gsasl  2.2.2
cram-md5/server.c
Go to the documentation of this file.
1 /* server.c --- SASL CRAM-MD5 server side functions.
2  * Copyright (C) 2002-2025 Simon Josefsson
3  *
4  * This file is part of GNU SASL Library.
5  *
6  * GNU SASL Library is free software; you can redistribute it and/or
7  * modify it under the terms of the GNU Lesser General Public License
8  * as published by the Free Software Foundation; either version 2.1 of
9  * the License, or (at your option) any later version.
10  *
11  * GNU SASL Library is distributed in the hope that it will be useful,
12  * but WITHOUT ANY WARRANTY; without even the implied warranty of
13  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14  * Lesser General Public License for more details.
15  *
16  * You should have received a copy of the GNU Lesser General Public
17  * License along with GNU SASL Library; if not, see
18  * <https://www.gnu.org/licenses/>.
19  *
20  */
21 
22 #include <config.h>
23 
24 /* Get specification. */
25 #include "cram-md5.h"
26 
27 /* Get malloc, free. */
28 #include <stdlib.h>
29 
30 /* Get memcpy, strdup, strlen. */
31 #include <string.h>
32 
33 /* Get cram_md5_challenge. */
34 #include "challenge.h"
35 
36 /* Get cram_md5_digest. */
37 #include "digest.h"
38 
39 #define MD5LEN 16
40 
41 int
42 _gsasl_cram_md5_server_start (Gsasl_session *sctx _GL_UNUSED,
43  void **mech_data)
44 {
45  char *challenge;
46  int rc;
47 
48  challenge = malloc (CRAM_MD5_CHALLENGE_LEN);
49  if (challenge == NULL)
50  return GSASL_MALLOC_ERROR;
51 
52  rc = cram_md5_challenge (challenge);
53  if (rc)
54  {
55  free (challenge);
56  return GSASL_CRYPTO_ERROR;
57  }
58 
59  *mech_data = challenge;
60 
61  return GSASL_OK;
62 }
63 
64 int
65 _gsasl_cram_md5_server_step (Gsasl_session *sctx,
66  void *mech_data,
67  const char *input, size_t input_len,
68  char **output, size_t *output_len)
69 {
70  char *challenge = mech_data;
71  char hash[CRAM_MD5_DIGEST_LEN];
72  const char *password;
73  char *username = NULL;
74  int res = GSASL_OK;
75  char *normkey;
76 
77  if (input_len == 0)
78  {
79  *output_len = strlen (challenge);
80  *output = strdup (challenge);
81 
82  return GSASL_NEEDS_MORE;
83  }
84 
85  if (input_len <= MD5LEN * 2)
86  return GSASL_MECHANISM_PARSE_ERROR;
87 
88  if (input[input_len - MD5LEN * 2 - 1] != ' ')
89  return GSASL_MECHANISM_PARSE_ERROR;
90 
91  username = calloc (1, input_len - MD5LEN * 2);
92  if (username == NULL)
93  return GSASL_MALLOC_ERROR;
94 
95  memcpy (username, input, input_len - MD5LEN * 2 - 1);
96 
97  res = gsasl_property_set (sctx, GSASL_AUTHID, username);
98  free (username);
99  if (res != GSASL_OK)
100  return res;
101 
102  password = gsasl_property_get (sctx, GSASL_PASSWORD);
103  if (!password)
104  return GSASL_NO_PASSWORD;
105 
106  /* FIXME: Use SASLprep here? Treat string as storage string?
107  Specification is unclear. */
108  res = gsasl_saslprep (password, 0, &normkey, NULL);
109  if (res != GSASL_OK)
110  return res;
111 
112  cram_md5_digest (challenge, strlen (challenge),
113  normkey, strlen (normkey), hash);
114 
115  free (normkey);
116 
117  if (memcmp (&input[input_len - MD5LEN * 2], hash, 2 * MD5LEN) == 0)
118  res = GSASL_OK;
119  else
120  res = GSASL_AUTHENTICATION_ERROR;
121 
122  *output_len = 0;
123  *output = NULL;
124 
125  return res;
126 }
127 
128 void
129 _gsasl_cram_md5_server_finish (Gsasl_session *sctx _GL_UNUSED,
130  void *mech_data)
131 {
132  char *challenge = mech_data;
133 
134  free (challenge);
135 }
cram_md5_challenge
int cram_md5_challenge(char challenge[CRAM_MD5_CHALLENGE_LEN])
Definition: challenge.c:65
CRAM_MD5_CHALLENGE_LEN
#define CRAM_MD5_CHALLENGE_LEN
Definition: challenge.h:25
MD5LEN
#define MD5LEN
Definition: cram-md5/server.c:39
_gsasl_cram_md5_server_step
int _gsasl_cram_md5_server_step(Gsasl_session *sctx, void *mech_data, const char *input, size_t input_len, char **output, size_t *output_len)
Definition: cram-md5/server.c:65
_gsasl_cram_md5_server_finish
void _gsasl_cram_md5_server_finish(Gsasl_session *sctx _GL_UNUSED, void *mech_data)
Definition: cram-md5/server.c:129
_gsasl_cram_md5_server_start
int _gsasl_cram_md5_server_start(Gsasl_session *sctx _GL_UNUSED, void **mech_data)
Definition: cram-md5/server.c:42
cram_md5_digest
void cram_md5_digest(const char *challenge, size_t challengelen, const char *secret, size_t secretlen, char response[CRAM_MD5_DIGEST_LEN])
Definition: digest.c:59
CRAM_MD5_DIGEST_LEN
#define CRAM_MD5_DIGEST_LEN
Definition: digest.h:28
rc
int rc
Definition: error.c:36
GSASL_OK
@ GSASL_OK
Definition: gsasl.h:128
GSASL_AUTHENTICATION_ERROR
@ GSASL_AUTHENTICATION_ERROR
Definition: gsasl.h:137
GSASL_NEEDS_MORE
@ GSASL_NEEDS_MORE
Definition: gsasl.h:129
GSASL_MALLOC_ERROR
@ GSASL_MALLOC_ERROR
Definition: gsasl.h:132
GSASL_NO_PASSWORD
@ GSASL_NO_PASSWORD
Definition: gsasl.h:145
GSASL_MECHANISM_PARSE_ERROR
@ GSASL_MECHANISM_PARSE_ERROR
Definition: gsasl.h:136
GSASL_CRYPTO_ERROR
@ GSASL_CRYPTO_ERROR
Definition: gsasl.h:134
gsasl_property_set
_GSASL_API int gsasl_property_set(Gsasl_session *sctx, Gsasl_property prop, const char *data)
Definition: property.c:188
gsasl_property_get
_GSASL_API const char * gsasl_property_get(Gsasl_session *sctx, Gsasl_property prop)
Definition: property.c:291
GSASL_PASSWORD
@ GSASL_PASSWORD
Definition: gsasl.h:225
GSASL_AUTHID
@ GSASL_AUTHID
Definition: gsasl.h:223
gsasl_saslprep
_GSASL_API int gsasl_saslprep(const char *in, Gsasl_saslprep_flags flags, char **out, int *stringpreprc)
Gsasl_session
Definition: internal.h:48
Generated by doxygen 1.9.1