[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[SCM] GNU gsasl branch, master, updated. gsasl-1-2-41-ga5553c8
|
From: |
Simon Josefsson |
|
Subject: |
[SCM] GNU gsasl branch, master, updated. gsasl-1-2-41-ga5553c8 |
|
Date: |
Wed, 09 Sep 2009 14:31:40 +0000 |
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GNU gsasl".
http://git.savannah.gnu.org/cgit/gsasl.git/commit/?id=a5553c823b16d9bc95ad41b1d4b4987e4925f521
The branch, master has been updated
via a5553c823b16d9bc95ad41b1d4b4987e4925f521 (commit)
via 44ae09bcdaf8de6f53eac00e0472ee2b8e766d7d (commit)
via 2e094531a2ccb5fdcbe2df07973e3c3883c02edc (commit)
via c54ddc00582586de62f24806f879a866d954cbfe (commit)
from 4a0a985e1871a44a6ad55ae1da36c9031e093ad0 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit a5553c823b16d9bc95ad41b1d4b4987e4925f521
Author: Simon Josefsson <address@hidden>
Date: Wed Sep 9 16:31:35 2009 +0200
Improve SCRAM, client now sends first token.
commit 44ae09bcdaf8de6f53eac00e0472ee2b8e766d7d
Author: Simon Josefsson <address@hidden>
Date: Wed Sep 9 16:30:41 2009 +0200
Improve SCRAM, client now sends first token.
commit 2e094531a2ccb5fdcbe2df07973e3c3883c02edc
Author: Simon Josefsson <address@hidden>
Date: Wed Sep 9 16:03:55 2009 +0200
Fixes.
commit c54ddc00582586de62f24806f879a866d954cbfe
Author: Simon Josefsson <address@hidden>
Date: Wed Sep 9 15:44:33 2009 +0200
Add check.
-----------------------------------------------------------------------
Summary of changes:
lib/scram/Makefile.am | 2 +-
lib/scram/client.c | 141 +++++++++++++++++++++++++++++++++++++++++++++++++
lib/scram/mechinfo.c | 12 ++---
lib/scram/printer.c | 12 +++--
lib/scram/scram.h | 14 ++++--
lib/scram/validate.c | 9 ++-
6 files changed, 170 insertions(+), 20 deletions(-)
create mode 100644 lib/scram/client.c
diff --git a/lib/scram/Makefile.am b/lib/scram/Makefile.am
index f870b82..f194190 100644
--- a/lib/scram/Makefile.am
+++ b/lib/scram/Makefile.am
@@ -24,7 +24,7 @@ AM_CPPFLAGS = -I$(srcdir)/../src -I../src -I$(srcdir)/../gl
-I../gl
noinst_LTLIBRARIES = libgsasl-scram.la
libgsasl_scram_la_SOURCES = scram.h mechinfo.c \
tokens.h \
- printer.h \
+ printer.h printer.c \
validate.h validate.c
if CLIENT
diff --git a/lib/scram/client.c b/lib/scram/client.c
new file mode 100644
index 0000000..e6f24e9
--- /dev/null
+++ b/lib/scram/client.c
@@ -0,0 +1,141 @@
+/* client.c --- SASL SCRAM client side functions.
+ * Copyright (C) 2009 Simon Josefsson
+ *
+ * This file is part of GNU SASL Library.
+ *
+ * GNU SASL Library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public License
+ * as published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * GNU SASL Library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with GNU SASL Library; if not, write to the Free
+ * Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
+ * Boston, MA 02110-1301, USA.
+ *
+ */
+
+#ifdef HAVE_CONFIG_H
+# include "config.h"
+#endif
+
+/* Get specification. */
+#include "scram.h"
+
+/* Get malloc, free. */
+#include <stdlib.h>
+
+/* Get memcpy, strlen. */
+#include <string.h>
+
+#include "tokens.h"
+#include "printer.h"
+
+#define CNONCE_ENTROPY_BYTES 16
+
+struct scram_client_state
+{
+ int step;
+ char cnonce[CNONCE_ENTROPY_BYTES + 1];
+};
+
+int
+_gsasl_scram_sha1_client_start (Gsasl_session * sctx, void **mech_data)
+{
+ struct scram_client_state *state;
+ size_t i;
+ int rc;
+
+ state = (struct scram_client_state *) malloc (sizeof (*state));
+ if (state == NULL)
+ return GSASL_MALLOC_ERROR;
+
+ state->step = 0;
+
+ rc = gsasl_nonce (state->cnonce, CNONCE_ENTROPY_BYTES);
+ if (rc != GSASL_OK)
+ return rc;
+
+ state->cnonce[CNONCE_ENTROPY_BYTES] = '\0';
+
+ for (i = 0; i < CNONCE_ENTROPY_BYTES; i++)
+ {
+ state->cnonce[i] &= 0x7f;
+
+ if (state->cnonce[i] == '\0')
+ state->cnonce[i]++;
+
+ if (state->cnonce[i] == ',')
+ state->cnonce[i]++;
+ }
+
+ *mech_data = state;
+
+ return GSASL_OK;
+}
+
+int
+_gsasl_scram_sha1_client_step (Gsasl_session * sctx,
+ void *mech_data,
+ const char *input, size_t input_len,
+ char **output, size_t * output_len)
+{
+ struct scram_client_state *state = mech_data;
+ int res = GSASL_MECHANISM_CALLED_TOO_MANY_TIMES;
+
+ switch (state->step)
