示例#1
0
        /// <summary>
        /// Raises <b>GetUserInfo</b> event.
        /// </summary>
        /// <param name="userName">User name.</param>
        /// <returns>Returns specified user info.</returns>
        private AUTH_e_UserInfo OnGetUserInfo(string userName)
        {
            AUTH_e_UserInfo retVal = new AUTH_e_UserInfo(userName);

            if (GetUserInfo != null)
            {
                GetUserInfo(this, retVal);
            }

            return(retVal);
        }
        /// <summary>
        /// Raises <b>GetUserInfo</b> event.
        /// </summary>
        /// <param name="userName">User name.</param>
        /// <returns>Returns specified user info.</returns>
        private AUTH_e_UserInfo OnGetUserInfo(string userName)
        {
            AUTH_e_UserInfo retVal = new AUTH_e_UserInfo(userName);

            if (GetUserInfo != null)
            {
                GetUserInfo(this, retVal);
            }

            return retVal;
        }
示例#3
0
        /// <summary>
        /// Continues authentication process.
        /// </summary>
        /// <param name="clientResponse">Client sent SASL response.</param>
        /// <returns>Retunrns challange response what must be sent to client or null if authentication has completed.</returns>
        /// <exception cref="ArgumentNullException">Is raised when <b>clientResponse</b> is null reference.</exception>
        public override string Continue(string clientResponse)
        {
            if (clientResponse == null)
            {
                throw new ArgumentNullException("clientResponse");
            }

            /* RFC 2195 2. Challenge-Response Authentication Mechanism.
             *  The authentication type associated with CRAM is "CRAM-MD5".
             *
             *  The data encoded in the first ready response contains an
             *  presumptively arbitrary string of random digits, a timestamp, and the
             *  fully-qualified primary host name of the server.  The syntax of the
             *  unencoded form must correspond to that of an RFC 822 'msg-id'
             *  [RFC822] as described in [POP3].
             *
             *  The client makes note of the data and then responds with a string
             *  consisting of the user name, a space, and a 'digest'.  The latter is
             *  computed by applying the keyed MD5 algorithm from [KEYED-MD5] where
             *  the key is a shared secret and the digested text is the timestamp
             *  (including angle-brackets).
             *
             *  This shared secret is a string known only to the client and server.
             *  The `digest' parameter itself is a 16-octet value which is sent in
             *  hexadecimal format, using lower-case ASCII characters.
             *
             *  When the server receives this client response, it verifies the digest
             *  provided.  If the digest is correct, the server should consider the
             *  client authenticated and respond appropriately.
             *
             *  Example:
             *      The examples in this document show the use of the CRAM mechanism with
             *      the IMAP4 AUTHENTICATE command [IMAP-AUTH].  The base64 encoding of
             *      the challenges and responses is part of the IMAP4 AUTHENTICATE
             *      command, not part of the CRAM specification itself.
             *
             *      S: * OK IMAP4 Server
             *      C: A0001 AUTHENTICATE CRAM-MD5
             *      S: + PDE4OTYuNjk3MTcwOTUyQHBvc3RvZmZpY2UucmVzdG9uLm1jaS5uZXQ+
             *      C: dGltIGI5MTNhNjAyYzdlZGE3YTQ5NWI0ZTZlNzMzNGQzODkw
             *      S: A0001 OK CRAM authentication successful
             *
             *      In this example, the shared secret is the string
             *      'tanstaaftanstaaf'.  Hence, the Keyed MD5 digest is produced by
             *      calculating
             *
             *      MD5((tanstaaftanstaaf XOR opad),
             *          MD5((tanstaaftanstaaf XOR ipad),
             *          <*****@*****.**>))
             *
             *      where ipad and opad are as defined in the keyed-MD5 Work in
             *      Progress [KEYED-MD5] and the string shown in the challenge is the
             *      base64 encoding of <*****@*****.**>. The
             *      shared secret is null-padded to a length of 64 bytes. If the
             *      shared secret is longer than 64 bytes, the MD5 digest of the
             *      shared secret is used as a 16 byte input to the keyed MD5
             *      calculation.
             *
             *      This produces a digest value (in hexadecimal) of
             *
             *          b913a602c7eda7a495b4e6e7334d3890
             *
             *      The user name is then prepended to it, forming
             *
             *          tim b913a602c7eda7a495b4e6e7334d3890
             *
             *      Which is then base64 encoded to meet the requirements of the IMAP4
             *      AUTHENTICATE command (or the similar POP3 AUTH command), yielding
             *
             *      dGltIGI5MTNhNjAyYzdlZGE3YTQ5NWI0ZTZlNzMzNGQzODkw
             */

