Remove cb stuff and some cleanupscram

author: Marius Halden <marius.h@lden.org> 2016-07-06 21:02:43 +0200
committer: Marius Halden <marius.h@lden.org> 2016-07-06 21:02:43 +0200
commit: 7e41de51bd6466306f21e1d2bf54b3251c1bf08e (patch)
tree: 3388d9dcae0d110502047f0bc365d60becd1fd60
parent: 405a14e9ea1da8332d1550c7d08bc31ca469272e (diff)
1 files changed, 23 insertions, 83 deletions
diff --git a/protocols/jabber/sasl.c b/protocols/jabber/sasl.c
index e3467d86..f0381ee8 100644
--- a/protocols/jabber/sasl.c
+++ b/protocols/jabber/sasl.c
@@ -42,27 +42,13 @@ const struct oauth2_service oauth2_service_google =
 	"6C-Zgf7Tr7gEQTPlBhMUgo7R",
 };
 
-/*static int is_ascii(const char *str)
-{
-	if (!str) {
-		return 0;
-	}
-
-	while (*str) {
-		if (*str++ & 0x80)
-			return 0;
-	}
-
-	return 1;
-}*/
-
 xt_status sasl_pkt_mechanisms(struct xt_node *node, gpointer data)
 {
 	struct im_connection *ic = data;
 	struct jabber_data *jd = ic->proto_data;
 	struct xt_node *c, *reply;
 	char *s;
-	int sup_plain = 0, sup_digest = 0, sup_gtalk = 0, sup_anonymous = 0, sup_scram = 0, sup_scram_cb = 0;
+	int sup_plain = 0, sup_digest = 0, sup_gtalk = 0, sup_anonymous = 0, sup_scram = 0;
 	int want_oauth = FALSE, want_hipchat = FALSE, want_anonymous = FALSE;
 	GString *mechs;
 
@@ -100,14 +86,8 @@ xt_status sasl_pkt_mechanisms(struct xt_node *node, gpointer data)
 				sup_gtalk = 1;
 			} else if (g_strcasecmp(c->text, "SCRAM-SHA-1") == 0) {
 				sup_scram |= JSCRAM_SHA1;
-			} else if (g_strcasecmp(c->text, "SCRAM-SHA-1-PLUS") == 0) {
-				sup_scram |= JSCRAM_SHA1;
-				sup_scram_cb |= JSCRAM_SHA1;
 			} else if (g_strcasecmp(c->text, "SCRAM-SHA-256") == 0) {
 				sup_scram |= JSCRAM_SHA256;
-			} else if (g_strcasecmp(c->text, "SCRAM-SHA-256-PLUS") == 0) {
-				sup_scram |= JSCRAM_SHA256;
-				sup_scram_cb |= JSCRAM_SHA256;
 			}
 
 			g_string_append_printf(mechs, " %s", c->text);
@@ -116,16 +96,6 @@ xt_status sasl_pkt_mechanisms(struct xt_node *node, gpointer data)
 		c = c->next;
 	}
 
-	/*if (sup_scram && (!is_ascii(jd->username) || !is_ascii(ic->acc->pass))) {
-		imcb_log(ic, "Username/password contains non-ascii characters, SCRAM authentication disabled");
-		sup_scram = 0;
-	}*/
-
-	if (sup_scram_cb && !jd->ssl) {
-		imcb_log(ic, "Not connected over TLS, SCRAM Channel bindings disabled");
-		sup_scram_cb = 0;
-	}
-
 	if (!want_oauth && !want_anonymous && !sup_plain && !sup_digest && !sup_scram) {
 		if (sup_gtalk) {
 			imcb_error(ic, "This server requires OAuth "
@@ -178,53 +148,37 @@ xt_status sasl_pkt_mechanisms(struct xt_node *node, gpointer data)
 		xt_free_node(reply);
 		return XT_ABORT;
 	} else if (sup_scram && !set_getbool(&ic->acc->set, "disable_scram")) {
-		GString *gs;
-		int len, r;
+		int rc;
 		unsigned char cnonce_bin[30];
-		char *cnonce, *puser = NULL;
+		char *puser = NULL;
 
-		if (sup_scram & JSCRAM_SHA256 && (!sup_scram_cb || (sup_scram_cb & JSCRAM_SHA256))) {
+		if (sup_scram & JSCRAM_SHA256) {
 			jd->challenge.type = JCHALLENGE_SCRAM;
 			jd->challenge.scram_algo = GCRY_MD_SHA256;
-			if (sup_scram_cb) {
-				xt_add_attr(reply, "mechanism", "SCRAM-SHA-256-PLUS");
-			} else {
-				xt_add_attr(reply, "mechanism", "SCRAM-SHA-256");
-			}
-		} else if (sup_scram & JSCRAM_SHA1 && (!sup_scram_cb || (sup_scram_cb & JSCRAM_SHA1))) {
+			xt_add_attr(reply, "mechanism", "SCRAM-SHA-256");
+		} else if (sup_scram & JSCRAM_SHA1) {
 			jd->challenge.type = JCHALLENGE_SCRAM;
 			jd->challenge.scram_algo = GCRY_MD_SHA1;
-			if (sup_scram_cb) {
-				xt_add_attr(reply, "mechanism", "SCRAM-SHA-1-PLUS");
-			} else {
-				xt_add_attr(reply, "mechanism", "SCRAM-SHA-1");
-			}
+			xt_add_attr(reply, "mechanism", "SCRAM-SHA-1");
 		} else {
 			imcb_error(ic, "Unknown scram method"); /* Just in case, but we should not get here */
 			return XT_ABORT;
 		}
 
