[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
DIGEST-MD5 server realm encoding
From: |
Simon Josefsson |
Subject: |
DIGEST-MD5 server realm encoding |
Date: |
Fri, 10 Oct 2008 11:18:02 +0200 |
User-agent: |
Gnus/5.110011 (No Gnus v0.11) Emacs/22.2 (gnu/linux) |
Adam Goode <address@hidden> writes:
> Simon Josefsson wrote:
>> ** DIGEST-MD5 server: don't reject authentication if client doesn't use
>> utf-8.
>> Before, authentication from all non-UTF-8 clients were simply
>> rejected. When this situation occurs now, the username is translated
>> into UTF-8 before being passed on to applications. Further, the
>> password retrieved from the application is converted from UTF-8 to
>> ISO-8859-1 if that is possible.
>>
>> Reported by marty <address@hidden> in
>> <http://lists.gnu.org/archive/html/help-gsasl/2008-03/msg00002.html>.
>> See also <http://jabberd2.xiaoka.com/ticket/200> and
>> <http://developer.pidgin.im/ticket/5213>. Thanks to Pawel Widera
>> <address@hidden> for testing and fixing a silly typo in the code
>> that prevented it from working.
>>
>> ** DIGEST-MD5 client: convert password from UTF-8 to ISO-8859-1 before hash.
>> For compatibility with server.
>>
>
> Hi,
>
> I'm glad this bug in Digest-MD5 is addressed, though it is only 1/3 there!
>
> As noted here, you should also utf8-to-latin1-if-possible REALM and
> USERNAME:
> http://lists.gnu.org/archive/html/help-gsasl/2007-12/msg00001.html
Hi! Sorry for long delay on this, I only now had time to look into it.
Right now, libgsasl digest-md5 server will convert incoming usernames
from latin-1 to utf-8 when needed (i.e., when charset=utf-8 is not
present). Passwords will be converted from UTF-8 to Latin-1 when needed
too (i.e., when the can be expressed in the Latin-1 encoding).
What indeed appears to be missing is to convert realm from latin-1 to
utf-8 when charset=utf-8 is not present from the client.
I have installed the patch below. If you can test this, I'd very much
appreciate it! It is a corner case that may be not be visible in the
real-world much.
/Simon
>From 04e7715970e67e45770128934a7a8fb8122d71b0 Mon Sep 17 00:00:00 2001
From: Simon Josefsson <address@hidden>
Date: Fri, 10 Oct 2008 11:17:03 +0200
Subject: [PATCH] DIGEST-MD5 server: Convert latin-1 realm to UTF-8 when needed.
Reported by Adam Goode <address@hidden>.
---
THANKS | 1 +
lib/NEWS | 3 +++
lib/digest-md5/server.c | 26 ++++++++++++++++++--------
3 files changed, 22 insertions(+), 8 deletions(-)
diff --git a/THANKS b/THANKS
index 4d4228c..6791452 100644
--- a/THANKS
+++ b/THANKS
@@ -35,6 +35,7 @@ Enrico Scholz
Martin Rozee
Pawel Widera
Gazsó Attila
+Adam Goode <address@hidden>
----------------------------------------------------------------------
Copying and distribution of this file, with or without modification,
diff --git a/lib/NEWS b/lib/NEWS
index 7c0c98f..b58e496 100644
--- a/lib/NEWS
+++ b/lib/NEWS
@@ -8,6 +8,9 @@ See the end for copying conditions.
The callback is GSASL_DIGEST_MD5_HASHED_PASSWORD. Patch from "Gazsó
Attila" <address@hidden>.
+** DIGEST-MD5 server: Convert realm from ISO 8859-1 to UTF-8 when needed.
+Reported by Adam Goode <address@hidden>.
+
** Make the library compile under MinGW again.
** Perl is no longer required to build Libgsasl in Visual Studio.
diff --git a/lib/digest-md5/server.c b/lib/digest-md5/server.c
index f8a1351..512b544 100644
--- a/lib/digest-md5/server.c
+++ b/lib/digest-md5/server.c
@@ -195,19 +195,29 @@ _gsasl_digest_md5_server_step (Gsasl_session * sctx,
/* Store properties, from the client response. */
if (state->response.utf8)
- gsasl_property_set (sctx, GSASL_AUTHID, state->response.username);
+ {
+ gsasl_property_set (sctx, GSASL_AUTHID, state->response.username);
+ gsasl_property_set (sctx, GSASL_REALM, state->response.realm);
+ }
else
{
- /* Client provided username in ISO-8859-1 form, convert it
- to UTF-8 since the library is all-UTF-8. */
- char *username = latin1toutf8 (state->response.username);
- if (!username)
+ /* Client provided username/realm in ISO-8859-1 form,
+ convert it to UTF-8 since the library is all-UTF-8. */
+ char *tmp;
+
+ tmp = latin1toutf8 (state->response.username);
+ if (!tmp)
+ return GSASL_MALLOC_ERROR;
+ gsasl_property_set (sctx, GSASL_AUTHID, tmp);
+ free (tmp);
+
+ tmp = latin1toutf8 (state->response.realm);
+ if (!tmp)
return GSASL_MALLOC_ERROR;
- gsasl_property_set (sctx, GSASL_AUTHID, username);
- free (username);
+ gsasl_property_set (sctx, GSASL_REALM, tmp);
+ free (tmp);
}
gsasl_property_set (sctx, GSASL_AUTHZID, state->response.authzid);
- gsasl_property_set (sctx, GSASL_REALM, state->response.realm);
/* FIXME: qop, cipher, maxbuf. */
--
1.5.6.5
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- DIGEST-MD5 server realm encoding,
Simon Josefsson <=