diff options
| author | Andreas Nilsson <andreas.nilsson@10gen.com> | 2014-09-17 15:44:12 -0700 |
|---|---|---|
| committer | Andreas Nilsson <andreas.nilsson@10gen.com> | 2014-09-17 15:50:45 -0700 |
| commit | 6b20b7dca19f3597978031fb7dc301380b29bf09 (patch) | |
| tree | 59d8fededd15c7baf1f103c3eee44262f8085630 /src/mongo/db/auth/sasl_scramsha1_server_conversation.cpp | |
| parent | 8e3ce6437f5ddf13eab8b256ee5ff98e5e64d410 (diff) | |
| download | mongo-6b20b7dca19f3597978031fb7dc301380b29bf09.tar.gz | |
SERVER-7596 Removed trailing whitespaces
Diffstat (limited to 'src/mongo/db/auth/sasl_scramsha1_server_conversation.cpp')
| -rw-r--r-- | src/mongo/db/auth/sasl_scramsha1_server_conversation.cpp | 82 |
1 files changed, 41 insertions, 41 deletions
diff --git a/src/mongo/db/auth/sasl_scramsha1_server_conversation.cpp b/src/mongo/db/auth/sasl_scramsha1_server_conversation.cpp index 373093a26fc..304e040846f 100644 --- a/src/mongo/db/auth/sasl_scramsha1_server_conversation.cpp +++ b/src/mongo/db/auth/sasl_scramsha1_server_conversation.cpp @@ -55,9 +55,9 @@ namespace mongo { _nonce("") { } - StatusWith<bool> SaslSCRAMSHA1ServerConversation::step(const StringData& inputData, + StatusWith<bool> SaslSCRAMSHA1ServerConversation::step(const StringData& inputData, std::string* outputData) { - + std::vector<std::string> input = StringSplitter::split(inputData.toString(), ","); _step++; @@ -76,8 +76,8 @@ namespace mongo { return StatusWith<bool>(true); } - - /* + + /* * RFC 5802 specifies that in SCRAM user names characters ',' and '=' are encoded as * =2C and =3D respectively. */ @@ -86,7 +86,7 @@ namespace mongo { boost::replace_all(user, "=3D", "="); } - /* + /* * Parse client-first-message of the form: * n,a=authzid,n=encoded-username,r=client-nonce * @@ -104,45 +104,45 @@ namespace mongo { std::string authzId = ""; if (input.size() == 4) { - /* The second entry a=authzid is optional. If provided it will be + /* The second entry a=authzid is optional. If provided it will be * validated against the encoded username. - * + * * The two allowed input forms are: * n,,n=encoded-username,r=client-nonce * n,a=authzid,n=encoded-username,r=client-nonce */ if (!str::startsWith(input[1], "a=") || input[1].size() < 3) { - return StatusWith<bool>(ErrorCodes::BadValue, mongoutils::str::stream() << + return StatusWith<bool>(ErrorCodes::BadValue, mongoutils::str::stream() << "Incorrect SCRAM-SHA-1 authzid: " << input[1]); } authzId = input[1].substr(2); input.erase(input.begin() + 1); } - + if (input.size() != 3) { - return StatusWith<bool>(ErrorCodes::BadValue, mongoutils::str::stream() << + return StatusWith<bool>(ErrorCodes::BadValue, mongoutils::str::stream() << "Incorrect number of arguments for first SCRAM-SHA-1 client message, got " << input.size() << " expected 4"); } else if (input[0] != "n") { - return StatusWith<bool>(ErrorCodes::BadValue, mongoutils::str::stream() << + return StatusWith<bool>(ErrorCodes::BadValue, mongoutils::str::stream() << "Incorrect SCRAM-SHA-1 client message prefix: " << input[0]); } else if (!str::startsWith(input[1], "n=") || input[1].size() < 3) { - return StatusWith<bool>(ErrorCodes::BadValue, mongoutils::str::stream() << + return StatusWith<bool>(ErrorCodes::BadValue, mongoutils::str::stream() << "Incorrect SCRAM-SHA-1 user name: " << input[1]); } else if(!str::startsWith(input[2], "r=") || input[2].size() < 6) { - return StatusWith<bool>(ErrorCodes::BadValue, mongoutils::str::stream() << + return StatusWith<bool>(ErrorCodes::BadValue, mongoutils::str::stream() << "Incorrect SCRAM-SHA-1 client nonce: " << input[2]); } - + // add client-first-message-bare to _authMessage _authMessage += input[1] + "," + input[2] + ","; _user = input[1].substr(2); if (!authzId.empty() && _user != authzId) { - return StatusWith<bool>(ErrorCodes::BadValue, mongoutils::str::stream() << + return StatusWith<bool>(ErrorCodes::BadValue, mongoutils::str::stream() << "SCRAM-SHA-1 user name " << _user << " does not match authzid " << authzId); } @@ -163,7 +163,7 @@ namespace mongo { _creds = userObj->getCredentials(); _saslAuthSession->getAuthorizationSession()->getAuthorizationManager(). releaseUser(userObj); - + // Generate SCRAM credentials on the fly for mixed MONGODB-CR/SCRAM mode. if (_creds.scram.salt.empty() && !