[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
CVS gsasl/lib/digest-md5
From: |
gsasl-commit |
Subject: |
CVS gsasl/lib/digest-md5 |
Date: |
Sun, 19 Dec 2004 06:35:49 +0100 |
Update of /home/cvs/gsasl/lib/digest-md5
In directory dopio:/tmp/cvs-serv32116
Modified Files:
validate.h validate.c parser.c
Log Message:
Move more validation logic from parser.c to validate.*.
--- /home/cvs/gsasl/lib/digest-md5/validate.h 2004/12/19 03:11:15 1.1
+++ /home/cvs/gsasl/lib/digest-md5/validate.h 2004/12/19 05:35:49 1.2
@@ -26,6 +26,12 @@
/* Get token types. */
#include "tokens.h"
+extern int digest_md5_validate_challenge (digest_md5_challenge *c);
+
+extern int digest_md5_validate_response (digest_md5_response *r);
+
+extern int digest_md5_validate_finish (digest_md5_finish *f);
+
extern int digest_md5_validate (digest_md5_challenge *c,
digest_md5_response *r);
--- /home/cvs/gsasl/lib/digest-md5/validate.c 2004/12/19 03:12:40 1.1
+++ /home/cvs/gsasl/lib/digest-md5/validate.c 2004/12/19 05:35:49 1.2
@@ -27,6 +27,84 @@
/* Get prototypes. */
#include "validate.h"
+/* Get strcmp, strlen. */
+#include <string.h>
+
+int
+digest_md5_validate_challenge (digest_md5_challenge *c)
+{
+ /* This directive is required and MUST appear exactly once; if
+ not present, or if multiple instances are present, the
+ client should abort the authentication exchange. */
+ if (!c->nonce)
+ return -1;
+
+ /* This directive must be present exactly once if "auth-conf" is
+ offered in the "qop-options" directive */
+ if (c->ciphers && !(c->qops & DIGEST_MD5_QOP_AUTH_CONF))
+ return -1;
+ if (!c->ciphers && (c->qops & DIGEST_MD5_QOP_AUTH_CONF))
+ return -1;
+
+ return 0;
+}
+
+int
+digest_md5_validate_response (digest_md5_response *r)
+{
+ /* This directive is required and MUST be present exactly
+ once; otherwise, authentication fails. */
+ if (!r->username)
+ return -1;
+
+ /* This directive is required and MUST be present exactly
+ once; otherwise, authentication fails. */
+ if (!r->nonce)
+ return -1;
+
+ /* This directive is required and MUST be present exactly once;
+ otherwise, authentication fails. */
+ if (!r->cnonce)
+ return -1;
+
+ /* This directive is required and MUST be present exactly once;
+ otherwise, authentication fails. */
+ if (!r->nc)
+ return -1;
+
+ /* This directive is required and MUST be present exactly
+ once; if multiple instances are present, the client MUST
+ abort the authentication exchange. */
+ if (!r->digesturi)
+ return -1;
+
+ /* This directive is required and MUST be present exactly
+ once; otherwise, authentication fails. */
+ if (!*r->response)
+ return -1;
+
+ if (strlen (r->response) != DIGEST_MD5_RESPONSE_LENGTH)
+ return -1;
+
+ /* This directive MUST appear exactly once if "auth-conf" is
+ negotiated; if required and not present, authentication fails. */
+ if (r->qop == DIGEST_MD5_QOP_AUTH_CONF && !r->cipher)
+ return -1;
+ if (r->qop != DIGEST_MD5_QOP_AUTH_CONF && r->cipher)
+ return -1;
+
+ return 0;
+}
+
+int
+digest_md5_validate_finish (digest_md5_finish *f)
+{
+ if (!f->rspauth)
+ return -1;
+
+ return 0;
+}
+
int
digest_md5_validate (digest_md5_challenge *c, digest_md5_response *r)
{
--- /home/cvs/gsasl/lib/digest-md5/parser.c 2004/12/19 04:03:40 1.9
+++ /home/cvs/gsasl/lib/digest-md5/parser.c 2004/12/19 05:35:49 1.10
@@ -275,7 +275,17 @@
/* if the client recognizes no cipher, it MUST behave as if
"auth-conf" qop option wasn't provided by the server. */
if (!out->ciphers)
- disable_qop_auth_conf = 1;
+ {
+ disable_qop_auth_conf = 1;
+ if (out->qops)
+ {
+ /* if the client recognizes no option, it MUST abort the
+ authentication exchange. */
+ out->qops &= ~DIGEST_MD5_QOP_AUTH_CONF;
+ if (!out->qops)
+ return -1;
+ }
+ }
break;
default:
@@ -283,25 +293,14 @@
break;
}
- /* Validate that we have the mandatory fields. */
-
