123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602 |
- /***************************************************************************
- * _ _ ____ _
- * Project ___| | | | _ \| |
- * / __| | | | |_) | |
- * | (__| |_| | _ <| |___
- * \___|\___/|_| \_\_____|
- *
- * Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
- *
- * This software is licensed as described in the file COPYING, which
- * you should have received as part of this distribution. The terms
- * are also available at http://curl.haxx.se/docs/copyright.html.
- *
- * You may opt to use, copy, modify, merge, publish, distribute and/or sell
- * copies of the Software, and permit persons to whom the Software is
- * furnished to do so, under the terms of the COPYING file.
- *
- * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
- * KIND, either express or implied.
- *
- ***************************************************************************/
- #include "curl_setup.h"
- #if !defined(CURL_DISABLE_HTTP) && !defined(CURL_DISABLE_CRYPTO_AUTH)
- #include "urldata.h"
- #include "rawstr.h"
- #include "curl_base64.h"
- #include "curl_md5.h"
- #include "http_digest.h"
- #include "strtok.h"
- #include "curl_memory.h"
- #include "vtls/vtls.h" /* for Curl_rand() */
- #include "non-ascii.h" /* included for Curl_convert_... prototypes */
- #include "warnless.h"
- #define _MPRINTF_REPLACE /* use our functions only */
- #include <curl/mprintf.h>
- /* The last #include file should be: */
- #include "memdebug.h"
- #define MAX_VALUE_LENGTH 256
- #define MAX_CONTENT_LENGTH 1024
- static void digest_cleanup_one(struct digestdata *dig);
- /*
- * Return 0 on success and then the buffers are filled in fine.
- *
- * Non-zero means failure to parse.
- */
- static int get_pair(const char *str, char *value, char *content,
- const char **endptr)
- {
- int c;
- bool starts_with_quote = FALSE;
- bool escape = FALSE;
- for(c=MAX_VALUE_LENGTH-1; (*str && (*str != '=') && c--); )
- *value++ = *str++;
- *value=0;
- if('=' != *str++)
- /* eek, no match */
- return 1;
- if('\"' == *str) {
- /* this starts with a quote so it must end with one as well! */
- str++;
- starts_with_quote = TRUE;
- }
- for(c=MAX_CONTENT_LENGTH-1; *str && c--; str++) {
- switch(*str) {
- case '\\':
- if(!escape) {
- /* possibly the start of an escaped quote */
- escape = TRUE;
- *content++ = '\\'; /* even though this is an escape character, we still
- store it as-is in the target buffer */
- continue;
- }
- break;
- case ',':
- if(!starts_with_quote) {
- /* this signals the end of the content if we didn't get a starting
- quote and then we do "sloppy" parsing */
- c=0; /* the end */
- continue;
- }
- break;
- case '\r':
- case '\n':
- /* end of string */
- c=0;
- continue;
- case '\"':
- if(!escape && starts_with_quote) {
- /* end of string */
- c=0;
- continue;
- }
- break;
- }
- escape = FALSE;
- *content++ = *str;
- }
- *content=0;
- *endptr = str;
- return 0; /* all is fine! */
- }
- /* Test example headers:
- WWW-Authenticate: Digest realm="testrealm", nonce="1053604598"
- Proxy-Authenticate: Digest realm="testrealm", nonce="1053604598"
- */
- CURLcode Curl_input_digest(struct connectdata *conn,
- bool proxy,
- const char *header) /* rest of the *-authenticate:
- header */
- {
- char *token = NULL;
- char *tmp = NULL;
- bool foundAuth = FALSE;
- bool foundAuthInt = FALSE;
- struct SessionHandle *data=conn->data;
- bool before = FALSE; /* got a nonce before */
- struct digestdata *d;
- if(proxy) {
- d = &data->state.proxydigest;
- }
- else {
- d = &data->state.digest;
- }
- if(checkprefix("Digest", header)) {
- header += strlen("Digest");
- /* If we already have received a nonce, keep that in mind */
- if(d->nonce)
- before = TRUE;
- /* clear off any former leftovers and init to defaults */
- digest_cleanup_one(d);
- for(;;) {
- char value[MAX_VALUE_LENGTH];
- char content[MAX_CONTENT_LENGTH];
- while(*header && ISSPACE(*header))
- header++;
- /* extract a value=content pair */
- if(!get_pair(header, value, content, &header)) {
