aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorSteve Holme <steve_holme@hotmail.com>2014-04-02 20:53:43 +0100
committerSteve Holme <steve_holme@hotmail.com>2014-04-05 23:09:04 +0100
commit3a92de56362dcf39895e3781429fcc4c6877105b (patch)
tree5b20f8ce0a9901d188eadc9664f1cc580528161e
parent45d3f0080398d477a830549254e273359865fd41 (diff)
sasl: Combined DIGEST-MD5 message decoding and generation
-rw-r--r--lib/curl_sasl.c33
-rw-r--r--lib/curl_sasl.h13
-rw-r--r--lib/imap.c40
-rw-r--r--lib/pop3.c40
-rw-r--r--lib/smtp.c38
5 files changed, 73 insertions, 91 deletions
diff --git a/lib/curl_sasl.c b/lib/curl_sasl.c
index 648daed55..8d1658586 100644
--- a/lib/curl_sasl.c
+++ b/lib/curl_sasl.c
@@ -264,9 +264,10 @@ CURLcode Curl_sasl_create_cram_md5_message(struct SessionHandle *data,
}
/*
- * Curl_sasl_decode_digest_md5_message()
+ * sasl_decode_digest_md5_message()
*
- * This is used to decode an already encoded DIGEST-MD5 challenge message.
+ * This is used internally to decode an already encoded DIGEST-MD5 challenge
+ * message into the seperate attributes.
*
* Parameters:
*
@@ -280,10 +281,10 @@ CURLcode Curl_sasl_create_cram_md5_message(struct SessionHandle *data,
*
* Returns CURLE_OK on success.
*/
-CURLcode Curl_sasl_decode_digest_md5_message(const char *chlg64,
- char *nonce, size_t nlen,
- char *realm, size_t rlen,
- char *alg, size_t alen)
+static CURLcode sasl_decode_digest_md5_message(const char *chlg64,
+ char *nonce, size_t nlen,
+ char *realm, size_t rlen,
+ char *alg, size_t alen)
{
CURLcode result = CURLE_OK;
unsigned char *chlg = NULL;
@@ -332,8 +333,7 @@ CURLcode Curl_sasl_decode_digest_md5_message(const char *chlg64,
* Parameters:
*
* data [in] - The session handle.
- * nonce [in] - The nonce.
- * realm [in] - The realm.
+ * chlg64 [in] - Pointer to the base64 encoded challenge message.
* userp [in] - The user name.
* passdwp [in] - The user's password.
* service [in] - The service type such as www, smtp, pop or imap.
@@ -344,8 +344,7 @@ CURLcode Curl_sasl_decode_digest_md5_message(const char *chlg64,
* Returns CURLE_OK on success.
*/
CURLcode Curl_sasl_create_digest_md5_message(struct SessionHandle *data,
- const char *nonce,
- const char *realm,
+ const char *chlg64,
const char *userp,
const char *passwdp,
const char *service,
@@ -363,12 +362,26 @@ CURLcode Curl_sasl_create_digest_md5_message(struct SessionHandle *data,
char HA2_hex[2 * MD5_DIGEST_LEN + 1];
char resp_hash_hex[2 * MD5_DIGEST_LEN + 1];
+ char nonce[64];
+ char realm[128];
+ char algorithm[64];
char nonceCount[] = "00000001";
char cnonce[] = "12345678"; /* will be changed */
char method[] = "AUTHENTICATE";
char qop[] = "auth";
char uri[128];
+ /* Decode the challange message */
+ result = sasl_decode_digest_md5_message(chlg64, nonce, sizeof(nonce),
+ realm, sizeof(realm),
+ algorithm, sizeof(algorithm));
+ if(result)
+ return result;
+
+ /* We only support md5 sessions */
+ if(strcmp(algorithm, "md5-sess") != 0)
+ return CURLE_BAD_CONTENT_ENCODING;
+
#ifndef DEBUGBUILD
/* Generate 64 bits of random data */
for(i = 0; i < 8; i++)
diff --git a/lib/curl_sasl.h b/lib/curl_sasl.h
index 120e551d5..25ebfe8f2 100644
--- a/lib/curl_sasl.h
+++ b/lib/curl_sasl.h
@@ -7,7 +7,7 @@
* | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____|
