Mercurial > pidgin.yaz

comparison src/protocols/jabber/auth.c @ 7014:67c4e9d39242

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
[gaim-migrate @ 7577] Here it is, the bulk of the new Jabber prpl. Left to do: - Implement registration - Implement password changing - Keep track of conversation threads (since I apparently have to) - Fix the bugs that always magically appear in code after I commit committer: Tailor Script <tailor@pidgin.im>
author Nathan Walp <nwalp@pidgin.im>
date Mon, 29 Sep 2003 15:23:19 +0000
parents
children db6bd3e794d8
comparison
equal deleted inserted replaced
7013:859cafb6433f 7014:67c4e9d39242
1 /*
2 * gaim - Jabber Protocol Plugin
3 *
4 * Copyright (C) 2003, Nathan Walp <faceprint@faceprint.com>
5 *
6 * This program is free software; you can redistribute it and/or modify
7 * it under the terms of the GNU General Public License as published by
8 * the Free Software Foundation; either version 2 of the License, or
9 * (at your option) any later version.
10 *
11 * This program is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 * GNU General Public License for more details.
15 *
16 * You should have received a copy of the GNU General Public License
17 * along with this program; if not, write to the Free Software
18 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
19 *
20 */
21 #include "internal.h"
22
23 #include "jutil.h"
24 #include "auth.h"
25 #include "xmlnode.h"
26 #include "jabber.h"
27 #include "iq.h"
28 #include "sha.h"
29
30 #include "debug.h"
31 #include "md5.h"
32 #include "util.h"
33 #include "sslconn.h"
34
35
36 void
37 jabber_auth_start(JabberStream *js, xmlnode *packet)
38 {
39 xmlnode *mechs, *mechnode;
40 xmlnode *starttls;
41
42 gboolean digest_md5 = FALSE;
43
44 if(gaim_ssl_is_supported() &&
45 (starttls = xmlnode_get_child(packet, "starttls"))) {
46 jabber_send_raw(js,
47 "<starttls xmlns='urn:ietf:params:xml:ns:xmpp-tls'/>");
48 return;
49 }
50
51 mechs = xmlnode_get_child(packet, "mechanisms");
52
53 if(!mechs) {
54 gaim_connection_error(js->gc, _("Invalid response from server"));
55 return;
56 }
57
58 for(mechnode = mechs->child; mechnode; mechnode = mechnode->next)
59 {
60 if(mechnode->type == NODE_TYPE_TAG) {
61 char *mech_name = xmlnode_get_data(mechnode);
62 if(mech_name && !strcmp(mech_name, "DIGEST-MD5"))
63 digest_md5 = TRUE;
64 g_free(mech_name);
65 }
66 }
67
68 if(digest_md5) {
69 jabber_send_raw(js, "<auth xmlns='urn:ietf:params:xml:ns:xmpp-sasl'"
70 " mechanism='DIGEST-MD5' />");
71 } else {
72 gaim_connection_error(js->gc,
73 _("Server does not use any supported authentication method"));
74 }
75 }
76
77 static void auth_old_result_cb(JabberStream *js, xmlnode *packet)
78 {
79 const char *type = xmlnode_get_attrib(packet, "type");
80
81 if(type && !strcmp(type, "error")) {
82 xmlnode *error = xmlnode_get_child(packet, "error");
83 const char *err_code;
84 char *err_text;
85 char *buf;
86
87 err_code = xmlnode_get_attrib(error, "code");
88 err_text = xmlnode_get_data(error);
89
90 if(!err_code)
91 err_code = "";
92 if(!err_text)
93 err_text = g_strdup(_("Unknown"));
94
95 if(!strcmp(err_code, "401"))
96 js->gc->wants_to_die = TRUE;
97
98 buf = g_strdup_printf("Error %s: %s",
99 err_code, err_text);
100
101 gaim_connection_error(js->gc, buf);
102 g_free(err_text);
103 g_free(buf);
104 }
105 jabber_stream_set_state(js, JABBER_STREAM_CONNECTED);
106 }
107
108 static void auth_old_cb(JabberStream *js, xmlnode *packet)
109 {
110 JabberIq *iq;
111 xmlnode *query, *x;
112 gboolean digest = FALSE;
113 const char *pw = gaim_account_get_password(js->gc->account);
114
115 query = xmlnode_get_child(packet, "query");
116 if(js->stream_id && xmlnode_get_child(query, "digest")) {
117 digest = TRUE;
118 } else if(!xmlnode_get_child(query, "password")) {
119 gaim_connection_error(js->gc,
120 _("Server does not use any supported authentication method"));
121 return;
122 }
123
124 iq = jabber_iq_new_query(js, JABBER_IQ_SET, "jabber:iq:auth");
