, inblob->curlen);
1383 if (text->cipher_enc) {
1384 unsigned char digest[16];
1386 /* HMAC(ki, (seqnum, msg) ) */
1387 text->utils->hmac_md5((const unsigned char *) text->encode_buf,
1389 text->Ki_send, HASHLEN, digest);
1391 /* calculate the encrypted part */
1392 text->cipher_enc(text, inblob->data, inblob->curlen,
1393 digest, out, outputlen);
1397 /* HMAC(ki, (seqnum, msg) ) -- put directly into output buffer */
1398 text->utils->hmac_md5((const unsigned char *) text->encode_buf,
1400 text->Ki_send, HASHLEN,
1401 text->encode_buf + inblob->curlen + 4);
1403 *outputlen = inblob->curlen + 10; /* for message + CMAC */
1404 out+=inblob->curlen + 10;
1407 /* copy in version */
1408 tmpshort = htons(version);
1409 memcpy(out, &tmpshort, 2); /* 2 bytes = version */
1412 (*outputlen)+=2; /* for version */
1415 tmpnum = htonl(text->seqnum);
1416 memcpy(out, &tmpnum, 4); /* 4 bytes = seq # */
1418 (*outputlen)+=4; /* for seqnum */
1420 /* put the 1st 4 bytes in */
1421 tmp=htonl(*outputlen);
1422 memcpy(text->encode_buf, &tmp, 4);
1426 *output = text->encode_buf;
1432 static int digestmd5_decode_packet(void *context,
1436 unsigned *outputlen)
1438 context_t *text = (context_t *) context;
1440 unsigned char *digest;
1444 unsigned int seqnum;
1445 unsigned char checkdigest[16];
1447 if (inputlen < 16) {
1448 text->utils->seterror(text->utils->conn, 0, "DIGEST-MD5 SASL packets must be at least 16 bytes long");
1452 /* check the version number */
1453 memcpy(&ver, input+inputlen-6, 2);
1455 if (ver != version) {
1456 text->utils->seterror(text->utils->conn, 0, "Wrong Version");
1460 /* check the sequence number */
1461 memcpy(&seqnum, input+inputlen-4, 4);
1462 seqnum = ntohl(seqnum);
1464 if (seqnum != text->rec_seqnum) {
1465 text->utils->seterror(text->utils->conn, 0,
1466 "Incorrect Sequence Number");
1470 /* allocate a buffer large enough for the output */
1471 result = _plug_buf_alloc(text->utils, &text->decode_packet_buf,
1472 &text->decode_packet_buf_len,
1473 inputlen /* length of message */
1474 - 6 /* skip ver and seqnum */
1475 + 4); /* prepend seqnum */
1476 if (result != SASL_OK) return result;
1478 /* construct (seqnum, msg) */
1479 tmpnum = htonl(text->rec_seqnum);
1480 memcpy(text->decode_packet_buf, &tmpnum, 4);
1482 text->rec_seqnum++; /* now increment it */
1484 *output = text->decode_packet_buf + 4; /* skip seqnum */
1486 if (text->cipher_dec) {
1487 /* decrypt message & HMAC into output buffer */
1488 result = text->cipher_dec(text, input, inputlen-6, NULL,
1489 *output, outputlen);
1490 if (result != SASL_OK) return result;
1493 /* copy message & HMAC into output buffer */
1494 memcpy(*output, input, inputlen - 6);
1495 *outputlen = inputlen - 16; /* -16 to skip HMAC, ver and seqnum */
1497 digest = *output + (inputlen - 16);
1499 /* check the CMAC */
1501 /* HMAC(ki, (seqnum, msg) ) */
1502 text->utils->hmac_md5((const unsigned char *) text->decode_packet_buf,
1504 text->Ki_receive, HASHLEN, checkdigest);
1507 for (lup = 0; lup < 10; lup++)
1508 if (checkdigest[lup] != digest[lup]) {
1509 text->utils->seterror(text->utils->conn, 0,
1510 "CMAC doesn't match at byte %d!", lup);
1517 static int digestmd5_decode(void *context,
1518 const char *input, unsigned inputlen,
1519 const char **output, unsigned *outputlen)
1521 context_t *text = (context_t *) context;
1524 ret = _plug_decode(&text->decode_context, input, inputlen,
1525 &text->decode_buf, &text->decode_buf_len, outputlen,
1526 digestmd5_decode_packet, text);
1528 *output = text->decode_buf;
1533 static void digestmd5_common_mech_dispose(void *conn_context,
1534 const sasl_utils_t *utils)
1536 context_t *text = (context_t *) conn_context;
1539 if (!text || !utils) return;
1541 if (text->authid) utils->free(text->authid);
1542 if (text->realm) utils->free(text->realm);
1545 /* need to free all the realms */
1546 for (lup = 0; lup < text->realm_cnt; lup++)
1547 utils->free (text->realms[lup]);
1549 utils->free(text->realms);
1552 if (text->nonce) utils->free(text->nonce);
1553 if (text->cnonce) utils->free(text->cnonce);
1555 if (text->cipher_free) text->cipher_free(text);
1557 /* free the stuff in the context */
1558 if (text->response_value) utils->free(text->response_value);
1560 _plug_decode_free(&text->decode_context);
1561 if (text->encode_buf) utils->free(text->encode_buf);
1562 if (text->decode_buf) utils->free(text->decode_buf);
1563 if (text->decode_packet_buf) utils->free(text->decode_packet_buf);
1564 if (text->out_buf) utils->free(text->out_buf);
1566 if (text->enc_in_buf) {
1567 if (text->enc_in_buf->data) utils->free(text->enc_in_buf->data);
1568 utils->free(text->enc_in_buf);
1571 utils->free(conn_context);
1574 static void clear_reauth_entry(reauth_entry_t *reauth, enum Context_type type,
1575 const sasl_utils_t *utils)
1577 if (!reauth) return;
1579 if (reauth->authid) utils->free(reauth->authid);
1580 if (reauth->realm) utils->free(reauth->realm);
1581 if (reauth->nonce) utils->free(reauth->nonce);
1582 if (reauth->cnonce) utils->free(reauth->cnonce);
1584 if (type == CLIENT) {
1585 if (reauth->u.c.serverFQDN) utils->free(reauth->u.c.serverFQDN);
1588 memset(reauth, 0, sizeof(reauth_entry_t));
1591 static void digestmd5_common_mech_free(void *glob_context,
1592 const sasl_utils_t *utils)
1594 digest_glob_context_t *my_glob_context =
1595 (digest_glob_context_t *) glob_context;
1596 reauth_cache_t *reauth_cache = my_glob_context->reauth;
1599 if (!reauth_cache) return;
1601 for (n = 0; n < reauth_cache->size; n++)
1602 clear_reauth_entry(&reauth_cache->e[n], reauth_cache->i_am, utils);
1603 if (reauth_cache->e) utils->free(reauth_cache->e);
1605 if (reauth_cache->mutex) utils->mutex_free(reauth_cache->mutex);
1607 utils->free(reauth_cache);
1608 my_glob_context->reauth = NULL;
1611 /***************************** Server Section *****************************/
1613 typedef struct server_context {
1617 int stale; /* last nonce is stale */
1618 sasl_ssf_t limitssf, requiressf; /* application defined bounds */
1621 static digest_glob_context_t server_glob_context;
1623 static void DigestCalcHA1FromSecret(context_t * text,
1624 const sasl_utils_t * utils,
1626 unsigned char *authorization_id,
1627 unsigned char *pszNonce,
1628 unsigned char *pszCNonce,
1633 /* calculate session key */
1634 utils->MD5Init(&Md5Ctx);
1635 utils->MD5Update(&Md5Ctx, HA1, HASHLEN);
1636 utils->MD5Update(&Md5Ctx, COLON, 1);
1637 utils->MD5Update(&Md5Ctx, pszNonce, strlen((char *) pszNonce));
1638 utils->MD5Update(&Md5Ctx, COLON, 1);
1639 utils->MD5Update(&Md5Ctx, pszCNonce, strlen((char *) pszCNonce));
1640 if (authorization_id != NULL) {
1641 utils->MD5Update(&Md5Ctx, COLON, 1);
1642 utils->MD5Update(&Md5Ctx, authorization_id, strlen((char *) authorization_id));
1644 utils->MD5Final(HA1, &Md5Ctx);
1646 CvtHex(HA1, SessionKey);
1649 /* save HA1 because we need it to make the privacy and integrity keys */
1650 memcpy(text->HA1, HA1, sizeof(HASH));
1653 static char *create_response(context_t * text,
1654 const sasl_utils_t * utils,
1655 unsigned char *nonce,
1656 unsigned int ncvalue,
1657 unsigned char *cnonce,
1661 char *authorization_id,
1662 char **response_value)
1665 HASHHEX HEntity = "00000000000000000000000000000000";
1672 DigestCalcHA1FromSecret(text,
1675 (unsigned char *) authorization_id,
1680 DigestCalcResponse(utils,
1681 SessionKey,/* HEX(H(A1)) */
1682 nonce, /* nonce from server */
1683 ncvalue, /* 8 hex digits */
1684 cnonce, /* client nonce */
1685 (unsigned char *) qop, /* qop-value: "", "auth",
1687 (unsigned char *) digesturi, /* requested URL */
