Mercurial > pidgin.yaz
annotate src/protocols/jabber/auth.c @ 10490:a3a540ed2518
[gaim-migrate @ 11780]
some random jabber stuff, remove a duplicate #define, and shuffle account
loading so we're not emitting signals that haven't been registered yet
committer: Tailor Script <tailor@pidgin.im>
author | Nathan Walp <nwalp@pidgin.im> |
---|---|
date | Sat, 08 Jan 2005 21:10:17 +0000 |
parents | e0a4b8586cbe |
children | dc33b3b475c2 |
rev | line source |
---|---|
7014 | 1 /* |
2 * gaim - Jabber Protocol Plugin | |
3 * | |
4 * Copyright (C) 2003, Nathan Walp <faceprint@faceprint.com> | |
5 * | |
6 * This program is free software; you can redistribute it and/or modify | |
7 * it under the terms of the GNU General Public License as published by | |
8 * the Free Software Foundation; either version 2 of the License, or | |
9 * (at your option) any later version. | |
10 * | |
11 * This program is distributed in the hope that it will be useful, | |
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of | |
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | |
14 * GNU General Public License for more details. | |
15 * | |
16 * You should have received a copy of the GNU General Public License | |
17 * along with this program; if not, write to the Free Software | |
18 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA | |
19 * | |
20 */ | |
21 #include "internal.h" | |
22 | |
23 #include "jutil.h" | |
24 #include "auth.h" | |
25 #include "xmlnode.h" | |
26 #include "jabber.h" | |
27 #include "iq.h" | |
28 #include "sha.h" | |
29 | |
30 #include "debug.h" | |
31 #include "md5.h" | |
32 #include "util.h" | |
33 #include "sslconn.h" | |
8397 | 34 #include "request.h" |
35 | |
36 static void auth_old_result_cb(JabberStream *js, xmlnode *packet, | |
37 gpointer data); | |
7014 | 38 |
8296 | 39 gboolean |
40 jabber_process_starttls(JabberStream *js, xmlnode *packet) | |
7014 | 41 { |
42 xmlnode *starttls; | |
43 | |
7157 | 44 if((starttls = xmlnode_get_child(packet, "starttls"))) { |
7630 | 45 if(gaim_account_get_bool(js->gc->account, "use_tls", TRUE) && |
46 gaim_ssl_is_supported()) { | |
7157 | 47 jabber_send_raw(js, |
7642 | 48 "<starttls xmlns='urn:ietf:params:xml:ns:xmpp-tls'/>", -1); |
8296 | 49 return TRUE; |
7157 | 50 } else if(xmlnode_get_child(starttls, "required")) { |
10441 | 51 if(gaim_ssl_is_supported()) { |
52 gaim_connection_error(js->gc, _("Server requires TLS/SSL for login. Select \"Enable TLS if available\" in account properties")); | |
53 } else { | |
54 gaim_connection_error(js->gc, _("Server requires TLS/SSL for login. No TLS/SSL support found.")); | |
55 } | |
8296 | 56 return TRUE; |
7157 | 57 } |
7014 | 58 } |
59 | |
8296 | 60 return FALSE; |
61 } | |
62 | |
8397 | 63 static void finish_plaintext_authentication(JabberStream *js) |
64 { | |
65 if(js->auth_type == JABBER_AUTH_PLAIN) { | |
66 xmlnode *auth; | |
67 GString *response; | |
10441 | 68 unsigned char *enc_out; |
8397 | 69 |
70 auth = xmlnode_new("auth"); | |