+ {
+ case 0:
+ {
+ struct scram_client_first cf;
+ const char *p;
+ int rc;
+
+ memset (&cf, 0, sizeof (cf));
+
+ cf.client_nonce = state->cnonce;
+ cf.cbflag = 'n';
+
+ p = gsasl_property_get (sctx, GSASL_AUTHID);
+ if (!p)
+ return GSASL_NO_AUTHID;
+
+ /* XXX Use query strings here? Specification is unclear. */
+ rc = gsasl_saslprep (p, 0, &cf.username, NULL);
+ if (rc != GSASL_OK)
+ return rc;
+
+ rc = scram_print_client_first (&cf, output);
+ if (rc != 0)
+ return GSASL_MALLOC_ERROR;
+
+ *output_len = strlen (*output);
+
+ gsasl_free (cf.username);
+
+ return GSASL_OK;
+ break;
+ }
+
+ default:
+ break;
+ }
+
+ return res;
+}
+
+void
+_gsasl_scram_sha1_client_finish (Gsasl_session * sctx, void *mech_data)
+{
+ struct scram_client_state *state = mech_data;
+
+ if (!state)
+ return;
+
+ free (state);
+}
diff --git a/lib/scram/mechinfo.c b/lib/scram/mechinfo.c
index a48335e..4e71837 100644
--- a/lib/scram/mechinfo.c
+++ b/lib/scram/mechinfo.c
@@ -33,14 +33,16 @@ Gsasl_mechanism gsasl_scram_sha1_mechanism = {
{
NULL,
NULL,
- NULL,
#ifdef USE_CLIENT
- _gsasl_scram_client_step,
+ _gsasl_scram_sha1_client_start,
+ _gsasl_scram_sha1_client_step,
+ _gsasl_scram_sha1_client_finish,
#else
NULL,
-#endif
NULL,
NULL,
+#endif
+ NULL,
NULL
},
{
@@ -62,11 +64,7 @@ Gsasl_mechanism gsasl_scram_sha1_plus_mechanism = {
NULL,
NULL,
NULL,
-#ifdef USE_CLIENT
- _gsasl_scram_client_step,
-#else
NULL,
-#endif
NULL,
NULL,
NULL
diff --git a/lib/scram/printer.c b/lib/scram/printer.c
index de7357a..fda2ca5 100644
--- a/lib/scram/printer.c
+++ b/lib/scram/printer.c
@@ -33,6 +33,9 @@
/* Get asprintf. */
#include <stdio.h>
+/* Get strdup. */
+#include <string.h>
+
/* Get token validator. */
#include "validate.h"
@@ -50,14 +53,13 @@ scram_escape (const char *str)
int
scram_print_client_first (struct scram_client_first *cf, char **out)
{
- char *out = NULL;
char *username = NULL;
char *authzid = NULL;
int n;
/* Below we assume fields are sensible, so first verify that to
avoid crashes. */
- if (!scram_valid_client_first (cf)!)
+ if (!scram_valid_client_first (cf))
return -1;
/* Escape username and authzid. */
@@ -73,7 +75,7 @@ scram_print_client_first (struct scram_client_first *cf, char
**out)
return -2;
}
- n = asprintf (&out, "%c%s%s,%s%s,n=%s,r=%s",
+ n = asprintf (out, "%c%s%s,%s%s,n=%s,r=%s",
cf->cbflag,
cf->cbflag == 'p' ? "=" : "",
cf->cbflag == 'p' ? cf->cbname : "",
@@ -85,8 +87,8 @@ scram_print_client_first (struct scram_client_first *cf, char
**out)
free (username);
free (authzid);
- if (n <= 0 || out == NULL)
+ if (n <= 0 || *out == NULL)
return NULL;
- return out;
+ return 0;
}
diff --git a/lib/scram/scram.h b/lib/scram/scram.h
index b4c59ee..e413f85 100644
--- a/lib/scram/scram.h
+++ b/lib/scram/scram.h
@@ -32,9 +32,15 @@ extern Gsasl_mechanism gsasl_scram_sha1_mechanism;
extern Gsasl_mechanism gsasl_scram_sha1_plus_mechanism;
int
-_gsasl_scram_client_step (Gsasl_session * sctx,
- void *mech_data,
- const char *input, size_t input_len,
- char **output, size_t * output_len);
+_gsasl_scram_sha1_client_start (Gsasl_session * sctx, void **mech_data);
+
+int
+_gsasl_scram_sha1_client_step (Gsasl_session * sctx,
+ void *mech_data,
+ const char *input, size_t input_len,
+ char **output, size_t * output_len);
+
+void
+_gsasl_scram_sha1_client_finish (Gsasl_session * sctx, void *mech_data);
#endif /* SCRAM_H */
diff --git a/lib/scram/validate.c b/lib/scram/validate.c
index 8ffefa2..b66cc6c 100644
--- a/lib/scram/validate.c
+++ b/lib/scram/validate.c
@@ -57,12 +57,15 @@ scram_valid_client_first (struct scram_client_first *cf)
if (cf->username == NULL || *cf->username == '\0')
return false;
- /* FIXME check that client nonce is valid UTF-8 and does not contain
- '=' or NUL. */
-
/* We require a non-zero client nonce. */
if (cf->client_nonce == NULL || *cf->client_nonce == '\0')
return false;
+ /* Nonce cannot contain ','. */
+ if (strchr (cf->client_nonce, ','))
+ return false;
+
+ /* FIXME check that client nonce is valid UTF-8. */
+
return true;
}
hooks/post-receive
--
GNU gsasl
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- [SCM] GNU gsasl branch, master, updated. gsasl-1-2-41-ga5553c8,
Simon Josefsson <=