phpgroupware-cvs
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Phpgroupware-cvs] syncml inc/class.sosession.inc.php inc/class.sy...


From: Johan Gunnarsson
Subject: [Phpgroupware-cvs] syncml inc/class.sosession.inc.php inc/class.sy...
Date: Mon, 27 Aug 2007 07:49:59 +0000

CVSROOT:        /sources/phpgroupware
Module name:    syncml
Changes by:     Johan Gunnarsson <johang>       07/08/27 07:49:58

Modified files:
        inc            : class.sosession.inc.php 
                         class.syncml_auth_basic.inc.php 
                         class.syncml_auth_md5.inc.php 
                         class.syncml_command_synchdr.inc.php 
                         class.syncml_response.inc.php 
                         class.syncml_session.inc.php functions.inc.php 
        setup          : setup.inc.php tables_current.inc.php 
                         tables_update.php 

Log message:
        Authentication scheme "syncml:auth-md5" is now actually working.

CVSWeb URLs:
http://cvs.savannah.gnu.org/viewcvs/syncml/inc/class.sosession.inc.php?cvsroot=phpgroupware&r1=1.3&r2=1.4
http://cvs.savannah.gnu.org/viewcvs/syncml/inc/class.syncml_auth_basic.inc.php?cvsroot=phpgroupware&r1=1.1.1.1&r2=1.2
http://cvs.savannah.gnu.org/viewcvs/syncml/inc/class.syncml_auth_md5.inc.php?cvsroot=phpgroupware&r1=1.2&r2=1.3
http://cvs.savannah.gnu.org/viewcvs/syncml/inc/class.syncml_command_synchdr.inc.php?cvsroot=phpgroupware&r1=1.3&r2=1.4
http://cvs.savannah.gnu.org/viewcvs/syncml/inc/class.syncml_response.inc.php?cvsroot=phpgroupware&r1=1.4&r2=1.5
http://cvs.savannah.gnu.org/viewcvs/syncml/inc/class.syncml_session.inc.php?cvsroot=phpgroupware&r1=1.2&r2=1.3
http://cvs.savannah.gnu.org/viewcvs/syncml/inc/functions.inc.php?cvsroot=phpgroupware&r1=1.3&r2=1.4
http://cvs.savannah.gnu.org/viewcvs/syncml/setup/setup.inc.php?cvsroot=phpgroupware&r1=1.3&r2=1.4
http://cvs.savannah.gnu.org/viewcvs/syncml/setup/tables_current.inc.php?cvsroot=phpgroupware&r1=1.3&r2=1.4
http://cvs.savannah.gnu.org/viewcvs/syncml/setup/tables_update.php?cvsroot=phpgroupware&r1=1.2&r2=1.3

Patches:
Index: inc/class.sosession.inc.php
===================================================================
RCS file: /sources/phpgroupware/syncml/inc/class.sosession.inc.php,v
retrieving revision 1.3
retrieving revision 1.4
diff -u -b -r1.3 -r1.4
--- inc/class.sosession.inc.php 5 Aug 2007 17:15:40 -0000       1.3
+++ inc/class.sosession.inc.php 27 Aug 2007 07:49:58 -0000      1.4
@@ -7,7 +7,7 @@
         * @copyright Copyright (c) 2007 Free Software Foundation, Inc.
         * @license   GNU General Public License 3 or later
         * @package   syncml
-        * @version   $Id: class.sosession.inc.php,v 1.3 2007/08/05 17:15:40 
johang Exp $
+        * @version   $Id: class.sosession.inc.php,v 1.4 2007/08/27 07:49:58 
johang Exp $
         */
 
        /**
@@ -37,9 +37,14 @@
                function generate_session_hash($header)
                {
                        if(is_array($header))
+                       {
                                return md5(var_export($header, true));
+                       }
+                       else
+                       {
                        return (string)$header;
                }
+               }
                
                /**
                 * Get phpgw session id from SyncML header data.
@@ -59,12 +64,15 @@
                        $GLOBALS['phpgw']->db->query(sprintf('
                                UPDATE phpgw_syncml_sessions
                                SET session_dla = %d
-                               WHERE syncml_hash = \'%s\'',
+                               WHERE
+                                       syncml_hash = \'%s\'',
                                time(), $syncml_hash),
                                __LINE__, __FILE__);
                        