- if(Curl_raw_equal(value, "nonce")) {
- d->nonce = strdup(content);
- if(!d->nonce)
- return CURLE_OUT_OF_MEMORY;
- }
- else if(Curl_raw_equal(value, "stale")) {
- if(Curl_raw_equal(content, "true")) {
- d->stale = TRUE;
- d->nc = 1; /* we make a new nonce now */
- }
- }
- else if(Curl_raw_equal(value, "realm")) {
- d->realm = strdup(content);
- if(!d->realm)
- return CURLE_OUT_OF_MEMORY;
- }
- else if(Curl_raw_equal(value, "opaque")) {
- d->opaque = strdup(content);
- if(!d->opaque)
- return CURLE_OUT_OF_MEMORY;
- }
- else if(Curl_raw_equal(value, "qop")) {
- char *tok_buf;
- /* tokenize the list and choose auth if possible, use a temporary
- clone of the buffer since strtok_r() ruins it */
- tmp = strdup(content);
- if(!tmp)
- return CURLE_OUT_OF_MEMORY;
- token = strtok_r(tmp, ",", &tok_buf);
- while(token != NULL) {
- if(Curl_raw_equal(token, "auth")) {
- foundAuth = TRUE;
- }
- else if(Curl_raw_equal(token, "auth-int")) {
- foundAuthInt = TRUE;
- }
- token = strtok_r(NULL, ",", &tok_buf);
- }
- free(tmp);
- /*select only auth o auth-int. Otherwise, ignore*/
- if(foundAuth) {
- d->qop = strdup("auth");
- if(!d->qop)
- return CURLE_OUT_OF_MEMORY;
- }
- else if(foundAuthInt) {
- d->qop = strdup("auth-int");
- if(!d->qop)
- return CURLE_OUT_OF_MEMORY;
- }
- }
- else if(Curl_raw_equal(value, "algorithm")) {
- d->algorithm = strdup(content);
- if(!d->algorithm)
- return CURLE_OUT_OF_MEMORY;
- if(Curl_raw_equal(content, "MD5-sess"))
- d->algo = CURLDIGESTALGO_MD5SESS;
- else if(Curl_raw_equal(content, "MD5"))
- d->algo = CURLDIGESTALGO_MD5;
- else
- return CURLE_BAD_CONTENT_ENCODING;
- }
- else {
- /* unknown specifier, ignore it! */
- }
- }
- else
- break; /* we're done here */
- /* pass all additional spaces here */
- while(*header && ISSPACE(*header))
- header++;
- if(',' == *header)
- /* allow the list to be comma-separated */
- header++;
- }
- /* We had a nonce since before, and we got another one now without
- 'stale=true'. This means we provided bad credentials in the previous
- request */
- if(before && !d->stale)
- return CURLE_BAD_CONTENT_ENCODING;
- /* We got this header without a nonce, that's a bad Digest line! */
- if(!d->nonce)
- return CURLE_BAD_CONTENT_ENCODING;
- }
- else
- /* else not a digest, get out */
- return CURLE_BAD_CONTENT_ENCODING;
- return CURLE_OK;
- }
- /* convert md5 chunk to RFC2617 (section 3.1.3) -suitable ascii string*/
- static void md5_to_ascii(unsigned char *source, /* 16 bytes */
- unsigned char *dest) /* 33 bytes */
- {
- int i;
- for(i=0; i<16; i++)
- snprintf((char *)&dest[i*2], 3, "%02x", source[i]);
- }
- /* Perform quoted-string escaping as described in RFC2616 and its errata */
- static char *string_quoted(const char *source)
- {
- char *dest, *d;
- const char *s = source;
- size_t n = 1; /* null terminator */
- /* Calculate size needed */
- while(*s) {
- ++n;
- if(*s == '"' || *s == '\\') {
- ++n;
- }
- ++s;
- }
- dest = malloc(n);
- if(dest) {
- s = source;
- d = dest;
- while(*s) {
- if(*s == '"' || *s == '\\') {
- *d++ = '\\';
- }
- *d++ = *s++;
- }
- *d = 0;
- }
- return dest;
- }
- CURLcode Curl_output_digest(struct connectdata *conn,
- bool proxy,
- const unsigned char *request,
- const unsigned char *uripath)
- {
- /* We have a Digest setup for this, use it! Now, to get all the details for
- this sorted out, I must urge you dear friend to read up on the RFC2617
- section 3.2.2, */
- size_t urilen;
- unsigned char md5buf[16]; /* 16 bytes/128 bits */
- unsigned char request_digest[33];
- unsigned char *md5this;
- unsigned char ha1[33];/* 32 digits and 1 zero byte */
- unsigned char ha2[33];/* 32 digits and 1 zero byte */
- char cnoncebuf[33];
- char *cnonce = NULL;
- size_t cnonce_sz = 0;
- char *tmp = NULL;
- char **allocuserpwd;
- size_t userlen;
- const char *userp;
- char *userp_quoted;
- const char *passwdp;
- struct auth *authp;
- struct SessionHandle *data = conn->data;
- struct digestdata *d;
- CURLcode result;
- /* The CURL_OUTPUT_DIGEST_CONV macro below is for non-ASCII machines.
