2N/A/*
2N/A * Copyright (c) 2003, 2011, Oracle and/or its affiliates. All rights reserved.
2N/A */
2N/A
2N/A/* CRAM-MD5 SASL plugin
2N/A * Rob Siemborski
2N/A * Tim Martin
2N/A * $Id: cram.c,v 1.79 2003/02/18 18:27:37 rjs3 Exp $
2N/A */
2N/A/*
2N/A * Copyright (c) 1998-2003 Carnegie Mellon University. All rights reserved.
2N/A *
2N/A * Redistribution and use in source and binary forms, with or without
2N/A * modification, are permitted provided that the following conditions
2N/A * are met:
2N/A *
2N/A * 1. Redistributions of source code must retain the above copyright
2N/A * notice, this list of conditions and the following disclaimer.
2N/A *
2N/A * 2. Redistributions in binary form must reproduce the above copyright
2N/A * notice, this list of conditions and the following disclaimer in
2N/A * the documentation and/or other materials provided with the
2N/A * distribution.
2N/A *
2N/A * 3. The name "Carnegie Mellon University" must not be used to
2N/A * endorse or promote products derived from this software without
2N/A * prior written permission. For permission or any other legal
2N/A * details, please contact
2N/A * Office of Technology Transfer
2N/A * Carnegie Mellon University
2N/A * 5000 Forbes Avenue
2N/A * Pittsburgh, PA 15213-3890
2N/A * (412) 268-4387, fax: (412) 268-7395
2N/A * tech-transfer@andrew.cmu.edu
2N/A *
2N/A * 4. Redistributions of any form whatsoever must retain the following
2N/A * acknowledgment:
2N/A * "This product includes software developed by Computing Services
2N/A * at Carnegie Mellon University (http://www.cmu.edu/computing/)."
2N/A *
2N/A * CARNEGIE MELLON UNIVERSITY DISCLAIMS ALL WARRANTIES WITH REGARD TO
2N/A * THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
2N/A * AND FITNESS, IN NO EVENT SHALL CARNEGIE MELLON UNIVERSITY BE LIABLE
2N/A * FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
2N/A * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN
2N/A * AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING
2N/A * OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
2N/A */
2N/A
2N/A#include <config.h>
2N/A
2N/A#include <string.h>
2N/A#include <stdlib.h>
2N/A#include <stdio.h>
2N/A#ifndef macintosh
2N/A#include <sys/stat.h>
2N/A#endif
2N/A#include <fcntl.h>
2N/A
2N/A#include <sasl.h>
2N/A#include <saslplug.h>
2N/A#include <saslutil.h>
2N/A
2N/A#ifdef _SUN_SDK_
2N/A#include <unistd.h>
2N/A#endif /* _SUN_SDK_ */
2N/A
2N/A#include "plugin_common.h"
2N/A
2N/A#ifdef macintosh
2N/A#include <sasl_cram_plugin_decl.h>
2N/A#endif
2N/A
2N/A/***************************** Common Section *****************************/
2N/A
2N/A#ifndef _SUN_SDK_
2N/Astatic const char plugin_id[] = "$Id: cram.c,v 1.79 2003/02/18 18:27:37 rjs3 Exp $";
2N/A#endif /* !_SUN_SDK_ */
2N/A
2N/A/* convert a string of 8bit chars to it's representation in hex
2N/A * using lowercase letters
