#include "camel-sasl-digest-md5.h" (camel_sasl_authtype_list): add

2001-03-01  Jeffrey Stedfast  <fejj@ximian.com>

	* camel-sasl.c: #include "camel-sasl-digest-md5.h"
	(camel_sasl_authtype_list): add DIGEST-MD5 stuff here.
	(camel_sasl_authtype): And here too.
	(camel_sasl_new): And here...

	* camel-sasl-digest-md5.[c,h]: new SASL class for DIGEST-MD5 (has
	been tested and proven to work).

svn path=/trunk/; revision=8513

5 files changed, 922 insertions, 0 deletions

diff --git a/camel/ChangeLog b/camel/ChangeLog
index f212e25d46..923dbae94e 100644
--- a/camel/ChangeLog
+++ b/camel/ChangeLog
@@ -1,3 +1,13 @@
+2001-03-01  Jeffrey Stedfast  <fejj@ximian.com>
+	
+	* camel-sasl.c: #include "camel-sasl-digest-md5.h"
+	(camel_sasl_authtype_list): add DIGEST-MD5 stuff here.
+	(camel_sasl_authtype): And here too.
+	(camel_sasl_new): And here...
+
+	* camel-sasl-digest-md5.[c,h]: new SASL class for DIGEST-MD5 (has
+	been tested and proven to work).
+
 2001-03-01  Dan Winship  <danw@ximian.com>
 
 	* camel-sasl.c (camel_sasl_challenge): Take a GByteArray as input
diff --git a/camel/Makefile.am b/camel/Makefile.am
index adf5662dd4..da1bc24c43 100644
--- a/camel/Makefile.am
+++ b/camel/Makefile.am
@@ -53,6 +53,7 @@ libcamel_la_SOURCES = 				\
 	camel-sasl.c				\
 	camel-sasl-anonymous.c			\
 	camel-sasl-cram-md5.c			\
+	camel-sasl-digest-md5.c			\
 	camel-sasl-kerberos4.c			\
 	camel-sasl-plain.c			\
 	camel-search-private.c			\
@@ -117,6 +118,7 @@ libcamelinclude_HEADERS =			\
 	camel-sasl.h				\
 	camel-sasl-anonymous.h			\
 	camel-sasl-cram-md5.h			\
+	camel-sasl-digest-md5.h			\
 	camel-sasl-kerberos4.h			\
 	camel-sasl-plain.h			\
 	camel-seekable-stream.h			\
diff --git a/camel/camel-sasl-digest-md5.c b/camel/camel-sasl-digest-md5.c
new file mode 100644
index 0000000000..0b1a7f4432
--- /dev/null
+++ b/camel/camel-sasl-digest-md5.c
@@ -0,0 +1,842 @@
+/* -*- Mode: C; tab-width: 8; indent-tabs-mode: t; c-basic-offset: 8 -*- */
+/*
+ *  Authors: Jeffrey Stedfast <fejj@ximian.com>
+ *
+ *  Copyright 2001 Ximian, Inc. (www.ximian.com)
+ *
+ *  This program is free software; you can redistribute it and/or modify
+ *  it under the terms of the GNU General Public License as published by
+ *  the Free Software Foundation; either version 2 of the License, or
+ *  (at your option) any later version.
+ *
+ *  This program is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU General Public License for more details.
+ *
+ *  You should have received a copy of the GNU General Public License
+ *  along with this program; if not, write to the Free Software
+ *  Foundation, Inc., 59 Temple Street #330, Boston, MA 02111-1307, USA.
