Mercurial > pidgin.yaz
annotate src/protocols/jabber/auth.c @ 7106:db6bd3e794d8
[gaim-migrate @ 7671]
tobase16(), frombase16(), tobase64(), frombase64() -> gaim_base16_encode(),
gaim_base16_decode(), gaim_base64_encode(), gaim_base64_decode().
committer: Tailor Script <tailor@pidgin.im>
author | Christian Hammond <chipx86@chipx86.com> |
---|---|
date | Wed, 01 Oct 2003 05:56:58 +0000 |
parents | 67c4e9d39242 |
children | e9867cdeb0fd |
rev | line source |
---|---|
7014 | 1 /* |
2 * gaim - Jabber Protocol Plugin | |
3 * | |
4 * Copyright (C) 2003, Nathan Walp <faceprint@faceprint.com> | |
5 * | |
6 * This program is free software; you can redistribute it and/or modify | |
7 * it under the terms of the GNU General Public License as published by | |
8 * the Free Software Foundation; either version 2 of the License, or | |
9 * (at your option) any later version. | |
10 * | |
11 * This program is distributed in the hope that it will be useful, | |
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of | |
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | |
14 * GNU General Public License for more details. | |
15 * | |
16 * You should have received a copy of the GNU General Public License | |
17 * along with this program; if not, write to the Free Software | |
18 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA | |
19 * | |
20 */ | |
21 #include "internal.h" | |
22 | |
23 #include "jutil.h" | |
24 #include "auth.h" | |
25 #include "xmlnode.h" | |
26 #include "jabber.h" | |
27 #include "iq.h" | |
28 #include "sha.h" | |
29 | |
30 #include "debug.h" | |
31 #include "md5.h" | |
32 #include "util.h" | |
33 #include "sslconn.h" | |
34 | |
35 | |
36 void | |
37 jabber_auth_start(JabberStream *js, xmlnode *packet) | |
38 { | |
39 xmlnode *mechs, *mechnode; | |
40 xmlnode *starttls; | |
41 | |
42 gboolean digest_md5 = FALSE; | |
43 | |
44 if(gaim_ssl_is_supported() && | |
45 (starttls = xmlnode_get_child(packet, "starttls"))) { | |
46 jabber_send_raw(js, | |
47 "<starttls xmlns='urn:ietf:params:xml:ns:xmpp-tls'/>"); | |
48 return; | |
49 } | |
50 | |
51 mechs = xmlnode_get_child(packet, "mechanisms"); | |
52 | |
53 if(!mechs) { | |
54 gaim_connection_error(js->gc, _("Invalid response from server")); | |
55 return; | |
56 } | |
57 | |
58 for(mechnode = mechs->child; mechnode; mechnode = mechnode->next) | |
59 { | |
60 if(mechnode->type == NODE_TYPE_TAG) { | |
61 char *mech_name = xmlnode_get_data(mechnode); | |
62 if(mech_name && !strcmp(mech_name, "DIGEST-MD5")) | |
63 digest_md5 = TRUE; | |
64 g_free(mech_name); | |
65 } | |
66 } | |
67 | |
68 if(digest_md5) { | |
69 jabber_send_raw(js, "<auth xmlns='urn:ietf:params:xml:ns:xmpp-sasl'" | |
70 " mechanism='DIGEST-MD5' />"); | |
71 } else { | |
72 gaim_connection_error(js->gc, | |
73 _("Server does not use any supported authentication method")); | |
74 } | |
75 } | |
76 | |
77 static void auth_old_result_cb(JabberStream *js, xmlnode *packet) | |
78 { | |
79 const char *type = xmlnode_get_attrib(packet, "type"); | |
80 | |
81 if(type && !strcmp(type, "error")) { | |
82 xmlnode *error = xmlnode_get_child(packet, "error"); | |
83 const char *err_code; | |
84 char *err_text; | |
85 char *buf; | |
86 | |
87 err_code = xmlnode_get_attrib(error, "code"); | |
88 err_text = xmlnode_get_data(error); | |
89 | |
90 if(!err_code) | |
91 err_code = ""; | |
92 if(!err_text) | |
93 err_text = g_strdup(_("Unknown")); | |
94 | |
95 if(!strcmp(err_code, "401")) | |
96 js->gc->wants_to_die = TRUE; | |