2N/A */
2N/Astatic char *convert16(unsigned char *in, int inlen, const sasl_utils_t *utils)
2N/A{
2N/A static char hex[]="0123456789abcdef";
2N/A int lup;
2N/A char *out;
2N/A
2N/A out = utils->malloc(inlen*2+1);
2N/A if (out == NULL) return NULL;
2N/A
2N/A for (lup=0; lup < inlen; lup++) {
2N/A out[lup*2] = hex[in[lup] >> 4];
2N/A out[lup*2+1] = hex[in[lup] & 15];
2N/A }
2N/A
2N/A out[lup*2] = 0;
2N/A return out;
2N/A}
2N/A
2N/A
2N/A/***************************** Server Section *****************************/
2N/A
2N/Atypedef struct server_context {
2N/A int state;
2N/A
2N/A char *challenge;
2N/A} server_context_t;
2N/A
2N/Astatic int
2N/Acrammd5_server_mech_new(void *glob_context __attribute__((unused)),
2N/A sasl_server_params_t *sparams,
2N/A const char *challenge __attribute__((unused)),
2N/A unsigned challen __attribute__((unused)),
2N/A void **conn_context)
2N/A{
2N/A server_context_t *text;
2N/A
2N/A /* holds state are in */
2N/A text = sparams->utils->malloc(sizeof(server_context_t));
2N/A if (text == NULL) {
2N/A MEMERROR( sparams->utils );
2N/A return SASL_NOMEM;
2N/A }
2N/A
2N/A memset(text, 0, sizeof(server_context_t));
2N/A
2N/A text->state = 1;
2N/A
2N/A *conn_context = text;
2N/A
2N/A return SASL_OK;
2N/A}
2N/A
2N/A/*
2N/A * Returns the current time (or part of it) in string form
2N/A * maximum length=15
2N/A */
2N/Astatic char *gettime(sasl_server_params_t *sparams)
2N/A{
2N/A char *ret;
2N/A time_t t;
2N/A
2N/A t=time(NULL);
2N/A ret= sparams->utils->malloc(15);
2N/A if (ret==NULL) return NULL;
2N/A
2N/A /* the bottom bits are really the only random ones so if
2N/A we overflow we don't want to lose them */
2N/A snprintf(ret,15,"%lu",t%(0xFFFFFF));
2N/A
2N/A return ret;
2N/A}
2N/A
2N/Astatic char *randomdigits(sasl_server_params_t *sparams)
2N/A{
2N/A unsigned int num;
2N/A char *ret;
2N/A unsigned char temp[5]; /* random 32-bit number */
2N/A
2N/A#if defined _DEV_URANDOM && defined _SUN_SDK_
2N/A {
2N/A int fd = open(_DEV_URANDOM, O_RDONLY);
2N/A int nread = 0;
2N/A
2N/A if (fd != -1) {
2N/A nread = read(fd, temp, 4);
2N/A close(fd);
2N/A }
2N/A if (nread != 4)
2N/A sparams->utils->rand(sparams->utils->rpool,
2N/A (char *) temp, 4);
2N/A }
2N/A#else
2N/A sparams->utils->rand(sparams->utils->rpool,(char *) temp,4);
2N/A#endif /* _DEV_URANDOM && _SUN_SDK_ */
2N/A num=(temp[0] * 256 * 256 * 256) +
2N/A (temp[1] * 256 * 256) +
2N/A (temp[2] * 256) +
2N/A (temp[3] );
2N/A
2N/A ret = sparams->utils->malloc(15); /* there's no way an unsigned can be longer than this right? */
2N/A if (ret == NULL) return NULL;
2N/A sprintf(ret, "%u", num);
2N/A
2N/A return ret;
2N/A}
2N/A
2N/Astatic int
2N/Acrammd5_server_mech_step1(server_context_t *text,
2N/A sasl_server_params_t *sparams,
2N/A const char *clientin __attribute__((unused)),
2N/A unsigned clientinlen,
2N/A const char **serverout,
