2 * Challenge Response Authentication Method using MD5 (CRAM-MD5)
4 * cram-md5 is based on RFC2104.
6 * Written for Bacula by Kern E. Sibbald, May MMI.
11 Copyright (C) 2000, 2001, 2002 Kern Sibbald and John Walker
13 This program is free software; you can redistribute it and/or
14 modify it under the terms of the GNU General Public License as
15 published by the Free Software Foundation; either version 2 of
16 the License, or (at your option) any later version.
18 This program is distributed in the hope that it will be useful,
19 but WITHOUT ANY WARRANTY; without even the implied warranty of
20 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
21 General Public License for more details.
23 You should have received a copy of the GNU General Public
24 License along with this program; if not, write to the Free
25 Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
32 int cram_md5_auth(BSOCK *bs, char *password)
42 gettimeofday(&t1, &tz);
44 gettimeofday(&t2, &tz);
45 srandom((t1.tv_sec&0xffff) * (t2.tv_usec&0xff));
46 gethostname(host, sizeof(host));
47 sprintf((char *)chal, "<%u.%u@%s>", (uint32_t)random(), (uint32_t)time(NULL), host);
48 if (!bnet_fsend(bs, "auth cram-md5 %s\n", chal)) {
51 Dmsg1(99, "%s", bs->msg);
52 if (bnet_wait_data(bs, 120) <= 0 || bnet_recv(bs) <= 0) {
56 hmac_md5((uint8_t *)chal, strlen(chal), (uint8_t *)password, strlen(password), hmac);
57 bin_to_base64(host, (char *)hmac, 16);
58 ok = strcmp(bs->msg, host) == 0;
60 Dmsg3(399, "Authenticate %s: wanted %s, got %s\n",
61 ok ? "OK" : "NOT OK", host, bs->msg);
63 Dmsg3(99, "Authenticate %s: wanted %s, got %s\n",
64 ok ? "OK" : "NOT OK", host, bs->msg);
67 bnet_fsend(bs, "1000 OK auth\n");
69 bnet_fsend(bs, "1999 No auth\n");
75 int cram_md5_get_auth(BSOCK *bs, char *password)
80 if (bnet_recv(bs) <= 0) {
84 if (sscanf(bs->msg, "auth cram-md5 %s", chal) != 1) {
88 hmac_md5((uint8_t *)chal, strlen(chal), (uint8_t *)password, strlen(password), hmac);
89 bs->msglen = bin_to_base64(bs->msg, (char *)hmac, 16);
93 Dmsg1(99, "sending resp to challenge: %s\n", bs->msg);
94 if (bnet_wait_data(bs, 120) <= 0 || bnet_recv(bs) <= 0) {
98 if (strcmp(bs->msg, "1000 OK auth\n") == 0) {