97 | |
98 buf = g_strdup_printf("Error %s: %s", | |
99 err_code, err_text); | |
100 | |
101 gaim_connection_error(js->gc, buf); | |
102 g_free(err_text); | |
103 g_free(buf); | |
104 } | |
105 jabber_stream_set_state(js, JABBER_STREAM_CONNECTED); | |
106 } | |
107 | |
108 static void auth_old_cb(JabberStream *js, xmlnode *packet) | |
109 { | |
110 JabberIq *iq; | |
111 xmlnode *query, *x; | |
112 gboolean digest = FALSE; | |
113 const char *pw = gaim_account_get_password(js->gc->account); | |
114 | |
115 query = xmlnode_get_child(packet, "query"); | |
116 if(js->stream_id && xmlnode_get_child(query, "digest")) { | |
117 digest = TRUE; | |
118 } else if(!xmlnode_get_child(query, "password")) { | |
119 gaim_connection_error(js->gc, | |
120 _("Server does not use any supported authentication method")); | |
121 return; | |
122 } | |
123 | |
124 iq = jabber_iq_new_query(js, JABBER_IQ_SET, "jabber:iq:auth"); | |
125 query = xmlnode_get_child(iq->node, "query"); | |
126 x = xmlnode_new_child(query, "username"); | |
127 xmlnode_insert_data(x, js->user->node, -1); | |
128 x = xmlnode_new_child(query, "resource"); | |
129 xmlnode_insert_data(x, js->user->resource, -1); | |
130 | |
131 if(digest) { | |
132 unsigned char hashval[20]; | |
133 char *s, h[41], *p; | |
134 int i; | |
135 | |
136 x = xmlnode_new_child(query, "digest"); | |
137 s = g_strdup_printf("%s%s", js->stream_id, pw); | |
138 shaBlock((unsigned char *)s, strlen(s), hashval); | |
139 p = h; | |
140 for(i=0; i<20; i++, p+=2) | |
141 snprintf(p, 3, "%02x", hashval[i]); | |
142 xmlnode_insert_data(x, h, -1); | |
143 g_free(s); | |
144 } else { | |
145 x = xmlnode_new_child(query, "password"); | |
146 xmlnode_insert_data(x, pw, -1); | |
147 } | |
148 | |
149 jabber_iq_set_callback(iq, auth_old_result_cb); | |
150 | |
151 jabber_iq_send(iq); | |
152 } | |
153 | |
154 void jabber_auth_start_old(JabberStream *js) | |
155 { | |
156 JabberIq *iq; | |
157 xmlnode *query, *username; | |
158 | |
159 iq = jabber_iq_new_query(js, JABBER_IQ_GET, "jabber:iq:auth"); | |
160 | |
161 query = xmlnode_get_child(iq->node, "query"); | |
162 username = xmlnode_new_child(query, "username"); | |
163 xmlnode_insert_data(username, js->user->node, -1); | |
164 | |
165 jabber_iq_set_callback(iq, auth_old_cb); | |
166 | |
167 jabber_iq_send(iq); | |
168 } | |
169 | |
170 static GHashTable* parse_challenge(const char *challenge) | |
171 { | |
172 GHashTable *ret = g_hash_table_new_full(g_str_hash, g_str_equal, | |
173 g_free, g_free); | |
174 char **pairs; | |
175 int i; | |
176 | |
177 pairs = g_strsplit(challenge, ",", -1); | |
178 | |
179 for(i=0; pairs[i]; i++) { | |
180 char **keyval = g_strsplit(pairs[i], "=", 2); | |
181 if(keyval[0] && keyval[1]) { | |
182 if(keyval[1][0] == '"' && keyval[1][strlen(keyval[1])-1] == '"') | |
183 g_hash_table_replace(ret, g_strdup(keyval[0]), g_strndup(keyval[1]+1, strlen(keyval[1])-2)); | |
184 else | |
185 g_hash_table_replace(ret, g_strdup(keyval[0]), g_strdup(keyval[1])); | |
186 } | |
187 g_strfreev(keyval); | |
188 } | |
189 | |
190 g_strfreev(pairs); | |
191 | |
192 return ret; | |
193 } | |
194 | |
195 static unsigned char* | |
196 generate_response_value(JabberID *jid, const char *passwd, const char *nonce, | |
197 const char *cnonce, const char *a2) | |
198 { | |
199 md5_state_t ctx; | |
200 md5_byte_t result[16]; | |
201 | |
202 char *x, *y, *a1, *ha1, *ha2, *kd, *z; | |
203 | |
204 x = g_strdup_printf("%s:%s:%s", jid->node, jid->domain, passwd); | |