1688 (unsigned char *) "AUTHENTICATE",
1689 HEntity, /* H(entity body) if qop="auth-int" */
1690 Response /* request-digest or response-digest */
1693 result = utils->malloc(HASHHEXLEN + 1);
1694 memcpy(result, Response, HASHHEXLEN);
1695 result[HASHHEXLEN] = 0;
1697 /* response_value (used for reauth i think */
1698 if (response_value != NULL) {
1699 DigestCalcResponse(utils,
1700 SessionKey, /* HEX(H(A1)) */
1701 nonce, /* nonce from server */
1702 ncvalue, /* 8 hex digits */
1703 cnonce, /* client nonce */
1704 (unsigned char *) qop, /* qop-value: "", "auth",
1706 (unsigned char *) digesturi, /* requested URL */
1708 HEntity, /* H(entity body) if qop="auth-int" */
1709 Response /* request-digest or response-digest */
1712 *response_value = utils->malloc(HASHHEXLEN + 1);
1713 if (*response_value == NULL)
1715 memcpy(*response_value, Response, HASHHEXLEN);
1716 (*response_value)[HASHHEXLEN] = 0;
1721 static int get_server_realm(sasl_server_params_t * params, char **realm)
1723 /* look at user realm first */
1724 if (params->user_realm != NULL) {
1725 if(params->user_realm[0] != '\0') {
1726 *realm = (char *) params->user_realm;
1728 /* Catch improperly converted apps */
1729 params->utils->seterror(params->utils->conn, 0,
1730 "user_realm is an empty string!");
1731 return SASL_BADPARAM;
1733 } else if (params->serverFQDN != NULL) {
1734 *realm = (char *) params->serverFQDN;
1736 params->utils->seterror(params->utils->conn, 0,
1737 "no way to obtain domain");
1745 * Convert hex string to int
1747 static int htoi(unsigned char *hexin, unsigned int *res)
1750 inlen = strlen((char *) hexin);
1753 for (lup = 0; lup < inlen; lup++) {
1754 switch (hexin[lup]) {
1765 *res = (*res << 4) + (hexin[lup] - '0');
1774 *res = (*res << 4) + (hexin[lup] - 'a' + 10);
1783 *res = (*res << 4) + (hexin[lup] - 'A' + 10);
1787 return SASL_BADPARAM;
1795 static int digestmd5_server_mech_new(void *glob_context,
1796 sasl_server_params_t * sparams,
1797 const char *challenge __attribute__((unused)),
1798 unsigned challen __attribute__((unused)),
1799 void **conn_context)
1803 /* holds state are in -- allocate server size */
1804 text = sparams->utils->malloc(sizeof(server_context_t));
1807 memset(text, 0, sizeof(server_context_t));
1810 text->i_am = SERVER;
1811 text->reauth = ((digest_glob_context_t *) glob_context)->reauth;
1813 *conn_context = text;
1818 digestmd5_server_mech_step1(server_context_t *stext,
1819 sasl_server_params_t *sparams,
1820 const char *clientin __attribute__((unused)),
1821 unsigned clientinlen __attribute__((unused)),
1822 const char **serverout,
1823 unsigned *serveroutlen,
1824 sasl_out_params_t * oparams __attribute__((unused)))
1826 context_t *text = (context_t *) stext;
1829 unsigned char *nonce;
1830 char *charset = "utf-8";
1831 char qop[1024], cipheropts[1024];
1832 struct digest_cipher *cipher;
1837 sparams->utils->log(sparams->utils->conn, SASL_LOG_DEBUG,
1838 "DIGEST-MD5 server step 1");
1841 result = get_server_realm(sparams, &realm);
1842 if(result != SASL_OK) return result;
1844 /* what options should we offer the client? */
1846 cipheropts[0] = '\0';
1847 if (stext->requiressf == 0) {
1848 if (*qop) strcat(qop, ",");
1849 strcat(qop, "auth");
1851 if (stext->requiressf <= 1 && stext->limitssf >= 1) {
1852 if (*qop) strcat(qop, ",");
1853 strcat(qop, "auth-int");
1856 cipher = available_ciphers;
1857 while (cipher->name) {
1858 /* do we allow this particular cipher? */
1859 if (stext->requiressf <= cipher->ssf &&
1860 stext->limitssf >= cipher->ssf) {
1862 if (*qop) strcat(qop, ",");
1863 strcat(qop, "auth-conf");
1866 if (*cipheropts) strcat(cipheropts, ",");
1867 strcat(cipheropts, cipher->name);
1873 /* we didn't allow anything?!? we'll return SASL_TOOWEAK, since
1874 that's close enough */
1875 return SASL_TOOWEAK;
1879 * digest-challenge = 1#( realm | nonce | qop-options | stale | maxbuf |
1880 * charset | cipher-opts | auth-param )
1883 /* FIXME: get nonce XXX have to clean up after self if fail */
1884 nonce = create_nonce(sparams->utils);
1885 if (nonce == NULL) {
1886 SETERROR(sparams->utils, "internal erorr: failed creating a nonce");
1891 text->out_buf = NULL;
1892 text->out_buf_len = 0;
1893 if (add_to_challenge(sparams->utils,
1894 &text->out_buf, &text->out_buf_len, &resplen,
1895 "nonce", (unsigned char *) nonce,
1897 SETERROR(sparams->utils, "internal error: add_to_challenge failed");
1901 /* add to challenge; if we chose not to specify a realm, we won't
1902 * send one to the client */
1903 if (realm && add_to_challenge(sparams->utils,
1904 &text->out_buf, &text->out_buf_len, &resplen,
1905 "realm", (unsigned char *) realm,
1907 SETERROR(sparams->utils, "internal error: add_to_challenge failed");
1911 * qop-options A quoted string of one or more tokens indicating the
1912 * "quality of protection" values supported by the server. The value
1913 * "auth" indicates authentication; the value "auth-int" indicates
1914 * authentication with integrity protection; the value "auth-conf"
1915 * indicates authentication with integrity protection and encryption.
1918 /* add qop to challenge */
1919 if (add_to_challenge(sparams->utils,
1920 &text->out_buf, &text->out_buf_len, &resplen,
1922 (unsigned char *) qop, TRUE) != SASL_OK) {
1923 SETERROR(sparams->utils, "internal error: add_to_challenge 3 failed");
1928 * Cipheropts - list of ciphers server supports
1930 /* add cipher-opts to challenge; only add if there are some */
1931 if (strcmp(cipheropts,"")!=0)
1933 if (add_to_challenge(sparams->utils,
1934 &text->out_buf, &text->out_buf_len, &resplen,
1935 "cipher", (unsigned char *) cipheropts,
1937 SETERROR(sparams->utils,
1938 "internal error: add_to_challenge 4 failed");
1943 /* "stale" is true if a reauth failed because of a nonce timeout */
1945 add_to_challenge(sparams->utils,
1946 &text->out_buf, &text->out_buf_len, &resplen,
1947 "stale", "true", FALSE) != SASL_OK) {
1948 SETERROR(sparams->utils, "internal error: add_to_challenge failed");
1953 * maxbuf A number indicating the size of the largest buffer the server
1954 * is able to receive when using "auth-int". If this directive is
1955 * missing, the default value is 65536. This directive may appear at most
1956 * once; if multiple instances are present, the client should abort the
1957 * authentication exchange.
1959 if(sparams->props.maxbufsize) {
1960 snprintf(maxbufstr, sizeof(maxbufstr), "%u",
1961 sparams->props.maxbufsize);
1962 if (add_to_challenge(sparams->utils,
1963 &text->out_buf, &text->out_buf_len, &resplen,
1965 (unsigned char *) maxbufstr, FALSE) != SASL_OK) {
1966 SETERROR(sparams->utils,
1967 "internal error: add_to_challenge 5 failed");
1973 if (add_to_challenge(sparams->utils,
1974 &text->out_buf, &text->out_buf_len, &resplen,
1976 (unsigned char *) charset, FALSE) != SASL_OK) {
1977 SETERROR(sparams->utils, "internal error: add_to_challenge 6 failed");
1984 * This directive is required for backwards compatibility with HTTP
1985 * Digest., which supports other algorithms. . This directive is
1986 * required and MUST appear exactly once; if not present, or if multiple
1987 * instances are present, the client should abort the authentication
1990 * algorithm = "algorithm" "=" "md5-sess"
1993 if (add_to_challenge(sparams->utils,
1994 &text->out_buf, &text->out_buf_len, &resplen,
1996 (unsigned char *) "md5-sess", FALSE)!=SASL_OK) {
1997 SETERROR(sparams->utils, "internal error: add_to_challenge 7 failed");
2002 * The size of a digest-challenge MUST be less than 2048 bytes!!!
