gsasl-commit
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[SCM] GNU gsasl branch, saml, updated. gsasl-1-7-0-2-g66ea877


From: Simon Josefsson
Subject: [SCM] GNU gsasl branch, saml, updated. gsasl-1-7-0-2-g66ea877
Date: Sat, 13 Nov 2010 15:16:25 +0000

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GNU gsasl".

http://git.savannah.gnu.org/cgit/gsasl.git/commit/?id=66ea8772e158694bea30c341468708125f55d8f3

The branch, saml has been updated
       via  66ea8772e158694bea30c341468708125f55d8f3 (commit)
      from  d0d8c7bef1d925df408e2bfc13e29ee1f5c78257 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 66ea8772e158694bea30c341468708125f55d8f3
Author: Simon Josefsson <address@hidden>
Date:   Sat Nov 13 16:12:07 2010 +0100

    examples: Added client-xmpp-saml20 and server-xmpp-saml20.

-----------------------------------------------------------------------

Summary of changes:
 NEWS                                               |    4 +
 configure.ac                                       |    2 +-
 examples/Makefile.am                               |    5 +-
 .../{client-callback.c => client-xmpp-saml20.c}    |   99 ++++++----
 examples/server-xmpp-saml20.c                      |  203 ++++++++++++++++++++
 lib/NEWS                                           |    5 +
 lib/configure.ac                                   |    2 +-
 lib/src/gsasl.h                                    |    6 +-
 8 files changed, 283 insertions(+), 43 deletions(-)
 copy examples/{client-callback.c => client-xmpp-saml20.c} (55%)
 create mode 100644 examples/server-xmpp-saml20.c

diff --git a/NEWS b/NEWS
index 5e905fb..405c0ce 100644
--- a/NEWS
+++ b/NEWS
@@ -6,6 +6,10 @@ Note that changes to the GNU SASL Library is documented in 
lib/NEWS.
 This file track changes to the remaining, non-library, parts of GNU
 SASL.  That include the manual, the command line tool, and self tests.
 
+* Version 1.7.1 (unreleased) [alpha]
+
+** examples: Added client-xmpp-saml20 and server-xmpp-saml20.
+
 * Version 1.7.0 (released 2010-10-22) [alpha]
 
 ** Support for SAML20 mechanism as per -01 IETF draft.  See lib/NEWS.
diff --git a/configure.ac b/configure.ac
index 016dbf9..bd9ff45 100644
--- a/configure.ac
+++ b/configure.ac
@@ -18,7 +18,7 @@ dnl Process this file with autoconf to produce a configure 
script.
 # along with this program.  If not, see <http://www.gnu.org/licenses/>.
 
 AC_PREREQ(2.61)
-AC_INIT([GNU SASL], [1.7.0], address@hidden, [gsasl])
+AC_INIT([GNU SASL], [1.7.1], address@hidden, [gsasl])
 AC_CONFIG_AUX_DIR([lib/build-aux])
 AC_CONFIG_MACRO_DIR([m4])
 
diff --git a/examples/Makefile.am b/examples/Makefile.am
index 49325c9..ce3b7f1 100644
--- a/examples/Makefile.am
+++ b/examples/Makefile.am
@@ -1,5 +1,5 @@
 ## Process this file with automake to produce Makefile.in
-# Copyright (C) 2002, 2003, 2004, 2005, 2007, 2008, 2009 Simon Josefsson.
+# Copyright (C) 2002, 2003, 2004, 2005, 2007, 2008, 2009, 2010 Simon Josefsson
 #
 # This file is part of GNU SASL.
 #
@@ -22,4 +22,5 @@ LDADD = ../lib/src/libgsasl.la
 
