Revision: 4294
http://openser.svn.sourceforge.net/openser/?rev=4294&view=rev
Author: anca_vamanu
Date: 2008-06-02 08:18:46 -0700 (Mon, 02 Jun 2008)
Log Message:
-----------
added re-usage check for nonces:
the authentication mechanism offers protection against sniffing intrusion. The
module generates and verifies the nonces so that they can be used only once (in
an auth response). This is done by having a lifetime value and an index
associated with every nonce. Using only an expiration value is not good enough
because,as this value has to be of few tens of seconds, it is possible for
someone to sniff on the network, get the credentials and then reuse them in
another packet with which to register a different contact or make calls using
the others's account. The index ensures that this will never be possible since
it is generated as unique through the lifetime of the nonce.
the auth module keeps state for each nonce - to validate it only on the first
usage. A binary array (which can by default accomodate 100K nonces) is used to
keep the state. An index in this array is allocated when the challenge is
generated; this index in kept for the whole life duration of the nonce. After
the first auth result (for the nonce), the following auth results for that
nonce are discarded and re-challenged.
Modified Paths:
--------------
trunk/modules/auth/README
trunk/modules/auth/api.c
trunk/modules/auth/auth_mod.c
trunk/modules/auth/auth_mod.h
trunk/modules/auth/challenge.c
trunk/modules/auth/doc/auth_admin.xml
trunk/modules/auth/nonce.c
trunk/modules/auth/nonce.h
Added Paths:
-----------
trunk/modules/auth/index.c
trunk/modules/auth/index.h
This was sent by the SourceForge.net collaborative development platform, the
world's largest Open Source development site.
_______________________________________________
Devel mailing list
Devel@lists.openser.org
http://lists.openser.org/cgi-bin/mailman/listinfo/devel
