[SCM] GNU gsasl branch, master, updated. gsasl-1-4-1-27-g5914e06

[Simon Josefsson]

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GNU gsasl".

http://git.savannah.gnu.org/cgit/gsasl.git/commit/?id=5914e06e1a3bc081240ae1f509ac50efedcd57e4

The branch, master has been updated
       via  5914e06e1a3bc081240ae1f509ac50efedcd57e4 (commit)
      from  8af1e3a6639eb51d97dbecc1777b0bafcbe260c9 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 5914e06e1a3bc081240ae1f509ac50efedcd57e4
Author: Simon Josefsson <address@hidden>
Date:   Wed Mar 10 21:49:21 2010 +0100

    SCRAM: (Un)escape authzid.

-----------------------------------------------------------------------

Summary of changes:
 lib/scram/parser.c  |   49 ++++++++++++++++++++++++++++++++++++++++++-------
 lib/scram/printer.c |   33 +++++++++++++++++++++++++++++----
 lib/scram/server.c  |    3 ++-
 tests/scram.c       |   21 ++++++++++++++++++---
 4 files changed, 91 insertions(+), 15 deletions(-)

diff --git a/lib/scram/parser.c b/lib/scram/parser.c
index 9551b36..e0affde 100644
--- a/lib/scram/parser.c
+++ b/lib/scram/parser.c
@@ -1,5 +1,5 @@
 /* parser.c --- SCRAM parser.
- * Copyright (C) 2009  Simon Josefsson
+ * Copyright (C) 2009, 2010  Simon Josefsson
  *
  * This file is part of GNU SASL Library.
  *
@@ -36,6 +36,41 @@
 /* Get validator. */
 #include "validate.h"
 
+static char *
+unescape_authzid (const char *str, size_t len)
+{
+  char *out = malloc (len + 1);
+  char *p = out;
+
+  if (!out)
+    return NULL;
+
+  while (len > 0 && *str)
+    {
+      if (len >= 3 && str[0] == '=' && str[1] == '2' && str[2] == 'C')
+       {
+         *p++ = ',';
+         str += 3;
+         len -= 3;
+       }
+      else if (len >= 3 && str[0] == '=' && str[1] == '3' && str[2] == 'D')
+       {
+         *p++ = '=';
+         str += 3;
+         len -= 3;
+       }
+      else
+       {
+         *p++ = *str;
+         str++;
+         len--;
+       }
+    }
+  *p = '\0';
+
+  return out;
+}
+
 int
 scram_parse_client_first (const char *str, size_t len,
                          struct scram_client_first *cf)
@@ -61,6 +96,11 @@ scram_parse_client_first (const char *str, size_t len,
       const char *p;
       size_t l;
 
+      str++, len--;
+      if (len == 0 || *str != '=')
+       return -1;
+      str++, len--;
+
       p = memchr (str, ',', len);
       if (!p)
        return -1;
@@ -69,15 +109,10 @@ scram_parse_client_first (const char *str, size_t len,
       if (len < l)
        return -1;
 
-      cf->authzid = malloc (l + 1);
+      cf->authzid = unescape_authzid (str, l);
       if (!cf->authzid)
        return -1;
 
-      memcpy (cf->authzid, str, l);
-      cf->authzid[l] = '\0';
-
-      /* FIXME decode authzid */
-
       str = p;
       len -= l;
     }
diff --git a/lib/scram/printer.c b/lib/scram/printer.c
index e515960..e1690af 100644
--- a/lib/scram/printer.c
+++ b/lib/scram/printer.c
@@ -1,5 +1,5 @@
 /* printer.h --- Convert SCRAM token structures into strings.
- * Copyright (C) 2009  Simon Josefsson
+ * Copyright (C) 2009, 2010  Simon Josefsson
  *
  * This file is part of GNU SASL Library.
  *
@@ -42,9 +42,34 @@
 static char *
 scram_escape (const char *str)
 {
-  /* FIXME escape '=' and ',' in authzid to '=3D' and '=2C'
-     respectively. */
-  return strdup (str);
+  char *out = malloc (strlen (str) * 3 + 1);
+  char *p = out;
+
+  if (!out)
+    return NULL;
+
+  while (*str)
+    {
+      if (*str == ',')
+       {
+         memcpy (p, "=2C", 3);
+         p += 3;
+       }
+      else if (*str == '=')
+       {
+         memcpy (p, "=3D", 3);
+         p += 3;
+       }
+      else
+       {
+         *p = *str;
+         p++;
+       }
+      str++;
+    }
+  *p = '\0';
+
+  return out;
 }
 
 /* Print SCRAM client-first token into newly allocated output string
diff --git a/lib/scram/server.c b/lib/scram/server.c
index 54385eb..4926dea 100644
--- a/lib/scram/server.c
+++ b/lib/scram/server.c
@@ -1,5 +1,5 @@
 /* server.c --- SASL CRAM-MD5 server side functions.
- * Copyright (C) 2009  Simon Josefsson
+ * Copyright (C) 2009, 2010  Simon Josefsson
  *
  * This file is part of GNU SASL Library.
  *
@@ -177,6 +177,7 @@ _gsasl_scram_sha1_server_step (Gsasl_session * sctx,
        }
 
        gsasl_property_set (sctx, GSASL_AUTHID, state->cf.username);
+       gsasl_property_set (sctx, GSASL_AUTHZID, state->cf.authzid);
 
        {
          const char *p = gsasl_property_get (sctx, GSASL_SCRAM_ITER);
diff --git a/tests/scram.c b/tests/scram.c
index 5a074cf..46d68e0 100644
--- a/tests/scram.c
+++ b/tests/scram.c
@@ -33,7 +33,11 @@
 #define USERNAME "Ali Baba"
 /* "Ali " "\xC2\xAD" "Bab" "\xC2\xAA" */
 /* "Al\xC2\xAA""dd\xC2\xAD""in\xC2\xAE" */
-#define AUTHZID "joe"
+
+#define N_AUTHZID 4
+static const char *AUTHZID[N_AUTHZID] = {
+  "jas", "BAB,ABA", ",=,=", "="
+};
 
 #define EXPECTED_USERNAME "Ali Baba"
 
@@ -61,7 +65,7 @@ callback (Gsasl * ctx, Gsasl_session * sctx, Gsasl_property 
prop)
     case GSASL_AUTHZID:
       if (i & 0x01)
        {
-         gsasl_property_set (sctx, prop, AUTHZID);
+         gsasl_property_set (sctx, prop, AUTHZID[i % N_AUTHZID]);
          rc = GSASL_OK;
        }
       break;
@@ -219,7 +223,18 @@ doit (void)
        }
 
       if (debug)
-       printf ("C: %.*s\n\n", s1len, s1);
+       printf ("C: %.*s\n", s1len, s1);
+
+      {
+       const char *p = gsasl_property_fast (server, GSASL_AUTHZID);
+       if (p && strcmp (p, AUTHZID[i % N_AUTHZID]) != 0)
+         fail ("Bad authzid? %s != %s\n", p, AUTHZID[i % N_AUTHZID]);
+       if (i & 0x01 && !p)
+         fail ("Expected authzid? %d/%s\n", i, AUTHZID[i % N_AUTHZID]);
+      }
+
+      if (debug)
+       printf ("\n");
 
       gsasl_finish (client);
       gsasl_finish (server);


hooks/post-receive
-- 
GNU gsasl