gsasl-commit
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[SCM] GNU gsasl branch, master, updated. gsasl-1-2-59-gee0ecf3

From: Simon Josefsson
Subject: [SCM] GNU gsasl branch, master, updated. gsasl-1-2-59-gee0ecf3
Date: Thu, 10 Sep 2009 09:35:08 +0000 
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GNU gsasl".

http://git.savannah.gnu.org/cgit/gsasl.git/commit/?id=ee0ecf34304b1f089bac8ec72e522d5fe532f4a3

The branch, master has been updated
       via  ee0ecf34304b1f089bac8ec72e522d5fe532f4a3 (commit)
       via  a623a04ca1d006aa8b073fd7005e4e8565a0b733 (commit)
      from  dab8307beda64351712a653ffbe94b3045bc4a4c (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit ee0ecf34304b1f089bac8ec72e522d5fe532f4a3
Author: Simon Josefsson <address@hidden>
Date:   Thu Sep 10 11:35:02 2009 +0200

    SCRAM: Client final sending works (but no crypto).

commit a623a04ca1d006aa8b073fd7005e4e8565a0b733
Author: Simon Josefsson <address@hidden>
Date:   Thu Sep 10 11:11:43 2009 +0200

    SCRAM: Cleanup.

-----------------------------------------------------------------------

Summary of changes:
 lib/scram/client.c   |   56 +++++++++++++++++++++++++++++++++-----------------
 lib/scram/parser.c   |    2 +-
 lib/scram/printer.c  |   29 +++++++++++++++++++++++--
 lib/scram/printer.h  |    3 ++
 lib/scram/tokens.c   |   10 +++++++++
 lib/scram/tokens.h   |    7 ++++++
 lib/scram/validate.c |   32 ++++++++++++++++++++++++++++
 lib/scram/validate.h |    2 +
 8 files changed, 118 insertions(+), 23 deletions(-)

diff --git a/lib/scram/client.c b/lib/scram/client.c
index 1e4adee..ea8e59c 100644
--- a/lib/scram/client.c
+++ b/lib/scram/client.c
@@ -34,6 +34,7 @@
 #include <string.h>
 
 #include "tokens.h"
+#include "parser.h"
 #include "printer.h"
 
 #define CNONCE_ENTROPY_BYTES 16
@@ -41,8 +42,9 @@
 struct scram_client_state
 {
   int step;
-  char cnonce[CNONCE_ENTROPY_BYTES + 1];
+  struct scram_client_first cf;
   struct scram_server_first sf;
+  struct scram_client_final cl;
 };
 
 int
@@ -56,21 +58,25 @@ _gsasl_scram_sha1_client_start (Gsasl_session * sctx, void 
**mech_data)
   if (state == NULL)
     return GSASL_MALLOC_ERROR;
 
-  rc = gsasl_nonce (state->cnonce, CNONCE_ENTROPY_BYTES);
+  state->cf.client_nonce = malloc (CNONCE_ENTROPY_BYTES + 1);
+  if (!state->cf.client_nonce)
+    return GSASL_MALLOC_ERROR;
+
+  rc = gsasl_nonce (state->cf.client_nonce, CNONCE_ENTROPY_BYTES);
   if (rc != GSASL_OK)
     return rc;
 
-  state->cnonce[CNONCE_ENTROPY_BYTES] = '\0';
+  state->cf.client_nonce[CNONCE_ENTROPY_BYTES] = '\0';
 
   for (i = 0; i < CNONCE_ENTROPY_BYTES; i++)
     {
-      state->cnonce[i] &= 0x7f;
+      state->cf.client_nonce[i] &= 0x7f;
 
-      if (state->cnonce[i] == '\0')
-       state->cnonce[i]++;
+      if (state->cf.client_nonce[i] == '\0')
+       state->cf.client_nonce[i]++;
 
-      if (state->cnonce[i] == ',')
-       state->cnonce[i]++;
+      if (state->cf.client_nonce[i] == ',')
+       state->cf.client_nonce[i]++;
     }
 
