robin.thoni
/
ipxe
Suivre 1
Ajouter aux favoris 0
Bifurcation 0
Code Tickets 0 Demandes d'ajout 0 Versions 11 Wiki Activité
Vous ne pouvez pas sélectionner plus de 25 sujets Les noms de sujets doivent commencer par une lettre ou un nombre, peuvent contenir des tirets ('-') et peuvent comporter jusqu'à 35 caractères.
5193 Révisions
2 Branches
Aborescence: 518a98eb56
Branches Tags
${ item.name }
Créer la branche ${ searchTerm }
de '518a98eb56'
${ noResults }
ipxe/src/net/tcp/httpdigest.c

httpdigest.c 6.7KB
Historique Brut

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234 
  1. /*

  2.  * Copyright (C) 2015 Michael Brown <mbrown@fensystems.co.uk>.

  3.  *

  4.  * This program is free software; you can redistribute it and/or

  5.  * modify it under the terms of the GNU General Public License as

  6.  * published by the Free Software Foundation; either version 2 of the

  7.  * License, or any later version.

  8.  *

  9.  * This program is distributed in the hope that it will be useful, but

  10.  * WITHOUT ANY WARRANTY; without even the implied warranty of

  11.  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU

  12.  * General Public License for more details.

  13.  *

  14.  * You should have received a copy of the GNU General Public License

  15.  * along with this program; if not, write to the Free Software

  16.  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA

  17.  * 02110-1301, USA.

  18.  *

  19.  * You can also choose to distribute this program under the terms of

  20.  * the Unmodified Binary Distribution Licence (as given in the file

  21.  * COPYING.UBDL), provided that you have satisfied its requirements.

  22.  */

  23. 

  24. FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL );

  25. 

  26. /**

  27.  * @file

  28.  *

  29.  * Hyper Text Transfer Protocol (HTTP) Digest authentication

  30.  *

  31.  */

  32. 

  33. #include <stdio.h>

  34. #include <errno.h>

  35. #include <strings.h>

  36. #include <ipxe/uri.h>

  37. #include <ipxe/md5.h>

  38. #include <ipxe/base16.h>

  39. #include <ipxe/vsprintf.h>

  40. #include <ipxe/http.h>

  41. 

  42. /* Disambiguate the various error causes */

  43. #define EACCES_USERNAME __einfo_error ( EINFO_EACCES_USERNAME )

  44. #define EINFO_EACCES_USERNAME						\

  45. 	__einfo_uniqify ( EINFO_EACCES, 0x01,				\

  46. 			  "No username available for Digest authentication" )

  47. 

  48. /**

  49.  * Initialise HTTP Digest

  50.  *

  51.  * @v ctx		Digest context

  52.  * @v string		Initial string

  53.  */

  54. static void http_digest_init ( struct md5_context *ctx ) {

  55. 

  56. 	/* Initialise MD5 digest */

  57. 	digest_init ( &md5_algorithm, ctx );

  58. }

  59. 

  60. /**

  61.  * Update HTTP Digest with new data

  62.  *

  63.  * @v ctx		Digest context

  64.  * @v string		String to append

  65.  */

  66. static void http_digest_update ( struct md5_context *ctx, const char *string ) {

  67. 	static const char colon = ':';

  68. 

  69. 	/* Add (possibly colon-separated) field to MD5 digest */

  70. 	if ( ctx->len )

  71. 		digest_update ( &md5_algorithm, ctx, &colon, sizeof ( colon ) );

  72. 	digest_update ( &md5_algorithm, ctx, string, strlen ( string ) );

  73. }

  74. 

  75. /**

  76.  * Finalise HTTP Digest

  77.  *

  78.  * @v ctx		Digest context

  79.  * @v out		Buffer for digest output

  80.  * @v len		Buffer length

  81.  */

  82. static void http_digest_final ( struct md5_context *ctx, char *out,

  83. 				size_t len ) {

  84. 	uint8_t digest[MD5_DIGEST_SIZE];

  85. 

  86. 	/* Finalise and base16-encode MD5 digest */

  87. 	digest_final ( &md5_algorithm, ctx, digest );

  88. 	base16_encode ( digest, sizeof ( digest ), out, len );

  89. }

  90. 

  91. /**

  92.  * Perform HTTP Digest authentication

  93.  *

  94.  * @v http		HTTP transaction

  95.  * @ret rc		Return status code

  96.  */

  97. static int http_digest_authenticate ( struct http_transaction *http ) {

  98. 	struct http_request_auth *req = &http->request.auth;

  99. 	struct http_response_auth *rsp = &http->response.auth;

  100. 	char ha1[ base16_encoded_len ( MD5_DIGEST_SIZE ) + 1 /* NUL */ ];

  101. 	char ha2[ base16_encoded_len ( MD5_DIGEST_SIZE ) + 1 /* NUL */ ];

  102. 	static const char md5sess[] = "MD5-sess";

  103. 	static const char md5[] = "MD5";

  104. 	struct md5_context ctx;

  105. 

  106. 	/* Check for required response parameters */

  107. 	if ( ! rsp->realm ) {

  108. 		DBGC ( http, "HTTP %p has no realm for Digest authentication\n",

  109. 		       http );

  110. 		return -EINVAL;

  111. 	}

  112. 	if ( ! rsp->nonce ) {

  113. 		DBGC ( http, "HTTP %p has no nonce for Digest authentication\n",

  114. 		       http );

  115. 		return -EINVAL;

  116. 	}

  117. 

