| 200 | }; |
| 201 | |
| 202 | int ExtAuthClient::authenticate(ThrowStatusWrapper* status, IClientBlock* cBlock) |
| 203 | { |
| 204 | try |
| 205 | { |
| 206 | // did we initialize correctly? |
| 207 | if (iniLvl < 3) |
| 208 | return AUTH_CONTINUE; |
| 209 | |
| 210 | // check for missing login from the user |
| 211 | if ((!ignoreLogin) && cBlock->getLogin()) |
| 212 | return AUTH_CONTINUE; |
| 213 | |
| 214 | // check for missing password from the user |
| 215 | if ((!ignorePassword) && cBlock->getPassword()) |
| 216 | return AUTH_CONTINUE; |
| 217 | |
| 218 | // check for presence of authenticatiion block |
| 219 | IAuthBlock* authBlock = cBlock->getAuthBlock(status); |
| 220 | if (!authBlock) |
| 221 | return AUTH_CONTINUE; |
| 222 | if (!authBlock->first(status)) |
| 223 | return AUTH_CONTINUE; |
| 224 | |
| 225 | // and for presence of user name in that authenticatiion block |
| 226 | const char* login = NULL; |
| 227 | do |
| 228 | { |
| 229 | const char* type = authBlock->getType(); |
| 230 | if (type && (strcmp(type, "USER") == 0)) |
| 231 | { |
| 232 | login = authBlock->getName(); |
| 233 | if (login) |
| 234 | break; |
| 235 | } |
| 236 | } while(authBlock->next(status)); |
| 237 | if (!login) |
| 238 | return AUTH_CONTINUE; |
| 239 | |
| 240 | // check if server started to talk to us |
| 241 | unsigned dl = 0; |
| 242 | const unsigned char* data = cBlock->getData(&dl); |
| 243 | if (dl == 0 || !data) |
| 244 | return AUTH_MORE_DATA; |
| 245 | |
| 246 | // decrypt message |
| 247 | unsigned char bytes[RANDSIZE + LOGINSIZE + 1]; |
| 248 | unsigned long outlen = RANDSIZE; |
| 249 | int result = 0; |
| 250 | check(status, rsa_decrypt_key(data, dl, bytes, &outlen, NULL, 0, hash.index, &result, &privateKey), |
| 251 | "Error decrypting message"); |
| 252 | if (outlen < RANDSIZE) |
| 253 | error(status, "Malformed data from server - missing random block"); |
| 254 | |
| 255 | // next append login to random block |
| 256 | unsigned len = strlen(login); |
| 257 | if (len > LOGINSIZE) |
| 258 | len = LOGINSIZE; |
| 259 | memcpy(&bytes[RANDSIZE], login, len); |
nothing calls this directly
no test coverage detected