diff options
| -rw-r--r-- | protocols/jabber/sasl.c | 181 |
1 files changed, 179 insertions, 2 deletions
diff --git a/protocols/jabber/sasl.c b/protocols/jabber/sasl.c index 13ff9d26..7a3ca112 100644 --- a/protocols/jabber/sasl.c +++ b/protocols/jabber/sasl.c @@ -70,7 +70,7 @@ xt_status sasl_pkt_mechanisms( struct xt_node *node, gpointer data ) reply = xt_new_node( "auth", NULL, NULL ); xt_add_attr( reply, "xmlns", SASL_NS ); - if( sup_digest && 0 ) + if( sup_digest ) { xt_add_attr( reply, "mechanism", "DIGEST-MD5" ); @@ -106,9 +106,186 @@ xt_status sasl_pkt_mechanisms( struct xt_node *node, gpointer data ) return XT_HANDLED; } +static char *sasl_get_part( char *data, char *field ) +{ + int i, len; + + len = strlen( field ); + + if( g_strncasecmp( data, field, len ) == 0 && data[len] == '=' ) + { + i = strlen( field ) + 1; + } + else + { + for( i = 0; data[i]; i ++ ) + { + /* If we have a ", skip until it's closed again. */ + if( data[i] == '"' ) + { + i ++; + while( data[i] != '"' || data[i-1] == '\\' ) + i ++; + } + + /* If we got a comma, we got a new field. Check it. */ + if( data[i] == ',' && + g_strncasecmp( data + i + 1, field, len ) == 0 && + data[i+len+1] == '=' ) + { + i += len + 2; + break; + } + } + } + + if( data[i] == '"' ) + { + int j; + char *ret; + + i ++; + len = 0; + while( data[i+len] != '"' || data[i+len-1] == '\\' ) + len ++; + + ret = g_strndup( data + i, len ); + for( i = j = 0; ret[i]; i ++ ) + { + if( ret[i] == '\\' ) + { + ret[j++] = ret[++i]; + } + else + { + ret[j++] = ret[i]; + } + } + ret[j] = 0; + + return ret; + } + else if( data[i] ) + { + len = 0; + while( data[i+len] && data[i+len] != ',' ) + len ++; + + return g_strndup( data + i, len ); + } + else + { + return NULL; + } +} + xt_status sasl_pkt_challenge( struct xt_node *node, gpointer data ) { - return XT_HANDLED; + struct gaim_connection *gc = data; + struct jabber_data *jd = gc->proto_data; + struct xt_node *reply = NULL; + char *nonce = NULL, *realm = NULL, *cnonce = NULL, cnonce_bin[30]; + char *digest_uri = NULL; + char *dec = NULL; + char *s = NULL; + xt_status ret = XT_ABORT; + + if( node->text_len == 0 ) + goto error; + + dec = frombase64( node->text ); + + if( !( s = sasl_get_part( dec, "rspauth" ) ) ) + { + /* See RFC 2831 for for information. */ + md5_state_t A1, A2, H; + md5_byte_t A1r[16], A2r[16], Hr[16]; + char A1h[33], A2h[33], Hh[33]; + int i; + + nonce = sasl_get_part( dec, "nonce" ); + realm = sasl_get_part( dec, "realm" ); + + if( !nonce || !realm ) + goto error; + + random_bytes( (unsigned char *) cnonce_bin, sizeof( cnonce_bin ) ); + cnonce = base64_encode( cnonce_bin, sizeof( cnonce_bin ) ); + digest_uri = g_strdup_printf( "%s/%s", "xmpp", jd->server ); + + /* Generate the MD5 hash of username:realm:password, + I decided to call it H. */ + md5_init( &H ); + s = g_strdup_printf( "%s:%s:%s", jd->username, realm, gc->acc->pass ); + md5_append( &H, (unsigned char *) s, strlen( s ) ); + g_free( s ); + md5_finish( &H, Hr ); + + /* Now generate the hex. MD5 hash of H:nonce:cnonce, called A1. */ + md5_init( &A1 ); + s = g_strdup_printf( ":%s:%s", nonce, cnonce ); + md5_append( &A1, Hr, 16 ); + md5_append( &A1, (unsigned char *) s, strlen( s ) ); + g_free( s ); + md5_finish( &A1, A1r ); + for( i = 0; i < 16; i ++ ) + sprintf( A1h + i * 2, "%02x", A1r[i] ); + + /* A2... */ + md5_init( &A2 ); + s = g_strdup_printf( "%s:%s", "AUTHENTICATE", digest_uri ); + md5_append( &A2, (unsigned char *) s, strlen( s ) ); + g_free( s ); + md5_finish( &A2, A2r ); + for( i = 0; i < 16; i ++ ) + sprintf( A2h + i * 2, "%02x", A2r[i] ); + + /* Final result: A1:nonce:00000001:cnonce:auth:A2. Let's reuse H for it. */ + md5_init( &H ); + s = g_strdup_printf( "%s:%s:%s:%s:%s:%s", A1h, nonce, "00000001", cnonce, "auth", A2h ); + md5_append( &H, (unsigned char *) s, strlen( s ) ); + g_free( s ); + md5_finish( &H, Hr ); + for( i = 0; i < 16; i ++ ) + sprintf( Hh + i * 2, "%02x", Hr[i] ); + + /* Now build the SASL response string: */ + g_free( dec ); + dec = g_strdup_printf( "username=\"%s\",realm=\"%s\",nonce=\"%s\",cnonce=\"%s\"," + "nc=%08x,qop=auth,digest-uri=\"%s\",response=%s,charset=%s", + jd->username, realm, nonce, cnonce, 1, digest_uri, Hh, "utf-8" ); + s = tobase64( dec ); + } + else + { + /* We found rspauth, but don't really care... */ + g_free( s ); + s = NULL; + } + + reply = xt_new_node( "response", s, NULL ); + xt_add_attr( reply, "xmlns", SASL_NS ); + + if( !jabber_write_packet( gc, reply ) ) + goto silent_error; + + ret = XT_HANDLED; + goto silent_error; + +error: + hide_login_progress( gc, "Incorrect SASL challenge received" ); + signoff( gc ); + +silent_error: + g_free( digest_uri ); + g_free( cnonce ); + g_free( nonce ); + g_free( realm ); + g_free( dec ); + g_free( s ); + xt_free_node( reply ); + + return ret; } xt_status sasl_pkt_result( struct xt_node *node, gpointer data ) |