1 /***************************************************************************
3 * Project ___| | | | _ \| |
5 * | (__| |_| | _ <| |___
6 * \___|\___/|_| \_\_____|
8 * Copyright (C) 1998 - 2006, Daniel Stenberg, <daniel@haxx.se>, et al.
10 * This software is licensed as described in the file COPYING, which
11 * you should have received as part of this distribution. The terms
12 * are also available at http://curl.haxx.se/docs/copyright.html.
14 * You may opt to use, copy, modify, merge, publish, distribute and/or sell
15 * copies of the Software, and permit persons to whom the Software is
16 * furnished to do so, under the terms of the COPYING file.
18 * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
19 * KIND, either express or implied.
22 ***************************************************************************/
25 #if !defined(CURL_DISABLE_HTTP) && !defined(CURL_DISABLE_CRYPTO_AUTH)
26 /* -- WIN32 approved -- */
38 #include "http_digest.h"
40 #include "url.h" /* for Curl_safefree() */
43 #define _MPRINTF_REPLACE /* use our functions only */
44 #include <curl/mprintf.h>
46 /* The last #include file should be: */
49 /* Test example headers:
51 WWW-Authenticate: Digest realm="testrealm", nonce="1053604598"
52 Proxy-Authenticate: Digest realm="testrealm", nonce="1053604598"
56 CURLdigest Curl_input_digest(struct connectdata *conn,
58 char *header) /* rest of the *-authenticate:
64 bool foundAuth = FALSE;
65 bool foundAuthInt = FALSE;
66 struct SessionHandle *data=conn->data;
67 bool before = FALSE; /* got a nonce before */
71 d = &data->state.proxydigest;
74 d = &data->state.digest;
77 /* skip initial whitespaces */
78 while(*header && isspace((int)*header))
81 if(checkprefix("Digest", header)) {
82 header += strlen("Digest");
84 /* If we already have received a nonce, keep that in mind */
88 /* clear off any former leftovers and init to defaults */
89 Curl_digest_cleanup_one(d);
96 while(*header && isspace((int)*header))
99 /* how big can these strings be? */
100 if((2 == sscanf(header, "%31[^=]=\"%127[^\"]\"",
102 /* try the same scan but without quotes around the content but don't
103 include the possibly trailing comma */
104 (2 == sscanf(header, "%31[^=]=%127[^,]",
106 if(strequal(value, "nonce")) {
107 d->nonce = strdup(content);
109 return CURLDIGEST_NOMEM;
111 else if(strequal(value, "stale")) {
112 if(strequal(content, "true")) {
114 d->nc = 1; /* we make a new nonce now */
117 else if(strequal(value, "realm")) {
118 d->realm = strdup(content);
120 return CURLDIGEST_NOMEM;
122 else if(strequal(value, "opaque")) {
123 d->opaque = strdup(content);
125 return CURLDIGEST_NOMEM;
127 else if(strequal(value, "qop")) {
129 /* tokenize the list and choose auth if possible, use a temporary
130 clone of the buffer since strtok_r() ruins it */
131 tmp = strdup(content);
133 return CURLDIGEST_NOMEM;
134 token = strtok_r(tmp, ",", &tok_buf);
135 while (token != NULL) {
136 if (strequal(token, "auth")) {
139 else if (strequal(token, "auth-int")) {
142 token = strtok_r(NULL, ",", &tok_buf);
145 /*select only auth o auth-int. Otherwise, ignore*/
147 d->qop = strdup("auth");
149 return CURLDIGEST_NOMEM;
151 else if (foundAuthInt) {
152 d->qop = strdup("auth-int");
154 return CURLDIGEST_NOMEM;
157 else if(strequal(value, "algorithm")) {
158 d->algorithm = strdup(content);
160 return CURLDIGEST_NOMEM;
161 if(strequal(content, "MD5-sess"))
162 d->algo = CURLDIGESTALGO_MD5SESS;
163 else if(strequal(content, "MD5"))
164 d->algo = CURLDIGESTALGO_MD5;
166 return CURLDIGEST_BADALGO;
169 /* unknown specifier, ignore it! */
171 totlen = strlen(value)+strlen(content)+1;
173 if(header[strlen(value)+1] == '\"')
174 /* the contents were within quotes, then add 2 for them to the
179 break; /* we're done here */
183 /* allow the list to be comma-separated */
186 /* We had a nonce since before, and we got another one now without
187 'stale=true'. This means we provided bad credentials in the previous
189 if(before && !d->stale)
190 return CURLDIGEST_BAD;
192 /* We got this header without a nonce, that's a bad Digest line! */
194 return CURLDIGEST_BAD;
197 /* else not a digest, get out */
198 return CURLDIGEST_NONE;
200 return CURLDIGEST_FINE;
203 /* convert md5 chunk to RFC2617 (section 3.1.3) -suitable ascii string*/
204 static void md5_to_ascii(unsigned char *source, /* 16 bytes */
205 unsigned char *dest) /* 33 bytes */
