gsasl-commit
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[SCM] GNU gsasl branch, master, updated. gsasl-1-7-1-35-g87850b7


From: Simon Josefsson
Subject: [SCM] GNU gsasl branch, master, updated. gsasl-1-7-1-35-g87850b7
Date: Wed, 28 Mar 2012 12:02:17 +0000

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GNU gsasl".

http://git.savannah.gnu.org/cgit/gsasl.git/commit/?id=87850b7c3cbba81edbcebe06f1d846dce5f2e7ed

The branch, master has been updated
       via  87850b7c3cbba81edbcebe06f1d846dce5f2e7ed (commit)
       via  88ffd2ca517b70ffef78cecb1b24fead4ac2898c (commit)
      from  04a5f816ceb0a0d751a5244221bdb393d85fbb02 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 87850b7c3cbba81edbcebe06f1d846dce5f2e7ed
Author: Simon Josefsson <address@hidden>
Date:   Wed Mar 28 14:02:02 2012 +0200

    Create directories with better permissions.

commit 88ffd2ca517b70ffef78cecb1b24fead4ac2898c
Author: Simon Josefsson <address@hidden>
Date:   Wed Mar 28 14:00:16 2012 +0200

    Doc fixes.

-----------------------------------------------------------------------

Summary of changes:
 NEWS                                     |   13 +++++--
 examples/openid20/README                 |   57 ++++++++++++++++++++++++------
 examples/openid20/smtp-server-openid20.c |    6 ++--
 lib/NEWS                                 |   16 +++++++-
 4 files changed, 72 insertions(+), 20 deletions(-)

diff --git a/NEWS b/NEWS
index ca84d16..81aa9b1 100644
--- a/NEWS
+++ b/NEWS
@@ -8,20 +8,25 @@ SASL.  That include the manual, the command line tool, and 
self tests.
 
 * Version 1.7.2 (unreleased) [alpha]
 
-** libgsasl: Update OPENID20 implementation.
-Now following draft-ietf-kitten-sasl-openid-08.  There is a new
-example of a dummy SMTP server in examples/openid20/.
-
 ** gsasl: The client lets the server decide when authentication is complete.
 Before the client quit from the authentication loop when the local
 mechanism was finished, but some mechanisms (OPENID20) have optional
 additional round-trips.
 
+** gsasl: Added OPENID20 support.
+
+** gsasl: The --no-cb parameter now avoids even attempting to get the
+** channel binding data from GnuTLS.
+Apparently this can avoid issues when GnuTLS fails to provide the CB.
+
 ** examples: Added stand-alone example SMTP server.
 See examples/smtp-server.c.  This illustrate how to write a server
 using GNU SASL, but it can also be used for interop testing of
 clients.
 
+** examples: Added example SMTP server with OpenID 2.0 support.
+See examples/openid20/README.
+
 * Version 1.7.1 (released 2012-02-09) [alpha]
 
 ** gsasl: Don't crash after getpass() on Mac OS X.
diff --git a/examples/openid20/README b/examples/openid20/README
index 292be08..eac641d 100644
--- a/examples/openid20/README
+++ b/examples/openid20/README
@@ -1,12 +1,12 @@
-GNU SASL examples/openid20/README -- Explanation of OpenID 2.0 example.
+GNU SASL examples/openid20/README -- Explanation of SMTP OpenID 2.0 example.
 Copyright (C) 2012 Simon Josefsson
 See the end for copying conditions.
 
 This directory holds a GNU SASL example application that implements a
 SMTP server with OpenID 2.0 authentication support.
 
-There is one simple SMTP server and two helper tools that implement
-the actual OpenID 2.0 protocol part:
+There is one example SMTP server and two helper tools that implement
+the actual OpenID 2.0 protocol:
 
   smtp-server-openid20.c:
 
@@ -22,8 +22,22 @@ the actual OpenID 2.0 protocol part:
       OpenID 2.0 Relying-Party, receives the return_to URL.  Intended
       to be invoked via a webserver.
 
