From 3d90e3a5393ff45b4915a1c915edd4c24b21763c Mon Sep 17 00:00:00 2001 From: Jean Raby Date: Mon, 4 Feb 2013 13:55:53 -0500 Subject: [PATCH] Bump userkey length from 64 to 160 bytes Allows for much longer username@domain:password strings. Fixes #2212 To bump it further, the database schema will have to be updated to allow a longer c_value (currently 255 chars) --- SoObjects/SOGo/SOGoWebAuthenticator.m | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/SoObjects/SOGo/SOGoWebAuthenticator.m b/SoObjects/SOGo/SOGoWebAuthenticator.m index cfe2482f0..a4e722811 100644 --- a/SoObjects/SOGo/SOGoWebAuthenticator.m +++ b/SoObjects/SOGo/SOGoWebAuthenticator.m @@ -55,6 +55,12 @@ #endif #import "SOGoWebAuthenticator.h" +#define COOKIE_SESSIONKEY_LEN 16 +/* the key b64 encoded key XORed with the cookie value + * must fit in the database field which is 255 char long at the moment + */ +#define COOKIE_USERKEY_LEN 160 + @implementation SOGoWebAuthenticator + (id) sharedSOGoWebAuthenticator @@ -369,8 +375,8 @@ // In memcached, the session key will be associated to the user's password // which will be XOR'ed with the user key. // - sessionKey = [SOGoSession generateKeyForLength: 16]; - userKey = [SOGoSession generateKeyForLength: 64]; + sessionKey = [SOGoSession generateKeyForLength: COOKIE_SESSIONKEY_LEN]; + userKey = [SOGoSession generateKeyForLength: COOKIE_USERKEY_LEN]; NSString *value = [NSString stringWithFormat: @"%@:%@", username, password]; securedPassword = [SOGoSession securedValue: value usingKey: userKey];