| SrpServer.cpp (Firebird-3.0.2.32703-0.tar.bz2) | : | SrpServer.cpp (Firebird-3.0.4.33054-0.tar.bz2) |
|---|
| | |
| skipping to change at line 50 | | skipping to change at line 50 |
|---|
| | |
| const unsigned int INIT_KEY = ((~0) - 1); | | const unsigned int INIT_KEY = ((~0) - 1); |
| unsigned int secDbKey = INIT_KEY; | | unsigned int secDbKey = INIT_KEY; |
| | |
| const unsigned int SZ_LOGIN = 31; | | const unsigned int SZ_LOGIN = 31; |
| | |
| } | | } |
| | |
| namespace Auth { | | namespace Auth { |
| | |
|
| class SrpServer FB_FINAL : public StdPlugin<IServerImpl<SrpServer, CheckStatusWr
apper> > | | class SrpServer : public StdPlugin<IServerImpl<SrpServer, CheckStatusWrapper> > |
| { | | { |
| public: | | public: |
| explicit SrpServer(IPluginConfig* par) | | explicit SrpServer(IPluginConfig* par) |
| : server(NULL), data(getPool()), account(getPool()), | | : server(NULL), data(getPool()), account(getPool()), |
| clientPubKey(getPool()), serverPubKey(getPool()), | | clientPubKey(getPool()), serverPubKey(getPool()), |
| verifier(getPool()), salt(getPool()), sessionKey(getPool()), | | verifier(getPool()), salt(getPool()), sessionKey(getPool()), |
| secDbName(NULL), cryptCallback(NULL) | | secDbName(NULL), cryptCallback(NULL) |
| { | | { |
| LocalStatus ls; | | LocalStatus ls; |
| CheckStatusWrapper s(&ls); | | CheckStatusWrapper s(&ls); |
| config.assignRefNoIncr(par->getFirebirdConf(&s)); | | config.assignRefNoIncr(par->getFirebirdConf(&s)); |
| check(&s); | | check(&s); |
| } | | } |
| | |
| // IServer implementation | | // IServer implementation |
| int authenticate(CheckStatusWrapper* status, IServerBlock* sBlock, IWrite
r* writerInterface); | | int authenticate(CheckStatusWrapper* status, IServerBlock* sBlock, IWrite
r* writerInterface); |
| void setDbCryptCallback(CheckStatusWrapper* status, ICryptKeyCallback* ca
llback); | | void setDbCryptCallback(CheckStatusWrapper* status, ICryptKeyCallback* ca
llback); |
| int release(); | | int release(); |
| | |
|
| private: | | |
| ~SrpServer() | | ~SrpServer() |
| { | | { |
| delete server; | | delete server; |
| } | | } |
| | |
|
| | private: |
| RemotePassword* server; | | RemotePassword* server; |
| string data; | | string data; |
| string account; | | string account; |
| string clientPubKey, serverPubKey; | | string clientPubKey, serverPubKey; |
| UCharBuffer verifier; | | UCharBuffer verifier; |
| string salt; | | string salt; |
| UCharBuffer sessionKey; | | UCharBuffer sessionKey; |
| RefPtr<IFirebirdConf> config; | | RefPtr<IFirebirdConf> config; |
| const char* secDbName; | | const char* secDbName; |
| ICryptKeyCallback* cryptCallback; | | ICryptKeyCallback* cryptCallback; |
|
| | protected: |
| | virtual RemotePassword* RemotePasswordFactory()=0; |
| | }; |
| | |
| | template <class SHA> class SrpServerImpl FB_FINAL : public SrpServer |
| | { |
| | public: |
| | explicit SrpServerImpl<SHA>(IPluginConfig* ipc) |
| | : SrpServer(ipc) {} |
| | protected: |
| | RemotePassword* RemotePasswordFactory() |
| | { |
| | return FB_NEW RemotePasswordImpl<SHA>; |
| | } |
| }; | | }; |
| | |
| int SrpServer::authenticate(CheckStatusWrapper* status, IServerBlock* sb, IWrite
r* writerInterface) | | int SrpServer::authenticate(CheckStatusWrapper* status, IServerBlock* sb, IWrite
r* writerInterface) |
| { | | { |
| try | | try |
| { | | { |
