Hi,
I've just finished changing auth to use base64 nonces. However I did find
a few strange things that I want to check with you before commiting:
1. in check_nonce(...) in the beginning we have something like:
if (get_nonce_len(cfg) != nonce->len) {
return 1; /* Lengths must be equal */
}
I think this should be deleted, because one can have for example a ser
restart with different cfg (e.g.: auth_extra_checks enabled) which might
change the nonce length. So having a different nonce lenght from the
configured one, is a valid case that should be caught by the new
up_since check.
2. check_nonce(): the if (since < up_since) check is inside an if that
get executed only if calc_nonce(...) fails. However calc_nonce(..) fails
only if passed a nonce buffer which is too small to hold the entire
nonce (which never happens in this case).
I think it should be moved outside that if.
3. is it ok if instead of calling is_nonce_stale() in post_auth, I call
it in check_nonce() and mark it (auth->stale=1) in auth_check_hdr_md5?
The problems is that now the nonce is a base64 encoded binary blob and I
want to decode it only once in check_nonce() and avoid decoding it a
second time in post_auth.
Andrei
_______________________________________________
Serdev mailing list
[email protected]
http://lists.iptel.org/mailman/listinfo/serdev