+ *
+ */
+
+#include <config.h>
+#include "camel-sasl-digest-md5.h"
+#include "camel-mime-utils.h"
+#include <e-util/md5-utils.h>
+#include <stdio.h>
+#include <string.h>
+#include <ctype.h>
+#include <unistd.h>
+
+#define d(x)
+
+#define PARANOID(x) x
+
+CamelServiceAuthType camel_sasl_digest_md5_authtype = {
+	N_("DIGEST-MD5"),
+
+	N_("This option will connect to the server using a "
+	   "secure DIGEST-MD5 password, if the server supports it."),
+
+	"DIGEST-MD5",
+	TRUE
+};
+
+static CamelSaslClass *parent_class = NULL;
+
+/* Returns the class for a CamelSaslDigestMd5 */
+#define CSCM_CLASS(so) CAMEL_SASL_DIGEST_MD5_CLASS (CAMEL_OBJECT_GET_CLASS (so))
+
+static GByteArray *digest_md5_challenge (CamelSasl *sasl, GByteArray *token, CamelException *ex);
+
+enum {
+	STATE_AUTH,
+	STATE_FINAL
+};
+
+typedef struct {
+	char *name;
+	guint type;
+} DataType;
+
+enum {
+	DIGEST_REALM,
+	DIGEST_NONCE,
+	DIGEST_QOP,
+	DIGEST_STALE,
+	DIGEST_MAXBUF,
+	DIGEST_CHARSET,
+	DIGEST_ALGORITHM,
+	DIGEST_CIPHER,
+	DIGEST_UNKNOWN
+};
+
+static DataType digest_args[] = {
+	{ "realm",     DIGEST_REALM     },
+	{ "nonce",     DIGEST_NONCE     },
+	{ "qop",       DIGEST_QOP       },
+	{ "stale",     DIGEST_STALE     },
+	{ "maxbuf",    DIGEST_MAXBUF    },
+	{ "charset",   DIGEST_CHARSET   },
+	{ "algorithm", DIGEST_ALGORITHM },
+	{ "cipher",    DIGEST_CIPHER    },
+	{ NULL,        DIGEST_UNKNOWN   }
+};
+
+#define QOP_AUTH           (1<<0)
+#define QOP_AUTH_INT       (1<<1)
+#define QOP_AUTH_CONF      (1<<2)
+#define QOP_INVALID        (1<<3)
+
+static DataType qop_types[] = {
+	{ "auth",      QOP_AUTH      },
+	{ "auth-int",  QOP_AUTH_INT  },
+	{ "auth-conf", QOP_AUTH_CONF },
+	{ NULL,        QOP_INVALID   }
+};
+
+#define CIPHER_DES         (1<<0)
+#define CIPHER_3DES        (1<<1)
+#define CIPHER_RC4         (1<<2)
+#define CIPHER_RC4_40      (1<<3)
+#define CIPHER_RC4_56      (1<<4)
+#define CIPHER_INVALID     (1<<5)
+
+static DataType cipher_types[] = {
+	{ "des",    CIPHER_DES     },
+	{ "3des",   CIPHER_3DES    },
+	{ "rc4",    CIPHER_RC4     },
+	{ "rc4-40", CIPHER_RC4_40  },
+	{ "rc4-56", CIPHER_RC4_56  },
+	{ NULL,     CIPHER_INVALID }
+};
+
+struct _param {
+	char *name;
+	char *value;
+};
+
+struct _DigestChallenge {
+	GPtrArray *realms;
+	char *nonce;
+	guint qop;
+	gboolean stale;
+	gint32 maxbuf;
+	char *charset;
+	char *algorithm;
+	guint cipher;
+	GList *params;
+};
+
+struct _DigestURI {
+	char *type;
+	char *host;
+	char *name;
+};
+
+struct _DigestResponse {
+	char *username;
+	char *realm;
+	char *nonce;
+	char *cnonce;
+	char nc[9];
+	guint qop;
+	struct _DigestURI *uri;
+	char resp[33];
+	guint32 maxbuf;
+	char *charset;
+	guint cipher;
+	char *authzid;
+	char *param;
+};
+
+struct _CamelSaslDigestMd5Private {
+	struct _DigestChallenge *challenge;
+	struct _DigestResponse *response;
+	int state;
+};
+
+static void
+camel_sasl_digest_md5_class_init (CamelSaslDigestMd5Class *camel_sasl_digest_md5_class)
+{
+	CamelSaslClass *camel_sasl_class = CAMEL_SASL_CLASS (camel_sasl_digest_md5_class);
+	
+	parent_class = CAMEL_SASL_CLASS (camel_type_get_global_classfuncs (camel_sasl_get_type ()));
+	
+	/* virtual method overload */
+	camel_sasl_class->challenge = digest_md5_challenge;
+}
+
+static void
+camel_sasl_digest_md5_init (gpointer object, gpointer klass)
+{
+	CamelSaslDigestMd5 *sasl_digest = CAMEL_SASL_DIGEST_MD5 (object);
+	
+	sasl_digest->priv = g_new0 (struct _CamelSaslDigestMd5Private, 1);
