author | Chris Jones <christian.jones@sri.com> |
Thu, 20 Feb 2014 15:55:19 -0700 (2014-02-20) | |
changeset 184 | ce49140fe60b |
parent 178 | ccfebbd9f49b |
permissions | -rw-r--r-- |
143
62166e57800e
Split stream.go into layer1, layer2, layer3, and sasl.
Chris Jones <christian.jones@sri.com>
parents:
diff
changeset
|
1 |
// Deal with SASL authentication. |
62166e57800e
Split stream.go into layer1, layer2, layer3, and sasl.
Chris Jones <christian.jones@sri.com>
parents:
diff
changeset
|
2 |
|
62166e57800e
Split stream.go into layer1, layer2, layer3, and sasl.
Chris Jones <christian.jones@sri.com>
parents:
diff
changeset
|
3 |
package xmpp |
62166e57800e
Split stream.go into layer1, layer2, layer3, and sasl.
Chris Jones <christian.jones@sri.com>
parents:
diff
changeset
|
4 |
|
62166e57800e
Split stream.go into layer1, layer2, layer3, and sasl.
Chris Jones <christian.jones@sri.com>
parents:
diff
changeset
|
5 |
import ( |
145 | 6 |
"crypto/md5" |
7 |
"crypto/rand" |
|
8 |
"encoding/base64" |
|
143
62166e57800e
Split stream.go into layer1, layer2, layer3, and sasl.
Chris Jones <christian.jones@sri.com>
parents:
diff
changeset
|
9 |
"encoding/xml" |
62166e57800e
Split stream.go into layer1, layer2, layer3, and sasl.
Chris Jones <christian.jones@sri.com>
parents:
diff
changeset
|
10 |
"fmt" |
62166e57800e
Split stream.go into layer1, layer2, layer3, and sasl.
Chris Jones <christian.jones@sri.com>
parents:
diff
changeset
|
11 |
"math/big" |
62166e57800e
Split stream.go into layer1, layer2, layer3, and sasl.
Chris Jones <christian.jones@sri.com>
parents:
diff
changeset
|
12 |
"regexp" |
145 | 13 |
"strings" |
143
62166e57800e
Split stream.go into layer1, layer2, layer3, and sasl.
Chris Jones <christian.jones@sri.com>
parents:
diff
changeset
|
14 |
) |
62166e57800e
Split stream.go into layer1, layer2, layer3, and sasl.
Chris Jones <christian.jones@sri.com>
parents:
diff
changeset
|
15 |
|
150
fa7f6ff10c67
Code reorder and doc cleanup.
Chris Jones <christian.jones@sri.com>
parents:
147
diff
changeset
|
16 |
// Server is advertising auth mechanisms it supports. Choose one and |
fa7f6ff10c67
Code reorder and doc cleanup.
Chris Jones <christian.jones@sri.com>
parents:
147
diff
changeset
|
17 |
// respond. |
143
62166e57800e
Split stream.go into layer1, layer2, layer3, and sasl.
Chris Jones <christian.jones@sri.com>
parents:
diff
changeset
|
18 |
// BUG(cjyar): Doesn't implement TLS/SASL EXTERNAL. |
62166e57800e
Split stream.go into layer1, layer2, layer3, and sasl.
Chris Jones <christian.jones@sri.com>
parents:
diff
changeset
|
19 |
func (cl *Client) chooseSasl(fe *Features) { |
184
ce49140fe60b
Added support for SASL PLAIN, from "Ildar Hizbulin" <hizel@vyborg.ru>.
Chris Jones <christian.jones@sri.com>
parents:
178
diff
changeset
|
20 |
var digestMd5, plain bool |
ce49140fe60b
Added support for SASL PLAIN, from "Ildar Hizbulin" <hizel@vyborg.ru>.
Chris Jones <christian.jones@sri.com>
parents:
178
diff
changeset
|
21 |
var mechs []string |
143
62166e57800e
Split stream.go into layer1, layer2, layer3, and sasl.
Chris Jones <christian.jones@sri.com>
parents:
diff
changeset
|
22 |
for _, m := range fe.Mechanisms.Mechanism { |
184
ce49140fe60b
Added support for SASL PLAIN, from "Ildar Hizbulin" <hizel@vyborg.ru>.
Chris Jones <christian.jones@sri.com>
parents:
178
diff
changeset
|
23 |
mechs = append(mechs, m) |
143
62166e57800e
Split stream.go into layer1, layer2, layer3, and sasl.
Chris Jones <christian.jones@sri.com>
parents:
diff
changeset
|
24 |
switch strings.ToLower(m) { |
62166e57800e
Split stream.go into layer1, layer2, layer3, and sasl.
Chris Jones <christian.jones@sri.com>
parents:
diff
changeset
|
25 |
case "digest-md5": |
62166e57800e
Split stream.go into layer1, layer2, layer3, and sasl.
Chris Jones <christian.jones@sri.com>
parents:
diff
changeset
|
26 |
digestMd5 = true |
184
ce49140fe60b
Added support for SASL PLAIN, from "Ildar Hizbulin" <hizel@vyborg.ru>.
Chris Jones <christian.jones@sri.com>
parents:
178
diff
changeset
|
27 |
case "plain": |
ce49140fe60b
Added support for SASL PLAIN, from "Ildar Hizbulin" <hizel@vyborg.ru>.
Chris Jones <christian.jones@sri.com>
parents:
178
diff
changeset
|
28 |
plain = true |
143
62166e57800e
Split stream.go into layer1, layer2, layer3, and sasl.
