[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[SCM] GNU gsasl branch, master, updated. gsasl-1-7-2-8-g4c05095
|
From: |
Simon Josefsson |
|
Subject: |
[SCM] GNU gsasl branch, master, updated. gsasl-1-7-2-8-g4c05095 |
|
Date: |
Tue, 03 Apr 2012 07:33:27 +0000 |
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GNU gsasl".
http://git.savannah.gnu.org/cgit/gsasl.git/commit/?id=4c050955c6f6e3e8dda118fe5e7027e8d11ef76a
The branch, master has been updated
via 4c050955c6f6e3e8dda118fe5e7027e8d11ef76a (commit)
via f17031e3b5f346ed23428781126dcc23de0859fc (commit)
via ba92dd95d8a77941e8162dab0e15ac47699b0b0b (commit)
via 3095b8531899818f1838c8f658024fafb8fbd92a (commit)
via efc486c658b09fca6f54b9d3f50ba95791527c70 (commit)
from d62f4e29220cd329d0b165f745ac8f1fe9ce79f8 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 4c050955c6f6e3e8dda118fe5e7027e8d11ef76a
Author: Simon Josefsson <address@hidden>
Date: Tue Apr 3 09:33:17 2012 +0200
Enable SAML20 by default. Doc fixes.
commit f17031e3b5f346ed23428781126dcc23de0859fc
Author: Simon Josefsson <address@hidden>
Date: Tue Apr 3 09:30:55 2012 +0200
Disable testing of gsasl_random for now (it locks).
commit ba92dd95d8a77941e8162dab0e15ac47699b0b0b
Author: Simon Josefsson <address@hidden>
Date: Tue Apr 3 09:28:19 2012 +0200
Add.
commit 3095b8531899818f1838c8f658024fafb8fbd92a
Author: Simon Josefsson <address@hidden>
Date: Tue Apr 3 09:19:47 2012 +0200
Unify some SAML/OpenID properties & callbacks.
GSASL_REDIRECT_URL: Added, replaces the next two properties.
GSASL_OPENID20_REDIRECT_URL: Removed.
GSASL_SAML20_REDIRECT_URL: Removed.
GSASL_AUTHENTICATE_IN_BROWSER: Added, replaces the next two callbacks.
GSASL_SAML20_AUTHENTICATE_IN_BROWSER: Removed.
GSASL_OPENID20_AUTHENTICATE_IN_BROWSER: Removed.
commit efc486c658b09fca6f54b9d3f50ba95791527c70
Author: Simon Josefsson <address@hidden>
Date: Tue Apr 3 09:08:35 2012 +0200
Bump versions.
-----------------------------------------------------------------------
Summary of changes:
NEWS | 13 ++++-
configure.ac | 2 +-
doc/gsasl.texi | 103 ++++++++++++++----------------
examples/client-xmpp-saml20.c | 4 +-
examples/openid20/smtp-server-openid20.c | 2 +-
examples/saml20/smtp-server-saml20.c | 2 +-
examples/server-xmpp-saml20.c | 2 +-
lib/NEWS | 15 ++++
lib/configure.ac | 6 +-
lib/openid20/client.c | 6 +-
lib/openid20/server.c | 4 +-
lib/saml20/client.c | 6 +-
lib/saml20/server.c | 4 +-
lib/src/error.c | 6 +-
lib/src/gsasl.h | 25 +++-----
lib/src/internal.h | 3 +-
lib/src/property.c | 8 +--
lib/src/xfinish.c | 3 +-
src/callbacks.c | 19 +-----
tests/crypto.c | 3 +
tests/openid20.c | 4 +-
tests/saml20.c | 8 +-
22 files changed, 118 insertions(+), 130 deletions(-)
diff --git a/NEWS b/NEWS
index 2d0790d..45ce821 100644
--- a/NEWS
+++ b/NEWS
@@ -1,11 +1,22 @@
GNU SASL NEWS -- History of user-visible changes.
-Copyright (C) 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010, 2011, 2012
Simon Josefsson
+Copyright (C) 2002-2012 Simon Josefsson
See the end for copying conditions.
Note that changes to the GNU SASL Library is documented in lib/NEWS.
This file track changes to the remaining, non-library, parts of GNU
SASL. That include the manual, the command line tool, and self tests.