+}
+
+static void
+camel_sasl_digest_md5_finalize (CamelObject *object)
+{
+	CamelSaslDigestMd5 *sasl = CAMEL_SASL_DIGEST_MD5 (object);
+	struct _DigestChallenge *c = sasl->priv->challenge;
+	struct _DigestResponse *r = sasl->priv->response;
+	GList *p;
+	int i;
+	
+	for (i = 0; i < c->realms->len; i++)
+		g_free (c->realms->pdata[i]);
+	g_ptr_array_free (c->realms, TRUE);
+	g_free (c->nonce);
+	g_free (c->charset);
+	g_free (c->algorithm);
+	for (p = c->params; p; p = p->next) {
+		struct _param *param = p->data;
+		
+		g_free (param->name);
+		g_free (param->value);
+		g_free (param);
+	}
+	g_list_free (c->params);
+	g_free (c);
+	
+	g_free (r->username);
+	g_free (r->realm);
+	g_free (r->nonce);
+	g_free (r->cnonce);
+	if (r->uri) {
+		g_free (r->uri->type);
+		g_free (r->uri->host);
+		g_free (r->uri->name);
+	}
+	g_free (r->charset);
+	g_free (r->authzid);
+	g_free (r->param);
+	g_free (r);
+	
+	g_free (sasl->priv);
+}
+
+
+CamelType
+camel_sasl_digest_md5_get_type (void)
+{
+	static CamelType type = CAMEL_INVALID_TYPE;
+	
+	if (type == CAMEL_INVALID_TYPE) {
+		type = camel_type_register (camel_sasl_get_type (),
+					    "CamelSaslDigestMd5",
+					    sizeof (CamelSaslDigestMd5),
+					    sizeof (CamelSaslDigestMd5Class),
+					    (CamelObjectClassInitFunc) camel_sasl_digest_md5_class_init,
+					    NULL,
+					    (CamelObjectInitFunc) camel_sasl_digest_md5_init,
+					    (CamelObjectFinalizeFunc) camel_sasl_digest_md5_finalize);
+	}
+	
+	return type;
+}
+
+static void
+decode_lwsp (const char **in)
+{
+	const char *inptr = *in;
+	
+	while (isspace (*inptr))
+		inptr++;
+	
+	*in = inptr;
+}
+
+static char *
+decode_quoted_string (const char **in)
+{
+	const char *inptr = *in;
+	char *out = NULL, *outptr;
+	int outlen;
+	int c;
+	
+	decode_lwsp (&inptr);
+	if (*inptr == '"') {
+		const char *intmp;
+		int skip = 0;
+		
+		/* first, calc length */
+		inptr++;
+		intmp = inptr;
+		while ((c = *intmp++) && c != '"') {
+			if (c == '\\' && *intmp) {
+				intmp++;
+				skip++;
+			}
+		}
+		
+		outlen = intmp - inptr - skip;
+		out = outptr = g_malloc (outlen + 1);
+		
+		while ((c = *inptr++) && c != '"') {
+			if (c == '\\' && *inptr) {
+				c = *inptr++;
+			}
+			*outptr++ = c;
+		}
+		*outptr = 0;
+	}
+	
+	*in = inptr;
+	
+	return out;
+}
+
+static char *
+decode_token (const char **in)
+{
+	const char *inptr = *in;
+	const char *start;
+	
+	decode_lwsp (&inptr);
+	start = inptr;
+	
+	while (*inptr && *inptr != '=' && *inptr != ',')
+		inptr++;
+	
+	if (inptr > start) {
+		*in = inptr;
+		return g_strndup (start, inptr - start);
+	} else {
+		return NULL;
+	}
+}
+
+static char *
+decode_value (const char **in)
+{
+	const char *inptr = *in;
+	
+	decode_lwsp (&inptr);
+	if (*inptr == '"') {
+		d(printf ("decoding quoted string token\n"));
+		return decode_quoted_string (in);
+	} else {
+		d(printf ("decoding string token\n"));
+		return decode_token (in);
+	}
+}
+
+static GList *
+parse_param_list (const char *tokens)
+{
+	GList *params = NULL;
+	struct _param *param;
+	const char *ptr;
+	
+	for (ptr = tokens; ptr && *ptr; ) {
+		param = g_new0 (struct _param, 1);
+		param->name = decode_token (&ptr);
+		if (*ptr == '=') {
+			ptr++;
+			param->value = decode_value (&ptr);
+		}
+		
+		params = g_list_prepend (params, param);
+		
+		if (*ptr == ',')
+			ptr++;
+	}
+	
+	return params;
+}
+
+static guint
+decode_data_type (DataType *dtype, const char *name)