Chris Jones <christian.jones@sri.com>
parents:
diff
changeset
|
29 |
} |
62166e57800e
Split stream.go into layer1, layer2, layer3, and sasl.
Chris Jones <christian.jones@sri.com>
parents:
diff
changeset
|
30 |
} |
62166e57800e
Split stream.go into layer1, layer2, layer3, and sasl.
Chris Jones <christian.jones@sri.com>
parents:
diff
changeset
|
31 |
|
62166e57800e
Split stream.go into layer1, layer2, layer3, and sasl.
Chris Jones <christian.jones@sri.com>
parents:
diff
changeset
|
32 |
if digestMd5 { |
147
d7679d991b17
Function renames and improved doc.
Chris Jones <christian.jones@sri.com>
parents:
145
diff
changeset
|
33 |
auth := &auth{XMLName: xml.Name{Space: NsSASL, Local: "auth"}, |
d7679d991b17
Function renames and improved doc.
Chris Jones <christian.jones@sri.com>
parents:
145
diff
changeset
|
34 |
Mechanism: "DIGEST-MD5"} |
163
3f891f7fe817
Removed the weirdo logging facility. There's now a Debug variable which can be set which replaces the former debug log. NewClient() will return an error if something goes wrong setting up the connection.
Chris Jones <chris@cjones.org>
parents:
153
diff
changeset
|
35 |
cl.sendRaw <- auth |
184
ce49140fe60b
Added support for SASL PLAIN, from "Ildar Hizbulin" <hizel@vyborg.ru>.
Chris Jones <christian.jones@sri.com>
parents:
178
diff
changeset
|
36 |
} else if plain { |
ce49140fe60b
Added support for SASL PLAIN, from "Ildar Hizbulin" <hizel@vyborg.ru>.
Chris Jones <christian.jones@sri.com>
parents:
178
diff
changeset
|
37 |
raw := "\x00" + cl.Jid.Node() + "\x00" + cl.password |
ce49140fe60b
Added support for SASL PLAIN, from "Ildar Hizbulin" <hizel@vyborg.ru>.
Chris Jones <christian.jones@sri.com>
parents:
178
diff
changeset
|
38 |
enc := base64.StdEncoding.EncodeToString([]byte(raw)) |
ce49140fe60b
Added support for SASL PLAIN, from "Ildar Hizbulin" <hizel@vyborg.ru>.
Chris Jones <christian.jones@sri.com>
parents:
178
diff
changeset
|
39 |
auth := &auth{XMLName: xml.Name{Space: NsSASL, Local: "auth"}, |
ce49140fe60b
Added support for SASL PLAIN, from "Ildar Hizbulin" <hizel@vyborg.ru>.
Chris Jones <christian.jones@sri.com>
parents:
178
diff
changeset
|
40 |
Mechanism: "PLAIN", Chardata: enc} |
ce49140fe60b
Added support for SASL PLAIN, from "Ildar Hizbulin" <hizel@vyborg.ru>.
Chris Jones <christian.jones@sri.com>
parents:
178
diff
changeset
|
41 |
cl.sendRaw <- auth |
ce49140fe60b
Added support for SASL PLAIN, from "Ildar Hizbulin" <hizel@vyborg.ru>.
Chris Jones <christian.jones@sri.com>
parents:
178
diff
changeset
|
42 |
} else { |
ce49140fe60b
Added support for SASL PLAIN, from "Ildar Hizbulin" <hizel@vyborg.ru>.
Chris Jones <christian.jones@sri.com>
parents:
178
diff
changeset
|
43 |
cl.setError(fmt.Errorf("No supported auth mechanism in %v", |
ce49140fe60b
Added support for SASL PLAIN, from "Ildar Hizbulin" <hizel@vyborg.ru>.
Chris Jones <christian.jones@sri.com>
parents:
178
diff
changeset
|
44 |
mechs)) |
143
62166e57800e
Split stream.go into layer1, layer2, layer3, and sasl.
Chris Jones <christian.jones@sri.com>
parents:
diff
changeset
|
45 |
} |
62166e57800e
Split stream.go into layer1, layer2, layer3, and sasl.
Chris Jones <christian.jones@sri.com>
parents:
diff
changeset
|
46 |
} |
62166e57800e
Split stream.go into layer1, layer2, layer3, and sasl.
Chris Jones <christian.jones@sri.com>
parents:
diff
changeset
|
47 |
|
150
fa7f6ff10c67
Code reorder and doc cleanup.
Chris Jones <christian.jones@sri.com>
parents:
147
diff
changeset
|
48 |
// Server is responding to our auth request. |
143
62166e57800e
Split stream.go into layer1, layer2, layer3, and sasl.
Chris Jones <christian.jones@sri.com>
parents:
diff
changeset
|
49 |
func (cl *Client) handleSasl(srv *auth) { |
62166e57800e
Split stream.go into layer1, layer2, layer3, and sasl.
Chris Jones <christian.jones@sri.com>
parents:
diff
changeset
|
50 |
switch strings.ToLower(srv.XMLName.Local) { |
62166e57800e
Split stream.go into layer1, layer2, layer3, and sasl.
Chris Jones <christian.jones@sri.com>
parents:
diff
changeset
|
51 |
case "challenge": |
62166e57800e
Split stream.go into layer1, layer2, layer3, and sasl.
Chris Jones <christian.jones@sri.com>
parents:
diff
changeset
|
52 |
b64 := base64.StdEncoding |
62166e57800e
Split stream.go into layer1, layer2, layer3, and sasl.