*
- * Copyright (C) 2012 - 2013, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 2012 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
@@ -77,17 +77,10 @@ CURLcode Curl_sasl_create_cram_md5_message(struct SessionHandle *data,
const char *passwdp,
char **outptr, size_t *outlen);
-/* This is used to decode a base64 encoded DIGEST-MD5 challange message */
-CURLcode Curl_sasl_decode_digest_md5_message(const char *chlg64,
- char *nonce, size_t nlen,
- char *realm, size_t rlen,
- char *alg, size_t alen);
-
/* This is used to generate a base64 encoded DIGEST-MD5 response message */
CURLcode Curl_sasl_create_digest_md5_message(struct SessionHandle *data,
- const char *nonce,
- const char *realm,
- const char *user,
+ const char *chlg64,
+ const char *userp,
const char *passwdp,
const char *service,
char **outptr, size_t *outlen);
diff --git a/lib/imap.c b/lib/imap.c
index 6f7238385..a3dd49926 100644
--- a/lib/imap.c
+++ b/lib/imap.c
@@ -5,7 +5,7 @@
* | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____|
*
- * Copyright (C) 1998 - 2013, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
@@ -1110,10 +1110,6 @@ static CURLcode imap_state_auth_digest_resp(struct connectdata *conn,
char *rplyb64 = NULL;
size_t len = 0;
- char nonce[64];
- char realm[128];
- char algorithm[64];
-
(void)instate; /* no use for this yet */
if(imapcode != '+') {
@@ -1124,29 +1120,25 @@ static CURLcode imap_state_auth_digest_resp(struct connectdata *conn,
/* Get the challenge message */
imap_get_message(data->state.buffer, &chlg64);
- /* Decode the challange message */
- result = Curl_sasl_decode_digest_md5_message(chlg64, nonce, sizeof(nonce),
- realm, sizeof(realm),
- algorithm, sizeof(algorithm));
- if(result || strcmp(algorithm, "md5-sess") != 0) {
- /* Send the cancellation */
- result = Curl_pp_sendf(&conn->proto.imapc.pp, "%s", "*");
+ /* Create the response message */
+ result = Curl_sasl_create_digest_md5_message(data, chlg64,
+ conn->user, conn->passwd,
+ "imap", &rplyb64, &len);
+ if(result) {
+ if(result == CURLE_BAD_CONTENT_ENCODING) {
+ /* Send the cancellation */
+ result = Curl_pp_sendf(&conn->proto.imapc.pp, "%s", "*");
- if(!result)
- state(conn, IMAP_AUTHENTICATE_CANCEL);
+ if(!result)
+ state(conn, IMAP_AUTHENTICATE_CANCEL);
+ }
}
else {
- /* Create the response message */
- result = Curl_sasl_create_digest_md5_message(data, nonce, realm,
- conn->user, conn->passwd,
- "imap", &rplyb64, &len);
- if(!result && rplyb64) {
- /* Send the response */
- result = Curl_pp_sendf(&conn->proto.imapc.pp, "%s", rplyb64);
+ /* Send the response */
+ result = Curl_pp_sendf(&conn->proto.imapc.pp, "%s", rplyb64);
- if(!result)
- state(conn, IMAP_AUTHENTICATE_DIGESTMD5_RESP);
- }
+ if(!result)
+ state(conn, IMAP_AUTHENTICATE_DIGESTMD5_RESP);
}
Curl_safefree(rplyb64);
diff --git a/lib/pop3.c b/lib/pop3.c
index 2716cec65..d33ca0fe5 100644
--- a/lib/pop3.c
+++ b/lib/pop3.c
@@ -5,7 +5,7 @@
* | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____|
*
- * Copyright (C) 1998 - 2013, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
@@ -978,10 +978,6 @@ static CURLcode pop3_state_auth_digest_resp(struct connectdata *conn,
char *rplyb64 = NULL;
size_t len = 0;
- char nonce[64];
- char realm[128];
