aboutsummaryrefslogtreecommitdiffstats
path: root/camel/camel-sasl-kerberos4.c
diff options
context:
space:
mode:
authorDan Winship <danw@src.gnome.org>2001-03-02 06:23:23 +0800
committerDan Winship <danw@src.gnome.org>2001-03-02 06:23:23 +0800
commit61a496ffcad857b0dac176861206c4a98edc1620 (patch)
tree7c82b6f1f675b9baee5b06bd1b7406663e771b74 /camel/camel-sasl-kerberos4.c
parent63a09dc65bc9f54ec389cabb99c848ce56ef2fbc (diff)
downloadgsoc2013-evolution-61a496ffcad857b0dac176861206c4a98edc1620.tar.gz
gsoc2013-evolution-61a496ffcad857b0dac176861206c4a98edc1620.tar.zst
gsoc2013-evolution-61a496ffcad857b0dac176861206c4a98edc1620.zip
Take a GByteArray as input as well. Comment that you can pass %NULL for
* camel-sasl.c (camel_sasl_challenge): Take a GByteArray as input as well. Comment that you can pass %NULL for @token to get the initial auth data for mechanisms that are client-initiated. (camel_sasl_challenge_base64): Convenience function for protocols that use base64-encoded SASL. (camel_sasl_authenticated): Implement this... (it was prototyped already) (camel_sasl_new): Function to take a service name, a mechanism name, and a CamelService, and return a CamelSasl for it. (camel_sasl_authtype, camel_sasl_authtype_list): Functions to return CamelServiceAuthType information about SASL mechanisms, to allow providers to deal with them generically. * camel-sasl-anonymous.c, camel-sasl-plain.c: Update/simplify for CamelSasl changes. Both of these are single-round (client-initiated) mechanisms, so they don't need to keep state. (camel_sasl_plain_new): Removed; use camel_sasl_new instead. (Can't get rid of camel_sasl_anonymous_new though...) * camel-sasl-cram-md5.c: Update/simplify for CamelSasl changes. (camel_sasl_cram_md5_new): Removed; use camel_sasl_new instead. (cram_md5_challenge): Use md5_get_digest where possible, and various other minor simplifications. CRAM-MD5 only has a single round, so there's no need to keep track of state. This code is now tested (against Cyrus IMAPd) and known to work. * camel-sasl-kerberos4.h: Update/simplify for CamelSasl changes. Make only a single #ifdef HAVE_KRB4. Remove stuff from priv that isn't needed between rounds. (camel_sasl_kerberos4_new): Removed; use camel_sasl_new instead (krb4_challenge): Fix up the logic I broke in my previous "at least make it compile" fixes, update to match other changes, and remove IMAP-isms that shouldn't be in the generic code. This still isn't tested, because we're stuck behind a NAT right now... svn path=/trunk/; revision=8462
Diffstat (limited to 'camel/camel-sasl-kerberos4.c')
-rw-r--r--camel/camel-sasl-kerberos4.c200
1 files changed, 76 insertions, 124 deletions
diff --git a/camel/camel-sasl-kerberos4.c b/camel/camel-sasl-kerberos4.c
index bb61a440a1..0079a88b25 100644
--- a/camel/camel-sasl-kerberos4.c
+++ b/camel/camel-sasl-kerberos4.c
@@ -23,17 +23,27 @@
#include <config.h>
#ifdef HAVE_KRB4
+
#include <krb.h>
/* MIT krb4 des.h #defines _. Sigh. We don't need it. #undef it here
* so we get the gettexty _ definition later.
