summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorRemko Tronçon <git@el-tramo.be>2009-11-22 18:43:53 (GMT)
committerRemko Tronçon <git@el-tramo.be>2009-11-22 18:43:53 (GMT)
commit1e0c7d5c9d53ee6678a5f27d554710e6ae56d2da (patch)
tree5bcc524e6b45c34d8fbba6394102ca28cd1899c0 /Swiften/SASL
parent2c4ea892d1da498e486ce48d80de0eee547375f2 (diff)
downloadswift-contrib-1e0c7d5c9d53ee6678a5f27d554710e6ae56d2da.zip
swift-contrib-1e0c7d5c9d53ee6678a5f27d554710e6ae56d2da.tar.bz2
Fix bug in SCRAM-SHA-1 authzid handling.
Diffstat (limited to 'Swiften/SASL')
-rw-r--r--Swiften/SASL/SCRAMSHA1ClientAuthenticator.cpp33
-rw-r--r--Swiften/SASL/SCRAMSHA1ClientAuthenticator.h3
-rw-r--r--Swiften/SASL/UnitTest/SCRAMSHA1ClientAuthenticatorTest.cpp12
3 files changed, 32 insertions, 16 deletions
diff --git a/Swiften/SASL/SCRAMSHA1ClientAuthenticator.cpp b/Swiften/SASL/SCRAMSHA1ClientAuthenticator.cpp
index 8621b85..a261810 100644
--- a/Swiften/SASL/SCRAMSHA1ClientAuthenticator.cpp
+++ b/Swiften/SASL/SCRAMSHA1ClientAuthenticator.cpp
@@ -12,6 +12,23 @@
namespace Swift {
+static String escape(const String& s) {
+ String result;
+ for (size_t i = 0; i < s.getUTF8Size(); ++i) {
+ if (s[i] == ',') {
+ result += "=2C";
+ }
+ else if (s[i] == '=') {
+ result += "=3D";
+ }
+ else {
+ result += s[i];
+ }
+ }
+ return result;
+}
+
+
SCRAMSHA1ClientAuthenticator::SCRAMSHA1ClientAuthenticator(const String& nonce) : ClientAuthenticator("SCRAM-SHA-1"), step(Initial), clientnonce(nonce) {
}
@@ -109,23 +126,11 @@ std::map<char, String> SCRAMSHA1ClientAuthenticator::parseMap(const String& s) {
ByteArray SCRAMSHA1ClientAuthenticator::getInitialBareClientMessage() const {
String authenticationID = StringPrep::getPrepared(getAuthenticationID(), StringPrep::SASLPrep);
- String escapedAuthenticationID;
- for (size_t i = 0; i < authenticationID.getUTF8Size(); ++i) {
- if (authenticationID[i] == ',') {
- escapedAuthenticationID += "=2C";
- }
- else if (authenticationID[i] == '=') {
- escapedAuthenticationID += "=3D";
- }
- else {
- escapedAuthenticationID += authenticationID[i];
- }
- }
- return ByteArray(String("n=" + escapedAuthenticationID + ",r=" + clientnonce));
+ return ByteArray(String("n=" + escape(authenticationID) + ",r=" + clientnonce));
}
ByteArray SCRAMSHA1ClientAuthenticator::getGS2Header() const {
- return ByteArray("n,") + getAuthorizationID() + ",";
+ return ByteArray("n,") + (getAuthorizationID().isEmpty() ? "" : "a=" + escape(getAuthorizationID())) + ",";
}
}
diff --git a/Swiften/SASL/SCRAMSHA1ClientAuthenticator.h b/Swiften/SASL/SCRAMSHA1ClientAuthenticator.h
index b8aaa17..6636139 100644
--- a/Swiften/SASL/SCRAMSHA1ClientAuthenticator.h
+++ b/Swiften/SASL/SCRAMSHA1ClientAuthenticator.h
@@ -16,9 +16,10 @@ namespace Swift {
private:
ByteArray getInitialBareClientMessage() const;
- static std::map<char, String> parseMap(const String&);
ByteArray getGS2Header() const;
+ static std::map<char, String> parseMap(const String&);
+
private:
enum Step {
Initial,
diff --git a/Swiften/SASL/UnitTest/SCRAMSHA1ClientAuthenticatorTest.cpp b/Swiften/SASL/UnitTest/SCRAMSHA1ClientAuthenticatorTest.cpp
index 6f64100..5eedeb2 100644
--- a/Swiften/SASL/UnitTest/SCRAMSHA1ClientAuthenticatorTest.cpp
+++ b/Swiften/SASL/UnitTest/SCRAMSHA1ClientAuthenticatorTest.cpp
@@ -11,6 +11,7 @@ class SCRAMSHA1ClientAuthenticatorTest : public CppUnit::TestFixture {
CPPUNIT_TEST(testGetInitialResponse);
CPPUNIT_TEST(testGetInitialResponse_UsernameHasSpecialChars);
CPPUNIT_TEST(testGetInitialResponse_WithAuthorizationID);
+ CPPUNIT_TEST(testGetInitialResponse_WithAuthorizationIDWithSpecialChars);
CPPUNIT_TEST(testGetFinalResponse);
CPPUNIT_TEST(testSetChallenge);
CPPUNIT_TEST(testSetChallenge_InvalidClientNonce);
@@ -51,7 +52,16 @@ class SCRAMSHA1ClientAuthenticatorTest : public CppUnit::TestFixture {
ByteArray response = testling.getResponse();
- CPPUNIT_ASSERT_EQUAL(String("n,auth,n=user,r=abcdefghABCDEFGH"), testling.getResponse().toString());
+ CPPUNIT_ASSERT_EQUAL(String("n,a=auth,n=user,r=abcdefghABCDEFGH"), testling.getResponse().toString());
+ }
+
+ void testGetInitialResponse_WithAuthorizationIDWithSpecialChars() {
+ SCRAMSHA1ClientAuthenticator testling("abcdefghABCDEFGH");
+ testling.setCredentials("user", "pass", "a=u,th");
+
+ ByteArray response = testling.getResponse();
+
+ CPPUNIT_ASSERT_EQUAL(String("n,a=a=3Du=2Cth,n=user,r=abcdefghABCDEFGH"), testling.getResponse().toString());
}
void testGetFinalResponse() {