1 /*************************************************************************** 2 * _ _ ____ _ 3 * Project ___| | | | _ \| | 4 * / __| | | | |_) | | 5 * | (__| |_| | _ <| |___ 6 * \___|\___/|_| \_\_____| 7 * 8 * Copyright (C) 1998 - 2016, Daniel Stenberg, <daniel (at) haxx.se>, et al. 9 * 10 * This software is licensed as described in the file COPYING, which 11 * you should have received as part of this distribution. The terms 12 * are also available at https://curl.haxx.se/docs/copyright.html. 13 * 14 * You may opt to use, copy, modify, merge, publish, distribute and/or sell 15 * copies of the Software, and permit persons to whom the Software is 16 * furnished to do so, under the terms of the COPYING file. 17 * 18 * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY 19 * KIND, either express or implied. 20 * 21 ***************************************************************************/ 22 23 #include "curl_setup.h" 24 25 #if !defined(CURL_DISABLE_HTTP) && !defined(CURL_DISABLE_CRYPTO_AUTH) 26 27 #include "urldata.h" 28 #include "rawstr.h" 29 #include "vauth/vauth.h" 30 #include "http_digest.h" 31 /* The last 3 #include files should be in this order */ 32 #include "curl_printf.h" 33 #include "curl_memory.h" 34 #include "memdebug.h" 35 36 /* Test example headers: 37 38 WWW-Authenticate: Digest realm="testrealm", nonce="1053604598" 39 Proxy-Authenticate: Digest realm="testrealm", nonce="1053604598" 40 41 */ 42 43 CURLcode Curl_input_digest(struct connectdata *conn, 44 bool proxy, 45 const char *header) /* rest of the *-authenticate: 46 header */ 47 { 48 struct Curl_easy *data = conn->data; 49 50 /* Point to the correct struct with this */ 51 struct digestdata *digest; 52 53 if(proxy) { 54 digest = &data->state.proxydigest; 55 } 56 else { 57 digest = &data->state.digest; 58 } 59 60 if(!checkprefix("Digest", header)) 61 return CURLE_BAD_CONTENT_ENCODING; 62 63 header += strlen("Digest"); 64 while(*header && ISSPACE(*header)) 65 header++; 66 67 return Curl_auth_decode_digest_http_message(header, digest); 68 } 69 70 CURLcode Curl_output_digest(struct connectdata *conn, 71 bool proxy, 72 const unsigned char *request, 73 const unsigned char *uripath) 74 { 75 CURLcode result; 76 struct Curl_easy *data = conn->data; 77 unsigned char *path; 78 char *tmp; 79 char *response; 80 size_t len; 81 bool have_chlg; 82 83 /* Point to the address of the pointer that holds the string to send to the 84 server, which is for a plain host or for a HTTP proxy */ 85 char **allocuserpwd; 86 87 /* Point to the name and password for this */ 88 const char *userp; 89 const char *passwdp; 90 91 /* Point to the correct struct with this */ 92 struct digestdata *digest; 93 struct auth *authp; 94 95 if(proxy) { 96 digest = &data->state.proxydigest; 97 allocuserpwd = &conn->allocptr.proxyuserpwd; 98 userp = conn->proxyuser; 99 passwdp = conn->proxypasswd; 100 authp = &data->state.authproxy; 101 } 102 else { 103 digest = &data->state.digest; 104 allocuserpwd = &conn->allocptr.userpwd; 105 userp = conn->user; 106 passwdp = conn->passwd; 107 authp = &data->state.authhost; 108 } 109 110 Curl_safefree(*allocuserpwd); 111 112 /* not set means empty */ 113 if(!userp) 114 userp = ""; 115 116 if(!passwdp) 117 passwdp = ""; 118 119 #if defined(USE_WINDOWS_SSPI) 120 have_chlg = digest->input_token ? TRUE : FALSE; 121 #else 122 have_chlg = digest->nonce ? TRUE : FALSE; 123 #endif 124 125 if(!have_chlg) { 126 authp->done = FALSE; 127 return CURLE_OK; 128 } 129 130 /* So IE browsers < v7 cut off the URI part at the query part when they 131 evaluate the MD5 and some (IIS?) servers work with them so we may need to 132 do the Digest IE-style. Note that the different ways cause different MD5 133 sums to get sent. 134 135 Apache servers can be set to do the Digest IE-style automatically using 136 the BrowserMatch feature: 137 https://httpd.apache.org/docs/2.2/mod/mod_auth_digest.html#msie 138 139 Further details on Digest implementation differences: 140 http://www.fngtps.com/2006/09/http-authentication 141 */ 142 143 if(authp->iestyle && ((tmp = strchr((char *)uripath, '?')) != NULL)) { 144 size_t urilen = tmp - (char *)uripath; 145 146 path = (unsigned char *) aprintf("%.*s", urilen, uripath); 147 } 148 else 149 path = (unsigned char *) strdup((char *) uripath); 150 151 if(!path) 152 return CURLE_OUT_OF_MEMORY; 153 154 result = Curl_auth_create_digest_http_message(data, userp, passwdp, request, 155 path, digest, &response, &len); 156 free(path); 157 if(result) 158 return result; 159 160 *allocuserpwd = aprintf("%sAuthorization: Digest %s\r\n", 161 proxy ? "Proxy-" : "", 162 response); 163 free(response); 164 if(!*allocuserpwd) 165 return CURLE_OUT_OF_MEMORY; 166 167 authp->done = TRUE; 168 169 return CURLE_OK; 170 } 171 172 void Curl_digest_cleanup(struct Curl_easy *data) 173 { 174 Curl_auth_digest_cleanup(&data->state.digest); 175 Curl_auth_digest_cleanup(&data->state.proxydigest); 176 } 177 178 #endif 179