[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[SCM] GNU gsasl branch, master, updated. gsasl-1-2-42-gbaf7535
|
From: |
Simon Josefsson |
|
Subject: |
[SCM] GNU gsasl branch, master, updated. gsasl-1-2-42-gbaf7535 |
|
Date: |
Wed, 09 Sep 2009 15:04:23 +0000 |
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GNU gsasl".
http://git.savannah.gnu.org/cgit/gsasl.git/commit/?id=baf75359711fd1dd8c751ec8171c08a2804108e8
The branch, master has been updated
via baf75359711fd1dd8c751ec8171c08a2804108e8 (commit)
from a5553c823b16d9bc95ad41b1d4b4987e4925f521 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit baf75359711fd1dd8c751ec8171c08a2804108e8
Author: Simon Josefsson <address@hidden>
Date: Wed Sep 9 17:04:17 2009 +0200
Improve SCRAM, initial server skeleton and self test.
-----------------------------------------------------------------------
Summary of changes:
lib/scram/Makefile.am | 5 ++
lib/scram/client.c | 3 +-
lib/scram/mechinfo.c | 6 +++
lib/scram/scram.h | 14 ++++++
lib/scram/{client.c => server.c} | 83 ++++++++++++----------------------
tests/Makefile.am | 3 +-
tests/{cram-md5.c => scram.c} | 93 +++++++++++++++++++-------------------
7 files changed, 104 insertions(+), 103 deletions(-)
copy lib/scram/{client.c => server.c} (50%)
copy tests/{cram-md5.c => scram.c} (58%)
diff --git a/lib/scram/Makefile.am b/lib/scram/Makefile.am
index f194190..d426fec 100644
--- a/lib/scram/Makefile.am
+++ b/lib/scram/Makefile.am
@@ -27,6 +27,11 @@ libgsasl_scram_la_SOURCES = scram.h mechinfo.c \
printer.h printer.c \
validate.h validate.c
+
if CLIENT
libgsasl_scram_la_SOURCES += client.c
endif
+
+if SERVER
+libgsasl_scram_la_SOURCES += server.c
+endif
diff --git a/lib/scram/client.c b/lib/scram/client.c
index e6f24e9..29caa0a 100644
--- a/lib/scram/client.c
+++ b/lib/scram/client.c
@@ -118,7 +118,8 @@ _gsasl_scram_sha1_client_step (Gsasl_session * sctx,
gsasl_free (cf.username);
- return GSASL_OK;
+ state->step++;
+ return GSASL_NEEDS_MORE;
break;
}
diff --git a/lib/scram/mechinfo.c b/lib/scram/mechinfo.c
index 4e71837..742984e 100644
--- a/lib/scram/mechinfo.c
+++ b/lib/scram/mechinfo.c
@@ -48,9 +48,15 @@ Gsasl_mechanism gsasl_scram_sha1_mechanism = {
{
NULL,
NULL,
+#ifdef USE_SERVER
+ _gsasl_scram_sha1_server_start,
+ _gsasl_scram_sha1_server_step,
+ _gsasl_scram_sha1_server_finish,
+#else
NULL,
NULL,
NULL,
+#endif
NULL,
NULL
}
diff --git a/lib/scram/scram.h b/lib/scram/scram.h
index e413f85..ca65105 100644
--- a/lib/scram/scram.h
+++ b/lib/scram/scram.h
@@ -43,4 +43,18 @@ _gsasl_scram_sha1_client_step (Gsasl_session * sctx,
void
_gsasl_scram_sha1_client_finish (Gsasl_session * sctx, void *mech_data);
+
+int
+_gsasl_scram_sha1_server_start (Gsasl_session * sctx, void **mech_data);
+
+int
+_gsasl_scram_sha1_server_step (Gsasl_session * sctx,
+ void *mech_data,
+ const char *input,
+ size_t input_len,
+ char **output, size_t * output_len);
+
+void
+_gsasl_scram_sha1_server_finish (Gsasl_session * sctx, void *mech_data);
+
#endif /* SCRAM_H */
diff --git a/lib/scram/client.c b/lib/scram/server.c
similarity index 50%
copy from lib/scram/client.c
copy to lib/scram/server.c
index e6f24e9..f081f73 100644
--- a/lib/scram/client.c
+++ b/lib/scram/server.c
@@ -1,4 +1,4 @@
-/* client.c --- SASL SCRAM client side functions.