2N/A unsigned *serveroutlen,
2N/A sasl_out_params_t *oparams __attribute__((unused)))
2N/A{
2N/A char *time, *randdigits;
2N/A
2N/A /* we shouldn't have received anything */
2N/A if (clientinlen != 0) {
2N/A#ifdef _SUN_SDK_
2N/A sparams->utils->log(sparams->utils->conn, SASL_LOG_ERR,
2N/A "CRAM-MD5 does not accept inital data");
2N/A#else
2N/A SETERROR(sparams->utils, "CRAM-MD5 does not accpet inital data");
2N/A#endif /* _SUN_SDK_ */
2N/A return SASL_BADPROT;
2N/A }
2N/A
2N/A /* get time and a random number for the nonce */
2N/A time = gettime(sparams);
2N/A randdigits = randomdigits(sparams);
2N/A if ((time == NULL) || (randdigits == NULL)) {
2N/A MEMERROR( sparams->utils );
2N/A return SASL_NOMEM;
2N/A }
2N/A
2N/A /* allocate some space for the challenge */
2N/A text->challenge = sparams->utils->malloc(200 + 1);
2N/A if (text->challenge == NULL) {
2N/A MEMERROR(sparams->utils);
2N/A return SASL_NOMEM;
2N/A }
2N/A
2N/A /* create the challenge */
2N/A snprintf(text->challenge, 200, "<%s.%s@%s>", randdigits, time,
2N/A sparams->serverFQDN);
2N/A
2N/A *serverout = text->challenge;
2N/A *serveroutlen = strlen(text->challenge);
2N/A
2N/A /* free stuff */
2N/A sparams->utils->free(time);
2N/A sparams->utils->free(randdigits);
2N/A
2N/A text->state = 2;
2N/A
2N/A return SASL_CONTINUE;
2N/A}
2N/A
2N/Astatic int
2N/Acrammd5_server_mech_step2(server_context_t *text,
2N/A sasl_server_params_t *sparams,
2N/A const char *clientin,
2N/A unsigned clientinlen,
2N/A const char **serverout __attribute__((unused)),
2N/A unsigned *serveroutlen __attribute__((unused)),
2N/A sasl_out_params_t *oparams)
2N/A{
2N/A char *userid = NULL;
2N/A sasl_secret_t *sec = NULL;
2N/A int pos, len;
2N/A int result = SASL_FAIL;
2N/A const char *password_request[] = { SASL_AUX_PASSWORD,
2N/A "*cmusaslsecretCRAM-MD5",
2N/A NULL };
2N/A struct propval auxprop_values[3];
2N/A HMAC_MD5_CTX tmphmac;
2N/A HMAC_MD5_STATE md5state;
2N/A int clear_md5state = 0;
2N/A char *digest_str = NULL;
2N/A UINT4 digest[4];
2N/A
2N/A /* extract userid; everything before last space */
2N/A pos = clientinlen-1;
2N/A while ((pos > 0) && (clientin[pos] != ' ')) pos--;
2N/A
2N/A if (pos <= 0) {
2N/A#ifdef _SUN_SDK_
2N/A sparams->utils->log(sparams->utils->conn, SASL_LOG_ERR,
2N/A "need authentication name");
2N/A#else
2N/A SETERROR( sparams->utils,"need authentication name");
2N/A#endif /* _SUN_SDK_ */
2N/A return SASL_BADPROT;
2N/A }
2N/A
2N/A userid = (char *) sparams->utils->malloc(pos+1);
2N/A if (userid == NULL) {
2N/A MEMERROR( sparams->utils);
2N/A return SASL_NOMEM;
2N/A }
2N/A
2N/A /* copy authstr out */
2N/A memcpy(userid, clientin, pos);
2N/A userid[pos] = '\0';
2N/A
2N/A result = sparams->utils->prop_request(sparams->propctx, password_request);
2N/A if (result != SASL_OK) goto done;
2N/A
2N/A /* this will trigger the getting of the aux properties */