205 md5_init(&ctx); | |
206 md5_append(&ctx, x, strlen(x)); | |
207 md5_finish(&ctx, result); | |
208 | |
209 y = g_strndup(result, 16); | |
210 | |
211 a1 = g_strdup_printf("%s:%s:%s:%s@%s/%s", y, nonce, cnonce, jid->node, | |
212 jid->domain, jid->resource); | |
213 | |
214 md5_init(&ctx); | |
215 md5_append(&ctx, a1, strlen(a1)); | |
216 md5_finish(&ctx, result); | |
217 | |
7106
db6bd3e794d8
[gaim-migrate @ 7671]
Christian Hammond <chipx86@chipx86.com>
parents:
7014
diff
changeset
|
218 ha1 = gaim_base16_encode(result, 16); |
7014 | 219 |
220 md5_init(&ctx); | |
221 md5_append(&ctx, a2, strlen(a2)); | |
222 md5_finish(&ctx, result); | |
223 | |
7106
db6bd3e794d8
[gaim-migrate @ 7671]
Christian Hammond <chipx86@chipx86.com>
parents:
7014
diff
changeset
|
224 ha2 = gaim_base16_encode(result, 16); |
7014 | 225 |
226 kd = g_strdup_printf("%s:%s:00000001:%s:auth:%s", ha1, nonce, cnonce, ha2); | |
227 | |
228 md5_init(&ctx); | |
229 md5_append(&ctx, kd, strlen(kd)); | |
230 md5_finish(&ctx, result); | |
231 | |
7106
db6bd3e794d8
[gaim-migrate @ 7671]
Christian Hammond <chipx86@chipx86.com>
parents:
7014
diff
changeset
|
232 z = gaim_base16_encode(result, 16); |
7014 | 233 |
234 g_free(x); | |
235 g_free(y); | |
236 g_free(a1); | |
237 g_free(ha1); | |
238 g_free(ha2); | |
239 g_free(kd); | |
240 | |
241 return z; | |
242 } | |
243 | |
244 void | |
245 jabber_auth_handle_challenge(JabberStream *js, xmlnode *packet) | |
246 { | |
247 char *enc_in = xmlnode_get_data(packet); | |
248 char *dec_in; | |
249 char *enc_out; | |
250 GHashTable *parts; | |
251 | |
7106
db6bd3e794d8
[gaim-migrate @ 7671]
Christian Hammond <chipx86@chipx86.com>
parents:
7014
diff
changeset
|
252 gaim_base64_decode(enc_in, &dec_in, NULL); |
7014 | 253 |
254 parts = parse_challenge(dec_in); | |
255 | |
256 /* we're actually supposed to prompt the user for a realm if | |
257 * the server doesn't send one, but that really complicates things, | |
258 * so i'm not gonna worry about it until is poses a problem to someone, | |
259 * or I get really bored */ | |
260 | |
261 if(g_hash_table_lookup(parts, "realm")) { | |
262 /* assemble a response, and send it */ | |
263 /* see RFC 2831 */ | |
264 GString *response = g_string_new(""); | |
265 char *a2; | |
266 char *auth_resp; | |
267 char *buf; | |
268 char *cnonce; | |
269 char *realm; | |
270 char *nonce; | |
271 | |
272 cnonce = g_strdup_printf("%p%u%p", js, (int)time(NULL), packet); | |
273 nonce = g_hash_table_lookup(parts, "nonce"); | |
274 realm = g_hash_table_lookup(parts, "realm"); | |
275 | |
276 a2 = g_strdup_printf("AUTHENTICATE:xmpp/%s", realm); | |
277 auth_resp = generate_response_value(js->user, | |
278 gaim_account_get_password(js->gc->account), nonce, cnonce, a2); | |
279 g_free(a2); | |
280 | |
281 a2 = g_strdup_printf(":xmpp/%s", realm); | |
282 js->expected_rspauth = generate_response_value(js->user, | |
283 gaim_account_get_password(js->gc->account), nonce, cnonce, a2); | |
284 g_free(a2); | |
285 | |
286 | |
287 g_string_append_printf(response, "username=\"%s\"", js->user->node); | |
288 g_string_append_printf(response, ",realm=\"%s\"", realm); | |
289 g_string_append_printf(response, ",nonce=\"%s\"", nonce); | |
290 g_string_append_printf(response, ",cnonce=\"%s\"", cnonce); | |
291 g_string_append_printf(response, ",nc=00000001"); | |
292 g_string_append_printf(response, ",qop=auth"); | |
293 g_string_append_printf(response, ",digest-uri=\"xmpp/%s\"", realm); | |
