From b87ba2c94217c0b5da8758b22972ee2d5381f169 Mon Sep 17 00:00:00 2001 From: Steve Holme Date: Sun, 27 Oct 2013 16:27:38 +0000 Subject: email: Added support for cancelling DIGEST-MD5 authentication --- lib/curl_sasl.c | 109 ++++++++++++++++++++++++++++++++++---------------------- 1 file changed, 67 insertions(+), 42 deletions(-) (limited to 'lib/curl_sasl.c') diff --git a/lib/curl_sasl.c b/lib/curl_sasl.c index 15a197cab..b15590ae9 100644 --- a/lib/curl_sasl.c +++ b/lib/curl_sasl.c @@ -55,7 +55,7 @@ /* Retrieves the value for a corresponding key from the challenge string * returns TRUE if the key could be found, FALSE if it does not exists */ -static bool sasl_digest_get_key_value(const unsigned char *chlg, +static bool sasl_digest_get_key_value(const char *chlg, const char *key, char *value, size_t max_val_len, @@ -64,7 +64,7 @@ static bool sasl_digest_get_key_value(const unsigned char *chlg, char *find_pos; size_t i; - find_pos = strstr((const char *) chlg, key); + find_pos = strstr(chlg, key); if(!find_pos) return FALSE; @@ -263,6 +263,66 @@ CURLcode Curl_sasl_create_cram_md5_message(struct SessionHandle *data, return result; } +/* + * Curl_sasl_decode_digest_md5_message() + * + * This is used to decode an already encoded DIGEST-MD5 challenge message. + * + * Parameters: + * + * chlg64 [in] - Pointer to the base64 encoded challenge buffer. + * nonce [in/out] - The buffer where the nonce will be stored. + * nlen [in] - The length of the nonce buffer. + * realm [in/out] - The buffer where the realm will be stored. + * rlen [in] - The length of the realm buffer. + * alg [in/out] - The buffer where the algorithm will be stored. + * alen [in] - The length of the algorithm buffer. + * + * Returns CURLE_OK on success. + */ +CURLcode Curl_sasl_decode_digest_md5_message(const char *chlg64, + char *nonce, size_t nlen, + char *realm, size_t rlen, + char *alg, size_t alen) +{ + CURLcode result = CURLE_OK; + char *chlg = NULL; + size_t chlglen = 0; + size_t chlg64len = strlen(chlg64); + + if(chlg64len && *chlg64 != '=') { + result = Curl_base64_decode(chlg64, (unsigned char **) &chlg, &chlglen); + if(result) + return result; + } + + /* Ensure we have a valid challenge message */ + if(!chlg) + return CURLE_BAD_CONTENT_ENCODING; + + /* Retrieve nonce string from the challenge */ + if(!sasl_digest_get_key_value(chlg, "nonce=\"", nonce, nlen, '\"')) { + Curl_safefree(chlg); + return CURLE_BAD_CONTENT_ENCODING; + } + + /* Retrieve realm string from the challenge */ + if(!sasl_digest_get_key_value(chlg, "realm=\"", realm, rlen, '\"')) { + /* Challenge does not have a realm, set empty string [RFC2831] page 6 */ + strcpy(realm, ""); + } + + /* Retrieve algorithm string from the challenge */ + if(!sasl_digest_get_key_value(chlg, "algorithm=", alg, alen, ',')) { + Curl_safefree(chlg); + return CURLE_BAD_CONTENT_ENCODING; + } + + Curl_safefree(chlg); + + return CURLE_OK; +} + /* * Curl_sasl_create_digest_md5_message() * @@ -272,10 +332,11 @@ CURLcode Curl_sasl_create_cram_md5_message(struct SessionHandle *data, * Parameters: * * data [in] - The session handle. - * chlg64 [in] - Pointer to the base64 encoded challenge buffer. + * nonce [in] - The nonce. + * realm [in] - The realm. * userp [in] - The user name. * passdwp [in] - The user's password. - * service [in] - The service type such as www, smtp or pop + * service [in] - The service type such as www, smtp, pop or imap. * outptr [in/out] - The address where a pointer to newly allocated memory * holding the result will be stored upon completion. * outlen [out] - The length of the output message. @@ -283,7 +344,8 @@ CURLcode Curl_sasl_create_cram_md5_message(struct SessionHandle *data, * Returns CURLE_OK on success. */ CURLcode Curl_sasl_create_digest_md5_message(struct SessionHandle *data, - const char *chlg64, + const char *nonce, + const char *realm, const char *userp, const char *passwdp, const char *service, @@ -302,9 +364,6 @@ CURLcode Curl_sasl_create_digest_md5_message(struct SessionHandle *data, char HA2_hex[2 * MD5_DIGEST_LEN + 1]; char resp_hash_hex[2 * MD5_DIGEST_LEN + 1]; - char nonce[64]; - char realm[128]; - char alg[64]; char nonceCount[] = "00000001"; char cnonce[] = "12345678"; /* will be changed */ char method[] = "AUTHENTICATE"; @@ -312,40 +371,6 @@ CURLcode Curl_sasl_create_digest_md5_message(struct SessionHandle *data, char uri[128]; char response[512]; - result = Curl_base64_decode(chlg64, &chlg, &chlglen); - - if(result) - return result; - - if(!chlg) - return CURLE_LOGIN_DENIED; - - /* Retrieve nonce string from the challenge */ - if(!sasl_digest_get_key_value(chlg, "nonce=\"", nonce, - sizeof(nonce), '\"')) { - Curl_safefree(chlg); - return CURLE_LOGIN_DENIED; - } - - /* Retrieve realm string from the challenge */ - if(!sasl_digest_get_key_value(chlg, "realm=\"", realm, - sizeof(realm), '\"')) { - /* Challenge does not have a realm, set empty string [RFC2831] page 6 */ - strcpy(realm, ""); - } - - /* Retrieve algorithm string from the challenge */ - if(!sasl_digest_get_key_value(chlg, "algorithm=", alg, sizeof(alg), ',')) { - Curl_safefree(chlg); - return CURLE_LOGIN_DENIED; - } - - Curl_safefree(chlg); - - /* We do not support other algorithms */ - if(strcmp(alg, "md5-sess") != 0) - return CURLE_LOGIN_DENIED; - #ifndef DEBUGBUILD /* Generate 64 bits of random data */ for(i = 0; i < 8; i++) -- cgit v1.2.3