                        $GLOBALS['phpgw']->db->query(sprintf("
-                               SELECT phpgw_sid
+                               SELECT
+                                       phpgw_sid,
+                                       next_nonce
                                FROM phpgw_syncml_sessions
                                WHERE
                                        syncml_hash = '%s'",
@@ -73,21 +81,15 @@
                                
                        if(!$GLOBALS['phpgw']->db->next_record())
                        {
-                               /*
-                                       this is the first request in the 
session.
-                                       even if we're not logged in, we want to 
keep a session
-                                       with session variables (f. ex. nonce)
-                               */
+                               $this->set_session_mapping($syncml_hash, '');
                                
-                               $new_phpgw_sid = md5(
-                                       
$GLOBALS['phpgw']->common->randomstring(15));
-                               $this->set_session_mapping(
-                                       $syncml_hash, $new_phpgw_sid);
-                               
$GLOBALS['phpgw']->session->read_session($new_phpgw_sid);
-                               return $new_phpgw_sid;
+                               return array('', '');
                        }
                        
-                       return $GLOBALS['phpgw']->db->f('phpgw_sid');
+                       return array(
+                               $GLOBALS['phpgw']->db->f('phpgw_sid'),
+                               $GLOBALS['phpgw']->db->f('next_nonce')
+                       );
                }
                
                function remove_session_mapping($header)
@@ -129,4 +131,21 @@
                                time()),
                                __LINE__, __FILE__);
                }
+
+               /**
+                *
+                */
+               function set_next_nonce($header, $next_nonce)
+               {
+                       $syncml_hash = $this->generate_session_hash($header);
+
+                       $GLOBALS['phpgw']->db->query(sprintf('
+                               UPDATE phpgw_syncml_sessions
+                               SET next_nonce = \'%s\'
+                               WHERE
+                                       syncml_hash = \'%s\'',
+                               
$GLOBALS["phpgw"]->db->db_addslashes($next_nonce),
+                               $syncml_hash),
+                               __LINE__, __FILE__);
+               }
        }

Index: inc/class.syncml_auth_basic.inc.php
===================================================================
RCS file: /sources/phpgroupware/syncml/inc/class.syncml_auth_basic.inc.php,v
retrieving revision 1.1.1.1
retrieving revision 1.2
diff -u -b -r1.1.1.1 -r1.2
--- inc/class.syncml_auth_basic.inc.php 30 Jul 2007 13:04:38 -0000      1.1.1.1
+++ inc/class.syncml_auth_basic.inc.php 27 Aug 2007 07:49:58 -0000      1.2
@@ -7,7 +7,7 @@
         * @copyright Copyright (c) 2007 Free Software Foundation, Inc.
         * @license   GNU General Public License 3 or later
         * @package   syncml
-        * @version   $Id: class.syncml_auth_basic.inc.php,v 1.1.1.1 2007/07/30 
13:04:38 johang Exp $
+        * @version   $Id: class.syncml_auth_basic.inc.php,v 1.2 2007/08/27 
07:49:58 johang Exp $
         */
 
        /**
@@ -24,10 +24,9 @@
                 */
                function authenticate($data)
                {
-                       // $data is in the form b64(username:password).
+                       // $data is in the form username:password.
                        // neither username nor password should contain colon.
-                       @list($username, $passwd) =
-                               explode(':', base64_decode(@$data), 2);
+                       @list($username, $passwd) = explode(':', $data, 2);
 
                        return $GLOBALS['phpgw']->session->create(
                                $username, md5($passwd), 'md5');

Index: inc/class.syncml_auth_md5.inc.php
===================================================================
RCS file: /sources/phpgroupware/syncml/inc/class.syncml_auth_md5.inc.php,v
retrieving revision 1.2
retrieving revision 1.3
diff -u -b -r1.2 -r1.3
--- inc/class.syncml_auth_md5.inc.php   5 Aug 2007 17:15:40 -0000       1.2
+++ inc/class.syncml_auth_md5.inc.php   27 Aug 2007 07:49:58 -0000      1.3
@@ -7,7 +7,7 @@
         * @copyright Copyright (c) 2007 Free Software Foundation, Inc.
         * @license   GNU General Public License 3 or later
         * @package   syncml
-        * @version   $Id: class.syncml_auth_md5.inc.php,v 1.2 2007/08/05 
17:15:40 johang Exp $
+        * @version   $Id: class.syncml_auth_md5.inc.php,v 1.3 2007/08/27 
07:49:58 johang Exp $
         */
 