+{
+	int i;
+	
+	for (i = 0; dtype[i].name; i++) {
+		if (!g_strcasecmp (dtype[i].name, name))
+			break;
+	}
+	
+	return dtype[i].type;
+}
+
+#define get_digest_arg(name) decode_data_type (digest_args, name)
+#define decode_qop(name)     decode_data_type (qop_types, name)
+#define decode_cipher(name)  decode_data_type (cipher_types, name)
+
+static const char *
+type_to_string (DataType *dtype, guint type)
+{
+	int i;
+	
+	for (i = 0; dtype[i].name; i++) {
+		if (dtype[i].type == type)
+			break;
+	}
+	
+	return dtype[i].name;
+}
+
+#define qop_to_string(type)    type_to_string (qop_types, type)
+#define cipher_to_string(type) type_to_string (cipher_types, type)
+
+static void
+digest_abort (gboolean *have_type, gboolean *abort)
+{
+	if (*have_type)
+		*abort = TRUE;
+	*have_type = TRUE;
+}
+
+static struct _DigestChallenge *
+parse_server_challenge (const char *tokens, gboolean *abort)
+{
+	struct _DigestChallenge *challenge = NULL;
+	GList *params, *p;
+	const char *ptr;
+#ifdef PARANOID
+	gboolean got_algorithm = FALSE;
+	gboolean got_stale = FALSE;
+	gboolean got_maxbuf = FALSE;
+	gboolean got_charset = FALSE;
+#endif /* PARANOID */
+	
+	params = parse_param_list (tokens);
+	if (!params) {
+		*abort = TRUE;
+		return NULL;
+	}
+	
+	*abort = FALSE;
+	
+	challenge = g_new0 (struct _DigestChallenge, 1);
+	challenge->realms = g_ptr_array_new ();
+	challenge->maxbuf = 65536;
+	
+	for (p = params; p; p = p->next) {
+		struct _param *param = p->data;
+		int type;
+		
+		type = get_digest_arg (param->name);
+		switch (type) {
+		case DIGEST_REALM:
+			for (ptr = param->value; ptr && *ptr; ) {
+				char *token;
+				
+				token = decode_token (&ptr);
+				if (token)
+					g_ptr_array_add (challenge->realms, token);
+				
+				if (*ptr == ',')
+					ptr++;
+			}
+			g_free (param->value);
+			g_free (param->name);
+			g_free (param);
+			break;
+		case DIGEST_NONCE:
+			g_free (challenge->nonce);
+			challenge->nonce = param->value;
+			g_free (param->name);
+			g_free (param);
+			break;
+		case DIGEST_QOP:
+			for (ptr = param->value; ptr && *ptr; ) {
+				char *token;
+				
+				token = decode_token (&ptr);
+				if (token)
+					challenge->qop |= decode_qop (token);
+				
+				if (*ptr == ',')
+					ptr++;
+			}
+			
+			if (challenge->qop & QOP_INVALID)
+				challenge->qop = QOP_INVALID;
+			g_free (param->value);
+			g_free (param->name);
+			g_free (param);
+			break;
+		case DIGEST_STALE:
+			PARANOID (digest_abort (&got_stale, abort));
+			if (!g_strcasecmp (param->value, "true"))
+				challenge->stale = TRUE;
+			else
+				challenge->stale = FALSE;
+			g_free (param->value);
+			g_free (param->name);
+			g_free (param);
+			break;
+		case DIGEST_MAXBUF:
+			PARANOID (digest_abort (&got_maxbuf, abort));
+			challenge->maxbuf = atoi (param->value);
+			g_free (param->value);
+			g_free (param->name);
+			g_free (param);
+			break;
+		case DIGEST_CHARSET:
+			PARANOID (digest_abort (&got_charset, abort));
+			g_free (challenge->charset);
+			challenge->charset = param->value;
+			g_free (param->name);
+			g_free (param);
+			break;
+		case DIGEST_ALGORITHM:
+			PARANOID (digest_abort (&got_algorithm, abort));
+			g_free (challenge->algorithm);
+			challenge->algorithm = param->value;
+			g_free (param->name);
+			g_free (param);
+			break;
+		case DIGEST_CIPHER:
+			for (ptr = param->value; ptr && *ptr; ) {
+				char *token;
+				
