Halaman utama Jelajahi Bantuan
Masuk
downstream
/
emacs
Liatin 2
Bintangi 0
Fork 0
Berkas Masalah 0 Tarik Permintaan 0 Wiki
Cabang: master
Ranting Tag
emacs
/
lisp
/
net
/
sasl.el

sasl.el 8.2 KB
Permalink Riwayat Mentahan

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271 
  1. ;;; sasl.el --- SASL client framework
    2. 

  2. 

  3. ;; Copyright (C) 2000, 2007-2012  Free Software Foundation, Inc.
    4. 

  4. 

  5. ;; Author: Daiki Ueno <ueno@unixuser.org>
    6. 

  6. ;; Keywords: SASL
    7. 

  7. 

  8. ;; This file is part of GNU Emacs.
    9. 

  9. 

  10. ;; GNU Emacs is free software: you can redistribute it and/or modify
    11. 

  11. ;; it under the terms of the GNU General Public License as published by
    12. 

  12. ;; the Free Software Foundation, either version 3 of the License, or
    13. 

  13. ;; (at your option) any later version.
    14. 

  14. 

  15. ;; GNU Emacs is distributed in the hope that it will be useful,
    16. 

  16. ;; but WITHOUT ANY WARRANTY; without even the implied warranty of
    17. 

  17. ;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
    18. 

  18. ;; GNU General Public License for more details.
    19. 

  19. 

  20. ;; You should have received a copy of the GNU General Public License
    21. 

  21. ;; along with GNU Emacs.  If not, see <http://www.gnu.org/licenses/>.
    22. 

  22. 

  23. ;;; Commentary:
    24. 

  24. 

  25. ;; This module provides common interface functions to share several
    26. 

  26. ;; SASL mechanism drivers.  The toplevel is designed to be mostly
    27. 

  27. ;; compatible with [Java-SASL].
    28. 

  28. ;;
    29. 

  29. ;; [SASL] J. Myers, "Simple Authentication and Security Layer (SASL)",
    30. 

  30. ;;	RFC 2222, October 1997.
    31. 

  31. ;;
    32. 

  32. ;; [Java-SASL] R. Weltman & R. Lee, "The Java SASL Application Program
    33. 

  33. ;;	Interface", draft-weltman-java-sasl-03.txt, March 2000.
    34. 

  34. 

  35. ;;; Code:
    36. 

  36. 

  37. (defvar sasl-mechanisms
    38. 

  38.   '("CRAM-MD5" "DIGEST-MD5" "PLAIN" "LOGIN" "ANONYMOUS"
    39. 

  39.     "NTLM" "SCRAM-MD5"))
    40. 

  40. 

  41. (defvar sasl-mechanism-alist
    42. 

  42.   '(("CRAM-MD5" sasl-cram)
    43. 

  43.     ("DIGEST-MD5" sasl-digest)
    44. 

  44.     ("PLAIN" sasl-plain)
    45. 

  45.     ("LOGIN" sasl-login)
    46. 

  46.     ("ANONYMOUS" sasl-anonymous)
    47. 

  47.     ("NTLM" sasl-ntlm)
    48. 

  48.     ("SCRAM-MD5" sasl-scram)))
    49. 

  49. 

  50. (defvar sasl-unique-id-function #'sasl-unique-id-function)
    51. 

  51. 

  52. (put 'sasl-error 'error-message "SASL error")
    53. 

  53. (put 'sasl-error 'error-conditions '(sasl-error error))
    54. 

  54. 

  55. (defun sasl-error (datum)
    56. 

  56.   (signal 'sasl-error (list datum)))
    57. 

  57. 

  58. ;;; @ SASL client
    59. 

  59. ;;;
    60. 

  60. 

  61. (defun sasl-make-client (mechanism name service server)
    62. 

  62.   "Return a newly allocated SASL client.
    63. 

  63. NAME is name of the authorization.  SERVICE is name of the service desired.
    64. 

  64. SERVER is the fully qualified host name of the server to authenticate to."
    65. 

  65.   (vector mechanism name service server (make-symbol "sasl-client-properties")))
    66. 

  66. 

  67. (defun sasl-client-mechanism (client)
    68. 

  68.   "Return the authentication mechanism driver of CLIENT."
    69. 

  69.   (aref client 0))
    70. 

  70. 

  71. (defun sasl-client-name (client)
    72. 

  72.   "Return the authorization name of CLIENT, a string."
    73. 

  73.   (aref client 1))
    74. 

  74. 

  75. (defun sasl-client-service (client)
    76. 

  76.   "Return the service name of CLIENT, a string."
    77. 

  77.   (aref client 2))
    78. 

  78. 

  79. (defun sasl-client-server (client)
    80. 

  80.   "Return the server name of CLIENT, a string."
    81. 

  81.   (aref client 3))
    82. 

  82. 

  83. (defun sasl-client-set-properties (client plist)
    84. 

  84.   "Destructively set the properties of CLIENT.
    85. 

  85. The second argument PLIST is the new property list."
    86. 

  86.   (setplist (aref client 4) plist))
    87. 

  87. 