Chris Jones <christian.jones@sri.com>
parents:
diff
changeset
|
53 |
str, err := b64.DecodeString(srv.Chardata) |
62166e57800e
Split stream.go into layer1, layer2, layer3, and sasl.
Chris Jones <christian.jones@sri.com>
parents:
diff
changeset
|
54 |
if err != nil { |
163
3f891f7fe817
Removed the weirdo logging facility. There's now a Debug variable which can be set which replaces the former debug log. NewClient() will return an error if something goes wrong setting up the connection.
Chris Jones <chris@cjones.org>
parents:
153
diff
changeset
|
55 |
cl.setError(fmt.Errorf("SASL: %v", err)) |
143
62166e57800e
Split stream.go into layer1, layer2, layer3, and sasl.
Chris Jones <christian.jones@sri.com>
parents:
diff
changeset
|
56 |
return |
62166e57800e
Split stream.go into layer1, layer2, layer3, and sasl.
Chris Jones <christian.jones@sri.com>
parents:
diff
changeset
|
57 |
} |
62166e57800e
Split stream.go into layer1, layer2, layer3, and sasl.
Chris Jones <christian.jones@sri.com>
parents:
diff
changeset
|
58 |
srvMap := parseSasl(string(str)) |
62166e57800e
Split stream.go into layer1, layer2, layer3, and sasl.
Chris Jones <christian.jones@sri.com>
parents:
diff
changeset
|
59 |
|
62166e57800e
Split stream.go into layer1, layer2, layer3, and sasl.
Chris Jones <christian.jones@sri.com>
parents:
diff
changeset
|
60 |
if cl.saslExpected == "" { |
62166e57800e
Split stream.go into layer1, layer2, layer3, and sasl.
Chris Jones <christian.jones@sri.com>
parents:
diff
changeset
|
61 |
cl.saslDigest1(srvMap) |
62166e57800e
Split stream.go into layer1, layer2, layer3, and sasl.
Chris Jones <christian.jones@sri.com>
parents:
diff
changeset
|
62 |
} else { |
62166e57800e
Split stream.go into layer1, layer2, layer3, and sasl.
Chris Jones <christian.jones@sri.com>
parents:
diff
changeset
|
63 |
cl.saslDigest2(srvMap) |
62166e57800e
Split stream.go into layer1, layer2, layer3, and sasl.
Chris Jones <christian.jones@sri.com>
parents:
diff
changeset
|
64 |
} |
62166e57800e
Split stream.go into layer1, layer2, layer3, and sasl.
Chris Jones <christian.jones@sri.com>
parents:
diff
changeset
|
65 |
case "failure": |
163
3f891f7fe817
Removed the weirdo logging facility. There's now a Debug variable which can be set which replaces the former debug log. NewClient() will return an error if something goes wrong setting up the connection.
Chris Jones <chris@cjones.org>
parents:
153
diff
changeset
|
66 |
cl.setError(fmt.Errorf("SASL authentication failed")) |
143
62166e57800e
Split stream.go into layer1, layer2, layer3, and sasl.
Chris Jones <christian.jones@sri.com>
parents:
diff
changeset
|
67 |
case "success": |
153
bbd4166df95d
Simplified the API: There's only one constructor, and it does everything necessary to initiate the stream. StartSession() and Roster.Update() have both been eliminated.
Chris Jones <christian.jones@sri.com>
parents:
150
diff
changeset
|
68 |
cl.setStatus(StatusAuthenticated) |
143
62166e57800e
Split stream.go into layer1, layer2, layer3, and sasl.
Chris Jones <christian.jones@sri.com>
parents:
diff
changeset
|
69 |
cl.Features = nil |
178
ccfebbd9f49b
Changed the JID type to be an alias of string, rather than a struct. This allows it to be used as a key in a map, among other benefits.
Chris Jones <chris@cjones.org>
parents:
163
diff
changeset
|
70 |
ss := &stream{To: cl.Jid.Domain(), Version: XMPPVersion} |
163
3f891f7fe817
Removed the weirdo logging facility. There's now a Debug variable which can be set which replaces the former debug log. NewClient() will return an error if something goes wrong setting up the connection.
Chris Jones <chris@cjones.org>
parents:
153
diff
changeset
|
71 |
cl.sendRaw <- ss |
143
62166e57800e
Split stream.go into layer1, layer2, layer3, and sasl.
Chris Jones <christian.jones@sri.com>
parents:
diff
changeset
|
72 |
} |
62166e57800e
Split stream.go into layer1, layer2, layer3, and sasl.
Chris Jones <christian.jones@sri.com>
parents:
diff
changeset
|
73 |
} |
62166e57800e
Split stream.go into layer1, layer2, layer3, and sasl.
Chris Jones <christian.jones@sri.com>
parents:
diff
changeset
|
74 |
|
62166e57800e
Split stream.go into layer1, layer2, layer3, and sasl.
Chris Jones <christian.jones@sri.com>
parents:
diff
changeset
|
75 |
func (cl *Client) saslDigest1(srvMap map[string]string) { |
62166e57800e
Split stream.go into layer1, layer2, layer3, and sasl.
Chris Jones <christian.jones@sri.com>
parents:
diff
changeset
|
76 |
// Make sure it supports qop=auth |
62166e57800e
Split stream.go into layer1, layer2, layer3, and sasl.
Chris Jones <christian.jones@sri.com>
parents:
diff
changeset
|
77 |
var hasAuth bool |
62166e57800e
Split stream.go into layer1, layer2, layer3, and sasl.