            if (m_State == 0)
            {
                m_State++;
                m_Key = "<" + Guid.NewGuid() + "@host" + ">";

                return(m_Key);
            }
            else
            {
                // Parse client response. response = userName SP hash.
                string[] user_hash = clientResponse.Split(' ');
                if (user_hash.Length == 2 && !string.IsNullOrEmpty(user_hash[0]))
                {
                    m_UserName = user_hash[0];
                    AUTH_e_UserInfo result = OnGetUserInfo(user_hash[0]);
                    if (result.UserExists)
                    {
                        // hash = Hex(HmacMd5(hashKey,password))
                        string hash = Net_Utils.Hex(HmacMd5(m_Key, result.Password));
                        if (hash == user_hash[1])
                        {
                            m_IsAuthenticated = true;
                        }
                    }
                }

                m_IsCompleted = true;
            }

            return(null);
        }
        /// <summary>
        /// Continues authentication process.
        /// </summary>
        /// <param name="clientResponse">Client sent SASL response.</param>
        /// <returns>Retunrns challange response what must be sent to client or null if authentication has completed.</returns>
        /// <exception cref="ArgumentNullException">Is raised when <b>clientResponse</b> is null reference.</exception>
        public override string Continue(string clientResponse)
        {
            if (clientResponse == null)
            {
                throw new ArgumentNullException("clientResponse");
            }

            /* RFC 2831.
             *  The base64-decoded version of the SASL exchange is:
             *
             *  S: realm="elwood.innosoft.com",nonce="OA6MG9tEQGm2hh",qop="auth",
             *     algorithm=md5-sess,charset=utf-8
             *  C: charset=utf-8,username="******",realm="elwood.innosoft.com",
             *     nonce="OA6MG9tEQGm2hh",nc=00000001,cnonce="OA6MHXh6VqTrRk",
             *     digest-uri="imap/elwood.innosoft.com",
             *     response=d388dad90d4bbd760a152321f2143af7,qop=auth
             *  S: rspauth=ea40f60335c427b5527b84dbabcdfffd
             *  C:
             *  S: ok
             *
             *  The password in this example was "secret".
             */

            if (m_State == 0)
            {
                m_State++;

                return("realm=\"" + m_Realm + "\",nonce=\"" + m_Nonce +
                       "\",qop=\"auth\",algorithm=md5-sess,charset=utf-8");
            }
            else if (m_State == 1)
            {
                m_State++;

                Auth_HttpDigest auth = new Auth_HttpDigest(clientResponse, "AUTHENTICATE");
                auth.Qop       = "auth";
                auth.Algorithm = "md5-sess";

                // Check realm and nonce value.
                if (m_Realm != auth.Realm || m_Nonce != auth.Nonce)
                {
                    return("rspauth=\"\"");
                }

                m_UserName = auth.UserName;
                AUTH_e_UserInfo result = OnGetUserInfo(auth.UserName);
                if (result.UserExists)
                {
                    if (auth.Authenticate(result.UserName, result.Password))
                    {
                        m_IsAuthenticated = true;

                        return("rspauth=" + auth.CalculateRspAuth(result.UserName, result.Password));
                    }
                }

                return("rspauth=\"\"");
            }
            else
            {
                m_IsCompleted = true;
            }

            return(null);
        }