   *mech_data = state;
@@ -86,6 +92,7 @@ _gsasl_scram_sha1_client_step (Gsasl_session * sctx,
 {
   struct scram_client_state *state = mech_data;
   int res = GSASL_MECHANISM_CALLED_TOO_MANY_TIMES;
+  int rc;
 
   *output = NULL;
   *output_len = 0;
@@ -94,32 +101,27 @@ _gsasl_scram_sha1_client_step (Gsasl_session * sctx,
     {
     case 0:
       {
-       struct scram_client_first cf;
        const char *p;
-       int rc;
-
-       memset (&cf, 0, sizeof (cf));
 
-       cf.client_nonce = state->cnonce;
-       cf.cbflag = 'n';
+       /* FIXME */
+       state->cf.cbflag = 'n';
 
        p = gsasl_property_get (sctx, GSASL_AUTHID);
        if (!p)
          return GSASL_NO_AUTHID;
 
-       /* XXX Use query strings here?  Specification is unclear. */
-       rc = gsasl_saslprep (p, 0, &cf.username, NULL);
+       /* FIXME check that final document uses query strings. */
+       rc = gsasl_saslprep (p, GSASL_ALLOW_UNASSIGNED,
+                            &state->cf.username, NULL);
        if (rc != GSASL_OK)
          return rc;
 
-       rc = scram_print_client_first (&cf, output);
+       rc = scram_print_client_first (&state->cf, output);
        if (rc != 0)
          return GSASL_MALLOC_ERROR;
 
        *output_len = strlen (*output);
 
-       gsasl_free (cf.username);
-
        state->step++;
        return GSASL_NEEDS_MORE;
        break;
@@ -133,6 +135,18 @@ _gsasl_scram_sha1_client_step (Gsasl_session * sctx,
        if (scram_parse_server_first (input, &state->sf) < 0)
          return GSASL_MECHANISM_PARSE_ERROR;
 
+       state->cl.nonce = strdup (state->sf.nonce);
+
+       /* FIXME */
+       state->cl.cbind = strdup ("cbind");
+       state->cl.proof = strdup ("proof");
+
+       rc = scram_print_client_final (&state->cl, output);
+       if (rc != 0)
+         return GSASL_MALLOC_ERROR;
+
+       *output_len = strlen (*output);
+
        state->step++;
        return GSASL_NEEDS_MORE;
        break;
@@ -153,5 +167,9 @@ _gsasl_scram_sha1_client_finish (Gsasl_session * sctx, void 
*mech_data)
   if (!state)
     return;
 
+  scram_free_client_first (&state->cf);
+  scram_free_server_first (&state->sf);
+  scram_free_client_final (&state->cl);
+
   free (state);
 }
diff --git a/lib/scram/parser.c b/lib/scram/parser.c
index f43054f..eab6ad9 100644
--- a/lib/scram/parser.c
+++ b/lib/scram/parser.c
@@ -189,7 +189,7 @@ scram_parse_server_first (const char *str,
     memcpy (sf->salt, str, len);
     sf->salt[len] = '\0';
 
-    /* FIXME check that salt is valid base64. */
+    /* FIXME base64 salt */
 
     str = p;
   }
diff --git a/lib/scram/printer.c b/lib/scram/printer.c
index fedb18d..c69b05a 100644
--- a/lib/scram/printer.c
+++ b/lib/scram/printer.c
@@ -88,7 +88,7 @@ scram_print_client_first (struct scram_client_first *cf, char 
**out)
   free (authzid);
 
   if (n <= 0 || *out == NULL)
-    return NULL;
+    return -1;
 
   return 0;
 }
@@ -106,12 +106,35 @@ scram_print_server_first (struct scram_server_first *sf, 
char **out)
   if (!scram_valid_server_first (sf))
     return -1;
 
