?

Log in

No account? Create an account
LiveJournal Client Discussions [entries|archive|friends|userinfo]
LiveJournal Client Discussions

[ userinfo | livejournal userinfo ]
[ archive | journal archive ]

Auth Challenge troubles... [Aug. 26th, 2004|12:42 am]
LiveJournal Client Discussions
lj_clients
[dagon]
I'm having a problem with getting the challenge method to work; in fact, I can't get it to work at all.

I've studied the protocol documentation and tried looking at the perl example, but I'm not all that familiar with perl.

For right now, in the first stages of my client development, I'm starting off with the flat protocol. I have the client logging in with the clear text, but I don't know how to do the challenge method.

What exactly am I supposed to send to the server to issue the challenge? And how is it sent?

"Essentially, you generate a challenge by issuing a blank request to the getchallenge method. If your method call is successful you're given:"

How is that blank request to the getchallenge method issued?

Thanks.
linkReply

Comments:
[User Picture]From: vanbeast
2004-08-25 10:13 pm (UTC)
Turns out you don't even need to send a username.
(Reply) (Parent) (Thread)
[User Picture]From: anne78
2004-08-25 11:03 pm (UTC)
Yup, mode=getchallenge is all I am sending and it works great. The response body you get back is just some long string. You don't have to worry what that string is. Just take the full response body, append the HEX MD5 hash of the users password. Then generate the HEX MD5 hash of that. In psudo C style code you get:

str GetChalengeResponse() {
str ServerChallenge = HTTPRequest("mode=getchallenge");
str PasswordMD5 = Str2MD5Hex("password");
str ChalengeResponse = Str2MD5Hex(ServerChallenge + PasswordMD5);

// Send the ChalengeResponse string to all the other protocol modes
return ChalengeResponse;
}

str HTTPRequest(str Body) {
// Impliment sending HTTP request to server her with the given Body
// Return the full HTTP response body from this method
}

str Str2MD5Hex(str Text) {
// Impliment generating a LOWER CASE MD5 Hex hash for the given Text
}

One thing to note which took my ages to figure out is that the MD5 hashes are case sensative! So if your MD5 generator generates mixed case hashes (as the one I am useing does) remember to make them all lower case!
(Reply) (Parent) (Thread)
[User Picture]From: vanbeast
2004-08-25 11:05 pm (UTC)
Actually, the server returns a bunch of crap, not just the challenge...

auth_scheme
c0
challenge
c0:1093496400:3277:60:TIT5jfZ88taNAZmjevaQ:b03bb1880829dead6d48b53cc45128d1
expire_time
1093499737
server_time
1093499677
success
OK


from a call just now. If you try to hash your response with the entire response body, it's not going to work. You have to extract the challenge key/value pair and just use that value.
(Reply) (Parent) (Thread)
[User Picture]From: anne78
2004-08-25 11:15 pm (UTC)
Oops! You're totaly right. Serves me right for trying to write code from memory at 7am when I have had no sleep yet! lol
(Reply) (Parent) (Thread)
[User Picture]From: vanbeast
2004-08-25 11:17 pm (UTC)
If I hadn't just been telnetting to the server and issuing getchallenge commands to answer the post in the first place, there's no way I would have known! I've never used the flat protocol... on top of that, I've been in FotoBilder land, where everything is in HTTP headers anyway :)
(Reply) (Parent) (Thread)
[User Picture]From: anne78
2004-08-25 11:23 pm (UTC)
Of course I just noticed (from his main journal) that dragon is using VB6, so my C sntax code may be as lost on him as the PERL code!

My VB6 is rather rusty now so I best not attempt providing any code in it at this early hour of the morning!
(Reply) (Parent) (Thread)
[User Picture]From: anne78
2004-08-25 11:24 pm (UTC)
Sorry dagon! I really need sleep!
(Reply) (Parent) (Thread)
[User Picture]From: anne78
2004-08-25 11:27 pm (UTC)
Ok WHY have I hard coded the password!! Password should be a perameter of the CetChalengeResponse method!

I give up! lol
(Reply) (Parent) (Thread)