Andrei Pelinescu-Onciul napsal(a):
> Hi,
>
> I've just finished changing auth to use base64 nonces. However I did find
> a few strange things that I want to check with you before commiting:
>
> 1. in check_nonce(...) in the beginning we have something like:
> if (get_nonce_len(cfg) != nonce->len) {
> return 1; /* Lengths must be equal */
> }
If you need consider changing extra checks then probably yes, but if you
omit this check then function never returns "1". But
get_auth_checks(msg) return value is not transparent for me.
>
> I think this should be deleted, because one can have for example a ser
> restart with different cfg (e.g.: auth_extra_checks enabled) which might
> change the nonce length. So having a different nonce lenght from the
> configured one, is a valid case that should be caught by the new
> up_since check.
>
> 2. check_nonce(): the if (since < up_since) check is inside an if that
> get executed only if calc_nonce(...) fails. However calc_nonce(..) fails
> only if passed a nonce buffer which is too small to hold the entire
> nonce (which never happens in this case).
> I think it should be moved outside that if.
Oaps, yes it should be put before calc_nonce() function.
>
> 3. is it ok if instead of calling is_nonce_stale() in post_auth, I call
> it in check_nonce() and mark it (auth->stale=1) in auth_check_hdr_md5?
> The problems is that now the nonce is a base64 encoded binary blob and I
> want to decode it only once in check_nonce() and avoid decoding it a
> second time in post_auth.
>
>
> Andrei
--
-----------------------------
Tomas Mandys
[EMAIL PROTECTED]
Tekelec Czech Republic s.r.o.
-----------------------------
_______________________________________________
Serdev mailing list
[email protected]
http://lists.iptel.org/mailman/listinfo/serdev
