This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "GNU gsasl".
http://git.savannah.gnu.org/cgit/gsasl.git/commit/?id=5b0d393d567ac125f1c4d9f32f2283193690b1a3 The branch, master has been updated via 5b0d393d567ac125f1c4d9f32f2283193690b1a3 (commit) via 6ff912fc9af8eb3079a813ad200511497808d06a (commit) from 292c02698d6c64f5e1ef597c64802db06c86efe0 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 5b0d393d567ac125f1c4d9f32f2283193690b1a3 Author: Simon Josefsson <[email protected]> Date: Tue Mar 27 16:27:26 2012 +0200 Further OPENID20 fixes. commit 6ff912fc9af8eb3079a813ad200511497808d06a Author: Simon Josefsson <[email protected]> Date: Tue Mar 27 11:48:56 2012 +0200 Don't crash in accept. ----------------------------------------------------------------------- Summary of changes: examples/smtp-server.c | 2 +- lib/openid20/client.c | 47 +++++++++++++++++++++++++++++++++++++- lib/openid20/server.c | 58 ++++++++++++++++++++++++++++++++++++++++++++++++ lib/src/gsasl.h | 6 ++++- lib/src/internal.h | 1 + lib/src/property.c | 4 +++ lib/src/xfinish.c | 1 + src/callbacks.c | 15 +++++++++++- 8 files changed, 129 insertions(+), 5 deletions(-) diff --git a/examples/smtp-server.c b/examples/smtp-server.c index 74b2427..cc5046e 100644 --- a/examples/smtp-server.c +++ b/examples/smtp-server.c @@ -249,7 +249,7 @@ main (int argc, char *argv[]) while (run) { struct sockaddr from; - socklen_t fromlen; + socklen_t fromlen = sizeof (from); char host[NI_MAXHOST]; int fd; FILE *fh; diff --git a/lib/openid20/client.c b/lib/openid20/client.c index 52a682d..5c84c8d 100644 --- a/lib/openid20/client.c +++ b/lib/openid20/client.c @@ -81,13 +81,56 @@ _gsasl_openid20_client_step (Gsasl_session * sctx, res = _gsasl_gs2_generate_header (false, 'n', NULL, authzid, strlen (p), p, output, output_len); - if (res == GSASL_OK) + if (res != GSASL_OK) return res; res = GSASL_NEEDS_MORE; state->step++; - break; } + break; + + case 1: + { + gsasl_property_set_raw (sctx, GSASL_OPENID20_REDIRECT_URL, + input, input_len); + + res = gsasl_callback (NULL, sctx, + GSASL_OPENID20_AUTHENTICATE_IN_BROWSER); + if (res != GSASL_OK) + return res; + + *output_len = 1; + *output = strdup ("="); + + res = GSASL_OK; + state->step++; + } + break; + + /* optional */ + case 2: + { + gsasl_property_set_raw (sctx, GSASL_OPENID20_OUTCOME_DATA, + input, input_len); + + *output_len = 0; + *output = NULL; + + /* In the case of failures, the response MUST follow this + syntax: + + outcome_data = "openid.error" "=" sreg_val *( "," sregp_avp ) + */ + +#define ERR_PREFIX "openid.error=" + if (input_len > strlen (ERR_PREFIX) + && strncmp (ERR_PREFIX, input, strlen (ERR_PREFIX)) == 0) + res = GSASL_AUTHENTICATION_ERROR; + else + res = GSASL_OK; + state->step++; + } + break; default: break; diff --git a/lib/openid20/server.c b/lib/openid20/server.c index ca37b0d..320516c 100644 --- a/lib/openid20/server.c +++ b/lib/openid20/server.c @@ -39,6 +39,7 @@ struct openid20_server_state { int step; + int validation_res; }; int @@ -50,6 +51,8 @@ _gsasl_openid20_server_start (Gsasl_session * sctx, void **mech_data) if (state == NULL) return GSASL_MALLOC_ERROR; + state->validation_res = GSASL_AUTHENTICATION_ERROR; + *mech_data = state; return GSASL_OK; @@ -111,6 +114,61 @@ _gsasl_openid20_server_step (Gsasl_session * sctx, break; } + case 1: + { + const char *outcome_data; + + if (!(input_len == 1 && *input == '=')) + return GSASL_MECHANISM_PARSE_ERROR; + + res = gsasl_callback (NULL, sctx, GSASL_VALIDATE_OPENID20); + if (res != GSASL_OK) + { + *output = strdup ("openid.error=fail"); + if (!