+/* server.c --- SASL CRAM-MD5 server side functions.
* Copyright (C) 2009 Simon Josefsson
*
* This file is part of GNU SASL Library.
@@ -30,48 +30,50 @@
/* Get malloc, free. */
#include <stdlib.h>
-/* Get memcpy, strlen. */
+/* Get memcpy, strdup, strlen. */
#include <string.h>
#include "tokens.h"
-#include "printer.h"
-#define CNONCE_ENTROPY_BYTES 16
+#define SNONCE_ENTROPY_BYTES 16
-struct scram_client_state
+struct scram_server_state
{
int step;
- char cnonce[CNONCE_ENTROPY_BYTES + 1];
+ char *cnonce;
+ char snonce[SNONCE_ENTROPY_BYTES + 1];
+ struct scram_client_first cf;
};
int
-_gsasl_scram_sha1_client_start (Gsasl_session * sctx, void **mech_data)
+_gsasl_scram_sha1_server_start (Gsasl_session * sctx, void **mech_data)
{
- struct scram_client_state *state;
+ struct scram_server_state *state;
size_t i;
int rc;
- state = (struct scram_client_state *) malloc (sizeof (*state));
+ state = (struct scram_server_state *) malloc (sizeof (*state));
if (state == NULL)
return GSASL_MALLOC_ERROR;
state->step = 0;
+ state->cnonce = NULL;
- rc = gsasl_nonce (state->cnonce, CNONCE_ENTROPY_BYTES);
+ rc = gsasl_nonce (state->snonce, SNONCE_ENTROPY_BYTES);
if (rc != GSASL_OK)
return rc;
- state->cnonce[CNONCE_ENTROPY_BYTES] = '\0';
+ state->snonce[SNONCE_ENTROPY_BYTES] = '\0';
- for (i = 0; i < CNONCE_ENTROPY_BYTES; i++)
+ for (i = 0; i < SNONCE_ENTROPY_BYTES; i++)
{
- state->cnonce[i] &= 0x7f;
+ state->snonce[i] &= 0x7f;
- if (state->cnonce[i] == '\0')
- state->cnonce[i]++;
+ if (state->snonce[i] == '\0')
+ state->snonce[i]++;
- if (state->cnonce[i] == ',')
- state->cnonce[i]++;
+ if (state->snonce[i] == ',')
+ state->snonce[i]++;
}
*mech_data = state;
@@ -80,48 +82,20 @@ _gsasl_scram_sha1_client_start (Gsasl_session * sctx, void
**mech_data)
}
int
-_gsasl_scram_sha1_client_step (Gsasl_session * sctx,
+_gsasl_scram_sha1_server_step (Gsasl_session * sctx,
void *mech_data,
- const char *input, size_t input_len,
+ const char *input,
+ size_t input_len,
char **output, size_t * output_len)
{
- struct scram_client_state *state = mech_data;
+ struct scram_server_state *state = mech_data;
int res = GSASL_MECHANISM_CALLED_TOO_MANY_TIMES;
+ *output = NULL;
+ *output_len = 0;
+
switch (state->step)
{
- case 0:
- {
- struct scram_client_first cf;
- const char *p;
- int rc;
-
- memset (&cf, 0, sizeof (cf));
-
- cf.client_nonce = state->cnonce;
- cf.cbflag = 'n';
-
- p = gsasl_property_get (sctx, GSASL_AUTHID);
- if (!p)
- return GSASL_NO_AUTHID;
-
- /* XXX Use query strings here? Specification is unclear. */
- rc = gsasl_saslprep (p, 0, &cf.username, NULL);
- if (rc != GSASL_OK)
- return rc;
-
- rc = scram_print_client_first (&cf, output);
- if (rc != 0)
- return GSASL_MALLOC_ERROR;
-
- *output_len = strlen (*output);
-
- gsasl_free (cf.username);
-
- return GSASL_OK;
- break;
- }
-
