[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
CVS gsasl/lib/plain
From: |
gsasl-commit |
Subject: |
CVS gsasl/lib/plain |
Date: |
Mon, 20 Dec 2004 02:54:55 +0100 |
Update of /home/cvs/gsasl/lib/plain
In directory dopio:/tmp/cvs-serv4593
Modified Files:
server.c
Log Message:
Reject invalid input.
More SASLprep.
--- /home/cvs/gsasl/lib/plain/server.c 2004/12/20 01:33:39 1.14
+++ /home/cvs/gsasl/lib/plain/server.c 2004/12/20 01:54:54 1.15
@@ -39,11 +39,10 @@
const char *input, size_t input_len,
char **output, size_t * output_len)
{
- const char *authorization_id = NULL;
- char *authentication_id = NULL;
+ const char *authzidptr = input;
+ char *authidptr = NULL;
char *passwordptr = NULL;
- char *password = NULL;
- char *passprep;
+ char *passwdz = NULL, *passprep = NULL, *authidprep = NULL;
int res;
*output_len = 0;
@@ -52,66 +51,78 @@
if (input_len == 0)
return GSASL_NEEDS_MORE;
- authorization_id = input;
- authentication_id = memchr (input, 0, input_len);
- if (authentication_id)
- {
- authentication_id++;
- passwordptr = memchr (authentication_id, 0,
- input_len - strlen (authorization_id) - 1);
- if (passwordptr != NULL)
- passwordptr++;
- }
+ /* Parse input. */
+ {
+ authidptr = memchr (input, 0, input_len - 1);
+ if (authidptr)
+ {
+ authidptr++;
+ passwordptr = memchr (authidptr, 0, input_len - strlen (input) - 1);
+ if (passwordptr)
+ passwordptr++;
+ else
+ return GSASL_MECHANISM_PARSE_ERROR;
+ }
+ else
+ return GSASL_MECHANISM_PARSE_ERROR;
+
+ /* As the NUL (U+0000) character is used as a deliminator, the NUL
+ (U+0000) character MUST NOT appear in authzid, authcid, or passwd
+ productions. */
+ if (memchr (passwordptr, 0, input_len - (passwordptr - input)))
+ return GSASL_MECHANISM_PARSE_ERROR;
+ }
+
+ /* Remember authzid, authid, and password. Authid and password need
+ to be prepared. */
+ {
+ gsasl_property_set (sctx, GSASL_AUTHZID, authzidptr);
+
+ /* FIXME: Specificaiton is unclear on whether unassigned code
+ points are allowed or not. We don't allow them. */
+ res = gsasl_saslprep (authidptr, 0, &authidprep, NULL);
+ if (res != GSASL_OK)
+ return res;
+
+ gsasl_property_set (sctx, GSASL_AUTHID, authidprep);
+
+ free (authidprep);
+
+ /* Need to zero terminate password... */
+ passwdz = malloc (input_len - (passwordptr - input) + 1);
+ if (passwdz == NULL)
+ return GSASL_MALLOC_ERROR;
+ memcpy (passwdz, passwordptr, input_len - (passwordptr - input));
+ passwdz[input_len - (passwordptr - input)] = '\0';
+
+ /* FIXME: Specificaiton is unclear on whether unassigned code
+ points are allowed or not. We don't allow them. */
+ res = gsasl_saslprep (passwdz, 0, &passprep, NULL);
+ free (passwdz);
+ if (res != GSASL_OK)
+ return res;
- if (passwordptr == NULL)
- return GSASL_MECHANISM_PARSE_ERROR;
-
- /* As the NUL (U+0000) character is used as a deliminator, the NUL
- (U+0000) character MUST NOT appear in authzid, authcid, or passwd
- productions. */
- if (memchr (passwordptr, 0, input_len - (passwordptr - input)))
- return GSASL_MECHANISM_PARSE_ERROR;
-
- password = malloc (input_len - (passwordptr - input) + 1);
- if (password == NULL)
- return GSASL_MALLOC_ERROR;
- memcpy (password, passwordptr, input_len - (passwordptr - input));
- password[input_len - (passwordptr - input)] = '\0';
-
- /* FIXME: Specificaiton is unclear on whether unassigned code
- points are allowed or not. We don't allow them. */
- res = gsasl_saslprep (password, 0, &passprep, NULL);
- free (password);
- if (res != GSASL_OK)
- return res;
-
- gsasl_property_set (sctx, GSASL_AUTHID, authentication_id);
- gsasl_property_set (sctx, GSASL_AUTHZID, authorization_id);
- gsasl_property_set (sctx, GSASL_PASSWORD, passprep);
+ gsasl_property_set (sctx, GSASL_PASSWORD, passprep);
+ }
+ /* Authorization. Let application verify credentials internally,
+ but fall back to deal with it locally...*/
res = gsasl_callback (NULL, sctx, GSASL_VALIDATE_SIMPLE);
if (res == GSASL_NO_CALLBACK)
{
const char *key;
char *normkey;
- gsasl_property_set (sctx, GSASL_PASSWORD, NULL);
-
- key = gsasl_property_get (sctx, GSASL_PASSWORD);
+ gsasl_callback (sctx, GSASL_PASSWORD);
+ key = gsasl_property_fast (sctx, GSASL_PASSWORD);
if (!key)
- {
- free (passprep);
- return GSASL_NO_PASSWORD;
- }
+ return GSASL_NO_PASSWORD;
/* FIXME: Specification is unclear on whether unassigned code
points are allowed or not. We don't allow them. */
res = gsasl_saslprep (key, 0, &normkey, NULL);
if (res != GSASL_OK)
- {
- free (passprep);
- return res;
- }
+ return res;
if (strlen (passprep) == strlen (normkey) &&
memcmp (normkey, passprep, strlen (normkey)) == 0)
@@ -120,7 +131,6 @@
res = GSASL_AUTHENTICATION_ERROR;
free (normkey);
}
- free (passprep);
return res;
}
- CVS gsasl/lib/plain, gsasl-commit, 2004/12/14
- CVS gsasl/lib/plain, gsasl-commit, 2004/12/14
- CVS gsasl/lib/plain, gsasl-commit, 2004/12/19
- CVS gsasl/lib/plain, gsasl-commit, 2004/12/19
- CVS gsasl/lib/plain, gsasl-commit, 2004/12/19
- CVS gsasl/lib/plain,
gsasl-commit <=
- CVS gsasl/lib/plain, gsasl-commit, 2004/12/19
- CVS gsasl/lib/plain, gsasl-commit, 2004/12/19
- CVS gsasl/lib/plain, gsasl-commit, 2004/12/19
- CVS gsasl/lib/plain, gsasl-commit, 2004/12/19
- CVS gsasl/lib/plain, gsasl-commit, 2004/12/19
- CVS gsasl/lib/plain, gsasl-commit, 2004/12/26