Chris Jones <christian.jones@sri.com>
parents:
diff
changeset
|
78 |
for _, qop := range strings.Fields(srvMap["qop"]) { |
62166e57800e
Split stream.go into layer1, layer2, layer3, and sasl.
Chris Jones <christian.jones@sri.com>
parents:
diff
changeset
|
79 |
if qop == "auth" { |
62166e57800e
Split stream.go into layer1, layer2, layer3, and sasl.
Chris Jones <christian.jones@sri.com>
parents:
diff
changeset
|
80 |
hasAuth = true |
62166e57800e
Split stream.go into layer1, layer2, layer3, and sasl.
Chris Jones <christian.jones@sri.com>
parents:
diff
changeset
|
81 |
} |
62166e57800e
Split stream.go into layer1, layer2, layer3, and sasl.
Chris Jones <christian.jones@sri.com>
parents:
diff
changeset
|
82 |
} |
62166e57800e
Split stream.go into layer1, layer2, layer3, and sasl.
Chris Jones <christian.jones@sri.com>
parents:
diff
changeset
|
83 |
if !hasAuth { |
163
3f891f7fe817
Removed the weirdo logging facility. There's now a Debug variable which can be set which replaces the former debug log. NewClient() will return an error if something goes wrong setting up the connection.
Chris Jones <chris@cjones.org>
parents:
153
diff
changeset
|
84 |
cl.setError(fmt.Errorf("Server doesn't support SASL auth")) |
143
62166e57800e
Split stream.go into layer1, layer2, layer3, and sasl.
Chris Jones <christian.jones@sri.com>
parents:
diff
changeset
|
85 |
return |
62166e57800e
Split stream.go into layer1, layer2, layer3, and sasl.
Chris Jones <christian.jones@sri.com>
parents:
diff
changeset
|
86 |
} |
62166e57800e
Split stream.go into layer1, layer2, layer3, and sasl.
Chris Jones <christian.jones@sri.com>
parents:
diff
changeset
|
87 |
|
62166e57800e
Split stream.go into layer1, layer2, layer3, and sasl.
Chris Jones <christian.jones@sri.com>
parents:
diff
changeset
|
88 |
// Pick a realm. |
62166e57800e
Split stream.go into layer1, layer2, layer3, and sasl.
Chris Jones <christian.jones@sri.com>
parents:
diff
changeset
|
89 |
var realm string |
62166e57800e
Split stream.go into layer1, layer2, layer3, and sasl.
Chris Jones <christian.jones@sri.com>
parents:
diff
changeset
|
90 |
if srvMap["realm"] != "" { |
62166e57800e
Split stream.go into layer1, layer2, layer3, and sasl.
Chris Jones <christian.jones@sri.com>
parents:
diff
changeset
|
91 |
realm = strings.Fields(srvMap["realm"])[0] |
62166e57800e
Split stream.go into layer1, layer2, layer3, and sasl.
Chris Jones <christian.jones@sri.com>
parents:
diff
changeset
|
92 |
} |
62166e57800e
Split stream.go into layer1, layer2, layer3, and sasl.
Chris Jones <christian.jones@sri.com>
parents:
diff
changeset
|
93 |
|
62166e57800e
Split stream.go into layer1, layer2, layer3, and sasl.
Chris Jones <christian.jones@sri.com>
parents:
diff
changeset
|
94 |
passwd := cl.password |
62166e57800e
Split stream.go into layer1, layer2, layer3, and sasl.
Chris Jones <christian.jones@sri.com>
parents:
diff
changeset
|
95 |
nonce := srvMap["nonce"] |
178
ccfebbd9f49b
Changed the JID type to be an alias of string, rather than a struct. This allows it to be used as a key in a map, among other benefits.
Chris Jones <chris@cjones.org>
parents:
163
diff
changeset
|
96 |
digestUri := "xmpp/" + cl.Jid.Domain() |
143
62166e57800e
Split stream.go into layer1, layer2, layer3, and sasl.
Chris Jones <christian.jones@sri.com>
parents:
diff
changeset
|
97 |
nonceCount := int32(1) |
62166e57800e
Split stream.go into layer1, layer2, layer3, and sasl.
Chris Jones <christian.jones@sri.com>
parents:
diff
changeset
|
98 |
nonceCountStr := fmt.Sprintf("%08x", nonceCount) |
62166e57800e
Split stream.go into layer1, layer2, layer3, and sasl.
Chris Jones <christian.jones@sri.com>
parents:
diff
changeset
|
99 |
|
62166e57800e
Split stream.go into layer1, layer2, layer3, and sasl.
Chris Jones <christian.jones@sri.com>
parents:
diff
changeset
|
100 |
// Begin building the response. Username is |
62166e57800e
Split stream.go into layer1, layer2, layer3, and sasl.
Chris Jones <christian.jones@sri.com>
parents:
diff
changeset
|
101 |
// user@domain or just domain. |
62166e57800e
Split stream.go into layer1, layer2, layer3, and sasl.
Chris Jones <christian.jones@sri.com>
parents:
diff
changeset
|
102 |
var username string |
178
ccfebbd9f49b
Changed the JID type to be an alias of string, rather than a struct. This allows it to be used as a key in a map, among other benefits.
Chris Jones <chris@cjones.org>
parents:
163
diff
changeset
|
103 |
if cl.Jid.Node() == "" { |
ccfebbd9f49b
Changed the JID type to be an alias of string, rather than a struct. This allows it to be used as a key in a map, among other benefits.