        /**
@@ -17,21 +17,25 @@
        {
                var $session;
 
-               function syncml_auth_md5(&$session)
+               var $locname;
+
+               function syncml_auth_md5(&$session, $locname)
                {
                        $this->session = &$session;
+                       $this->locname = $locname;
                }
 
                /**
                 * Check credentials.
                 *
-                * @param $digest Credentials as sent from client.
+                * @param $digest Credentials as sent from client. 128-bit 
binary
+                *                format.
                 * @return mixed  False on failure. New session ID as string on
                 *                success.
                 */
                function authenticate($digest)
                {
-                       $nonce = $this->session->get_var('next_nonce');
+                       $nonce = $this->session->next_nonce;
 
                        $GLOBALS['phpgw']->db->query(sprintf("
                                SELECT
@@ -41,9 +45,11 @@
                                JOIN phpgw_accounts     a ON
                                        a.account_id = h.account_id
                                WHERE
+                                       a.account_lid = '%s' AND
                                        md5(concat_ws(':', h.hash, '%s')) = 
'%s'",
+                               
$GLOBALS['phpgw']->db->db_addslashes($this->locname),
                                $GLOBALS['phpgw']->db->db_addslashes($nonce),
-                               
$GLOBALS['phpgw']->db->db_addslashes(base64_decode($digest))),
+                               bin2hex($digest)),
                                __LINE__, __FILE__);
 
                        if(!$GLOBALS['phpgw']->db->next_record())

Index: inc/class.syncml_command_synchdr.inc.php
===================================================================
RCS file: 
/sources/phpgroupware/syncml/inc/class.syncml_command_synchdr.inc.php,v
retrieving revision 1.3
retrieving revision 1.4
diff -u -b -r1.3 -r1.4
--- inc/class.syncml_command_synchdr.inc.php    16 Aug 2007 23:58:00 -0000      
1.3
+++ inc/class.syncml_command_synchdr.inc.php    27 Aug 2007 07:49:58 -0000      
1.4
@@ -7,7 +7,7 @@
         * @copyright Copyright (c) 2007 Free Software Foundation, Inc.
         * @license   GNU General Public License 3 or later
         * @package   syncml
-        * @version   $Id: class.syncml_command_synchdr.inc.php,v 1.3 
2007/08/16 23:58:00 johang Exp $
+        * @version   $Id: class.syncml_command_synchdr.inc.php,v 1.4 
2007/08/27 07:49:58 johang Exp $
         */
 
        require_once 'inc/class.syncml_command.inc.php';
@@ -71,15 +71,9 @@
 
                function execute(&$response, &$session)
                {
-                       if(isset($this->meta['maxmsgsize']))
-                       {
-                               $response->set_max_size(
-                                       min($this->meta['maxmsgsize'], 
SYNCML_MAXMSGSIZE));
-                       }
-                       else
-                       {
-                               $response->set_max_size(SYNCML_MAXMSGSIZE);
-                       }
+                       
$response->set_max_size(isset($this->meta['maxmsgsize']) ?
+                               min($this->meta['maxmsgsize'], 
SYNCML_MAXMSGSIZE) :
+                               SYNCML_MAXMSGSIZE);
                        
                        $response->set_header(
                                $this->verdtd, $this->verproto,
@@ -116,9 +110,18 @@
 
                        $sosession = new syncml_sosession();
 
-                       $id = array($this->target, $this->source, 
$this->sessionid);
+                       $id = array
+                       (
+                               $this->target['locuri'],
+                               $this->source['locuri'],
+                               $this->sessionid
+                       );
 