2N/A result = sparams->canon_user(sparams->utils->conn,
2N/A userid, 0, SASL_CU_AUTHID | SASL_CU_AUTHZID,
2N/A oparams);
2N/A if (result != SASL_OK) goto done;
2N/A
2N/A result = sparams->utils->prop_getnames(sparams->propctx,
2N/A password_request,
2N/A auxprop_values);
2N/A if (result < 0 ||
2N/A ((!auxprop_values[0].name || !auxprop_values[0].values) &&
2N/A (!auxprop_values[1].name || !auxprop_values[1].values))) {
2N/A /* We didn't find this username */
2N/A#ifdef _INTEGRATED_SOLARIS_
2N/A sparams->utils->seterror(sparams->utils->conn,0,
2N/A gettext("no secret in database"));
2N/A#else
2N/A sparams->utils->seterror(sparams->utils->conn,0,
2N/A "no secret in database");
2N/A#endif /* _INTEGRATED_SOLARIS_ */
2N/A result = SASL_NOUSER;
2N/A goto done;
2N/A }
2N/A
2N/A if (auxprop_values[0].name && auxprop_values[0].values) {
2N/A len = strlen(auxprop_values[0].values[0]);
2N/A if (len == 0) {
2N/A#ifdef _INTEGRATED_SOLARIS_
2N/A sparams->utils->seterror(sparams->utils->conn,0,
2N/A gettext("empty secret"));
2N/A#else
2N/A sparams->utils->seterror(sparams->utils->conn,0,
2N/A "empty secret");
2N/A#endif /* _INTEGRATED_SOLARIS_ */
2N/A result = SASL_FAIL;
2N/A goto done;
2N/A }
2N/A
2N/A sec = sparams->utils->malloc(sizeof(sasl_secret_t) + len);
2N/A if (!sec) goto done;
2N/A
2N/A sec->len = len;
2N/A#ifdef _SUN_SDK_
2N/A strncpy((char *)sec->data, auxprop_values[0].values[0], len + 1);
2N/A#else
2N/A strncpy(sec->data, auxprop_values[0].values[0], len + 1);
2N/A#endif /* _SUN_SDK_ */
2N/A
2N/A clear_md5state = 1;
2N/A /* Do precalculation on plaintext secret */
2N/A sparams->utils->hmac_md5_precalc(&md5state, /* OUT */
2N/A sec->data,
2N/A sec->len);
2N/A } else if (auxprop_values[1].name && auxprop_values[1].values) {
2N/A /* We have a precomputed secret */
2N/A memcpy(&md5state, auxprop_values[1].values[0],
2N/A sizeof(HMAC_MD5_STATE));
2N/A } else {
2N/A#ifdef _SUN_SDK_
2N/A sparams->utils->log(sparams->utils->conn, SASL_LOG_ERR,
2N/A "Have neither type of secret");
2N/A#else
2N/A sparams->utils->seterror(sparams->utils->conn, 0,
2N/A "Have neither type of secret");
2N/A#endif /* _SUN_SDK_ */
2N/A return SASL_FAIL;
2N/A }
2N/A
2N/A /* ok this is annoying:
2N/A so we have this half-way hmac transform instead of the plaintext
2N/A that means we half to:
2N/A -import it back into a md5 context
2N/A -do an md5update with the nonce
2N/A -finalize it
2N/A */
2N/A sparams->utils->hmac_md5_import(&tmphmac, (HMAC_MD5_STATE *) &md5state);
2N/A sparams->utils->MD5Update(&(tmphmac.ictx),
2N/A (const unsigned char *) text->challenge,
2N/A strlen(text->challenge));
2N/A sparams->utils->hmac_md5_final((unsigned char *) &digest, &tmphmac);
2N/A
2N/A /* convert to base 16 with lower case letters */
2N/A digest_str = convert16((unsigned char *) digest, 16, sparams->utils);
2N/A
2N/A /* if same then verified
