| 1 | #! @PERL@ -w |
| 2 | use MIME::Base64; |
| 3 | use Digest::MD5 qw(md5 md5_hex); |
| 4 | |
| 5 | # Test CRAM-MD5 (RFC 2195) authentication. See also RFC 1734 for POP3 AUTH. |
| 6 | |
| 7 | # To duplicate the example in RFC 2195: |
| 8 | # $ perl testcrammd5.pl |
| 9 | # Username? tim |
| 10 | # Password? tanstaaftanstaaf |
| 11 | # Challenge? PDE4OTYuNjk3MTcwOTUyQHBvc3RvZmZpY2UucmVzdG9uLm1jaS5uZXQ+ |
| 12 | # Response: |
| 13 | # dGltIGI5MTNhNjAyYzdlZGE3YTQ5NWI0ZTZlNzMzNGQzODkw |
| 14 | |
| 15 | # To use with courier-imap: |
| 16 | # telnet localhost 110 |
| 17 | # capa |
| 18 | # << check for SASL CRAM-MD5 in response |
| 19 | # auth cram-md5 |
| 20 | # << note the challenge, paste it into this program |
| 21 | # << paste back the response |
| 22 | # |
| 23 | # or: |
| 24 | # telnet localhost 143 |
| 25 | # << check for [CAPABILITY ... AUTH=CRAM-MD5 ...] in response |
| 26 | # a authenticate cram-md5 |
| 27 | # << note the challenge, paste it into this program |
| 28 | # << paste back the response |
| 29 | |
| 30 | # Remember: to get CRAM-MD5 authentication working in Courier-IMAP you |
| 31 | # need to set several things: |
| 32 | # - settings POP3AUTH in pop3d and/or IMAP_CAPABILITY in imapd |
| 33 | # - in userdb set attribute hmac-md5pw (or pop3-hmac-md5pw etc) |
| 34 | # userdbpw -hmac-md5 | userdb fred@flintstone.org set hmac-md5pw |
| 35 | # Password: |
| 36 | # Reenter password: |
| 37 | # makeuserdb |
| 38 | # - in mysql/pgsql/ldap set cleartext password |
| 39 | |
| 40 | print "Username? "; |
| 41 | $username = <STDIN>; |
| 42 | chomp($username); |
| 43 | print "Password? "; |
| 44 | $password = <STDIN>; |
| 45 | chomp($password); |
| 46 | |
| 47 | print "Send: AUTH CRAM-MD5 (or for imap, A AUTHENTICATE CRAM-MD5)\n"; |
| 48 | print "Paste the challenge here:\n+ "; |
| 49 | $challenge = <STDIN>; |
| 50 | chomp($challenge); |
| 51 | $challenge =~ s/^\+?\ *//; |
| 52 | $challenge = decode_base64($challenge); |
| 53 | |
| 54 | if (length($password) > 64) { |
| 55 | $password = md5($password); |
| 56 | } |
| 57 | while (length($password) < 64) { |
| 58 | $password = $password . "\0"; |
| 59 | } |
| 60 | |
| 61 | $digest = md5_hex(($password ^ "\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\") . |
| 62 | md5(($password ^ "6666666666666666666666666666666666666666666666666666666666666666") . $challenge)); |
| 63 | $resp = encode_base64("$username $digest"); |
| 64 | print "Send this response:\n$resp\n"; |