gsasl-commit
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

CVS gsasl/lib/cram-md5

From: gsasl-commit
Subject: CVS gsasl/lib/cram-md5
Date: Tue, 21 Sep 2004 03:46:59 +0200 
Update of /home/cvs/gsasl/lib/cram-md5
In directory dopio:/tmp/cvs-serv17443/lib/cram-md5

Modified Files:
        cram-md5.h server.c 
Log Message:
Make CRAM-MD5 server use new allocating output.
Use digest.* in CRAM-MD5 server.
Use new callback interface in CRAM-MD5 server (means dropping support
for validation of CRAM-MD5 hashes within application, will anyone miss it?).


--- /home/cvs/gsasl/lib/cram-md5/cram-md5.h     2004/09/21 01:29:14     1.5
+++ /home/cvs/gsasl/lib/cram-md5/cram-md5.h     2004/09/21 01:46:59     1.6
@@ -20,8 +20,8 @@
  *
  */
 
-#ifndef _CRAM_MD5_H
-#define _CRAM_MD5_H
+#ifndef CRAM_MD5_H
+#define CRAM_MD5_H
 
 #include "internal.h"
 
@@ -38,10 +38,9 @@
                                         void **mech_data);
 extern int _gsasl_cram_md5_server_step (Gsasl_session_ctx * sctx,
                                        void *mech_data,
-                                       const char *input,
-                                       size_t input_len,
-                                       char *output, size_t * output_len);
+                                       const char *input, size_t input_len,
+                                       char **output, size_t * output_len);
 extern int _gsasl_cram_md5_server_finish (Gsasl_session_ctx * sctx,
                                          void *mech_data);
 
-#endif /* _CRAM_MD5_H */
+#endif /* CRAM_MD5_H */
--- /home/cvs/gsasl/lib/cram-md5/server.c       2004/09/18 17:29:39     1.2
+++ /home/cvs/gsasl/lib/cram-md5/server.c       2004/09/21 01:46:59     1.3
@@ -25,23 +25,17 @@
 /* Get cram_md5_challenge. */
 #include "challenge.h"
 
+/* Get cram_md5_digest. */
+#include "digest.h"
+
 #define MD5LEN 16
 #define HEXCHAR(c) ((c & 0x0F) > 9 ? 'a' + (c & 0x0F) - 10 : '0' + (c & 0x0F))
 
 int
 _gsasl_cram_md5_server_start (Gsasl_session_ctx * sctx, void **mech_data)
 {
-  Gsasl_ctx *ctx;
   char *challenge;
 
-  ctx = gsasl_server_ctx_get (sctx);
-  if (ctx == NULL)
-    return GSASL_CANNOT_GET_CTX;
-
-  if (gsasl_server_callback_cram_md5_get (ctx) == NULL &&
-      gsasl_server_callback_retrieve_get (ctx) == NULL)
-    return GSASL_NEED_SERVER_CRAM_MD5_CALLBACK;
-
   challenge = malloc (CRAM_MD5_CHALLENGE_LEN);
   if (challenge == NULL)
     return GSASL_MALLOC_ERROR;
@@ -56,25 +50,21 @@
 int
 _gsasl_cram_md5_server_step (Gsasl_session_ctx * sctx,
                             void *mech_data,
-                            const char *input,
-                            size_t input_len,
-                            char *output, size_t * output_len)
+                            const char *input, size_t input_len,
+                            char **output, size_t * output_len)
 {
   char *challenge = mech_data;
-  Gsasl_server_callback_cram_md5 cb_cram_md5;
-  Gsasl_server_callback_retrieve cb_retrieve;
+  char hash[CRAM_MD5_DIGEST_LEN];
+  const char *password;
   char *username = NULL;
-  char *key = NULL;
-  Gsasl_ctx *ctx;
   int res = GSASL_OK;
+  char *normkey;
+  int i;
 
   if (input_len == 0)
     {
-      if (*output_len < strlen (challenge))
-       return GSASL_TOO_SMALL_BUFFER;
-
       *output_len = strlen (challenge);
-      memcpy (output, challenge, *output_len);
+      *output = strdup (challenge);
 
       return GSASL_NEEDS_MORE;
     }
@@ -85,93 +75,35 @@
   if (input[input_len - MD5LEN * 2 - 1] != ' ')
     return GSASL_MECHANISM_PARSE_ERROR;
 