2N/A * - we know digest_str is null terminated but clientin might not be
2N/A */
2N/A if (strncmp(digest_str, clientin+pos+1, strlen(digest_str)) != 0) {
2N/A#ifdef _INTEGRATED_SOLARIS_
2N/A sparams->utils->seterror(sparams->utils->conn, 0,
2N/A gettext("incorrect digest response"));
2N/A#else
2N/A sparams->utils->seterror(sparams->utils->conn, 0,
2N/A "incorrect digest response");
2N/A#endif /* _INTEGRATED_SOLARIS_ */
2N/A result = SASL_BADAUTH;
2N/A goto done;
2N/A }
2N/A
2N/A /* set oparams */
2N/A oparams->doneflag = 1;
2N/A oparams->mech_ssf = 0;
2N/A oparams->maxoutbuf = 0;
2N/A oparams->encode_context = NULL;
2N/A oparams->encode = NULL;
2N/A oparams->decode_context = NULL;
2N/A oparams->decode = NULL;
2N/A oparams->param_version = 0;
2N/A
2N/A result = SASL_OK;
2N/A
2N/A done:
2N/A if (userid) sparams->utils->free(userid);
2N/A if (sec) _plug_free_secret(sparams->utils, &sec);
2N/A
2N/A if (digest_str) sparams->utils->free(digest_str);
2N/A if (clear_md5state) memset(&md5state, 0, sizeof(md5state));
2N/A
2N/A return result;
2N/A}
2N/A
2N/Astatic int crammd5_server_mech_step(void *conn_context,
2N/A sasl_server_params_t *sparams,
2N/A const char *clientin,
2N/A unsigned clientinlen,
2N/A const char **serverout,
2N/A unsigned *serveroutlen,
2N/A sasl_out_params_t *oparams)
2N/A{
2N/A server_context_t *text = (server_context_t *) conn_context;
2N/A
2N/A *serverout = NULL;
2N/A *serveroutlen = 0;
2N/A
2N/A /* this should be well more than is ever needed */
2N/A if (clientinlen > 1024) {
2N/A#ifdef _SUN_SDK_
2N/A sparams->utils->log(sparams->utils->conn, SASL_LOG_ERR,
2N/A "CRAM-MD5 input longer than 1024 bytes");
2N/A#else
2N/A SETERROR(sparams->utils, "CRAM-MD5 input longer than 1024 bytes");
2N/A#endif /* _SUN_SDK_ */
2N/A return SASL_BADPROT;
2N/A }
2N/A
2N/A switch (text->state) {
2N/A
2N/A case 1:
2N/A return crammd5_server_mech_step1(text, sparams,
2N/A clientin, clientinlen,
2N/A serverout, serveroutlen,
2N/A oparams);
2N/A
2N/A case 2:
2N/A return crammd5_server_mech_step2(text, sparams,
2N/A clientin, clientinlen,
2N/A serverout, serveroutlen,
2N/A oparams);
2N/A
2N/A default: /* should never get here */
2N/A#ifdef _SUN_SDK_
2N/A sparams->utils->log(sparams->utils->conn, SASL_LOG_ERR,
2N/A "Invalid CRAM-MD5 server step %d", text->state);
2N/A#else
2N/A sparams->utils->log(NULL, SASL_LOG_ERR,
2N/A "Invalid CRAM-MD5 server step %d\n", text->state);
2N/A#endif /* _SUN_SDK_ */
2N/A return SASL_FAIL;
2N/A }
2N/A
2N/A#ifndef _SUN_SDK_
2N/A return SASL_FAIL; /* should never get here */
2N/A#endif /* !_SUN_SDK_ */
2N/A}
2N/A
2N/Astatic void crammd5_server_mech_dispose(void *conn_context,
2N/A const sasl_utils_t *utils)
2N/A{
2N/A server_context_t *text = (server_context_t *) conn_context;
2N/A
2N/A if (!text) return;
2N/A
2N/A if (text->challenge) _plug_free_string(utils,&(text->challenge));
