Included Oliver Tappe's DIGEST-MD5 support and fixes to the CRAM-MD5 mechanism.
git-svn-id: file:///srv/svn/repos/haiku/trunk/current@11176 a95241bf-73f2-0310-859d-f6bbb57e9c96
This commit is contained in:
parent
bf8c5a0440
commit
e4b4e8f554
@ -11,6 +11,7 @@
|
|||||||
#include <Entry.h>
|
#include <Entry.h>
|
||||||
#include <Path.h>
|
#include <Path.h>
|
||||||
|
|
||||||
|
#include <cctype>
|
||||||
#include <stdlib.h>
|
#include <stdlib.h>
|
||||||
#include <stdio.h>
|
#include <stdio.h>
|
||||||
#include <errno.h>
|
#include <errno.h>
|
||||||
@ -24,6 +25,8 @@
|
|||||||
#include <crypt.h>
|
#include <crypt.h>
|
||||||
#include <unistd.h>
|
#include <unistd.h>
|
||||||
|
|
||||||
|
#include <map>
|
||||||
|
|
||||||
#include "smtp.h"
|
#include "smtp.h"
|
||||||
#ifndef USESSL
|
#ifndef USESSL
|
||||||
#include "md5.h"
|
#include "md5.h"
|
||||||
@ -127,10 +130,96 @@ MD5HexHmac(char *hexdigest,
|
|||||||
{
|
{
|
||||||
unsigned char digest[16];
|
unsigned char digest[16];
|
||||||
int i;
|
int i;
|
||||||
|
unsigned char c;
|
||||||
|
|
||||||
MD5Hmac(digest, text, text_len, key, key_len);
|
MD5Hmac(digest, text, text_len, key, key_len);
|
||||||
for (i = 0; i < 16; i++)
|
for (i = 0; i < 16; i++) {
|
||||||
sprintf(hexdigest + 2 * i, "%02x", digest[i]);
|
c = digest[i];
|
||||||
|
*hexdigest++ = (c > 0x9F ? 'a'-10 : '0')+(c>>4);
|
||||||
|
*hexdigest++ = ((c&0x0F) > 9 ? 'a'-10 : '0')+(c&0x0F);
|
||||||
|
}
|
||||||
|
*hexdigest = '\0';
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
/*
|
||||||
|
** Function: MD5Sum
|
||||||
|
** generates an MD5-sum from the given string
|
||||||
|
*/
|
||||||
|
void
|
||||||
|
MD5Sum (char* sum, unsigned char *text, int text_len) {
|
||||||
|
MD5_CTX context;
|
||||||
|
MD5_Init(&context);
|
||||||
|
MD5_Update(&context, text, text_len);
|
||||||
|
MD5_Final((unsigned char*)sum, &context);
|
||||||
|
sum[16] = '\0';
|
||||||
|
}
|
||||||
|
|
||||||
|
/*
|
||||||
|
** Function: MD5Digest
|
||||||
|
** generates an MD5-digest from the given string
|
||||||
|
*/
|
||||||
|
void MD5Digest (char* hexdigest, unsigned char *text, int text_len) {
|
||||||
|
int i;
|
||||||
|
unsigned char digest[17];
|
||||||
|
unsigned char c;
|
||||||
|
|
||||||
|
MD5Sum((char*)digest, text, text_len);
|
||||||
|
|
||||||
|
for (i = 0; i < 16; i++) {
|
||||||
|
c = digest[i];
|
||||||
|
*hexdigest++ = (c > 0x9F ? 'a'-10 : '0')+(c>>4);
|
||||||
|
*hexdigest++ = ((c&0x0F) > 9 ? 'a'-10 : '0')+(c&0x0F);
|
