[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[SCM] GNU gsasl branch, master, updated. gsasl-1-7-1-21-g5b0d393
|
From: |
Simon Josefsson |
|
Subject: |
[SCM] GNU gsasl branch, master, updated. gsasl-1-7-1-21-g5b0d393 |
|
Date: |
Tue, 27 Mar 2012 14:27:39 +0000 |
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GNU gsasl".
http://git.savannah.gnu.org/cgit/gsasl.git/commit/?id=5b0d393d567ac125f1c4d9f32f2283193690b1a3
The branch, master has been updated
via 5b0d393d567ac125f1c4d9f32f2283193690b1a3 (commit)
via 6ff912fc9af8eb3079a813ad200511497808d06a (commit)
from 292c02698d6c64f5e1ef597c64802db06c86efe0 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 5b0d393d567ac125f1c4d9f32f2283193690b1a3
Author: Simon Josefsson <address@hidden>
Date: Tue Mar 27 16:27:26 2012 +0200
Further OPENID20 fixes.
commit 6ff912fc9af8eb3079a813ad200511497808d06a
Author: Simon Josefsson <address@hidden>
Date: Tue Mar 27 11:48:56 2012 +0200
Don't crash in accept.
-----------------------------------------------------------------------
Summary of changes:
examples/smtp-server.c | 2 +-
lib/openid20/client.c | 47 +++++++++++++++++++++++++++++++++++++-
lib/openid20/server.c | 58 ++++++++++++++++++++++++++++++++++++++++++++++++
lib/src/gsasl.h | 6 ++++-
lib/src/internal.h | 1 +
lib/src/property.c | 4 +++
lib/src/xfinish.c | 1 +
src/callbacks.c | 15 +++++++++++-
8 files changed, 129 insertions(+), 5 deletions(-)
diff --git a/examples/smtp-server.c b/examples/smtp-server.c
index 74b2427..cc5046e 100644
--- a/examples/smtp-server.c
+++ b/examples/smtp-server.c
@@ -249,7 +249,7 @@ main (int argc, char *argv[])
while (run)
{
struct sockaddr from;
- socklen_t fromlen;
+ socklen_t fromlen = sizeof (from);
char host[NI_MAXHOST];
int fd;
FILE *fh;
diff --git a/lib/openid20/client.c b/lib/openid20/client.c
index 52a682d..5c84c8d 100644
--- a/lib/openid20/client.c
+++ b/lib/openid20/client.c
@@ -81,13 +81,56 @@ _gsasl_openid20_client_step (Gsasl_session * sctx,
res = _gsasl_gs2_generate_header (false, 'n', NULL, authzid,
strlen (p), p,
output, output_len);
- if (res == GSASL_OK)
+ if (res != GSASL_OK)
return res;
res = GSASL_NEEDS_MORE;
state->step++;
- break;
}
+ break;
+
+ case 1:
+ {
+ gsasl_property_set_raw (sctx, GSASL_OPENID20_REDIRECT_URL,
+ input, input_len);
+
+ res = gsasl_callback (NULL, sctx,
+ GSASL_OPENID20_AUTHENTICATE_IN_BROWSER);
+ if (res != GSASL_OK)
+ return res;
+
+ *output_len = 1;
+ *output = strdup ("=");
+
+ res = GSASL_OK;
+ state->step++;
+ }
+ break;
+
+ /* optional */
+ case 2:
+ {
+ gsasl_property_set_raw (sctx, GSASL_OPENID20_OUTCOME_DATA,
+ input, input_len);
+
+ *output_len = 0;
+ *output = NULL;
+
+ /* In the case of failures, the response MUST follow this
+ syntax:
+
+ outcome_data = "openid.error" "=" sreg_val *( "," sregp_avp )
+ */
+
+#define ERR_PREFIX "openid.error="
+ if (input_len > strlen (ERR_PREFIX)
+ && strncmp (ERR_PREFIX, input, strlen (ERR_PREFIX)) == 0)
+ res = GSASL_AUTHENTICATION_ERROR;
+ else
+ res = GSASL_OK;
+ state->step++;
+ }
+ break;
default:
break;
diff --git a/lib/openid20/server.c b/lib/openid20/server.c
index ca37b0d..320516c 100644
--- a/lib/openid20/server.c
+++ b/lib/openid20/server.c
@@ -39,6 +39,7 @@
struct openid20_server_state
{
int step;
+ int validation_res;
};
int
@@ -50,6 +51,8 @@ _gsasl_openid20_server_start (Gsasl_session * sctx, void
**mech_data)
if (state == NULL)
return GSASL_MALLOC_ERROR;
+ state->validation_res = GSASL_AUTHENTICATION_ERROR;
+
*mech_data = state;
return GSASL_OK;
@@ -111,6 +114,61 @@ _gsasl_openid20_server_step (Gsasl_session * sctx,
break;
}
+ case 1:
+ {
+ const char *outcome_data;
+
+ if (!(input_len == 1 && *input == '='))
+ return GSASL_MECHANISM_PARSE_ERROR;
+
+ res = gsasl_callback (NULL, sctx, GSASL_VALIDATE_OPENID20);
+ if (res != GSASL_OK)
+ {
+ *output = strdup ("openid.error=fail");
+ if (!*output)
+ return GSASL_MALLOC_ERROR;
+ *output_len = strlen (*output);
+
+ /* [RFC4422] Section 3.6 explicitly prohibits additional
+ information in an unsuccessful authentication outcome.
