diff options
Diffstat (limited to 'Swiften/SASL')
-rw-r--r-- | Swiften/SASL/EXTERNALClientAuthenticator.cpp | 8 | ||||
-rw-r--r-- | Swiften/SASL/SConscript | 1 | ||||
-rw-r--r-- | Swiften/SASL/UnitTest/EXTERNALClientAuthenticatorTest.cpp | 47 | ||||
-rw-r--r-- | Swiften/SASL/UnitTest/WindowsServicePrincipalNameTest.cpp | 10 | ||||
-rw-r--r-- | Swiften/SASL/WindowsAuthentication.cpp | 34 | ||||
-rw-r--r-- | Swiften/SASL/WindowsGSSAPIClientAuthenticator.cpp | 24 | ||||
-rw-r--r-- | Swiften/SASL/WindowsServicePrincipalName.cpp | 20 | ||||
-rw-r--r-- | Swiften/SASL/WindowsServicePrincipalName.h | 4 |
8 files changed, 101 insertions, 47 deletions
diff --git a/Swiften/SASL/EXTERNALClientAuthenticator.cpp b/Swiften/SASL/EXTERNALClientAuthenticator.cpp index 546140f..027bc89 100644 --- a/Swiften/SASL/EXTERNALClientAuthenticator.cpp +++ b/Swiften/SASL/EXTERNALClientAuthenticator.cpp @@ -12,7 +12,13 @@ EXTERNALClientAuthenticator::EXTERNALClientAuthenticator() : ClientAuthenticator } boost::optional<SafeByteArray> EXTERNALClientAuthenticator::getResponse() const { - return boost::optional<SafeByteArray>(); + const std::string& authorizationID = getAuthorizationID(); + + if (authorizationID.empty()) { + return boost::optional<SafeByteArray>(); + } else { + return createSafeByteArray(authorizationID); + } } bool EXTERNALClientAuthenticator::setChallenge(const boost::optional<ByteArray>&) { diff --git a/Swiften/SASL/SConscript b/Swiften/SASL/SConscript index 6aa3e72..8a248cc 100644 --- a/Swiften/SASL/SConscript +++ b/Swiften/SASL/SConscript @@ -23,6 +23,7 @@ swiften_env.Append(SWIFTEN_OBJECTS = [objects]) env.Append(UNITTEST_SOURCES = [ File("UnitTest/PLAINMessageTest.cpp"), File("UnitTest/PLAINClientAuthenticatorTest.cpp"), + File("UnitTest/EXTERNALClientAuthenticatorTest.cpp"), File("UnitTest/SCRAMSHA1ClientAuthenticatorTest.cpp"), File("UnitTest/DIGESTMD5PropertiesTest.cpp"), File("UnitTest/DIGESTMD5ClientAuthenticatorTest.cpp"), diff --git a/Swiften/SASL/UnitTest/EXTERNALClientAuthenticatorTest.cpp b/Swiften/SASL/UnitTest/EXTERNALClientAuthenticatorTest.cpp new file mode 100644 index 0000000..728eed6 --- /dev/null +++ b/Swiften/SASL/UnitTest/EXTERNALClientAuthenticatorTest.cpp @@ -0,0 +1,47 @@ +/* + * Copyright (c) 2017 Isode Limited. + * All rights reserved. + * See the COPYING file for more information. + */ + +#include <QA/Checker/IO.h> + +#include <cppunit/extensions/HelperMacros.h> +#include <cppunit/extensions/TestFactoryRegistry.h> + +#include <Swiften/SASL/EXTERNALClientAuthenticator.h> + +using namespace Swift; + +class EXTERNALClientAuthenticatorTest : public CppUnit::TestFixture { + CPPUNIT_TEST_SUITE(EXTERNALClientAuthenticatorTest); + CPPUNIT_TEST(testGetResponse_WithoutAuthzID); + CPPUNIT_TEST(testGetResponse_WithAuthzID); + CPPUNIT_TEST_SUITE_END(); + + public: + void testGetResponse_WithoutAuthzID() { + EXTERNALClientAuthenticator testling; + + // Authcid and password are not used (ignored) + testling.setCredentials("user", createSafeByteArray("pass")); + + boost::optional<SafeByteArray> response = testling.getResponse(); + + // No data should have been returned + bool result = !response; + + CPPUNIT_ASSERT(result); + } + + void testGetResponse_WithAuthzID() { + EXTERNALClientAuthenticator testling; + + // Authcid and password are not used (ignored) + testling.setCredentials("user", createSafeByteArray("pass"), "authz"); + + CPPUNIT_ASSERT_EQUAL(*testling.getResponse(), createSafeByteArray("authz", 5)); + } +}; + +CPPUNIT_TEST_SUITE_REGISTRATION(EXTERNALClientAuthenticatorTest); diff --git a/Swiften/SASL/UnitTest/WindowsServicePrincipalNameTest.cpp b/Swiften/SASL/UnitTest/WindowsServicePrincipalNameTest.cpp index fa07052..ef3a9b3 100644 --- a/Swiften/SASL/UnitTest/WindowsServicePrincipalNameTest.cpp +++ b/Swiften/SASL/UnitTest/WindowsServicePrincipalNameTest.cpp @@ -1,5 +1,5 @@ /* - * Copyright (c) 2015 Isode Limited. + * Copyright (c) 2015-2018 Isode Limited. * All rights reserved. * See the COPYING file for more information. */ @@ -97,16 +97,16 @@ class WindowsServicePrincipalNameTest : public CppUnit::TestFixture { WindowsServicePrincipalName spn("adlon.isode.net"); spn.setInstanceName("mlink.adlon.isode.net"); - spn.setInstancePort(6222); - CPPUNIT_ASSERT_EQUAL(spn.toString(), std::string("xmpp/mlink.adlon.isode.net:6222/adlon.isode.net")); + spn.setInstancePort(55222); + CPPUNIT_ASSERT_EQUAL(spn.toString(), std::string("xmpp/mlink.adlon.isode.net:55222/adlon.isode.net")); spn.setInstancePort(0); CPPUNIT_ASSERT_EQUAL(spn.toString(), std::string("xmpp/mlink.adlon.isode.net/adlon.isode.net")); WindowsServicePrincipalName spn2("mlink.adlon.isode.net"); - spn2.setInstancePort(6222); - CPPUNIT_ASSERT_EQUAL(spn2.toString(), std::string("xmpp/mlink.adlon.isode.net:6222")); + spn2.setInstancePort(55222); + CPPUNIT_ASSERT_EQUAL(spn2.toString(), std::string("xmpp/mlink.adlon.isode.net:55222")); spn2.setInstancePort(0); CPPUNIT_ASSERT_EQUAL(spn2.toString(), std::string("xmpp/mlink.adlon.isode.net")); diff --git a/Swiften/SASL/WindowsAuthentication.cpp b/Swiften/SASL/WindowsAuthentication.cpp index b86381b..f951fac 100644 --- a/Swiften/SASL/WindowsAuthentication.cpp +++ b/Swiften/SASL/WindowsAuthentication.cpp @@ -1,5 +1,5 @@ /* - * Copyright (c) 2015-2016 Isode Limited. + * Copyright (c) 2015-2019 Isode Limited. * All rights reserved. * See the COPYING file for more information. */ @@ -16,14 +16,14 @@ #define ASSIGN_ERROR(status, errorCode) \ { \ errorCode = std::make_shared<boost::system::error_code>(status, boost::system::system_category()); \ - SWIFT_LOG(debug) << std::hex << "status: 0x" << status << ": " << errorCode->message() << std::endl; \ + SWIFT_LOG(debug) << std::hex << "status: 0x" << status << ": " << errorCode->message(); \ } #define ASSIGN_SEC_ERROR(status, errorCode) \ { \ if (status == SEC_E_OK) \ { \ - SWIFT_LOG(debug) << "success" << std::endl; \ + SWIFT_LOG(debug) << "success"; \ } \ else { \ ASSIGN_ERROR(status, errorCode); \ @@ -46,14 +46,14 @@ std::shared_ptr<boost::system::error_code> getUserNameEx(std::string& userName, std::size_t position; userName = convertWStringToString(std::wstring(vecptr(value), length)); - SWIFT_LOG(debug) << "User Name: " << userName << std::endl; + SWIFT_LOG(debug) << "User Name: " << userName; position = userName.find("\\"); clientName = userName.substr(position + 1); - SWIFT_LOG(debug) << "Client name: " << clientName << std::endl; + SWIFT_LOG(debug) << "Client name: " << clientName; serverName = userName.substr(0, position); - SWIFT_LOG(debug) << "Server name: " << serverName << std::endl; + SWIFT_LOG(debug) << "Server name: " << serverName; break; } @@ -161,7 +161,7 @@ std::shared_ptr<boost::system::error_code> initializeSecurityContext(const boost } if ((status == SEC_E_OK) || (status == SEC_I_COMPLETE_AND_CONTINUE) || (status == SEC_I_COMPLETE_NEEDED) || (status == SEC_I_CONTINUE_NEEDED)) { outputToken = createSafeByteArray (static_cast<unsigned char *>(outputTokenBuffer.pvBuffer), outputTokenBuffer.cbBuffer); - SWIFT_LOG(debug) << "outputToken.size(): " << outputToken.size() << std::endl; + SWIFT_LOG(debug) << "outputToken.size(): " << outputToken.size(); freeContextBuffer(outputTokenBuffer.pvBuffer); return std::shared_ptr<boost::system::error_code>(); /* success */ @@ -229,7 +229,7 @@ std::shared_ptr<boost::system::error_code> decryptMessage(const PCtxtHandle cont messageBuffer[1].cbBuffer = 0; messageBuffer[1].pvBuffer = NULL; - SWIFT_LOG(debug) << "inputMessage.size(): " << inputMessage.size() << std::endl; + SWIFT_LOG(debug) << "inputMessage.size(): " << inputMessage.size(); status = DecryptMessage( contextHandle, @@ -239,13 +239,13 @@ std::shared_ptr<boost::system::error_code> decryptMessage(const PCtxtHandle cont ASSIGN_SEC_ERROR(status, errorCode); if (status == SEC_E_OK) { if (qualityOfProtection == SECQOP_WRAP_NO_ENCRYPT) { - SWIFT_LOG(debug) << "Message was signed only" << std::endl; + SWIFT_LOG(debug) << "Message was signed only"; } else { - SWIFT_LOG(debug) << "Message was encrypted" << std::endl; + SWIFT_LOG(debug) << "Message was encrypted"; } - SWIFT_LOG(debug) << "messageBuffer[1].cbBuffer: " << messageBuffer[1].cbBuffer << std::endl; + SWIFT_LOG(debug) << "messageBuffer[1].cbBuffer: " << messageBuffer[1].cbBuffer; decrypted = createSafeByteArray (static_cast<unsigned char *>(messageBuffer[1].pvBuffer), messageBuffer[1].cbBuffer); } @@ -281,9 +281,9 @@ std::shared_ptr<boost::system::error_code> encryptMessage(const PCtxtHandle cont messageBuffer[2].cbBuffer = sizes.cbBlockSize; messageBuffer[2].pvBuffer = vecptr(blockSize); - SWIFT_LOG(debug) << "sizes.cbSecurityTrailer: " << sizes.cbSecurityTrailer << std::endl; - SWIFT_LOG(debug) << "inputMessage.size(): " << inputMessage.size() << std::endl; - SWIFT_LOG(debug) << "sizes.cbBlockSize: " << sizes.cbBlockSize << std::endl; + SWIFT_LOG(debug) << "sizes.cbSecurityTrailer: " << sizes.cbSecurityTrailer; + SWIFT_LOG(debug) << "inputMessage.size(): " << inputMessage.size(); + SWIFT_LOG(debug) << "sizes.cbBlockSize: " << sizes.cbBlockSize; status = EncryptMessage( contextHandle, @@ -294,9 +294,9 @@ std::shared_ptr<boost::system::error_code> encryptMessage(const PCtxtHandle cont if (status == SEC_E_OK) { unsigned char* pointer; - SWIFT_LOG(debug) << "messageBuffer[0].cbBuffer: " << messageBuffer[0].cbBuffer << std::endl; - SWIFT_LOG(debug) << "messageBuffer[1].cbBuffer: " << messageBuffer[1].cbBuffer << std::endl; - SWIFT_LOG(debug) << "messageBuffer[2].cbBuffer: " << messageBuffer[2].cbBuffer << std::endl; + SWIFT_LOG(debug) << "messageBuffer[0].cbBuffer: " << messageBuffer[0].cbBuffer; + SWIFT_LOG(debug) << "messageBuffer[1].cbBuffer: " << messageBuffer[1].cbBuffer; + SWIFT_LOG(debug) << "messageBuffer[2].cbBuffer: " << messageBuffer[2].cbBuffer; output.resize(messageBuffer[0].cbBuffer + messageBuffer[1].cbBuffer + messageBuffer[2].cbBuffer); pointer = vecptr(output); diff --git a/Swiften/SASL/WindowsGSSAPIClientAuthenticator.cpp b/Swiften/SASL/WindowsGSSAPIClientAuthenticator.cpp index aae437f..10e8c89 100644 --- a/Swiften/SASL/WindowsGSSAPIClientAuthenticator.cpp +++ b/Swiften/SASL/WindowsGSSAPIClientAuthenticator.cpp @@ -1,5 +1,5 @@ /* - * Copyright (c) 2015-2016 Isode Limited. + * Copyright (c) 2015-2019 Isode Limited. * All rights reserved. * See the COPYING file for more information. */ @@ -44,7 +44,7 @@ WindowsGSSAPIClientAuthenticator::~WindowsGSSAPIClientAuthenticator() { } boost::optional<SafeByteArray> WindowsGSSAPIClientAuthenticator::getResponse() const { - SWIFT_LOG(debug) << "response_.size(): " << response_.size() << std::endl; + SWIFT_LOG(debug) << "response_.size(): " << response_.size(); return response_; } @@ -56,7 +56,7 @@ bool WindowsGSSAPIClientAuthenticator::setChallenge(const boost::optional<ByteAr } else if (step_ == SecurityLayerNegotiation) { if (!challengeData) { - SWIFT_LOG(debug) << "Empty message received from the server" << std::endl; + SWIFT_LOG(debug) << "Empty message received from the server"; error_ = true; return false; } @@ -68,7 +68,7 @@ bool WindowsGSSAPIClientAuthenticator::setChallenge(const boost::optional<ByteAr } if (challenge.size() != 4) { - SWIFT_LOG(debug) << "Token received from the server of incorrect length: " << challenge.size() << std::endl; + SWIFT_LOG(debug) << "Token received from the server of incorrect length: " << challenge.size(); error_ = true; return false; } @@ -77,14 +77,14 @@ bool WindowsGSSAPIClientAuthenticator::setChallenge(const boost::optional<ByteAr unsigned char serverSecurityLayer = challengePointer[0]; if (serverSecurityLayer == 0) { - SWIFT_LOG(debug) << "Server supports unknown security layer, assuming no security layer" << std::endl; + SWIFT_LOG(debug) << "Server supports unknown security layer, assuming no security layer"; serverSecurityLayer = SECURITY_LAYER_NONE; } else if (serverSecurityLayer == SECURITY_LAYER_NONE) { - SWIFT_LOG(debug) << "Server supports no security layer" << std::endl; + SWIFT_LOG(debug) << "Server supports no security layer"; } else { - SWIFT_LOG(debug) << "Server supports security layer" << std::endl; + SWIFT_LOG(debug) << "Server supports security layer"; } unsigned int serverMaximumBuffer = (challengePointer[1] << 16) | @@ -92,7 +92,7 @@ bool WindowsGSSAPIClientAuthenticator::setChallenge(const boost::optional<ByteAr (challengePointer[3] << 0); if ((serverSecurityLayer == SECURITY_LAYER_NONE) && (serverMaximumBuffer != 0)) { - SWIFT_LOG(debug) << "Server supports no security layer but has maximum buffer size" << serverMaximumBuffer << std::endl; + SWIFT_LOG(debug) << "Server supports no security layer but has maximum buffer size" << serverMaximumBuffer; error_ = true; return false; } @@ -158,7 +158,7 @@ void WindowsGSSAPIClientAuthenticator::buildSecurityContext(const boost::optiona } if (contextSupported & ISC_REQ_MUTUAL_AUTH == 0) { - SWIFT_LOG(debug) << "Mutual authentication not supported" << std::endl; + SWIFT_LOG(debug) << "Mutual authentication not supported"; error_ = true; return; } @@ -181,14 +181,14 @@ void WindowsGSSAPIClientAuthenticator::buildSecurityContext(const boost::optiona } userName_ = names.sUserName; - SWIFT_LOG(debug) << "User name: " << userName_ << std::endl; + SWIFT_LOG(debug) << "User name: " << userName_; std::size_t position = userName_.find("\\"); clientName_ = userName_.substr(position + 1); - SWIFT_LOG(debug) << "Client name: " << clientName_ << std::endl; + SWIFT_LOG(debug) << "Client name: " << clientName_; serverName_ = userName_.substr(0, position); - SWIFT_LOG(debug) << "Server name: " << serverName_ << std::endl; + SWIFT_LOG(debug) << "Server name: " << serverName_; freeContextBuffer(names.sUserName); step_ = SecurityLayerNegotiation; diff --git a/Swiften/SASL/WindowsServicePrincipalName.cpp b/Swiften/SASL/WindowsServicePrincipalName.cpp index 419395c..6c87925 100644 --- a/Swiften/SASL/WindowsServicePrincipalName.cpp +++ b/Swiften/SASL/WindowsServicePrincipalName.cpp @@ -64,7 +64,7 @@ std::string WindowsServicePrincipalName::toString() { firstCall = false; } - SWIFT_LOG(debug) << "SPN: " << str << std::endl; + SWIFT_LOG(debug) << "SPN: " << str; return str; } @@ -72,17 +72,17 @@ DWORD WindowsServicePrincipalName::dsMakeSpn(DWORD* length, wchar_t* value) { DWORD status; #ifdef UNICODE - SWIFT_LOG(debug) << "UNICODE is defined" << std::endl; + SWIFT_LOG(debug) << "UNICODE is defined"; #else - SWIFT_LOG(debug) << "UNICODE is not defined" << std::endl; + SWIFT_LOG(debug) << "UNICODE is not defined"; #endif - SWIFT_LOG(debug) << "serviceClass_: " << convertWStringToString(serviceClass_.c_str()) << std::endl; - SWIFT_LOG(debug) << "serviceName_: " << convertWStringToString(serviceName_.c_str()) << std::endl; - SWIFT_LOG(debug) << "instanceName_: " << convertWStringToString(instanceName_.c_str()) << std::endl; - SWIFT_LOG(debug) << "referrer_: " << convertWStringToString(referrer_.c_str()) << std::endl; - SWIFT_LOG(debug) << "instancePort_: " << instancePort_ << std::endl; - SWIFT_LOG(debug) << "length: " << *length << std::endl; + SWIFT_LOG(debug) << "serviceClass_: " << convertWStringToString(serviceClass_.c_str()); + SWIFT_LOG(debug) << "serviceName_: " << convertWStringToString(serviceName_.c_str()); + SWIFT_LOG(debug) << "instanceName_: " << convertWStringToString(instanceName_.c_str()); + SWIFT_LOG(debug) << "referrer_: " << convertWStringToString(referrer_.c_str()); + SWIFT_LOG(debug) << "instancePort_: " << instancePort_; + SWIFT_LOG(debug) << "length: " << *length; /* Call the Unicode function because that is recommended: https://msdn.microsoft.com/en-us/library/windows/desktop/ff381407%28v=vs.85%29.aspx */ @@ -97,7 +97,7 @@ https://msdn.microsoft.com/en-us/library/windows/desktop/ff381407%28v=vs.85%29.a if (status != ERROR_SUCCESS) { boost::system::error_code errorCode(status, boost::system::system_category()); - SWIFT_LOG(debug) << std::hex << "status: 0x" << status << ": " << errorCode.message() << std::endl; + SWIFT_LOG(debug) << std::hex << "status: 0x" << status << ": " << errorCode.message(); } return status; diff --git a/Swiften/SASL/WindowsServicePrincipalName.h b/Swiften/SASL/WindowsServicePrincipalName.h index 4c9f557..2e4e5c4 100644 --- a/Swiften/SASL/WindowsServicePrincipalName.h +++ b/Swiften/SASL/WindowsServicePrincipalName.h @@ -1,5 +1,5 @@ /* - * Copyright (c) 2015 Isode Limited. + * Copyright (c) 2015-2018 Isode Limited. * All rights reserved. * See the COPYING file for more information. */ @@ -49,7 +49,7 @@ namespace Swift { * it remain 0 to indicate that the default port is * used. */ - void setInstancePort(short int instancePort) { instancePort_ = instancePort; } + void setInstancePort(unsigned short instancePort) { instancePort_ = instancePort; } /* * This follows the rules of SPN creation on Windows and |