Introduce safe containers for storing passwords.

author: Remko Tronçon <git@el-tramo.be> 2011-05-18 13:45:41 (GMT)
committer: Remko Tronçon <git@el-tramo.be> 2011-05-18 14:24:28 (GMT)
commit: 23fa0f462ddd0c686c677bfe5d4d743621432b7e (patch)
tree: b8f0ea1860640f89eafba2460cc5d45bf28fc77c /Swiften/Client
parent: 2456a8b12163b3249b6b9164b601c36772eb05a1 (diff)
download: swift-23fa0f462ddd0c686c677bfe5d4d743621432b7e.zip
swift-23fa0f462ddd0c686c677bfe5d4d743621432b7e.tar.bz2
7 files changed, 17 insertions, 10 deletions
diff --git a/Swiften/Client/Client.cpp b/Swiften/Client/Client.cpp
index 13071ac..c53bcaf 100644
--- a/Swiften/Client/Client.cpp
+++ b/Swiften/Client/Client.cpp
@@ -29,7 +29,7 @@
 
 namespace Swift {
 
-Client::Client(const JID& jid, const std::string& password, NetworkFactories* networkFactories, Storages* storages) : CoreClient(jid, password, networkFactories), storages(storages) {
+Client::Client(const JID& jid, const SafeString& password, NetworkFactories* networkFactories, Storages* storages) : CoreClient(jid, password, networkFactories), storages(storages) {
 	memoryStorages = new MemoryStorages();
 
 	softwareVersionResponder = new SoftwareVersionResponder(getIQRouter());
diff --git a/Swiften/Client/Client.h b/Swiften/Client/Client.h
index 05c1e6e..bee9d5c 100644
--- a/Swiften/Client/Client.h
+++ b/Swiften/Client/Client.h
@@ -47,7 +47,7 @@ namespace Swift {
 			 *	this is NULL,
 			 *	all data will be stored in memory (and be lost on shutdown)
 			 */
-			Client(const JID& jid, const std::string& password, NetworkFactories* networkFactories, Storages* storages = NULL);
+			Client(const JID& jid, const SafeString& password, NetworkFactories* networkFactories, Storages* storages = NULL);
 			~Client();
 
 
diff --git a/Swiften/Client/ClientSession.cpp b/Swiften/Client/ClientSession.cpp
index 846a5e7..57d9c12 100644
--- a/Swiften/Client/ClientSession.cpp
+++ b/Swiften/Client/ClientSession.cpp
@@ -12,6 +12,7 @@
 #include <boost/uuid/uuid_generators.hpp>
 #include <boost/smart_ptr/make_shared.hpp>
 
+#include <Swiften/Base/SafeString.h>
 #include <Swiften/Elements/ProtocolHeader.h>
 #include <Swiften/Elements/StreamFeatures.h>
 #include <Swiften/Elements/StreamError.h>
@@ -185,7 +186,7 @@ void ClientSession::handleElement(boost::shared_ptr<Element> element) {
 			if (stream->hasTLSCertificate()) {
 				if (streamFeatures->hasAuthenticationMechanism("EXTERNAL")) {
 					state = Authenticating;
-					stream->writeElement(boost::make_shared<AuthRequest>("EXTERNAL", createByteArray("")));
+					stream->writeElement(boost::make_shared<AuthRequest>("EXTERNAL", createSafeByteArray("")));
 				}
 				else {
 					finishSession(Error::TLSClientCertificateError);
@@ -193,7 +194,7 @@ void ClientSession::handleElement(boost::shared_ptr<Element> element) {
 			}
 			else if (streamFeatures->hasAuthenticationMechanism("EXTERNAL")) {
 				state = Authenticating;
-				stream->writeElement(boost::make_shared<AuthRequest>("EXTERNAL", createByteArray("")));
+				stream->writeElement(boost::make_shared<AuthRequest>("EXTERNAL", createSafeByteArray("")));
 			}
 			else if (streamFeatures->hasAuthenticationMechanism("SCRAM-SHA-1") || streamFeatures->hasAuthenticationMechanism("SCRAM-SHA-1-PLUS")) {
 				std::ostringstream s;
@@ -275,6 +276,8 @@ void ClientSession::handleElement(boost::shared_ptr<Element> element) {
 	else if (AuthSuccess* authSuccess = dynamic_cast<AuthSuccess*>(element.get())) {
 		checkState(Authenticating);
 		if (authenticator && !authenticator->setChallenge(authSuccess->getValue())) {
+			delete authenticator;
+			authenticator = NULL;
 			finishSession(Error::ServerVerificationFailedError);
 		}
 		else {
@@ -336,7 +339,7 @@ bool ClientSession::checkState(State state) {
 	return true;
 }
 
-void ClientSession::sendCredentials(const std::string& password) {
+void ClientSession::sendCredentials(const SafeString& password) {
 	assert(WaitingForCredentials);
 	state = Authenticating;
 	authenticator->setCredentials(localJID.getNode(), password);
diff --git a/Swiften/Client/ClientSession.h b/Swiften/Client/ClientSession.h
index 9022b16..246388a 100644
--- a/Swiften/Client/ClientSession.h
+++ b/Swiften/Client/ClientSession.h
@@ -21,6 +21,7 @@
 namespace Swift {
 	class ClientAuthenticator;
 	class CertificateTrustChecker;
+	class SafeString;
 
 	class ClientSession : public boost::enable_shared_from_this<ClientSession> {
 		public:
@@ -104,7 +105,7 @@ namespace Swift {
 				return getState() == Finished;
 			}
 