+* Version 1.7.3 (unreleased) [alpha]
+
+** Doc fixes and updates for the callback/property change in the library.
+See lib/NEWS for details.
+
+** examples: Added example SMTP server with SAML 2.0 support.
+See examples/saml20/README. It uses Lasso as the SAML implementation.
+You may disable Lasso by using --without-lasso. Note that Lasso is
+only needed for this example server, it is not needed by the GNU SASL
+library or command line tools itself.
+
* Version 1.7.2 (released 2012-03-28) [alpha]
** gsasl: The client lets the server decide when authentication is complete.
diff --git a/configure.ac b/configure.ac
index db0e064..bea297c 100644
--- a/configure.ac
+++ b/configure.ac
@@ -18,7 +18,7 @@ dnl Process this file with autoconf to produce a configure
script.
# along with this program. If not, see <http://www.gnu.org/licenses/>.
AC_PREREQ(2.61)
-AC_INIT([GNU SASL], [1.7.2], address@hidden, [gsasl])
+AC_INIT([GNU SASL], [1.7.3], address@hidden, [gsasl])
AC_CONFIG_AUX_DIR([lib/build-aux])
AC_CONFIG_MACRO_DIR([m4])
diff --git a/doc/gsasl.texi b/doc/gsasl.texi
index 71fb831..9130aee 100644
--- a/doc/gsasl.texi
+++ b/doc/gsasl.texi
@@ -1570,15 +1570,12 @@ bindings for a session.
This property holds the SAML identifier of the user. The SAML20
mechanism in client mode will send it to the other end for
identification purposes, and in server mode it will be accessible in
-the @code{GSASL_SAML20_REDIRECT_URL} callback.
+the @code{GSASL_REDIRECT_URL} callback.
address@hidden @code{GSASL_SAML20_REDIRECT_URL}
-This property holds the SAML redirect URL that the server wants the
-client to access. It will be available in the
address@hidden callback for the client.
-
address@hidden @code{GSASL_OPENID20_REDIRECT_URL}
-OpenID 2.0 redirect URL.
address@hidden @code{GSASL_REDIRECT_URL}
+This property holds the OpenID or SAML redirect URL that the server
+wants the client to access. It will be available in the
address@hidden callback for the client.
@item @code{GSASL_OPENID20_OUTCOME_DATA}
OpenID 2.0 authentication outcome data. This is either the OpenID
@@ -1640,17 +1637,11 @@ application perform authentication. The callback
should return
@code{GSASL_OK} if the user should be permitted access, and
@code{GSASL_AUTHENTICATION_ERROR} (or another error code) otherwise.
address@hidden @code{GSASL_SAML20_AUTHENTICATE_IN_BROWSER}
-Used by the SAML20 mechanism in the client side to request that the
-client should launch the SAML redirect URL (the
address@hidden property) in a browser to continue
-with authentication.
-
address@hidden @code{GSASL_OPENID20_AUTHENTICATE_IN_BROWSER}
-Used by the OPENID20 mechanism in the client side to request that the
-client should launch the OpenID redirect URL (the
address@hidden property) in a browser to continue
-with authentication.
address@hidden @code{GSASL_AUTHENTICATE_IN_BROWSER}
+Used by the OPENID20 and SAML20 mechanisms in the client side to
+request that the client should launch the redirect URL (the
address@hidden property) in a browser to continue with
+authentication.
@end itemize
@@ -2064,26 +2055,27 @@ that offloads the authentication exchange to an
external browser. The
protocol implemented is as specified in
@code{draft-ietf-kitten-sasl-saml-01}.
-The mechanism makes use of the following properties: GSASL_AUTHZID,
-GSASL_SAML20_IDP_IDENTIFIER, GSASL_SAML20_REDIRECT_URL,
-GSASL_SAML20_AUTHENTICATE_IN_BROWSER and GSASL_VALIDATE_SAML20.
