1 /***************************************************************************
2 * _ _ ____ _
3 * Project ___| | | | _ \| |
4 * / __| | | | |_) | |
5 * | (__| |_| | _ <| |___
6 * \___|\___/|_| \_\_____|
7 *
8 * Copyright (C) 1998 - 2021, Daniel Stenberg, <daniel@haxx.se>, et al.
9 *
10 * This software is licensed as described in the file COPYING, which
11 * you should have received as part of this distribution. The terms
12 * are also available at https://curl.se/docs/copyright.html.
13 *
14 * You may opt to use, copy, modify, merge, publish, distribute and/or sell
15 * copies of the Software, and permit persons to whom the Software is
16 * furnished to do so, under the terms of the COPYING file.
17 *
18 * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
19 * KIND, either express or implied.
20 *
21 ***************************************************************************/
22
23 #include "curl_setup.h"
24
25 #if !defined(CURL_DISABLE_HTTP) && !defined(CURL_DISABLE_CRYPTO_AUTH)
26
27 #include "urldata.h"
28 #include "strcase.h"
29 #include "vauth/vauth.h"
30 #include "http_digest.h"
31
32 /* The last 3 #include files should be in this order */
33 #include "curl_printf.h"
34 #include "curl_memory.h"
35 #include "memdebug.h"
36
37 /* Test example headers:
38
39 WWW-Authenticate: Digest realm="testrealm", nonce="1053604598"
40 Proxy-Authenticate: Digest realm="testrealm", nonce="1053604598"
41
42 */
43
Curl_input_digest(struct Curl_easy * data,bool proxy,const char * header)44 CURLcode Curl_input_digest(struct Curl_easy *data,
45 bool proxy,
46 const char *header) /* rest of the *-authenticate:
47 header */
48 {
49 /* Point to the correct struct with this */
50 struct digestdata *digest;
51
52 if(proxy) {
53 digest = &data->state.proxydigest;
54 }
55 else {
56 digest = &data->state.digest;
57 }
58
59 if(!checkprefix("Digest", header))
60 return CURLE_BAD_CONTENT_ENCODING;
61
62 header += strlen("Digest");
63 while(*header && ISSPACE(*header))
64 header++;
65
66 return Curl_auth_decode_digest_http_message(header, digest);
67 }
68
Curl_output_digest(struct Curl_easy * data,struct connectdata * conn,bool proxy,const unsigned char * request,const unsigned char * uripath)69 CURLcode Curl_output_digest(struct Curl_easy *data,
70 struct connectdata *conn,
71 bool proxy,
72 const unsigned char *request,
73 const unsigned char *uripath)
74 {
75 CURLcode result;
76 unsigned char *path = NULL;
77 char *tmp = NULL;
78 char *response;
79 size_t len;
80 bool have_chlg;
81
82 /* Point to the address of the pointer that holds the string to send to the
83 server, which is for a plain host or for a HTTP proxy */
84 char **allocuserpwd;
85
86 /* Point to the name and password for this */
87 const char *userp;
88 const char *passwdp;
89
90 /* Point to the correct struct with this */
91 struct digestdata *digest;
92 struct auth *authp;
93
94 if(proxy) {
95 #ifdef CURL_DISABLE_PROXY
96 return CURLE_NOT_BUILT_IN;
97 #else
98 digest = &data->state.proxydigest;
99 allocuserpwd = &data->state.aptr.proxyuserpwd;
100 userp = conn->http_proxy.user;
101 passwdp = conn->http_proxy.passwd;
102 authp = &data->state.authproxy;
103 #endif
104 }
105 else {
106 digest = &data->state.digest;
107 allocuserpwd = &data->state.aptr.userpwd;
108 userp = conn->user;
109 passwdp = conn->passwd;
110 authp = &data->state.authhost;
111 }
112
113 Curl_safefree(*allocuserpwd);
114
115 /* not set means empty */
116 if(!userp)
117 userp = "";
118
119 if(!passwdp)
120 passwdp = "";
121
122 #if defined(USE_WINDOWS_SSPI)
123 have_chlg = digest->input_token ? TRUE : FALSE;
124 #else
125 have_chlg = digest->nonce ? TRUE : FALSE;
126 #endif
127
128 if(!have_chlg) {
129 authp->done = FALSE;
130 return CURLE_OK;
131 }
132
133 /* So IE browsers < v7 cut off the URI part at the query part when they
134 evaluate the MD5 and some (IIS?) servers work with them so we may need to
135 do the Digest IE-style. Note that the different ways cause different MD5
136 sums to get sent.
137
138 Apache servers can be set to do the Digest IE-style automatically using
139 the BrowserMatch feature:
140 https://httpd.apache.org/docs/2.2/mod/mod_auth_digest.html#msie
141
142 Further details on Digest implementation differences:
143 http://www.fngtps.com/2006/09/http-authentication
144 */
145
146 if(authp->iestyle) {
147 tmp = strchr((char *)uripath, '?');
148 if(tmp) {
149 size_t urilen = tmp - (char *)uripath;
150 path = (unsigned char *) aprintf("%.*s", urilen, uripath);
151 }
152 }
153 if(!tmp)
154 path = (unsigned char *) strdup((char *) uripath);
155
156 if(!path)
157 return CURLE_OUT_OF_MEMORY;
158
159 result = Curl_auth_create_digest_http_message(data, userp, passwdp, request,
160 path, digest, &response, &len);
161 free(path);
162 if(result)
163 return result;
164
165 *allocuserpwd = aprintf("%sAuthorization: Digest %s\r\n",
166 proxy ? "Proxy-" : "",
167 response);
168 free(response);
169 if(!*allocuserpwd)
170 return CURLE_OUT_OF_MEMORY;
171
172 authp->done = TRUE;
173
174 return CURLE_OK;
175 }
176
Curl_http_auth_cleanup_digest(struct Curl_easy * data)177 void Curl_http_auth_cleanup_digest(struct Curl_easy *data)
178 {
179 Curl_auth_digest_cleanup(&data->state.digest);
180 Curl_auth_digest_cleanup(&data->state.proxydigest);
181 }
182
183 #endif
184