help-gsasl
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

DIGEST-MD5 server realm encoding

From: Simon Josefsson
Subject: DIGEST-MD5 server realm encoding
Date: Fri, 10 Oct 2008 11:18:02 +0200
User-agent: Gnus/5.110011 (No Gnus v0.11) Emacs/22.2 (gnu/linux) 
Adam Goode <address@hidden> writes:

> Simon Josefsson wrote:
>> ** DIGEST-MD5 server: don't reject authentication if client doesn't use 
>> utf-8.
>> Before, authentication from all non-UTF-8 clients were simply
>> rejected.  When this situation occurs now, the username is translated
>> into UTF-8 before being passed on to applications.  Further, the
>> password retrieved from the application is converted from UTF-8 to
>> ISO-8859-1 if that is possible.
>> 
>> Reported by marty <address@hidden> in
>> <http://lists.gnu.org/archive/html/help-gsasl/2008-03/msg00002.html>.
>> See also <http://jabberd2.xiaoka.com/ticket/200> and
>> <http://developer.pidgin.im/ticket/5213>.  Thanks to Pawel Widera
>> <address@hidden> for testing and fixing a silly typo in the code
>> that prevented it from working.
>> 
>> ** DIGEST-MD5 client: convert password from UTF-8 to ISO-8859-1 before hash.
>> For compatibility with server.
>> 
>
> Hi,
>
> I'm glad this bug in Digest-MD5 is addressed, though it is only 1/3 there!
>
> As noted here, you should also utf8-to-latin1-if-possible REALM and
> USERNAME:
> http://lists.gnu.org/archive/html/help-gsasl/2007-12/msg00001.html

Hi!  Sorry for long delay on this, I only now had time to look into it.

Right now, libgsasl digest-md5 server will convert incoming usernames
from latin-1 to utf-8 when needed (i.e., when charset=utf-8 is not
present).  Passwords will be converted from UTF-8 to Latin-1 when needed
too (i.e., when the can be expressed in the Latin-1 encoding).

What indeed appears to be missing is to convert realm from latin-1 to
utf-8 when charset=utf-8 is not present from the client.

I have installed the patch below.  If you can test this, I'd very much
appreciate it!  It is a corner case that may be not be visible in the
real-world much.

/Simon

>From 04e7715970e67e45770128934a7a8fb8122d71b0 Mon Sep 17 00:00:00 2001
From: Simon Josefsson <address@hidden>
Date: Fri, 10 Oct 2008 11:17:03 +0200
Subject: [PATCH] DIGEST-MD5 server: Convert latin-1 realm to UTF-8 when needed.
 Reported by Adam Goode <address@hidden>.

---
 THANKS                  |    1 +
 lib/NEWS                |    3 +++
 lib/digest-md5/server.c |   26 ++++++++++++++++++--------
 3 files changed, 22 insertions(+), 8 deletions(-)

diff --git a/THANKS b/THANKS
index 4d4228c..6791452 100644
--- a/THANKS
+++ b/THANKS
@@ -35,6 +35,7 @@ Enrico Scholz
 Martin Rozee
 Pawel Widera
 Gazsó Attila
+Adam Goode <address@hidden>
 
 ----------------------------------------------------------------------
 Copying and distribution of this file, with or without modification,
diff --git a/lib/NEWS b/lib/NEWS
index 7c0c98f..b58e496 100644
--- a/lib/NEWS
+++ b/lib/NEWS
@@ -8,6 +8,9 @@ See the end for copying conditions.
 The callback is GSASL_DIGEST_MD5_HASHED_PASSWORD.  Patch from "Gazsó
 Attila" <address@hidden>.
 
+** DIGEST-MD5 server: Convert realm from ISO 8859-1 to UTF-8 when needed.
+Reported by Adam Goode <address@hidden>.
+
 ** Make the library compile under MinGW again.
 
 ** Perl is no longer required to build Libgsasl in Visual Studio.
diff --git a/lib/digest-md5/server.c b/lib/digest-md5/server.c
index f8a1351..512b544 100644
--- a/lib/digest-md5/server.c
+++ b/lib/digest-md5/server.c
@@ -195,19 +195,29 @@ _gsasl_digest_md5_server_step (Gsasl_session * sctx,
 
       /* Store properties, from the client response. */
       if (state->response.utf8)
-       gsasl_property_set (sctx, GSASL_AUTHID, state->response.username);
+       {
+         gsasl_property_set (sctx, GSASL_AUTHID, state->response.username);
+         gsasl_property_set (sctx, GSASL_REALM, state->response.realm);
+       }
       else
        {
-         /* Client provided username in ISO-8859-1 form, convert it
-            to UTF-8 since the library is all-UTF-8. */
-         char *username = latin1toutf8 (state->response.username);
-         if (!username)
+         /* Client provided username/realm in ISO-8859-1 form,
+            convert it to UTF-8 since the library is all-UTF-8. */
+         char *tmp;
+
+         tmp = latin1toutf8 (state->response.username);
+         if (!tmp)
+           return GSASL_MALLOC_ERROR;
+         gsasl_property_set (sctx, GSASL_AUTHID, tmp);
+         free (tmp);
+
+         tmp = latin1toutf8 (state->response.realm);
+         if (!tmp)
            return GSASL_MALLOC_ERROR;
-         gsasl_property_set (sctx, GSASL_AUTHID, username);
-         free (username);
+         gsasl_property_set (sctx, GSASL_REALM, tmp);
+         free (tmp);
        }
       gsasl_property_set (sctx, GSASL_AUTHZID, state->response.authzid);
-      gsasl_property_set (sctx, GSASL_REALM, state->response.realm);
 
       /* FIXME: qop, cipher, maxbuf.  */
 
-- 
1.5.6.5
reply via email to
[Prev in Thread] Current Thread [Next in Thread]