 EXTRA_DIST = README
 
-noinst_PROGRAMS = client client-serverfirst client-mech client-callback
+noinst_PROGRAMS = client client-serverfirst client-mech        \
+       client-callback client-xmpp-saml20 server-xmpp-saml20
diff --git a/examples/client-callback.c b/examples/client-xmpp-saml20.c
similarity index 55%
copy from examples/client-callback.c
copy to examples/client-xmpp-saml20.c
index ee014f7..b1a016a 100644
--- a/examples/client-callback.c
+++ b/examples/client-xmpp-saml20.c
@@ -1,5 +1,5 @@
-/* client-callback.c --- Example SASL client, with callback for user info.
- * Copyright (C) 2004, 2005, 2007, 2009  Simon Josefsson
+/* client-xmpp-saml20.c --- Example XMPP SASL SAML20 client.
+ * Copyright (C) 2004, 2005, 2007, 2009, 2010  Simon Josefsson
  *
  * This file is part of GNU SASL.
  *
@@ -25,34 +25,71 @@
 
 #include <gsasl.h>
 
+static char *
+xmltob64 (char *buf)
+{
+  while (*buf && *buf != '>')
+    buf++;
+  if (*buf)
+    buf++;
+  while (*buf && buf[strlen (buf) - 1] != '<')
+    buf[strlen (buf) - 1] = '\0';
+  if (*buf)
+    buf[strlen (buf) - 1] = '\0';
+  return buf;
+}
+
 static void
-client_authenticate (Gsasl_session * session)
+client_xmpp (Gsasl_session * session)
 {
   char buf[BUFSIZ] = "";
   char *p;
   int rc;
 
-  /* This loop mimics a protocol where the server send data first. */
+  /* This loop mimics a protocol where the client send data first,
+     which is something that XMPP supports.  For simplicity, it
+     requires that server send the XML blob on one line and XML parser
+     is not complete.  */
+
+  /* Generate client output. */
+  rc = gsasl_step64 (session, buf, &p);
+  if (rc != GSASL_NEEDS_MORE)
+    {
+      printf ("SAML20 init error (%d): %s\n", rc, gsasl_strerror (rc));
+      return;
+    }
+
+  printf ("<auth xmlns='urn:ietf:params:xml:ns:xmpp-sasl' "
+         "mechanism='SAML20'>%s</auth>\n", p);
 
   do
     {
-      printf ("Input base64 encoded data from server:\n");
-      fgets (buf, sizeof (buf) - 1, stdin);
-      if (buf[strlen (buf) - 1] == '\n')
-        buf[strlen (buf) - 1] = '\0';
-
-      rc = gsasl_step64 (session, buf, &p);
-
-      if (rc == GSASL_NEEDS_MORE || rc == GSASL_OK)
-        {
-          printf ("Output:\n%s\n", p);
-          free (p);
-        }
+      char *line = NULL;
+      size_t n;
+      ssize_t len;
+      char *b64;
+
+      len = getline (&line, &n, stdin);
+      if (len <= 0)
+       break;
+
+      b64 = xmltob64 (line);
+
+      printf ("parsed: '%s'\n", b64);
+
+      rc = gsasl_step64 (session, b64, &p);
+      if (rc != GSASL_NEEDS_MORE && rc != GSASL_OK)
+       {
+         printf ("SAML20 step error (%d): %s\n", rc, gsasl_strerror (rc));
+         return;
+       }
+
+      printf ("<response xmlns='urn:ietf:params:xml:ns:xmpp-sasl'>"
+             "%s</response>\n", p);
+
     }
   while (rc == GSASL_NEEDS_MORE);
 
-  printf ("\n");
-
   if (rc != GSASL_OK)
     {
       printf ("Authentication error (%d): %s\n", rc, gsasl_strerror (rc));
@@ -69,7 +106,7 @@ static void
 client (Gsasl * ctx)
 {
   Gsasl_session *session;
-  const char *mech = "SECURID";
+  const char *mech = "SAML20";
   int rc;
 
   /* Create new authentication session. */
@@ -80,7 +117,7 @@ client (Gsasl * ctx)
     }
 
   /* Do it. */
-  client_authenticate (session);
+  client_xmpp (session);
 
   /* Cleanup. */
   gsasl_finish (session);
@@ -89,35 +126,25 @@ client (Gsasl * ctx)
 static int
 callback (Gsasl * ctx, Gsasl_session * sctx, Gsasl_property prop)
 {
-  char buf[BUFSIZ] = "";
   int rc = GSASL_NO_CALLBACK;
 
