Overview
| Comment: | Fix XMPPAuthenticator to support non-optimized message flow
While RFC6120 allows and encourages sending data with the success |
|---|---|
| Downloads: | Tarball | ZIP archive | SQL archive |
| Timelines: | family | ancestors | descendants | both | trunk |
| Files: | files | file ages | folders |
| SHA3-256: |
0aab2fde6737115a37668f95daf5786b |
| User & Date: | florob@babelmonkeys.de on 2011-09-18 19:33:19 |
| Other Links: | manifest | tags |
Context
|
2011-09-22
| ||
| 23:38 | Adjust to recent ObjFW changes. check-in: a6c65a6aa2 user: js tags: trunk | |
|
2011-09-18
| ||
| 19:33 | Fix XMPPAuthenticator to support non-optimized message flow check-in: 0aab2fde67 user: florob@babelmonkeys.de tags: trunk | |
|
2011-09-16
| ||
| 13:11 | Fix salt generation code check-in: 88dd1b11ee user: florob@babelmonkeys.de tags: trunk | |
Changes
Modified src/XMPPAuthenticator.h from [cf4b0ef3fa] to [e029c909bb].
| ︙ | ︙ | |||
64 65 66 67 68 69 70 | - initWithAuthzid: (OFString*)authzid authcid: (OFString*)authcid password: (OFString*)password; /** * \return A OFDataAray containing the initial authentication message */ | | | < < < | < < < < | | 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 | - initWithAuthzid: (OFString*)authzid authcid: (OFString*)authcid password: (OFString*)password; /** * \return A OFDataAray containing the initial authentication message */ - (OFDataArray*)initialMessage; /** * \param data The continuation data send by the server * \return The appropriate response if the data was a challenge, nil otherwise */ - (OFDataArray*)continueWithData: (OFDataArray*)data; - (void)setAuthzid: (OFString*)authzid; - (OFString*)authzid; - (void)setAuthcid: (OFString*)authcid; - (OFString*)authcid; - (void)setPassword: (OFString*)password; - (OFString*)password; @end |
Modified src/XMPPAuthenticator.m from [7d556a745d] to [e5f2fd7299].
| ︙ | ︙ | |||
89 90 91 92 93 94 95 |
}
- (OFString*)password
{
return [[password copy] autorelease];
}
| | | < | < < < | < < < < | 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 |
}
- (OFString*)password
{
return [[password copy] autorelease];
}
- (OFDataArray*)initialMessage
{
return nil;
}
- (OFDataArray*)continueWithData: (OFDataArray*)challenge
{
return nil;
}
@end
|
Modified src/XMPPConnection.m from [0cbf475a00] to [abf53f803c].
| ︙ | ︙ | |||
615 616 617 618 619 620 621 |
- (void)XMPP_handleSASL: (OFXMLElement*)element
{
if ([[element name] isEqual: @"challenge"]) {
OFXMLElement *responseTag;
OFDataArray *challenge = [OFDataArray
dataArrayWithBase64EncodedString: [element stringValue]];
OFDataArray *response = [authModule
| | > > | > > > > | > | | 615 616 617 618 619 620 621 622 623 624 625 626 627 628 629 630 631 632 633 634 635 636 637 638 639 640 641 642 643 644 645 646 647 648 |
- (void)XMPP_handleSASL: (OFXMLElement*)element
{
if ([[element name] isEqual: @"challenge"]) {
OFXMLElement *responseTag;
OFDataArray *challenge = [OFDataArray
dataArrayWithBase64EncodedString: [element stringValue]];
OFDataArray *response = [authModule
continueWithData: challenge];
responseTag = [OFXMLElement elementWithName: @"response"
namespace: XMPP_NS_SASL];
if (response) {
if ([response count] == 0)
[responseTag addChild: [OFXMLElement
elementWithCharacters: @"="]];
else
[responseTag addChild: [OFXMLElement
elementWithCharacters: [response
stringByBase64Encoding]]];
}
[self sendStanza: responseTag];
return;
}
if ([[element name] isEqual: @"success"]) {
[authModule continueWithData: [OFDataArray
dataArrayWithBase64EncodedString: [element stringValue]]];
if ([delegate respondsToSelector:
@selector(connectionWasAuthenticated:)])
[delegate connectionWasAuthenticated: self];
/* Stream restart */
|
| ︙ | ︙ | |||
776 777 778 779 780 781 782 783 784 785 786 787 |
assert(0);
}
- (void)XMPP_sendAuth: (OFString*)authName
{
OFXMLElement *authTag;
authTag = [OFXMLElement elementWithName: @"auth"
namespace: XMPP_NS_SASL];
[authTag addAttributeWithName: @"mechanism"
stringValue: authName];
| > > > > > > | | > | 783 784 785 786 787 788 789 790 791 792 793 794 795 796 797 798 799 800 801 802 803 804 805 806 807 808 809 810 |
assert(0);
}
- (void)XMPP_sendAuth: (OFString*)authName
{
OFXMLElement *authTag;
OFDataArray *initialMessage = [authModule initialMessage];
authTag = [OFXMLElement elementWithName: @"auth"
namespace: XMPP_NS_SASL];
[authTag addAttributeWithName: @"mechanism"
stringValue: authName];
if (initialMessage) {
if ([initialMessage count] == 0)
[authTag addChild: [OFXMLElement
elementWithCharacters: @"="]];
else
[authTag addChild: [OFXMLElement elementWithCharacters:
[initialMessage stringByBase64Encoding]]];
}
[self sendStanza: authTag];
}
- (void)XMPP_sendResourceBind
{
XMPPIQ *iq;
|
| ︙ | ︙ |
Modified src/XMPPPLAINAuth.m from [0f39082dfe] to [3b4c3d710b].
