[JDEV] digest authentication

Max Horn max at quendi.de
Mon May 21 12:59:35 CDT 2001 

At 12:18 Uhr -0500 21.05.2001, Dustin Puryear wrote:
>Thomas Muldowney wrote:
>>
>>  What does it spit out at you and with what data?
>
>Okay, I'll just give you the shahash() data. If it's right, and I don't
>see why not, then perhaps I am doing something else wrong. First, here
>is the driver I added to sha.c:
>
>#ifdef SHA_DRIVER
>
>#include <string.h>
>
>int main(int argc, char *argv[])
>{
>         char buf[1024];
>
>         if (argc < 2)
>                 return 1;
>
>         strcpy(buf, argv[1]);
>         strcat(buf, argv[2]);
>
>         printf("buf = %s\n", buf);
>         printf("shahash(%s) = %s\n", buf, shahash(buf));
>
>         return 0;
>}
>
>#endif
>
>So, an example would be:
>
>./a.out 3B094D98 password
>buf = 3B094D98password
>shahash(3B094D98password) = f5dc79b8fec961496e44b7a7e70f073391ea23f1
>
>Is that correct output? It differs from Gabber's. I am taking 3B094D98
>from the "id" returned after establishing a stream. Hmm, just in case
>this helps. Here is the output from Gabber:
>
>20010521T17:15:07<<< <stream:stream to='
>20010521T17:15:07<<< jabber.org
>20010521T17:15:07<<< ' xmlns='jabber:client'
>xmlns:stream='http://etherx.jabber.org/streams'>
>20010521T17:15:07>>> <?xml version='1.0'?><stream:stream
>xmlns:stream='http://etherx.jabber.org/streams' id='3B094D98'
>xmlns='jabber:client' from='jabber.org'>
>20010521T17:15:07<<< <iq id='A0' type='get'><query
>xmlns='jabber:iq:auth'><username>dpuryear</username></query></iq>
>20010521T17:15:08>>> <iq id='A0' type='result'><query
>xmlns='jabber:iq:auth'><username>dpuryear</username><password/><digest/><sequence>326</sequence><token>3A7B471C</token><resource/></query></iq>
>20010521T17:15:08<<< <iq id='A1' type='set'><query
>xmlns='jabber:iq:auth'><username>dpuryear</username><resource>Work</resource><hash>7c20f0d1f908f4c284fb3f52b364bbbe8222da81</hash></query></iq>
>
>Despite me using a phoney password, I know that Gabber is producing
>proper output since I can login using the correct password.


Ahhhhh!

You are mixing up 0k-auth and digest-auth ;) I guess your hash string 
is correct, but what you generate is data for the <digest> element. 
The <hash> element in Gabber's output is for the 0k-auth mechansim

For more information on digest-auth, check out 
http://docs.jabber.org/proto/html/jabber:iq:auth.html

For more information on 0k-auth, check out 
http://docs.jabber.org/draft-proto/html/zerok.html


HTH,

Max
-- 
-----------------------------------------------
Max Horn
C++/ObjC/Java Developer

email: <mailto:max at quendi.de>
phone: (+49) 6151-494890

More information about the JDev mailing list