  88. (defun sasl-client-set-property (client property value)
    89. 

  89.   "Add the given PROPERTY/VALUE to CLIENT."
    90. 

  90.   (put (aref client 4) property value))
    91. 

  91. 

  92. (defun sasl-client-property (client property)
    93. 

  93.   "Return the value of the PROPERTY of CLIENT."
    94. 

  94.   (get (aref client 4) property))
    95. 

  95. 

  96. (defun sasl-client-properties (client)
    97. 

  97.   "Return the properties of CLIENT."
    98. 

  98.   (symbol-plist (aref client 4)))
    99. 

  99. 

  100. ;;; @ SASL mechanism
    101. 

  101. ;;;
    102. 

  102. 

  103. (defun sasl-make-mechanism (name steps)
    104. 

  104.   "Make an authentication mechanism.
    105. 

  105. NAME is a IANA registered SASL mechanism name.
    106. 

  106. STEPS is list of continuation functions."
    107. 

  107.   (vector name
    108. 

  108. 	  (mapcar
    109. 

  109. 	   (lambda (step)
    110. 

  110. 	     (let ((symbol (make-symbol (symbol-name step))))
    111. 

  111. 	       (fset symbol (symbol-function step))
    112. 

  112. 	       symbol))
    113. 

  113. 	   steps)))
    114. 

  114. 

  115. (defun sasl-mechanism-name (mechanism)
    116. 

  116.   "Return name of MECHANISM, a string."
    117. 

  117.   (aref mechanism 0))
    118. 

  118. 

  119. (defun sasl-mechanism-steps (mechanism)
    120. 

  120.   "Return the authentication steps of MECHANISM, a list of functions."
    121. 

  121.   (aref mechanism 1))
    122. 

  122. 

  123. (defun sasl-find-mechanism (mechanisms)
    124. 

  124.   "Retrieve an appropriate mechanism object from MECHANISMS hints."
    125. 

  125.   (let* ((sasl-mechanisms sasl-mechanisms)
    126. 

  126. 	 (mechanism
    127. 

  127. 	  (catch 'done
    128. 

  128. 	    (while sasl-mechanisms
    129. 

  129. 	      (if (member (car sasl-mechanisms) mechanisms)
    130. 

  130. 		  (throw 'done (nth 1 (assoc (car sasl-mechanisms)
    131. 

  131. 					     sasl-mechanism-alist))))
    132. 

  132. 	      (setq sasl-mechanisms (cdr sasl-mechanisms))))))
    133. 

  133.     (if mechanism
    134. 

  134. 	(require mechanism))
    135. 

  135.     (get mechanism 'sasl-mechanism)))
    136. 

  136. 

  137. ;;; @ SASL authentication step
    138. 

  138. ;;;
    139. 

  139. 

  140. (defun sasl-step-data (step)
    141. 

  141.   "Return the data which STEP holds, a string."
    142. 

  142.   (aref step 1))
    143. 

  143. 

  144. (defun sasl-step-set-data (step data)
    145. 

  145.   "Store DATA string to STEP."
    146. 

  146.   (aset step 1 data))
    147. 

  147. 

  148. (defun sasl-next-step (client step)
    149. 

  149.   "Evaluate the challenge and prepare an appropriate next response.
    150. 

  150. The data type of the value and 2nd argument STEP is nil or opaque
    151. 

  151. authentication step which holds the reference to the next action and
    152. 

  152. the current challenge.  At the first time STEP should be set to nil."
    153. 

  153.   (let* ((steps
    154. 

  154. 	  (sasl-mechanism-steps
    155. 

  155. 	   (sasl-client-mechanism client)))
    156. 

  156. 	 (function
    157. 

  157. 	  (if (vectorp step)
    158. 

  158. 	      (nth 1 (memq (aref step 0) steps))
    159. 

  159. 	    (car steps))))
    160. 

  160.     (if function
    161. 

  161. 	(vector function (funcall function client step)))))
    162. 

  162. 

  163. (defvar sasl-read-passphrase nil)
    164. 

  164. (defun sasl-read-passphrase (prompt)
    165. 

  165.   (if (not sasl-read-passphrase)
    166. 

  166.       (if (functionp 'read-passwd)
    167. 

  167. 	  (setq sasl-read-passphrase 'read-passwd)
    168. 

  168. 	(if (load "passwd" t)
    169. 

  169. 	    (setq sasl-read-passphrase 'read-passwd)
    170. 

  170. 	  (autoload 'ange-ftp-read-passwd "ange-ftp")
    171. 

  171. 	  (setq sasl-read-passphrase 'ange-ftp-read-passwd))))
    172. 

  172.   (funcall sasl-read-passphrase prompt))
    173. 

  173. 

  174. (defun sasl-unique-id ()
    175. 

  175.   "Compute a data string which must be different each time.
    176. 

  176. It contain at least 64 bits of entropy."
    177. 

  177.   (concat (funcall sasl-unique-id-function)(funcall sasl-unique-id-function)))
    178. 

  178. 

  179. (defvar sasl-unique-id-char nil)
    180. 

  180. 

  181. ;; stolen (and renamed) from message.el
    182. 