2004 if (*serveroutlen > 2048) {
2005 SETERROR(sparams->utils,
2006 "internal error: challenge larger than 2048 bytes");
2010 text->authid = NULL;
2011 _plug_strdup(sparams->utils, realm, &text->realm, NULL);
2012 text->nonce = nonce;
2013 text->nonce_count = 1;
2014 text->cnonce = NULL;
2015 stext->timestamp = time(0);
2017 *serveroutlen = strlen(text->out_buf);
2018 *serverout = text->out_buf;
2022 return SASL_CONTINUE;
2025 static int digestmd5_server_mech_step2(server_context_t *stext,
2026 sasl_server_params_t *sparams,
2027 const char *clientin,
2028 unsigned clientinlen,
2029 const char **serverout,
2030 unsigned *serveroutlen,
2031 sasl_out_params_t * oparams)
2033 context_t *text = (context_t *) stext;
2035 sasl_secret_t *sec = NULL;
2037 char *serverresponse = NULL;
2038 char *username = NULL;
2039 char *authorization_id = NULL;
2041 unsigned char *nonce = NULL, *cnonce = NULL;
2042 unsigned int noncecount = 0;
2044 char *digesturi = NULL;
2045 char *response = NULL;
2047 /* setting the default value (65536) */
2048 unsigned long client_maxbuf = 65536;
2049 int maxbuf_count = 0; /* How many maxbuf instaces was found */
2051 char *charset = NULL;
2052 char *cipher = NULL;
2057 /* password prop_request */
2058 const char *password_request[] = { SASL_AUX_PASSWORD,
2059 "*cmusaslsecretDIGEST-MD5",
2062 struct propval auxprop_values[2];
2064 /* can we mess with clientin? copy it to be safe */
2065 char *in_start = NULL;
2068 sparams->utils->log(sparams->utils->conn, SASL_LOG_DEBUG,
2069 "DIGEST-MD5 server step 2");
2071 in = sparams->utils->malloc(clientinlen + 1);
2073 memcpy(in, clientin, clientinlen);
2074 in[clientinlen] = 0;
2079 /* parse what we got */
2080 while (in[0] != '\0') {
2081 char *name = NULL, *value = NULL;
2082 get_pair(&in, &name, &value);
2087 /* Extracting parameters */
2090 * digest-response = 1#( username | realm | nonce | cnonce |
2091 * nonce-count | qop | digest-uri | response | maxbuf | charset |
2092 * cipher | auth-param )
2095 if (strcasecmp(name, "username") == 0) {
2096 _plug_strdup(sparams->utils, value, &username, NULL);
2097 } else if (strcasecmp(name, "authzid") == 0) {
2098 _plug_strdup(sparams->utils, value, &authorization_id, NULL);
2099 } else if (strcasecmp(name, "cnonce") == 0) {
2100 _plug_strdup(sparams->utils, value, (char **) &cnonce, NULL);
2101 } else if (strcasecmp(name, "nc") == 0) {
2102 if (htoi((unsigned char *) value, &noncecount) != SASL_OK) {
2103 SETERROR(sparams->utils,
2104 "error converting hex to int");
2105 result = SASL_BADAUTH;
2108 } else if (strcasecmp(name, "realm") == 0) {
2110 SETERROR(sparams->utils,
2111 "duplicate realm: authentication aborted");
2115 _plug_strdup(sparams->utils, value, &realm, NULL);
2116 } else if (strcasecmp(name, "nonce") == 0) {
2117 _plug_strdup(sparams->utils, value, (char **) &nonce, NULL);
2118 } else if (strcasecmp(name, "qop") == 0) {
2119 _plug_strdup(sparams->utils, value, &qop, NULL);
2120 } else if (strcasecmp(name, "digest-uri") == 0) {
2124 SETERROR(sparams->utils,
2125 "duplicate digest-uri: authentication aborted");
2130 _plug_strdup(sparams->utils, value, &digesturi, NULL);
2132 /* Verify digest-uri format:
2134 * digest-uri-value = serv-type "/" host [ "/" serv-name ]
2137 /* make sure it's the service that we're expecting */
2138 service_len = strlen(sparams->service);
2139 if (strncasecmp(digesturi, sparams->service, service_len) ||
2140 digesturi[service_len] != '/') {
2141 result = SASL_BADAUTH;
2142 SETERROR(sparams->utils,
2143 "bad digest-uri: doesn't match service");
2147 /* xxx we don't verify the hostname component */
2149 } else if (strcasecmp(name, "response") == 0) {
2150 _plug_strdup(sparams->utils, value, &response, NULL);
2151 } else if (strcasecmp(name, "cipher") == 0) {
2152 _plug_strdup(sparams->utils, value, &cipher, NULL);
2153 } else if (strcasecmp(name, "maxbuf") == 0) {
2155 if (maxbuf_count != 1) {
2156 result = SASL_BADAUTH;
2157 SETERROR(sparams->utils,
2158 "duplicate maxbuf: authentication aborted");
2160 } else if (str2ul32 (value, &client_maxbuf) == FALSE) {
2161 result = SASL_BADAUTH;
2162 SETERROR(sparams->utils, "invalid maxbuf parameter");
2165 if (client_maxbuf <= 16) {
2166 result = SASL_BADAUTH;
2167 SETERROR(sparams->utils,
2168 "maxbuf parameter too small");
2172 if (client_maxbuf > MAX_SASL_BUFSIZE) {
2173 result = SASL_BADAUTH;
2174 SETERROR(sparams->utils,
2175 "maxbuf parameter too big");
2179 } else if (strcasecmp(name, "charset") == 0) {
2180 if (strcasecmp(value, "utf-8") != 0) {
2181 SETERROR(sparams->utils, "client doesn't support UTF-8");
2185 _plug_strdup(sparams->utils, value, &charset, NULL);
2187 sparams->utils->log(sparams->utils->conn, SASL_LOG_DEBUG,
2188 "DIGEST-MD5 unrecognized pair %s/%s: ignoring",
2194 * username = "username" "=" <"> username-value <">
2195 * username-value = qdstr-val
2196 * cnonce = "cnonce" "=" <"> cnonce-value <">
2197 * cnonce-value = qdstr-val
2198 * nonce-count = "nc" "=" nc-value
2200 * qop = "qop" "=" qop-value
2201 * digest-uri = "digest-uri" "=" digest-uri-value
2202 * digest-uri-value = serv-type "/" host [ "/" serv-name ]
2203 * serv-type = 1*ALPHA
2204 * host = 1*( ALPHA | DIGIT | "-" | "." )
2206 * response = "response" "=" <"> response-value <">
2207 * response-value = 32LHEX
2208 * LHEX = "0" | "1" | "2" | "3" | "4" | "5" |
2209 * "6" | "7" | "8" | "9" | "a" | "b" | "c" | "d" | "e" | "f"
2210 * cipher = "cipher" "=" cipher-value
2212 /* Verifing that all parameters was defined */
2213 if ((username == NULL) ||
2215 (noncecount == 0) ||
2217 (digesturi == NULL) ||
2218 (response == NULL)) {
2219 SETERROR(sparams->utils, "required parameters missing");
2220 result = SASL_BADAUTH;
2224 if (text->state == 1) {
2225 unsigned val = hash(username) % text->reauth->size;
2227 /* reauth attempt, see if we have any info for this user */
2228 if (sparams->utils->mutex_lock(text->reauth->mutex) == SASL_OK) { /* LOCK */
2229 if (text->reauth->e[val].authid &&
2230 !strcmp(username, text->reauth->e[val].authid)) {
2232 _plug_strdup(sparams->utils, text->reauth->e[val].realm,
2233 &text->realm, NULL);
2234 _plug_strdup(sparams->utils, text->reauth->e[val].nonce,
2235 (char **) &text->nonce, NULL);
2236 text->nonce_count = ++text->reauth->e[val].nonce_count;
2237 _plug_strdup(sparams->utils, text->reauth->e[val].cnonce,
2238 (char **) &text->cnonce, NULL);
2239 stext->timestamp = text->reauth->e[val].u.s.timestamp;
2241 sparams->utils->mutex_unlock(text->reauth->mutex); /* UNLOCK */
2245 /* we don't have any reauth info, so bail */
2251 /* Sanity check the parameters */
2252 if (realm == NULL) {
2254 If the directive is missing, "realm-value" will set to
2255 the empty string when computing A1. */
2256 _plug_strdup(sparams->utils, "", &realm, NULL);
2257 sparams->utils->log(sparams->utils->conn, SASL_LOG_DEBUG,
2258 "The client didn't send a realm, assuming empty string.");
2259 if (text->realm[0] != '\0') {
2260 SETERROR(sparams->utils,
2261 "realm changed: authentication aborted");
2262 result = SASL_BADAUTH;
2266 /* CLAIM: realm is not NULL below */
2267 } else if ((strcmp(realm, text->realm) != 0) &&
2268 (text->realm[0] != 0)) {
2269 SETERROR(sparams->utils,
2270 "realm changed: authentication aborted");
2271 result = SASL_BADAUTH;
2274 if (strcmp(nonce, (char *) text->nonce) != 0) {
2275 SETERROR(sparams->utils,
2276 "nonce changed: authentication aborted");
2277 result = SASL_BADAUTH;
2280 if (noncecount != text->nonce_count) {
2281 SETERROR(sparams->utils,
2282 "incorrect nonce-count: authentication aborted");
2283 result = SASL_BADAUTH;
2286 if (text->cnonce && strcmp(cnonce, text->cnonce) != 0) {
2287 SETERROR(sparams->utils,
2288 "cnonce changed: authentication aborted");
2289 result = SASL_BADAUTH;
2293 result = sparams->utils->prop_request(sparams->propctx, password_request);
2294 if(result != SASL_OK) {
2295 SETERROR(sparams->utils, "unable to obtain user password");
2299 /* this will trigger the getting of the aux properties */
2300 /* Note that if we don't have an authorization id, we don't use it... */
2301 result = sparams->canon_user(sparams->utils->conn,
2302 username, 0, SASL_CU_AUTHID, oparams);
2303 if (result != SASL_OK) {
2304 SETERROR(sparams->utils, "unable canonify user and get auxprops");
2308 if (!authorization_id || !*authorization_id) {
