From 854e90be061166d1619a74cbfdc7e384fc700125 Mon Sep 17 00:00:00 2001 From: Matthias Schiffer Date: Thu, 27 Aug 2009 13:45:20 +0200 Subject: =?UTF-8?q?ChallengeResponseAuthenticator=20hinzugef=C3=BCgt;=20Pa?= =?UTF-8?q?sswordAuthenticator=20=C3=BCberarbeitet?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../ChallengeResponseAuthenticator.cpp | 136 +++++++++++++++++++++ .../ChallengeResponseAuthenticator.h | 61 +++++++++ .../Authenticators/PasswordAuthenticator.cpp | 7 +- src/Client/Authenticators/PasswordAuthenticator.h | 18 +-- src/Client/CMakeLists.txt | 1 + 5 files changed, 209 insertions(+), 14 deletions(-) create mode 100644 src/Client/Authenticators/ChallengeResponseAuthenticator.cpp create mode 100644 src/Client/Authenticators/ChallengeResponseAuthenticator.h diff --git a/src/Client/Authenticators/ChallengeResponseAuthenticator.cpp b/src/Client/Authenticators/ChallengeResponseAuthenticator.cpp new file mode 100644 index 0000000..375a708 --- /dev/null +++ b/src/Client/Authenticators/ChallengeResponseAuthenticator.cpp @@ -0,0 +1,136 @@ +/* + * ChallengeResponseAuthenticator.cpp + * + * Copyright (C) 2009 Matthias Schiffer + * + * This program is free software: you can redistribute it and/or modify it + * under the terms of the GNU Lesser General Public License as published by the + * Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. + * See the GNU Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public License along + * with this program. If not, see . + */ + +#include "ChallengeResponseAuthenticator.h" + +#include +#include +#include + +namespace Mad { +namespace Client { +namespace Authenticators { + +void ChallengeResponseAuthenticator::ChallengeResponseAuthRequest::sendRequest() { + Common::XmlPacket packet; + packet.setType("Authenticate"); + packet.set("method", "Challenge-Response"); + packet.set("subMethod", hash); + + packet.set("user", username); + + sendPacket(packet); +} + +void ChallengeResponseAuthenticator::ChallengeResponseAuthRequest::handlePacket(boost::shared_ptr packet) { + if(packet->getType() == "Error") { + signalFinished(Core::Exception(packet->get("Where"), static_cast(packet->get("ErrorCode")), + packet->get("SubCode"), packet->get("SubSubCode"))); + return; + } + + if(!hasResponded) { + if(packet->getType() != "Continue") { + signalFinished(Core::Exception(Core::Exception::UNEXPECTED_PACKET)); + return; // TODO Logging + } + + Common::XmlPacket ret; + ret.setType("Authenticate"); + ret.set("method", "Challenge-Response"); + ret.set("subMethod", hash); + + ret.set("user", username); + + std::vector hashedPassword = Common::Hash::hash(std::vector(password.begin(), password.end()), hash); + const std::vector &challenge = packet->get&>("data"); + + hashedPassword.insert(hashedPassword.end(), challenge.begin(), challenge.end()); + + ret.set("data", Common::Hash::hash(hashedPassword, hash)); + + sendPacket(ret); + + hasResponded = true; + } + else { + if(packet->getType() != "OK") { + signalFinished(Core::Exception(Core::Exception::UNEXPECTED_PACKET)); + return; // TODO Logging + } + + signalFinished(packet); + } +} + +void ChallengeResponseAuthenticator::authenticate(Common::Application *application, Common::Connection *con, const std::string &username, const std::string &password) throw (Core::Exception) { + std::string hash; + + { + boost::shared_ptr request(new Common::Requests::AuthMethodRequest(application)); + + application->getRequestManager()->sendRequest(con, request); + request->wait(); + + std::pair, Core::Exception> result = request->getResult(); + + if(!result.first || result.second) + throw result.second; + + const Common::XmlPacket::List *methods = result.first->getList("methods"); + + for(Common::XmlPacket::List::const_iterator method = methods->begin(); method != methods->end(); ++method) { + if(method->get("name") != "Challenge-Response") + continue; + + const Common::XmlPacket::List *subMethods = method->getList("subMethods"); + + for(Common::XmlPacket::List::const_iterator subMethod = subMethods->begin(); subMethod != subMethods->end(); ++subMethod) { + if(Common::Hash::isHashSupported(subMethod->get("name"))) { + hash = subMethod->get("name"); + break; + } + } + + break; + } + + if(hash.empty()) + throw Core::Exception(Core::Exception::NOT_AVAILABLE); + } + + application->logf(Core::LoggerBase::LOG_VERBOSE, "Authenticating with method 'Challenge-Response' using hash '%s'...", hash.c_str()); + + boost::shared_ptr request(new ChallengeResponseAuthRequest(application, username, password, hash)); + + application->getRequestManager()->sendRequest(con, request); + request->wait(); + + std::pair, Core::Exception> result = request->getResult(); + + if(!result.first || result.second) + throw result.second; + + if(result.first->getType() != "OK") + throw Core::Exception(Core::Exception::NOT_AVAILABLE); +} + +} +} +} diff --git a/src/Client/Authenticators/ChallengeResponseAuthenticator.h b/src/Client/Authenticators/ChallengeResponseAuthenticator.h new file mode 100644 index 0000000..61c6f20 --- /dev/null +++ b/src/Client/Authenticators/ChallengeResponseAuthenticator.h @@ -0,0 +1,61 @@ +/* + * ChallengeResponseAuthenticator.h + * + * Copyright (C) 2009 Matthias Schiffer + * + * This program is free software: you can redistribute it and/or modify it + * under the terms of the GNU Lesser General Public License as published by the + * Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. + * See the GNU Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public License along + * with this program. If not, see . + */ + +#include "../export.h" + +#include + +#ifndef MAD_CLIENT_AUTHENTICATORS_CHALLENGERESPONSEAUTHENTICATOR_H_ +#define MAD_CLIENT_AUTHENTICATORS_CHALLENGERESPONSEAUTHENTICATOR_H_ + +namespace Mad { +namespace Client { +namespace Authenticators { + +class MAD_CLIENT_EXPORT ChallengeResponseAuthenticator { + private: + class MAD_CLIENT_EXPORT ChallengeResponseAuthRequest : public Common::Request { + private: + std::string username; + std::string password; + + std::string hash; + + bool hasResponded; + + protected: + virtual void sendRequest(); + virtual void handlePacket(boost::shared_ptr packet); + + public: + ChallengeResponseAuthRequest(Common::Application *application, const std::string &username0, const std::string &password0, const std::string &hash0) + : Common::Request(application), username(username0), password(password0), hash(hash0), hasResponded(false) {} + }; + + ChallengeResponseAuthenticator(); + + public: + static void authenticate(Common::Application *application, Common::Connection *con, const std::string &username, const std::string &password) throw (Core::Exception); +}; + +} +} +} + +#endif /* MAD_CLIENT_AUTHENTICATORS_CHALLENGERESPONSEAUTHENTICATOR_H_ */ diff --git a/src/Client/Authenticators/PasswordAuthenticator.cpp b/src/Client/Authenticators/PasswordAuthenticator.cpp index 6690b22..77abb24 100644 --- a/src/Client/Authenticators/PasswordAuthenticator.cpp +++ b/src/Client/Authenticators/PasswordAuthenticator.cpp @@ -36,7 +36,7 @@ void PasswordAuthenticator::PasswordAuthRequest::sendRequest() { packet.set("user", username); if(hash == "Clear") - packet.set("data", password); + packet.set("data", std::vector(password.begin(), password.end())); else packet.set("data", Common::Hash::hash(std::vector(password.begin(), password.end()), hash)); @@ -49,7 +49,7 @@ void PasswordAuthenticator::PasswordAuthRequest::handlePacket(boost::shared_ptr< packet->get("SubCode"), packet->get("SubSubCode"))); return; } - else if(packet->getType() != "OK" && packet->getType() != "Continue") { + else if(packet->getType() != "OK") { signalFinished(Core::Exception(Core::Exception::UNEXPECTED_PACKET)); return; // TODO Logging } @@ -104,9 +104,6 @@ void PasswordAuthenticator::authenticate(Common::Application *application, Commo if(!result.first || result.second) throw result.second; - - if(result.first->getType() != "OK") - throw Core::Exception(Core::Exception::NOT_AVAILABLE); } } diff --git a/src/Client/Authenticators/PasswordAuthenticator.h b/src/Client/Authenticators/PasswordAuthenticator.h index 8fdd87c..d7b2fbc 100644 --- a/src/Client/Authenticators/PasswordAuthenticator.h +++ b/src/Client/Authenticators/PasswordAuthenticator.h @@ -17,8 +17,8 @@ * with this program. If not, see . */ -#ifndef MAD_CLIENT_PASSWORDAUTHENTICATOR_H_ -#define MAD_CLIENT_PASSWORDAUTHENTICATOR_H_ +#ifndef MAD_CLIENT_AUTHENTICATORS_PASSWORDAUTHENTICATOR_H_ +#define MAD_CLIENT_AUTHENTICATORS_PASSWORDAUTHENTICATOR_H_ #include "../export.h" @@ -38,22 +38,22 @@ class MAD_CLIENT_EXPORT PasswordAuthenticator { std::string hash; protected: - virtual void sendRequest(); - virtual void handlePacket(boost::shared_ptr packet); + virtual void sendRequest(); + virtual void handlePacket(boost::shared_ptr packet); public: - PasswordAuthRequest(Common::Application *application, const std::string &username0, const std::string &password0, const std::string &hash0) - : Common::Request(application), username(username0), password(password0), hash(hash0) {} + PasswordAuthRequest(Common::Application *application, const std::string &username0, const std::string &password0, const std::string &hash0) + : Common::Request(application), username(username0), password(password0), hash(hash0) {} }; PasswordAuthenticator(); - public: - static void authenticate(Common::Application *application, Common::Connection *con, const std::string &username, const std::string &password) throw (Core::Exception); + public: + static void authenticate(Common::Application *application, Common::Connection *con, const std::string &username, const std::string &password) throw (Core::Exception); }; } } } -#endif /* MAD_CLIENT_PASSWORDAUTHENTICATOR_H_ */ +#endif /* MAD_CLIENT_AUTHENTICATORS_PASSWORDAUTHENTICATOR_H_ */ diff --git a/src/Client/CMakeLists.txt b/src/Client/CMakeLists.txt index 5af7fdb..cb2611d 100644 --- a/src/Client/CMakeLists.txt +++ b/src/Client/CMakeLists.txt @@ -3,6 +3,7 @@ include_directories(${INCLUDES}) mad_library(Client export.h + Authenticators/ChallengeResponseAuthenticator.h Authenticators/ChallengeResponseAuthenticator.cpp Authenticators/PasswordAuthenticator.h Authenticators/PasswordAuthenticator.cpp Requests/DaemonCommandRequest.h Requests/DaemonCommandRequest.cpp -- cgit v1.2.3