209 snprintf((char *)&dest[i*2], 3, "%02x", source[i]);
212 CURLcode Curl_output_digest(struct connectdata *conn,
214 unsigned char *request,
215 unsigned char *uripath)
217 /* We have a Digest setup for this, use it! Now, to get all the details for
218 this sorted out, I must urge you dear friend to read up on the RFC2617
220 unsigned char md5buf[16]; /* 16 bytes/128 bits */
221 unsigned char request_digest[33];
222 unsigned char *md5this;
224 unsigned char ha2[33];/* 32 digits and 1 zero byte */
235 struct SessionHandle *data = conn->data;
236 struct digestdata *d;
239 d = &data->state.proxydigest;
240 allocuserpwd = &conn->allocptr.proxyuserpwd;
241 userp = conn->proxyuser;
242 passwdp = conn->proxypasswd;
243 authp = &data->state.authproxy;
246 d = &data->state.digest;
247 allocuserpwd = &conn->allocptr.userpwd;
249 passwdp = conn->passwd;
250 authp = &data->state.authhost;
253 /* not set means empty */
270 /* Generate a cnonce */
272 snprintf(cnoncebuf, sizeof(cnoncebuf), "%06ld", now.tv_sec);
273 if(Curl_base64_encode(cnoncebuf, strlen(cnoncebuf), &cnonce))
276 return CURLE_OUT_OF_MEMORY;
280 if the algorithm is "MD5" or unspecified (which then defaults to MD5):
282 A1 = unq(username-value) ":" unq(realm-value) ":" passwd
284 if the algorithm is "MD5-sess" then:
286 A1 = H( unq(username-value) ":" unq(realm-value) ":" passwd )
287 ":" unq(nonce-value) ":" unq(cnonce-value)
290 md5this = (unsigned char *)
291 aprintf("%s:%s:%s", userp, d->realm, passwdp);
293 return CURLE_OUT_OF_MEMORY;
294 Curl_md5it(md5buf, md5this);
295 free(md5this); /* free this again */
297 ha1 = (unsigned char *)malloc(33); /* 32 digits and 1 zero byte */
299 return CURLE_OUT_OF_MEMORY;
301 md5_to_ascii(md5buf, ha1);
303 if(d->algo == CURLDIGESTALGO_MD5SESS) {
304 /* nonce and cnonce are OUTSIDE the hash */
305 tmp = aprintf("%s:%s:%s", ha1, d->nonce, d->cnonce);
307 return CURLE_OUT_OF_MEMORY;
308 Curl_md5it(md5buf, (unsigned char *)tmp);
309 free(tmp); /* free this again */
310 md5_to_ascii(md5buf, ha1);
314 If the "qop" directive's value is "auth" or is unspecified, then A2 is:
316 A2 = Method ":" digest-uri-value
318 If the "qop" value is "auth-int", then A2 is:
320 A2 = Method ":" digest-uri-value ":" H(entity-body)
322 (The "Method" value is the HTTP request method as specified in section
326 md5this = (unsigned char *)aprintf("%s:%s", request, uripath);
329 return CURLE_OUT_OF_MEMORY;
332 if (d->qop && strequal(d->qop, "auth-int")) {
333 /* We don't support auth-int at the moment. I can't see a easy way to get
335 /* TODO: Append H(entity-body)*/
337 Curl_md5it(md5buf, md5this);
338 free(md5this); /* free this again */
339 md5_to_ascii(md5buf, ha2);
342 md5this = (unsigned char *)aprintf("%s:%s:%08x:%s:%s:%s",
351 md5this = (unsigned char *)aprintf("%s:%s:%s",
358 return CURLE_OUT_OF_MEMORY;
360 Curl_md5it(md5buf, md5this);
361 free(md5this); /* free this again */
362 md5_to_ascii(md5buf, request_digest);
364 /* for test case 64 (snooped from a Mozilla 1.3a request)
366 Authorization: Digest username="testuser", realm="testrealm", \
367 nonce="1053604145", uri="/64", response="c55f7f30d83d774a3d2dcacf725abaca"
370 Curl_safefree(*allocuserpwd);
374 aprintf( "%sAuthorization: Digest "
387 uripath, /* this is the PATH part of the URL */
393 if(strequal(d->qop, "auth"))
394 d->nc++; /* The nc (from RFC) has to be a 8 hex digit number 0 padded
395 which tells to the server how many times you are using the
396 same nonce in the qop=auth mode. */
400 aprintf( "%sAuthorization: Digest "
410 uripath, /* this is the PATH part of the URL */
414 return CURLE_OUT_OF_MEMORY;
416 /* Add optional fields */
419 tmp = aprintf("%s, opaque=\"%s\"", *allocuserpwd, d->opaque);
421 return CURLE_OUT_OF_MEMORY;
427 /* append algorithm */
428 tmp = aprintf("%s, algorithm=\"%s\"", *allocuserpwd, d->algorithm);
430 return CURLE_OUT_OF_MEMORY;
435 /* append CRLF to the userpwd header */
436 tmp = (char*) realloc(*allocuserpwd, strlen(*allocuserpwd) + 3 + 1);
438 return CURLE_OUT_OF_MEMORY;
445 void Curl_digest_cleanup_one(struct digestdata *d)
472 d->algo = CURLDIGESTALGO_MD5; /* default algorithm */
473 d->stale = FALSE; /* default means normal, not stale */
477 void Curl_digest_cleanup(struct SessionHandle *data)
479 Curl_digest_cleanup_one(&data->state.digest);
480 Curl_digest_cleanup_one(&data->state.proxydigest);