Kopete - jabber: Add SASL PLAIN method for authentication

Signed-off-by: Slávek Banko <slavek.banko@axis.cz>
pull/1/head
Slávek Banko 8 years ago
parent d2625220de
commit a9aee0e6e0

@ -155,6 +155,7 @@ public:
TQString out_mech; TQString out_mech;
TQByteArray out_buf; TQByteArray out_buf;
bool capable; bool capable;
bool allow_plain;
int err; int err;
TQCA_SASLNeedParams need; TQCA_SASLNeedParams need;
@ -207,12 +208,13 @@ public:
host = _host; host = _host;
} }
void setSecurityProps(bool, bool, bool, bool, bool reqForward, bool reqCreds, bool reqMutual, int ssfMin, int, const TQString &, int) void setSecurityProps(bool noPlain, bool, bool, bool, bool reqForward, bool reqCreds, bool reqMutual, int ssfMin, int, const TQString &, int)
{ {
if(reqForward || reqCreds || reqMutual || ssfMin > 0) if(reqForward || reqCreds || reqMutual || ssfMin > 0)
capable = false; capable = false;
else else
capable = true; capable = true;
allow_plain = !noPlain;
} }
int security() const int security() const
@ -228,8 +230,17 @@ public:
bool clientStart(const TQStringList &mechlist) bool clientStart(const TQStringList &mechlist)
{ {
bool haveMech = false; bool haveMech = false;
resetState();
step = 0;
for(TQStringList::ConstIterator it = mechlist.begin(); it != mechlist.end(); ++it) { for(TQStringList::ConstIterator it = mechlist.begin(); it != mechlist.end(); ++it) {
if((*it) == "PLAIN" && allow_plain) {
out_mech = "PLAIN";
haveMech = true;
break;
}
if((*it) == "DIGEST-MD5") { if((*it) == "DIGEST-MD5") {
out_mech = "DIGEST-MD5";
haveMech = true; haveMech = true;
break; break;
} }
@ -238,9 +249,6 @@ public:
err = TQCA::SASL::NoMech; err = TQCA::SASL::NoMech;
return false; return false;
} }
resetState();
step = 0;
return true; return true;
} }
@ -316,7 +324,7 @@ public:
const TQByteArray *clientInit() const const TQByteArray *clientInit() const
{ {
return 0; return out_mech == "PLAIN" ? &out_buf : 0;
} }
TQByteArray result() const TQByteArray result() const
@ -326,85 +334,126 @@ public:
int clientTryAgain() int clientTryAgain()
{ {
if(step == 0) { if( out_mech == "PLAIN" ) {
out_mech = "DIGEST-MD5"; if(step == 0) {
++step; // First, check if we have everything
return Continue; if(need.user || need.pass) {
err = -1;
return Error;
}
if(!have.user) {
need.user = true;
}
if(!have.pass) {
need.pass = true;
}
if(need.user || need.pass) {
return NeedParams;
}
TQCString authz_ = authz.utf8();
TQCString user_ = user.utf8();
TQCString pass_ = pass.utf8();
int l = 0;
out_buf.resize(authz_.length() + 1 + user_.length() + 1 + pass_.length());
memcpy(&out_buf[l], authz_.data(), authz_.length());
l += authz_.length();
out_buf[l] = '\0';
l += 1;
memcpy(&out_buf[l], user_.data(), user_.length());
l += user_.length();
out_buf[l] = '\0';
l += 1;
memcpy(&out_buf[l], pass_.data(), pass_.length());
++step;
return Continue;
}
out_buf.resize(0);
return Success;
} }
else if(step == 1) {
// if we still need params, then the app has failed us! if( out_mech == "DIGEST-MD5" ) {
if(need.user || need.authzid || need.pass || need.realm) { if(step == 0) {
err = -1; ++step;
return Error; return Continue;
} }
else if(step == 1) {
// if we still need params, then the app has failed us!
if(need.user || need.authzid || need.pass || need.realm) {
err = -1;
return Error;
}
// see if some params are needed // see if some params are needed
if(!have.user) if(!have.user)
need.user = true; need.user = true;
if(!have.authzid) if(!have.authzid)
need.authzid = true; need.authzid = true;
if(!have.pass) if(!have.pass)
