From 1e0c7d5c9d53ee6678a5f27d554710e6ae56d2da Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Remko=20Tron=C3=A7on?= Date: Sun, 22 Nov 2009 19:43:53 +0100 Subject: Fix bug in SCRAM-SHA-1 authzid handling. diff --git a/Swiften/SASL/SCRAMSHA1ClientAuthenticator.cpp b/Swiften/SASL/SCRAMSHA1ClientAuthenticator.cpp index 8621b85..a261810 100644 --- a/Swiften/SASL/SCRAMSHA1ClientAuthenticator.cpp +++ b/Swiften/SASL/SCRAMSHA1ClientAuthenticator.cpp @@ -12,6 +12,23 @@ namespace Swift { +static String escape(const String& s) { + String result; + for (size_t i = 0; i < s.getUTF8Size(); ++i) { + if (s[i] == ',') { + result += "=2C"; + } + else if (s[i] == '=') { + result += "=3D"; + } + else { + result += s[i]; + } + } + return result; +} + + SCRAMSHA1ClientAuthenticator::SCRAMSHA1ClientAuthenticator(const String& nonce) : ClientAuthenticator("SCRAM-SHA-1"), step(Initial), clientnonce(nonce) { } @@ -109,23 +126,11 @@ std::map SCRAMSHA1ClientAuthenticator::parseMap(const String& s) { ByteArray SCRAMSHA1ClientAuthenticator::getInitialBareClientMessage() const { String authenticationID = StringPrep::getPrepared(getAuthenticationID(), StringPrep::SASLPrep); - String escapedAuthenticationID; - for (size_t i = 0; i < authenticationID.getUTF8Size(); ++i) { - if (authenticationID[i] == ',') { - escapedAuthenticationID += "=2C"; - } - else if (authenticationID[i] == '=') { - escapedAuthenticationID += "=3D"; - } - else { - escapedAuthenticationID += authenticationID[i]; - } - } - return ByteArray(String("n=" + escapedAuthenticationID + ",r=" + clientnonce)); + return ByteArray(String("n=" + escape(authenticationID) + ",r=" + clientnonce)); } ByteArray SCRAMSHA1ClientAuthenticator::getGS2Header() const { - return ByteArray("n,") + getAuthorizationID() + ","; + return ByteArray("n,") + (getAuthorizationID().isEmpty() ? "" : "a=" + escape(getAuthorizationID())) + ","; } } diff --git a/Swiften/SASL/SCRAMSHA1ClientAuthenticator.h b/Swiften/SASL/SCRAMSHA1ClientAuthenticator.h index b8aaa17..6636139 100644 --- a/Swiften/SASL/SCRAMSHA1ClientAuthenticator.h +++ b/Swiften/SASL/SCRAMSHA1ClientAuthenticator.h @@ -16,9 +16,10 @@ namespace Swift { private: ByteArray getInitialBareClientMessage() const; - static std::map parseMap(const String&); ByteArray getGS2Header() const; + static std::map parseMap(const String&); + private: enum Step { Initial, diff --git a/Swiften/SASL/UnitTest/SCRAMSHA1ClientAuthenticatorTest.cpp b/Swiften/SASL/UnitTest/SCRAMSHA1ClientAuthenticatorTest.cpp index 6f64100..5eedeb2 100644 --- a/Swiften/SASL/UnitTest/SCRAMSHA1ClientAuthenticatorTest.cpp +++ b/Swiften/SASL/UnitTest/SCRAMSHA1ClientAuthenticatorTest.cpp @@ -11,6 +11,7 @@ class SCRAMSHA1ClientAuthenticatorTest : public CppUnit::TestFixture { CPPUNIT_TEST(testGetInitialResponse); CPPUNIT_TEST(testGetInitialResponse_UsernameHasSpecialChars); CPPUNIT_TEST(testGetInitialResponse_WithAuthorizationID); + CPPUNIT_TEST(testGetInitialResponse_WithAuthorizationIDWithSpecialChars); CPPUNIT_TEST(testGetFinalResponse); CPPUNIT_TEST(testSetChallenge); CPPUNIT_TEST(testSetChallenge_InvalidClientNonce); @@ -51,7 +52,16 @@ class SCRAMSHA1ClientAuthenticatorTest : public CppUnit::TestFixture { ByteArray response = testling.getResponse(); - CPPUNIT_ASSERT_EQUAL(String("n,auth,n=user,r=abcdefghABCDEFGH"), testling.getResponse().toString()); + CPPUNIT_ASSERT_EQUAL(String("n,a=auth,n=user,r=abcdefghABCDEFGH"), testling.getResponse().toString()); + } + + void testGetInitialResponse_WithAuthorizationIDWithSpecialChars() { + SCRAMSHA1ClientAuthenticator testling("abcdefghABCDEFGH"); + testling.setCredentials("user", "pass", "a=u,th"); + + ByteArray response = testling.getResponse(); + + CPPUNIT_ASSERT_EQUAL(String("n,a=a=3Du=2Cth,n=user,r=abcdefghABCDEFGH"), testling.getResponse().toString()); } void testGetFinalResponse() { -- cgit v0.10.2-6-g49f6