- char algorithm[64];
-
(void)instate; /* no use for this yet */
if(pop3code != '+') {
@@ -992,29 +988,25 @@ static CURLcode pop3_state_auth_digest_resp(struct connectdata *conn,
/* Get the challenge message */
pop3_get_message(data->state.buffer, &chlg64);
- /* Decode the challange message */
- result = Curl_sasl_decode_digest_md5_message(chlg64, nonce, sizeof(nonce),
- realm, sizeof(realm),
- algorithm, sizeof(algorithm));
- if(result || strcmp(algorithm, "md5-sess") != 0) {
- /* Send the cancellation */
- result = Curl_pp_sendf(&conn->proto.pop3c.pp, "%s", "*");
+ /* Create the response message */
+ result = Curl_sasl_create_digest_md5_message(data, chlg64,
+ conn->user, conn->passwd,
+ "pop", &rplyb64, &len);
+ if(result) {
+ if(result == CURLE_BAD_CONTENT_ENCODING) {
+ /* Send the cancellation */
+ result = Curl_pp_sendf(&conn->proto.pop3c.pp, "%s", "*");
- if(!result)
- state(conn, POP3_AUTH_CANCEL);
+ if(!result)
+ state(conn, POP3_AUTH_CANCEL);
+ }
}
else {
- /* Create the response message */
- result = Curl_sasl_create_digest_md5_message(data, nonce, realm,
- conn->user, conn->passwd,
- "pop", &rplyb64, &len);
- if(!result && rplyb64) {
- /* Send the response */
- result = Curl_pp_sendf(&conn->proto.pop3c.pp, "%s", rplyb64);
+ /* Send the response */
+ result = Curl_pp_sendf(&conn->proto.pop3c.pp, "%s", rplyb64);
- if(!result)
- state(conn, POP3_AUTH_DIGESTMD5_RESP);
- }
+ if(!result)
+ state(conn, POP3_AUTH_DIGESTMD5_RESP);
}
Curl_safefree(rplyb64);
diff --git a/lib/smtp.c b/lib/smtp.c
index db6a72256..9512a2a7f 100644
--- a/lib/smtp.c
+++ b/lib/smtp.c
@@ -996,10 +996,6 @@ static CURLcode smtp_state_auth_digest_resp(struct connectdata *conn,
char *rplyb64 = NULL;
size_t len = 0;
- char nonce[64];
- char realm[128];
- char algorithm[64];
-
(void)instate; /* no use for this yet */
if(smtpcode != 334) {
@@ -1010,29 +1006,25 @@ static CURLcode smtp_state_auth_digest_resp(struct connectdata *conn,
/* Get the challenge message */
smtp_get_message(data->state.buffer, &chlg64);
- /* Decode the challange message */
- result = Curl_sasl_decode_digest_md5_message(chlg64, nonce, sizeof(nonce),
- realm, sizeof(realm),
- algorithm, sizeof(algorithm));
- if(result || strcmp(algorithm, "md5-sess") != 0) {
- /* Send the cancellation */
- result = Curl_pp_sendf(&conn->proto.smtpc.pp, "%s", "*");
+ /* Create the response message */
+ result = Curl_sasl_create_digest_md5_message(data, chlg64,
+ conn->user, conn->passwd,
+ "smtp", &rplyb64, &len);
+ if(result) {
+ if(result == CURLE_BAD_CONTENT_ENCODING) {
+ /* Send the cancellation */
+ result = Curl_pp_sendf(&conn->proto.smtpc.pp, "%s", "*");
- if(!result)
- state(conn, SMTP_AUTH_CANCEL);
+ if(!result)
+ state(conn, SMTP_AUTH_CANCEL);
+ }
}
else {
- /* Create the response message */
- result = Curl_sasl_create_digest_md5_message(data, nonce, realm,
- conn->user, conn->passwd,
- "smtp", &rplyb64, &len);
- if(!result && rplyb64) {
- /* Send the response */
- result = Curl_pp_sendf(&conn->proto.smtpc.pp, "%s", rplyb64);
+ /* Send the response */
+ result = Curl_pp_sendf(&conn->proto.smtpc.pp, "%s", rplyb64);
- if(!result)
- state(conn, SMTP_AUTH_DIGESTMD5_RESP);
- }
+ if(!result)
+ state(conn, SMTP_AUTH_DIGESTMD5_RESP);
}
Curl_safefree(rplyb64);