2309 result = sparams->canon_user(sparams->utils->conn,
2310 username, 0, SASL_CU_AUTHZID, oparams);
2312 result = sparams->canon_user(sparams->utils->conn,
2313 authorization_id, 0, SASL_CU_AUTHZID,
2317 if (result != SASL_OK) {
2318 SETERROR(sparams->utils, "unable authorization ID");
2322 result = sparams->utils->prop_getnames(sparams->propctx, password_request,
2325 ((!auxprop_values[0].name || !auxprop_values[0].values) &&
2326 (!auxprop_values[1].name || !auxprop_values[1].values))) {
2327 /* We didn't find this username */
2328 sparams->utils->seterror(sparams->utils->conn, 0,
2329 "no secret in database");
2330 result = sparams->transition ? SASL_TRANS : SASL_NOUSER;
2334 if (auxprop_values[0].name && auxprop_values[0].values) {
2335 len = strlen(auxprop_values[0].values[0]);
2337 sparams->utils->seterror(sparams->utils->conn,0,
2343 sec = sparams->utils->malloc(sizeof(sasl_secret_t) + len);
2345 SETERROR(sparams->utils, "unable to allocate secret");
2351 strncpy(sec->data, auxprop_values[0].values[0], len + 1);
2354 * Verifying response obtained from client
2356 * H_URP = H({ username-value,":",realm-value,":",passwd}) sec->data
2360 /* Calculate the secret from the plaintext password */
2363 * Secret = { H( { username-value, ":", realm-value, ":", passwd } ) }
2365 * (used to build A1)
2368 DigestCalcSecret(sparams->utils, username,
2369 text->realm, sec->data, sec->len, Secret);
2370 Secret[HASHLEN] = '\0';
2373 /* We're done with sec now. Let's get rid of it */
2374 _plug_free_secret(sparams->utils, &sec);
2375 } else if (auxprop_values[1].name && auxprop_values[1].values) {
2376 memcpy(Secret, auxprop_values[1].values[0], HASHLEN);
2377 Secret[HASHLEN] = '\0';
2379 sparams->utils->seterror(sparams->utils->conn, 0,
2380 "Have neither type of secret");
2384 /* erase the plaintext password */
2385 sparams->utils->prop_erase(sparams->propctx, password_request[0]);
2387 /* defaulting qop to "auth" if not specified */
2389 _plug_strdup(sparams->utils, "auth", &qop, NULL);
2392 /* check which layer/cipher to use */
2393 if ((!strcasecmp(qop, "auth-conf")) && (cipher != NULL)) {
2394 /* see what cipher was requested */
2395 struct digest_cipher *cptr;
2397 cptr = available_ciphers;
2398 while (cptr->name) {
2399 /* find the cipher requested & make sure it's one we're happy
2401 if (!strcasecmp(cipher, cptr->name) &&
2402 stext->requiressf <= cptr->ssf &&
2403 stext->limitssf >= cptr->ssf) {
2411 text->cipher_enc = cptr->cipher_enc;
2412 text->cipher_dec = cptr->cipher_dec;
2413 text->cipher_init = cptr->cipher_init;
2414 text->cipher_free = cptr->cipher_free;
2415 oparams->mech_ssf = cptr->ssf;
2418 /* erg? client requested something we didn't advertise! */
2419 sparams->utils->log(sparams->utils->conn, SASL_LOG_WARN,
2420 "protocol violation: client requested invalid cipher");
2421 SETERROR(sparams->utils, "client requested invalid cipher");
2422 /* Mark that we attempted security layer negotiation */
2423 oparams->mech_ssf = 2;
2428 oparams->encode=&digestmd5_encode;
2429 oparams->decode=&digestmd5_decode;
2430 } else if (!strcasecmp(qop, "auth-int") &&
2431 stext->requiressf <= 1 && stext->limitssf >= 1) {
2432 oparams->encode = &digestmd5_encode;
2433 oparams->decode = &digestmd5_decode;
2434 oparams->mech_ssf = 1;
2435 } else if (!strcasecmp(qop, "auth") && stext->requiressf == 0) {
2436 oparams->encode = NULL;
2437 oparams->decode = NULL;
2438 oparams->mech_ssf = 0;
2440 SETERROR(sparams->utils,
2441 "protocol violation: client requested invalid qop");
2446 serverresponse = create_response(text,
2455 &text->response_value);
2457 if (serverresponse == NULL) {
2458 SETERROR(sparams->utils, "internal error: unable to create response");
2459 result = SASL_NOMEM;
2463 /* if ok verified */
2464 if (strcmp(serverresponse, response) != 0) {
2465 SETERROR(sparams->utils,
2466 "client response doesn't match what we generated");
2467 result = SASL_BADAUTH;
2472 /* see if our nonce expired */
2473 if (text->reauth->timeout &&
2474 time(0) - stext->timestamp > text->reauth->timeout) {
2475 SETERROR(sparams->utils, "server nonce expired");
2477 result = SASL_BADAUTH;
2483 * nothing more to do; authenticated set oparams information
2485 oparams->doneflag = 1;
2486 oparams->maxoutbuf = client_maxbuf - 4;
2487 if (oparams->mech_ssf > 1) {
2488 /* MAC block (privacy) */
2489 oparams->maxoutbuf -= 25;
2490 } else if(oparams->mech_ssf == 1) {
2491 /* MAC block (integrity) */
2492 oparams->maxoutbuf -= 16;
2495 oparams->param_version = 0;
2497 text->seqnum = 0; /* for integrity/privacy */
2498 text->rec_seqnum = 0; /* for integrity/privacy */
2499 text->utils = sparams->utils;
2501 /* used by layers */
2502 _plug_decode_init(&text->decode_context, text->utils,
2503 sparams->props.maxbufsize ? sparams->props.maxbufsize :
2506 if (oparams->mech_ssf > 0) {
2510 create_layer_keys(text, sparams->utils,text->HA1,n,enckey,deckey);
2512 /* initialize cipher if need be */
2513 if (text->cipher_init)
2514 if (text->cipher_init(text, enckey, deckey) != SASL_OK) {
2515 sparams->utils->seterror(sparams->utils->conn, 0,
2516 "couldn't init cipher");
2521 * The server receives and validates the "digest-response". The server
2522 * checks that the nonce-count is "00000001". If it supports subsequent
2523 * authentication, it saves the value of the nonce and the nonce-count.
2527 * The "username-value", "realm-value" and "passwd" are encoded according
2528 * to the value of the "charset" directive. If "charset=UTF-8" is
2529 * present, and all the characters of either "username-value" or "passwd"
2530 * are in the ISO 8859-1 character set, then it must be converted to
2531 * UTF-8 before being hashed. A sample implementation of this conversion
2535 /* add to challenge */
2538 strlen(text->response_value) + strlen("rspauth") + 3;
2540 result = _plug_buf_alloc(sparams->utils, &(text->out_buf),
2541 &(text->out_buf_len), resplen);
2542 if(result != SASL_OK) {
2546 sprintf(text->out_buf, "rspauth=%s", text->response_value);
2549 if (strlen(text->out_buf) > 2048) {
2555 *serveroutlen = strlen(text->out_buf);
2556 *serverout = text->out_buf;
2561 if (text->reauth->timeout &&
2562 sparams->utils->mutex_lock(text->reauth->mutex) == SASL_OK) { /* LOCK */
2563 unsigned val = hash(username) % text->reauth->size;
2567 /* successful auth, setup for future reauth */
2568 if (text->nonce_count == 1) {
2569 /* successful initial auth, create new entry */
2570 clear_reauth_entry(&text->reauth->e[val], SERVER, sparams->utils);
2571 text->reauth->e[val].authid = username; username = NULL;
2572 text->reauth->e[val].realm = text->realm; text->realm = NULL;
2573 text->reauth->e[val].nonce = text->nonce; text->nonce = NULL;
2574 text->reauth->e[val].cnonce = cnonce; cnonce = NULL;
2576 if (text->nonce_count <= text->reauth->e[val].nonce_count) {
2577 /* paranoia. prevent replay attacks */
2578 clear_reauth_entry(&text->reauth->e[val], SERVER, sparams->utils);
2581 text->reauth->e[val].nonce_count = text->nonce_count;
2582 text->reauth->e[val].u.s.timestamp = time(0);
2586 if (text->nonce_count > 1) {
2587 /* failed reauth, clear entry */
2588 clear_reauth_entry(&text->reauth->e[val], SERVER, sparams->utils);
2591 /* failed initial auth, leave existing cache */
2594 sparams->utils->mutex_unlock(text->reauth->mutex); /* UNLOCK */
2597 /* free everything */
2598 if (in_start) sparams->utils->free (in_start);
2600 if (username != NULL)
2601 sparams->utils->free (username);
2602 if (authorization_id != NULL)
2603 sparams->utils->free (authorization_id);
2605 sparams->utils->free (realm);
2607 sparams->utils->free (nonce);
2609 sparams->utils->free (cnonce);
2610 if (response != NULL)
2611 sparams->utils->free (response);
2613 sparams->utils->free (cipher);
2614 if (serverresponse != NULL)
2615 sparams->utils->free(serverresponse);
2616 if (charset != NULL)
2617 sparams->utils->free (charset);
2618 if (digesturi != NULL)
2619 sparams->utils->free (digesturi);
2621 sparams->utils->free (qop);
2623 _plug_free_secret(sparams->utils, &sec);
2628 static int digestmd5_server_mech_step(void *conn_context,
2629 sasl_server_params_t *sparams,
2630 const char *clientin,
2631 unsigned clientinlen,
2632 const char **serverout,
2633 unsigned *serveroutlen,
2634 sasl_out_params_t *oparams)
2636 context_t *text = (context_t *) conn_context;