71 xmlnode_set_attrib(auth, "xmlns", "urn:ietf:params:xml:ns:xmpp-sasl"); | |
72 | |
73 response = g_string_new(""); | |
74 response = g_string_append_len(response, "\0", 1); | |
75 response = g_string_append(response, js->user->node); | |
76 response = g_string_append_len(response, "\0", 1); | |
77 response = g_string_append(response, | |
78 gaim_account_get_password(js->gc->account)); | |
79 | |
80 enc_out = gaim_base64_encode(response->str, response->len); | |
81 | |
82 xmlnode_set_attrib(auth, "mechanism", "PLAIN"); | |
83 xmlnode_insert_data(auth, enc_out, -1); | |
84 g_free(enc_out); | |
85 g_string_free(response, TRUE); | |
86 | |
87 jabber_send(js, auth); | |
88 xmlnode_free(auth); | |
89 } else if(js->auth_type == JABBER_AUTH_IQ_AUTH) { | |
90 JabberIq *iq; | |
91 xmlnode *query, *x; | |
92 | |
93 iq = jabber_iq_new_query(js, JABBER_IQ_SET, "jabber:iq:auth"); | |
94 query = xmlnode_get_child(iq->node, "query"); | |
95 x = xmlnode_new_child(query, "username"); | |
96 xmlnode_insert_data(x, js->user->node, -1); | |
97 x = xmlnode_new_child(query, "resource"); | |
98 xmlnode_insert_data(x, js->user->resource, -1); | |
99 x = xmlnode_new_child(query, "password"); | |
100 xmlnode_insert_data(x, gaim_account_get_password(js->gc->account), -1); | |
101 jabber_iq_set_callback(iq, auth_old_result_cb, NULL); | |
102 jabber_iq_send(iq); | |
103 } | |
104 } | |
105 | |
106 static void allow_plaintext_auth(GaimAccount *account) | |
107 { | |
108 gaim_account_set_bool(account, "auth_plain_in_clear", TRUE); | |
109 | |
110 finish_plaintext_authentication(account->gc->proto_data); | |
111 } | |
112 | |
113 static void disallow_plaintext_auth(GaimAccount *account) | |
114 { | |
115 gaim_connection_error(account->gc, _("Server requires plaintext authentication over an unencrypted stream")); | |
116 } | |
117 | |
8296 | 118 void |
119 jabber_auth_start(JabberStream *js, xmlnode *packet) | |
120 { | |
121 xmlnode *mechs, *mechnode; | |
122 | |
123 gboolean digest_md5 = FALSE, plain=FALSE; | |
124 | |
125 | |
8016 | 126 if(js->registration) { |
127 jabber_register_start(js); | |
128 return; | |
129 } | |
130 | |
7014 | 131 mechs = xmlnode_get_child(packet, "mechanisms"); |
132 | |
133 if(!mechs) { | |
7981 | 134 gaim_connection_error(js->gc, _("Invalid response from server.")); |
7014 | 135 return; |
136 } | |
137 | |
8135 | 138 for(mechnode = xmlnode_get_child(mechs, "mechanism"); mechnode; |
139 mechnode = xmlnode_get_next_twin(mechnode)) | |
7014 | 140 { |
8135 | 141 char *mech_name = xmlnode_get_data(mechnode); |
142 if(mech_name && !strcmp(mech_name, "DIGEST-MD5")) | |
143 digest_md5 = TRUE; | |
144 else if(mech_name && !strcmp(mech_name, "PLAIN")) | |
145 plain = TRUE; | |
146 g_free(mech_name); | |
7014 | 147 } |
148 | |
7703 | 149 |
7645 | 150 if(digest_md5) { |
8397 | 151 xmlnode *auth; |
152 | |
153 js->auth_type = JABBER_AUTH_DIGEST_MD5; | |
154 auth = xmlnode_new("auth"); | |
155 xmlnode_set_attrib(auth, "xmlns", "urn:ietf:params:xml:ns:xmpp-sasl"); | |
7291 | 156 xmlnode_set_attrib(auth, "mechanism", "DIGEST-MD5"); |
