[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[SCM] GNU gsasl branch, master, updated. gsasl-1-2-56-g5fe79a3
|
From: |
Simon Josefsson |
|
Subject: |
[SCM] GNU gsasl branch, master, updated. gsasl-1-2-56-g5fe79a3 |
|
Date: |
Thu, 10 Sep 2009 08:29:18 +0000 |
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GNU gsasl".
http://git.savannah.gnu.org/cgit/gsasl.git/commit/?id=5fe79a35e15190b1675d771927384d0f6a3d2f5e
The branch, master has been updated
via 5fe79a35e15190b1675d771927384d0f6a3d2f5e (commit)
via 7ca24a9b4b1f2e014f7c864ac3894eb454b893ec (commit)
from b2e0f20e3aac330f64b41960dd5a2e359a6d35b0 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 5fe79a35e15190b1675d771927384d0f6a3d2f5e
Author: Simon Josefsson <address@hidden>
Date: Thu Sep 10 10:29:14 2009 +0200
SCRAM: Printing server first works.
commit 7ca24a9b4b1f2e014f7c864ac3894eb454b893ec
Author: Simon Josefsson <address@hidden>
Date: Thu Sep 10 09:44:39 2009 +0200
SCRAM: Server can parse client first.
-----------------------------------------------------------------------
Summary of changes:
lib/scram/Makefile.am | 2 +-
lib/scram/parser.c | 4 +-
lib/scram/parser.h | 2 +-
lib/scram/printer.c | 23 +++++++++++++++++++
lib/scram/printer.h | 3 ++
lib/scram/server.c | 43 +++++++++++++++++++++++++++++------
lib/scram/{validate.h => tokens.c} | 34 +++++++++++++++++++++-------
lib/scram/tokens.h | 11 +++++++++
lib/scram/validate.c | 27 ++++++++++++++++++++++
lib/scram/validate.h | 2 +
10 files changed, 130 insertions(+), 21 deletions(-)
copy lib/scram/{validate.h => tokens.c} (64%)
diff --git a/lib/scram/Makefile.am b/lib/scram/Makefile.am
index e8a1845..ee54640 100644
--- a/lib/scram/Makefile.am
+++ b/lib/scram/Makefile.am
@@ -23,7 +23,7 @@ AM_CPPFLAGS = -I$(srcdir)/../src -I../src -I$(srcdir)/../gl
-I../gl
noinst_LTLIBRARIES = libgsasl-scram.la
libgsasl_scram_la_SOURCES = scram.h mechinfo.c \
- tokens.h \
+ tokens.h tokens.c \
validate.h validate.c \
parser.h parser.c \
printer.h printer.c
diff --git a/lib/scram/parser.c b/lib/scram/parser.c
index 0d0ddbf..a8e7b50 100644
--- a/lib/scram/parser.c
+++ b/lib/scram/parser.c
@@ -37,11 +37,11 @@
#include "validate.h"
int
-scram_parse_client_first (const char *str, size_t len,
+scram_parse_client_first (const char *str,
struct scram_client_first *cf)
{
/* Minimum client first string is 'n,,n=a,r=b'. */
- if (len < 10)
+ if (strlen (str) < 10)
return -1;
if (*str != 'p' && *str != 'n' && *str != 'y')
diff --git a/lib/scram/parser.h b/lib/scram/parser.h
index ec58204..34fbda4 100644
--- a/lib/scram/parser.h
+++ b/lib/scram/parser.h
@@ -26,7 +26,7 @@
/* Get token types. */
#include "tokens.h"
-extern int scram_parse_client_first (const char *str, size_t len,
+extern int scram_parse_client_first (const char *str,
struct scram_client_first *cf);
#endif /* SCRAM_PARSER_H */
diff --git a/lib/scram/printer.c b/lib/scram/printer.c
index fda2ca5..fedb18d 100644
--- a/lib/scram/printer.c
+++ b/lib/scram/printer.c
@@ -92,3 +92,26 @@ scram_print_client_first (struct scram_client_first *cf,
char **out)
return 0;
}
+
+/* Print SCRAM server-first token into newly allocated output string
+ OUT. Returns 0 on success, -1 on invalid token, and -2 on memory
+ allocation errors. */
+int
+scram_print_server_first (struct scram_server_first *sf, char **out)
+{
+ int n;
+