125 query = xmlnode_get_child(iq->node, "query");
126 x = xmlnode_new_child(query, "username");
127 xmlnode_insert_data(x, js->user->node, -1);
128 x = xmlnode_new_child(query, "resource");
129 xmlnode_insert_data(x, js->user->resource, -1);
130
131 if(digest) {
132 unsigned char hashval[20];
133 char *s, h[41], *p;
134 int i;
135
136 x = xmlnode_new_child(query, "digest");
137 s = g_strdup_printf("%s%s", js->stream_id, pw);
138 shaBlock((unsigned char *)s, strlen(s), hashval);
139 p = h;
140 for(i=0; i<20; i++, p+=2)
141 snprintf(p, 3, "%02x", hashval[i]);
142 xmlnode_insert_data(x, h, -1);
143 g_free(s);
144 } else {
145 x = xmlnode_new_child(query, "password");
146 xmlnode_insert_data(x, pw, -1);
147 }
148
149 jabber_iq_set_callback(iq, auth_old_result_cb);
150
151 jabber_iq_send(iq);
152 }
153
154 void jabber_auth_start_old(JabberStream *js)
155 {
156 JabberIq *iq;
157 xmlnode *query, *username;
158
159 iq = jabber_iq_new_query(js, JABBER_IQ_GET, "jabber:iq:auth");
160
161 query = xmlnode_get_child(iq->node, "query");
162 username = xmlnode_new_child(query, "username");
163 xmlnode_insert_data(username, js->user->node, -1);
164
165 jabber_iq_set_callback(iq, auth_old_cb);
166
167 jabber_iq_send(iq);
168 }
169
170 static GHashTable* parse_challenge(const char *challenge)
171 {
172 GHashTable *ret = g_hash_table_new_full(g_str_hash, g_str_equal,
173 g_free, g_free);
174 char **pairs;
175 int i;
176
177 pairs = g_strsplit(challenge, ",", -1);
178
179 for(i=0; pairs[i]; i++) {
180 char **keyval = g_strsplit(pairs[i], "=", 2);
181 if(keyval[0] && keyval[1]) {
182 if(keyval[1][0] == '"' && keyval[1][strlen(keyval[1])-1] == '"')
183 g_hash_table_replace(ret, g_strdup(keyval[0]), g_strndup(keyval[1]+1, strlen(keyval[1])-2));
184 else
185 g_hash_table_replace(ret, g_strdup(keyval[0]), g_strdup(keyval[1]));
186 }
187 g_strfreev(keyval);
188 }
189
190 g_strfreev(pairs);
191
192 return ret;
193 }
194
195 static unsigned char*
196 generate_response_value(JabberID *jid, const char *passwd, const char *nonce,
197 const char *cnonce, const char *a2)
198 {
199 md5_state_t ctx;
200 md5_byte_t result[16];
201
202 char *x, *y, *a1, *ha1, *ha2, *kd, *z;
203
204 x = g_strdup_printf("%s:%s:%s", jid->node, jid->domain, passwd);
205 md5_init(&ctx);
206 md5_append(&ctx, x, strlen(x));
207 md5_finish(&ctx, result);
208
209 y = g_strndup(result, 16);
210
211 a1 = g_strdup_printf("%s:%s:%s:%s@%s/%s", y, nonce, cnonce, jid->node,
212 jid->domain, jid->resource);
213
214 md5_init(&ctx);
215 md5_append(&ctx, a1, strlen(a1));
216 md5_finish(&ctx, result);
217
218 ha1 = tobase16(result, 16);
219
220 md5_init(&ctx);
221 md5_append(&ctx, a2, strlen(a2));
222 md5_finish(&ctx, result);
223
224 ha2 = tobase16(result, 16);
225
226 kd = g_strdup_printf("%s:%s:00000001:%s:auth:%s", ha1, nonce, cnonce, ha2);
227
228 md5_init(&ctx);
229 md5_append(&ctx, kd, strlen(kd));
230 md5_finish(&ctx, result);
231
232 z = tobase16(result, 16);
233
234 g_free(x);
235 g_free(y);
236 g_free(a1);
237 g_free(ha1);
238 g_free(ha2);
239 g_free(kd);
240
241 return z;
242 }
243
244 void
245 jabber_auth_handle_challenge(JabberStream *js, xmlnode *packet)
246 {
247 char *enc_in = xmlnode_get_data(packet);
248 char *dec_in;
249 char *enc_out;
250 GHashTable *parts;
251
252 frombase64(enc_in, &dec_in, NULL);
253
254 parts = parse_challenge(dec_in);
255
256 /* we're actually supposed to prompt the user for a realm if
257 * the server doesn't send one, but that really complicates things,
258 * so i'm not gonna worry about it until is poses a problem to someone,
259 * or I get really bored */
260
261 if(g_hash_table_lookup(parts, "realm")) {
262 /* assemble a response, and send it */
263 /* see RFC 2831 */
264 GString *response = g_string_new("");
265 char *a2;
266 char *auth_resp;
267 char *buf;
268 char *cnonce;
269 char *realm;
270 char *nonce;
271
272 cnonce = g_strdup_printf("%p%u%p", js, (int)time(NULL), packet);
