2 * Challenge Response Authentication Method using MD5 (CRAM-MD5)
4 * cram-md5 is based on RFC2104.
6 * Written for Bacula by Kern E. Sibbald, May MMI.
11 Copyright (C) 2000, 2001, 2002 Kern Sibbald and John Walker
13 This library is free software; you can redistribute it and/or
14 modify it under the terms of the GNU Lesser General Public
15 License as published by the Free Software Foundation; either
16 version 2.1 of the License, or (at your option) any later version.
18 This library is distributed in the hope that it will be useful,
19 but WITHOUT ANY WARRANTY; without even the implied warranty of
20 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
21 Lesser General Public License for more details.
23 You should have received a copy of the GNU Lesser General Public
24 License along with this library; if not, write to the Free
25 Software Foundation, Inc., 59 Temple Place, Suite 330, Boston,
32 int cram_md5_auth(BSOCK *bs, char *password)
42 gettimeofday(&t1, &tz);
44 gettimeofday(&t2, &tz);
45 srandom((t1.tv_sec&0xffff) * (t2.tv_usec&0xff));
46 gethostname(host, sizeof(host));
47 sprintf((char *)chal, "<%u.%u@%s>", (uint32_t)random(), (uint32_t)time(NULL), host);
48 if (!bnet_fsend(bs, "auth cram-md5 %s\n", chal)) {
51 Dmsg1(99, "%s", bs->msg);
52 if (bnet_wait_data(bs, 120) <= 0 || bnet_recv(bs) <= 0) {
56 hmac_md5((uint8_t *)chal, strlen(chal), (uint8_t *)password, strlen(password), hmac);
57 bin_to_base64(host, (char *)hmac, 16);
58 ok = strcmp(bs->msg, host) == 0;
60 Dmsg3(99, "Authenticate %s: wanted %s, got %s\n",
61 ok ? "OK" : "NOT OK", host, bs->msg);
63 Dmsg3(99, "Authenticate %s: wanted %s, got %s\n",
64 ok ? "OK" : "NOT OK", host, bs->msg);
67 bnet_fsend(bs, "1000 OK auth\n");
69 bnet_fsend(bs, "1999 No auth\n");
75 int cram_md5_get_auth(BSOCK *bs, char *password)
80 if (bnet_recv(bs) <= 0) {
84 if (sscanf(bs->msg, "auth cram-md5 %s", chal) != 1) {
85 Dmsg1(99, "Wanted auth cram... Got: %s\n", bs->msg);
89 hmac_md5((uint8_t *)chal, strlen(chal), (uint8_t *)password, strlen(password), hmac);
90 bs->msglen = bin_to_base64(bs->msg, (char *)hmac, 16);
94 Dmsg1(99, "sending resp to challenge: %s\n", bs->msg);
95 if (bnet_wait_data(bs, 120) <= 0 || bnet_recv(bs) <= 0) {
99 if (strcmp(bs->msg, "1000 OK auth\n") == 0) {