+The mechanism makes use of the following properties:
address@hidden, @code{GSASL_SAML20_IDP_IDENTIFIER},
address@hidden, @code{GSASL_AUTHENTICATE_IN_BROWSER} and
address@hidden
-In client mode, the mechanism will retrieve the GSASL_AUTHZID and
-GSASL_SAML20_IDP_IDENTIFIER properties and form a request to the
+In client mode, the mechanism will retrieve the @code{GSASL_AUTHZID} and
address@hidden properties and form a request to the
server. The server will respond with a redirect URL stored in the
-GSASL_SAML20_REDIRECT_URL property, which the client can retrieve from
-the GSASL_SAML20_AUTHENTICATE_IN_BROWSER callback. The intention is
-that the client launches a browser to the given URL, and then proceeds
-with authentication. The server responds whether authentication was
address@hidden property, which the client can retrieve from the
address@hidden callback. The intention is that the
+client launches a browser to the given URL, and then proceeds with
+authentication. The server responds whether authentication was
successful or not.
In server mode, the mechanism will invoke the
-GSASL_SAML20_REDIRECT_URL callback and the application can inspect the
-GSASL_AUTHZID and GSASL_SAML20_IDP_IDENTIFIER properties when forming
-the redirect URL. The URL is passed to the client which will
-hopefully complete authentication in the browser. The server callback
-GSASL_VALIDATE_SAML20 should check whether the authentication attempt
-was successful.
address@hidden callback and the application can inspect the
address@hidden and @code{GSASL_SAML20_IDP_IDENTIFIER} properties
+when forming the redirect URL. The URL is passed to the client which
+will hopefully complete authentication in the browser. The server
+callback @code{GSASL_VALIDATE_SAML20} should check whether the
+authentication attempt was successful.
@node OPENID20
@section The OPENID20 mechanism
@@ -2096,9 +2088,9 @@ The protocol implemented is as specified in
The mechanism makes use of the following properties:
@code{GSASL_AUTHID} (for the OpenID User-Supplied Identifier),
address@hidden, @code{GSASL_OPENID20_REDIRECT_URL},
address@hidden, @code{GSASL_REDIRECT_URL},
@code{GSASL_OPENID20_OUTCOME_DATA},
address@hidden, and
address@hidden, and
@code{GSASL_VALIDATE_OPENID20}.
In the client, the mechanism is enabled by default. The
@@ -2106,30 +2098,29 @@ In the client, the mechanism is enabled by default. The
User-Supplied OpenID Identifier (for example
@code{http://josefsson.org}). If set, @code{GSASL_AUTHZID} will be
used by the client. The client will be invoked with the
address@hidden callback to perform the
-OpenID authentication in a web browser. The callback can retrieve the
address@hidden property to find out the URL to
-redirect the user to. After authentication, the client can retrieve
-the @code{GSASL_OPENID20_OUTCOME_DATA} property with the OpenID Simple
address@hidden callback to perform the OpenID
+authentication in a web browser. The callback can retrieve the
address@hidden property to find out the URL to redirect the
+user to. After authentication, the client can retrieve the
address@hidden property with the OpenID Simple
Registry (SREG) attributes sent by the server (they are not always
sent).
In the server, the mechanism is enabled by default. The server will
-request the @code{GSASL_OPENID20_REDIRECT_URL} property, and your
-callback may inspect the @code{GSASL_AUTHID} to find the OpenID
-User-Supplied Identifier. The server callback should perform OpenID
-discovery and return the URL to redirect the user to. After this, the
-user would access the URL and proceed with authentication in the
-browser. The server is invoked with the
address@hidden callback to perform the actual
-validation of the authentication. Usually the callback will perform
-some IPC communication with an OpenID consumer running in a web
-server. The callback should return @code{GSASL_OK} on successful
-authentication and @code{GSASL_AUTHENTICATION_ERROR} on authentication
-errors, or any other error code. If the server received some OpenID
-Simple Registry (SREG) attributes from the OpenID Identity Provider,
-it may use the @code{GSASL_OPENID20_OUTCOME_DATA} property to send
-these to the client.
+request the @code{GSASL_REDIRECT_URL} property, and your callback may
+inspect the @code{GSASL_AUTHID} to find the OpenID User-Supplied
+Identifier. The server callback should perform OpenID discovery and
+return the URL to redirect the user to. After this, the user would
+access the URL and proceed with authentication in the browser. The
+server is invoked with the @code{GSASL_VALIDATE_OPENID20} callback to
+perform the actual validation of the authentication. Usually the
+callback will perform some IPC communication with an OpenID consumer
+running in a web server. The callback should return @code{GSASL_OK}
+on successful authentication and @code{GSASL_AUTHENTICATION_ERROR} on
+authentication errors, or any other error code. If the server
+received some OpenID Simple Registry (SREG) attributes from the OpenID
+Identity Provider, it may use the @code{GSASL_OPENID20_OUTCOME_DATA}
+property to send these to the client.