2N/A
2N/A utils->free(text);
2N/A}
2N/A
2N/Astatic sasl_server_plug_t crammd5_server_plugins[] =
2N/A{
2N/A {
2N/A "CRAM-MD5", /* mech_name */
2N/A 0, /* max_ssf */
2N/A SASL_SEC_NOPLAINTEXT
2N/A | SASL_SEC_NOANONYMOUS, /* security_flags */
2N/A SASL_FEAT_SERVER_FIRST, /* features */
2N/A NULL, /* glob_context */
2N/A &crammd5_server_mech_new, /* mech_new */
2N/A &crammd5_server_mech_step, /* mech_step */
2N/A &crammd5_server_mech_dispose, /* mech_dispose */
2N/A NULL, /* mech_free */
2N/A NULL, /* setpass */
2N/A NULL, /* user_query */
2N/A NULL, /* idle */
2N/A NULL, /* mech avail */
2N/A NULL /* spare */
2N/A }
2N/A};
2N/A
2N/Aint crammd5_server_plug_init(const sasl_utils_t *utils,
2N/A int maxversion,
2N/A int *out_version,
2N/A sasl_server_plug_t **pluglist,
2N/A int *plugcount)
2N/A{
2N/A if (maxversion < SASL_SERVER_PLUG_VERSION) {
2N/A#ifdef _SUN_SDK_
2N/A utils->log(NULL, SASL_LOG_ERR, "CRAM version mismatch");
2N/A#else
2N/A SETERROR( utils, "CRAM version mismatch");
2N/A#endif /* _SUN_SDK_ */
2N/A return SASL_BADVERS;
2N/A }
2N/A
2N/A *out_version = SASL_SERVER_PLUG_VERSION;
2N/A *pluglist = crammd5_server_plugins;
2N/A *plugcount = 1;
2N/A
2N/A return SASL_OK;
2N/A}
2N/A
2N/A/***************************** Client Section *****************************/
2N/A
2N/Atypedef struct client_context {
2N/A char *out_buf;
2N/A unsigned out_buf_len;
2N/A#ifdef _INTEGRATED_SOLARIS_
2N/A void *h;
2N/A#endif /* _INTEGRATED_SOLARIS_ */
2N/A} client_context_t;
2N/A
2N/Astatic int crammd5_client_mech_new(void *glob_context __attribute__((unused)),
2N/A sasl_client_params_t *params,
2N/A void **conn_context)
2N/A{
2N/A client_context_t *text;
2N/A
2N/A /* holds state are in */
2N/A text = params->utils->malloc(sizeof(client_context_t));
2N/A if (text == NULL) {
2N/A MEMERROR(params->utils);
2N/A return SASL_NOMEM;
2N/A }
2N/A
2N/A memset(text, 0, sizeof(client_context_t));
2N/A
2N/A *conn_context = text;
2N/A
2N/A return SASL_OK;
2N/A}
2N/A
2N/Astatic char *make_hashed(sasl_secret_t *sec, char *nonce, int noncelen,
2N/A const sasl_utils_t *utils)
2N/A{
2N/A char secret[65];
2N/A unsigned char digest[24];
2N/A int lup;
2N/A char *in16;
2N/A
2N/A if (sec == NULL) return NULL;
2N/A
2N/A if (sec->len < 64) {
2N/A memcpy(secret, sec->data, sec->len);
2N/A
2N/A /* fill in rest with 0's */
2N/A for (lup= sec->len; lup < 64; lup++)
2N/A secret[lup]='\0';
2N/A
2N/A } else {
2N/A memcpy(secret, sec->data, 64);
2N/A }
2N/A
2N/A /* do the hmac md5 hash output 128 bits */
2N/A utils->hmac_md5((unsigned char *) nonce, noncelen,
2N/A (unsigned char *) secret, 64, digest);
2N/A
2N/A /* convert that to hex form */
2N/A in16 = convert16(digest, 16, utils);
2N/A if (in16 == NULL) return NULL;
2N/A
2N/A return in16;
2N/A}
2N/A
2N/Astatic int crammd5_client_mech_step(void *conn_context,