+				token = decode_token (&ptr);
+				if (token)
+					challenge->cipher |= decode_cipher (token);
+				
+				if (*ptr == ',')
+					ptr++;
+			}
+			if (challenge->cipher & CIPHER_INVALID)
+				challenge->cipher = CIPHER_INVALID;
+			g_free (param->value);
+			g_free (param->name);
+			g_free (param);
+			break;
+		default:
+			challenge->params = g_list_prepend (challenge->params, param);
+			break;
+		}
+	}
+	
+	g_list_free (params);
+	
+	return challenge;
+}
+
+static void
+digest_hex (guchar *digest, guchar hex[33])
+{
+	guchar *s, *p;
+	
+	/* lowercase hexify that bad-boy... */
+	for (s = digest, p = hex; p < hex + 32; s++, p += 2)
+		sprintf (p, "%.2x", *s);
+}
+
+static void
+digest_kd (const char *k, const char *s, guchar digest[16])
+{
+	char *str;
+	
+	str = g_strdup_printf ("%s:%s", k, s);
+	md5_get_digest (str, strlen (str), digest);
+	g_free (str);
+}
+
+static char *
+digest_uri_to_string (struct _DigestURI *uri)
+{
+	if (uri->name)
+		return g_strdup_printf ("%s/%s/%s", uri->type, uri->host, uri->name);
+	else
+		return g_strdup_printf ("%s/%s", uri->type, uri->host);
+}
+
+static void
+compute_response (struct _DigestResponse *resp, const char *passwd, gboolean client, guchar out[33])
+{
+	guchar hex_a1[33], hex_a2[33];
+	GByteArray *buffer;
+	guchar digest[16];
+	char *buf;
+	
+	/* compute A1 */
+	buf = g_strdup_printf ("%s:%s:%s", resp->username, resp->realm, passwd);
+	md5_get_digest (buf, strlen (buf), digest);
+	g_free (buf);
+	if (resp->authzid)
+		buf = g_strdup_printf (":%s:%s:%s", resp->nonce, resp->cnonce, resp->authzid);
+	else
+		buf = g_strdup_printf (":%s:%s", resp->nonce, resp->cnonce);
+	buffer = g_byte_array_new ();
+	g_byte_array_append (buffer, digest, 16);
+	g_byte_array_append (buffer, buf, strlen (buf));
+	g_free (buf);
+	
+	/* now hash and hex A1 */
+	md5_get_digest (buffer->data, buffer->len, digest);
+	g_byte_array_free (buffer, TRUE);
+	digest_hex (digest, hex_a1);
+	
+	/* compute A2 */
+	buffer = g_byte_array_new ();
+	if (client) {
+		g_byte_array_append (buffer, "AUTHENTICATE:", strlen ("AUTHENTICATE:"));
+		buf = digest_uri_to_string (resp->uri);
+		g_byte_array_append (buffer, buf, strlen (buf));
+		g_free (buf);
+	} else {
+		/* we are calculating the server rspauth */
+		g_byte_array_append (buffer, ":", 1);
+		buf = digest_uri_to_string (resp->uri);
+		g_byte_array_append (buffer, buf, strlen (buf));
+		g_free (buf);
+	}
+	
+	if (resp->qop == QOP_AUTH_INT || resp->qop == QOP_AUTH_CONF)
+		g_byte_array_append (buffer, ":00000000000000000000000000000000",
+				     strlen (":00000000000000000000000000000000"));
+	/* now hash and hex A2 */
+	md5_get_digest (buffer->data, buffer->len, digest);
+	g_byte_array_free (buffer, TRUE);
+	digest_hex (digest, hex_a2);
+	
+	/* compute KD */
+	buf = g_strdup_printf ("%s:%s:%s:%s:%s", resp->nonce, resp->nc, resp->cnonce,
+			       qop_to_string (resp->qop), hex_a2);
+	digest_kd (hex_a1, buf, digest);
+	digest_hex (digest, out);
+	g_free (buf);
+}
+
+static struct _DigestResponse *
+generate_response (struct _DigestChallenge *challenge, struct hostent *host,
+		   const char *protocol, const char *user, const char *passwd)
+{
+	struct _DigestResponse *resp;
+	struct _DigestURI *uri;
+	char *bgen, digest[16];
+	
+	resp = g_new0 (struct _DigestResponse, 1);
+	resp->username = g_strdup (user);
+	/* FIXME: we should use the preferred realm */
+	if (challenge->realms)
+		resp->realm = g_strdup (challenge->realms->pdata[0]);