||||||
|
}
|
||||||
|
*hexdigest = '\0';
|
||||||
|
}
|
||||||
|
|
||||||
|
/*
|
||||||
|
** Function: SplitChallengeIntoMap
|
||||||
|
** splits a challenge-string into the given map (see RFC-2831)
|
||||||
|
*/
|
||||||
|
// :
|
||||||
|
static bool
|
||||||
|
SplitChallengeIntoMap(BString str, map<BString,BString>& m)
|
||||||
|
{
|
||||||
|
m.clear();
|
||||||
|
const char* key;
|
||||||
|
const char* val;
|
||||||
|
char* s = (char*)str.String();
|
||||||
|
while(*s != 0) {
|
||||||
|
while(isspace(*s))
|
||||||
|
s++;
|
||||||
|
key = s;
|
||||||
|
while(isalpha(*s))
|
||||||
|
s++;
|
||||||
|
if (*s != '=')
|
||||||
|
return false;
|
||||||
|
*s++ = '\0';
|
||||||
|
while(isspace(*s))
|
||||||
|
s++;
|
||||||
|
if (*s=='"') {
|
||||||
|
val = ++s;
|
||||||
|
while(*s!='"') {
|
||||||
|
if (*s == 0)
|
||||||
|
return false;
|
||||||
|
s++;
|
||||||
|
}
|
||||||
|
*s++ = '\0';
|
||||||
|
} else {
|
||||||
|
val = s;
|
||||||
|
while(*s!=0 && *s!=',' && !isspace(*s))
|
||||||
|
s++;
|
||||||
|
if (*s != 0)
|
||||||
|
*s++ = '\0';
|
||||||
|
}
|
||||||
|
m[key] = val;
|
||||||
|
while(isspace(*s))
|
||||||
|
s++;
|
||||||
|
if (*s != ',')
|
||||||
|
return false;
|
||||||
|
s++;
|
||||||
|
}
|
||||||
|
return true;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
@ -372,8 +461,10 @@ SMTPProtocol::Open(const char *address, int port, bool esmtp)
|
|||||||
fAuthType |= PLAIN;
|
fAuthType |= PLAIN;
|
||||||
if(::strstr(p, "CRAM-MD5"))
|
if(::strstr(p, "CRAM-MD5"))
|
||||||
fAuthType |= CRAM_MD5;
|
fAuthType |= CRAM_MD5;
|
||||||
if(::strstr(p, "DIGEST-MD5"))
|
if(::strstr(p, "DIGEST-MD5")) {
|
||||||
fAuthType |= DIGEST_MD5;
|
fAuthType |= DIGEST_MD5;
|
||||||
|
fServerName = address;
|
||||||
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
return B_OK;
|
return B_OK;
|
||||||
@ -465,16 +556,92 @@ SMTPProtocol::Login(const char *_login, const char *password)
|
|||||||
int32 loginlen = ::strlen(login);
|
int32 loginlen = ::strlen(login);
|
||||||
int32 passlen = ::strlen(password);
|
int32 passlen = ::strlen(password);
|
||||||
|
|
||||||
|
if (fAuthType & DIGEST_MD5) {
|
||||||
|
//******* DIGEST-MD5 Authentication ( tested. works fine [with Cyrus SASL] )
|
||||||
|
// this implements only the subpart of DIGEST-MD5 which is
|
||||||
|
// required for authentication to SMTP-servers. Integrity-
|
||||||
|
// and confidentiality-protection are not implemented, as
|
||||||
|
// they are provided by the use of OpenSSL.
