Re: patch DIGEST-MD5 hashed password

help-gsasl

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: patch DIGEST-MD5 hashed password

From:	Simon Josefsson
Subject:	Re: patch DIGEST-MD5 hashed password
Date:	Tue, 07 Oct 2008 17:15:48 +0200
User-agent:	Gnus/5.110011 (No Gnus v0.11) Emacs/22.2 (gnu/linux)

"Gazsó Attila" <address@hidden> writes:

> Hello Simon!
>
> I'm sending the patch to the latest git branch. I also changed the
> field name in Gsasl_session from hpassword to
> hashed_digest_md5_password. Otherwise the code is unchanged since the
> latest patch.
> I also tested it.

Hi Attila!  I have applied the patch, with some modifications:

http://git.savannah.gnu.org/gitweb/?p=gsasl.git;a=commitdiff;h=c63a071b1686d2281238ec6de32743703626de9f

One comment though.  The code will now try to get a password first, and
if that fails it tries to get a hashed password.  It may be wiser to
attempt to get a hashed password first, and only if that fails try to
get a password.  What do you think?  See patch below for my thoughts,
although untested.

/Simon

diff --git a/lib/digest-md5/server.c b/lib/digest-md5/server.c
index 3d4782c..f8a1351 100644
--- a/lib/digest-md5/server.c
+++ b/lib/digest-md5/server.c
@@ -216,8 +216,19 @@ _gsasl_digest_md5_server_step (Gsasl_session * sctx,
        const char *passwd;
        const char *hashed_passwd;
 
-       passwd = gsasl_property_get (sctx, GSASL_PASSWORD);
-       if (passwd)
+       hashed_passwd =
+         gsasl_property_get (sctx, GSASL_DIGEST_MD5_HASHED_PASSWORD);
+       if (hashed_passwd)
+         {
+           if (strlen (hashed_passwd) != (DIGEST_MD5_LENGTH * 2))
+             return GSASL_AUTHENTICATION_ERROR;
+
+           rc = _gsasl_digest_md5_set_hashed_secret (state->secret,
+                                                     hashed_passwd);
+           if (rc != GSASL_OK)
+             return rc;
+         }
+       else if ((passwd = gsasl_property_get (sctx, GSASL_PASSWORD)) != NULL)
          {
            char *tmp, *tmp2;
            int rc;
@@ -239,18 +250,6 @@ _gsasl_digest_md5_server_step (Gsasl_session * sctx,
            memcpy (state->secret, tmp2, DIGEST_MD5_LENGTH);
            free (tmp2);
          }
-       /* Retrieve hashed secret */
-       else if ((hashed_passwd = gsasl_property_get
-                 (sctx, GSASL_DIGEST_MD5_HASHED_PASSWORD)) != NULL)
-         {
-           if (strlen (hashed_passwd) != (DIGEST_MD5_LENGTH * 2))
-             return GSASL_AUTHENTICATION_ERROR;
-
-           rc = _gsasl_digest_md5_set_hashed_secret (state->secret,
-                                                     hashed_passwd);
-           if (rc != GSASL_OK)
-             return rc;
-         }
        else
          {
            return GSASL_NO_PASSWORD;

[Prev in Thread]

Current Thread

[Next in Thread]

Re: patch DIGEST-MD5 hashed password, Simon Josefsson, 2008/10/02
- Re: patch DIGEST-MD5 hashed password, Gazsó Attila, 2008/10/06
  - Re: patch DIGEST-MD5 hashed password, Simon Josefsson <=
    - Re: patch DIGEST-MD5 hashed password, Gazsó Attila, 2008/10/07
    - Re: patch DIGEST-MD5 hashed password, Simon Josefsson, 2008/10/07

Prev by Date: Re: patch DIGEST-MD5 hashed password
Next by Date: Re: patch DIGEST-MD5 hashed password
Previous by thread: Re: patch DIGEST-MD5 hashed password
Next by thread: Re: patch DIGEST-MD5 hashed password
Index(es):
- Date
- Thread