+	else
+		resp->realm = g_strdup ("");
+	
+	resp->nonce = g_strdup (challenge->nonce);
+	
+	/* generate the cnonce */
+	bgen = g_strdup_printf ("%p:%lu:%lu", resp,
+				(unsigned long) getpid (),
+				(unsigned long) time (0));
+	md5_get_digest (bgen, strlen (bgen), digest);
+	g_free (bgen);
+	/* take our recommended 64 bits of entropy */
+	resp->cnonce = base64_encode_simple (digest, 8);
+	
+	/* we don't support re-auth so the nonce count is always 1 */
+	strcpy (resp->nc, "00000001");
+	
+	/* choose the QOP */
+	/* FIXME: choose - probably choose "auth" ??? */
+	resp->qop = QOP_AUTH;
+	
+	/* create the URI */
+	uri = g_new0 (struct _DigestURI, 1);
+	uri->type = g_strdup (protocol);
+	uri->host = g_strdup (host->h_name);
+	uri->name = NULL;
+	resp->uri = uri;
+	
+	/* charsets... yay */
+	if (challenge->charset) {
+		resp->charset = NULL;
+	}
+	
+	resp->cipher = CIPHER_INVALID;
+	if (resp->qop == QOP_AUTH_CONF) {
+		/* FIXME: choose a cipher */
+		resp->cipher = CIPHER_INVALID;
+	}
+	
+	/* we don't really care about this... */
+	resp->authzid = NULL;
+	
+	compute_response (resp, passwd, TRUE, resp->resp);
+	
+	return resp;
+}
+
+static GByteArray *
+digest_response (struct _DigestResponse *resp)
+{
+	GByteArray *buffer;
+	const char *str;
+	char *buf;
+	
+	buffer = g_byte_array_new ();
+	g_byte_array_append (buffer, "username=\"", 10);
+	g_byte_array_append (buffer, resp->username, strlen (resp->username));
+	
+	g_byte_array_append (buffer, "\",realm=\"", 9);
+	g_byte_array_append (buffer, resp->realm, strlen (resp->realm));
+	
+	g_byte_array_append (buffer, "\",nonce=\"", 9);
+	g_byte_array_append (buffer, resp->nonce, strlen (resp->nonce));
+	
+	g_byte_array_append (buffer, "\",cnonce=\"", 10);
+	g_byte_array_append (buffer, resp->cnonce, strlen (resp->cnonce));
+	
+	g_byte_array_append (buffer, "\",nc=", 5);
+	g_byte_array_append (buffer, resp->nc, 8);
+	
+	g_byte_array_append (buffer, ",qop=\"", 6);
+	str = qop_to_string (resp->qop);
+	g_byte_array_append (buffer, str, strlen (str));
+	
+	g_byte_array_append (buffer, "\",digest-uri=\"", 14);
+	buf = digest_uri_to_string (resp->uri);
+	g_byte_array_append (buffer, buf, strlen (buf));
+	g_free (buf);
+	
+	g_byte_array_append (buffer, "\",response=\"", 12);
+	g_byte_array_append (buffer, resp->resp, 32);
+	g_byte_array_append (buffer, "\"", 1);
+	
+	if (resp->maxbuf > 0) {
+		g_byte_array_append (buffer, ",maxbuf=", 8);
+		buf = g_strdup_printf ("%d", resp->maxbuf);
+		g_byte_array_append (buffer, buf, strlen (buf));
+		g_free (buf);
+	}
+	
+	if (resp->charset) {
+		g_byte_array_append (buffer, ",charset=\"", 10);
+		g_byte_array_append (buffer, resp->charset, strlen (resp->charset));
+		g_byte_array_append (buffer, "\"", 1);
+	}
+	
+	if (resp->cipher != CIPHER_INVALID) {
+		str = cipher_to_string (resp->cipher);
+		if (str) {
+			g_byte_array_append (buffer, ",cipher=\"", 9);
+			g_byte_array_append (buffer, str, strlen (str));
+			g_byte_array_append (buffer, "\"", 1);
+		}
+	}
+	
+	if (resp->authzid) {
+		g_byte_array_append (buffer, ",authzid=\"", 10);
+		g_byte_array_append (buffer, resp->authzid, strlen (resp->authzid));
+		g_byte_array_append (buffer, "\"", 1);
+	}
+	
+	return buffer;
+}
+
+static GByteArray *
+digest_md5_challenge (CamelSasl *sasl, GByteArray *token, CamelException *ex)
+{
+	CamelSaslDigestMd5 *sasl_digest = CAMEL_SASL_DIGEST_MD5 (sasl);