Chris Jones <chris@cjones.org>
parents:
163
diff
changeset
|
104 |
username = cl.Jid.Domain() |
143
62166e57800e
Split stream.go into layer1, layer2, layer3, and sasl.
Chris Jones <christian.jones@sri.com>
parents:
diff
changeset
|
105 |
} else { |
178
ccfebbd9f49b
Changed the JID type to be an alias of string, rather than a struct. This allows it to be used as a key in a map, among other benefits.
Chris Jones <chris@cjones.org>
parents:
163
diff
changeset
|
106 |
username = cl.Jid.Node() |
143
62166e57800e
Split stream.go into layer1, layer2, layer3, and sasl.
Chris Jones <christian.jones@sri.com>
parents:
diff
changeset
|
107 |
} |
62166e57800e
Split stream.go into layer1, layer2, layer3, and sasl.
Chris Jones <christian.jones@sri.com>
parents:
diff
changeset
|
108 |
|
62166e57800e
Split stream.go into layer1, layer2, layer3, and sasl.
Chris Jones <christian.jones@sri.com>
parents:
diff
changeset
|
109 |
// Generate our own nonce from random data. |
62166e57800e
Split stream.go into layer1, layer2, layer3, and sasl.
Chris Jones <christian.jones@sri.com>
parents:
diff
changeset
|
110 |
randSize := big.NewInt(0) |
62166e57800e
Split stream.go into layer1, layer2, layer3, and sasl.
Chris Jones <christian.jones@sri.com>
parents:
diff
changeset
|
111 |
randSize.Lsh(big.NewInt(1), 64) |
62166e57800e
Split stream.go into layer1, layer2, layer3, and sasl.
Chris Jones <christian.jones@sri.com>
parents:
diff
changeset
|
112 |
cnonce, err := rand.Int(rand.Reader, randSize) |
62166e57800e
Split stream.go into layer1, layer2, layer3, and sasl.
Chris Jones <christian.jones@sri.com>
parents:
diff
changeset
|
113 |
if err != nil { |
163
3f891f7fe817
Removed the weirdo logging facility. There's now a Debug variable which can be set which replaces the former debug log. NewClient() will return an error if something goes wrong setting up the connection.
Chris Jones <chris@cjones.org>
parents:
153
diff
changeset
|
114 |
cl.setError(fmt.Errorf("SASL rand: %v", err)) |
143
62166e57800e
Split stream.go into layer1, layer2, layer3, and sasl.
Chris Jones <christian.jones@sri.com>
parents:
diff
changeset
|
115 |
return |
62166e57800e
Split stream.go into layer1, layer2, layer3, and sasl.
Chris Jones <christian.jones@sri.com>
parents:
diff
changeset
|
116 |
} |
62166e57800e
Split stream.go into layer1, layer2, layer3, and sasl.
Chris Jones <christian.jones@sri.com>
parents:
diff
changeset
|
117 |
cnonceStr := fmt.Sprintf("%016x", cnonce) |
62166e57800e
Split stream.go into layer1, layer2, layer3, and sasl.
Chris Jones <christian.jones@sri.com>
parents:
diff
changeset
|
118 |
|
62166e57800e
Split stream.go into layer1, layer2, layer3, and sasl.
Chris Jones <christian.jones@sri.com>
parents:
diff
changeset
|
119 |
/* Now encode the actual password response, as well as the |
62166e57800e
Split stream.go into layer1, layer2, layer3, and sasl.
Chris Jones <christian.jones@sri.com>
parents:
diff
changeset
|
120 |
* expected next challenge from the server. */ |
62166e57800e
Split stream.go into layer1, layer2, layer3, and sasl.
Chris Jones <christian.jones@sri.com>
parents:
diff
changeset
|
121 |
response := saslDigestResponse(username, realm, passwd, nonce, |
62166e57800e
Split stream.go into layer1, layer2, layer3, and sasl.
Chris Jones <christian.jones@sri.com>
parents:
diff
changeset
|
122 |
cnonceStr, "AUTHENTICATE", digestUri, nonceCountStr) |
62166e57800e
Split stream.go into layer1, layer2, layer3, and sasl.
Chris Jones <christian.jones@sri.com>
parents:
diff
changeset
|
123 |
next := saslDigestResponse(username, realm, passwd, nonce, |
62166e57800e
Split stream.go into layer1, layer2, layer3, and sasl.
Chris Jones <christian.jones@sri.com>
parents:
diff
changeset
|
124 |
cnonceStr, "", digestUri, nonceCountStr) |
62166e57800e
Split stream.go into layer1, layer2, layer3, and sasl.
Chris Jones <christian.jones@sri.com>
parents:
diff
changeset
|
125 |
cl.saslExpected = next |
62166e57800e
Split stream.go into layer1, layer2, layer3, and sasl.
Chris Jones <christian.jones@sri.com>
parents:
diff
changeset
|
126 |
|
62166e57800e
Split stream.go into layer1, layer2, layer3, and sasl.
Chris Jones <christian.jones@sri.com>
parents:
diff
changeset
|
127 |
// Build the map which will be encoded. |
62166e57800e
Split stream.go into layer1, layer2, layer3, and sasl.
Chris Jones <christian.jones@sri.com>
parents:
diff
changeset
|
128 |
clMap := make(map[string]string) |
62166e57800e
Split stream.go into layer1, layer2, layer3, and sasl.