-  /* FIXME base64 salt here? */
+  /* FIXME base64 salt here */
 
   n = asprintf (out, "r=%s,s=%s,i=%d",
                sf->nonce, sf->salt, sf->iter);
   if (n <= 0 || *out == NULL)
-    return NULL;
+    return -1;
+
+  return 0;
+}
+
+/* Print SCRAM client-final token into newly allocated output string
+   OUT.  Returns 0 on success, -1 on invalid token, and -2 on memory
+   allocation errors. */
+int
+scram_print_client_final (struct scram_client_final *cf, char **out)
+{
+  int n;
+
+  /* Below we assume fields are sensible, so first verify that to
+     avoid crashes. */
+  if (!scram_valid_client_final (cf))
+    return -1;
+
+  /* FIXME base64 cbind/proof */
+
+  n = asprintf (out, "c=%s,r=%s,p=%s",
+               cf->cbind, cf->nonce, cf->proof);
+  if (n <= 0 || *out == NULL)
+    return -1;
 
   return 0;
 }
diff --git a/lib/scram/printer.h b/lib/scram/printer.h
index 7504116..34a95a7 100644
--- a/lib/scram/printer.h
+++ b/lib/scram/printer.h
@@ -32,4 +32,7 @@ scram_print_client_first (struct scram_client_first *cf, char 
**out);
 extern int
 scram_print_server_first (struct scram_server_first *cf, char **out);
 
+extern int
+scram_print_client_final (struct scram_client_final *cf, char **out);
+
 #endif /* SCRAM_PRINTER_H */
diff --git a/lib/scram/tokens.c b/lib/scram/tokens.c
index b2c9684..ae67582 100644
--- a/lib/scram/tokens.c
+++ b/lib/scram/tokens.c
@@ -48,3 +48,13 @@ scram_free_server_first (struct scram_server_first * sf)
 
   memset (sf, 0, sizeof (*sf));
 }
+
+void
+scram_free_client_final (struct scram_client_final * cf)
+{
+  free (cf->cbind);
+  free (cf->nonce);
+  free (cf->proof);
+
+  memset (cf, 0, sizeof (*cf));
+}
diff --git a/lib/scram/tokens.h b/lib/scram/tokens.h
index 752365c..4f7534a 100644
--- a/lib/scram/tokens.h
+++ b/lib/scram/tokens.h
@@ -42,6 +42,13 @@ struct scram_server_first
   size_t iter;
 };
 
+struct scram_client_final
+{
+  char *cbind;
+  char *nonce;
+  char *proof;
+};
+
 extern void scram_free_client_first (struct scram_client_first * cf);
 
 extern void scram_free_server_first (struct scram_server_first * sf);
diff --git a/lib/scram/validate.c b/lib/scram/validate.c
index 85196b4..b3ea212 100644
--- a/lib/scram/validate.c
+++ b/lib/scram/validate.c
@@ -96,3 +96,35 @@ scram_valid_server_first (struct scram_server_first *sf)
 
   return true;
 }
+
+bool
+scram_valid_client_final (struct scram_client_final *cf)
+{
+  /* We require a non-zero cbind. */
+  if (cf->cbind == NULL || *cf->cbind == '\0')
+    return false;
+
+  /* FIXME check that cbind is valid base64. */
+  if (strchr (cf->cbind, ','))
+    return false;
+
+  /* We require a non-zero nonce. */
+  if (cf->nonce == NULL || *cf->nonce == '\0')
+    return false;
+
+  /* Nonce cannot contain ','. */
+  if (strchr (cf->nonce, ','))
+    return false;
+
+  /* FIXME check that nonce is valid UTF-8. */
+
+  /* We require a non-zero proof. */
+  if (cf->proof == NULL || *cf->proof == '\0')
+    return false;
+
+  /* FIXME check that proof is valid base64. */
+  if (strchr (cf->proof, ','))
+    return false;
+
+  return true;
+}
diff --git a/lib/scram/validate.h b/lib/scram/validate.h
index 11496e5..f4d41ac 100644
--- a/lib/scram/validate.h
+++ b/lib/scram/validate.h
@@ -33,4 +33,6 @@ extern bool scram_valid_client_first (struct 
scram_client_first *cf);
 
 extern bool scram_valid_server_first (struct scram_server_first *sf);
 
+extern bool scram_valid_client_final (struct scram_client_final *cf);
+
 #endif /* SCRAM_VALIDATE_H */


hooks/post-receive
-- 
GNU gsasl
reply via email to
[Prev in Thread] Current Thread [Next in Thread]