default:
break;
}
@@ -130,12 +104,13 @@ _gsasl_scram_sha1_client_step (Gsasl_session * sctx,
}
void
-_gsasl_scram_sha1_client_finish (Gsasl_session * sctx, void *mech_data)
+_gsasl_scram_sha1_server_finish (Gsasl_session * sctx, void *mech_data)
{
- struct scram_client_state *state = mech_data;
+ struct scram_server_state *state = mech_data;
if (!state)
return;
+ free (state->cnonce);
free (state);
}
diff --git a/tests/Makefile.am b/tests/Makefile.am
index de3b963..9231aee 100644
--- a/tests/Makefile.am
+++ b/tests/Makefile.am
@@ -40,7 +40,8 @@ TESTS_ENVIRONMENT = \
ctests = external$(EXEEXT) cram-md5$(EXEEXT) digest-md5$(EXEEXT) \
md5file$(EXEEXT) name$(EXEEXT) errors$(EXEEXT) \
- suggest$(EXEEXT) simple$(EXEEXT) crypto$(EXEEXT)
+ suggest$(EXEEXT) simple$(EXEEXT) crypto$(EXEEXT) \
+ scram$(EXEEXT)
if OBSOLETE
ctests += old-simple$(EXEEXT) old-md5file$(EXEEXT) old-cram-md5$(EXEEXT)
\
diff --git a/tests/cram-md5.c b/tests/scram.c
similarity index 58%
copy from tests/cram-md5.c
copy to tests/scram.c
index 1227feb..16ca975 100644
--- a/tests/cram-md5.c
+++ b/tests/scram.c
@@ -1,5 +1,5 @@
-/* cram-md5.c --- Test the CRAM-MD5 mechanism.
- * Copyright (C) 2002, 2003, 2004, 2005, 2007, 2008, 2009 Simon Josefsson
+/* scram.c --- Test the SCRAM mechanism.
+ * Copyright (C) 2009 Simon Josefsson
*
* This file is part of GNU SASL.
*
@@ -29,11 +29,11 @@
#include "utils.h"
-#define PASSWORD "Open, Sesame"
-#define USERNAME "Ali Baba"
+#define PASSWORD "Open, Ses\xC2\xAA""me"
+#define USERNAME "Ali B\xC2\xAA""ba"
/* "Ali " "\xC2\xAD" "Bab" "\xC2\xAA" */
/* "Al\xC2\xAA""dd\xC2\xAD""in\xC2\xAE" */
-
+#define AUTHZID "joe"
static int
callback (Gsasl * ctx, Gsasl_session * sctx, Gsasl_property prop)
@@ -45,12 +45,17 @@ callback (Gsasl * ctx, Gsasl_session * sctx, Gsasl_property
prop)
switch (prop)
{
case GSASL_PASSWORD:
- gsasl_property_set (sctx, GSASL_PASSWORD, PASSWORD);
+ gsasl_property_set (sctx, prop, PASSWORD);
rc = GSASL_OK;
break;
case GSASL_AUTHID:
- gsasl_property_set (sctx, GSASL_AUTHID, USERNAME);
+ gsasl_property_set (sctx, prop, USERNAME);
+ rc = GSASL_OK;
+ break;
+
+ case GSASL_AUTHZID:
+ gsasl_property_set (sctx, prop, AUTHZID);
rc = GSASL_OK;
break;
@@ -69,10 +74,7 @@ doit (void)
Gsasl_session *server = NULL, *client = NULL;
char *s1, *s2;
size_t s1len, s2len;
- size_t i;
int res;
- char *last_server_challenge = NULL;
- size_t last_server_challenge_len = 0;
res = gsasl_init (&ctx);
if (res != GSASL_OK)
@@ -81,11 +83,11 @@ doit (void)
return;
}
- if (!gsasl_client_support_p (ctx, "CRAM-MD5")
- || !gsasl_server_support_p (ctx, "CRAM-MD5"))
+ if (!gsasl_client_support_p (ctx, "SCRAM-SHA-1")
+ || !gsasl_server_support_p (ctx, "SCRAM-SHA-1"))
{
gsasl_done (ctx);
- fail("No support for CRAM-MD5.\n");
+ fail("No support for SCRAM-SHA-1.\n");
exit(77);
}
@@ -93,80 +95,77 @@ doit (void)