+ /* Below we assume fields are sensible, so first verify that to
+ avoid crashes. */
+ if (!scram_valid_server_first (sf))
+ return -1;
+
+ /* FIXME base64 salt here? */
+
+ n = asprintf (out, "r=%s,s=%s,i=%d",
+ sf->nonce, sf->salt, sf->iter);
+ if (n <= 0 || *out == NULL)
+ return NULL;
+
+ return 0;
+}
diff --git a/lib/scram/printer.h b/lib/scram/printer.h
index 56aec61..7504116 100644
--- a/lib/scram/printer.h
+++ b/lib/scram/printer.h
@@ -29,4 +29,7 @@
extern int
scram_print_client_first (struct scram_client_first *cf, char **out);
+extern int
+scram_print_server_first (struct scram_server_first *cf, char **out);
+
#endif /* SCRAM_PRINTER_H */
diff --git a/lib/scram/server.c b/lib/scram/server.c
index feb96f7..3ebbae2 100644
--- a/lib/scram/server.c
+++ b/lib/scram/server.c
@@ -35,15 +35,16 @@
#include "tokens.h"
#include "parser.h"
+#include "validate.h"
#define SNONCE_ENTROPY_BYTES 16
struct scram_server_state
{
int step;
- char *cnonce;
char snonce[SNONCE_ENTROPY_BYTES + 1];
struct scram_client_first cf;
+ struct scram_server_first sf;
};
int
@@ -53,13 +54,10 @@ _gsasl_scram_sha1_server_start (Gsasl_session * sctx, void
**mech_data)
size_t i;
int rc;
- state = (struct scram_server_state *) malloc (sizeof (*state));
+ state = (struct scram_server_state *) calloc (sizeof (*state), 1);
if (state == NULL)
return GSASL_MALLOC_ERROR;
- state->step = 0;
- state->cnonce = NULL;
-
rc = gsasl_nonce (state->snonce, SNONCE_ENTROPY_BYTES);
if (rc != GSASL_OK)
return rc;
@@ -91,6 +89,7 @@ _gsasl_scram_sha1_server_step (Gsasl_session * sctx,
{
struct scram_server_state *state = mech_data;
int res = GSASL_MECHANISM_CALLED_TOO_MANY_TIMES;
+ int rc;
*output = NULL;
*output_len = 0;
@@ -99,12 +98,38 @@ _gsasl_scram_sha1_server_step (Gsasl_session * sctx,
{
case 0:
{
- if (scram_parse_client_first (input, input_len, &state->cf) < 0)
+ if (strlen (input) != input_len)
return GSASL_MECHANISM_PARSE_ERROR;
- if (scram_valid_client_first (state->cf) < 0)
+ if (scram_parse_client_first (input, &state->cf) < 0)
return GSASL_MECHANISM_PARSE_ERROR;
+ if (scram_valid_client_first (&state->cf) < 0)
+ return GSASL_MECHANISM_PARSE_ERROR;
+
+ /* Create new nonce. */
+ {
+ size_t cnlen = strlen (state->cf.client_nonce);
+
+ state->sf.nonce = malloc (cnlen + SNONCE_ENTROPY_BYTES + 1);
+ if (!state->sf.nonce)
+ return GSASL_MALLOC_ERROR;
+
+ memcpy (state->sf.nonce, state->cf.client_nonce, cnlen);
+ memcpy (state->sf.nonce + cnlen, state->snonce,
+ SNONCE_ENTROPY_BYTES);
+ state->sf.nonce[cnlen + SNONCE_ENTROPY_BYTES] = '\0';
+ }
+
+ /* FIXME */
+ state->sf.iter = 128;
+ state->sf.salt = strdup ("salt");
+
+ rc = scram_print_server_first (&state->sf, output);
+ if (rc != 0)
+ return GSASL_MALLOC_ERROR;
+ *output_len = strlen (*output);
+
state->step++;
return GSASL_NEEDS_MORE;
break;
@@ -125,7 +150,9 @@ _gsasl_scram_sha1_server_finish (Gsasl_session * sctx, void
*mech_data)
if (!state)
return;
+
+ scram_free_client_first (&state->cf);
+ scram_free_server_first (&state->sf);
- free (state->cnonce);
free (state);
}
diff --git a/lib/scram/validate.h b/lib/scram/tokens.c
similarity index 64%
copy from lib/scram/validate.h
copy to lib/scram/tokens.c
index 6016898..b2c9684 100644
--- a/lib/scram/validate.h
+++ b/lib/scram/tokens.c
@@ -1,4 +1,4 @@
-/* validate.h --- Validate consistency of SCRAM tokens.