  182. (defun sasl-unique-id-function ()
    183. 

  183.   ;; Don't use microseconds from (current-time), they may be unsupported.
    184. 

  184.   ;; Instead we use this randomly inited counter.
    185. 

  185.   (setq sasl-unique-id-char
    186. 

  186. 	(% (1+ (or sasl-unique-id-char (logand (random t) (1- (lsh 1 20)))))
    187. 

  187. 	   ;; (current-time) returns 16-bit ints,
    188. 

  188. 	   ;; and 2^16*25 just fits into 4 digits i base 36.
    189. 

  189. 	   (* 25 25)))
    190. 

  190.   (let ((tm (current-time)))
    191. 

  191.     (concat
    192. 

  192.      (sasl-unique-id-number-base36
    193. 

  193.       (+ (car   tm)
    194. 

  194. 	 (lsh (% sasl-unique-id-char 25) 16)) 4)
    195. 

  195.      (sasl-unique-id-number-base36
    196. 

  196.       (+ (nth 1 tm)
    197. 

  197. 	 (lsh (/ sasl-unique-id-char 25) 16)) 4))))
    198. 

  198. 

  199. (defun sasl-unique-id-number-base36 (num len)
    200. 

  200.   (if (if (< len 0)
    201. 

  201. 	  (<= num 0)
    202. 

  202. 	(= len 0))
    203. 

  203.       ""
    204. 

  204.     (concat (sasl-unique-id-number-base36 (/ num 36) (1- len))
    205. 

  205. 	    (char-to-string (aref "zyxwvutsrqponmlkjihgfedcba9876543210"
    206. 

  206. 				  (% num 36))))))
    207. 

  207. 

  208. ;;; PLAIN (RFC2595 Section 6)
    209. 

  209. (defconst sasl-plain-steps
    210. 

  210.   '(sasl-plain-response))
    211. 

  211. 

  212. (defun sasl-plain-response (client step)
    213. 

  213.   (let ((passphrase
    214. 

  214. 	 (sasl-read-passphrase
    215. 

  215. 	  (format "PLAIN passphrase for %s: " (sasl-client-name client))))
    216. 

  216. 	(authenticator-name
    217. 

  217. 	 (sasl-client-property
    218. 

  218. 	  client 'authenticator-name))
    219. 

  219. 	(name (sasl-client-name client)))
    220. 

  220.     (unwind-protect
    221. 

  221. 	(if (and authenticator-name
    222. 

  222. 		 (not (string= authenticator-name name)))
    223. 

  223. 	    (concat authenticator-name "\0" name "\0" passphrase)
    224. 

  224. 	  (concat "\0" name "\0" passphrase))
    225. 

  225.       (fillarray passphrase 0))))
    226. 

  226. 

  227. (put 'sasl-plain 'sasl-mechanism
    228. 

  228.      (sasl-make-mechanism "PLAIN" sasl-plain-steps))
    229. 

  229. 

  230. (provide 'sasl-plain)
    231. 

  231. 

  232. ;;; LOGIN (No specification exists)
    233. 

  233. (defconst sasl-login-steps
    234. 

  234.   '(ignore				;no initial response
    235. 

  235.     sasl-login-response-1
    236. 

  236.     sasl-login-response-2))
    237. 

  237. 

  238. (defun sasl-login-response-1 (client step)
    239. 

  239. ;;;  (unless (string-match "^Username:" (sasl-step-data step))
    240. 

  240. ;;;    (sasl-error (format "Unexpected response: %s" (sasl-step-data step))))
    241. 

  241.   (sasl-client-name client))
    242. 

  242. 

  243. (defun sasl-login-response-2 (client step)
    244. 

  244. ;;;  (unless (string-match "^Password:" (sasl-step-data step))
    245. 

  245. ;;;    (sasl-error (format "Unexpected response: %s" (sasl-step-data step))))
    246. 

  246.   (sasl-read-passphrase
    247. 

  247.    (format "LOGIN passphrase for %s: " (sasl-client-name client))))
    248. 

  248. 

  249. (put 'sasl-login 'sasl-mechanism
    250. 

  250.      (sasl-make-mechanism "LOGIN" sasl-login-steps))
    251. 

  251. 

  252. (provide 'sasl-login)
    253. 

  253. 

  254. ;;; ANONYMOUS (RFC2245)
    255. 

  255. (defconst sasl-anonymous-steps
    256. 

  256.   '(ignore				;no initial response
    257. 

  257.     sasl-anonymous-response))
    258. 

  258. 

  259. (defun sasl-anonymous-response (client step)
    260. 

  260.   (or (sasl-client-property client 'trace)
    261. 

  261.       (sasl-client-name client)))
    262. 

  262. 

  263. (put 'sasl-anonymous 'sasl-mechanism
    264. 

  264.      (sasl-make-mechanism "ANONYMOUS" sasl-anonymous-steps))
    265. 

  265. 

  266. (provide 'sasl-anonymous)
    267. 

  267. 

  268. (provide 'sasl)
    269. 

  269. 

  270. ;;; sasl.el ends here
    271. 

  271.