-                       $phpgw_session_id = 
$sosession->get_session_mapping($id);
+                       list($phpgw_session_id, $next_nonce) =
+                               $sosession->get_session_mapping($id);
+
+                       $session->next_nonce = $next_nonce;
+                       $session->id = $id;
 
                        
if($GLOBALS['phpgw']->session->verify($phpgw_session_id))
                        {
@@ -140,8 +143,6 @@
                                {
                                        $this->handle_failure($tmp, $response, 
$session);
                                }
-
-                               $session->commit();
                        }
 
                        $session->msgid = $this->msgid;
@@ -155,11 +156,8 @@
                        $session->session_data = 
$GLOBALS['phpgw']->session->appsession(
                                'session_data', 'syncml');
 
-                       $response->add_status(
-                               0, $this->msgid, "SyncHdr",
-                               $this->target["locuri"], 
$this->source["locuri"],
-                               SYNCML_STATUS_AUTHENTICATIONACCEPTED
-                       );
+                       $this->add_authentication_status(
+                               SYNCML_STATUS_AUTHENTICATIONACCEPTED, 
$response, $session);
                }
 
                /**
@@ -188,11 +186,38 @@
 
                        $response->set_global_status_code($code);
 
-                       $response->add_status_with_basic_chal(
+                       $this->add_authentication_status($code, $response, 
$session);
+               }
+
+               /**
+                *
+                */
+               function add_authentication_status($code, &$response, &$session)
+               {
+                       $auth_type = (isset($this->cred) &&
+                               isset($this->cred['meta']['type'])) ?
+                               $this->cred['meta']['type'] : '';
+
+                       $nonce = NULL;
+
+                       switch($auth_type)
+                       {
+                               case 'syncml:auth-md5':
+                                       $nonce = md5(uniqid(time()));
+                                       $session->next_nonce = $nonce;
+                               case 'syncml:auth-basic':
+                                       break;
+                               default:
+                                       $auth_type = 'syncml:auth-basic';
+                       }
+
+                       $response->add_status_with_chal(
                                0, $this->msgid, 'SyncHdr',
-                               isset($this->target['locuri']) ? 
$this->target['locuri'] : NULL,
-                               isset($this->source['locuri']) ? 
$this->target['locuri'] : NULL,
-                               $code
+                               isset($this->target['locuri']) ?
+                                       $this->target['locuri'] : NULL,
+                               isset($this->source['locuri']) ?
+                                       $this->target['locuri'] : NULL,
+                               $code, $auth_type, $nonce
                        );
                }
 
@@ -219,7 +244,11 @@
                                        $auth = new syncml_auth_basic();
                                        break;
                                case "syncml:auth-md5":
-                                       $auth = new syncml_auth_md5($session);
+                                       $auth = new syncml_auth_md5(
+                                               $session,
+                                               isset($this->source) &&
+                                                       
isset($this->source['locname']) ?
+                                               $this->source['locname'] : 
NULL);
                                        break;
                                default:
                                        // unsupported auth type
@@ -227,7 +256,11 @@
                        }
 
                        // this returns either false, int or a session_id 
string.
-                       return $auth->authenticate($this->cred['data']);
+                       // if auth data is b64 encoded, decode it.
+                       return $auth->authenticate(
+                               (isset($this->cred['meta']['format']) &&
+                                       $this->cred['meta']['format'] = 'b64') ?
+                               base64_decode($this->cred['data']) : 
$this->cred['data']);
                }
        }
 ?>

Index: inc/class.syncml_response.inc.php
===================================================================
RCS file: /sources/phpgroupware/syncml/inc/class.syncml_response.inc.php,v
retrieving revision 1.4
retrieving revision 1.5
diff -u -b -r1.4 -r1.5
--- inc/class.syncml_response.inc.php   16 Aug 2007 23:58:00 -0000      1.4
+++ inc/class.syncml_response.inc.php   27 Aug 2007 07:49:58 -0000      1.5
@@ -7,7 +7,7 @@
         * @copyright Copyright (c) 2007 Free Software Foundation, Inc.
         * @license   GNU General Public License 3 or later
         * @package   syncml
-        * @version   $Id: class.syncml_response.inc.php,v 1.4 2007/08/16 
23:58:00 johang Exp $
+        * @version   $Id: class.syncml_response.inc.php,v 1.5 2007/08/27 
07:49:58 johang Exp $
         */
 
        define('METINF', 'xmlns="syncml:metinf"');
@@ -248,8 +248,8 @@
                                        @$meta['size'], METINF);
                }
 