  118. 	/* Record username and password */

  119. 	if ( ! http->uri->user ) {

  120. 		DBGC ( http, "HTTP %p has no username for Digest "

  121. 		       "authentication\n", http );

  122. 		return -EACCES_USERNAME;

  123. 	}

  124. 	req->username = http->uri->user;

  125. 	req->password = ( http->uri->password ? http->uri->password : "" );

  126. 

  127. 	/* Handle quality of protection */

  128. 	if ( rsp->qop ) {

  129. 

  130. 		/* Use "auth" in subsequent request */

  131. 		req->qop = "auth";

  132. 

  133. 		/* Generate a client nonce */

  134. 		snprintf ( req->cnonce, sizeof ( req->cnonce ),

  135. 			   "%08lx", random() );

  136. 

  137. 		/* Determine algorithm */

  138. 		req->algorithm = md5;

  139. 		if ( rsp->algorithm &&

  140. 		     ( strcasecmp ( rsp->algorithm, md5sess ) == 0 ) ) {

  141. 			req->algorithm = md5sess;

  142. 		}

  143. 	}

  144. 

  145. 	/* Generate HA1 */

  146. 	http_digest_init ( &ctx );

  147. 	http_digest_update ( &ctx, req->username );

  148. 	http_digest_update ( &ctx, rsp->realm );

  149. 	http_digest_update ( &ctx, req->password );

  150. 	http_digest_final ( &ctx, ha1, sizeof ( ha1 ) );

  151. 	if ( req->algorithm == md5sess ) {

  152. 		http_digest_init ( &ctx );

  153. 		http_digest_update ( &ctx, ha1 );

  154. 		http_digest_update ( &ctx, rsp->nonce );

  155. 		http_digest_update ( &ctx, req->cnonce );

  156. 		http_digest_final ( &ctx, ha1, sizeof ( ha1 ) );

  157. 	}

  158. 

  159. 	/* Generate HA2 */

  160. 	http_digest_init ( &ctx );

  161. 	http_digest_update ( &ctx, http->request.method->name );

  162. 	http_digest_update ( &ctx, http->request.uri );

  163. 	http_digest_final ( &ctx, ha2, sizeof ( ha2 ) );

  164. 

  165. 	/* Generate response */

  166. 	http_digest_init ( &ctx );

  167. 	http_digest_update ( &ctx, ha1 );

  168. 	http_digest_update ( &ctx, rsp->nonce );

  169. 	if ( req->qop ) {

  170. 		http_digest_update ( &ctx, HTTP_DIGEST_NC );

  171. 		http_digest_update ( &ctx, req->cnonce );

  172. 		http_digest_update ( &ctx, req->qop );

  173. 	}

  174. 	http_digest_update ( &ctx, ha2 );

  175. 	http_digest_final ( &ctx, req->response, sizeof ( req->response ) );

  176. 

  177. 	return 0;

  178. }

  179. 

  180. /**

  181.  * Construct HTTP "Authorization" header for Digest authentication

  182.  *

  183.  * @v http		HTTP transaction

  184.  * @v buf		Buffer

  185.  * @v len		Length of buffer

  186.  * @ret len		Length of header value, or negative error

  187.  */

  188. static int http_format_digest_auth ( struct http_transaction *http,

  189. 				     char *buf, size_t len ) {

  190. 	struct http_request_auth *req = &http->request.auth;

  191. 	struct http_response_auth *rsp = &http->response.auth;

  192. 	size_t used = 0;

  193. 

  194. 	/* Sanity checks */

  195. 	assert ( rsp->realm != NULL );

  196. 	assert ( rsp->nonce != NULL );

  197. 	assert ( req->username != NULL );

  198. 	if ( req->qop ) {

  199. 		assert ( req->algorithm != NULL );

  200. 		assert ( req->cnonce[0] != '\0' );

  201. 	}

  202. 	assert ( req->response[0] != '\0' );

  203. 

  204. 	/* Construct response */

  205. 	used += ssnprintf ( ( buf + used ), ( len - used ),

  206. 			    "realm=\"%s\", nonce=\"%s\", uri=\"%s\", "

  207. 			    "username=\"%s\"", rsp->realm, rsp->nonce,

  208. 			    http->request.uri, req->username );

  209. 	if ( rsp->opaque ) {

  210. 		used += ssnprintf ( ( buf + used ), ( len - used ),

  211. 				    ", opaque=\"%s\"", rsp->opaque );

  212. 	}

  213. 	if ( req->qop ) {

  214. 		used += ssnprintf ( ( buf + used ), ( len - used ),

  215. 				    ", qop=%s, algorithm=%s, cnonce=\"%s\", "

  216. 				    "nc=" HTTP_DIGEST_NC, req->qop,

  217. 				    req->algorithm, req->cnonce );

  218. 	}

  219. 	used += ssnprintf ( ( buf + used ), ( len - used ),

  220. 			    ", response=\"%s\"", req->response );

  221. 

  222. 	return used;

  223. }

  224. 

  225. /** HTTP Digest authentication scheme */

  226. struct http_authentication http_digest_auth __http_authentication = {

  227. 	.name = "Digest",

  228. 	.authenticate = http_digest_authenticate,

  229. 	.format = http_format_digest_auth,

  230. };

  231. 

  232. /* Drag in HTTP authentication support */

  233. REQUIRING_SYMBOL ( http_digest_auth );

  234. REQUIRE_OBJECT ( httpauth );