[SCM] GNU gsasl branch, master, updated. gsasl-1-7-1-33-g04a5f81

[Simon Josefsson]

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GNU gsasl".

http://git.savannah.gnu.org/cgit/gsasl.git/commit/?id=04a5f816ceb0a0d751a5244221bdb393d85fbb02

The branch, master has been updated
       via  04a5f816ceb0a0d751a5244221bdb393d85fbb02 (commit)
       via  680679f30b8da56935bc32086a97c92a780ab4c6 (commit)
       via  f1a0afb5dfda8d3fe1c31dc4e0bdcd9209683b8c (commit)
       via  1dce6801a8b374c141ceb14dd13ccbfb0b971d37 (commit)
      from  99df0e8d14a8947337aef76276573d65a43f6bfd (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 04a5f816ceb0a0d751a5244221bdb393d85fbb02
Author: Simon Josefsson <address@hidden>
Date:   Wed Mar 28 13:01:16 2012 +0200

    Add example to manual.  Update NEWS.

commit 680679f30b8da56935bc32086a97c92a780ab4c6
Author: Simon Josefsson <address@hidden>
Date:   Wed Mar 28 12:58:00 2012 +0200

    Update OPENID20 documentation.

commit f1a0afb5dfda8d3fe1c31dc4e0bdcd9209683b8c
Author: Simon Josefsson <address@hidden>
Date:   Wed Mar 28 12:24:58 2012 +0200

    Enable OPENID20 by default.

commit 1dce6801a8b374c141ceb14dd13ccbfb0b971d37
Author: Simon Josefsson <address@hidden>
Date:   Wed Mar 28 12:24:21 2012 +0200

    Collapse enum ranges.

-----------------------------------------------------------------------

Summary of changes:
 NEWS             |    9 +++++++++
 doc/gsasl.texi   |   54 +++++++++++++++++++++++++++++++++++++++++++++++++++++-
 lib/configure.ac |    2 +-
 lib/src/gsasl.h  |    8 ++++----
 4 files changed, 67 insertions(+), 6 deletions(-)

diff --git a/NEWS b/NEWS
index 9e91d9c..ca84d16 100644
--- a/NEWS
+++ b/NEWS
@@ -8,11 +8,20 @@ SASL.  That include the manual, the command line tool, and 
self tests.
 
 * Version 1.7.2 (unreleased) [alpha]
 
+** libgsasl: Update OPENID20 implementation.
+Now following draft-ietf-kitten-sasl-openid-08.  There is a new
+example of a dummy SMTP server in examples/openid20/.
+
 ** gsasl: The client lets the server decide when authentication is complete.
 Before the client quit from the authentication loop when the local
 mechanism was finished, but some mechanisms (OPENID20) have optional
 additional round-trips.
 
+** examples: Added stand-alone example SMTP server.
+See examples/smtp-server.c.  This illustrate how to write a server
+using GNU SASL, but it can also be used for interop testing of
+clients.
+
 * Version 1.7.1 (released 2012-02-09) [alpha]
 
 ** gsasl: Don't crash after getpass() on Mac OS X.
diff --git a/doc/gsasl.texi b/doc/gsasl.texi
index 11e6019..4768a42 100644
--- a/doc/gsasl.texi
+++ b/doc/gsasl.texi
@@ -2071,7 +2071,51 @@ was successful.
 The OPENID20 mechanism makes it possible to use OpenID in SASL, in a
 way that offloads the authentication exchange to an external browser.
 The protocol implemented is as specified in
address@hidden
address@hidden
+
+The mechanism makes use of the following properties:
address@hidden (for the OpenID User-Supplied Identifier),
address@hidden, @code{GSASL_OPENID20_REDIRECT_URL},
address@hidden,
address@hidden, and
address@hidden
+
+In the client, the mechanism is enabled by default.  The
address@hidden property is required and should contain the
+User-Supplied OpenID Identifier (for example
address@hidden://josefsson.org}).  If set, @code{GSASL_AUTHZID} will be
+used by the client.  The client will be invoked with the
address@hidden callback to perform the
+OpenID authentication in a web browser.  The callback can retrieve the
address@hidden property to find out the URL to
+redirect the user to.  After authentication, the client can retrieve
+the @code{GSASL_OPENID20_OUTCOME_DATA} property with the OpenID Simple
+Registry (SREG) attributes sent by the server (they are not always
+sent).
+
+In the server, the mechanism is enabled by default.  The server will
+request the @code{GSASL_OPENID20_REDIRECT_URL} property, and your
+callback may inspect the @code{GSASL_AUTHID} to find the OpenID
+User-Supplied Identifier.  The server callback should perform OpenID
+discovery and return the URL to redirect the user to.  After this, the
+user would access the URL and proceed with authentication in the
+browser.  The server is invoked with the
address@hidden callback to perform the actual
+validation of the authentication.  Usually the callback will perform
+some IPC communication with an OpenID consumer running in a web
+server.  The callback should return @code{GSASL_OK} on successful
+authentication and @code{GSASL_AUTHENTICATION_ERROR} on authentication
+errors, or any other error code.  If the server received some OpenID
+Simple Registry (SREG) attributes from the OpenID Identity Provider,
+it may use the @code{GSASL_OPENID20_OUTCOME_DATA} property to send
+these to the client.
+
+Note that the actual OpenID algorithms are not implemented by the GNU
+SASL library, but is expected to be spun off to external OpenID
+implementations.  There is a complete example of a SMTP server with
+OpenID 2.0 support distributed with GNU SASL in the examples/openid20/
+sub-directory that uses the JanRain PHP5 OpenID implementation.  The
address@hidden command line client supports OPENID20.
 
