fix(web): support passwords up to 2048 characters

Fixes #5485
This commit is contained in:
Francis Lachapelle
2022-03-08 16:34:38 -05:00
parent 17f1df3904
commit a965f276c8
4 changed files with 22 additions and 10 deletions
+9 -4
View File
@@ -28,6 +28,7 @@
#import <GDLContentStore/GCSFolderManager.h>
#import <NGExtensions/NGBase64Coding.h>
#import <NGExtensions/NSObject+Logs.h>
#include <fcntl.h>
#include <unistd.h>
@@ -120,7 +121,7 @@
+ (NSString *) generateKeyForLength: (unsigned int) theLength
{
char *buf;
int fd;
int fd, len;
fd = open("/dev/urandom", O_RDONLY);
@@ -129,13 +130,14 @@
NSData *data;
NSString *s;
buf = (char *)malloc(theLength);
read(fd, buf, theLength);
len = (int)theLength/1.33; // base64 encoding will increase length by about 33%
buf = (char *)malloc(len);
read(fd, buf, len);
close(fd);
// We encode the bytes in base64 with a line lenght fixed to 1024 since
// we want to avoid folding the values
data = [NSData dataWithBytesNoCopy: buf length: theLength freeWhenDone: YES];
data = [NSData dataWithBytesNoCopy: buf length: len freeWhenDone: YES];
s = [[NSString alloc] initWithData: [data dataByEncodingBase64WithLineLength: 1024]
encoding: NSASCIIStringEncoding];
@@ -163,6 +165,9 @@
key = (char *)[data bytes];
klen = [data length];
if (klen < [theValue length])
[self errorWithFormat: @"Value to be secured is too big (%i > %i) -- secured value will be corrupted", [theValue length], klen, [theKey length]];
// Get the key - padding it with 0 with key length
pass = (char *) calloc(klen, sizeof(char));
[theValue getCString: pass maxLength: klen encoding: NSUTF8StringEncoding];
+6 -3
View File
@@ -46,10 +46,13 @@
#import "SOGoWebAuthenticator.h"
#define COOKIE_SESSIONKEY_LEN 16
/* the key b64 encoded key XORed with the cookie value
* must fit in the database field which is 255 char long at the moment
/**
The base64 encoded key XORed with the cookie value. It must fit in the
database field which is 4096 char long. The browser cookie limit is
about the same. The length is prior to bas64 encoding, so we must calculate
a 33-36% increase.
*/
#define COOKIE_USERKEY_LEN 160
#define COOKIE_USERKEY_LEN 3000
@implementation SOGoWebAuthenticator