Note that the actual OpenID algorithms are not implemented by the GNU
SASL library, but is expected to be spun off to external OpenID
diff --git a/examples/client-xmpp-saml20.c b/examples/client-xmpp-saml20.c
index 6e22b14..43717c3 100644
--- a/examples/client-xmpp-saml20.c
+++ b/examples/client-xmpp-saml20.c
@@ -134,9 +134,9 @@ callback (Gsasl * ctx, Gsasl_session * sctx, Gsasl_property
prop)
rc = GSASL_OK;
break;
- case GSASL_SAML20_AUTHENTICATE_IN_BROWSER:
+ case GSASL_AUTHENTICATE_IN_BROWSER:
printf ("client got redirect URL: %s\n",
- gsasl_property_get (sctx, GSASL_SAML20_REDIRECT_URL));
+ gsasl_property_get (sctx, GSASL_REDIRECT_URL));
rc = GSASL_OK;
break;
diff --git a/examples/openid20/smtp-server-openid20.c
b/examples/openid20/smtp-server-openid20.c
index f00cb29..542db68 100644
--- a/examples/openid20/smtp-server-openid20.c
+++ b/examples/openid20/smtp-server-openid20.c
@@ -162,7 +162,7 @@ callback (Gsasl * ctx, Gsasl_session * sctx, Gsasl_property
prop)
switch (prop)
{
- case GSASL_OPENID20_REDIRECT_URL:
+ case GSASL_REDIRECT_URL:
{
line = get_redirect_url (sctx);
diff --git a/examples/saml20/smtp-server-saml20.c
b/examples/saml20/smtp-server-saml20.c
index b47718b..e825319 100644
--- a/examples/saml20/smtp-server-saml20.c
+++ b/examples/saml20/smtp-server-saml20.c
@@ -56,7 +56,7 @@ callback (Gsasl * ctx, Gsasl_session * sctx, Gsasl_property
prop)
switch (prop)
{
- case GSASL_SAML20_REDIRECT_URL:
+ case GSASL_REDIRECT_URL:
{
FILE *fh;
char *reqid, *redirect_url, *tmp;
diff --git a/examples/server-xmpp-saml20.c b/examples/server-xmpp-saml20.c
index 4dd4a1c..7f380d6 100644
--- a/examples/server-xmpp-saml20.c
+++ b/examples/server-xmpp-saml20.c
@@ -135,7 +135,7 @@ callback (Gsasl * ctx, Gsasl_session * sctx, Gsasl_property
prop)
switch (prop)
{
- case GSASL_SAML20_REDIRECT_URL:
+ case GSASL_REDIRECT_URL:
printf ("server got identity: %s\n",
gsasl_property_get (sctx, GSASL_SAML20_IDP_IDENTIFIER));
gsasl_property_set (sctx, prop, samlchallenge);
diff --git a/lib/NEWS b/lib/NEWS
index b450a3e..745eb48 100644
--- a/lib/NEWS
+++ b/lib/NEWS
@@ -2,6 +2,21 @@ GNU SASL LIBRARY NEWS -- History of user-visible changes.
Copyright (C) 2002-2012 Simon Josefsson
See the end for copying conditions.
+* Version 1.7.3 (unreleased) [alpha]
+
+** The SAML20 mechanism is now enabled by default.
+
+** libgsasl: Unified some of the SAML and OpenID callbacks/properties.
+See API changes below.
+
+** API and ABI modifications.
+GSASL_REDIRECT_URL: Added, replaces the next two properties.
+GSASL_OPENID20_REDIRECT_URL: Removed.
+GSASL_SAML20_REDIRECT_URL: Removed.
+GSASL_AUTHENTICATE_IN_BROWSER: Added, replaces the next two callbacks.
+GSASL_SAML20_AUTHENTICATE_IN_BROWSER: Removed.
+GSASL_OPENID20_AUTHENTICATE_IN_BROWSER: Removed.
+
* Version 1.7.2 (released 2012-03-28) [alpha]
** libgsasl: Updated OPENID20 implementation.
diff --git a/lib/configure.ac b/lib/configure.ac
index fd74716..470a70c 100644
--- a/lib/configure.ac
+++ b/lib/configure.ac
@@ -20,7 +20,7 @@ dnl Process this file with autoconf to produce a configure
script.