| if (!server) | | if (!server) |
| { | | { |
| HANDSHAKE_DEBUG(fprintf(stderr, "Srv: SRP phase1\n")); | | HANDSHAKE_DEBUG(fprintf(stderr, "Srv: SRP phase1\n")); |
| | |
| | |
| skipping to change at line 143 | | skipping to change at line 157 |
|---|
| { | | { |
| if (cryptCallback) | | if (cryptCallback) |
| { | | { |
| p->setDbCryptCallback(status, cryptCallba
ck); | | p->setDbCryptCallback(status, cryptCallba
ck); |
| status->init(); // ignore possibl
e errors like missing call in provider | | status->init(); // ignore possibl
e errors like missing call in provider |
| } | | } |
| | |
| ClumpletWriter dpb(ClumpletReader::dpbList, MAX_D
PB_SIZE); | | ClumpletWriter dpb(ClumpletReader::dpbList, MAX_D
PB_SIZE); |
| dpb.insertByte(isc_dpb_sec_attach, TRUE); | | dpb.insertByte(isc_dpb_sec_attach, TRUE); |
| dpb.insertString(isc_dpb_user_name, SYSDBA_USER_N
AME, fb_strlen(SYSDBA_USER_NAME)); | | dpb.insertString(isc_dpb_user_name, SYSDBA_USER_N
AME, fb_strlen(SYSDBA_USER_NAME)); |
|
| const char* providers = "Providers=" CURRENT_ENGI | | dpb.insertString(isc_dpb_config, EMBEDDED_PROVIDE |
| NE; | | RS, fb_strlen(EMBEDDED_PROVIDERS)); |
| dpb.insertString(isc_dpb_config, providers, fb_st | | |
| rlen(providers)); | | |
| att = p->attachDatabase(status, secDbName, dpb.ge
tBufferLength(), dpb.getBuffer()); | | att = p->attachDatabase(status, secDbName, dpb.ge
tBufferLength(), dpb.getBuffer()); |
| check(status); | | check(status); |
| HANDSHAKE_DEBUG(fprintf(stderr, "Srv SRP: attache
d sec db %s\n", secDbName)); | | HANDSHAKE_DEBUG(fprintf(stderr, "Srv SRP: attache
d sec db %s\n", secDbName)); |
| | |
| const UCHAR tpb[] = | | const UCHAR tpb[] = |
| { | | { |
| isc_tpb_version1, | | isc_tpb_version1, |
| isc_tpb_read, | | isc_tpb_read, |
| isc_tpb_read_committed, | | isc_tpb_read_committed, |
| isc_tpb_rec_version, | | isc_tpb_rec_version, |
| | |
| skipping to change at line 218 | | skipping to change at line 231 |
|---|
| LocalStatus ls; | | LocalStatus ls; |
| CheckStatusWrapper s(&ls); | | CheckStatusWrapper s(&ls); |
| | |
| if (stmt) stmt->free(&s); | | if (stmt) stmt->free(&s); |
| if (tra) tra->rollback(&s); | | if (tra) tra->rollback(&s); |
| if (att) att->detach(&s); | | if (att) att->detach(&s); |
| | |
| throw; | | throw; |
| } | | } |
| | |
|
| server = FB_NEW RemotePassword; | | server = RemotePasswordFactory(); |
| server->genServerKey(serverPubKey, verifier); | | server->genServerKey(serverPubKey, verifier); |
| | |
| // Ready to prepare data for client and calculate session
key | | // Ready to prepare data for client and calculate session
key |
| data = ""; | | data = ""; |
| fb_assert(salt.length() <= RemotePassword::SRP_SALT_SIZE
* 2); | | fb_assert(salt.length() <= RemotePassword::SRP_SALT_SIZE
* 2); |
| data += char(salt.length()); | | data += char(salt.length()); |
| data += char(salt.length() >> 8); | | data += char(salt.length() >> 8); |
| data.append(salt); | | data.append(salt); |
| fb_assert(serverPubKey.length() <= RemotePassword::SRP_KE
Y_SIZE * 2); | | fb_assert(serverPubKey.length() <= RemotePassword::SRP_KE
Y_SIZE * 2); |
| data += char(serverPubKey.length()); | | data += char(serverPubKey.length()); |
| | |
| skipping to change at line 251 | | skipping to change at line 264 |
|---|
| return AUTH_MORE_DATA; | | return AUTH_MORE_DATA; |
| } | | } |
| | |