-  ctx = gsasl_server_ctx_get (sctx);
-  if (ctx == NULL)
-    return GSASL_CANNOT_GET_CTX;
-
-  cb_cram_md5 = gsasl_server_callback_cram_md5_get (ctx);
-  cb_retrieve = gsasl_server_callback_retrieve_get (ctx);
-  if (cb_cram_md5 == NULL && cb_retrieve == NULL)
-    return GSASL_NEED_SERVER_CRAM_MD5_CALLBACK;
-
-  username = (char *) malloc (input_len);
+  username = calloc (1, input_len - MD5LEN * 2);
   if (username == NULL)
     return GSASL_MALLOC_ERROR;
 
-  memcpy (username, input, input_len - MD5LEN * 2);
-  username[input_len - MD5LEN * 2 - 1] = '\0';
-
-  if (cb_cram_md5)
-    {
-      char *response;
-
-      response = (char *) malloc (MD5LEN * 2 + 1);
-      if (response == NULL)
-       {
-         res = GSASL_MALLOC_ERROR;
-         goto done;
-       }
+  memcpy (username, input, input_len - MD5LEN * 2 - 1);
 
-      memcpy (response, input + input_len - MD5LEN * 2, MD5LEN * 2);
-      response[MD5LEN * 2 + 1] = '\0';
+  gsasl_property_set (sctx, GSASL_AUTHID, username);
 
-      res = cb_cram_md5 (sctx, username, challenge, response);
-
-      free (response);
-    }
-  else if (cb_retrieve)
-    {
-      char *hash;
-      size_t keylen;
-      char *normkey;
-      int i;
-
-      res = cb_retrieve (sctx, username, NULL, NULL, NULL, &keylen);
-      if (res != GSASL_OK && res != GSASL_NEEDS_MORE)
-       goto done;
-      key = malloc (keylen + 1);
-      if (key == NULL)
-       {
-         res = GSASL_MALLOC_ERROR;
-         goto done;
-       }
-      res = cb_retrieve (sctx, username, NULL, NULL, key, &keylen);
-      if (res != GSASL_OK && res != GSASL_NEEDS_MORE)
-       goto done;
-      key[keylen] = '\0';
-      normkey = gsasl_stringprep_saslprep (key, NULL);
-      if (normkey == NULL)
-       {
-         res = GSASL_SASLPREP_ERROR;
-         goto done;
-       }
-
-      res = gsasl_hmac_md5 (normkey, strlen (normkey),
-                           challenge, strlen (challenge), &hash);
-      free (normkey);
-      if (res != GSASL_OK)
-       {
-         res = GSASL_CRYPTO_ERROR;
-         goto done;
-       }
-
-      res = GSASL_OK;
-      for (i = 0; i < MD5LEN; i++)
-       if ((input[input_len - MD5LEN * 2 + 2 * i + 1] !=
-            HEXCHAR (hash[i])) ||
-           (input[input_len - MD5LEN * 2 + 2 * i + 0] !=
-            HEXCHAR (hash[i] >> 4)))
-         res = GSASL_AUTHENTICATION_ERROR;
+  free (username);
 
-      free (hash);
-    }
+  password = gsasl_property_get (sctx, GSASL_PASSWORD);
+  if (!password)
+    return GSASL_NO_PASSWORD;
+
+  normkey = gsasl_stringprep_saslprep (password, NULL);
+  if (normkey == NULL)
+    return GSASL_SASLPREP_ERROR;
+
+  cram_md5_digest (challenge, strlen (challenge),
+                  normkey, strlen (normkey), hash);
+
+  if (memcmp (&input[input_len - MD5LEN * 2], hash, 2 * MD5LEN) == 0)
+    res = GSASL_OK;
+  else
+    res = GSASL_AUTHENTICATION_ERROR;
 
-  free (username);
-  if (key)
-    free (key);
   *output_len = 0;
+  *output = NULL;
 
-done:
   return res;
 }
reply via email to
[Prev in Thread] Current Thread [Next in Thread]