*/
#undef _
-#endif
#include "camel-sasl-kerberos4.h"
-#include "camel-mime-utils.h"
+#include "camel-service.h"
#include <string.h>
+CamelServiceAuthType camel_sasl_kerberos4_authtype = {
+ N_("Kerberos 4"),
+
+ N_("This option will connect to the server using "
+ "Kerberos 4 authentication."),
+
+ "KERBEROS_V4",
+ FALSE
+};
+
#define KERBEROS_V4_PROTECTION_NONE 1
#define KERBEROS_V4_PROTECTION_INTEGRITY 2
#define KERBEROS_V4_PROTECTION_PRIVACY 4
@@ -43,44 +53,27 @@ static CamelSaslClass *parent_class = NULL;
/* Returns the class for a CamelSaslKerberos4 */
#define CSK4_CLASS(so) CAMEL_SASL_KERBEROS4_CLASS (CAMEL_OBJECT_GET_CLASS (so))
-#ifdef HAVE_KRB4
-static GByteArray *krb4_challenge (CamelSasl *sasl, const char *token, CamelException *ex);
-#endif
-
-enum {
- STATE_NONCE,
- STATE_NONCE_PLUS_ONE,
- STATE_FINAL
-};
+static GByteArray *krb4_challenge (CamelSasl *sasl, GByteArray *token, CamelException *ex);
struct _CamelSaslKerberos4Private {
int state;
guint32 nonce_n;
guint32 nonce_h;
- guint32 plus1;
-#ifdef HAVE_KRB4
- KTEXT_ST authenticator;
- CREDENTIALS credentials;
des_cblock session;
des_key_schedule schedule;
-#endif /* HAVE_KRB4 */
};
static void
camel_sasl_kerberos4_class_init (CamelSaslKerberos4Class *camel_sasl_kerberos4_class)
{
-#ifdef HAVE_KRB4
CamelSaslClass *camel_sasl_class = CAMEL_SASL_CLASS (camel_sasl_kerberos4_class);
-#endif
parent_class = CAMEL_SASL_CLASS (camel_type_get_global_classfuncs (camel_sasl_get_type ()));
/* virtual method overload */
-#ifdef HAVE_KRB4
camel_sasl_class->challenge = krb4_challenge;
-#endif
}
static void
@@ -95,10 +88,11 @@ static void
camel_sasl_kerberos4_finalize (CamelObject *object)
{
CamelSaslKerberos4 *sasl = CAMEL_SASL_KERBEROS4 (object);
-
- g_free (sasl->protocol);
- g_free (sasl->username);
- g_free (sasl->priv);
+
+ if (sasl->priv) {
+ memset (sasl->priv, 0, sizeof (sasl->priv));
+ g_free (sasl->priv);
+ }
}
@@ -121,148 +115,106 @@ camel_sasl_kerberos4_get_type (void)
return type;
}
-CamelSasl *
-camel_sasl_kerberos4_new (const char *protocol, const char *username, struct hostent *host)
-{
- CamelSaslKerberos4 *sasl_krb4;
-
- if (!protocol) return NULL;
- if (!username) return NULL;
- if (!host) return NULL;
-
-#ifdef HAVE_KRB4
- sasl_krb4 = CAMEL_SASL_KERBEROS4 (camel_object_new (camel_sasl_kerberos4_get_type ()));
- sasl_krb4->protocol = g_strdup (protocol);
- g_strdown (sasl_krb4->protocol);
- sasl_krb4->username = g_strdup (username);
- sasl_krb4->host = host;
-
- return CAMEL_SASL (sasl_krb4);
-#else
- return NULL;
-#endif /* HAVE_KRB4 */
-}
-
-#ifdef HAVE_KRB4
static GByteArray *
-krb4_challenge (CamelSasl *sasl, const char *token, CamelException *ex)
+krb4_challenge (CamelSasl *sasl, GByteArray *token, CamelException *ex)
{
- CamelSaslKerberos4 *sasl_krb4 = CAMEL_SASL_KERBEROS4 (sasl);
- struct _CamelSaslKerberos4Private *priv = sasl_krb4->priv;
- char *buf = NULL, *data = NULL;
+ struct _CamelSaslKerberos4Private *priv = CAMEL_SASL_KERBEROS4 (sasl)->priv;
GByteArray *ret = NULL;
- char *inst, *realm;
+ char *inst, *realm, *username;
struct hostent *h;
int status, len;
KTEXT_ST authenticator;
CREDENTIALS credentials;
- des_cblock session;
- des_key_schedule schedule;
-
- if (token)
- data = g_strdup (token);
- else
- goto fail;
-
+ guint32 plus1;
+
+ /* Need to wait for the server */
+ if (!token)
+ return NULL;
+
switch (priv->state) {
- case STATE_NONCE:
- if (strlen (data) != 8 || base64_decode_simple (data, 8) != 4)
- goto break_and_lose;
-
- memcpy (&priv->nonce_n, data, 4);
+ case 0:
+ if (token->len != 4)
+ goto lose;
+
+ memcpy (&priv->nonce_n, token->data, 4);
priv->nonce_h = ntohl (priv->nonce_n);
-
+
/* Our response is an authenticator including that number. */
- h = sasl_krb4->host;
+ h = camel_service_gethost (sasl->service, ex);