Chris Jones <christian.jones@sri.com>
parents:
diff
changeset
|
129 |
clMap["realm"] = `"` + realm + `"` |
62166e57800e
Split stream.go into layer1, layer2, layer3, and sasl.
Chris Jones <christian.jones@sri.com>
parents:
diff
changeset
|
130 |
clMap["username"] = `"` + username + `"` |
62166e57800e
Split stream.go into layer1, layer2, layer3, and sasl.
Chris Jones <christian.jones@sri.com>
parents:
diff
changeset
|
131 |
clMap["nonce"] = `"` + nonce + `"` |
62166e57800e
Split stream.go into layer1, layer2, layer3, and sasl.
Chris Jones <christian.jones@sri.com>
parents:
diff
changeset
|
132 |
clMap["cnonce"] = `"` + cnonceStr + `"` |
62166e57800e
Split stream.go into layer1, layer2, layer3, and sasl.
Chris Jones <christian.jones@sri.com>
parents:
diff
changeset
|
133 |
clMap["nc"] = nonceCountStr |
62166e57800e
Split stream.go into layer1, layer2, layer3, and sasl.
Chris Jones <christian.jones@sri.com>
parents:
diff
changeset
|
134 |
clMap["qop"] = "auth" |
62166e57800e
Split stream.go into layer1, layer2, layer3, and sasl.
Chris Jones <christian.jones@sri.com>
parents:
diff
changeset
|
135 |
clMap["digest-uri"] = `"` + digestUri + `"` |
62166e57800e
Split stream.go into layer1, layer2, layer3, and sasl.
Chris Jones <christian.jones@sri.com>
parents:
diff
changeset
|
136 |
clMap["response"] = response |
62166e57800e
Split stream.go into layer1, layer2, layer3, and sasl.
Chris Jones <christian.jones@sri.com>
parents:
diff
changeset
|
137 |
if srvMap["charset"] == "utf-8" { |
62166e57800e
Split stream.go into layer1, layer2, layer3, and sasl.
Chris Jones <christian.jones@sri.com>
parents:
diff
changeset
|
138 |
clMap["charset"] = "utf-8" |
62166e57800e
Split stream.go into layer1, layer2, layer3, and sasl.
Chris Jones <christian.jones@sri.com>
parents:
diff
changeset
|
139 |
} |
62166e57800e
Split stream.go into layer1, layer2, layer3, and sasl.
Chris Jones <christian.jones@sri.com>
parents:
diff
changeset
|
140 |
|
62166e57800e
Split stream.go into layer1, layer2, layer3, and sasl.
Chris Jones <christian.jones@sri.com>
parents:
diff
changeset
|
141 |
// Encode the map and send it. |
62166e57800e
Split stream.go into layer1, layer2, layer3, and sasl.
Chris Jones <christian.jones@sri.com>
parents:
diff
changeset
|
142 |
clStr := packSasl(clMap) |
62166e57800e
Split stream.go into layer1, layer2, layer3, and sasl.
Chris Jones <christian.jones@sri.com>
parents:
diff
changeset
|
143 |
b64 := base64.StdEncoding |
147
d7679d991b17
Function renames and improved doc.
Chris Jones <christian.jones@sri.com>
parents:
145
diff
changeset
|
144 |
clObj := &auth{XMLName: xml.Name{Space: NsSASL, Local: "response"}, |
d7679d991b17
Function renames and improved doc.
Chris Jones <christian.jones@sri.com>
parents:
145
diff
changeset
|
145 |
Chardata: b64.EncodeToString([]byte(clStr))} |
163
3f891f7fe817
Removed the weirdo logging facility. There's now a Debug variable which can be set which replaces the former debug log. NewClient() will return an error if something goes wrong setting up the connection.
Chris Jones <chris@cjones.org>
parents:
153
diff
changeset
|
146 |
cl.sendRaw <- clObj |
143
62166e57800e
Split stream.go into layer1, layer2, layer3, and sasl.
Chris Jones <christian.jones@sri.com>
parents:
diff
changeset
|
147 |
} |
62166e57800e
Split stream.go into layer1, layer2, layer3, and sasl.
Chris Jones <christian.jones@sri.com>
parents:
diff
changeset
|
148 |
|
62166e57800e
Split stream.go into layer1, layer2, layer3, and sasl.
Chris Jones <christian.jones@sri.com>
parents:
diff
changeset
|
149 |
func (cl *Client) saslDigest2(srvMap map[string]string) { |
62166e57800e
Split stream.go into layer1, layer2, layer3, and sasl.
Chris Jones <christian.jones@sri.com>
parents:
diff
changeset
|
150 |
if cl.saslExpected == srvMap["rspauth"] { |
62166e57800e
Split stream.go into layer1, layer2, layer3, and sasl.
Chris Jones <christian.jones@sri.com>
parents:
diff
changeset
|
151 |
clObj := &auth{XMLName: xml.Name{Space: NsSASL, Local: "response"}} |
163
3f891f7fe817
Removed the weirdo logging facility. There's now a Debug variable which can be set which replaces the former debug log. NewClient() will return an error if something goes wrong setting up the connection.
Chris Jones <chris@cjones.org>
parents:
153
diff
changeset
|
152 |
cl.sendRaw <- clObj |
143
62166e57800e
Split stream.go into layer1, layer2, layer3, and sasl.
Chris Jones <christian.jones@sri.com>
parents:
diff
changeset
|
153 |
} else { |
62166e57800e
Split stream.go into layer1, layer2, layer3, and sasl.