| ︙ | ︙ | |||
40 41 42 43 44 45 46 |
password: (OFString*)password
{
return [[[self alloc] initWithAuthzid: authzid
authcid: authcid
password: password] autorelease];
}
| | | 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 |
password: (OFString*)password
{
return [[[self alloc] initWithAuthzid: authzid
authcid: authcid
password: password] autorelease];
}
- (OFDataArray*)initialMessage
{
OFDataArray *message = [OFDataArray dataArrayWithItemSize: 1];
/* authzid */
if (authzid)
[message addItem: authzid];
|
| ︙ | ︙ | |||
64 65 66 67 68 69 70 | /* passwd */ [message addNItems: [password UTF8StringLength] fromCArray: [password UTF8String]]; return message; } | < < < < < < < < < < < < < | 64 65 66 67 68 69 70 71 | /* passwd */ [message addNItems: [password UTF8StringLength] fromCArray: [password UTF8String]]; return message; } @end |
Modified src/XMPPSCRAMAuth.h from [92e99aa4e3] to [5f659bedb7].
| ︙ | ︙ | |||
32 33 34 35 36 37 38 39 40 41 42 43 44 45 | Class hashType; OFString *cNonce; OFString *GS2Header; OFString *clientFirstMessageBare; OFDataArray *serverSignature; XMPPConnection *connection; BOOL plusAvailable; } /** * Creates a new autoreleased XMPPSCRAMAuth with an authcid and password. * * \param authcid The authcid to authenticate with * \param password The password to authenticate with | > | 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 | Class hashType; OFString *cNonce; OFString *GS2Header; OFString *clientFirstMessageBare; OFDataArray *serverSignature; XMPPConnection *connection; BOOL plusAvailable; BOOL authenticated; } /** * Creates a new autoreleased XMPPSCRAMAuth with an authcid and password. * * \param authcid The authcid to authenticate with * \param password The password to authenticate with |
| ︙ | ︙ | |||
110 111 112 113 114 115 116 117 | - (OFString*)XMPP_genNonce; - (uint8_t*)XMPP_HMACWithKey: (OFDataArray*)key data: (OFDataArray*)data; - (OFDataArray*)XMPP_hiWithData: (OFDataArray *)str salt: (OFDataArray *)salt_ iterationCount: (intmax_t)i; @end | > > | 111 112 113 114 115 116 117 118 119 120 | - (OFString*)XMPP_genNonce; - (uint8_t*)XMPP_HMACWithKey: (OFDataArray*)key data: (OFDataArray*)data; - (OFDataArray*)XMPP_hiWithData: (OFDataArray *)str salt: (OFDataArray *)salt_ iterationCount: (intmax_t)i; - (OFDataArray*)XMPP_parseServerFirstMessage: (OFDataArray*)data; - (OFDataArray*)XMPP_parseServerFinalMessage: (OFDataArray*)data; @end |
Modified src/XMPPSCRAMAuth.m from [1500596709] to [6cfa1bc3c0].