2637 server_context_t *stext = (server_context_t *) conn_context;
2639 if (clientinlen > 4096) return SASL_BADPROT;
2644 switch (text->state) {
2647 /* setup SSF limits */
2648 if (!sparams->props.maxbufsize) {
2649 stext->limitssf = 0;
2650 stext->requiressf = 0;
2652 if (sparams->props.max_ssf < sparams->external_ssf) {
2653 stext->limitssf = 0;
2656 sparams->props.max_ssf - sparams->external_ssf;
2658 if (sparams->props.min_ssf < sparams->external_ssf) {
2659 stext->requiressf = 0;
2662 sparams->props.min_ssf - sparams->external_ssf;
2666 if (clientin && text->reauth->timeout) {
2667 /* here's where we attempt fast reauth if possible */
2668 if (digestmd5_server_mech_step2(stext, sparams,
2669 clientin, clientinlen,
2670 serverout, serveroutlen,
2671 oparams) == SASL_OK) {
2675 sparams->utils->log(NULL, SASL_LOG_WARN,
2676 "DIGEST-MD5 reauth failed\n");
2678 /* re-initialize everything for a fresh start */
2679 memset(oparams, 0, sizeof(sasl_out_params_t));
2681 /* fall through and issue challenge */
2684 return digestmd5_server_mech_step1(stext, sparams,
2685 clientin, clientinlen,
2686 serverout, serveroutlen, oparams);
2689 return digestmd5_server_mech_step2(stext, sparams,
2690 clientin, clientinlen,
2691 serverout, serveroutlen, oparams);
2694 sparams->utils->log(NULL, SASL_LOG_ERR,
2695 "Invalid DIGEST-MD5 server step %d\n", text->state);
2699 return SASL_FAIL; /* should never get here */
2702 static void digestmd5_server_mech_dispose(void *conn_context,
2703 const sasl_utils_t *utils)
2705 server_context_t *stext = (server_context_t *) conn_context;
2707 if (!stext || !utils) return;
2709 digestmd5_common_mech_dispose(conn_context, utils);
2712 static sasl_server_plug_t digestmd5_server_plugins[] =
2715 "DIGEST-MD5", /* mech_name */
2723 SASL_SEC_NOPLAINTEXT
2724 | SASL_SEC_NOANONYMOUS
2725 | SASL_SEC_MUTUAL_AUTH, /* security_flags */
2726 SASL_FEAT_ALLOWS_PROXY, /* features */
2727 &server_glob_context, /* glob_context */
2728 &digestmd5_server_mech_new, /* mech_new */
2729 &digestmd5_server_mech_step, /* mech_step */
2730 &digestmd5_server_mech_dispose, /* mech_dispose */
2731 &digestmd5_common_mech_free, /* mech_free */
2733 NULL, /* user_query */
2735 NULL, /* mech avail */
2740 int digestmd5_server_plug_init(sasl_utils_t *utils,
2743 sasl_server_plug_t **pluglist,
2746 reauth_cache_t *reauth_cache;
2747 const char *timeout = NULL;
2750 if (maxversion < SASL_SERVER_PLUG_VERSION)
2751 return SASL_BADVERS;
2754 reauth_cache = utils->malloc(sizeof(reauth_cache_t));
2755 if (reauth_cache == NULL)
2757 memset(reauth_cache, 0, sizeof(reauth_cache_t));
2758 reauth_cache->i_am = SERVER;
2760 /* fetch and canonify the reauth_timeout */
2761 utils->getopt(utils->getopt_context, "DIGEST-MD5", "reauth_timeout",
2764 reauth_cache->timeout = (time_t) 60 * strtol(timeout, NULL, 10);
2765 if (reauth_cache->timeout < 0)
2766 reauth_cache->timeout = 0;
2768 if (reauth_cache->timeout) {
2770 reauth_cache->mutex = utils->mutex_alloc();
2771 if (!reauth_cache->mutex)
2775 reauth_cache->size = 100;
2776 reauth_cache->e = utils->malloc(reauth_cache->size *
2777 sizeof(reauth_entry_t));
2778 if (reauth_cache->e == NULL)
2780 memset(reauth_cache->e, 0, reauth_cache->size * sizeof(reauth_entry_t));
2783 ((digest_glob_context_t *) digestmd5_server_plugins[0].glob_context)->reauth = reauth_cache;
2785 *out_version = SASL_SERVER_PLUG_VERSION;
2786 *pluglist = digestmd5_server_plugins;
2792 /***************************** Client Section *****************************/
2794 typedef struct client_context {
2797 sasl_secret_t *password; /* user password */
2798 unsigned int free_password; /* set if we need to free password */
2801 struct digest_cipher *cipher;
2802 unsigned long server_maxbuf;
2805 static digest_glob_context_t client_glob_context;
2807 /* calculate H(A1) as per spec */
2808 static void DigestCalcHA1(context_t * text,
2809 const sasl_utils_t * utils,
2810 unsigned char *pszUserName,
2811 unsigned char *pszRealm,
2812 sasl_secret_t * pszPassword,
2813 unsigned char *pszAuthorization_id,
2814 unsigned char *pszNonce,
2815 unsigned char *pszCNonce,
2821 DigestCalcSecret(utils,
2824 (unsigned char *) pszPassword->data,
2828 /* calculate the session key */
2829 utils->MD5Init(&Md5Ctx);
2830 utils->MD5Update(&Md5Ctx, HA1, HASHLEN);
2831 utils->MD5Update(&Md5Ctx, COLON, 1);
2832 utils->MD5Update(&Md5Ctx, pszNonce, strlen((char *) pszNonce));
2833 utils->MD5Update(&Md5Ctx, COLON, 1);
2834 utils->MD5Update(&Md5Ctx, pszCNonce, strlen((char *) pszCNonce));
2835 if (pszAuthorization_id != NULL) {
2836 utils->MD5Update(&Md5Ctx, COLON, 1);
2837 utils->MD5Update(&Md5Ctx, pszAuthorization_id,
2838 strlen((char *) pszAuthorization_id));
2840 utils->MD5Final(HA1, &Md5Ctx);
2842 CvtHex(HA1, SessionKey);
2844 /* xxx rc-* use different n */
2846 /* save HA1 because we'll need it for the privacy and integrity keys */
2847 memcpy(text->HA1, HA1, sizeof(HASH));
2851 static char *calculate_response(context_t * text,
2852 const sasl_utils_t * utils,
2853 unsigned char *username,
2854 unsigned char *realm,
2855 unsigned char *nonce,
2856 unsigned int ncvalue,
2857 unsigned char *cnonce,
2859 unsigned char *digesturi,
2860 sasl_secret_t * passwd,
2861 unsigned char *authorization_id,
2862 char **response_value)
2865 HASHHEX HEntity = "00000000000000000000000000000000";
2869 /* Verifing that all parameters was defined */
2870 if(!username || !cnonce || !nonce || !ncvalue || !digesturi || !passwd) {
2871 PARAMERROR( utils );
2875 if (realm == NULL) {
2876 /* a NULL realm is equivalent to the empty string */
2877 realm = (unsigned char *) "";
2881 /* default to a qop of just authentication */
2895 DigestCalcResponse(utils,
2896 SessionKey,/* HEX(H(A1)) */
2897 nonce, /* nonce from server */
2898 ncvalue, /* 8 hex digits */
2899 cnonce, /* client nonce */
2900 (unsigned char *) qop, /* qop-value: "", "auth",
2902 digesturi, /* requested URL */
2903 (unsigned char *) "AUTHENTICATE",
2904 HEntity, /* H(entity body) if qop="auth-int" */
2905 Response /* request-digest or response-digest */
2908 result = utils->malloc(HASHHEXLEN + 1);
2909 memcpy(result, Response, HASHHEXLEN);
2910 result[HASHHEXLEN] = 0;
2912 if (response_value != NULL) {
2913 DigestCalcResponse(utils,
2914 SessionKey, /* HEX(H(A1)) */
2915 nonce, /* nonce from server */
2916 ncvalue, /* 8 hex digits */
2917 cnonce, /* client nonce */
2918 (unsigned char *) qop, /* qop-value: "", "auth",
2920 (unsigned char *) digesturi, /* requested URL */
2922 HEntity, /* H(entity body) if qop="auth-int" */
2923 Response /* request-digest or response-digest */
2926 *response_value = utils->malloc(HASHHEXLEN + 1);
2927 if (*response_value == NULL)
2930 memcpy(*response_value, Response, HASHHEXLEN);
2931 (*response_value)[HASHHEXLEN] = 0;
2938 static int make_client_response(context_t *text,
2939 sasl_client_params_t *params,
2940 sasl_out_params_t *oparams)
2942 client_context_t *ctext = (client_context_t *) text;
2945 unsigned char *digesturi = NULL;
2946 bool IsUTF8 = FALSE;
2949 char *response = NULL;
2950 unsigned resplen = 0;
2951 int result = SASL_OK;
2953 switch (ctext->protection) {
2954 case DIGEST_PRIVACY:
2956 oparams->encode = &digestmd5_encode;
2957 oparams->decode = &digestmd5_decode;
2958 oparams->mech_ssf = ctext->cipher->ssf;
2960 nbits = ctext->cipher->n;
2961 text->cipher_enc = ctext->cipher->cipher_enc;
2962 text->cipher_dec = ctext->cipher->cipher_dec;
2963 text->cipher_free = ctext->cipher->cipher_free;
2964 text->cipher_init = ctext->cipher->cipher_init;
2966 case DIGEST_INTEGRITY:
2968 oparams->encode = &digestmd5_encode;
2969 oparams->decode = &digestmd5_decode;
2970 oparams->mech_ssf = 1;
2972 case DIGEST_NOLAYER:
2975 oparams->encode = NULL;
2976 oparams->decode = NULL;
2977 oparams->mech_ssf = 0;
2980 digesturi = params->utils->malloc(strlen(params->service) + 1 +
2981 strlen(params->serverFQDN) + 1 +
2983 if (digesturi == NULL) {
2984 result = SASL_NOMEM;
2985 goto FreeAllocatedMem;
2988 /* allocated exactly this. safe */
2989 strcpy((char *) digesturi, params->service);
2990 strcat((char *) digesturi, "/");
2991 strcat((char *) digesturi, params->serverFQDN);
2993 * strcat (digesturi, "/"); strcat (digesturi, params->serverFQDN);
2998 calculate_response(text,
3000 (char *) oparams->authid,
3001 (unsigned char *) text->realm,
3008 strcmp(oparams->user, oparams->authid) ?