Chris Jones <christian.jones@sri.com>
parents:
diff
changeset
|
154 |
clObj := &auth{XMLName: xml.Name{Space: NsSASL, Local: "failure"}, Any: &Generic{XMLName: xml.Name{Space: NsSASL, |
62166e57800e
Split stream.go into layer1, layer2, layer3, and sasl.
Chris Jones <christian.jones@sri.com>
parents:
diff
changeset
|
155 |
Local: "abort"}}} |
163
3f891f7fe817
Removed the weirdo logging facility. There's now a Debug variable which can be set which replaces the former debug log. NewClient() will return an error if something goes wrong setting up the connection.
Chris Jones <chris@cjones.org>
parents:
153
diff
changeset
|
156 |
cl.sendRaw <- clObj |
143
62166e57800e
Split stream.go into layer1, layer2, layer3, and sasl.
Chris Jones <christian.jones@sri.com>
parents:
diff
changeset
|
157 |
} |
62166e57800e
Split stream.go into layer1, layer2, layer3, and sasl.
Chris Jones <christian.jones@sri.com>
parents:
diff
changeset
|
158 |
} |
62166e57800e
Split stream.go into layer1, layer2, layer3, and sasl.
Chris Jones <christian.jones@sri.com>
parents:
diff
changeset
|
159 |
|
62166e57800e
Split stream.go into layer1, layer2, layer3, and sasl.
Chris Jones <christian.jones@sri.com>
parents:
diff
changeset
|
160 |
// Takes a string like `key1=value1,key2="value2"...` and returns a |
62166e57800e
Split stream.go into layer1, layer2, layer3, and sasl.
Chris Jones <christian.jones@sri.com>
parents:
diff
changeset
|
161 |
// key/value map. |
62166e57800e
Split stream.go into layer1, layer2, layer3, and sasl.
Chris Jones <christian.jones@sri.com>
parents:
diff
changeset
|
162 |
func parseSasl(in string) map[string]string { |
62166e57800e
Split stream.go into layer1, layer2, layer3, and sasl.
Chris Jones <christian.jones@sri.com>
parents:
diff
changeset
|
163 |
re := regexp.MustCompile(`([^=]+)="?([^",]+)"?,?`) |
62166e57800e
Split stream.go into layer1, layer2, layer3, and sasl.
Chris Jones <christian.jones@sri.com>
parents:
diff
changeset
|
164 |
strs := re.FindAllStringSubmatch(in, -1) |
62166e57800e
Split stream.go into layer1, layer2, layer3, and sasl.
Chris Jones <christian.jones@sri.com>
parents:
diff
changeset
|
165 |
m := make(map[string]string) |
62166e57800e
Split stream.go into layer1, layer2, layer3, and sasl.
Chris Jones <christian.jones@sri.com>
parents:
diff
changeset
|
166 |
for _, pair := range strs { |
62166e57800e
Split stream.go into layer1, layer2, layer3, and sasl.
Chris Jones <christian.jones@sri.com>
parents:
diff
changeset
|
167 |
key := strings.ToLower(string(pair[1])) |
62166e57800e
Split stream.go into layer1, layer2, layer3, and sasl.
Chris Jones <christian.jones@sri.com>
parents:
diff
changeset
|
168 |
value := string(pair[2]) |
62166e57800e
Split stream.go into layer1, layer2, layer3, and sasl.
Chris Jones <christian.jones@sri.com>
parents:
diff
changeset
|
169 |
m[key] = value |
62166e57800e
Split stream.go into layer1, layer2, layer3, and sasl.
Chris Jones <christian.jones@sri.com>
parents:
diff
changeset
|
170 |
} |
62166e57800e
Split stream.go into layer1, layer2, layer3, and sasl.
Chris Jones <christian.jones@sri.com>
parents:
diff
changeset
|
171 |
return m |
62166e57800e
Split stream.go into layer1, layer2, layer3, and sasl.
Chris Jones <christian.jones@sri.com>
parents:
diff
changeset
|
172 |
} |
62166e57800e
Split stream.go into layer1, layer2, layer3, and sasl.
Chris Jones <christian.jones@sri.com>
parents:
diff
changeset
|
173 |
|
62166e57800e
Split stream.go into layer1, layer2, layer3, and sasl.
Chris Jones <christian.jones@sri.com>
parents:
diff
changeset
|
174 |
// Inverse of parseSasl(). |
62166e57800e
Split stream.go into layer1, layer2, layer3, and sasl.
Chris Jones <christian.jones@sri.com>
parents:
diff
changeset
|
175 |
func packSasl(m map[string]string) string { |
62166e57800e
Split stream.go into layer1, layer2, layer3, and sasl.
Chris Jones <christian.jones@sri.com>
parents:
diff
changeset
|
176 |
var terms []string |
62166e57800e
Split stream.go into layer1, layer2, layer3, and sasl.
Chris Jones <christian.jones@sri.com>
parents:
diff
changeset
|
177 |
for key, value := range m { |
62166e57800e
Split stream.go into layer1, layer2, layer3, and sasl.
Chris Jones <christian.jones@sri.com>
parents:
diff
changeset
|
178 |
if key == "" || value == "" || value == `""` { |
62166e57800e
Split stream.go into layer1, layer2, layer3, and sasl.
Chris Jones <christian.jones@sri.com>
parents:
diff
changeset
|
179 |
continue |
62166e57800e
Split stream.go into layer1, layer2, layer3, and sasl.
Chris Jones <christian.jones@sri.com>
parents:
diff
changeset
|
180 |
} |
62166e57800e
Split stream.go into layer1, layer2, layer3, and sasl.