   /* Get user info from user. */
 
-  printf ("Callback invoked, for property %d.\n", prop);
-
   switch (prop)
     {
-    case GSASL_PASSCODE:
-      printf ("Enter passcode:\n");
-      fgets (buf, sizeof (buf) - 1, stdin);
-      buf[strlen (buf) - 1] = '\0';
-
-      gsasl_property_set (sctx, GSASL_PASSCODE, buf);
+    case GSASL_SAML20_IDP_IDENTIFIER:
+      gsasl_property_set (sctx, prop, "https://saml.example.org/";);
       rc = GSASL_OK;
       break;
 
-    case GSASL_AUTHID:
-      printf ("Enter username:\n");
-      fgets (buf, sizeof (buf) - 1, stdin);
-      buf[strlen (buf) - 1] = '\0';
-
-      gsasl_property_set (sctx, GSASL_AUTHID, buf);
+    case GSASL_SAML20_AUTHENTICATE_IN_BROWSER:
+      printf ("client got redirect URL: %s\n",
+             gsasl_property_get (sctx, GSASL_SAML20_REDIRECT_URL));
       rc = GSASL_OK;
       break;
 
     default:
-      printf ("Unknown property!  Don't worry.\n");
+      printf ("Unknown property %d!  Don't worry.\n", prop);
       break;
     }
 