+	struct _CamelSaslDigestMd5Private *priv = sasl_digest->priv;
+	struct _param *rspauth;
+	GByteArray *ret = NULL;
+	gboolean abort = FALSE;
+	struct hostent *h;
+	const char *ptr;
+	guchar out[33];
+	char *tokens;
+	
+	/* Need to wait for the server */
+	if (!token)
+		return NULL;
+	
+	g_return_val_if_fail (sasl->service->url->passwd != NULL, NULL);
+	
+	switch (priv->state) {
+	case STATE_AUTH:
+		if (token->len > 2048) {
+			camel_exception_setv (ex, CAMEL_EXCEPTION_SERVICE_CANT_AUTHENTICATE,
+					      _("Server challenge too long (>2048 octets)\n"));
+			return NULL;
+		}
+		
+		tokens = g_strndup (token->data, token->len);
+		priv->challenge = parse_server_challenge (tokens, &abort);
+		g_free (tokens);
+		if (!priv->challenge || abort) {
+			camel_exception_setv (ex, CAMEL_EXCEPTION_SERVICE_CANT_AUTHENTICATE,
+					      _("Server challenge invalid\n"));
+			return NULL;
+		}
+		
+		if (priv->challenge->qop == QOP_INVALID) {
+			camel_exception_setv (ex, CAMEL_EXCEPTION_SERVICE_CANT_AUTHENTICATE,
+					      _("Server challenge contained invalid "
+						"\"Quality of Protection\" token\n"));
+			return NULL;
+		}
+		
+		h = camel_service_gethost (sasl->service, ex);
+		priv->response = generate_response (priv->challenge, h, sasl->service_name,
+						    sasl->service->url->user,
+						    sasl->service->url->passwd);
+		
+		ret = digest_response (priv->response);
+		
+		break;
+	case STATE_FINAL:
+		if (token->len)
+			tokens = g_strndup (token->data, token->len);
+		else
+			tokens = NULL;
+		
+		if (!tokens || !*tokens) {
+			g_free (tokens);
+			camel_exception_setv (ex, CAMEL_EXCEPTION_SERVICE_CANT_AUTHENTICATE,
+					      _("Server response did not contain authorization data\n"));
+			return NULL;
+		}
+		
+		rspauth = g_new0 (struct _param, 1);
+		
+		ptr = tokens;
+		rspauth->name = decode_token (&ptr);
+		if (*ptr == '=') {
+			ptr++;
+			rspauth->value = decode_value (&ptr);
+		}
+		g_free (tokens);
+		
+		if (!rspauth->value) {
+			g_free (rspauth->name);
+			g_free (rspauth);
+			camel_exception_setv (ex, CAMEL_EXCEPTION_SERVICE_CANT_AUTHENTICATE,
+					      _("Server response contained incomplete authorization data\n"));
+			return NULL;
+		}
+		
+		compute_response (priv->response, sasl->service->url->passwd, FALSE, out);
+		if (memcmp (out, rspauth->value, 32) != 0) {
+			g_free (rspauth->name);
+			g_free (rspauth->value);
+			g_free (rspauth);
+			camel_exception_setv (ex, CAMEL_EXCEPTION_SERVICE_CANT_AUTHENTICATE,
+					      _("Server response does not match\n"));
+			sasl->authenticated = TRUE;
+			
+			return NULL;
+		}
+		
+		g_free (rspauth->name);
+		g_free (rspauth->value);
+		g_free (rspauth);
+		
+		ret = g_byte_array_new ();
+		
+		sasl->authenticated = TRUE;
+	default:
+		break;
+	}
+	
+	priv->state++;
+	
+	return ret;
+}
diff --git a/camel/camel-sasl-digest-md5.h b/camel/camel-sasl-digest-md5.h
new file mode 100644
index 0000000000..b825f2a012
--- /dev/null
+++ b/camel/camel-sasl-digest-md5.h
@@ -0,0 +1,62 @@
+/* -*- Mode: C; tab-width: 8; indent-tabs-mode: t; c-basic-offset: 8 -*- */
+/*
+ *  Authors: Jeffrey Stedfast <fejj@ximian.com>
+ *
+ *  Copyright 2001 Ximian, Inc. (www.ximian.com)
+ *
+ *  This program is free software; you can redistribute it and/or modify
+ *  it under the terms of the GNU General Public License as published by
+ *  the Free Software Foundation; either version 2 of the License, or
+ *  (at your option) any later version.