3009 (char *) oparams->user : NULL,
3010 &text->response_value);
3014 text->out_buf = NULL;
3015 text->out_buf_len = 0;
3016 if (add_to_challenge(params->utils,
3017 &text->out_buf, &text->out_buf_len, &resplen,
3018 "username", (unsigned char *) oparams->authid,
3021 goto FreeAllocatedMem;
3024 if (add_to_challenge(params->utils,
3025 &text->out_buf, &text->out_buf_len, &resplen,
3026 "realm", (unsigned char *) text->realm,
3029 goto FreeAllocatedMem;
3031 if (strcmp(oparams->user, oparams->authid)) {
3032 if (add_to_challenge(params->utils,
3033 &text->out_buf, &text->out_buf_len, &resplen,
3034 "authzid", (char *) oparams->user, TRUE) != SASL_OK) {
3036 goto FreeAllocatedMem;
3039 if (add_to_challenge(params->utils,
3040 &text->out_buf, &text->out_buf_len, &resplen,
3041 "nonce", text->nonce, TRUE) != SASL_OK) {
3043 goto FreeAllocatedMem;
3045 if (add_to_challenge(params->utils,
3046 &text->out_buf, &text->out_buf_len, &resplen,
3047 "cnonce", text->cnonce, TRUE) != SASL_OK) {
3049 goto FreeAllocatedMem;
3051 snprintf(ncvalue, sizeof(ncvalue), "%08x", text->nonce_count);
3052 if (add_to_challenge(params->utils,
3053 &text->out_buf, &text->out_buf_len, &resplen,
3054 "nc", (unsigned char *) ncvalue, FALSE) != SASL_OK) {
3056 goto FreeAllocatedMem;
3058 if (add_to_challenge(params->utils,
3059 &text->out_buf, &text->out_buf_len, &resplen,
3060 "qop", (unsigned char *) qop, FALSE) != SASL_OK) {
3062 goto FreeAllocatedMem;
3064 if (ctext->cipher != NULL) {
3065 if (add_to_challenge(params->utils,
3066 &text->out_buf, &text->out_buf_len, &resplen,
3068 (unsigned char *) ctext->cipher->name,
3069 FALSE) != SASL_OK) {
3071 goto FreeAllocatedMem;
3075 if (params->props.maxbufsize) {
3076 snprintf(maxbufstr, sizeof(maxbufstr), "%d", params->props.maxbufsize);
3077 if (add_to_challenge(params->utils,
3078 &text->out_buf, &text->out_buf_len, &resplen,
3079 "maxbuf", (unsigned char *) maxbufstr,
3080 FALSE) != SASL_OK) {
3081 SETERROR(params->utils,
3082 "internal error: add_to_challenge maxbuf failed");
3083 goto FreeAllocatedMem;
3088 if (add_to_challenge(params->utils,
3089 &text->out_buf, &text->out_buf_len, &resplen,
3090 "charset", (unsigned char *) "utf-8",
3091 FALSE) != SASL_OK) {
3093 goto FreeAllocatedMem;
3096 if (add_to_challenge(params->utils,
3097 &text->out_buf, &text->out_buf_len, &resplen,
3098 "digest-uri", digesturi, TRUE) != SASL_OK) {
3100 goto FreeAllocatedMem;
3102 if (add_to_challenge(params->utils,
3103 &text->out_buf, &text->out_buf_len, &resplen,
3104 "response", (unsigned char *) response,
3105 FALSE) != SASL_OK) {
3108 goto FreeAllocatedMem;
3112 if (strlen(text->out_buf) > 2048) {
3114 goto FreeAllocatedMem;
3118 oparams->maxoutbuf = ctext->server_maxbuf;
3119 if(oparams->mech_ssf > 1) {
3120 /* MAC block (privacy) */
3121 oparams->maxoutbuf -= 25;
3122 } else if(oparams->mech_ssf == 1) {
3123 /* MAC block (integrity) */
3124 oparams->maxoutbuf -= 16;
3127 text->seqnum = 0; /* for integrity/privacy */
3128 text->rec_seqnum = 0; /* for integrity/privacy */
3129 text->utils = params->utils;
3131 /* used by layers */
3132 _plug_decode_init(&text->decode_context, text->utils,
3133 params->props.maxbufsize ? params->props.maxbufsize :
3136 if (oparams->mech_ssf > 0) {
3140 create_layer_keys(text, params->utils, text->HA1, nbits,
3143 /* initialize cipher if need be */
3144 if (text->cipher_init)
3145 text->cipher_init(text, enckey, deckey);
3151 if (digesturi) params->utils->free(digesturi);
3152 if (response) params->utils->free(response);
3157 static int parse_server_challenge(client_context_t *ctext,
3158 sasl_client_params_t *params,
3159 const char *serverin, unsigned serverinlen,
3160 char ***outrealms, int *noutrealm)
3162 context_t *text = (context_t *) ctext;
3163 int result = SASL_OK;
3164 char *in_start = NULL;
3166 char **realms = NULL;
3168 sasl_ssf_t limit, musthave = 0;
3169 sasl_ssf_t external;
3172 int maxbuf_count = 0;
3173 bool IsUTF8 = FALSE;
3174 int algorithm_count = 0;
3176 if (!serverin || !serverinlen) {
3177 params->utils->seterror(params->utils->conn, 0,
3178 "no server challenge");
3182 in_start = in = params->utils->malloc(serverinlen + 1);
3183 if (in == NULL) return SASL_NOMEM;
3185 memcpy(in, serverin, serverinlen);
3186 in[serverinlen] = 0;
3188 ctext->server_maxbuf = 65536; /* Default value for maxbuf */
3190 /* create a new cnonce */
3191 text->cnonce = create_nonce(params->utils);
3192 if (text->cnonce == NULL) {
3193 params->utils->seterror(params->utils->conn, 0,
3194 "failed to create cnonce");
3196 goto FreeAllocatedMem;
3199 /* parse the challenge */
3200 while (in[0] != '\0') {
3203 get_pair(&in, &name, &value);
3205 /* if parse error */
3207 params->utils->seterror(params->utils->conn, 0, "Parse error");
3209 goto FreeAllocatedMem;
3212 if (strcasecmp(name, "realm") == 0) {
3216 realms = params->utils->malloc(sizeof(char *) * (nrealm + 1));
3218 realms = params->utils->realloc(realms,
3219 sizeof(char *) * (nrealm + 1));
3221 if (realms == NULL) {
3222 result = SASL_NOMEM;
3223 goto FreeAllocatedMem;
3226 _plug_strdup(params->utils, value, &realms[nrealm-1], NULL);
3227 realms[nrealm] = NULL;
3228 } else if (strcasecmp(name, "nonce") == 0) {
3229 _plug_strdup(params->utils, value, (char **) &text->nonce,
3231 text->nonce_count = 1;
3232 } else if (strcasecmp(name, "qop") == 0) {
3233 while (value && *value) {
3238 /* skipping spaces: */
3239 value = skip_lws(value);
3240 if (*value == '\0') {
3244 /* check for an extreme case when there is no data: LWSP ',' */
3245 if (*value == ',') {
3247 goto SKIP_SPACES_IN_QOP;
3250 comma = strchr(value, ',');
3252 if (comma != NULL) {
3256 /* skip LWSP at the end of the value (if any), skip_r_lws returns pointer to
3257 the first LWSP character, NUL (if there were none) or NULL if the value
3258 is entirely from LWSP characters */
3259 end_val = skip_r_lws (value);
3260 if (end_val == NULL) {
3268 if (strcasecmp(value, "auth-conf") == 0) {
3269 protection |= DIGEST_PRIVACY;
3270 } else if (strcasecmp(value, "auth-int") == 0) {
3271 protection |= DIGEST_INTEGRITY;
3272 } else if (strcasecmp(value, "auth") == 0) {
3273 protection |= DIGEST_NOLAYER;
3275 params->utils->log(params->utils->conn, SASL_LOG_DEBUG,
3276 "Server supports unknown layer: %s\n",
3283 if (protection == 0) {
3284 result = SASL_BADAUTH;
3285 params->utils->seterror(params->utils->conn, 0,
3286 "Server doesn't support any known qop level");
3287 goto FreeAllocatedMem;
3289 } else if (strcasecmp(name, "cipher") == 0) {
3290 while (value && *value) {
3291 struct digest_cipher *cipher = available_ciphers;
3295 SKIP_SPACES_IN_CIPHER:
3296 /* skipping spaces: */
3297 value = skip_lws(value);
3298 if (*value == '\0') {
3302 /* check for an extreme case when there is no data: LWSP ',' */
3303 if (*value == ',') {
3305 goto SKIP_SPACES_IN_CIPHER;
3308 comma = strchr(value, ',');
3310 if (comma != NULL) {
3314 /* skip LWSP at the end of the value, skip_r_lws returns pointer to
3315 the first LWSP character or NULL */
3316 end_val = skip_r_lws (value);
3317 if (end_val == NULL) {
3325 /* do we support this cipher? */
3326 while (cipher->name) {
3327 if (!strcasecmp(value, cipher->name)) break;
3331 ciphers |= cipher->flag;
3333 params->utils->log(params->utils->conn, SASL_LOG_DEBUG,
3334 "Server supports unknown cipher: %s\n",
3340 } else if (strcasecmp(name, "stale") == 0 && ctext->password) {
3341 /* clear any cached password */
3342 if (ctext->free_password)
3343 _plug_free_secret(params->utils, &ctext->password);
3344 ctext->password = NULL;
3345 } else if (strcasecmp(name, "maxbuf") == 0) {
3346 /* maxbuf A number indicating the size of the largest
3347 * buffer the server is able to receive when using
3348 * "auth-int". If this directive is missing, the default
3349 * value is 65536. This directive may appear at most once;
3350 * if multiple instances are present, the client should
3351 * abort the authentication exchange.
3355 if (maxbuf_count != 1) {
3356 result = SASL_BADAUTH;
3357 params->utils->seterror(params->utils->conn, 0,
3358 "At least two maxbuf directives found. Authentication aborted");
3359 goto FreeAllocatedMem;
3362 if (str2ul32 (value, &ctext->server_maxbuf) == FALSE) {
3363 result = SASL_BADAUTH;
3364 params->utils->seterror(params->utils->conn, 0,
3365 "Invalid maxbuf parameter received from server (%s)", value);
3366 goto FreeAllocatedMem;
3369 if (ctext->server_maxbuf <= 16) {
3370 result = SASL_BADAUTH;
3371 params->utils->seterror(params->utils->conn, 0,
3372 "Invalid maxbuf parameter received from server (too small: %s)", value);
3373 goto FreeAllocatedMem;
3376 if (ctext->server_maxbuf > MAX_SASL_BUFSIZE) {
3377 result = SASL_BADAUTH;
3378 params->utils->seterror(params->utils->conn, 0,
3379 "Invalid maxbuf parameter received from server (too big: %s)", value);
3380 goto FreeAllocatedMem;
3382 } else if (strcasecmp(name, "charset") == 0) {
3383 if (strcasecmp(value, "utf-8") != 0) {
3384 result = SASL_BADAUTH;
3385 params->utils->seterror(params->utils->conn, 0,
3386 "Charset must be UTF-8");
3387 goto FreeAllocatedMem;
3391 } else if (strcasecmp(name,"algorithm")==0) {
3392 if (strcasecmp(value, "md5-sess") != 0)
3394 params->utils->seterror(params->utils->conn, 0,
3395 "'algorithm' isn't 'md5-sess'");
3397 goto FreeAllocatedMem;
3401 if (algorithm_count > 1)
3403 params->utils->seterror(params->utils->conn, 0,
3404 "Must see 'algorithm' only once");
3406 goto FreeAllocatedMem;
3409 params->utils->log(params->utils->conn, SASL_LOG_DEBUG,
3410 "DIGEST-MD5 unrecognized pair %s/%s: ignoring",
3415 if (algorithm_count != 1) {
3416 params->utils->seterror(params->utils->conn, 0,
3417 "Must see 'algorithm' once. Didn't see at all");
3419 goto FreeAllocatedMem;
3422 /* make sure we have everything we require */
3423 if (text->nonce == NULL) {
3424 params->utils->seterror(params->utils->conn, 0,
3425 "Don't have nonce.");
3427 goto FreeAllocatedMem;
3430 /* get requested ssf */
3431 external = params->external_ssf;
3433 /* what do we _need_? how much is too much? */
3434 if (params->props.maxbufsize == 0) {
3438 if (params->props.max_ssf > external) {
3439 limit = params->props.max_ssf - external;
3443 if (params->props.min_ssf > external) {
3444 musthave = params->props.min_ssf - external;
3450 /* we now go searching for an option that gives us at least "musthave"
3451 and at most "limit" bits of ssf. */
3452 if ((limit > 1) && (protection & DIGEST_PRIVACY)) {
3453 struct digest_cipher *cipher;
3455 /* let's find an encryption scheme that we like */
3456 cipher = available_ciphers;
3457 while (cipher->name) {
3458 /* examine each cipher we support, see if it meets our security
3459 requirements, and see if the server supports it.