8397 | 157 |
158 jabber_send(js, auth); | |
159 xmlnode_free(auth); | |
8086 | 160 } else if(plain) { |
8397 | 161 js->auth_type = JABBER_AUTH_PLAIN; |
7703 | 162 |
8086 | 163 if(js->gsc == NULL && !gaim_account_get_bool(js->gc->account, "auth_plain_in_clear", FALSE)) { |
8397 | 164 gaim_request_yes_no(js->gc, _("Plaintext Authentication"), |
165 _("Plaintext Authentication"), | |
166 _("This server requires plaintext authentication over an unencrypted connection. Allow this and continue authentication?"), | |
167 2, js->gc->account, allow_plaintext_auth, | |
168 disallow_plaintext_auth); | |
8086 | 169 return; |
170 } | |
8397 | 171 finish_plaintext_authentication(js); |
7014 | 172 } else { |
173 gaim_connection_error(js->gc, | |
174 _("Server does not use any supported authentication method")); | |
175 } | |
176 } | |
177 | |
7395 | 178 static void auth_old_result_cb(JabberStream *js, xmlnode *packet, gpointer data) |
7014 | 179 { |
180 const char *type = xmlnode_get_attrib(packet, "type"); | |
181 | |
7730 | 182 if(type && !strcmp(type, "result")) { |
183 jabber_stream_set_state(js, JABBER_STREAM_CONNECTED); | |
184 } else { | |
8401 | 185 char *msg = jabber_parse_error(js, packet); |
186 xmlnode *error; | |
187 const char *err_code; | |
7014 | 188 |
8401 | 189 if((error = xmlnode_get_child(packet, "error")) && |
190 (err_code = xmlnode_get_attrib(error, "code")) && | |
191 !strcmp(err_code, "401")) { | |
192 js->gc->wants_to_die = TRUE; | |
7730 | 193 } |
7014 | 194 |
8401 | 195 gaim_connection_error(js->gc, msg); |
196 g_free(msg); | |
7014 | 197 } |
198 } | |
199 | |
7395 | 200 static void auth_old_cb(JabberStream *js, xmlnode *packet, gpointer data) |
7014 | 201 { |
202 JabberIq *iq; | |
203 xmlnode *query, *x; | |
7514 | 204 const char *type = xmlnode_get_attrib(packet, "type"); |
7014 | 205 const char *pw = gaim_account_get_password(js->gc->account); |
206 | |
7514 | 207 if(!type) { |
7981 | 208 gaim_connection_error(js->gc, _("Invalid response from server.")); |
7014 | 209 return; |
7515 | 210 } else if(!strcmp(type, "error")) { |
8401 | 211 char *msg = jabber_parse_error(js, packet); |
212 gaim_connection_error(js->gc, msg); | |
213 g_free(msg); | |
7515 | 214 } else if(!strcmp(type, "result")) { |
7514 | 215 query = xmlnode_get_child(packet, "query"); |
216 if(js->stream_id && xmlnode_get_child(query, "digest")) { | |
217 unsigned char hashval[20]; | |
218 char *s, h[41], *p; | |
219 int i; | |
7014 | 220 |
8397 | 221 iq = jabber_iq_new_query(js, JABBER_IQ_SET, "jabber:iq:auth"); |
222 query = xmlnode_get_child(iq->node, "query"); | |
223 x = xmlnode_new_child(query, "username"); | |
224 xmlnode_insert_data(x, js->user->node, -1); | |
225 x = xmlnode_new_child(query, "resource"); | |
226 xmlnode_insert_data(x, js->user->resource, -1); | |
227 | |
7514 | 228 x = xmlnode_new_child(query, "digest"); |
229 s = g_strdup_printf("%s%s", js->stream_id, pw); | |
230 shaBlock((unsigned char *)s, strlen(s), hashval); | |
231 p = h; | |