+ *
+ *  This program is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU General Public License for more details.
+ *
+ *  You should have received a copy of the GNU General Public License
+ *  along with this program; if not, write to the Free Software
+ *  Foundation, Inc., 59 Temple Street #330, Boston, MA 02111-1307, USA.
+ *
+ */
+
+#ifndef CAMEL_SASL_DIGEST_MD5_H
+#define CAMEL_SASL_DIGEST_MD5_H
+
+#ifdef __cplusplus
+extern "C" {
+#pragma }
+#endif /* __cplusplus }*/
+
+#include <camel/camel-sasl.h>
+#include <sys/types.h>
+#include <netdb.h>
+
+#define CAMEL_SASL_DIGEST_MD5_TYPE     (camel_sasl_digest_md5_get_type ())
+#define CAMEL_SASL_DIGEST_MD5(obj)     (CAMEL_CHECK_CAST((obj), CAMEL_SASL_DIGEST_MD5_TYPE, CamelSaslDigestMd5))
+#define CAMEL_SASL_DIGEST_MD5_CLASS(k) (CAMEL_CHECK_CLASS_CAST ((k), CAMEL_SASL_DIGEST_MD5_TYPE, CamelSaslDigestMd5Class))
+#define CAMEL_IS_SASL_DIGEST_MD5(o)    (CAMEL_CHECK_TYPE((o), CAMEL_SASL_DIGEST_MD5_TYPE))
+
+typedef struct _CamelSaslDigestMd5 {
+	CamelSasl parent_object;
+	struct _CamelSaslDigestMd5Private *priv;
+	
+} CamelSaslDigestMd5;
+
+
+typedef struct _CamelSaslDigestMd5Class {
+	CamelSaslClass parent_class;
+	
+} CamelSaslDigestMd5Class;
+
+
+/* Standard Camel function */
+CamelType camel_sasl_digest_md5_get_type (void);
+
+extern CamelServiceAuthType camel_sasl_digest_md5_authtype;
+
+#ifdef __cplusplus
+}
+#endif /* __cplusplus */
+
+#endif /* CAMEL_SASL_DIGEST_MD5_H */
diff --git a/camel/camel-sasl.c b/camel/camel-sasl.c
index 1e7fc9108c..d4590c5325 100644
--- a/camel/camel-sasl.c
+++ b/camel/camel-sasl.c
@@ -26,6 +26,7 @@
 #include "camel-service.h"
 
 #include "camel-sasl-cram-md5.h"
+#include "camel-sasl-digest-md5.h"
 #include "camel-sasl-kerberos4.h"
 #include "camel-sasl-plain.h"
 
@@ -180,6 +181,8 @@ camel_sasl_new (const char *service_name, const char *mechanism, CamelService *s
 
 	if (!strcmp (mechanism, "CRAM-MD5"))
 		sasl = (CamelSasl *)camel_object_new (CAMEL_SASL_CRAM_MD5_TYPE);
+	else if (!strcmp (mechanism, "DIGEST-MD5"))
+		sasl = (CamelSasl *)camel_object_new (CAMEL_SASL_DIGEST_MD5_TYPE);
 #ifdef HAVE_KRB4
 	else if (!strcmp (mechanism, "KERBEROS_V4"))
 		sasl = (CamelSasl *)camel_object_new (CAMEL_SASL_KERBEROS4_TYPE);
@@ -212,6 +215,7 @@ camel_sasl_authtype_list (void)
 	 */
 
 	types = g_list_prepend (types, &camel_sasl_cram_md5_authtype);
+	types = g_list_prepend (types, &camel_sasl_digest_md5_authtype);
 #ifdef HAVE_KRB4
 	types = g_list_prepend (types, &camel_sasl_kerberos4_authtype);
 #endif
@@ -231,6 +235,8 @@ camel_sasl_authtype (const char *mechanism)
 {
 	if (!strcmp (mechanism, "CRAM-MD5"))
 		return &camel_sasl_cram_md5_authtype;
+	else if (!strcmp (mechanism, "DIGEST-MD5"))
+		return &camel_sasl_digest_md5_authtype;
 #ifdef HAVE_KRB4
 	else if (!strcmp (mechanism, "KERBEROS_V4"))
 		return &camel_sasl_kerberos4_authtype;