-               function add_status_with_basic_chal($cmdref, $msgref, $cmd, 
$trgref,
-                       $srcref, $data)
+               function add_status_with_chal($cmdref, $msgref, $cmd, $trgref,
+                       $srcref, $data, $type, $nonce = NULL)
                {
                        $this->status_count++;
 
@@ -265,9 +265,11 @@
                                        '<Chal>' .
                                                '<Meta>' .
                                                        '<Type 
xmlns="syncml:metinf">' .
-                                                               
'syncml:auth-basic' .
+                                                               $type .
                                                        '</Type>' .
                                                        '<Format 
xmlns="syncml:metinf">b64</Format>' .
+                                                       ec($nonce, 'NextNonce', 
base64_encode($nonce),
+                                                               METINF) .
                                                '</Meta>' .
                                        '</Chal>' .
                                '</Status>'

Index: inc/class.syncml_session.inc.php
===================================================================
RCS file: /sources/phpgroupware/syncml/inc/class.syncml_session.inc.php,v
retrieving revision 1.2
retrieving revision 1.3
diff -u -b -r1.2 -r1.3
--- inc/class.syncml_session.inc.php    5 Aug 2007 17:15:41 -0000       1.2
+++ inc/class.syncml_session.inc.php    27 Aug 2007 07:49:58 -0000      1.3
@@ -7,7 +7,7 @@
         * @copyright Copyright (c) 2007 Free Software Foundation, Inc.
         * @license   GNU General Public License 3 or later
         * @package   syncml
-        * @version   $Id: class.syncml_session.inc.php,v 1.2 2007/08/05 
17:15:41 johang Exp $
+        * @version   $Id: class.syncml_session.inc.php,v 1.3 2007/08/27 
07:49:58 johang Exp $
         */
 
        require_once 'inc/constants.inc.php';
@@ -28,6 +28,10 @@
                        'modified_luids' => array()
                );*/
 
+               var $id;
+
+               var $next_nonce;
+
                /**
                 * Message ID of current message.
                 */
@@ -242,6 +246,10 @@
                 {
                        $GLOBALS['phpgw']->session->appsession(
                                'session_data', 'syncml', $this->session_data);
+
+                       $sosession = new syncml_sosession();
+
+                       $sosession->set_next_nonce($this->id, 
$this->next_nonce);
                 }
        }
 ?>

Index: inc/functions.inc.php
===================================================================
RCS file: /sources/phpgroupware/syncml/inc/functions.inc.php,v
retrieving revision 1.3
retrieving revision 1.4
diff -u -b -r1.3 -r1.4
--- inc/functions.inc.php       16 Aug 2007 23:58:01 -0000      1.3
+++ inc/functions.inc.php       27 Aug 2007 07:49:58 -0000      1.4
@@ -7,7 +7,7 @@
         * @copyright Copyright (c) 2007 Free Software Foundation, Inc.
         * @license   GNU General Public License 3 or later
         * @package   syncml
-        * @version   $Id: functions.inc.php,v 1.3 2007/08/16 23:58:01 johang 
Exp $
+        * @version   $Id: functions.inc.php,v 1.4 2007/08/27 07:49:58 johang 
Exp $
         */
 
        /**
@@ -45,9 +45,11 @@
         */
        function syncml_calculate_digest($username, $password, $nonce)
        {
-               return base64_encode(md5(
-                       base64_encode(md5($username . ':' . $password, true)). 
':' . $nonce
-               ));
+               return md5(
+                       base64_encode(md5($username . ':' . $password, true)) .
+                               ':' . $nonce,
+                       true
+               );
        }
 