- /* This directive is required and MUST appear exactly once; if
- not present, or if multiple instances are present, the
- client should abort the authentication exchange. */
- if (!out->nonce)
- return -1;
-
/* This directive is required and MUST appear exactly once; if
not present, or if multiple instances are present, the
client SHOULD abort the authentication exchange. */
if (!done_algorithm)
return -1;
- /* This directive must be present exactly once if "auth-conf" is
- offered in the "qop-options" directive */
- if (out->ciphers && !(out->qops & DIGEST_MD5_QOP_AUTH_CONF))
- return -1;
- if (!out->ciphers && (out->qops & DIGEST_MD5_QOP_AUTH_CONF))
+ /* Validate that we have the mandatory fields. */
+ if (digest_md5_validate_challenge (out) != 0)
return -1;
return 0;
@@ -439,12 +438,12 @@
case RESPONSE_RESPONSE:
/* This directive is required and MUST be present exactly
once; otherwise, authentication fails. */
- if (out->response)
+ if (*out->response)
return -1;
- /* FIXME: sub-parse. */
- out->response = strdup (value);
- if (!out->response)
+ /* A string of 32 hex digits */
+ if (strlen (value) != DIGEST_MD5_RESPONSE_LENGTH)
return -1;
+ strcpy (out->response, value);
break;
case RESPONSE_MAXBUF:
@@ -507,43 +506,7 @@
}
/* Validate that we have the mandatory fields. */
-
- /* This directive is required and MUST be present exactly
- once; otherwise, authentication fails. */
- if (!out->username)
- return -1;
-
- /* This directive is required and MUST be present exactly
- once; otherwise, authentication fails. */
- if (!out->nonce)
- return -1;
-
- /* This directive is required and MUST be present exactly once;
- otherwise, authentication fails. */
- if (!out->cnonce)
- return -1;
-
- /* This directive is required and MUST be present exactly once;
- otherwise, authentication fails. */
- if (!out->nc)
- return -1;
-
- /* This directive is required and MUST be present exactly
- once; if multiple instances are present, the client MUST
- abort the authentication exchange. */
- if (!out->digesturi)
- return -1;
-
- /* This directive is required and MUST be present exactly
- once; otherwise, authentication fails. */
- if (!out->response)
- return -1;
-
- /* This directive MUST appear exactly once if "auth-conf" is
- negotiated; if required and not present, authentication fails. */
- if (out->qop == DIGEST_MD5_QOP_AUTH_CONF && !out->cipher)
- return -1;
- if (out->qop != DIGEST_MD5_QOP_AUTH_CONF && out->cipher)
+ if (digest_md5_validate_response (out) != 0)
return -1;
return 0;
@@ -586,7 +549,8 @@
break;
}
- if (!out->rspauth)
+ /* Validate that we have the mandatory fields. */
+ if (digest_md5_validate_finish (out) != 0)
return -1;
return 0;
- CVS gsasl/lib/digest-md5, (continued)
- CVS gsasl/lib/digest-md5, gsasl-commit, 2004/12/18
- CVS gsasl/lib/digest-md5, gsasl-commit, 2004/12/18
- CVS gsasl/lib/digest-md5, gsasl-commit, 2004/12/18
- CVS gsasl/lib/digest-md5, gsasl-commit, 2004/12/18
- CVS gsasl/lib/digest-md5, gsasl-commit, 2004/12/18
- CVS gsasl/lib/digest-md5, gsasl-commit, 2004/12/18
- CVS gsasl/lib/digest-md5, gsasl-commit, 2004/12/18
- CVS gsasl/lib/digest-md5, gsasl-commit, 2004/12/18
- CVS gsasl/lib/digest-md5, gsasl-commit, 2004/12/18
- CVS gsasl/lib/digest-md5, gsasl-commit, 2004/12/19
- CVS gsasl/lib/digest-md5,
gsasl-commit <=
- CVS gsasl/lib/digest-md5, gsasl-commit, 2004/12/19
- CVS gsasl/lib/digest-md5, gsasl-commit, 2004/12/19
- CVS gsasl/lib/digest-md5, gsasl-commit, 2004/12/19
- CVS gsasl/lib/digest-md5, gsasl-commit, 2004/12/19
- CVS gsasl/lib/digest-md5, gsasl-commit, 2004/12/19
- CVS gsasl/lib/digest-md5, gsasl-commit, 2004/12/19
- CVS gsasl/lib/digest-md5, gsasl-commit, 2004/12/19
- CVS gsasl/lib/digest-md5, gsasl-commit, 2004/12/19
- CVS gsasl/lib/digest-md5, gsasl-commit, 2004/12/19
- CVS gsasl/lib/digest-md5, gsasl-commit, 2004/12/19