273 nonce = g_hash_table_lookup(parts, "nonce");
274 realm = g_hash_table_lookup(parts, "realm");
275
276 a2 = g_strdup_printf("AUTHENTICATE:xmpp/%s", realm);
277 auth_resp = generate_response_value(js->user,
278 gaim_account_get_password(js->gc->account), nonce, cnonce, a2);
279 g_free(a2);
280
281 a2 = g_strdup_printf(":xmpp/%s", realm);
282 js->expected_rspauth = generate_response_value(js->user,
283 gaim_account_get_password(js->gc->account), nonce, cnonce, a2);
284 g_free(a2);
285
286
287 g_string_append_printf(response, "username=\"%s\"", js->user->node);
288 g_string_append_printf(response, ",realm=\"%s\"", realm);
289 g_string_append_printf(response, ",nonce=\"%s\"", nonce);
290 g_string_append_printf(response, ",cnonce=\"%s\"", cnonce);
291 g_string_append_printf(response, ",nc=00000001");
292 g_string_append_printf(response, ",qop=auth");
293 g_string_append_printf(response, ",digest-uri=\"xmpp/%s\"", realm);
294 g_string_append_printf(response, ",response=%s", auth_resp);
295 g_string_append_printf(response, ",charset=utf-8");
296 g_string_append_printf(response, ",authzid=\"%s\"",
297 gaim_account_get_username(js->gc->account));
298
299 g_free(auth_resp);
300 g_free(cnonce);
301
302 enc_out = tobase64(response->str, response->len);
303
304 gaim_debug(GAIM_DEBUG_MISC, "jabber", "decoded response (%d): %s\n", response->len, response->str);
305
306 buf = g_strdup_printf("<response xmlns='urn:ietf:params:xml:ns:xmpp-sasl'>%s</response>", enc_out);
307
308 jabber_send_raw(js, buf);
309
310 g_free(buf);
311
312 g_free(enc_out);
313
314 g_string_free(response, TRUE);
315 } else if (g_hash_table_lookup(parts, "rspauth")) {
316 char *rspauth = g_hash_table_lookup(parts, "rspauth");
317
318
319 if(rspauth && !strcmp(rspauth, js->expected_rspauth)) {
320 jabber_send_raw(js,
321 "<response xmlns='urn:ietf:params:xml:ns:xmpp-sasl' />");
322 } else {
323 gaim_connection_error(js->gc, _("Invalid challenge from server"));
324 }
325 g_free(js->expected_rspauth);
326 }
327
328 g_free(enc_in);
329 g_free(dec_in);
330 g_hash_table_destroy(parts);
331 }
332
333 void jabber_auth_handle_success(JabberStream *js, xmlnode *packet)
334 {
335 const char *ns = xmlnode_get_attrib(packet, "xmlns");
336
337 if(!ns || strcmp(ns, "urn:ietf:params:xml:ns:xmpp-sasl")) {
338 gaim_connection_error(js->gc, _("Invalid response from server"));
339 return;
340 }
341
342 jabber_stream_set_state(js, JABBER_STREAM_REINITIALIZING);
343 }
344
345 void jabber_auth_handle_failure(JabberStream *js, xmlnode *packet)
346 {
347 const char *ns = xmlnode_get_attrib(packet, "xmlns");
348
349 if(!ns)
350 gaim_connection_error(js->gc, _("Invalid response from server"));
351 else if(!strcmp(ns, "urn:ietf:params:xml:ns:xmpp-sasl")) {
352 if(xmlnode_get_child(packet, "bad-protocol")) {
353 gaim_connection_error(js->gc, _("Bad Protocol"));
354 } else if(xmlnode_get_child(packet, "encryption-required")) {
355 js->gc->wants_to_die = TRUE;
356 gaim_connection_error(js->gc, _("Encryption Required"));
357 } else if(xmlnode_get_child(packet, "invalid-authzid")) {
358 js->gc->wants_to_die = TRUE;
359 gaim_connection_error(js->gc, _("Invalid authzid"));
360 } else if(xmlnode_get_child(packet, "invalid-mechanism")) {
361 js->gc->wants_to_die = TRUE;
362 gaim_connection_error(js->gc, _("Invalid Mechanism"));
363 } else if(xmlnode_get_child(packet, "invalid-realm")) {
364 gaim_connection_error(js->gc, _("Invalid Realm"));
365 } else if(xmlnode_get_child(packet, "mechanism-too-weak")) {
366 js->gc->wants_to_die = TRUE;
367 gaim_connection_error(js->gc, _("Mechanism Too Weak"));
368 } else if(xmlnode_get_child(packet, "not-authorized")) {
369 js->gc->wants_to_die = TRUE;
370 gaim_connection_error(js->gc, _("Not Authorized"));
371 } else if(xmlnode_get_child(packet, "temporary-auth-failure")) {
372 gaim_connection_error(js->gc,
373 _("Temporary Authentication Failure"));
374 } else {
375 gaim_connection_error(js->gc, _("Authentication Failure"));
376 }
377 }
378 }