+ Therefore, the openid.error and openid.error_code are
+ to be sent as an additional challenge in the event of
+ an unsuccessful outcome. In this case, as the protocol
+ is lock step, the client will follow with an additional
+ exchange containing "=", after which the server will
+ respond with an application-level outcome. */
+ return GSASL_NEEDS_MORE;
+ }
+
+ outcome_data = gsasl_property_get (sctx, GSASL_OPENID20_OUTCOME_DATA);
+ if (outcome_data)
+ {
+ *output = strdup (outcome_data);
+ if (!*output)
+ return GSASL_MALLOC_ERROR;
+ *output_len = strlen (*output);
+ }
+ else
+ {
+ *output = NULL;
+ *output_len = 0;
+ }
+
+ state->validation_res = res = GSASL_OK;
+ state->step++;
+ }
+ break;
+
+ case 2:
+ {
+ if (!(input_len == 0 && *input == '\0'))
+ return GSASL_MECHANISM_PARSE_ERROR;
+
+ res = state->validation_res;
+ state->step++;
+ }
+ break;
+
default:
break;
}
diff --git a/lib/src/gsasl.h b/lib/src/gsasl.h
index 30a3ccc..95c0fc0 100644
--- a/lib/src/gsasl.h
+++ b/lib/src/gsasl.h
@@ -314,6 +314,7 @@ extern "C"
* @GSASL_SAML20_REDIRECT_URL: SAML20 challenge from server to client.
* @GSASL_SAML20_AUTHENTICATE_IN_BROWSER: Request to perform SAML20.
* @GSASL_OPENID20_AUTH_IDENTIFIER: OPENID20 user authentication identifier.
+ * @GSASL_OPENID20_AUTHENTICATE_IN_BROWSER: Request to perform OPENID20.
* @GSASL_VALIDATE_SIMPLE: Request for simple validation.
* @GSASL_VALIDATE_EXTERNAL: Request for validation of EXTERNAL.
* @GSASL_VALIDATE_ANONYMOUS: Request for validation of ANONYMOUS.
@@ -348,15 +349,18 @@ extern "C"
GSASL_SAML20_REDIRECT_URL = 20,
GSASL_OPENID20_AUTH_IDENTIFIER = 21,
GSASL_OPENID20_REDIRECT_URL = 22,
+ GSASL_OPENID20_OUTCOME_DATA = 23,
/* Client callbacks. */
GSASL_SAML20_AUTHENTICATE_IN_BROWSER = 250,
+ GSASL_OPENID20_AUTHENTICATE_IN_BROWSER = 251,
/* Server validation callback properties. */
GSASL_VALIDATE_SIMPLE = 500,
GSASL_VALIDATE_EXTERNAL = 501,
GSASL_VALIDATE_ANONYMOUS = 502,
GSASL_VALIDATE_GSSAPI = 503,
GSASL_VALIDATE_SECURID = 504,
- GSASL_VALIDATE_SAML20 = 505
+ GSASL_VALIDATE_SAML20 = 505,
+ GSASL_VALIDATE_OPENID20 = 506
} Gsasl_property;
/**
diff --git a/lib/src/internal.h b/lib/src/internal.h
index 2f3d044..617ab7f 100644
--- a/lib/src/internal.h
+++ b/lib/src/internal.h
@@ -106,6 +106,7 @@ struct Gsasl_session
char *saml20_redirect_url;
char *openid20_auth_identifier;
char *openid20_redirect_url;
+ char *openid20_outcome_data;
/* If you add anything here, remember to change change
gsasl_finish() in xfinish.c and map() in property.c. */
diff --git a/lib/src/property.c b/lib/src/property.c
index 68fa908..169ff69 100644
--- a/lib/src/property.c
+++ b/lib/src/property.c
@@ -120,6 +120,10 @@ map (Gsasl_session * sctx, Gsasl_property prop)
p = &sctx->openid20_redirect_url;
break;
+ case GSASL_OPENID20_OUTCOME_DATA:
+ p = &sctx->openid20_outcome_data;
+ break;
+
/* If you add anything here, remember to change change
gsasl_finish() in xfinish.c and Gsasl_session in
internal.h. */
diff --git a/lib/src/xfinish.c b/lib/src/xfinish.c
index fc8b69a..3ba3a30 100644
--- a/lib/src/xfinish.c
+++ b/lib/src/xfinish.c
@@ -68,6 +68,7 @@ gsasl_finish (Gsasl_session * sctx)
free (sctx->saml20_redirect_url);
free (sctx->openid20_auth_identifier);
free (sctx->openid20_redirect_url);
+ free (sctx->openid20_outcome_data);
/* If you add anything here, remember to change change
gsasl_finish() in xfinish.c and Gsasl_session in internal.h. */
diff --git a/src/callbacks.c b/src/callbacks.c
index db7c2e4..5ed5cf6 100644
--- a/src/callbacks.c
+++ b/src/callbacks.c
@@ -231,7 +231,20 @@ callback (Gsasl * ctx, Gsasl_session * sctx,
Gsasl_property prop)
{
const char *url = gsasl_property_get (sctx, GSASL_SAML20_REDIRECT_URL);
- printf ("Please visit this URL to authenticate:\n%s\n", url);
+ printf ("Proceed to this URL to authenticate using SAML 2.0:\n%s\n",
+ url);
+
+ rc = GSASL_OK;
+ }
+ break;
+
+ case GSASL_OPENID20_AUTHENTICATE_IN_BROWSER:
+ {
+ const char *url = gsasl_property_get (sctx,
+ GSASL_OPENID20_REDIRECT_URL);
+
+ printf ("Proceed to this URL to authenticate using OpenID 2.0:\n%s\n",
+ url);
rc = GSASL_OK;
}
hooks/post-receive
--
GNU gsasl
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- [SCM] GNU gsasl branch, master, updated. gsasl-1-7-1-21-g5b0d393,
Simon Josefsson <=