Vijayan,
What server are you using?
Based on your input, the logic seems correct. In other words, I was
able to duplicate the CRAM-MD5 authentication credential string sent to
the server:
dmlqYXlhbkB0ZXN0MTIzIDA4ZWZjODQ2MzAzMzU3NDNlYzM1OTY2YzgwYjIzYzVh
So this might be a backend issue.
here is a C/C++ SMTP client class method for CRAM-MD5 I know works. I
think it is self documented.
BOOL CSMTPClient::AuthCRAM(const char *szUser, const char *szPass)
{
//////////////////////////////////////////////
// AUTH CRAM-MD5 LOGIC
// see d:\rfc\smtp.auth.rfc2554.txt
// d:\rfc\cram-md5.rfc2195.txt
//
// C: AUTH CRAM-MD5
// S: 334 base64(challengestring)
// C: base64(szUser + " "+md5(challengestring,pwd))
// S: 235 Authentication Successful
//////////////////////////////////////////////
printf("** Authenticating using AUTH CRAM-MD5\n");
int status;
char szResponse[1024];
char szBuffer[1024];
char szChallenge[1024];
char szTemp[256];
status = Sendf("AUTH CRAM-MD5\r\n");
if (status == -1) return FALSE;
// expected responses
// 504 unrecognized method
// 334 base64(wildcat challenge string)
// ReadResponse is simply a wrapper around
// select() and recv()
status = ReadResponse(szResponse, sizeof(szResponse),TRUE);
if (status != 334) return FALSE;
char *p = strchr(szResponse,' ');
if (!p) return FALSE;
UnBase64(szChallenge,p+1);
char hshbuf[2*MD5_DIGEST_SIZE + 1];
ZeroMemory(&hshbuf,sizeof(hshbuf));
strcpy(szTemp,szPass);
strlwr(szTemp);
hmac_md5 (szChallenge,strlen(szChallenge),
szTemp,strlen(szTemp),hshbuf);
strcpy(szTemp,szUser);
if (strchr(szTemp,' ')) MakeDotName(szTemp);
wsprintf(szBuffer,"%s %s",szTemp,hshbuf);
Base64(szResponse,szBuffer,strlen(szBuffer));
status = Sendf("%s\r\n",szResponse);
if (status == -1) return FALSE;
status = ReadResponse(szResponse, sizeof(szResponse));
// expected responses
// 235 Authentication successful
if (status != 235) {
return FALSE;
}
return TRUE;
}
--
Hector Santos, Santronics Software, Inc.
http://www.santronics.com
----- Original Message -----
From: "Vijayan" <vijayan(_at_)jataayusoft(_dot_)com>
To: <ietf-smtp(_at_)imc(_dot_)org>
Cc: "Robert A. Rosenberg" <hal9001(_at_)panix(_dot_)com>;
<Valdis(_dot_)Kletnieks(_at_)vt(_dot_)edu>; "Paul Smith"
<paul(_at_)pscs(_dot_)co(_dot_)uk>; "Tony Finch"
<dot(_at_)dotat(_dot_)at>; "Frank Ellermann"
<nobody(_at_)xyzzy(_dot_)claranet(_dot_)de>
Sent: Thursday, December 01, 2005 7:13 AM
Subject: CRAM-MD5 Authentication -- leave the previous mail..
Hi Friends.. (sorry for the spam)
Now i somehow managed to build my CRAM-MD5 algorithm..
but still am getting failure notice in authentication from the server
Please do spare some minutes for me and consider this sample case:
Username : vijayan(_at_)test123
Password : vijayan123
Server's Response for AUTH CRAM-MD5 :
"PDEzMTcwMTY1MjguOTM2MzU4OEB0ZXN0MTIzPg=="
(greeting or secret)
then I made Base64 decode string (Challenge):
<1317016528(_dot_)9363588(_at_)test123> (last time i sent the wrong buffer)...
then the md5 algorithm formed the digest on this buffer which is
digest = "08efc84630335743ec35966c80b23c5a"
so the full base64 decoded string is : "vijayan(_at_)test123
08efc84630335743ec35966c80b23c5a"
now i made the base64 encode on this string, which returns
"dmlqYXlhbkB0ZXN0MTIzIDA4ZWZjODQ2MzAzMzU3NDNlYzM1OTY2YzgwYjIzYzVh"
this buffer i sent to server. But the server return "535 authentication
failed (#5.7.0)
pls check these sequences and letme know where the error occured..
is my algorithm is correct..??
if any error where it might be..?
pls help in this..
hope to get a reply from anyof u regarding this issue..
thanks in advance,
Vijayan