232 for(i=0; i<20; i++, p+=2) | |
233 snprintf(p, 3, "%02x", hashval[i]); | |
234 xmlnode_insert_data(x, h, -1); | |
235 g_free(s); | |
8397 | 236 jabber_iq_set_callback(iq, auth_old_result_cb, NULL); |
237 jabber_iq_send(iq); | |
238 | |
239 } else if(xmlnode_get_child(query, "password")) { | |
240 if(js->gsc == NULL && !gaim_account_get_bool(js->gc->account, | |
241 "auth_plain_in_clear", FALSE)) { | |
242 gaim_request_yes_no(js->gc, _("Plaintext Authentication"), | |
243 _("Plaintext Authentication"), | |
244 _("This server requires plaintext authentication over an unencrypted connection. Allow this and continue authentication?"), | |
245 2, js->gc->account, allow_plaintext_auth, | |
246 disallow_plaintext_auth); | |
247 return; | |
248 } | |
249 finish_plaintext_authentication(js); | |
7514 | 250 } else { |
8397 | 251 gaim_connection_error(js->gc, |
252 _("Server does not use any supported authentication method")); | |
253 return; | |
7514 | 254 } |
7014 | 255 } |
256 } | |
257 | |
258 void jabber_auth_start_old(JabberStream *js) | |
259 { | |
260 JabberIq *iq; | |
261 xmlnode *query, *username; | |
262 | |
263 iq = jabber_iq_new_query(js, JABBER_IQ_GET, "jabber:iq:auth"); | |
264 | |
265 query = xmlnode_get_child(iq->node, "query"); | |
266 username = xmlnode_new_child(query, "username"); | |
267 xmlnode_insert_data(username, js->user->node, -1); | |
268 | |
7395 | 269 jabber_iq_set_callback(iq, auth_old_cb, NULL); |
7014 | 270 |
271 jabber_iq_send(iq); | |
272 } | |
273 | |
274 static GHashTable* parse_challenge(const char *challenge) | |
275 { | |
276 GHashTable *ret = g_hash_table_new_full(g_str_hash, g_str_equal, | |
277 g_free, g_free); | |
278 char **pairs; | |
279 int i; | |
280 | |
281 pairs = g_strsplit(challenge, ",", -1); | |
282 | |
283 for(i=0; pairs[i]; i++) { | |
284 char **keyval = g_strsplit(pairs[i], "=", 2); | |
285 if(keyval[0] && keyval[1]) { | |
286 if(keyval[1][0] == '"' && keyval[1][strlen(keyval[1])-1] == '"') | |
287 g_hash_table_replace(ret, g_strdup(keyval[0]), g_strndup(keyval[1]+1, strlen(keyval[1])-2)); | |
288 else | |
289 g_hash_table_replace(ret, g_strdup(keyval[0]), g_strdup(keyval[1])); | |
290 } | |
291 g_strfreev(keyval); | |
292 } | |
293 | |
294 g_strfreev(pairs); | |
295 | |
296 return ret; | |
297 } | |
298 | |
299 static unsigned char* | |
300 generate_response_value(JabberID *jid, const char *passwd, const char *nonce, | |
7267 | 301 const char *cnonce, const char *a2, const char *realm) |
7014 | 302 { |
303 md5_state_t ctx; | |
304 md5_byte_t result[16]; | |
10136 | 305 size_t a1len; |
7014 | 306 |
10441 | 307 unsigned char *x, *a1, *ha1, *ha2, *kd, *z, *convnode, *convpasswd; |
7014 | 308 |
10136 | 309 if((convnode = g_convert(jid->node, strlen(jid->node), "iso-8859-1", "utf-8", |
310 NULL, NULL, NULL)) == NULL) { | |
311 convnode = g_strdup(jid->node); | |
312 } | |
313 if((convpasswd = g_convert(passwd, strlen(passwd), "iso-8859-1", "utf-8", | |
314 NULL, NULL, NULL)) == NULL) { | |
315 convpasswd = g_strdup(passwd); | |