_creds.password.empty()) { BSONObj scramCreds = scram::generateCredentials(_creds.password); @@ -177,21 +177,21 @@ namespace mongo { // Create text-based nonce as base64 encoding of a binary blob of length multiple of 3 const int nonceLenQWords = 3; uint64_t binaryNonce[nonceLenQWords]; - + scoped_ptr<SecureRandom> sr(SecureRandom::create()); binaryNonce[0] = sr->nextInt64(); binaryNonce[1] = sr->nextInt64(); binaryNonce[2] = sr->nextInt64(); - - _nonce = clientNonce + + + _nonce = clientNonce + base64::encode(reinterpret_cast<char*>(binaryNonce), sizeof(binaryNonce)); StringBuilder sb; sb << "r=" << _nonce << - ",s=" << _creds.scram.salt << + ",s=" << _creds.scram.salt << ",i=" << _creds.scram.iterationCount; *outputData = sb.str(); - + // add server-first-message to authMessage _authMessage += *outputData + ","; @@ -199,39 +199,39 @@ namespace mongo { #endif // MONGO_SSL } - /** + /** * Parse client-final-message of the form: * c=channel-binding(base64),r=client-nonce|server-nonce,p=ClientProof * * Generate successful authentication server-final-message on the form: - * v=ServerSignature - * + * v=ServerSignature + * * or failed authentication server-final-message on the form: * e=message * * NOTE: we are ignoring the channel binding part of the message **/ - StatusWith<bool> SaslSCRAMSHA1ServerConversation::_secondStep(const std::vector<string>& input, + StatusWith<bool> SaslSCRAMSHA1ServerConversation::_secondStep(const std::vector<string>& input, std::string* outputData) { #ifndef MONGO_SSL - return StatusWith<bool>(ErrorCodes::InternalError, + return StatusWith<bool>(ErrorCodes::InternalError, "The server is not compiled with SSL support"); #else if (input.size() != 3) { - return StatusWith<bool>(ErrorCodes::BadValue, mongoutils::str::stream() << - "Incorrect number of arguments for second SCRAM-SHA-1 client message, got " << + return StatusWith<bool>(ErrorCodes::BadValue, mongoutils::str::stream() << + "Incorrect number of arguments for second SCRAM-SHA-1 client message, got " << input.size() << " expected 3"); } else if (!str::startsWith(input[0], "c=") || input[0].size() < 3) { - return StatusWith<bool>(ErrorCodes::BadValue, mongoutils::str::stream() << + return StatusWith<bool>(ErrorCodes::BadValue, mongoutils::str::stream() << "Incorrect SCRAM-SHA-1 channel binding: " << input[0]); } else if (!str::startsWith(input[1], "r=") || input[1].size() < 6) { - return StatusWith<bool>(ErrorCodes::BadValue, mongoutils::str::stream() << + return StatusWith<bool>(ErrorCodes::BadValue, mongoutils::str::stream() << "Incorrect SCRAM-SHA-1 client|server nonce: " << input[1]); } else if(!str::startsWith(input[2], "p=") || input[2].size() < 3) { - return StatusWith<bool>(ErrorCodes::BadValue, mongoutils::str::stream() << + return StatusWith<bool>(ErrorCodes::BadValue, mongoutils::str::stream() << "Incorrect SCRAM-SHA-1 ClientProof: " << input[2]); } @@ -241,13 +241,13 @@ namespace mongo { // Concatenated nonce sent by client should equal the one in server-first-message std::string nonce = input[1].substr(2); if (nonce != _nonce) { - return StatusWith<bool>(ErrorCodes::BadValue, mongoutils::str::stream() << + return StatusWith<bool>(ErrorCodes::BadValue, mongoutils::str::stream() << "Unmatched SCRAM-SHA-1 nonce received from client in second step, expected " << _nonce << " but received " << nonce); } std::string clientProof = input[2].substr(2); - + // Do server side computations, compare storedKeys and generate client-final-message // AuthMessage := client-first-message-bare + "," + // server-first-message + "," + @@ -255,7 +255,7 @@ namespace mongo { // ClientSignature := HMAC(StoredKey, AuthMessage) // ClientKey := ClientSignature XOR ClientProof // ServerSignature := HMAC(ServerKey, AuthMessage) - + unsigned int hashLen = 0; unsigned char clientSignature[scram::hashSize]; @@ -268,7 +268,7 @@ namespace mongo { _authMessage.size(), clientSignature, &hashLen)); - + fassert(18658, hashLen == scram::hashSize); try { @@ -277,7 +277,7 @@ namespace mongo { catch (const DBException& ex) { return StatusWith<bool>(ex.toStatus()); } - const unsigned char *decodedClientProof = + const unsigned char *decodedClientProof = reinterpret_cast<const unsigned char*>(clientProof.c_str()); // ClientKey := ClientSignature XOR ClientProof @@ -287,15 +287,15 @@ namespace mongo { } // StoredKey := H(ClientKey) - unsigned char computedStoredKey[scram::hashSize]; + unsigned char computedStoredKey[scram::hashSize]; fassert(18659, SHA1(clientKey, scram::hashSize, computedStoredKey)); - + if (memcmp(decodedStoredKey.c_str(), computedStoredKey, scram::hashSize) != 0) { return StatusWith<bool>(ErrorCodes::AuthenticationFailed, - mongoutils::str::stream() << + mongoutils::str::stream() << "SCRAM-SHA-1 auhentication failed, storedKey mismatch"); } - + // ServerSignature := HMAC(ServerKey, AuthMessage) unsigned char serverSignature[scram::hashSize]; std::string decodedServerKey = base64::decode(_creds.scram.serverKey); @@ -306,7 +306,7 @@ namespace mongo { _authMessage.size(), serverSignature, &hashLen)); - + fassert(18661, hashLen == scram::hashSize); StringBuilder sb; |