|
||||||
|
SendCommand("AUTH DIGEST-MD5"CRLF);
|
||||||
|
const char *res = fLog.String();
|
||||||
|
|
||||||
|
if (strncmp(res, "334", 3) != 0)
|
||||||
|
return B_ERROR;
|
||||||
|
int32 baselen = ::strlen(&res[4]);
|
||||||
|
char *base = new char[baselen+1];
|
||||||
|
baselen = ::decode_base64(base, &res[4], baselen);
|
||||||
|
base[baselen] = '\0';
|
||||||
|
|
||||||
|
D(bug("base: %s\n", base));
|
||||||
|
|
||||||
|
map<BString,BString> challengeMap;
|
||||||
|
SplitChallengeIntoMap(base, challengeMap);
|
||||||
|
|
||||||
|
BString rawResponse = BString("username=") << '"' << login << '"';
|
||||||
|
rawResponse << ",realm=" << '"' << challengeMap["realm"] << '"';
|
||||||
|
rawResponse << ",nonce=" << '"' << challengeMap["nonce"] << '"';
|
||||||
|
rawResponse << ",nc=00000001";
|
||||||
|
char temp[33];
|
||||||
|
for( int i=0; i<32; ++i)
|
||||||
|
temp[i] = 1+(rand()%254);
|
||||||
|
temp[33] = '\0';
|
||||||
|
BString rawCnonce(temp);
|
||||||
|
BString cnonce;
|
||||||
|
char* cnoncePtr = cnonce.LockBuffer(rawCnonce.Length()*2);
|
||||||
|
baselen = ::encode_base64(cnoncePtr, rawCnonce.String(), rawCnonce.Length(), true /* headerMode */);
|
||||||
|
cnoncePtr[baselen] = '\0';
|
||||||
|
cnonce.UnlockBuffer(baselen);
|
||||||
|
rawResponse << ",cnonce=" << '"' << cnonce << '"';
|
||||||
|
rawResponse << ",qop=auth";
|
||||||
|
BString digestUriValue = BString("smtp/") << fServerName;
|
||||||
|
rawResponse << ",digest-uri=" << '"' << digestUriValue << '"';
|
||||||
|
char sum[17], hex_digest2[33];
|
||||||
|
BString a1,a2,kd;
|
||||||
|
BString t1 = BString(login) << ":"
|
||||||
|
<< challengeMap["realm"] << ":"
|
||||||
|
<< password;
|
||||||
|
MD5Sum(sum, (unsigned char*)t1.String(), t1.Length());
|
||||||
|
a1 << sum << ":" << challengeMap["nonce"] << ":" << cnonce;
|
||||||
|
MD5Digest(hex_digest, (unsigned char*)a1.String(), a1.Length());
|
||||||
|
a2 << "AUTHENTICATE:" << digestUriValue;
|
||||||
|
MD5Digest(hex_digest2, (unsigned char*)a2.String(), a2.Length());
|
||||||
|
kd << hex_digest << ':' << challengeMap["nonce"]
|
||||||
|
<< ":" << "00000001" << ':' << cnonce << ':' << "auth"
|
||||||
|
<< ':' << hex_digest2;
|
||||||
|
MD5Digest(hex_digest, (unsigned char*)kd.String(), kd.Length());
|
||||||
|
|
||||||
|
rawResponse << ",response=" << hex_digest;
|
||||||
|
rawResponse << ",charset=utf-8";
|
||||||
|
BString postResponse;
|
||||||
|
char *resp = postResponse.LockBuffer(rawResponse.Length() * 2 + 10);
|
||||||
|
baselen = ::encode_base64(resp, rawResponse.String(), rawResponse.Length(), true /* headerMode */);
|
||||||
|
resp[baselen] = 0;
|
||||||
|
postResponse.UnlockBuffer();
|
||||||
|
postResponse.Append(CRLF);
|
||||||
|
|
||||||
|
SendCommand(postResponse.String());
|
||||||
|
|
||||||
|
res = fLog.String();
|
||||||
|
if (atol(res) >= 500)
|
||||||
|
return B_ERROR;
|
||||||
|
// actually, we are supposed to check the rspauth sent back
|
||||||
|
// by the SMTP-server, but that isn't strictly required,
|
||||||
|
// so we skip that for now.
|
||||||
|
SendCommand(CRLF); // finish off authentication
|
||||||
|
res = fLog.String();
|
||||||
|
if (atol(res) < 500)
|
||||||
|
return B_OK;
|
||||||
|
}
|
||||||
if (fAuthType & CRAM_MD5) {
|
if (fAuthType & CRAM_MD5) {
|
||||||
//******* CRAM-MD5 Authentication ( not tested yet.)