# MA 02110-1301, USA.
AC_PREREQ(2.61)
-AC_INIT([libgsasl], [1.7.2], address@hidden)
+AC_INIT([libgsasl], [1.7.3], address@hidden)
AC_CONFIG_AUX_DIR([build-aux])
AC_CONFIG_MACRO_DIR([m4])
@@ -29,7 +29,7 @@ AC_CONFIG_MACRO_DIR([m4])
# Interfaces added: AGE++
# Interfaces removed: AGE=0
AC_SUBST(LT_CURRENT, 16)
-AC_SUBST(LT_REVISION, 1)
+AC_SUBST(LT_REVISION, 2)
AC_SUBST(LT_AGE, 9)
# Used when creating libgsasl-XX.def.
@@ -169,7 +169,7 @@ AM_CONDITIONAL(SCRAM, test "$scram_sha1" != "no")
# SAML20
AC_ARG_ENABLE(saml20,
AS_HELP_STRING([--disable-saml20], [don't use the SAML20 mechanism]),
- saml20=$enableval, saml20=no)
+ saml20=$enableval, saml20=yes)
if test "$saml20" != "no" ; then
saml20=yes
AC_DEFINE(USE_SAML20, 1, [Define to 1 if you want SAML20.])
diff --git a/lib/openid20/client.c b/lib/openid20/client.c
index 310111d..7dd7483 100644
--- a/lib/openid20/client.c
+++ b/lib/openid20/client.c
@@ -90,11 +90,9 @@ _gsasl_openid20_client_step (Gsasl_session * sctx,
case 1:
{
- gsasl_property_set_raw (sctx, GSASL_OPENID20_REDIRECT_URL,
- input, input_len);
+ gsasl_property_set_raw (sctx, GSASL_REDIRECT_URL, input, input_len);
- res = gsasl_callback (NULL, sctx,
- GSASL_OPENID20_AUTHENTICATE_IN_BROWSER);
+ res = gsasl_callback (NULL, sctx, GSASL_AUTHENTICATE_IN_BROWSER);
if (res != GSASL_OK)
return res;
diff --git a/lib/openid20/server.c b/lib/openid20/server.c
index d1cf7a5..170329a 100644
--- a/lib/openid20/server.c
+++ b/lib/openid20/server.c
@@ -95,9 +95,9 @@ _gsasl_openid20_server_step (Gsasl_session * sctx,
gsasl_property_set_raw (sctx, GSASL_AUTHID, input, input_len);
- p = gsasl_property_get (sctx, GSASL_OPENID20_REDIRECT_URL);
+ p = gsasl_property_get (sctx, GSASL_REDIRECT_URL);
if (!p || !*p)
- return GSASL_NO_OPENID20_REDIRECT_URL;
+ return GSASL_NO_REDIRECT_URL;
*output_len = strlen (p);
*output = malloc (*output_len);
diff --git a/lib/saml20/client.c b/lib/saml20/client.c
index e4b46be..ec88b06 100644
--- a/lib/saml20/client.c
+++ b/lib/saml20/client.c
@@ -91,11 +91,9 @@ _gsasl_saml20_client_step (Gsasl_session * sctx,
case 1:
{
- gsasl_property_set_raw (sctx, GSASL_SAML20_REDIRECT_URL,
- input, input_len);
+ gsasl_property_set_raw (sctx, GSASL_REDIRECT_URL, input, input_len);
- res = gsasl_callback (NULL, sctx,
- GSASL_SAML20_AUTHENTICATE_IN_BROWSER);
+ res = gsasl_callback (NULL, sctx, GSASL_AUTHENTICATE_IN_BROWSER);
if (res == GSASL_OK)
{
*output_len = 0;
diff --git a/lib/saml20/server.c b/lib/saml20/server.c
index e29e21a..e425a36 100644
--- a/lib/saml20/server.c
+++ b/lib/saml20/server.c
@@ -95,9 +95,9 @@ _gsasl_saml20_server_step (Gsasl_session * sctx,
gsasl_property_set_raw (sctx, GSASL_SAML20_IDP_IDENTIFIER,
input, input_len);
- p = gsasl_property_get (sctx, GSASL_SAML20_REDIRECT_URL);
+ p = gsasl_property_get (sctx, GSASL_REDIRECT_URL);
if (!p || !*p)
- return GSASL_NO_SAML20_REDIRECT_URL;
+ return GSASL_NO_REDIRECT_URL;
*output_len = strlen (p);
*output = malloc (*output_len);
diff --git a/lib/src/error.c b/lib/src/error.c
index fc34dce..bad1844 100644
--- a/lib/src/error.c
+++ b/lib/src/error.c
@@ -202,10 +202,8 @@ static struct
N_("Authentication failed because a tls-unique CB was not provided.")),
ERR (GSASL_NO_SAML20_IDP_IDENTIFIER,
N_("Callback failed to provide SAML20 IdP identifier.")),
- ERR (GSASL_NO_SAML20_REDIRECT_URL,
- N_("Callback failed to provide SAML20 redirect URL.")),
- ERR (GSASL_NO_OPENID20_REDIRECT_URL,
- N_("Callback failed to provide OPENID20 redirect URL."))