316 } | |
317 | |
318 x = g_strdup_printf("%s:%s:%s", convnode, realm, convpasswd); | |
7014 | 319 md5_init(&ctx); |
320 md5_append(&ctx, x, strlen(x)); | |
321 md5_finish(&ctx, result); | |
322 | |
10136 | 323 a1 = g_strdup_printf("xxxxxxxxxxxxxxxx:%s:%s", nonce, cnonce); |
324 a1len = strlen(a1); | |
325 g_memmove(a1, result, 16); | |
7014 | 326 |
327 md5_init(&ctx); | |
10136 | 328 md5_append(&ctx, a1, a1len); |
7014 | 329 md5_finish(&ctx, result); |
330 | |
7106
db6bd3e794d8
[gaim-migrate @ 7671]
Christian Hammond <chipx86@chipx86.com>
parents:
7014
diff
changeset
|
331 ha1 = gaim_base16_encode(result, 16); |
7014 | 332 |
333 md5_init(&ctx); | |
334 md5_append(&ctx, a2, strlen(a2)); | |
335 md5_finish(&ctx, result); | |
336 | |
7106
db6bd3e794d8
[gaim-migrate @ 7671]
Christian Hammond <chipx86@chipx86.com>
parents:
7014
diff
changeset
|
337 ha2 = gaim_base16_encode(result, 16); |
7014 | 338 |
339 kd = g_strdup_printf("%s:%s:00000001:%s:auth:%s", ha1, nonce, cnonce, ha2); | |
340 | |
341 md5_init(&ctx); | |
342 md5_append(&ctx, kd, strlen(kd)); | |
343 md5_finish(&ctx, result); | |
344 | |
7106
db6bd3e794d8
[gaim-migrate @ 7671]
Christian Hammond <chipx86@chipx86.com>
parents:
7014
diff
changeset
|
345 z = gaim_base16_encode(result, 16); |
7014 | 346 |
10136 | 347 g_free(convnode); |
348 g_free(convpasswd); | |
7014 | 349 g_free(x); |
350 g_free(a1); | |
351 g_free(ha1); | |
352 g_free(ha2); | |
353 g_free(kd); | |
354 | |
355 return z; | |
356 } | |
357 | |
358 void | |
359 jabber_auth_handle_challenge(JabberStream *js, xmlnode *packet) | |
360 { | |
361 | |
7703 | 362 if(js->auth_type == JABBER_AUTH_DIGEST_MD5) { |
7291 | 363 char *enc_in = xmlnode_get_data(packet); |
364 char *dec_in; | |
365 char *enc_out; | |
366 GHashTable *parts; | |
7014 | 367 |
7395 | 368 if(!enc_in) { |
7981 | 369 gaim_connection_error(js->gc, _("Invalid response from server.")); |
7395 | 370 return; |
371 } | |
372 | |
7291 | 373 gaim_base64_decode(enc_in, &dec_in, NULL); |
7395 | 374 gaim_debug(GAIM_DEBUG_MISC, "jabber", "decoded challenge (%d): %s\n", |
375 strlen(dec_in), dec_in); | |
7291 | 376 |
377 parts = parse_challenge(dec_in); | |
7014 | 378 |
379 | |
7291 | 380 if (g_hash_table_lookup(parts, "rspauth")) { |
381 char *rspauth = g_hash_table_lookup(parts, "rspauth"); | |
7014 | 382 |
383 | |
7291 | 384 if(rspauth && js->expected_rspauth && |
385 !strcmp(rspauth, js->expected_rspauth)) { | |
386 jabber_send_raw(js, | |
7642 | 387 "<response xmlns='urn:ietf:params:xml:ns:xmpp-sasl' />", |
388 -1); | |
7291 | 389 } else { |
390 gaim_connection_error(js->gc, _("Invalid challenge from server")); | |
391 } | |
392 g_free(js->expected_rspauth); | |
393 } else { | |
394 /* assemble a response, and send it */ | |
395 /* see RFC 2831 */ | |
396 GString *response = g_string_new(""); | |
397 char *a2; | |
398 char *auth_resp; | |
399 char *buf; | |
400 char *cnonce; | |
401 char *realm; | |
402 char *nonce; | |
7014 | 403 |
7291 | 404 /* we're actually supposed to prompt the user for a realm if |