+/* tokens.c --- Free allocated data in SCRAM tokens.
* Copyright (C) 2009 Simon Josefsson
*
* This file is part of GNU SASL Library.
@@ -20,15 +20,31 @@
*
*/
-#ifndef SCRAM_VALIDATE_H
-# define SCRAM_VALIDATE_H
-
-/* Get token types. */
+/* Get prototypes. */
#include "tokens.h"
-/* Get bool. */
-#include <stdbool.h>
+/* Get free. */
+#include <stdlib.h>
+
+/* Get memset. */
+#include <string.h>
+
+void
+scram_free_client_first (struct scram_client_first * cf)
+{
+ free (cf->cbname);
+ free (cf->authzid);
+ free (cf->username);
+ free (cf->client_nonce);
+
+ memset (cf, 0, sizeof (*cf));
+}
-extern bool scram_valid_client_first (struct scram_client_first *cf);
+void
+scram_free_server_first (struct scram_server_first * sf)
+{
+ free (sf->nonce);
+ free (sf->salt);
-#endif /* SCRAM_VALIDATE_H */
+ memset (sf, 0, sizeof (*sf));
+}
diff --git a/lib/scram/tokens.h b/lib/scram/tokens.h
index 19e4a6d..752365c 100644
--- a/lib/scram/tokens.h
+++ b/lib/scram/tokens.h
@@ -35,4 +35,15 @@ struct scram_client_first
char *client_nonce;
};
+struct scram_server_first
+{
+ char *nonce;
+ char *salt;
+ size_t iter;
+};
+
+extern void scram_free_client_first (struct scram_client_first * cf);
+
+extern void scram_free_server_first (struct scram_server_first * sf);
+
#endif /* SCRAM_TOKENS_H */
diff --git a/lib/scram/validate.c b/lib/scram/validate.c
index b66cc6c..85196b4 100644
--- a/lib/scram/validate.c
+++ b/lib/scram/validate.c
@@ -69,3 +69,30 @@ scram_valid_client_first (struct scram_client_first *cf)
return true;
}
+
+bool
+scram_valid_server_first (struct scram_server_first *sf)
+{
+ /* We require a non-zero nonce. */
+ if (sf->nonce == NULL || *sf->nonce == '\0')
+ return false;
+
+ /* Nonce cannot contain ','. */
+ if (strchr (sf->nonce, ','))
+ return false;
+
+ /* FIXME check that nonce is valid UTF-8. */
+
+ /* We require a non-zero salt. */
+ if (sf->salt == NULL || *sf->salt == '\0')
+ return false;
+
+ /* FIXME check that salt is valid base64. */
+ if (strchr (sf->salt, ','))
+ return false;
+
+ if (sf->iter == 0)
+ return false;
+
+ return true;
+}
diff --git a/lib/scram/validate.h b/lib/scram/validate.h
index 6016898..11496e5 100644
--- a/lib/scram/validate.h
+++ b/lib/scram/validate.h
@@ -31,4 +31,6 @@
extern bool scram_valid_client_first (struct scram_client_first *cf);
+extern bool scram_valid_server_first (struct scram_server_first *sf);
+
#endif /* SCRAM_VALIDATE_H */
hooks/post-receive
--
GNU gsasl
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- [SCM] GNU gsasl branch, master, updated. gsasl-1-2-56-g5fe79a3,
Simon Josefsson <=