+ ERR (GSASL_NO_REDIRECT_URL,
+ N_("Callback failed to provide redirect URL."))
};
/* *INDENT-ON* */
diff --git a/lib/src/gsasl.h b/lib/src/gsasl.h
index 1018259..eadb892 100644
--- a/lib/src/gsasl.h
+++ b/lib/src/gsasl.h
@@ -51,7 +51,7 @@ extern "C"
* version number. Used together with gsasl_check_version() to
* verify header file and run-time library consistency.
*/
-# define GSASL_VERSION "1.7.2"
+# define GSASL_VERSION "1.7.3"
/**
* GSASL_VERSION_MAJOR
@@ -84,7 +84,7 @@ extern "C"
*
* Since: 1.1
*/
-# define GSASL_VERSION_PATCH 2
+# define GSASL_VERSION_PATCH 3
/**
* GSASL_VERSION_NUMBER
@@ -95,7 +95,7 @@ extern "C"
*
* Since: 1.1
*/
-# define GSASL_VERSION_NUMBER 0x010702
+# define GSASL_VERSION_NUMBER 0x010703
/* RFC 2222: SASL mechanisms are named by strings, from 1 to 20
* characters in length, consisting of upper-case letters, digits,
@@ -137,9 +137,7 @@ extern "C"
* @GSASL_NO_HOSTNAME: Could not get required hostname.
* @GSASL_NO_CB_TLS_UNIQUE: Could not get required tls-unique CB.
* @GSASL_NO_SAML20_IDP_IDENTIFIER: Could not get required SAML IdP.
- * @GSASL_NO_SAML20_REDIRECT_URL: Could not get required redirect URL.
- * @GSASL_NO_OPENID20_REDIRECT_URL: Could not get required OpenID
- * redirect URL.
+ * @GSASL_NO_REDIRECT_URL: Could not get required redirect URL.
* @GSASL_GSSAPI_RELEASE_BUFFER_ERROR: GSS-API library call error.
* @GSASL_GSSAPI_IMPORT_NAME_ERROR: GSS-API library call error.
* @GSASL_GSSAPI_INIT_SEC_CONTEXT_ERROR: GSS-API library call error.
@@ -191,8 +189,7 @@ extern "C"
GSASL_NO_HOSTNAME = 59,
GSASL_NO_CB_TLS_UNIQUE = 65,
GSASL_NO_SAML20_IDP_IDENTIFIER = 66,
- GSASL_NO_SAML20_REDIRECT_URL = 67,
- GSASL_NO_OPENID20_REDIRECT_URL = 68,
+ GSASL_NO_REDIRECT_URL = 67,
/* Mechanism specific errors. */
GSASL_GSSAPI_RELEASE_BUFFER_ERROR = 37,
GSASL_GSSAPI_IMPORT_NAME_ERROR = 38,
@@ -308,11 +305,9 @@ extern "C"
* to avoid re-computation and storing passwords in the clear.
* @GSASL_CB_TLS_UNIQUE: Base64 encoded tls-unique channel binding.
* @GSASL_SAML20_IDP_IDENTIFIER: SAML20 user IdP URL.
- * @GSASL_SAML20_REDIRECT_URL: SAML20 challenge from server to client.