| unsigned int length; | | unsigned int length; |
| const unsigned char* val = sb->getData(&length); | | const unsigned char* val = sb->getData(&length); |
| HANDSHAKE_DEBUG(fprintf(stderr, "Srv: SRP: phase2, data length is
%d\n", length)); | | HANDSHAKE_DEBUG(fprintf(stderr, "Srv: SRP: phase2, data length is
%d\n", length)); |
| string proof; | | string proof; |
| proof.assign(val, length); | | proof.assign(val, length); |
| BigInteger clientProof(proof.c_str()); | | BigInteger clientProof(proof.c_str()); |
| BigInteger serverProof = server->clientProof(account.c_str(), sal
t.c_str(), sessionKey); | | BigInteger serverProof = server->clientProof(account.c_str(), sal
t.c_str(), sessionKey); |
|
| | HANDSHAKE_DEBUG(fprintf(stderr, "Client Proof Received, Length = |
| | %d\n", clientProof.length())); |
| | dumpIt("Srv: Client Proof",clientProof); |
| | dumpIt("Srv: Server Proof",serverProof); |
| if (clientProof == serverProof) | | if (clientProof == serverProof) |
| { | | { |
| // put the record into authentication block | | // put the record into authentication block |
| writerInterface->add(status, account.c_str()); | | writerInterface->add(status, account.c_str()); |
| if (status->getState() & IStatus::STATE_ERRORS) | | if (status->getState() & IStatus::STATE_ERRORS) |
| { | | { |
| return AUTH_FAILED; | | return AUTH_FAILED; |
| } | | } |
| writerInterface->setDb(status, secDbName); | | writerInterface->setDb(status, secDbName); |
| if (status->getState() & IStatus::STATE_ERRORS) | | if (status->getState() & IStatus::STATE_ERRORS) |
| | |
| skipping to change at line 314 | | skipping to change at line 330 |
|---|
| if (--refCounter == 0) | | if (--refCounter == 0) |
| { | | { |
| delete this; | | delete this; |
| return 0; | | return 0; |
| } | | } |
| return 1; | | return 1; |
| } | | } |
| | |
| namespace | | namespace |
| { | | { |
|
| SimpleFactory<SrpServer> factory; | | SimpleFactory<SrpServerImpl<Sha1> > factory_sha1; |
| | SimpleFactory<SrpServerImpl<sha224> > factory_sha224; |
| | SimpleFactory<SrpServerImpl<sha256> > factory_sha256; |
| | SimpleFactory<SrpServerImpl<sha384> > factory_sha384; |
| | SimpleFactory<SrpServerImpl<sha512> > factory_sha512; |
| } | | } |
| | |
| void registerSrpServer(IPluginManager* iPlugin) | | void registerSrpServer(IPluginManager* iPlugin) |
| { | | { |
|
| iPlugin->registerPluginFactory(IPluginManager::TYPE_AUTH_SERVER, RemotePa | | iPlugin->registerPluginFactory(IPluginManager::TYPE_AUTH_SERVER, RemotePa |
| ssword::plugName, &factory); | | ssword::plugName, &factory_sha1); |
| | iPlugin->registerPluginFactory(IPluginManager::TYPE_AUTH_SERVER, RemotePa |
| | ssword::pluginName(224).c_str(), &factory_sha224); |
| | iPlugin->registerPluginFactory(IPluginManager::TYPE_AUTH_SERVER, RemotePa |
| | ssword::pluginName(256).c_str(), &factory_sha256); |
| | iPlugin->registerPluginFactory(IPluginManager::TYPE_AUTH_SERVER, RemotePa |
| | ssword::pluginName(384).c_str(), &factory_sha384); |
| | iPlugin->registerPluginFactory(IPluginManager::TYPE_AUTH_SERVER, RemotePa |
| | ssword::pluginName(512).c_str(), &factory_sha512); |
| } | | } |
| | |
| } // namespace Auth | | } // namespace Auth |
| | | |
| End of changes. 9 change blocks. |
|---|
| 10 lines changed or deleted | | 38 lines changed or added |
|---|
"Fossies" - the Fresh Open Source Software Archive 