inst = g_strndup (h->h_name, strcspn (h->h_name, "."));
g_strdown (inst);
realm = g_strdup (krb_realmofhost (h->h_name));
- status = krb_mk_req (&authenticator, sasl_krb4->protocol, inst, realm, priv->nonce_h);
+ status = krb_mk_req (&authenticator, sasl->service_name, inst, realm, priv->nonce_h);
if (status == KSUCCESS) {
- status = krb_get_cred (sasl_krb4->protocol, inst, realm, &credentials);
- memcpy (session, credentials.session, sizeof (session));
+ status = krb_get_cred (sasl->service_name, inst, realm, &credentials);
+ memcpy (priv->session, credentials.session, sizeof (priv->session));
memset (&credentials, 0, sizeof (credentials));
}
g_free (inst);
g_free (realm);
-
+
if (status != KSUCCESS) {
camel_exception_setv (ex, CAMEL_EXCEPTION_SERVICE_CANT_AUTHENTICATE,
_("Could not get Kerberos ticket:\n%s"),
krb_err_txt[status]);
- goto break_and_lose;
+ goto lose;
}
- des_key_sched (&session, schedule);
-
- buf = base64_encode_simple (authenticator.dat, authenticator.length);
+ des_key_sched (&priv->session, priv->schedule);
+
+ ret = g_byte_array_new ();
+ g_byte_array_append (ret, (const guint8 *)authenticator.dat, authenticator.length);
break;
- case STATE_NONCE_PLUS_ONE:
- len = strlen (data);
- base64_decode_simple (data, len);
-
+
+ case 1:
+ if (token->len != 8)
+ goto lose;
+
/* This one is encrypted. */
- des_ecb_encrypt ((des_cblock *)data, (des_cblock *)data, schedule, 0);
-
+ des_ecb_encrypt ((des_cblock *)token->data, (des_cblock *)token->data, priv->schedule, 0);
+
/* Check that the returned value is the original nonce plus one. */
- memcpy (&priv->plus1, data, 4);
- if (ntohl (priv->plus1) != priv->nonce_h + 1)
+ memcpy (&plus1, token->data, 4);
+ if (ntohl (plus1) != priv->nonce_h + 1)
goto lose;
-
+
/* "the fifth octet contain[s] a bit-mask specifying the
* protection mechanisms supported by the server"
*/
- if (!(data[4] & KERBEROS_V4_PROTECTION_NONE)) {
+ if (!(token->data[4] & KERBEROS_V4_PROTECTION_NONE)) {
g_warning ("Server does not support `no protection' :-(");
- goto break_and_lose;
+ goto lose;
}
-
- len = strlen (sasl_krb4->username) + 9;
+
+ username = sasl->service->url->user;
+ len = strlen (username) + 9;
len += 8 - len % 8;
- data = g_malloc0 (len);
- memcpy (data, &priv->nonce_n, 4);
- data[4] = KERBEROS_V4_PROTECTION_NONE;
- data[5] = data[6] = data[7] = 0;
- strcpy (data + 8, sasl_krb4->username);
-
- des_pcbc_encrypt ((void *)data, (void *)data, len,
- schedule, &session, 1);
- memset (&session, 0, sizeof (session));
- buf = base64_encode_simple (data, len);
- break;
- case STATE_FINAL:
+ ret = g_byte_array_new ();
+ g_byte_array_set_size (ret, len);
+ memset (ret->data, 0, len);
+ memcpy (ret->data, &priv->nonce_n, 4);
+ ret->data[4] = KERBEROS_V4_PROTECTION_NONE;
+ ret->data[5] = ret->data[6] = ret->data[7] = 0;
+ strcpy (ret->data + 8, username);
+
+ des_pcbc_encrypt ((void *)ret->data, (void *)ret->data, len,
+ priv->schedule, &priv->session, 1);
+ memset (&priv->session, 0, sizeof (priv->session));
+
sasl->authenticated = TRUE;
break;
- default:
- break;
}
-
- g_free (data);
+
priv->state++;
-
- if (buf) {
- ret = g_byte_array_new ();
- g_byte_array_append (ret, buf, strlen (buf));
- g_free (buf);
- }
-
return ret;
-
- break_and_lose:
- /* Get the server out of "waiting for continuation data" mode. */
- g_free (data);
- ret = g_byte_array_new ();
- g_byte_array_append (ret, "*", 1);
- return ret;
-
+
lose:
- memset (&session, 0, sizeof (session));
-
+ memset (&priv->session, 0, sizeof (priv->session));
+
if (!camel_exception_is_set (ex)) {
camel_exception_set (ex, CAMEL_EXCEPTION_SERVICE_CANT_AUTHENTICATE,
_("Bad authentication response from server."));
}
- fail:
- g_free (data);
return NULL;
}
-#endif HAVE_KRB4
+
+#endif /* HAVE_KRB4 */