- * @GSASL_OPENID20_REDIRECT_URL: OpenID 2.0 redirect URL.
+ * @GSASL_REDIRECT_URL: URL to access in GSASL_AUTHENTICATE_IN_BROWSER.
* @GSASL_OPENID20_OUTCOME_DATA: OpenID 2.0 authentication outcome data.
- * @GSASL_SAML20_AUTHENTICATE_IN_BROWSER: Request to perform SAML20.
- * @GSASL_OPENID20_AUTHENTICATE_IN_BROWSER: Request to perform OpenID 2.0.
+ * @GSASL_AUTHENTICATE_IN_BROWSER: Request to authenticate in browser.
* @GSASL_VALIDATE_SIMPLE: Request for simple validation.
* @GSASL_VALIDATE_EXTERNAL: Request for validation of EXTERNAL.
* @GSASL_VALIDATE_ANONYMOUS: Request for validation of ANONYMOUS.
@@ -345,12 +340,10 @@ extern "C"
GSASL_SCRAM_SALTED_PASSWORD = 17,
GSASL_CB_TLS_UNIQUE = 18,
GSASL_SAML20_IDP_IDENTIFIER = 19,
- GSASL_SAML20_REDIRECT_URL = 20,
- GSASL_OPENID20_REDIRECT_URL = 21,
+ GSASL_REDIRECT_URL = 20,
GSASL_OPENID20_OUTCOME_DATA = 22,
/* Client callbacks. */
- GSASL_SAML20_AUTHENTICATE_IN_BROWSER = 250,
- GSASL_OPENID20_AUTHENTICATE_IN_BROWSER = 251,
+ GSASL_AUTHENTICATE_IN_BROWSER = 250,
/* Server validation callback properties. */
GSASL_VALIDATE_SIMPLE = 500,
GSASL_VALIDATE_EXTERNAL = 501,
diff --git a/lib/src/internal.h b/lib/src/internal.h
index 233ecb5..82eddc4 100644
--- a/lib/src/internal.h
+++ b/lib/src/internal.h
@@ -103,8 +103,7 @@ struct Gsasl_session
char *scram_salted_password;
char *cb_tls_unique;
char *saml20_idp_identifier;
- char *saml20_redirect_url;
- char *openid20_redirect_url;
+ char *redirect_url;
char *openid20_outcome_data;
/* If you add anything here, remember to change change
gsasl_finish() in xfinish.c and map() in property.c. */
diff --git a/lib/src/property.c b/lib/src/property.c
index db6a9b0..a5bb1fb 100644
--- a/lib/src/property.c
+++ b/lib/src/property.c
@@ -108,12 +108,8 @@ map (Gsasl_session * sctx, Gsasl_property prop)
p = &sctx->saml20_idp_identifier;
break;
- case GSASL_SAML20_REDIRECT_URL:
- p = &sctx->saml20_redirect_url;
- break;
-
- case GSASL_OPENID20_REDIRECT_URL:
- p = &sctx->openid20_redirect_url;
+ case GSASL_REDIRECT_URL:
+ p = &sctx->redirect_url;
break;
case GSASL_OPENID20_OUTCOME_DATA:
diff --git a/lib/src/xfinish.c b/lib/src/xfinish.c
index cfddd82..d5f283f 100644
--- a/lib/src/xfinish.c
+++ b/lib/src/xfinish.c
@@ -65,8 +65,7 @@ gsasl_finish (Gsasl_session * sctx)
free (sctx->scram_salted_password);
free (sctx->cb_tls_unique);
free (sctx->saml20_idp_identifier);
- free (sctx->saml20_redirect_url);
- free (sctx->openid20_redirect_url);
+ free (sctx->redirect_url);
free (sctx->openid20_outcome_data);
/* If you add anything here, remember to change change
gsasl_finish() in xfinish.c and Gsasl_session in internal.h. */
diff --git a/src/callbacks.c b/src/callbacks.c
index 4963517..70a3501 100644
--- a/src/callbacks.c
+++ b/src/callbacks.c
@@ -216,24 +216,11 @@ callback (Gsasl * ctx, Gsasl_session * sctx,
Gsasl_property prop)
}
break;
- case GSASL_SAML20_AUTHENTICATE_IN_BROWSER:
+ case GSASL_AUTHENTICATE_IN_BROWSER:
{
- const char *url = gsasl_property_get (sctx, GSASL_SAML20_REDIRECT_URL);