2N/A sasl_client_params_t *params,
2N/A const char *serverin,
2N/A unsigned serverinlen,
2N/A sasl_interact_t **prompt_need,
2N/A const char **clientout,
2N/A unsigned *clientoutlen,
2N/A sasl_out_params_t *oparams)
2N/A{
2N/A client_context_t *text = (client_context_t *) conn_context;
2N/A const char *authid;
2N/A sasl_secret_t *password = NULL;
2N/A unsigned int free_password = 0; /* set if we need to free password */
2N/A int auth_result = SASL_OK;
2N/A int pass_result = SASL_OK;
2N/A int result;
2N/A int maxsize;
2N/A char *in16 = NULL;
2N/A
2N/A *clientout = NULL;
2N/A *clientoutlen = 0;
2N/A
2N/A /* First check for absurd lengths */
2N/A if (serverinlen > 1024) {
2N/A#ifdef _SUN_SDK_
2N/A params->utils->log(params->utils->conn, SASL_LOG_ERR,
2N/A "CRAM-MD5 input longer than 1024 bytes");
2N/A#else
2N/A params->utils->seterror(params->utils->conn, 0,
2N/A "CRAM-MD5 input longer than 1024 bytes");
2N/A#endif /* _SUN_SDK_ */
2N/A return SASL_BADPROT;
2N/A }
2N/A
2N/A /* check if sec layer strong enough */
2N/A if (params->props.min_ssf > params->external_ssf) {
2N/A#ifdef _SUN_SDK_
2N/A params->utils->log(params->utils->conn, SASL_LOG_ERR,
2N/A "SSF requested of CRAM-MD5 plugin");
2N/A#else
2N/A SETERROR( params->utils, "SSF requested of CRAM-MD5 plugin");
2N/A#endif /* _SUN_SDK_ */
2N/A return SASL_TOOWEAK;
2N/A }
2N/A
2N/A /* try to get the userid */
2N/A if (oparams->authid == NULL) {
2N/A auth_result=_plug_get_authid(params->utils, &authid, prompt_need);
2N/A
2N/A if ((auth_result != SASL_OK) && (auth_result != SASL_INTERACT))
2N/A return auth_result;
2N/A }
2N/A
2N/A /* try to get the password */
2N/A if (password == NULL) {
2N/A pass_result=_plug_get_password(params->utils, &password,
2N/A &free_password, prompt_need);
2N/A
2N/A if ((pass_result != SASL_OK) && (pass_result != SASL_INTERACT))
2N/A return pass_result;
2N/A }
2N/A
2N/A /* free prompts we got */
2N/A if (prompt_need && *prompt_need) {
2N/A params->utils->free(*prompt_need);
2N/A *prompt_need = NULL;
2N/A }
2N/A
2N/A /* if there are prompts not filled in */
2N/A if ((auth_result == SASL_INTERACT) || (pass_result == SASL_INTERACT)) {
2N/A /* make the prompt list */
2N/A result =
2N/A#ifdef _INTEGRATED_SOLARIS_
2N/A _plug_make_prompts(params->utils, &text->h, prompt_need,
2N/A NULL, NULL,
2N/A auth_result == SASL_INTERACT ?
2N/A convert_prompt(params->utils, &text->h,
2N/A gettext("Please enter your authentication name"))
2N/A : NULL, NULL,
2N/A pass_result == SASL_INTERACT ?
2N/A convert_prompt(params->utils, &text->h,
2N/A gettext("Please enter your password"))
2N/A : NULL, NULL,
2N/A NULL, NULL, NULL,
2N/A NULL, NULL, NULL);
2N/A#else
2N/A _plug_make_prompts(params->utils, prompt_need,
2N/A NULL, NULL,
2N/A auth_result == SASL_INTERACT ?
2N/A "Please enter your authentication name" : NULL,
2N/A NULL,
2N/A pass_result == SASL_INTERACT ?