294 g_string_append_printf(response, ",response=%s", auth_resp); | |
295 g_string_append_printf(response, ",charset=utf-8"); | |
296 g_string_append_printf(response, ",authzid=\"%s\"", | |
297 gaim_account_get_username(js->gc->account)); | |
298 | |
299 g_free(auth_resp); | |
300 g_free(cnonce); | |
301 | |
7106
db6bd3e794d8
[gaim-migrate @ 7671]
Christian Hammond <chipx86@chipx86.com>
parents:
7014
diff
changeset
|
302 enc_out = gaim_base64_encode(response->str, response->len); |
7014 | 303 |
304 gaim_debug(GAIM_DEBUG_MISC, "jabber", "decoded response (%d): %s\n", response->len, response->str); | |
305 | |
306 buf = g_strdup_printf("<response xmlns='urn:ietf:params:xml:ns:xmpp-sasl'>%s</response>", enc_out); | |
307 | |
308 jabber_send_raw(js, buf); | |
309 | |
310 g_free(buf); | |
311 | |
312 g_free(enc_out); | |
313 | |
314 g_string_free(response, TRUE); | |
315 } else if (g_hash_table_lookup(parts, "rspauth")) { | |
316 char *rspauth = g_hash_table_lookup(parts, "rspauth"); | |
317 | |
318 | |
319 if(rspauth && !strcmp(rspauth, js->expected_rspauth)) { | |
320 jabber_send_raw(js, | |
321 "<response xmlns='urn:ietf:params:xml:ns:xmpp-sasl' />"); | |
322 } else { | |
323 gaim_connection_error(js->gc, _("Invalid challenge from server")); | |
324 } | |
325 g_free(js->expected_rspauth); | |
326 } | |
327 | |
328 g_free(enc_in); | |
329 g_free(dec_in); | |
330 g_hash_table_destroy(parts); | |
331 } | |
332 | |
333 void jabber_auth_handle_success(JabberStream *js, xmlnode *packet) | |
334 { | |
335 const char *ns = xmlnode_get_attrib(packet, "xmlns"); | |
336 | |
337 if(!ns || strcmp(ns, "urn:ietf:params:xml:ns:xmpp-sasl")) { | |
338 gaim_connection_error(js->gc, _("Invalid response from server")); | |
339 return; | |
340 } | |
341 | |
342 jabber_stream_set_state(js, JABBER_STREAM_REINITIALIZING); | |
343 } | |
344 | |
345 void jabber_auth_handle_failure(JabberStream *js, xmlnode *packet) | |
346 { | |
347 const char *ns = xmlnode_get_attrib(packet, "xmlns"); | |
348 | |
349 if(!ns) | |
350 gaim_connection_error(js->gc, _("Invalid response from server")); | |
351 else if(!strcmp(ns, "urn:ietf:params:xml:ns:xmpp-sasl")) { | |
352 if(xmlnode_get_child(packet, "bad-protocol")) { | |
353 gaim_connection_error(js->gc, _("Bad Protocol")); | |
354 } else if(xmlnode_get_child(packet, "encryption-required")) { | |
355 js->gc->wants_to_die = TRUE; | |
356 gaim_connection_error(js->gc, _("Encryption Required")); | |
357 } else if(xmlnode_get_child(packet, "invalid-authzid")) { | |
358 js->gc->wants_to_die = TRUE; | |
359 gaim_connection_error(js->gc, _("Invalid authzid")); | |
360 } else if(xmlnode_get_child(packet, "invalid-mechanism")) { | |
361 js->gc->wants_to_die = TRUE; | |
362 gaim_connection_error(js->gc, _("Invalid Mechanism")); | |
363 } else if(xmlnode_get_child(packet, "invalid-realm")) { | |
364 gaim_connection_error(js->gc, _("Invalid Realm")); | |
365 } else if(xmlnode_get_child(packet, "mechanism-too-weak")) { | |
366 js->gc->wants_to_die = TRUE; | |
367 gaim_connection_error(js->gc, _("Mechanism Too Weak")); | |
368 } else if(xmlnode_get_child(packet, "not-authorized")) { | |
369 js->gc->wants_to_die = TRUE; | |
370 gaim_connection_error(js->gc, _("Not Authorized")); | |
371 } else if(xmlnode_get_child(packet, "temporary-auth-failure")) { | |
372 gaim_connection_error(js->gc, | |
373 _("Temporary Authentication Failure")); | |
374 } else { | |
375 gaim_connection_error(js->gc, _("Authentication Failure")); | |
376 } | |
377 } | |
378 } |