need.pass = true; need.pass = true;
if(need.user || need.authzid || need.pass) if(need.user || need.authzid || need.pass)
return NeedParams; return NeedParams;
// get props // get props
TQCString cs(in_buf.data(), in_buf.size()+1); TQCString cs(in_buf.data(), in_buf.size()+1);
PropList in; PropList in;
if(!in.fromString(cs)) { if(!in.fromString(cs)) {
err = TQCA::SASL::BadProto; err = TQCA::SASL::BadProto;
return Error; return Error;
}
// make a cnonce
TQByteArray a(32);
for(int n = 0; n < (int)a.size(); ++n)
a[n] = (char)(256.0*rand()/(RAND_MAX+1.0));
TQCString cnonce = Base64::arrayToString(a).latin1();
// make other variables
realm = host;
TQCString nonce = in.get("nonce");
TQCString nc = "00000001";
TQCString uri = service.utf8() + '/' + host.utf8();
TQCString qop = "auth";
// build 'response'
TQCString X = user.utf8() + ':' + realm.utf8() + ':' + pass.utf8();
TQByteArray Y = TQCA::MD5::hash(X);
TQCString tmp = TQCString(":") + nonce + ':' + cnonce + ':' + authz.utf8();
TQByteArray A1(Y.size() + tmp.length());
memcpy(A1.data(), Y.data(), Y.size());
memcpy(A1.data() + Y.size(), tmp.data(), tmp.length());
TQCString A2 = "AUTHENTICATE:" + uri;
TQCString HA1 = TQCA::MD5::hashToString(A1).latin1();
TQCString HA2 = TQCA::MD5::hashToString(A2).latin1();
TQCString KD = HA1 + ':' + nonce + ':' + nc + ':' + cnonce + ':' + qop + ':' + HA2;
TQCString Z = TQCA::MD5::hashToString(KD).latin1();
// build output
PropList out;
out.set("username", user.utf8());
out.set("realm", host.utf8());
out.set("nonce", nonce);
out.set("cnonce", cnonce);
out.set("nc", nc);
out.set("serv-type", service.utf8());
out.set("host", host.utf8());
out.set("digest-uri", uri);
out.set("qop", qop);
out.set("response", Z);
out.set("charset", "utf-8");
out.set("authzid", authz.utf8());
TQCString s = out.toString();
// done
out_buf.resize(s.length());
memcpy(out_buf.data(), s.data(), out_buf.size());
++step;
return Continue;
} }
// make a cnonce
TQByteArray a(32);
for(int n = 0; n < (int)a.size(); ++n)
a[n] = (char)(256.0*rand()/(RAND_MAX+1.0));
TQCString cnonce = Base64::arrayToString(a).latin1();
// make other variables
realm = host;
TQCString nonce = in.get("nonce");
TQCString nc = "00000001";
TQCString uri = service.utf8() + '/' + host.utf8();
TQCString qop = "auth";
// build 'response'
TQCString X = user.utf8() + ':' + realm.utf8() + ':' + pass.utf8();
TQByteArray Y = TQCA::MD5::hash(X);
TQCString tmp = TQCString(":") + nonce + ':' + cnonce + ':' + authz.utf8();
TQByteArray A1(Y.size() + tmp.length());
memcpy(A1.data(), Y.data(), Y.size());
memcpy(A1.data() + Y.size(), tmp.data(), tmp.length());
TQCString A2 = "AUTHENTICATE:" + uri;
TQCString HA1 = TQCA::MD5::hashToString(A1).latin1();
TQCString HA2 = TQCA::MD5::hashToString(A2).latin1();
TQCString KD = HA1 + ':' + nonce + ':' + nc + ':' + cnonce + ':' + qop + ':' + HA2;
TQCString Z = TQCA::MD5::hashToString(KD).latin1();
// build output
PropList out;
out.set("username", user.utf8());
out.set("realm", host.utf8());
out.set("nonce", nonce);
out.set("cnonce", cnonce);
out.set("nc", nc);
out.set("serv-type", service.utf8());
out.set("host", host.utf8());
out.set("digest-uri", uri);
out.set("qop", qop);
out.set("response", Z);
out.set("charset", "utf-8");
out.set("authzid", authz.utf8());
TQCString s = out.toString();
// done
out_buf.resize(s.length());
memcpy(out_buf.data(), s.data(), out_buf.size());
++step;
return Continue;
}
else {
out_buf.resize(0); out_buf.resize(0);
return Success; return Success;
} }

Loading…
Cancel
Save