diff options
author | Remko Tronçon <git@el-tramo.be> | 2009-11-22 18:43:53 (GMT) |
---|---|---|
committer | Remko Tronçon <git@el-tramo.be> | 2009-11-22 18:43:53 (GMT) |
commit | 1e0c7d5c9d53ee6678a5f27d554710e6ae56d2da (patch) | |
tree | 5bcc524e6b45c34d8fbba6394102ca28cd1899c0 /Swiften/SASL | |
parent | 2c4ea892d1da498e486ce48d80de0eee547375f2 (diff) | |
download | swift-1e0c7d5c9d53ee6678a5f27d554710e6ae56d2da.zip swift-1e0c7d5c9d53ee6678a5f27d554710e6ae56d2da.tar.bz2 |
Fix bug in SCRAM-SHA-1 authzid handling.
Diffstat (limited to 'Swiften/SASL')
-rw-r--r-- | Swiften/SASL/SCRAMSHA1ClientAuthenticator.cpp | 33 | ||||
-rw-r--r-- | Swiften/SASL/SCRAMSHA1ClientAuthenticator.h | 3 | ||||
-rw-r--r-- | Swiften/SASL/UnitTest/SCRAMSHA1ClientAuthenticatorTest.cpp | 12 |
3 files changed, 32 insertions, 16 deletions
diff --git a/Swiften/SASL/SCRAMSHA1ClientAuthenticator.cpp b/Swiften/SASL/SCRAMSHA1ClientAuthenticator.cpp index 8621b85..a261810 100644 --- a/Swiften/SASL/SCRAMSHA1ClientAuthenticator.cpp +++ b/Swiften/SASL/SCRAMSHA1ClientAuthenticator.cpp @@ -12,6 +12,23 @@ namespace Swift { +static String escape(const String& s) { + String result; + for (size_t i = 0; i < s.getUTF8Size(); ++i) { + if (s[i] == ',') { + result += "=2C"; + } + else if (s[i] == '=') { + result += "=3D"; + } + else { + result += s[i]; + } + } + return result; +} + + SCRAMSHA1ClientAuthenticator::SCRAMSHA1ClientAuthenticator(const String& nonce) : ClientAuthenticator("SCRAM-SHA-1"), step(Initial), clientnonce(nonce) { } @@ -109,23 +126,11 @@ std::map<char, String> SCRAMSHA1ClientAuthenticator::parseMap(const String& s) { ByteArray SCRAMSHA1ClientAuthenticator::getInitialBareClientMessage() const { String authenticationID = StringPrep::getPrepared(getAuthenticationID(), StringPrep::SASLPrep); - String escapedAuthenticationID; - for (size_t i = 0; i < authenticationID.getUTF8Size(); ++i) { - if (authenticationID[i] == ',') { - escapedAuthenticationID += "=2C"; - } - else if (authenticationID[i] == '=') { - escapedAuthenticationID += "=3D"; - } - else { - escapedAuthenticationID += authenticationID[i]; - } - } - return ByteArray(String("n=" + escapedAuthenticationID + ",r=" + clientnonce)); + return ByteArray(String("n=" + escape(authenticationID) + ",r=" + clientnonce)); } ByteArray SCRAMSHA1ClientAuthenticator::getGS2Header() const { - return ByteArray("n,") + getAuthorizationID() + ","; + return ByteArray("n,") + (getAuthorizationID().isEmpty() ? "" : "a=" + escape(getAuthorizationID())) + ","; } } diff --git a/Swiften/SASL/SCRAMSHA1ClientAuthenticator.h b/Swiften/SASL/SCRAMSHA1ClientAuthenticator.h index b8aaa17..6636139 100644 --- a/Swiften/SASL/SCRAMSHA1ClientAuthenticator.h +++ b/Swiften/SASL/SCRAMSHA1ClientAuthenticator.h @@ -16,9 +16,10 @@ namespace Swift { private: ByteArray getInitialBareClientMessage() const; - static std::map<char, String> parseMap(const String&); ByteArray getGS2Header() const; + static std::map<char, String> parseMap(const String&); + private: enum Step { Initial, diff --git a/Swiften/SASL/UnitTest/SCRAMSHA1ClientAuthenticatorTest.cpp b/Swiften/SASL/UnitTest/SCRAMSHA1ClientAuthenticatorTest.cpp index 6f64100..5eedeb2 100644 --- a/Swiften/SASL/UnitTest/SCRAMSHA1ClientAuthenticatorTest.cpp +++ b/Swiften/SASL/UnitTest/SCRAMSHA1ClientAuthenticatorTest.cpp @@ -11,6 +11,7 @@ class SCRAMSHA1ClientAuthenticatorTest : public CppUnit::TestFixture { CPPUNIT_TEST(testGetInitialResponse); CPPUNIT_TEST(testGetInitialResponse_UsernameHasSpecialChars); CPPUNIT_TEST(testGetInitialResponse_WithAuthorizationID); + CPPUNIT_TEST(testGetInitialResponse_WithAuthorizationIDWithSpecialChars); CPPUNIT_TEST(testGetFinalResponse); CPPUNIT_TEST(testSetChallenge); CPPUNIT_TEST(testSetChallenge_InvalidClientNonce); @@ -51,7 +52,16 @@ class SCRAMSHA1ClientAuthenticatorTest : public CppUnit::TestFixture { ByteArray response = testling.getResponse(); - CPPUNIT_ASSERT_EQUAL(String("n,auth,n=user,r=abcdefghABCDEFGH"), testling.getResponse().toString()); + CPPUNIT_ASSERT_EQUAL(String("n,a=auth,n=user,r=abcdefghABCDEFGH"), testling.getResponse().toString()); + } + + void testGetInitialResponse_WithAuthorizationIDWithSpecialChars() { + SCRAMSHA1ClientAuthenticator testling("abcdefghABCDEFGH"); + testling.setCredentials("user", "pass", "a=u,th"); + + ByteArray response = testling.getResponse(); + + CPPUNIT_ASSERT_EQUAL(String("n,a=a=3Du=2Cth,n=user,r=abcdefghABCDEFGH"), testling.getResponse().toString()); } void testGetFinalResponse() { |