2N/A "Please enter your password" : NULL, NULL,
2N/A NULL, NULL, NULL,
2N/A NULL, NULL, NULL);
2N/A#endif /* _INTEGRATED_SOLARIS_ */
2N/A if (result != SASL_OK) goto cleanup;
2N/A
2N/A return SASL_INTERACT;
2N/A }
2N/A
2N/A if (!password) {
2N/A PARAMERROR(params->utils);
2N/A return SASL_BADPARAM;
2N/A }
2N/A
2N/A result = params->canon_user(params->utils->conn, authid, 0,
2N/A SASL_CU_AUTHID | SASL_CU_AUTHZID, oparams);
2N/A if (result != SASL_OK) goto cleanup;
2N/A
2N/A /*
2N/A * username SP digest (keyed md5 where key is passwd)
2N/A */
2N/A
2N/A in16 = make_hashed(password, (char *) serverin, serverinlen,
2N/A params->utils);
2N/A
2N/A if (in16 == NULL) {
2N/A#ifdef _SUN_SDK_
2N/A params->utils->log(params->utils->conn, SASL_LOG_ERR,
2N/A "make_hashed failed");
2N/A#else
2N/A SETERROR(params->utils, "whoops, make_hashed failed us this time");
2N/A#endif /* _SUN_SDK_ */
2N/A result = SASL_FAIL;
2N/A goto cleanup;
2N/A }
2N/A
2N/A maxsize = 32+1+strlen(oparams->authid)+30;
2N/A result = _plug_buf_alloc(params->utils, &(text->out_buf),
2N/A &(text->out_buf_len), maxsize);
2N/A if (result != SASL_OK) goto cleanup;
2N/A
2N/A snprintf(text->out_buf, maxsize, "%s %s", oparams->authid, in16);
2N/A
2N/A *clientout = text->out_buf;
2N/A *clientoutlen = strlen(*clientout);
2N/A
2N/A /* set oparams */
2N/A oparams->doneflag = 1;
2N/A oparams->mech_ssf = 0;
2N/A oparams->maxoutbuf = 0;
2N/A oparams->encode_context = NULL;
2N/A oparams->encode = NULL;
2N/A oparams->decode_context = NULL;
2N/A oparams->decode = NULL;
2N/A oparams->param_version = 0;
2N/A
2N/A result = SASL_OK;
2N/A
2N/A cleanup:
2N/A /* get rid of private information */
2N/A if (in16) _plug_free_string(params->utils, &in16);
2N/A
2N/A /* get rid of all sensitive info */
2N/A if (free_password) _plug_free_secret(params-> utils, &password);
2N/A
2N/A return result;
2N/A}
2N/A
2N/Astatic void crammd5_client_mech_dispose(void *conn_context,
2N/A const sasl_utils_t *utils)
2N/A{
2N/A client_context_t *text = (client_context_t *) conn_context;
2N/A
2N/A if (!text) return;
2N/A
2N/A#ifdef _INTEGRATED_SOLARIS_
2N/A convert_prompt(utils, &text->h, NULL);
2N/A#endif /* _INTEGRATED_SOLARIS_ */
2N/A if (text->out_buf) utils->free(text->out_buf);
2N/A
2N/A utils->free(text);
2N/A}
2N/A
2N/Astatic sasl_client_plug_t crammd5_client_plugins[] =
2N/A{
2N/A {
2N/A "CRAM-MD5", /* mech_name */
2N/A 0, /* max_ssf */
2N/A SASL_SEC_NOPLAINTEXT
2N/A | SASL_SEC_NOANONYMOUS, /* security_flags */
2N/A SASL_FEAT_SERVER_FIRST, /* features */
2N/A NULL, /* required_prompts */
2N/A NULL, /* glob_context */
2N/A &crammd5_client_mech_new, /* mech_new */
2N/A &crammd5_client_mech_step, /* mech_step */
2N/A &crammd5_client_mech_dispose, /* mech_dispose */
2N/A NULL, /* mech_free */
2N/A NULL, /* idle */
2N/A NULL, /* spare */
2N/A NULL /* spare */
2N/A }
2N/A};
2N/A
2N/Aint crammd5_client_plug_init(const sasl_utils_t *utils,
2N/A int maxversion,
2N/A int *out_version,
2N/A sasl_client_plug_t **pluglist,
2N/A int *plugcount)
2N/A{
2N/A if (maxversion < SASL_CLIENT_PLUG_VERSION) {
2N/A#ifdef _SUN_SDK_
2N/A utils->log(NULL, SASL_LOG_ERR, "CRAM version mismatch");
2N/A#else
2N/A SETERROR( utils, "CRAM version mismatch");
2N/A#endif /* _SUN_SDK_ */
2N/A return SASL_BADVERS;
2N/A }
2N/A
2N/A *out_version = SASL_CLIENT_PLUG_VERSION;
2N/A *pluglist = crammd5_client_plugins;
2N/A *plugcount = 1;
2N/A
2N/A return SASL_OK;
2N/A}