3460 choose the best one of these */
3461 if ((limit >= cipher->ssf) && (musthave <= cipher->ssf) &&
3462 (ciphers & cipher->flag) &&
3463 (!ctext->cipher || (cipher->ssf > ctext->cipher->ssf))) {
3464 ctext->cipher = cipher;
3469 if (ctext->cipher) {
3470 /* we found a cipher we like */
3471 ctext->protection = DIGEST_PRIVACY;
3473 /* we didn't find any ciphers we like */
3474 params->utils->seterror(params->utils->conn, 0,
3475 "No good privacy layers");
3479 if (ctext->cipher == NULL) {
3480 /* we failed to find an encryption layer we liked;
3481 can we use integrity or nothing? */
3483 if ((limit >= 1) && (musthave <= 1)
3484 && (protection & DIGEST_INTEGRITY)) {
3486 ctext->protection = DIGEST_INTEGRITY;
3487 } else if (musthave <= 0) {
3489 ctext->protection = DIGEST_NOLAYER;
3491 /* See if server supports not having a layer */
3492 if ((protection & DIGEST_NOLAYER) != DIGEST_NOLAYER) {
3493 params->utils->seterror(params->utils->conn, 0,
3494 "Server doesn't support \"no layer\"");
3496 goto FreeAllocatedMem;
3499 params->utils->seterror(params->utils->conn, 0,
3500 "Can't find an acceptable layer");
3501 result = SASL_TOOWEAK;
3502 goto FreeAllocatedMem;
3506 *outrealms = realms;
3507 *noutrealm = nrealm;
3510 if (in_start) params->utils->free(in_start);
3512 if (result != SASL_OK && realms) {
3515 /* need to free all the realms */
3516 for (lup = 0;lup < nrealm; lup++)
3517 params->utils->free(realms[lup]);
3519 params->utils->free(realms);
3525 static int ask_user_info(client_context_t *ctext,
3526 sasl_client_params_t *params,
3527 char **realms, int nrealm,
3528 sasl_interact_t **prompt_need,
3529 sasl_out_params_t *oparams)
3531 context_t *text = (context_t *) ctext;
3532 int result = SASL_OK;
3533 const char *authid = NULL, *userid = NULL, *realm = NULL;
3534 char *realm_chal = NULL;
3535 int user_result = SASL_OK;
3536 int auth_result = SASL_OK;
3537 int pass_result = SASL_OK;
3538 int realm_result = SASL_FAIL;
3542 /* try to get the authid */
3543 if (oparams->authid == NULL) {
3544 auth_result = _plug_get_authid(params->utils, &authid, prompt_need);
3546 if ((auth_result != SASL_OK) && (auth_result != SASL_INTERACT)) {
3551 /* try to get the userid */
3552 if (oparams->user == NULL) {
3553 user_result = _plug_get_userid(params->utils, &userid, prompt_need);
3555 if ((user_result != SASL_OK) && (user_result != SASL_INTERACT)) {
3560 /* try to get the password */
3561 if (ctext->password == NULL) {
3562 pass_result = _plug_get_password(params->utils, &ctext->password,
3563 &ctext->free_password, prompt_need);
3564 if ((pass_result != SASL_OK) && (pass_result != SASL_INTERACT)) {
3569 /* try to get the realm */
3570 if (text->realm == NULL) {
3573 /* only one choice */
3575 realm_result = SASL_OK;
3578 realm_result = _plug_get_realm(params->utils,
3579 (const char **) realms,
3580 (const char **) &realm,
3585 /* fake the realm if we must */
3586 if ((realm_result != SASL_OK) && (realm_result != SASL_INTERACT)) {
3587 if (params->serverFQDN) {
3588 realm = params->serverFQDN;
3590 return realm_result;
3595 /* free prompts we got */
3596 if (prompt_need && *prompt_need) {
3597 params->utils->free(*prompt_need);
3598 *prompt_need = NULL;
3601 /* if there are prompts not filled in */
3602 if ((user_result == SASL_INTERACT) || (auth_result == SASL_INTERACT) ||
3603 (pass_result == SASL_INTERACT) || (realm_result == SASL_INTERACT)) {
3605 /* make our default realm */
3606 if (realm_result == SASL_INTERACT) {
3608 len = strlen(REALM_CHAL_PREFIX);
3609 for (i = 0; i < nrealm; i++) {
3610 len += strlen(realms[i]) + 4 /* " {}," */;
3612 realm_chal = params->utils->malloc(len + 1);
3613 strcpy (realm_chal, REALM_CHAL_PREFIX);
3614 for (i = 0; i < nrealm; i++) {
3615 strcat (realm_chal, " {");
3616 strcat (realm_chal, realms[i]);
3617 strcat (realm_chal, "},");
3619 /* Replace the terminating comma with dot */
3620 realm_chal[len-1] = '.';
3622 } else if (params->serverFQDN) {
3623 realm_chal = params->utils->malloc(3+strlen(params->serverFQDN));
3625 sprintf(realm_chal, "{%s}", params->serverFQDN);
3632 /* make the prompt list */
3634 _plug_make_prompts(params->utils, prompt_need,
3635 user_result == SASL_INTERACT ?
3636 "Please enter your authorization name" : NULL,
3638 auth_result == SASL_INTERACT ?
3639 "Please enter your authentication name" : NULL,
3641 pass_result == SASL_INTERACT ?
3642 "Please enter your password" : NULL, NULL,
3644 realm_chal ? realm_chal : "{}",
3645 realm_result == SASL_INTERACT ?
3646 "Please enter your realm" : NULL,
3647 params->serverFQDN ? params->serverFQDN : NULL);
3649 if (result == SASL_OK) return SASL_INTERACT;
3654 if (oparams->authid == NULL) {
3655 if (!userid || !*userid) {
3656 result = params->canon_user(params->utils->conn, authid, 0,
3657 SASL_CU_AUTHID | SASL_CU_AUTHZID,
3661 result = params->canon_user(params->utils->conn,
3662 authid, 0, SASL_CU_AUTHID, oparams);
3663 if (result != SASL_OK) return result;
3665 result = params->canon_user(params->utils->conn,
3666 userid, 0, SASL_CU_AUTHZID, oparams);
3668 if (result != SASL_OK) return result;
3671 /* Get an allocated version of the realm into the structure */
3672 if (realm && text->realm == NULL) {
3673 _plug_strdup(params->utils, realm, (char **) &text->realm, NULL);
3679 static int digestmd5_client_mech_new(void *glob_context,
3680 sasl_client_params_t * params,
3681 void **conn_context)
3685 /* holds state are in -- allocate client size */
3686 text = params->utils->malloc(sizeof(client_context_t));
3689 memset(text, 0, sizeof(client_context_t));
3692 text->i_am = CLIENT;
3693 text->reauth = ((digest_glob_context_t *) glob_context)->reauth;
3695 *conn_context = text;
3701 digestmd5_client_mech_step1(client_context_t *ctext,
3702 sasl_client_params_t *params,
3703 const char *serverin __attribute__((unused)),
3704 unsigned serverinlen __attribute__((unused)),
3705 sasl_interact_t **prompt_need,
3706 const char **clientout,
3707 unsigned *clientoutlen,
3708 sasl_out_params_t *oparams)
3710 context_t *text = (context_t *) ctext;
3711 int result = SASL_FAIL;
3714 params->utils->log(params->utils->conn, SASL_LOG_DEBUG,
3715 "DIGEST-MD5 client step 1");
3717 result = ask_user_info(ctext, params, NULL, 0, prompt_need, oparams);
3718 if (result != SASL_OK) return result;
3720 /* check if we have cached info for this user on this server */
3721 val = hash(params->serverFQDN) % text->reauth->size;
3722 if (params->utils->mutex_lock(text->reauth->mutex) == SASL_OK) { /* LOCK */
3723 if (text->reauth->e[val].u.c.serverFQDN &&
3724 !strcasecmp(text->reauth->e[val].u.c.serverFQDN,
3725 params->serverFQDN) &&
3726 !strcmp(text->reauth->e[val].authid, oparams->authid)) {
3728 /* we have info, so use it */
3729 _plug_strdup(params->utils, text->reauth->e[val].realm,
3730 &text->realm, NULL);
3731 _plug_strdup(params->utils, text->reauth->e[val].nonce,
3732 (char **) &text->nonce, NULL);
3733 text->nonce_count = ++text->reauth->e[val].nonce_count;
3734 _plug_strdup(params->utils, text->reauth->e[val].cnonce,
3735 (char **) &text->cnonce, NULL);
3736 ctext->protection = text->reauth->e[val].u.c.protection;
3737 ctext->cipher = text->reauth->e[val].u.c.cipher;
3738 ctext->server_maxbuf = text->reauth->e[val].u.c.server_maxbuf;
3740 params->utils->mutex_unlock(text->reauth->mutex); /* UNLOCK */
3744 /* we don't have any reauth info, so just return
3745 * that there is no initial client send */
3747 return SASL_CONTINUE;
3751 * (username | realm | nonce | cnonce | nonce-count | qop digest-uri |
3752 * response | maxbuf | charset | auth-param )
3755 result = make_client_response(text, params, oparams);
3756 if (result != SASL_OK) return result;
3758 *clientoutlen = strlen(text->out_buf);
3759 *clientout = text->out_buf;
3762 return SASL_CONTINUE;
3765 static int digestmd5_client_mech_step2(client_context_t *ctext,
3766 sasl_client_params_t *params,
3767 const char *serverin,
3768 unsigned serverinlen,
3769 sasl_interact_t **prompt_need,
3770 const char **clientout,
3771 unsigned *clientoutlen,