        /**

Index: setup/setup.inc.php
===================================================================
RCS file: /sources/phpgroupware/syncml/setup/setup.inc.php,v
retrieving revision 1.3
retrieving revision 1.4
diff -u -b -r1.3 -r1.4
--- setup/setup.inc.php 16 Aug 2007 23:58:01 -0000      1.3
+++ setup/setup.inc.php 27 Aug 2007 07:49:58 -0000      1.4
@@ -7,12 +7,12 @@
         * @copyright Copyright (c) 2007 Free Software Foundation, Inc.
         * @license   GNU General Public License 3 or later
         * @package   syncml
-        * @version   $Id: setup.inc.php,v 1.3 2007/08/16 23:58:01 johang Exp $
+        * @version   $Id: setup.inc.php,v 1.4 2007/08/27 07:49:58 johang Exp $
         */
 
        $setup_info['syncml']['name'] = 'syncml';
        $setup_info['syncml']['title'] = 'SyncML Synchronization';
-       $setup_info['syncml']['version'] = '0.9.17.002';
+       $setup_info['syncml']['version'] = '0.9.17.003';
        $setup_info['syncml']['license']  = 'GNU General Public License';
 
        $setup_info['syncml']['app_order'] = 10;

Index: setup/tables_current.inc.php
===================================================================
RCS file: /sources/phpgroupware/syncml/setup/tables_current.inc.php,v
retrieving revision 1.3
retrieving revision 1.4
diff -u -b -r1.3 -r1.4
--- setup/tables_current.inc.php        16 Aug 2007 23:58:01 -0000      1.3
+++ setup/tables_current.inc.php        27 Aug 2007 07:49:58 -0000      1.4
@@ -7,7 +7,7 @@
         * @copyright Copyright (c) 2007 Free Software Foundation, Inc.
         * @license   GNU General Public License 3 or later
         * @package   syncml
-        * @version   $Id: tables_current.inc.php,v 1.3 2007/08/16 23:58:01 
johang Exp $
+        * @version   $Id: tables_current.inc.php,v 1.4 2007/08/27 07:49:58 
johang Exp $
         */
 
        $phpgw_baseline = array(
@@ -24,6 +24,9 @@
                                        'nullable' => False),
                                'session_dla' => array(
                                        'type' => 'int', 'precision' => '8',
+                                       'nullable' => False),
+                               'next_nonce' => array(
+                                       'type' => 'varchar', 'precision' => 
'32',
                                        'nullable' => False)
                        ),
                        'pk' => array('syncml_hash'),

Index: setup/tables_update.php
===================================================================
RCS file: /sources/phpgroupware/syncml/setup/tables_update.php,v
retrieving revision 1.2
retrieving revision 1.3
diff -u -b -r1.2 -r1.3
--- setup/tables_update.php     16 Aug 2007 23:58:02 -0000      1.2
+++ setup/tables_update.php     27 Aug 2007 07:49:58 -0000      1.3
@@ -7,12 +7,12 @@
         * @copyright Copyright (c) 2007 Free Software Foundation, Inc.
         * @license   GNU General Public License 3 or later
         * @package   syncml
-        * @version   $Id: tables_update.php,v 1.2 2007/08/16 23:58:02 johang 
Exp $
+        * @version   $Id: tables_update.php,v 1.3 2007/08/27 07:49:58 johang 
Exp $
         */
 
        $test[] = '0.9.17.001';
 
-       function notes_upgrade0.9.17.001()
+       function syncml_upgrade0.9.17.001()
        {
                $GLOBALS['phpgw_setup']->oProc->RenameTable(
                        'phpgw_syncml_channel', 'phpgw_syncml_channels'
@@ -38,4 +38,17 @@
                $GLOBALS['setup_info']['syncml']['currentver'] = '0.9.17.002';
                return $GLOBALS['setup_info']['syncml']['currentver'];
        }
+
+       $test[] = '0.9.17.002';
+
+       function syncml_upgrade0.9.17.002()
+       {
+               $GLOBALS['phpgw_setup']->oProc->AddColumn(
+                       'phpgw_syncml_sessions', 'next_nonce', array(
+                               'type' => 'varchar', 'precision' => '32', 
'nullable' => False)
+               );
+
+               $GLOBALS['setup_info']['syncml']['currentver'] = '0.9.17.003';
+               return $GLOBALS['setup_info']['syncml']['currentver'];
+       }
 ?>




reply via email to

[Prev in Thread] Current Thread [Next in Thread]