Commit bd5889c8 authored by ale's avatar ale

Validate ticket fields before signing

It's probably wise to verify that the ticket that we're about to sign is
syntactically correct. Required fields must be present, and values
should not contain separator characters.
parent 7dc1803f
......@@ -251,6 +251,33 @@ int sso_generate_keys(unsigned char *publicp, unsigned char *secretp) {
return crypto_sign_keypair(publicp, secretp);
}
static int sso_ticket_validate_fields(sso_ticket_t t) {
char **gp;
// Ensure that required fields are set.
if ((t->user == NULL) || (t->service == NULL) || (t->domain == NULL)) {
return SSO_ERR_MISSING_REQUIRED_FIELD;
}
// Check the syntax of the fields. The only requirement is that they
// do not contain the separator character, besides that anything
// will do. The (better) alternative would be to escape the values.
if ((strchr(t->user, FIELD_SEP_CH) != NULL) ||
(strchr(t->service, FIELD_SEP_CH) != NULL) ||
(strchr(t->domain, FIELD_SEP_CH) != NULL)) {
return SSO_ERR_INVALID_FIELD;
}
if (t->groups != NULL) {
for (gp = t->groups; *gp; gp++) {
if ((strchr(*gp, FIELD_SEP_CH) != NULL) ||
strchr(*gp, GROUP_SEP_CH) != NULL) {
return SSO_ERR_INVALID_FIELD;
}
}
}
return SSO_OK;
}
int sso_ticket_sign(sso_ticket_t t, const unsigned char *secret_key, char *out,
size_t out_size) {
char *serialized;
......@@ -259,6 +286,11 @@ int sso_ticket_sign(sso_ticket_t t, const unsigned char *secret_key, char *out,
unsigned long long signed_size;
int r;
r = sso_ticket_validate_fields(t);
if (r != SSO_OK) {
return r;
}
serialized = sso_ticket_serialize(t);
if (serialized == NULL) {
return SSO_ERR_SERIALIZATION;
......@@ -360,6 +392,10 @@ const char *sso_strerror(int err) {
return "invalid ticket (bad domain)";
case SSO_ERR_NO_MATCHING_GROUPS:
return "no matching groups";
case SSO_ERR_MISSING_REQUIRED_FIELD:
return "missing a required field";
case SSO_ERR_INVALID_FIELD:
return "a field has invalid syntax";
default:
return "unknown error";
}
......
......@@ -21,6 +21,8 @@ extern "C" {
#define SSO_ERR_BAD_DOMAIN -9
#define SSO_ERR_NO_MATCHING_GROUPS -10
#define SSO_ERR_DECODE64 -11
#define SSO_ERR_MISSING_REQUIRED_FIELD -13
#define SSO_ERR_INVALID_FIELD -14
#define SSO_PUBLIC_KEY_SIZE 32
#define SSO_SECRET_KEY_SIZE 64
......
This diff is collapsed.
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment