Beispiel #1
0
func (s *ScramSuite) TestScramWithRFC5802TestVector(c *C) {
	client := Mechanism.NewClient()

	client.SetProperty(sasl.AuthID, "user")
	client.SetProperty(sasl.Password, "pencil")
	client.SetProperty(sasl.ClientNonce, "fyko+d2lbbFgONRv9qkxdawL")

	t, err := client.Step(nil)

	c.Check(err, IsNil)
	c.Check(client.NeedsMore(), Equals, true)
	c.Check(t, DeepEquals, sasl.Token(`n,,n=user,r=fyko+d2lbbFgONRv9qkxdawL`))

	rec := sasl.Token("r=fyko+d2lbbFgONRv9qkxdawL3rfcNHYJY1ZVvWVs7j,s=QSXCR+Q6sek8bf92,i=4096")
	t, err = client.Step(rec)

	c.Check(err, IsNil)
	c.Check(client.NeedsMore(), Equals, true)
	c.Check(t, DeepEquals, sasl.Token(`c=biws,r=fyko+d2lbbFgONRv9qkxdawL3rfcNHYJY1ZVvWVs7j,p=v0X8v3Bz2T0CJGbJQyF0X+HI4Ts=`))

	rec = sasl.Token("v=rmF9pqV8S7suAoZWja4dJRkFsKQ=")
	t, err = client.Step(rec)

	c.Check(err, IsNil)
	c.Check(client.NeedsMore(), Equals, false)
	c.Check(t, IsNil)
}
Beispiel #2
0
func (s *DigestMD5) Test(c *C) {
	client := Mechanism.NewClient()
	c.Check(client.NeedsMore(), Equals, true)

	client.SetProperty(sasl.AuthID, "chris")
	client.SetProperty(sasl.Password, "secret")
	client.SetProperty(sasl.Service, "imap")
	//client.SetProperty(sasl.Realm, "elwood.innosoft.com")
	client.SetProperty(sasl.QOP, "auth")

	client.SetProperty(sasl.ClientNonce, "OA6MHXh6VqTrRk")

	t, err := client.Step(nil)
	c.Check(err, IsNil)
	c.Check(client.NeedsMore(), Equals, true)
	c.Check(t, IsNil)

	rec := sasl.Token(`realm="elwood.innosoft.com",nonce="OA6MG9tEQGm2hh",qop="auth",algorithm=md5-sess,charset=utf-8`)
	t, err = client.Step(rec)

	c.Check(err, IsNil)
	c.Check(client.NeedsMore(), Equals, true)
	c.Check(t, DeepEquals, sasl.Token(`charset=utf-8,username="******",realm="elwood.innosoft.com",nonce="OA6MG9tEQGm2hh",nc=00000001,cnonce="OA6MHXh6VqTrRk",digest-uri="imap/elwood.innosoft.com",response=d388dad90d4bbd760a152321f2143af7,qop=auth`))

	rec = sasl.Token("rspauth=ea40f60335c427b5527b84dbabcdfffd")
	t, err = client.Step(rec)

	c.Check(err, IsNil)
	c.Check(client.NeedsMore(), Equals, true)
	c.Check(t, IsNil)

	t, err = client.Step(nil)
	c.Check(err, IsNil)
	c.Check(client.NeedsMore(), Equals, false)
	c.Check(t, IsNil)
}
Beispiel #3
0
func (s *SASLPlain) Test(c *C) {
	expected := sasl.Token("\x00foo\x00bar")

	client := Mechanism.NewClient()
	c.Check(client.NeedsMore(), Equals, true)

	client.SetProperty(sasl.AuthID, "foo")
	client.SetProperty(sasl.Password, "bar")

	t, err := client.Step(nil)

	c.Check(err, IsNil)
	c.Check(client.NeedsMore(), Equals, true)
	c.Check(t, DeepEquals, expected)

	t, err = client.Step(nil)
	c.Check(err, IsNil)
	c.Check(client.NeedsMore(), Equals, false)
}
Beispiel #4
0
func (replyChallenge) challenge(user string, password string) (state, sasl.Token, error) {
	ret := sasl.Token("\x00" + user + "\x00" + password)
	return authenticateServer{}, ret, nil
}
Beispiel #5
0
func (c digestChallenge) challenge(props sasl.Properties, pairs sasl.AttributeValuePairs) (digestState, sasl.Token, error) {
	var ok bool

	user, ok := props[sasl.AuthID]
	if !ok {
		return c, nil, sasl.PropertyMissingError{sasl.AuthID}
	}

	password, ok := props[sasl.Password]
	if !ok {
		return c, nil, sasl.PropertyMissingError{sasl.Password}
	}

	authorizationID := props[sasl.AuthZID]

	//realm, ok := props[sasl.Realm]
	//if !ok {
	//	return c, nil, sasl.PropertyMissingError{sasl.Realm}
	//}

	realm, ok := pairs["realm"]
	if !ok {
		return c, nil, sasl.ErrMissingParameter
	}

	service, ok := props[sasl.Service]
	if !ok {
		return c, nil, sasl.PropertyMissingError{sasl.Service}
	}

	clientNonce, ok := props[sasl.ClientNonce]
	if !ok {
		return c, nil, sasl.PropertyMissingError{sasl.ClientNonce}
	}

	qop, ok := props[sasl.QOP]
	if !ok {
		return c, nil, sasl.PropertyMissingError{sasl.QOP}
	}

	serverNonce, ok := pairs["nonce"]
	if !ok {
		return c, nil, sasl.ErrMissingParameter
	}

	//TODO: check if pairs[qop] contains props[QOP]

	digestURI := service + "/" + realm

	a1 := c.a1(user, realm, password, serverNonce, clientNonce, authorizationID)
	a2 := c.a2(digestURI, qop)
	nc := fmt.Sprintf("%08x", 1)

	kd := strings.Join([]string{
		hex.EncodeToString(a1[:]),
		serverNonce,
		nc,
		clientNonce,
		qop,
		hex.EncodeToString(a2[:]),
	}, ":")

	mdKd := md5.Sum([]byte(kd))
	responseValue := hex.EncodeToString(mdKd[:])

	ret := fmt.Sprintf(`charset=utf-8,username=%q,realm=%q,nonce=%q,nc=%s,cnonce=%q,digest-uri=%q,response=%s,qop=auth`,
		user, realm, serverNonce, nc, clientNonce, digestURI, responseValue,
	)

	if authorizationID != "" {
		ret = ret + ",authzid=\"" + authorizationID + "\""
	}

	return responseAuth{}, sasl.Token(ret), nil
}