|
//******* CRAM-MD5 Authentication ( tested. works fine [with Cyrus SASL] )
|
||||||
SendCommand("AUTH CRAM-MD5"CRLF);
|
SendCommand("AUTH CRAM-MD5"CRLF);
|
||||||
const char *res = fLog.String();
|
const char *res = fLog.String();
|
||||||
|
|
||||||
if (strncmp(res, "334", 3) != 0)
|
if (strncmp(res, "334", 3) != 0)
|
||||||
return B_ERROR;
|
return B_ERROR;
|
||||||
char *base = new char[::strlen(&res[4])+1];
|
int32 baselen = ::strlen(&res[4]);
|
||||||
int32 baselen = ::strlen(base);
|
char *base = new char[baselen+1];
|
||||||
baselen = ::decode_base64(base, base, baselen);
|
baselen = ::decode_base64(base, &res[4], baselen);
|
||||||
base[baselen] = '\0';
|
base[baselen] = '\0';
|
||||||
|
|
||||||
D(bug("base: %s\n", base));
|
D(bug("base: %s\n", base));
|
||||||
@ -501,10 +668,6 @@ SMTPProtocol::Login(const char *_login, const char *password)
|
|||||||
if (atol(res) < 500)
|
if (atol(res) < 500)
|
||||||
return B_OK;
|
return B_OK;
|
||||||
}
|
}
|
||||||
if (fAuthType & DIGEST_MD5) {
|
|
||||||
//******* DIGEST-MD5 Authentication ( not written yet..)
|
|
||||||
fLog = "DIGEST-MD5 Authentication is not supported";
|
|
||||||
}
|
|
||||||
if (fAuthType & LOGIN) {
|
if (fAuthType & LOGIN) {
|
||||||
//******* LOGIN Authentication ( tested. works fine)
|
//******* LOGIN Authentication ( tested. works fine)
|
||||||
ssize_t encodedsize; // required by our base64 implementation
|
ssize_t encodedsize; // required by our base64 implementation
|
||||||
@ -540,13 +703,20 @@ SMTPProtocol::Login(const char *_login, const char *password)
|
|||||||
return B_OK;
|
return B_OK;
|
||||||
}
|
}
|
||||||
if (fAuthType & PLAIN) {
|
if (fAuthType & PLAIN) {
|
||||||
//******* PLAIN Authentication ( not tested yet.)
|
//******* PLAIN Authentication ( tested. works fine [with Cyrus SASL] )
|
||||||
|
// format is:
|
||||||
|
// authenticateID + \0 + username + \0 + password
|
||||||
|
// (where authenticateID is always empty !?!)
|
||||||
BString preResponse, postResponse;
|
BString preResponse, postResponse;
|
||||||
char *stringPntr;
|
char *stringPntr;
|
||||||
ssize_t encodedLength;
|
ssize_t encodedLength;
|
||||||
stringPntr = preResponse.LockBuffer(loginlen * 2 + passlen + 3);
|
stringPntr = preResponse.LockBuffer(loginlen + passlen + 3);
|
||||||
sprintf (stringPntr, "%s%c%s%c%s", login, 0, login, 0, password);
|
// +3 to make room for the two \0-chars between the tokens and
|
||||||
preResponse.UnlockBuffer(loginlen * 2 + passlen + 3);
|
// the final delimiter added by sprintf().
|
||||||
|
sprintf (stringPntr, "%c%s%c%s", 0, login, 0, password);
|
||||||
|
preResponse.UnlockBuffer(loginlen + passlen + 2);
|
||||||
|
// +2 in order to leave out the final delimiter (which is not part
|
||||||
|
// of the string).
|
||||||
stringPntr = postResponse.LockBuffer(preResponse.Length() * 3);
|
stringPntr = postResponse.LockBuffer(preResponse.Length() * 3);
|
||||||
encodedLength = ::encode_base64(stringPntr, preResponse.String(),
|
encodedLength = ::encode_base64(stringPntr, preResponse.String(),
|
||||||
preResponse.Length(), true /* headerMode */);
|
preResponse.Length(), true /* headerMode */);
|
||||||
|
@ -51,6 +51,7 @@ class SMTPProtocol : public BMailFilter {
|
|||||||
#endif
|
#endif
|
||||||
|
|
||||||
status_t fStatus;
|
status_t fStatus;
|
||||||
|
BString fServerName; // required for DIGEST-MD5
|
||||||
};
|
};
|
||||||
|
|
||||||
#endif /* ZOIDBERG_SMTP_H */
|
#endif /* ZOIDBERG_SMTP_H */
|
||||||
|
Loading…
Reference in New Issue
Block a user