-			void sendCredentials(const std::string& password);
+			void sendCredentials(const SafeString& password);
 			void sendStanza(boost::shared_ptr<Stanza>);
 
 			void setCertificateTrustChecker(CertificateTrustChecker* checker) {
diff --git a/Swiften/Client/CoreClient.cpp b/Swiften/Client/CoreClient.cpp
index a17696f..9521bd9 100644
--- a/Swiften/Client/CoreClient.cpp
+++ b/Swiften/Client/CoreClient.cpp
@@ -27,7 +27,7 @@
 
 namespace Swift {
 
-CoreClient::CoreClient(const JID& jid, const std::string& password, NetworkFactories* networkFactories) : jid_(jid), password_(password), networkFactories(networkFactories), disconnectRequested_(false), certificateTrustChecker(NULL) {
+CoreClient::CoreClient(const JID& jid, const SafeString& password, NetworkFactories* networkFactories) : jid_(jid), password_(password), networkFactories(networkFactories), disconnectRequested_(false), certificateTrustChecker(NULL) {
 	stanzaChannel_ = new ClientSessionStanzaChannel();
 	stanzaChannel_->onMessageReceived.connect(boost::bind(&CoreClient::handleMessageReceived, this, _1));
 	stanzaChannel_->onPresenceReceived.connect(boost::bind(&CoreClient::handlePresenceReceived, this, _1));
@@ -97,7 +97,7 @@ void CoreClient::handleConnectorFinished(boost::shared_ptr<Connection> connectio
 		assert(!sessionStream_);
 		sessionStream_ = boost::make_shared<BasicSessionStream>(ClientStreamType, connection_, getPayloadParserFactories(), getPayloadSerializers(), tlsFactories->getTLSContextFactory(), networkFactories->getTimerFactory());
 		if (!certificate_.empty()) {
-			sessionStream_->setTLSCertificate(PKCS12Certificate(certificate_, password_));
+			sessionStream_->setTLSCertificate(PKCS12Certificate(certificate_, password_.toString()));
 		}
 		sessionStream_->onDataRead.connect(boost::bind(&CoreClient::handleDataRead, this, _1));
 		sessionStream_->onDataWritten.connect(boost::bind(&CoreClient::handleDataWritten, this, _1));
diff --git a/Swiften/Client/CoreClient.h b/Swiften/Client/CoreClient.h
index 7c46fe7..6dc8392 100644
--- a/Swiften/Client/CoreClient.h
+++ b/Swiften/Client/CoreClient.h
@@ -14,6 +14,7 @@
 #include <Swiften/JID/JID.h>
 #include <Swiften/Client/ClientError.h>
 #include <Swiften/Client/ClientOptions.h>
+#include <Swiften/Base/SafeString.h>
 
 namespace Swift {
 	class ChainedConnector;
@@ -33,6 +34,7 @@ namespace Swift {
 	class CertificateTrustChecker;
 	class NetworkFactories;
 	class ClientSessionStanzaChannel;
+	class SafeString;
 
 	/** 
 	 * The central class for communicating with an XMPP server.
@@ -50,7 +52,7 @@ namespace Swift {
 			 * Constructs a client for the given JID with the given password.
 			 * The given eventLoop will be used to post events to.
 			 */
-			CoreClient(const JID& jid, const std::string& password, NetworkFactories* networkFactories);
+			CoreClient(const JID& jid, const SafeString& password, NetworkFactories* networkFactories);
 			~CoreClient();
 
 			void setCertificate(const std::string& certificate);
@@ -200,7 +202,7 @@ namespace Swift {
 
 		private:
 			JID jid_;
-			std::string password_;
+			SafeString password_;
 			NetworkFactories* networkFactories;
 			ClientSessionStanzaChannel* stanzaChannel_;
 			IQRouter* iqRouter_;
diff --git a/Swiften/Client/UnitTest/ClientSessionTest.cpp b/Swiften/Client/UnitTest/ClientSessionTest.cpp
index 25476c0..6918be8 100644
--- a/Swiften/Client/UnitTest/ClientSessionTest.cpp
+++ b/Swiften/Client/UnitTest/ClientSessionTest.cpp
@@ -11,6 +11,7 @@
 #include <boost/optional.hpp>
 #include <boost/smart_ptr/make_shared.hpp>
 
+#include <Swiften/Base/SafeString.h>
 #include <Swiften/Session/SessionStream.h>
 #include <Swiften/Client/ClientSession.h>
 #include <Swiften/Elements/Message.h>
author	Remko Tronçon <git@el-tramo.be>	2011-05-18 13:45:41 (GMT)
committer	Remko Tronçon <git@el-tramo.be>	2011-05-18 14:24:28 (GMT)
commit	23fa0f462ddd0c686c677bfe5d4d743621432b7e (patch)
tree	b8f0ea1860640f89eafba2460cc5d45bf28fc77c /Swiften/Client
parent	2456a8b12163b3249b6b9164b601c36772eb05a1 (diff)
download	swift-23fa0f462ddd0c686c677bfe5d4d743621432b7e.zip swift-23fa0f462ddd0c686c677bfe5d4d743621432b7e.tar.bz2