Chris Jones <christian.jones@sri.com>
parents:
diff
changeset
|
181 |
terms = append(terms, key+"="+value) |
62166e57800e
Split stream.go into layer1, layer2, layer3, and sasl.
Chris Jones <christian.jones@sri.com>
parents:
diff
changeset
|
182 |
} |
62166e57800e
Split stream.go into layer1, layer2, layer3, and sasl.
Chris Jones <christian.jones@sri.com>
parents:
diff
changeset
|
183 |
return strings.Join(terms, ",") |
62166e57800e
Split stream.go into layer1, layer2, layer3, and sasl.
Chris Jones <christian.jones@sri.com>
parents:
diff
changeset
|
184 |
} |
62166e57800e
Split stream.go into layer1, layer2, layer3, and sasl.
Chris Jones <christian.jones@sri.com>
parents:
diff
changeset
|
185 |
|
62166e57800e
Split stream.go into layer1, layer2, layer3, and sasl.
Chris Jones <christian.jones@sri.com>
parents:
diff
changeset
|
186 |
// Computes the response string for digest authentication. |
62166e57800e
Split stream.go into layer1, layer2, layer3, and sasl.
Chris Jones <christian.jones@sri.com>
parents:
diff
changeset
|
187 |
func saslDigestResponse(username, realm, passwd, nonce, cnonceStr, |
62166e57800e
Split stream.go into layer1, layer2, layer3, and sasl.
Chris Jones <christian.jones@sri.com>
parents:
diff
changeset
|
188 |
authenticate, digestUri, nonceCountStr string) string { |
147
d7679d991b17
Function renames and improved doc.
Chris Jones <christian.jones@sri.com>
parents:
145
diff
changeset
|
189 |
h := func(text string) string { |
143
62166e57800e
Split stream.go into layer1, layer2, layer3, and sasl.
Chris Jones <christian.jones@sri.com>
parents:
diff
changeset
|
190 |
h := md5.New() |
62166e57800e
Split stream.go into layer1, layer2, layer3, and sasl.
Chris Jones <christian.jones@sri.com>
parents:
diff
changeset
|
191 |
h.Write([]byte(text)) |
147
d7679d991b17
Function renames and improved doc.
Chris Jones <christian.jones@sri.com>
parents:
145
diff
changeset
|
192 |
return string(h.Sum(nil)) |
143
62166e57800e
Split stream.go into layer1, layer2, layer3, and sasl.
Chris Jones <christian.jones@sri.com>
parents:
diff
changeset
|
193 |
} |
147
d7679d991b17
Function renames and improved doc.
Chris Jones <christian.jones@sri.com>
parents:
145
diff
changeset
|
194 |
hex := func(input string) string { |
d7679d991b17
Function renames and improved doc.
Chris Jones <christian.jones@sri.com>
parents:
145
diff
changeset
|
195 |
return fmt.Sprintf("%x", input) |
143
62166e57800e
Split stream.go into layer1, layer2, layer3, and sasl.
Chris Jones <christian.jones@sri.com>
parents:
diff
changeset
|
196 |
} |
147
d7679d991b17
Function renames and improved doc.
Chris Jones <christian.jones@sri.com>
parents:
145
diff
changeset
|
197 |
kd := func(secret, data string) string { |
143
62166e57800e
Split stream.go into layer1, layer2, layer3, and sasl.
Chris Jones <christian.jones@sri.com>
parents:
diff
changeset
|
198 |
return h(secret + ":" + data) |
62166e57800e
Split stream.go into layer1, layer2, layer3, and sasl.
Chris Jones <christian.jones@sri.com>
parents:
diff
changeset
|
199 |
} |
62166e57800e
Split stream.go into layer1, layer2, layer3, and sasl.
Chris Jones <christian.jones@sri.com>
parents:
diff
changeset
|
200 |
|
147
d7679d991b17
Function renames and improved doc.
Chris Jones <christian.jones@sri.com>
parents:
145
diff
changeset
|
201 |
a1 := h(username+":"+realm+":"+passwd) + ":" + |
143
62166e57800e
Split stream.go into layer1, layer2, layer3, and sasl.
Chris Jones <christian.jones@sri.com>
parents:
diff
changeset
|
202 |
nonce + ":" + cnonceStr |
62166e57800e
Split stream.go into layer1, layer2, layer3, and sasl.
Chris Jones <christian.jones@sri.com>
parents:
diff
changeset
|
203 |
a2 := authenticate + ":" + digestUri |
62166e57800e
Split stream.go into layer1, layer2, layer3, and sasl.
Chris Jones <christian.jones@sri.com>
parents:
diff
changeset
|
204 |
response := hex(kd(hex(h(a1)), nonce+":"+ |
62166e57800e
Split stream.go into layer1, layer2, layer3, and sasl.
Chris Jones <christian.jones@sri.com>
parents:
diff
changeset
|
205 |
nonceCountStr+":"+cnonceStr+":auth:"+ |
62166e57800e
Split stream.go into layer1, layer2, layer3, and sasl.
Chris Jones <christian.jones@sri.com>
parents:
diff
changeset
|
206 |
hex(h(a2)))) |
62166e57800e
Split stream.go into layer1, layer2, layer3, and sasl.
Chris Jones <christian.jones@sri.com>
parents:
diff
changeset
|
207 |
return response |
62166e57800e
Split stream.go into layer1, layer2, layer3, and sasl.
Chris Jones <christian.jones@sri.com>
parents:
diff
changeset
|
208 |
} |