+The PHP scripts requires JanRain's PHP5 OpenID implementation.  On
+Modern Debian/Ubuntu systems, it is available in the "php-openid"
+package:
+
+  apt-get install php-openid
+
+You need a webserver, for example Apache.  The script
+'gsasl-openid20-redirect.php' should be placed in the PATH and
+'gsasl-openid20-rp.php' be placed somewhere in the web server root so
+it can be accessed through an URL.
+
 These three tools communicate with each other using a simple
-file-based IPC interface via /tmp/gsasl-openid20-store/.
+file-based IPC interface below /tmp/gsasl-openid20-store/.  The OpenID
+library also uses that path for storage.  If you want to change the
+path, you need to modify the gsasl-openid20-rp.php script and to pass
+the new location to the smtp-server-openid20 as discussed below.
 
 Here is the normal process:
 
@@ -42,7 +56,7 @@ Here is the normal process:
    For testing, it actually works fine to run the server on
    "localhost" and be able to complete OpenID 2.0 authentication:
 
-   PATH=$PWD LD_PRELOAD=../../lib/src/.libs/libgsasl.so 
./.libs/smtp-server-openid20 2000 /tmp/gsasl-openid20-store http://localhost/ 
http://localhost/gsasl-openid20-rp.php
+   www-data$ PATH=$PWD LD_PRELOAD=../../lib/src/.libs/libgsasl.so 
./.libs/smtp-server-openid20 2000 /tmp/gsasl-openid20-store http://localhost/ 
http://localhost/gsasl-openid20-rp.php
 
 2) The smtp-server-openid20 receives incoming connections from
    clients.  The client sends its user-supplied identifier.  You may
@@ -53,15 +67,30 @@ Here is the normal process:
 3) smtp-server-openid20 generate a per-connection NONCE (a 64-byte
    long hex string) and create the following files:
 
-   /tmp/gsasl-openid20-store/state/NONCE/openid_url: holds the URL above
-   /tmp/gsasl-openid20-store/state/NONCE/realm: holds the realm URL
-   /tmp/gsasl-openid20-store/state/NONCE/return_to: holds the return_to URL
+   /tmp/gsasl-openid20-store/state/NONCE/openid_url:
+
+     holds the OpenID URL above, e.g.,
+     
https://openidp.feide.no/simplesaml/module.php/openidProvider/user.php/jas4711
+
+   /tmp/gsasl-openid20-store/state/NONCE/realm:
+
+     holds the realm URL, e.g. http://interop.josefsson.org/
+
+   /tmp/gsasl-openid20-store/state/NONCE/return_to:
+
+     holds the return_to URL,
+     e.g. http://localhost/gsasl-openid20-rp.php
 
 4) smtp-server-openid20 invokes "gsasl-openid20-redirect.php" to get
    the redirect URL, in the following file:
 
    /tmp/gsasl-openid20-store/state/NONCE/redirect_url: holds the redirect URL
 
+   The URL is usually quite long and is dynamic for each
+   authentication attempt.  For example:
+
+   
https://openidp.feide.no/simplesaml/module.php/openidProvider/server.php?openid.assoc_handle=%7BHMAC-SHA1%7D%7B4f72fc46%7D%7BoC4UoA%3D%3D%7D&openid.claimed_id=https%3A%2F%2Fopenidp.feide.no%2Fsimplesaml%2Fmodule.php%2FopenidProvider%2Fuser.php%2Fjas4711&openid.identity=https%3A%2F%2Fopenidp.feide.no%2Fsimplesaml%2Fmodule.php%2FopenidProvider%2Fuser.php%2Fjas4711&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.ns.sreg=http%3A%2F%2Fopenid.net%2Fextensions%2Fsreg%2F1.1&openid.realm=http%3A%2F%2Finterop.josefsson.org%2F&openid.return_to=http%3A%2F%2Finterop.josefsson.org%2Fgsasl-openid20-rp.php%2Ff9ff7386503e978f9643e9fe7bb01b911a621e0529aedd94b426e7320120b356%3Fjanrain_nonce%3D2012-03-28T11%253A55%253A53ZFWWO0z&openid.sreg.optional=nickname%2Cfullname%2Cemail
+
 5) smtp-server-openid20 waits for one of the following files to appear:
 