- It converts digest text to ASCII so the MD5 will be correct for
- what ultimately goes over the network.
- */
- #define CURL_OUTPUT_DIGEST_CONV(a, b) \
- result = Curl_convert_to_network(a, (char *)b, strlen((const char*)b)); \
- if(result) { \
- free(b); \
- return result; \
- }
- if(proxy) {
- d = &data->state.proxydigest;
- allocuserpwd = &conn->allocptr.proxyuserpwd;
- userp = conn->proxyuser;
- passwdp = conn->proxypasswd;
- authp = &data->state.authproxy;
- }
- else {
- d = &data->state.digest;
- allocuserpwd = &conn->allocptr.userpwd;
- userp = conn->user;
- passwdp = conn->passwd;
- authp = &data->state.authhost;
- }
- Curl_safefree(*allocuserpwd);
- /* not set means empty */
- if(!userp)
- userp="";
- if(!passwdp)
- passwdp="";
- if(!d->nonce) {
- authp->done = FALSE;
- return CURLE_OK;
- }
- authp->done = TRUE;
- if(!d->nc)
- d->nc = 1;
- if(!d->cnonce) {
- snprintf(cnoncebuf, sizeof(cnoncebuf), "%08x%08x%08x%08x",
- Curl_rand(data), Curl_rand(data),
- Curl_rand(data), Curl_rand(data));
- result = Curl_base64_encode(data, cnoncebuf, strlen(cnoncebuf),
- &cnonce, &cnonce_sz);
- if(result)
- return result;
- d->cnonce = cnonce;
- }
- /*
- if the algorithm is "MD5" or unspecified (which then defaults to MD5):
- A1 = unq(username-value) ":" unq(realm-value) ":" passwd
- if the algorithm is "MD5-sess" then:
- A1 = H( unq(username-value) ":" unq(realm-value) ":" passwd )
- ":" unq(nonce-value) ":" unq(cnonce-value)
- */
- md5this = (unsigned char *)
- aprintf("%s:%s:%s", userp, d->realm, passwdp);
- if(!md5this)
- return CURLE_OUT_OF_MEMORY;
- CURL_OUTPUT_DIGEST_CONV(data, md5this); /* convert on non-ASCII machines */
- Curl_md5it(md5buf, md5this);
- Curl_safefree(md5this);
- md5_to_ascii(md5buf, ha1);
- if(d->algo == CURLDIGESTALGO_MD5SESS) {
- /* nonce and cnonce are OUTSIDE the hash */
- tmp = aprintf("%s:%s:%s", ha1, d->nonce, d->cnonce);
- if(!tmp)
- return CURLE_OUT_OF_MEMORY;
- CURL_OUTPUT_DIGEST_CONV(data, tmp); /* convert on non-ASCII machines */
- Curl_md5it(md5buf, (unsigned char *)tmp);
- Curl_safefree(tmp);
- md5_to_ascii(md5buf, ha1);
- }
- /*
- If the "qop" directive's value is "auth" or is unspecified, then A2 is:
- A2 = Method ":" digest-uri-value
- If the "qop" value is "auth-int", then A2 is:
- A2 = Method ":" digest-uri-value ":" H(entity-body)
- (The "Method" value is the HTTP request method as specified in section
- 5.1.1 of RFC 2616)
- */
- /* So IE browsers < v7 cut off the URI part at the query part when they
- evaluate the MD5 and some (IIS?) servers work with them so we may need to
- do the Digest IE-style. Note that the different ways cause different MD5
- sums to get sent.
- Apache servers can be set to do the Digest IE-style automatically using
- the BrowserMatch feature:
- http://httpd.apache.org/docs/2.2/mod/mod_auth_digest.html#msie
- Further details on Digest implementation differences:
- http://www.fngtps.com/2006/09/http-authentication
- */
- if(authp->iestyle && ((tmp = strchr((char *)uripath, '?')) != NULL))
- urilen = tmp - (char *)uripath;
- else
- urilen = strlen((char *)uripath);
- md5this = (unsigned char *)aprintf("%s:%.*s", request, urilen, uripath);
- if(d->qop && Curl_raw_equal(d->qop, "auth-int")) {
- /* We don't support auth-int for PUT or POST at the moment.