diff --git a/examples/server-xmpp-saml20.c b/examples/server-xmpp-saml20.c
new file mode 100644
index 0000000..5fd1e74
--- /dev/null
+++ b/examples/server-xmpp-saml20.c
@@ -0,0 +1,203 @@
+/* server-xmpp-saml20.c --- Example XMPP SASL SAML20 server.
+ * Copyright (C) 2004, 2005, 2007, 2009, 2010  Simon Josefsson
+ *
+ * This file is part of GNU SASL.
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ *
+ */
+
+#include <stdarg.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+
+#include <gsasl.h>
+
+static char *
+xmltob64 (char *buf)
+{
+  while (*buf && *buf != '>')
+    buf++;
+  if (*buf)
+    buf++;
+  while (*buf && buf[strlen (buf) - 1] != '<')
+    buf[strlen (buf) - 1] = '\0';
+  if (*buf)
+    buf[strlen (buf) - 1] = '\0';
+  return buf;
+}
+
+static void
+server_xmpp (Gsasl_session * session)
+{
+  char *b64, *p;
+  int rc;
+
+  do
+    {
+      char *line = NULL;
+      size_t n;
+      ssize_t len;
+
+      len = getline (&line, &n, stdin);
+      if (len <= 0)
+       break;
+
+      b64 = xmltob64 (line);
+
+      printf ("parsed: '%s'\n", b64);
+
+      rc = gsasl_step64 (session, b64, &p);
+      if (rc == GSASL_NEEDS_MORE)
+       {
+         printf ("<challenge xmlns='urn:ietf:params:xml:ns:xmpp-sasl'>"
+                 "%s</challenge>\n", p);
+         free (p);
+       }
+    }
+  while (rc == GSASL_NEEDS_MORE);
+
+  if (rc == GSASL_OK)
+    puts ("<success xmlns='urn:ietf:params:xml:ns:xmpp-sasl'/>");
+  else
+    {
+      puts ("<failure xmlns='urn:ietf:params:xml:ns:xmpp-sasl'>"
+           "<temporary-auth-failure/></failure></stream:stream>");
+      printf ("Authentication error (%d): %s\n", rc, gsasl_strerror (rc));
+    }
+}
+
+static void
+server (Gsasl * ctx)
+{
+  Gsasl_session *session;
+  const char *mech = "SAML20";
+  int rc;
+
+  /* Create new authentication session. */
+  if ((rc = gsasl_server_start (ctx, mech, &session)) != GSASL_OK)
+    {
+      printf ("Cannot initialize client (%d): %s\n", rc, gsasl_strerror (rc));
+      return;
+    }
+
+  /* Do it. */
+  server_xmpp (session);
+
+  /* Cleanup. */
+  gsasl_finish (session);
+}
+
+const char *samlchallenge =
+  "https://saml.example.org/SAML/Browser?SAMLRequest=PHNhbWxwOk";
+  "F1dGhuUmVxdWVzdCB4bWxuczpzYW1scD0idXJuOm9hc2lzOm5hbWVzOnRjOl"
+  "NBTUw6Mi4wOnByb3RvY29sIg0KICAgIElEPSJfYmVjNDI0ZmE1MTAzNDI4OT"
+  "A5YTMwZmYxZTMxMTY4MzI3Zjc5NDc0OTg0IiBWZXJzaW9uPSIyLjAiDQogIC"
+  "AgSXNzdWVJbnN0YW50PSIyMDA3LTEyLTEwVDExOjM5OjM0WiIgRm9yY2VBdX"
+  "Robj0iZmFsc2UiDQogICAgSXNQYXNzaXZlPSJmYWxzZSINCiAgICBQcm90b2"
+  "NvbEJpbmRpbmc9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDpiaW5kaW"
+  "5nczpIVFRQLVBPU1QiDQogICAgQXNzZXJ0aW9uQ29uc3VtZXJTZXJ2aWNlVV"
+  "JMPQ0KICAgICAgICAiaHR0cHM6Ly94bXBwLmV4YW1wbGUuY29tL1NBTUwvQX"
+  "NzZXJ0aW9uQ29uc3VtZXJTZXJ2aWNlIj4NCiA8c2FtbDpJc3N1ZXIgeG1sbn"
+  "M6c2FtbD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOmFzc2VydGlvbi"
+  "I+DQogICAgIGh0dHBzOi8veG1wcC5leGFtcGxlLmNvbQ0KIDwvc2FtbDpJc3"
+  "N1ZXI+DQogPHNhbWxwOk5hbWVJRFBvbGljeSB4bWxuczpzYW1scD0idXJuOm"
+  "9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOnByb3RvY29sIg0KICAgICBGb3JtYX"
+  "Q9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDpuYW1laWQtZm9ybWF0On"
+  "BlcnNpc3RlbnQiDQogICAgIFNQTmFtZVF1YWxpZmllcj0ieG1wcC5leGFtcG"
+  "xlLmNvbSIgQWxsb3dDcmVhdGU9InRydWUiIC8+DQogPHNhbWxwOlJlcXVlc3"
+  "RlZEF1dGhuQ29udGV4dA0KICAgICB4bWxuczpzYW1scD0idXJuOm9hc2lzOm"
+  "5hbWVzOnRjOlNBTUw6Mi4wOnByb3RvY29sIiANCiAgICAgICAgQ29tcGFyaX"
+  "Nvbj0iZXhhY3QiPg0KICA8c2FtbDpBdXRobkNvbnRleHRDbGFzc1JlZg0KIC"
+  "AgICAgeG1sbnM6c2FtbD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOm"
+  "Fzc2VydGlvbiI+DQogICAgICAgICAgIHVybjpvYXNpczpuYW1lczp0YzpTQU"
+  "1MOjIuMDphYzpjbGFzc2VzOlBhc3N3b3JkUHJvdGVjdGVkVHJhbnNwb3J0DQ"
+  "ogIDwvc2FtbDpBdXRobkNvbnRleHRDbGFzc1JlZj4NCiA8L3NhbWxwOlJlcX"
+  "Vlc3RlZEF1dGhuQ29udGV4dD4gDQo8L3NhbWxwOkF1dGhuUmVxdWVzdD4=";
+
+static int
+callback (Gsasl * ctx, Gsasl_session * sctx, Gsasl_property prop)
+{
+  int rc = GSASL_NO_CALLBACK;
+
+  /* Get user info from user. */
+
+  switch (prop)
+    {
+    case GSASL_SAML20_REDIRECT_URL:
+      printf ("server got identity: %s\n",
+             gsasl_property_get (sctx, GSASL_SAML20_IDP_IDENTIFIER));
+      gsasl_property_set (sctx, prop, samlchallenge);
+      rc = GSASL_OK;
+      break;
+
+    case GSASL_VALIDATE_SAML20:
+      {
+       char *line = NULL;
+       size_t n;
+       ssize_t len;
+
+       puts ("Authorization decision time!");
+       printf ("User identity: %s\n",
+               gsasl_property_get (sctx, GSASL_SAML20_IDP_IDENTIFIER));
+       printf ("Accept user? (y/n) ");
+       fflush (stdout);
+
+       len = getline (&line, &n, stdin);
+       if (len <= 0)
+         break;
+       if (line[strlen (line) - 1] == '\n')
+         line[strlen (line) - 1] = '\0';
+
+       if (strcmp (line, "y") == 0 || strcmp (line, "Y") == 0)
+         rc = GSASL_OK;
+       else
+         rc = GSASL_AUTHENTICATION_ERROR;
+       free (line);
+      }
+      break;
+
+    default:
+      printf ("Unknown property %d!  Don't worry.\n", prop);
+      break;
+    }
+
+  return rc;
+}
+
+int
+main (int argc, char *argv[])
+{
+  Gsasl *ctx = NULL;
+  int rc;
+
+  /* Initialize library. */
+  if ((rc = gsasl_init (&ctx)) != GSASL_OK)
+    {
+      printf ("Cannot initialize libgsasl (%d): %s", rc, gsasl_strerror (rc));
+      return 1;
+    }
+
+  /* Set the callback handler for the library. */
+  gsasl_callback_set (ctx, callback);
+
+  /* Do it. */
+  server (ctx);
+
+  /* Cleanup. */
+  gsasl_done (ctx);
+
+  return 0;
+}
diff --git a/lib/NEWS b/lib/NEWS
index 0c27e1e..1a98481 100644
--- a/lib/NEWS
+++ b/lib/NEWS
@@ -2,6 +2,11 @@ GNU SASL LIBRARY NEWS -- History of user-visible changes.
 Copyright (C) 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010 Simon 
Josefsson
 See the end for copying conditions.
 