 @c **********************************************************
 @c *****************  Global Functions  *********************
@@ -2215,6 +2259,7 @@ Library can be used when writing your own application.
 * Example 2::          SASL client where server send data first.
 * Example 3::          SASL client, with a choice of mechanism to use.
 * Example 4::          SASL client, with callback for user info.
+* Example 5::          Example SMTP server with GNU SASL authentication.
 @end menu
 
 @node Example 1
@@ -2245,6 +2290,13 @@ Library can be used when writing your own application.
 @verbatiminclude client-callback.c
 @end example
 
address@hidden Example 5
address@hidden Example 5
+
address@hidden
address@hidden smtp-server.c
address@hidden example
+
 
 @c **********************************************************
 @c *******************  Acknowledgements  *******************
diff --git a/lib/configure.ac b/lib/configure.ac
index 80d4f30..fd74716 100644
--- a/lib/configure.ac
+++ b/lib/configure.ac
@@ -181,7 +181,7 @@ AM_CONDITIONAL(SAML20, test x$saml20 = xyes)
 # OPENID20
 AC_ARG_ENABLE(openid20,
   AS_HELP_STRING([--disable-openid20], [don't use the OPENID20 mechanism]),
-  openid20=$enableval, openid20=no)
+  openid20=$enableval, openid20=yes)
 if test "$openid20" != "no" ; then
        openid20=yes
        AC_DEFINE(USE_OPENID20, 1, [Define to 1 if you want OPENID20.])
diff --git a/lib/src/gsasl.h b/lib/src/gsasl.h
index c57b857..1018259 100644
--- a/lib/src/gsasl.h
+++ b/lib/src/gsasl.h
@@ -192,7 +192,7 @@ extern "C"
     GSASL_NO_CB_TLS_UNIQUE = 65,
     GSASL_NO_SAML20_IDP_IDENTIFIER = 66,
     GSASL_NO_SAML20_REDIRECT_URL = 67,
-    GSASL_NO_OPENID20_REDIRECT_URL = 69,
+    GSASL_NO_OPENID20_REDIRECT_URL = 68,
     /* Mechanism specific errors. */
     GSASL_GSSAPI_RELEASE_BUFFER_ERROR = 37,
     GSASL_GSSAPI_IMPORT_NAME_ERROR = 38,
@@ -319,7 +319,7 @@ extern "C"
    * @GSASL_VALIDATE_GSSAPI: Request for validation of GSSAPI/GS2.
    * @GSASL_VALIDATE_SECURID: Reqest for validation of SecurID.
    * @GSASL_VALIDATE_SAML20: Reqest for validation of SAML20.
-   * @GSASL_VALIDATE_SAML20: Reqest for validation of OpenID 2.0 login.
+   * @GSASL_VALIDATE_OPENID20: Reqest for validation of OpenID 2.0 login.
    *
    * Callback/property types.
    */
@@ -346,8 +346,8 @@ extern "C"
     GSASL_CB_TLS_UNIQUE = 18,
     GSASL_SAML20_IDP_IDENTIFIER = 19,
     GSASL_SAML20_REDIRECT_URL = 20,
-    GSASL_OPENID20_REDIRECT_URL = 22,
-    GSASL_OPENID20_OUTCOME_DATA = 23,
+    GSASL_OPENID20_REDIRECT_URL = 21,
+    GSASL_OPENID20_OUTCOME_DATA = 22,
     /* Client callbacks. */
     GSASL_SAML20_AUTHENTICATE_IN_BROWSER = 250,
     GSASL_OPENID20_AUTHENTICATE_IN_BROWSER = 251,


hooks/post-receive
-- 
GNU gsasl