| ︙ | ︙ | |||
139 140 141 142 143 144 145 | authcid = [new retain]; } else authcid = nil; [old release]; } | | > > > > > > < < > > > > > | > > > > > > > > > > > > < | | | | 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 |
authcid = [new retain];
} else
authcid = nil;
[old release];
}
- (OFDataArray*)initialMessage
{
OFDataArray *ret = [OFDataArray dataArrayWithItemSize: 1];
/* New authentication attempt, reset status */
[cNonce release];
cNonce = nil;
[GS2Header release];
GS2Header = nil;
[serverSignature release];
serverSignature = nil;
authenticated = NO;
if (authzid)
GS2Header = [[OFString alloc]
initWithFormat: @"%@,a=%@,",
(plusAvailable ? @"p=tls-unique" : @"y"),
authzid];
else
GS2Header = (plusAvailable ? @"p=tls-unique,," : @"y,,");
cNonce = [[self XMPP_genNonce] retain];
[clientFirstMessageBare release];
clientFirstMessageBare = nil;
clientFirstMessageBare = [[OFString alloc] initWithFormat: @"n=%@,r=%@",
authcid,
cNonce];
[ret addNItems: [GS2Header UTF8StringLength]
fromCArray: [GS2Header UTF8String]];
[ret addNItems: [clientFirstMessageBare UTF8StringLength]
fromCArray: [clientFirstMessageBare UTF8String]];
return ret;
}
- (OFDataArray*)continueWithData: (OFDataArray*)data
{
OFAutoreleasePool *pool = [[OFAutoreleasePool alloc] init];
OFDataArray *ret;
if (!serverSignature)
ret = [self XMPP_parseServerFirstMessage: data];
else
ret = [self XMPP_parseServerFinalMessage: data];
[ret retain];
[pool release];
return [ret autorelease];
}
- (OFDataArray*)XMPP_parseServerFirstMessage: (OFDataArray*)data
{
size_t i;
uint8_t *clientKey, *serverKey, *clientSignature;
intmax_t iterCount = 0;
OFHash *hash;
OFDataArray *ret, *authMessage, *tmpArray, *salt = nil, *saltedPassword;
OFString *tmpString, *sNonce = nil;
OFEnumerator *enumerator;
OFString *comp;
enum {
GOT_SNONCE = 0x01,
GOT_SALT = 0x02,
GOT_ITERCOUNT = 0x04
} got = 0;
hash = [[[hashType alloc] init] autorelease];
ret = [OFDataArray dataArrayWithItemSize: 1];
authMessage = [OFDataArray dataArrayWithItemSize: 1];
OFString *chal = [OFString stringWithUTF8String: [data cArray]
length: [data count] *
[data itemSize]];
enumerator =
[[chal componentsSeparatedByString: @","] objectEnumerator];
while ((comp = [enumerator nextObject]) != nil) {
OFString *entry = [comp substringWithRange:
of_range(2, [comp length] - 2)];
|
| ︙ | ︙ | |||
249 250 251 252 253 254 255 256 257 258 259 | // Add r=<nonce> [ret addItem: ","]; [ret addNItems: 2 fromCArray: "r="]; [ret addNItems: [sNonce UTF8StringLength] fromCArray: [sNonce UTF8String]]; tmpArray = [OFDataArray dataArrayWithItemSize: 1]; [tmpArray addNItems: [password UTF8StringLength] fromCArray: [password UTF8String]]; | > > > > < < < < | | | 269 270 271 272 273 274 275 276 277 278 279 280 281 282 283 284 285 286 287 288 289 290 291 292 293 294 295 296 297 298 299 300 301 302 303 304 305 | // Add r=<nonce> [ret addItem: ","]; [ret addNItems: 2 fromCArray: "r="]; [ret addNItems: [sNonce UTF8StringLength] fromCArray: [sNonce UTF8String]]; /* * IETF RFC 5802: * SaltedPassword := Hi(Normalize(password), salt, i) */ tmpArray = [OFDataArray dataArrayWithItemSize: 1]; [tmpArray addNItems: [password UTF8StringLength] fromCArray: [password UTF8String]]; saltedPassword = [self XMPP_hiWithData: tmpArray salt: salt iterationCount: iterCount]; /* * IETF RFC 5802: * AuthMessage := client-first-message-bare + "," + * server-first-message + "," + * client-final-message-without-proof */ [authMessage addNItems: [clientFirstMessageBare UTF8StringLength] fromCArray: [clientFirstMessageBare UTF8String]]; [authMessage addItem: ","]; [authMessage addNItems: [data count] * [data itemSize] fromCArray: [data cArray]]; [authMessage addItem: ","]; [authMessage addNItems: [ret count] fromCArray: [ret cArray]]; /* * IETF RFC 5802: * ClientKey := HMAC(SaltedPassword, "Client Key") |
| ︙ | ︙ | |||
343 344 345 346 347 348 349 | [ret addItem: ","]; [ret addNItems: 2 fromCArray: "p="]; tmpString = [tmpArray stringByBase64Encoding]; [ret addNItems: [tmpString UTF8StringLength] fromCArray: [tmpString UTF8String]]; | | < | < | > | | | > > > > > > | | | | < | > | | 363 364 365 366 367 368 369 370 371 372 373 374 375 376 377 378 379 380 381 382 383 384 385 386 387 388 389 390 391 392 393 394 395 396 397 398 399 400 401 402 403 404 405 406 407 408 |
[ret addItem: ","];
[ret addNItems: 2
fromCArray: "p="];
tmpString = [tmpArray stringByBase64Encoding];
[ret addNItems: [tmpString UTF8StringLength]
fromCArray: [tmpString UTF8String]];
return ret;
}
- (OFDataArray*)XMPP_parseServerFinalMessage: (OFDataArray*)data
{
OFString *mess, *value;
/*
* server-final-message already received,
* we were just waiting for the last word from the server
*/
if (authenticated)
return nil;
mess = [OFString stringWithUTF8String: [data cArray]
length: [data count] *
[data itemSize]];
value = [mess substringWithRange: of_range(2, [mess length] - 2)];
if ([mess hasPrefix: @"v="]) {
if (![value isEqual: [serverSignature stringByBase64Encoding]])
@throw [XMPPAuthFailedException
newWithClass: isa
connection: nil
reason: @"Received wrong ServerSignature"];
authenticated = YES;
} else
@throw [XMPPAuthFailedException newWithClass: isa
connection: nil
reason: value];
return nil;
}
- (OFString*)XMPP_genNonce
{
uint8_t buf[64];
size_t i;
|
| ︙ | ︙ |