405 * the server doesn't send one, but that really complicates things, | |
406 * so i'm not gonna worry about it until is poses a problem to | |
407 * someone, or I get really bored */ | |
408 realm = g_hash_table_lookup(parts, "realm"); | |
409 if(!realm) | |
410 realm = js->user->domain; | |
7014 | 411 |
7291 | 412 cnonce = g_strdup_printf("%x%u%x", g_random_int(), (int)time(NULL), |
413 g_random_int()); | |
414 nonce = g_hash_table_lookup(parts, "nonce"); | |
7014 | 415 |
416 | |
7291 | 417 a2 = g_strdup_printf("AUTHENTICATE:xmpp/%s", realm); |
418 auth_resp = generate_response_value(js->user, | |
419 gaim_account_get_password(js->gc->account), nonce, cnonce, a2, realm); | |
420 g_free(a2); | |
421 | |
422 a2 = g_strdup_printf(":xmpp/%s", realm); | |
423 js->expected_rspauth = generate_response_value(js->user, | |
424 gaim_account_get_password(js->gc->account), nonce, cnonce, a2, realm); | |
425 g_free(a2); | |
426 | |
427 | |
428 g_string_append_printf(response, "username=\"%s\"", js->user->node); | |
429 g_string_append_printf(response, ",realm=\"%s\"", realm); | |
430 g_string_append_printf(response, ",nonce=\"%s\"", nonce); | |
431 g_string_append_printf(response, ",cnonce=\"%s\"", cnonce); | |
432 g_string_append_printf(response, ",nc=00000001"); | |
433 g_string_append_printf(response, ",qop=auth"); | |
434 g_string_append_printf(response, ",digest-uri=\"xmpp/%s\"", realm); | |
435 g_string_append_printf(response, ",response=%s", auth_resp); | |
436 g_string_append_printf(response, ",charset=utf-8"); | |
437 | |
438 g_free(auth_resp); | |
439 g_free(cnonce); | |
440 | |
441 enc_out = gaim_base64_encode(response->str, response->len); | |
442 | |
443 gaim_debug(GAIM_DEBUG_MISC, "jabber", "decoded response (%d): %s\n", response->len, response->str); | |
444 | |
445 buf = g_strdup_printf("<response xmlns='urn:ietf:params:xml:ns:xmpp-sasl'>%s</response>", enc_out); | |
446 | |
7642 | 447 jabber_send_raw(js, buf, -1); |
7291 | 448 |
449 g_free(buf); | |
450 | |
451 g_free(enc_out); | |
452 | |
453 g_string_free(response, TRUE); | |
7014 | 454 } |
7291 | 455 |
456 g_free(enc_in); | |
457 g_free(dec_in); | |
458 g_hash_table_destroy(parts); | |
7014 | 459 } |
460 } | |
461 | |
462 void jabber_auth_handle_success(JabberStream *js, xmlnode *packet) | |
463 { | |
464 const char *ns = xmlnode_get_attrib(packet, "xmlns"); | |
465 | |
466 if(!ns || strcmp(ns, "urn:ietf:params:xml:ns:xmpp-sasl")) { | |
7981 | 467 gaim_connection_error(js->gc, _("Invalid response from server.")); |
7014 | 468 return; |
469 } | |
470 | |
471 jabber_stream_set_state(js, JABBER_STREAM_REINITIALIZING); | |
472 } | |
473 | |
474 void jabber_auth_handle_failure(JabberStream *js, xmlnode *packet) | |
475 { | |
8401 | 476 char *msg = jabber_parse_error(js, packet); |
7014 | 477 |
8401 | 478 if(!msg) { |
7981 | 479 gaim_connection_error(js->gc, _("Invalid response from server.")); |
8401 | 480 } else { |
481 gaim_connection_error(js->gc, msg); | |
482 g_free(msg); | |
7014 | 483 } |
484 } |