for (i = 0; i < 5; i++)
{
- res = gsasl_server_start (ctx, "CRAM-MD5", &server);
+ res = gsasl_server_start (ctx, "SCRAM-SHA-1", &server);
if (res != GSASL_OK)
{
fail ("gsasl_init() failed (%d):\n%s\n", res, gsasl_strerror (res));
return;
}
- res = gsasl_client_start (ctx, "CRAM-MD5", &client);
+ res = gsasl_client_start (ctx, "SCRAM-SHA-1", &client);
if (res != GSASL_OK)
{
fail ("gsasl_init() failed (%d):\n%s\n", res, gsasl_strerror (res));
return;
}
- res = gsasl_step (server, NULL, 0, &s1, &s1len);
+ /* Client first... */
+
+ res = gsasl_step (client, NULL, 0, &s1, &s1len);
if (res != GSASL_NEEDS_MORE)
{
- fail ("gsasl_step() failed (%d):\n%s\n", res, gsasl_strerror (res));
+ fail ("gsasl_step[%d](1) failed (%d):\n%s\n", i, res,
+ gsasl_strerror (res));
return;
}
if (debug)
- printf ("S: %.*s\n", s1len, s1);
-
- if (last_server_challenge)
- {
- if (last_server_challenge_len == s1len &&
- memcmp (last_server_challenge, s1, s1len) == 0)
- fail ("Server challenge same as last one!\n");
-
- free (last_server_challenge);
- }
+ printf ("C: %.*s\n", s1len, s1);
- last_server_challenge = malloc (s1len);
- if (!last_server_challenge)
- fail ("malloc() failure (%d)\n", s1len);
- memcpy (last_server_challenge, s1, s1len);
- last_server_challenge_len = s1len;
+ /* Server first... */
- res = gsasl_step (client, s1, s1len, &s2, &s2len);
+ res = gsasl_step (server, s1, s1len, &s2, &s2len);
gsasl_free (s1);
- if (res != GSASL_OK)
+ if (res != GSASL_NEEDS_MORE)
{
- fail ("gsasl_step() failed (%d):\n%s\n", res, gsasl_strerror (res));
+ fail ("gsasl_step[%d](2) failed (%d):\n%s\n", i, res,
+ gsasl_strerror (res));
return;
}
if (debug)
- printf ("C: %.*s\n", s2len, s2);
+ printf ("S: %.*s\n", s2len, s2);
- res = gsasl_step (server, s2, s2len, &s1, &s1len);
+ /* Client final... */
+
+ res = gsasl_step (client, s2, s2len, &s1, &s1len);
gsasl_free (s2);
- if (res != GSASL_OK)
+ if (res != GSASL_NEEDS_MORE)
{
- fail ("gsasl_step() failed (%d):\n%s\n", res, gsasl_strerror (res));
+ fail ("gsasl_step[%d](3) failed (%d):\n%s\n", i, res,
+ gsasl_strerror (res));
return;
}
- if (s1len != 0)
+ if (debug)
+ printf ("C: %.*s\n", s1len, s1);
+
+ /* Server final... */
+
+ res = gsasl_step (server, s1, s1len, &s2, &s2len);
+ gsasl_free (s1);
+ if (res != GSASL_OK)
{
- fail ("gsasl_step() failed, additional length=%d:\n", s1len);
- fail ("%s\n", s1);
+ fail ("gsasl_step[%d](4) failed (%d):\n%s\n", i, res,
+ gsasl_strerror (res));
return;
}
- gsasl_free (s1);
-
if (debug)
- printf ("\n");
+ printf ("C: %.*s\n", s2len, s2);
gsasl_finish (client);
gsasl_finish (server);
}
- free (last_server_challenge);
-
gsasl_done (ctx);
}
hooks/post-receive
--
GNU gsasl
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- [SCM] GNU gsasl branch, master, updated. gsasl-1-2-42-gbaf7535,
Simon Josefsson <=