+* Version 1.7.1 (unreleased) [alpha]
+
+** API and ABI modifications.
+No changes since last version.
+
 * Version 1.7.0 (released 2010-10-22) [alpha]
 
 ** SAML20: Implement new mechanism.
diff --git a/lib/configure.ac b/lib/configure.ac
index d5b290e..7277b94 100644
--- a/lib/configure.ac
+++ b/lib/configure.ac
@@ -20,7 +20,7 @@ dnl Process this file with autoconf to produce a configure 
script.
 # MA 02110-1301, USA.
 
 AC_PREREQ(2.61)
-AC_INIT([libgsasl], [1.7.0], address@hidden)
+AC_INIT([libgsasl], [1.7.1], address@hidden)
 AC_CONFIG_AUX_DIR([build-aux])
 AC_CONFIG_MACRO_DIR([m4])
 
diff --git a/lib/src/gsasl.h b/lib/src/gsasl.h
index 7273796..848b8b6 100644
--- a/lib/src/gsasl.h
+++ b/lib/src/gsasl.h
@@ -51,7 +51,7 @@ extern "C"
    * version number.  Used together with gsasl_check_version() to
    * verify header file and run-time library consistency.
    */
-# define GSASL_VERSION "1.7.0"
+# define GSASL_VERSION "1.7.1"
 
   /**
    * GSASL_VERSION_MAJOR
@@ -84,7 +84,7 @@ extern "C"
    *
    * Since: 1.1
    */
-# define GSASL_VERSION_PATCH 0
+# define GSASL_VERSION_PATCH 1
 
   /**
    * GSASL_VERSION_NUMBER
@@ -95,7 +95,7 @@ extern "C"
    *
    * Since: 1.1
    */
-# define GSASL_VERSION_NUMBER 0x010700
+# define GSASL_VERSION_NUMBER 0x010701
 
   /* RFC 2222: SASL mechanisms are named by strings, from 1 to 20
    * characters in length, consisting of upper-case letters, digits,


hooks/post-receive
-- 
GNU gsasl



reply via email to

[Prev in Thread] Current Thread [Next in Thread]