-		gs = g_string_sized_new(128);
-
-		random_bytes(cnonce_bin, sizeof(cnonce_bin));
-		cnonce = base64_encode(cnonce_bin, sizeof(cnonce_bin));
-
-		jd->challenge.cnonce = cnonce;
-
-		r = stringprep_profile(jd->username, &puser, "SASLprep", 0);
-		if (r != STRINGPREP_OK) {
-			imcb_error(ic, "SASLprep failed: %s", stringprep_strerror(r));
+		rc = stringprep_profile(jd->username, &puser, "SASLprep", 0);
+		if (rc != STRINGPREP_OK) {
+			imcb_error(ic, "SASLprep failed: %s", stringprep_strerror(rc));
 			return XT_ABORT;
 		}
 
-		//jd->challenge.cb_header = g_strdup_printf("%s,,", sup_scram_cb ? "y" : "p=tls-unique");
-		jd->challenge.cb_header = g_strdup_printf("%s,,", "n");
-		g_string_append_printf(gs, "%sn=%s,r=%s", jd->challenge.cb_header, puser, cnonce);
+		random_bytes(cnonce_bin, sizeof(cnonce_bin));
+		jd->challenge.cnonce = base64_encode(cnonce_bin, sizeof(cnonce_bin));
+
+		jd->challenge.cb_header = g_strdup("n,,");
 
-		len = gs->len;
-		s = g_string_free(gs, FALSE);
+		s = g_strdup_printf("%sn=%s,r=%s", jd->challenge.cb_header, puser, jd->challenge.cnonce);
 
-		reply->text = base64_encode((unsigned char *)s , len);
+		reply->text = base64_encode((unsigned char *)s , strlen(s));
 		reply->text_len = strlen(reply->text);
 		g_free(puser);
 		g_free(s);
@@ -503,7 +457,7 @@ static xt_status sasl_pkt_challenge_scram(struct xt_node *node, gpointer data)
 	unsigned char *salt = NULL;
 	size_t salt_len, iter_count, i;
 
-	int algo = jd->challenge.scram_algo, r;
+	int algo = jd->challenge.scram_algo, rc;
 	size_t md_len = gcry_md_get_algo_dlen(algo);
 
 	unsigned char client_key[md_len];
@@ -530,14 +484,14 @@ static xt_status sasl_pkt_challenge_scram(struct xt_node *node, gpointer data)
 		goto error;
 	}
 
-	r = stringprep_profile(jd->username, &puser, "SASLprep", 0);
-	if (r != STRINGPREP_OK) {
-		imcb_error(ic, "SASLprep failed: %s", stringprep_strerror(r));
+	rc = stringprep_profile(jd->username, &puser, "SASLprep", 0);
+	if (rc != STRINGPREP_OK) {
+		imcb_error(ic, "SASLprep failed: %s", stringprep_strerror(rc));
 		goto error;
 	}
-	r = stringprep_profile(ic->acc->pass, &ppass, "SASLprep", 0);
-	if (r != STRINGPREP_OK) {
-		imcb_error(ic, "SASLprep failed: %s", stringprep_strerror(r));
+	rc = stringprep_profile(ic->acc->pass, &ppass, "SASLprep", 0);
+	if (rc != STRINGPREP_OK) {
+		imcb_error(ic, "SASLprep failed: %s", stringprep_strerror(rc));
 		goto error;
 	}
 
@@ -555,20 +509,6 @@ static xt_status sasl_pkt_challenge_scram(struct xt_node *node, gpointer data)
 
 	gcry_md_hash_buffer(algo, stored_key, client_key, sizeof(client_key));
 
-	/*if (jd->challenge.cb_header[0] == 'p') {
-		gnutls_datum_t cb;
-		int rc;
-
-		rc = gnutls_session_channel_binding(jd->ssl, GNUTLS_CB_TLS_UNIQUE, &cb);
-		if (rc) {
-			imcb_log(ic, "Chanel binding error: %s", gnutls_strerror(rc));
-			return XT_ABORT;
-		}
-
-		for (size_t i = 0; i < cb.size; i++)
-			fprintf(stderr, "%02x", cb.data[i]);
-		fprintf(stderr, "\n");
-	}*/
 	cb_header64 = tobase64(jd->challenge.cb_header);
 	client_first_bare = g_strdup_printf("n=%s,r=%s", puser, jd->challenge.cnonce);
 	client_final_noproof = g_strdup_printf("c=%s,r=%s", cb_header64, random);
author	Marius Halden <marius.h@lden.org>	2016-07-06 21:02:43 +0200
committer	Marius Halden <marius.h@lden.org>	2016-07-06 21:02:43 +0200
commit	7e41de51bd6466306f21e1d2bf54b3251c1bf08e (patch)
tree	3388d9dcae0d110502047f0bc365d60becd1fd60
parent	405a14e9ea1da8332d1550c7d08bc31ca469272e (diff)