3772 sasl_out_params_t *oparams)
3774 context_t *text = (context_t *) ctext;
3775 int result = SASL_FAIL;
3776 char **realms = NULL;
3779 params->utils->log(params->utils->conn, SASL_LOG_DEBUG,
3780 "DIGEST-MD5 client step 2");
3782 if (params->props.min_ssf > params->props.max_ssf) {
3783 return SASL_BADPARAM;
3786 /* don't bother parsing the challenge more than once */
3787 if (text->nonce == NULL) {
3788 result = parse_server_challenge(ctext, params, serverin, serverinlen,
3790 if (result != SASL_OK) goto FreeAllocatedMem;
3793 /* only one choice! */
3794 text->realm = realms[0];
3797 params->utils->free(realms);
3800 /* Save realms for later use */
3801 text->realms = realms;
3802 text->realm_cnt = nrealm;
3805 /* Restore the list of realms */
3806 realms = text->realms;
3807 nrealm = text->realm_cnt;
3810 result = ask_user_info(ctext, params, realms, nrealm,
3811 prompt_need, oparams);
3812 if (result != SASL_OK) goto FreeAllocatedMem;
3815 * (username | realm | nonce | cnonce | nonce-count | qop | digest-uri |
3816 * response | maxbuf | charset | auth-param )
3819 result = make_client_response(text, params, oparams);
3820 if (result != SASL_OK) goto FreeAllocatedMem;
3822 *clientoutlen = strlen(text->out_buf);
3823 *clientout = text->out_buf;
3827 result = SASL_CONTINUE;
3834 digestmd5_client_mech_step3(client_context_t *ctext,
3835 sasl_client_params_t *params,
3836 const char *serverin,
3837 unsigned serverinlen,
3838 sasl_interact_t **prompt_need __attribute__((unused)),
3839 const char **clientout __attribute__((unused)),
3840 unsigned *clientoutlen __attribute__((unused)),
3841 sasl_out_params_t *oparams)
3843 context_t *text = (context_t *) ctext;
3846 int result = SASL_FAIL;
3848 params->utils->log(params->utils->conn, SASL_LOG_DEBUG,
3849 "DIGEST-MD5 client step 3");
3851 /* Verify that server is really what he claims to be */
3852 in_start = in = params->utils->malloc(serverinlen + 1);
3853 if (in == NULL) return SASL_NOMEM;
3855 memcpy(in, serverin, serverinlen);
3856 in[serverinlen] = 0;
3858 /* parse the response */
3859 while (in[0] != '\0') {
3861 get_pair(&in, &name, &value);
3864 params->utils->seterror(params->utils->conn, 0,
3865 "DIGEST-MD5 Received Garbage");
3869 if (strcasecmp(name, "rspauth") == 0) {
3871 if (strcmp(text->response_value, value) != 0) {
3872 params->utils->seterror(params->utils->conn, 0,
3873 "DIGEST-MD5: This server wants us to believe that he knows shared secret");
3874 result = SASL_BADSERV;
3876 oparams->doneflag = 1;
3877 oparams->param_version = 0;
3883 params->utils->log(params->utils->conn, SASL_LOG_DEBUG,
3884 "DIGEST-MD5 unrecognized pair %s/%s: ignoring",
3889 params->utils->free(in_start);
3891 if (params->utils->mutex_lock(text->reauth->mutex) == SASL_OK) { /* LOCK */
3892 unsigned val = hash(params->serverFQDN) % text->reauth->size;
3895 if (text->nonce_count == 1) {
3896 /* successful initial auth, setup for future reauth */
3897 clear_reauth_entry(&text->reauth->e[val], CLIENT, params->utils);
3898 _plug_strdup(params->utils, oparams->authid,
3899 &text->reauth->e[val].authid, NULL);
3900 text->reauth->e[val].realm = text->realm; text->realm = NULL;
3901 text->reauth->e[val].nonce = text->nonce; text->nonce = NULL;
3902 text->reauth->e[val].nonce_count = text->nonce_count;
3903 text->reauth->e[val].cnonce = text->cnonce; text->cnonce = NULL;
3904 _plug_strdup(params->utils, params->serverFQDN,
3905 &text->reauth->e[val].u.c.serverFQDN, NULL);
3906 text->reauth->e[val].u.c.protection = ctext->protection;
3907 text->reauth->e[val].u.c.cipher = ctext->cipher;
3908 text->reauth->e[val].u.c.server_maxbuf = ctext->server_maxbuf;
3911 /* reauth, we already incremented nonce_count */
3915 if (text->nonce_count > 1) {
3916 /* failed reauth, clear cache */
3917 clear_reauth_entry(&text->reauth->e[val], CLIENT, params->utils);
3920 /* failed initial auth, leave existing cache */
3923 params->utils->mutex_unlock(text->reauth->mutex); /* UNLOCK */
3929 static int digestmd5_client_mech_step(void *conn_context,
3930 sasl_client_params_t *params,
3931 const char *serverin,
3932 unsigned serverinlen,
3933 sasl_interact_t **prompt_need,
3934 const char **clientout,
3935 unsigned *clientoutlen,
3936 sasl_out_params_t *oparams)
3938 context_t *text = (context_t *) conn_context;
3939 client_context_t *ctext = (client_context_t *) conn_context;
3940 unsigned val = hash(params->serverFQDN) % text->reauth->size;
3942 if (serverinlen > 2048) return SASL_BADPROT;
3947 switch (text->state) {
3951 /* here's where we attempt fast reauth if possible */
3954 /* check if we have saved info for this server */
3955 if (params->utils->mutex_lock(text->reauth->mutex) == SASL_OK) { /* LOCK */
3956 reauth = text->reauth->e[val].u.c.serverFQDN &&
3957 !strcasecmp(text->reauth->e[val].u.c.serverFQDN,
3958 params->serverFQDN);
3959 params->utils->mutex_unlock(text->reauth->mutex); /* UNLOCK */
3962 return digestmd5_client_mech_step1(ctext, params,
3963 serverin, serverinlen,
3965 clientout, clientoutlen,
3969 /* we don't have any reauth info, so just return
3970 * that there is no initial client send */
3972 return SASL_CONTINUE;
3976 /* fall through and respond to challenge */
3979 if (serverin && !strncasecmp(serverin, "rspauth=", 8)) {
3980 return digestmd5_client_mech_step3(ctext, params,
3981 serverin, serverinlen,
3983 clientout, clientoutlen,
3987 /* fall through and respond to challenge */
3990 /* cleanup after a failed reauth attempt */
3991 if (params->utils->mutex_lock(text->reauth->mutex) == SASL_OK) { /* LOCK */
3992 clear_reauth_entry(&text->reauth->e[val], CLIENT, params->utils);
3994 params->utils->mutex_unlock(text->reauth->mutex); /* UNLOCK */
3997 if (text->realm) params->utils->free(text->realm);
3998 if (text->nonce) params->utils->free(text->nonce);
3999 if (text->cnonce) params->utils->free(text->cnonce);
4000 text->realm = text->nonce = text->cnonce = NULL;
4001 ctext->cipher = NULL;
4004 return digestmd5_client_mech_step2(ctext, params,
4005 serverin, serverinlen,
4007 clientout, clientoutlen,
4011 params->utils->log(NULL, SASL_LOG_ERR,
4012 "Invalid DIGEST-MD5 client step %d\n", text->state);
4016 return SASL_FAIL; /* should never get here */
4019 static void digestmd5_client_mech_dispose(void *conn_context,
4020 const sasl_utils_t *utils)
4022 client_context_t *ctext = (client_context_t *) conn_context;
4024 if (!ctext || !utils) return;
4026 if (ctext->free_password) _plug_free_secret(utils, &ctext->password);
4028 digestmd5_common_mech_dispose(conn_context, utils);
4031 static sasl_client_plug_t digestmd5_client_plugins[] =
4035 #ifdef WITH_RC4 /* mech_name */
4042 SASL_SEC_NOPLAINTEXT
4043 | SASL_SEC_NOANONYMOUS
4044 | SASL_SEC_MUTUAL_AUTH, /* security_flags */
4045 SASL_FEAT_NEEDSERVERFQDN
4046 | SASL_FEAT_ALLOWS_PROXY, /* features */
4047 NULL, /* required_prompts */
4048 &client_glob_context, /* glob_context */
4049 &digestmd5_client_mech_new, /* mech_new */
4050 &digestmd5_client_mech_step, /* mech_step */
4051 &digestmd5_client_mech_dispose, /* mech_dispose */
4052 &digestmd5_common_mech_free, /* mech_free */
4059 int digestmd5_client_plug_init(sasl_utils_t *utils,
4062 sasl_client_plug_t **pluglist,
4065 reauth_cache_t *reauth_cache;
4067 if (maxversion < SASL_CLIENT_PLUG_VERSION)
4068 return SASL_BADVERS;
4071 reauth_cache = utils->malloc(sizeof(reauth_cache_t));
4072 if (reauth_cache == NULL)
4074 memset(reauth_cache, 0, sizeof(reauth_cache_t));
4075 reauth_cache->i_am = CLIENT;
4078 reauth_cache->mutex = utils->mutex_alloc();
4079 if (!reauth_cache->mutex)
4083 reauth_cache->size = 10;
4084 reauth_cache->e = utils->malloc(reauth_cache->size *
4085 sizeof(reauth_entry_t));
4086 if (reauth_cache->e == NULL)
4088 memset(reauth_cache->e, 0, reauth_cache->size * sizeof(reauth_entry_t));
4090 ((digest_glob_context_t *) digestmd5_client_plugins[0].glob_context)->reauth = reauth_cache;
4092 *out_version = SASL_CLIENT_PLUG_VERSION;
4093 *pluglist = digestmd5_client_plugins;
projects / cyrus-sasl.git / blob