int
digest_md5_parse_challenge (const char *challenge, size_t len,
digest_md5_challenge * out)
{
char *subopts = len ? strndup (challenge, len) : strdup (challenge);
int rc;
if (!subopts)
return -1;
rc = parse_challenge (subopts, out);
free (subopts);
return rc;
}
static JabberSaslState
digest_md5_handle_challenge(JabberStream *js, xmlnode *packet,
xmlnode **response, char **msg)
{
xmlnode *reply = NULL;
char *enc_in = xmlnode_get_data(packet);
char *dec_in;
char *enc_out;
GHashTable *parts;
JabberSaslState state = JABBER_SASL_STATE_CONTINUE;
if (!enc_in) {
*msg = g_strdup(_("Invalid response from server"));
return JABBER_SASL_STATE_FAIL;
}
dec_in = (char *)purple_base64_decode(enc_in, NULL);
purple_debug_misc("jabber", "decoded challenge (%"
G_GSIZE_FORMAT "): %s\n", strlen(dec_in), dec_in);
parts = parse_challenge(dec_in);
if (g_hash_table_lookup(parts, "rspauth")) {
char *rspauth = g_hash_table_lookup(parts, "rspauth");
char *expected_rspauth = js->auth_mech_data;
if (rspauth && purple_strequal(rspauth, expected_rspauth)) {
reply = xmlnode_new("response");
xmlnode_set_namespace(reply, NS_XMPP_SASL);
} else {
*msg = g_strdup(_("Invalid challenge from server"));
state = JABBER_SASL_STATE_FAIL;
}
g_free(js->auth_mech_data);
js->auth_mech_data = NULL;
} else {
/* assemble a response, and send it */
/* see RFC 2831 */
char *realm;
char *nonce;
/* Make sure the auth string contains everything that should be there.
This isn't everything in RFC2831, but it is what we need. */
nonce = g_hash_table_lookup(parts, "nonce");
/* we're actually supposed to prompt the user for a realm if
* the server doesn't send one, but that really complicates things,
* so i'm not gonna worry about it until is poses a problem to
* someone, or I get really bored */
realm = g_hash_table_lookup(parts, "realm");
if(!realm)
realm = js->user->domain;
if (nonce == NULL || realm == NULL) {
*msg = g_strdup(_("Invalid challenge from server"));
state = JABBER_SASL_STATE_FAIL;
} else {
GString *response = g_string_new("");
char *a2;
char *auth_resp;
char *cnonce;
cnonce = g_strdup_printf("%x%u%x", g_random_int(), (int)time(NULL),
g_random_int());
a2 = g_strdup_printf("AUTHENTICATE:xmpp/%s", realm);
auth_resp = generate_response_value(js->user,
purple_connection_get_password(js->gc), nonce, cnonce, a2, realm);
g_free(a2);
a2 = g_strdup_printf(":xmpp/%s", realm);
js->auth_mech_data = generate_response_value(js->user,
purple_connection_get_password(js->gc), nonce, cnonce, a2, realm);
g_free(a2);
g_string_append_printf(response, "username=\"%s\"", js->user->node);
g_string_append_printf(response, ",realm=\"%s\"", realm);
g_string_append_printf(response, ",nonce=\"%s\"", nonce);
g_string_append_printf(response, ",cnonce=\"%s\"", cnonce);
g_string_append_printf(response, ",nc=00000001");
g_string_append_printf(response, ",qop=auth");
g_string_append_printf(response, ",digest-uri=\"xmpp/%s\"", realm);
g_string_append_printf(response, ",response=%s", auth_resp);
g_string_append_printf(response, ",charset=utf-8");
g_free(auth_resp);
g_free(cnonce);
enc_out = purple_base64_encode((guchar *)response->str, response->len);
purple_debug_misc("jabber", "decoded response (%"
G_GSIZE_FORMAT "): %s\n",
response->len, response->str);
reply = xmlnode_new("response");
xmlnode_set_namespace(reply, NS_XMPP_SASL);
xmlnode_insert_data(reply, enc_out, -1);
g_free(enc_out);
g_string_free(response, TRUE);
}
}
g_free(enc_in);
g_free(dec_in);
g_hash_table_destroy(parts);
*response = reply;
return state;
}
