119 lines
2.2 KiB
C
119 lines
2.2 KiB
C
/*
|
|
* HTTPDIGEST - MD5 challenge/response authentication (RFC 2617)
|
|
*
|
|
* Client protocol:
|
|
* write challenge: nonce method uri
|
|
* read response: 2*MD5dlen hex digits
|
|
*
|
|
* Server protocol:
|
|
* unimplemented
|
|
*/
|
|
#include "std.h"
|
|
#include "dat.h"
|
|
|
|
static void
|
|
digest(char *user, char *realm, char *passwd,
|
|
char *nonce, char *method, char *uri,
|
|
char *dig);
|
|
|
|
static int
|
|
hdclient(Conv *c)
|
|
{
|
|
char *realm, *passwd, *user, *f[4], *s, resp[MD5dlen*2+1];
|
|
int ret;
|
|
Key *k;
|
|
|
|
ret = -1;
|
|
s = nil;
|
|
|
|
c->state = "keylookup";
|
|
k = keyfetch(c, "%A", c->attr);
|
|
if(k == nil)
|
|
goto out;
|
|
|
|
user = strfindattr(k->attr, "user");
|
|
realm = strfindattr(k->attr, "realm");
|
|
passwd = strfindattr(k->attr, "!password");
|
|
|
|
if(convreadm(c, &s) < 0)
|
|
goto out;
|
|
if(tokenize(s, f, 4) != 3){
|
|
werrstr("bad challenge -- want nonce method uri");
|
|
goto out;
|
|
}
|
|
|
|
digest(user, realm, passwd, f[0], f[1], f[2], resp);
|
|
convwrite(c, resp, strlen(resp));
|
|
ret = 0;
|
|
|
|
out:
|
|
free(s);
|
|
keyclose(k);
|
|
return ret;
|
|
}
|
|
|
|
static void
|
|
strtolower(char *s)
|
|
{
|
|
while(*s){
|
|
*s = tolower(*s);
|
|
s++;
|
|
}
|
|
}
|
|
|
|
static void
|
|
digest(char *user, char *realm, char *passwd,
|
|
char *nonce, char *method, char *uri,
|
|
char *dig)
|
|
{
|
|
uchar b[MD5dlen];
|
|
char ha1[MD5dlen*2+1];
|
|
char ha2[MD5dlen*2+1];
|
|
DigestState *s;
|
|
|
|
/*
|
|
* H(A1) = MD5(uid + ":" + realm ":" + passwd)
|
|
*/
|
|
s = md5((uchar*)user, strlen(user), nil, nil);
|
|
md5((uchar*)":", 1, nil, s);
|
|
md5((uchar*)realm, strlen(realm), nil, s);
|
|
md5((uchar*)":", 1, nil, s);
|
|
md5((uchar*)passwd, strlen(passwd), b, s);
|
|
enc16(ha1, sizeof(ha1), b, MD5dlen);
|
|
strtolower(ha1);
|
|
|
|
/*
|
|
* H(A2) = MD5(method + ":" + uri)
|
|
*/
|
|
s = md5((uchar*)method, strlen(method), nil, nil);
|
|
md5((uchar*)":", 1, nil, s);
|
|
md5((uchar*)uri, strlen(uri), b, s);
|
|
enc16(ha2, sizeof(ha2), b, MD5dlen);
|
|
strtolower(ha2);
|
|
|
|
/*
|
|
* digest = MD5(H(A1) + ":" + nonce + ":" + H(A2))
|
|
*/
|
|
s = md5((uchar*)ha1, MD5dlen*2, nil, nil);
|
|
md5((uchar*)":", 1, nil, s);
|
|
md5((uchar*)nonce, strlen(nonce), nil, s);
|
|
md5((uchar*)":", 1, nil, s);
|
|
md5((uchar*)ha2, MD5dlen*2, b, s);
|
|
enc16(dig, MD5dlen*2+1, b, MD5dlen);
|
|
strtolower(dig);
|
|
}
|
|
|
|
static Role hdroles[] =
|
|
{
|
|
"client", hdclient,
|
|
0
|
|
};
|
|
|
|
Proto httpdigest =
|
|
{
|
|
"httpdigest",
|
|
hdroles,
|
|
"user? realm? !password?",
|
|
nil,
|
|
nil
|
|
};
|