Overview
| SHA1 Hash: | 776753118f1bafcab5b2867aeec5a6c0dacea765 |
|---|---|
| Date: | 2007-09-12 02:25:37 |
| User: | drh |
| Comment: | The nonce of a login card in the sync protocol is now the SHA1 hash of the remainder of the sync message. The signature is the SHA1 hash of the concatenation of the nonce and the users password. |
| Timelines: | ancestors | descendants | both | trunk |
| Other Links: | files | ZIP archive | manifest |
Tags And Properties
- branch=trunk inherited from [a28c83647d]
- sym-trunk inherited from [a28c83647d]
Changes
[hide diffs]Modified src/http.c from [3357e23c47] to [43986095c4].
@@ -167,11 +167,11 @@
int i;
int cnt = 0;
blob_zero(&nonce);
blob_zero(&pw);
- db_blob(&nonce, "SELECT hex(randomblob(20))");
+ sha1sum_blob(pSend, &nonce);
blob_copy(&pw, &nonce);
blob_zero(&login);
if( g.urlUser==0 ){
user_select();
db_blob(&pw, "SELECT pw FROM user WHERE uid=%d", g.userUid);
Modified src/xfer.c from [00b48b7513] to [1a89a70762].
@@ -247,20 +247,37 @@
pXfer->nGimmeSent++;
}
db_finalize(&q);
}
+/*
+** Compute an SHA1 hash on the tail of pMsg. Verify that it matches the
+** the hash given in pHash. Return 1 on a successful match. Return 0
+** if there is a mismatch.
+*/
+static int check_tail_hash(Blob *pHash, Blob *pMsg){
+ Blob tail;
+ Blob h2;
+ int rc;
+ blob_tail(pMsg, &tail);
+ sha1sum_blob(&tail, &h2);
+ rc = blob_compare(pHash, &h2);
+ blob_reset(&h2);
+ blob_reset(&tail);
+ return rc==0;
+}
+
/*
** Check the signature on an application/x-fossil payload received by
** the HTTP server. The signature is a line of the following form:
**
** login LOGIN NONCE SIGNATURE
**
-** The NONCE is a random string. The server will never accept a
-** repeat NONCE. SIGNATURE is the SHA1 checksum of the NONCE
-** concatenated with the users password.
+** The NONCE is the SHA1 hash of the remainder of the input.
+** SIGNATURE is the SHA1 checksum of the NONCE concatenated
+** with the users password.
**
** The parameters to this routine are ephermeral blobs holding the
** LOGIN, NONCE and SIGNATURE.
**
** This routine attempts to locate the user and verify the signature.
@@ -274,13 +291,10 @@
*/
void check_login(Blob *pLogin, Blob *pNonce, Blob *pSig){
Stmt q;
int rc;
- if( db_exists("SELECT 1 FROM rcvfrom WHERE nonce=%B", pNonce) ){
- return; /* Never accept a repeated nonce */
- }
db_prepare(&q, "SELECT pw, cap, uid FROM user WHERE login=%B", pLogin);
if( db_step(&q)==SQLITE_ROW ){
Blob pw, combined, hash;
blob_zero(&pw);
db_ephemeral_blob(&q, 0, &pw);
@@ -536,11 +550,11 @@
if( blob_eq(&xfer.aToken[0], "login")
&& xfer.nToken==4
){
if( disableLogin ){
g.okRead = g.okWrite = 1;
- }else{
+ }else if( check_tail_hash(&xfer.aToken[2], xfer.pIn) ){
check_login(&xfer.aToken[1], &xfer.aToken[2], &xfer.aToken[3]);
}
}else
/* cookie TEXT
Modified www/sync.html from [e2578a4066] to [4b94620e24].
@@ -120,16 +120,19 @@ <blockquote> <b>login</b> <i>userid nonce signature</i> </blockquote> <p>The userid is the name of the user that is requesting service -from the server. The nonce is a random one-use hexadecimal number. -The signature is the SHA1 hash of the users password.</p> +from the server. The nonce is the SHA1 hash of the remainder of +the message - all text that follows the newline character that +terminates the login card. The signature is the SHA1 hash of +the concatenation of the nonce and the users password.</p> <p>For each login card, the server looks up the user and verifies -that the nonce has never before been used. It then checks the -signature hash to make sure the signature matches. If everything +that the nonce matches the SHA1 hash of the remainder of the +message. It then checks the signature hash to make sure the +signature matches. If everything checks out, then the client is granted all privileges of the specified user.</p> <p>Privileges are cumulative. There can be multiple successful login cards. The session privileges are the bit-wise OR of the