diff --git a/Documentation/SOGoInstallationGuide.asciidoc b/Documentation/SOGoInstallationGuide.asciidoc index c3acac03f..d96b824d6 100644 --- a/Documentation/SOGoInstallationGuide.asciidoc +++ b/Documentation/SOGoInstallationGuide.asciidoc @@ -3142,6 +3142,10 @@ current version of SOGo from the previous release. [cols="100a"] |======================================================================= +h|5.6.0 +|The session table (`OCSSessionsFolderURL`) must be dropped prior to restart sogod. +This will allow users to use larger passwords (up to 2048 characters). + h|5.3.0 |A new private salt must be generated for users using TOTP. When TOTP is enabled for a user, it will be disabled until the user configures it again, which will generate a new private salt. diff --git a/SOPE/GDLContentStore/GCSSpecialQueries.m b/SOPE/GDLContentStore/GCSSpecialQueries.m index 2fa04ac37..5bcba80e9 100644 --- a/SOPE/GDLContentStore/GCSSpecialQueries.m +++ b/SOPE/GDLContentStore/GCSSpecialQueries.m @@ -189,7 +189,7 @@ static NSString *sqlFolderFormat = (@"CREATE TABLE %@ (" @" c_id VARCHAR(255) PRIMARY KEY," - @" c_value VARCHAR(255) NOT NULL," + @" c_value VARCHAR(4096) NOT NULL," @" c_creationdate INT4 NOT NULL," @" c_lastseen INT4 NOT NULL)"); @@ -294,7 +294,7 @@ static NSString *sqlFolderFormat = (@"CREATE TABLE %@ (" @" c_id VARCHAR(255) PRIMARY KEY," - @" c_value VARCHAR(255) NOT NULL," + @" c_value VARCHAR(4096) NOT NULL," @" c_creationdate INT NOT NULL," @" c_lastseen INT NOT NULL)"); @@ -398,7 +398,7 @@ static NSString *sqlFolderFormat = (@"CREATE TABLE %@ (" @" c_id VARCHAR2(255) PRIMARY KEY," - @" c_value VARCHAR2(255) NOT NULL," + @" c_value VARCHAR2(4096) NOT NULL," @" c_creationdate INTEGER NOT NULL," @" c_lastseen INTEGER NOT NULL)"); diff --git a/SoObjects/SOGo/SOGoSession.m b/SoObjects/SOGo/SOGoSession.m index 301b93db2..8ec3b53b1 100644 --- a/SoObjects/SOGo/SOGoSession.m +++ b/SoObjects/SOGo/SOGoSession.m @@ -28,6 +28,7 @@ #import #import +#import #include #include @@ -120,7 +121,7 @@ + (NSString *) generateKeyForLength: (unsigned int) theLength { char *buf; - int fd; + int fd, len; fd = open("/dev/urandom", O_RDONLY); @@ -129,13 +130,14 @@ NSData *data; NSString *s; - buf = (char *)malloc(theLength); - read(fd, buf, theLength); + len = (int)theLength/1.33; // base64 encoding will increase length by about 33% + buf = (char *)malloc(len); + read(fd, buf, len); close(fd); // We encode the bytes in base64 with a line lenght fixed to 1024 since // we want to avoid folding the values - data = [NSData dataWithBytesNoCopy: buf length: theLength freeWhenDone: YES]; + data = [NSData dataWithBytesNoCopy: buf length: len freeWhenDone: YES]; s = [[NSString alloc] initWithData: [data dataByEncodingBase64WithLineLength: 1024] encoding: NSASCIIStringEncoding]; @@ -163,6 +165,9 @@ key = (char *)[data bytes]; klen = [data length]; + if (klen < [theValue length]) + [self errorWithFormat: @"Value to be secured is too big (%i > %i) -- secured value will be corrupted", [theValue length], klen, [theKey length]]; + // Get the key - padding it with 0 with key length pass = (char *) calloc(klen, sizeof(char)); [theValue getCString: pass maxLength: klen encoding: NSUTF8StringEncoding]; diff --git a/SoObjects/SOGo/SOGoWebAuthenticator.m b/SoObjects/SOGo/SOGoWebAuthenticator.m index 0a0271fea..94f694d19 100644 --- a/SoObjects/SOGo/SOGoWebAuthenticator.m +++ b/SoObjects/SOGo/SOGoWebAuthenticator.m @@ -46,10 +46,13 @@ #import "SOGoWebAuthenticator.h" #define COOKIE_SESSIONKEY_LEN 16 -/* the key b64 encoded key XORed with the cookie value - * must fit in the database field which is 255 char long at the moment +/** + The base64 encoded key XORed with the cookie value. It must fit in the + database field which is 4096 char long. The browser cookie limit is + about the same. The length is prior to bas64 encoding, so we must calculate + a 33-36% increase. */ -#define COOKIE_USERKEY_LEN 160 +#define COOKIE_USERKEY_LEN 3000 @implementation SOGoWebAuthenticator