+ const char *url = gsasl_property_get (sctx, GSASL_REDIRECT_URL);
- printf ("Proceed to this URL to authenticate using SAML 2.0:\n%s\n",
- url);
-
- rc = GSASL_OK;
- }
- break;
-
- case GSASL_OPENID20_AUTHENTICATE_IN_BROWSER:
- {
- const char *url = gsasl_property_get (sctx,
- GSASL_OPENID20_REDIRECT_URL);
-
- printf ("Proceed to this URL to authenticate using OpenID 2.0:\n%s\n",
- url);
+ printf ("Visit this URL to proceed with authentication:\n%s\n", url);
rc = GSASL_OK;
}
diff --git a/tests/crypto.c b/tests/crypto.c
index 8090d06..15f12d9 100644
--- a/tests/crypto.c
+++ b/tests/crypto.c
@@ -54,6 +54,8 @@ doit (void)
fail ("gsasl_nonce memcmp fail\n");
success("gsasl_nonce\n");
+#if 0
+ /* This often times out on build machines. */
memcpy (savetmp, tmp, SIZE);
tmplen = sizeof (tmp);
rc = gsasl_random (tmp, tmplen);
@@ -62,6 +64,7 @@ doit (void)
if (memcmp (savetmp, tmp, SIZE) == 0)
fail ("gsasl_random memcmp fail\n");
success("gsasl_random\n");
+#endif
rc = gsasl_md5 ("abc", 3, &hash);
if (rc != GSASL_OK)
diff --git a/tests/openid20.c b/tests/openid20.c
index 3f9ba68..35653ac 100644
--- a/tests/openid20.c
+++ b/tests/openid20.c
@@ -52,7 +52,7 @@ client_callback (Gsasl * ctx, Gsasl_session * sctx,
Gsasl_property prop)
rc = GSASL_OK;
break;
- case GSASL_OPENID20_AUTHENTICATE_IN_BROWSER:
+ case GSASL_AUTHENTICATE_IN_BROWSER:
rc = GSASL_OK;
break;
@@ -71,7 +71,7 @@ server_callback (Gsasl * ctx, Gsasl_session * sctx,
Gsasl_property prop)
switch (prop)
{
- case GSASL_OPENID20_REDIRECT_URL:
+ case GSASL_REDIRECT_URL:
gsasl_property_set (sctx, prop,
"http://idp.example/NONCE/?openid.foo=bar";);
rc = GSASL_OK;
diff --git a/tests/saml20.c b/tests/saml20.c
index 2400e95..73a3359 100644
--- a/tests/saml20.c
+++ b/tests/saml20.c
@@ -64,7 +64,7 @@ client_callback (Gsasl * ctx, Gsasl_session * sctx,
Gsasl_property prop)
/* The first round, the mechanism will need an authorization name
and a SAML IDP. The next round it will request that the client
redirects the user (in the browser) using the data stored in the
- GSASL_SAML20_REDIRECT_URL property. */
+ GSASL_REDIRECT_URL property. */
switch (prop)
{
@@ -77,9 +77,9 @@ client_callback (Gsasl * ctx, Gsasl_session * sctx,
Gsasl_property prop)
rc = GSASL_OK;
break;
- case GSASL_SAML20_AUTHENTICATE_IN_BROWSER:
+ case GSASL_AUTHENTICATE_IN_BROWSER:
printf ("client got redirect URL: %s\n",
- gsasl_property_get (sctx, GSASL_SAML20_REDIRECT_URL));
+ gsasl_property_get (sctx, GSASL_REDIRECT_URL));
rc = GSASL_OK;
break;
@@ -102,7 +102,7 @@ server_callback (Gsasl * ctx, Gsasl_session * sctx,
Gsasl_property prop)
switch (prop)
{
- case GSASL_SAML20_REDIRECT_URL:
+ case GSASL_REDIRECT_URL:
printf ("server got identity: %s\n",
gsasl_property_get (sctx, GSASL_SAML20_IDP_IDENTIFIER));
gsasl_property_set (sctx, prop, samlchallenge);
hooks/post-receive
--
GNU gsasl
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- [SCM] GNU gsasl branch, master, updated. gsasl-1-7-2-8-g4c05095,
Simon Josefsson <=