- TODO: replace md5 of empty string with entity-body for PUT/POST */
- unsigned char *md5this2 = (unsigned char *)
- aprintf("%s:%s", md5this, "d41d8cd98f00b204e9800998ecf8427e");
- Curl_safefree(md5this);
- md5this = md5this2;
- }
- if(!md5this)
- return CURLE_OUT_OF_MEMORY;
- CURL_OUTPUT_DIGEST_CONV(data, md5this); /* convert on non-ASCII machines */
- Curl_md5it(md5buf, md5this);
- Curl_safefree(md5this);
- md5_to_ascii(md5buf, ha2);
- if(d->qop) {
- md5this = (unsigned char *)aprintf("%s:%s:%08x:%s:%s:%s",
- ha1,
- d->nonce,
- d->nc,
- d->cnonce,
- d->qop,
- ha2);
- }
- else {
- md5this = (unsigned char *)aprintf("%s:%s:%s",
- ha1,
- d->nonce,
- ha2);
- }
- if(!md5this)
- return CURLE_OUT_OF_MEMORY;
- CURL_OUTPUT_DIGEST_CONV(data, md5this); /* convert on non-ASCII machines */
- Curl_md5it(md5buf, md5this);
- Curl_safefree(md5this);
- md5_to_ascii(md5buf, request_digest);
- /* for test case 64 (snooped from a Mozilla 1.3a request)
- Authorization: Digest username="testuser", realm="testrealm", \
- nonce="1053604145", uri="/64", response="c55f7f30d83d774a3d2dcacf725abaca"
- Digest parameters are all quoted strings. Username which is provided by
- the user will need double quotes and backslashes within it escaped. For
- the other fields, this shouldn't be an issue. realm, nonce, and opaque
- are copied as is from the server, escapes and all. cnonce is generated
- with web-safe characters. uri is already percent encoded. nc is 8 hex
- characters. algorithm and qop with standard values only contain web-safe
- chracters.
- */
- userp_quoted = string_quoted(userp);
- if(!userp_quoted)
- return CURLE_OUT_OF_MEMORY;
- if(d->qop) {
- *allocuserpwd =
- aprintf( "%sAuthorization: Digest "
- "username=\"%s\", "
- "realm=\"%s\", "
- "nonce=\"%s\", "
- "uri=\"%.*s\", "
- "cnonce=\"%s\", "
- "nc=%08x, "
- "qop=%s, "
- "response=\"%s\"",
- proxy?"Proxy-":"",
- userp_quoted,
- d->realm,
- d->nonce,
- urilen, uripath, /* this is the PATH part of the URL */
- d->cnonce,
- d->nc,
- d->qop,
- request_digest);
- if(Curl_raw_equal(d->qop, "auth"))
- d->nc++; /* The nc (from RFC) has to be a 8 hex digit number 0 padded
- which tells to the server how many times you are using the
- same nonce in the qop=auth mode. */
- }
- else {
- *allocuserpwd =
- aprintf( "%sAuthorization: Digest "
- "username=\"%s\", "
- "realm=\"%s\", "
- "nonce=\"%s\", "
- "uri=\"%.*s\", "
- "response=\"%s\"",
- proxy?"Proxy-":"",
- userp_quoted,
- d->realm,
- d->nonce,
- urilen, uripath, /* this is the PATH part of the URL */
- request_digest);
- }
- Curl_safefree(userp_quoted);
- if(!*allocuserpwd)
- return CURLE_OUT_OF_MEMORY;
- /* Add optional fields */
- if(d->opaque) {
- /* append opaque */
- tmp = aprintf("%s, opaque=\"%s\"", *allocuserpwd, d->opaque);
- if(!tmp)
- return CURLE_OUT_OF_MEMORY;
- free(*allocuserpwd);
- *allocuserpwd = tmp;
- }
- if(d->algorithm) {
- /* append algorithm */
- tmp = aprintf("%s, algorithm=\"%s\"", *allocuserpwd, d->algorithm);
- if(!tmp)
- return CURLE_OUT_OF_MEMORY;
- free(*allocuserpwd);
- *allocuserpwd = tmp;
- }
- /* append CRLF + zero (3 bytes) to the userpwd header */
- userlen = strlen(*allocuserpwd);
- tmp = realloc(*allocuserpwd, userlen + 3);
- if(!tmp)
- return CURLE_OUT_OF_MEMORY;
- strcpy(&tmp[userlen], "\r\n"); /* append the data */
- *allocuserpwd = tmp;
- return CURLE_OK;
- }
- static void digest_cleanup_one(struct digestdata *d)
- {
- Curl_safefree(d->nonce);
- Curl_safefree(d->cnonce);
- Curl_safefree(d->realm);
- Curl_safefree(d->opaque);
- Curl_safefree(d->qop);
- Curl_safefree(d->algorithm);
- d->nc = 0;
- d->algo = CURLDIGESTALGO_MD5; /* default algorithm */
- d->stale = FALSE; /* default means normal, not stale */
- }
- void Curl_digest_cleanup(struct SessionHandle *data)
- {
- digest_cleanup_one(&data->state.digest);
- digest_cleanup_one(&data->state.proxydigest);
- }
- #endif
|