    /tmp/gsasl-openid20-store/state/NONCE/fail
@@ -77,10 +106,16 @@ Here is the normal process:
 
    /tmp/gsasl-openid20-store/state/NONCE/sreg: SREG values provided
    /tmp/gsasl-openid20-store/state/NONCE/claimed: claimed identity
+   /tmp/gsasl-openid20-store/state/NONCE/success
+
+   on success, or on failure it writes the following file:
+
+   /tmp/gsasl-openid20-store/state/NONCE/fail
 
-8) smtp-server-openid20 notice that the stamp file is present and
-   proceeds by reading the files and returning success/fail to the
-   client as appropriate.
+8) smtp-server-openid20 notice that one of the stamp files is present
+   and proceeds by reading the files and returning success/fail to the
+   client as appropriate.  The SREG values are sent to the client when
+   provided.
 
 ----------------------------------------------------------------------
 Copying and distribution of this file, with or without modification,
diff --git a/examples/openid20/smtp-server-openid20.c 
b/examples/openid20/smtp-server-openid20.c
index 0f7e892..f00cb29 100644
--- a/examples/openid20/smtp-server-openid20.c
+++ b/examples/openid20/smtp-server-openid20.c
@@ -93,15 +93,15 @@ get_redirect_url (Gsasl_session * sctx)
   const char *nonce = gsasl_session_hook_get (sctx);
 
   asprintf (&tmp, "%s", store_path);
-  mkdir (tmp, 0777);
+  mkdir (tmp, 0770);
   free (tmp);
 
   asprintf (&tmp, "%s/state", store_path);
-  mkdir (tmp, 0777);
+  mkdir (tmp, 0770);
   free (tmp);
 
   asprintf (&tmp, "%s/state/%s", store_path, nonce);
-  mkdir (tmp, 0777);
+  mkdir (tmp, 0770);
   free (tmp);
 
   asprintf (&tmp, "%s/state/%s/openid_url", store_path, nonce);
diff --git a/lib/NEWS b/lib/NEWS
index bb9ba13..14dea45 100644
--- a/lib/NEWS
+++ b/lib/NEWS
@@ -4,8 +4,17 @@ See the end for copying conditions.
 
 * Version 1.7.2 (unreleased) [alpha]
 
+** libgsasl: Updated OPENID20 implementation.
+Now following draft-ietf-kitten-sasl-openid-08.
+
 ** API and ABI modifications.
-No changes since last version.
+GSASL_OPENID20_REDIRECT_URL: Added, new property.
+GSASL_OPENID20_OUTCOME_DATA:: Added, new property.
+GSASL_OPENID20_AUTHENTICATE_IN_BROWSER: Added, new callback.
+GSASL_VALIDATE_OPENID20: Added, new callback.
+GSASL_NO_OPENID20_REDIRECT_URL: Added, new error code.
+GSASL_OPENID20_AUTH_IDENTIFIER: Removed, use GSASL_AUTHID instead.
+GSASL_NO_OPENID20_AUTH_IDENTIFIER: Removed error code.
 
 * Version 1.7.1 (released 2012-02-09) [alpha]
 
@@ -23,7 +32,10 @@ Michelsen <address@hidden>.
 ** i18n: Updated translations.
 
 ** API and ABI modifications.
-No changes since last version.
+GSASL_CB_TLS_UNIQUE: Added, new property.
+GSASL_OPENID20_AUTH_IDENTIFIER: Added, new property.
+GSASL_NO_CB_TLS_UNIQUE: Added, new error code.
+GSASL_NO_OPENID20_AUTH_IDENTIFIER: Added, new error code.
 
 * Version 1.7.0 (released 2010-10-22) [alpha]
 


hooks/post-receive
-- 
GNU gsasl



reply via email to

[Prev in Thread] Current Thread [Next in Thread]