1 /***************************************************************************
2 * _ _ ____ _
3 * Project ___| | | | _ \| |
4 * / __| | | | |_) | |
5 * | (__| |_| | _ <| |___
6 * \___|\___/|_| \_\_____|
7 *
8 * Copyright (C) 1998 - 2016, Daniel Stenberg, <daniel@haxx.se>, et al.
9 *
10 * This software is licensed as described in the file COPYING, which
11 * you should have received as part of this distribution. The terms
12 * are also available at https://curl.haxx.se/docs/copyright.html.
13 *
14 * You may opt to use, copy, modify, merge, publish, distribute and/or sell
15 * copies of the Software, and permit persons to whom the Software is
16 * furnished to do so, under the terms of the COPYING file.
17 *
18 * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
19 * KIND, either express or implied.
20 *
21 ***************************************************************************/
22
23 #include "curl_setup.h"
24
25 #if !defined(CURL_DISABLE_HTTP) && !defined(CURL_DISABLE_CRYPTO_AUTH)
26
27 #include "urldata.h"
28 #include "strcase.h"
29 #include "vauth/vauth.h"
30 #include "http_digest.h"
31 /* The last 3 #include files should be in this order */
32 #include "curl_printf.h"
33 #include "curl_memory.h"
34 #include "memdebug.h"
35
36 /* Test example headers:
37
38 WWW-Authenticate: Digest realm="testrealm", nonce="1053604598"
39 Proxy-Authenticate: Digest realm="testrealm", nonce="1053604598"
40
41 */
42
Curl_input_digest(struct connectdata * conn,bool proxy,const char * header)43 CURLcode Curl_input_digest(struct connectdata *conn,
44 bool proxy,
45 const char *header) /* rest of the *-authenticate:
46 header */
47 {
48 struct Curl_easy *data = conn->data;
49
50 /* Point to the correct struct with this */
51 struct digestdata *digest;
52
53 if(proxy) {
54 digest = &data->state.proxydigest;
55 }
56 else {
57 digest = &data->state.digest;
58 }
59
60 if(!checkprefix("Digest", header))
61 return CURLE_BAD_CONTENT_ENCODING;
62
63 header += strlen("Digest");
64 while(*header && ISSPACE(*header))
65 header++;
66
67 return Curl_auth_decode_digest_http_message(header, digest);
68 }
69
Curl_output_digest(struct connectdata * conn,bool proxy,const unsigned char * request,const unsigned char * uripath)70 CURLcode Curl_output_digest(struct connectdata *conn,
71 bool proxy,
72 const unsigned char *request,
73 const unsigned char *uripath)
74 {
75 CURLcode result;
76 struct Curl_easy *data = conn->data;
77 unsigned char *path = NULL;
78 char *tmp = NULL;
79 char *response;
80 size_t len;
81 bool have_chlg;
82
83 /* Point to the address of the pointer that holds the string to send to the
84 server, which is for a plain host or for a HTTP proxy */
85 char **allocuserpwd;
86
87 /* Point to the name and password for this */
88 const char *userp;
89 const char *passwdp;
90
91 /* Point to the correct struct with this */
92 struct digestdata *digest;
93 struct auth *authp;
94
95 if(proxy) {
96 digest = &data->state.proxydigest;
97 allocuserpwd = &conn->allocptr.proxyuserpwd;
98 userp = conn->http_proxy.user;
99 passwdp = conn->http_proxy.passwd;
100 authp = &data->state.authproxy;
101 }
102 else {
103 digest = &data->state.digest;
104 allocuserpwd = &conn->allocptr.userpwd;
105 userp = conn->user;
106 passwdp = conn->passwd;
107 authp = &data->state.authhost;
108 }
109
110 Curl_safefree(*allocuserpwd);
111
112 /* not set means empty */
113 if(!userp)
114 userp = "";
115
116 if(!passwdp)
117 passwdp = "";
118
119 #if defined(USE_WINDOWS_SSPI)
120 have_chlg = digest->input_token ? TRUE : FALSE;
121 #else
122 have_chlg = digest->nonce ? TRUE : FALSE;
123 #endif
124
125 if(!have_chlg) {
126 authp->done = FALSE;
127 return CURLE_OK;
128 }
129
130 /* So IE browsers < v7 cut off the URI part at the query part when they
131 evaluate the MD5 and some (IIS?) servers work with them so we may need to
132 do the Digest IE-style. Note that the different ways cause different MD5
133 sums to get sent.
134
135 Apache servers can be set to do the Digest IE-style automatically using
136 the BrowserMatch feature:
137 https://httpd.apache.org/docs/2.2/mod/mod_auth_digest.html#msie
138
139 Further details on Digest implementation differences:
140 http://www.fngtps.com/2006/09/http-authentication
141 */
142
143 if(authp->iestyle) {
144 tmp = strchr((char *)uripath, '?');
145 if(tmp) {
146 size_t urilen = tmp - (char *)uripath;
147 path = (unsigned char *) aprintf("%.*s", urilen, uripath);
148 }
149 }
150 if(!tmp)
151 path = (unsigned char *) strdup((char *) uripath);
152
153 if(!path)
154 return CURLE_OUT_OF_MEMORY;
155
156 result = Curl_auth_create_digest_http_message(data, userp, passwdp, request,
157 path, digest, &response, &len);
158 free(path);
159 if(result)
160 return result;
161
162 *allocuserpwd = aprintf("%sAuthorization: Digest %s\r\n",
163 proxy ? "Proxy-" : "",
164 response);
165 free(response);
166 if(!*allocuserpwd)
167 return CURLE_OUT_OF_MEMORY;
168
169 authp->done = TRUE;
170
171 return CURLE_OK;
172 }
173
Curl_digest_cleanup(struct Curl_easy * data)174 void Curl_digest_cleanup(struct Curl_easy *data)
175 {
176 Curl_auth_digest_cleanup(&data->state.digest);
177 Curl_auth_digest_cleanup(&data->state.proxydigest);
178 }
179
180 #endif
181