*output) + return GSASL_MALLOC_ERROR; + *output_len = strlen (*output); + + /* [RFC4422] Section 3.6 explicitly prohibits additional + information in an unsuccessful authentication outcome. + Therefore, the openid.error and openid.error_code are + to be sent as an additional challenge in the event of + an unsuccessful outcome. In this case, as the protocol + is lock step, the client will follow with an additional + exchange containing "=", after which the server will + respond with an application-level outcome. */ + return GSASL_NEEDS_MORE; + } + + outcome_data = gsasl_property_get (sctx, GSASL_OPENID20_OUTCOME_DATA); + if (outcome_data) + { + *output = strdup (outcome_data); + if (!*output) + return GSASL_MALLOC_ERROR; + *output_len = strlen (*output); + } + else + { + *output = NULL; + *output_len = 0; + } + + state->validation_res = res = GSASL_OK; + state->step++; + } + break; + + case 2: + { + if (!(input_len == 0 && *input == '\0')) + return GSASL_MECHANISM_PARSE_ERROR; + + res = state->validation_res; + state->step++; + } + break; + default: break; } diff --git a/lib/src/gsasl.h b/lib/src/gsasl.h index 30a3ccc..95c0fc0 100644 --- a/lib/src/gsasl.h +++ b/lib/src/gsasl.h @@ -314,6 +314,7 @@ extern "C" * @GSASL_SAML20_REDIRECT_URL: SAML20 challenge from server to client. * @GSASL_SAML20_AUTHENTICATE_IN_BROWSER: Request to perform SAML20. * @GSASL_OPENID20_AUTH_IDENTIFIER: OPENID20 user authentication identifier. + * @GSASL_OPENID20_AUTHENTICATE_IN_BROWSER: Request to perform OPENID20. * @GSASL_VALIDATE_SIMPLE: Request for simple validation. * @GSASL_VALIDATE_EXTERNAL: Request for validation of EXTERNAL. * @GSASL_VALIDATE_ANONYMOUS: Request for validation of ANONYMOUS. @@ -348,15 +349,18 @@ extern "C" GSASL_SAML20_REDIRECT_URL = 20, GSASL_OPENID20_AUTH_IDENTIFIER = 21, GSASL_OPENID20_REDIRECT_URL = 22, + GSASL_OPENID20_OUTCOME_DATA = 23, /* Client callbacks. */ GSASL_SAML20_AUTHENTICATE_IN_BROWSER = 250, + GSASL_OPENID20_AUTHENTICATE_IN_BROWSER = 251, /* Server validation callback properties. */ GSASL_VALIDATE_SIMPLE = 500, GSASL_VALIDATE_EXTERNAL = 501, GSASL_VALIDATE_ANONYMOUS = 502, GSASL_VALIDATE_GSSAPI = 503, GSASL_VALIDATE_SECURID = 504, - GSASL_VALIDATE_SAML20 = 505 + GSASL_VALIDATE_SAML20 = 505, + GSASL_VALIDATE_OPENID20 = 506 } Gsasl_property; /** diff --git a/lib/src/internal.h b/lib/src/internal.h index 2f3d044..617ab7f 100644 --- a/lib/src/internal.h +++ b/lib/src/internal.h @@ -106,6 +106,7 @@ struct Gsasl_session char *saml20_redirect_url; char *openid20_auth_identifier; char *openid20_redirect_url; + char *openid20_outcome_data; /* If you add anything here, remember to change change gsasl_finish() in xfinish.c and map() in property.c. */ diff --git a/lib/src/property.c b/lib/src/property.c index 68fa908..169ff69 100644 --- a/lib/src/property.c +++ b/lib/src/property.c @@ -120,6 +120,10 @@ map (Gsasl_session * sctx, Gsasl_property prop) p = &sctx->openid20_redirect_url; break; + case GSASL_OPENID20_OUTCOME_DATA: + p = &sctx->openid20_outcome_data; + break; + /* If you add anything here, remember to change change gsasl_finish() in xfinish.c and Gsasl_session in internal.h. */ diff --git a/lib/src/xfinish.c b/lib/src/xfinish.c index fc8b69a..3ba3a30 100644 --- a/lib/src/xfinish.c +++ b/lib/src/xfinish.c @@ -68,6 +68,7 @@ gsasl_finish (Gsasl_session * sctx) free (sctx->saml20_redirect_url); free (sctx->openid20_auth_identifier); free (sctx->openid20_redirect_url); + free (sctx->openid20_outcome_data); /* If you add anything here, remember to change change gsasl_finish() in xfinish.c and Gsasl_session in internal.h. */ diff --git a/src/callbacks.c b/src/callbacks.c index db7c2e4..5ed5cf6 100644 --- a/src/callbacks.c +++ b/src/callbacks.c @@ -231,7 +231,20 @@ callback (Gsasl * ctx, Gsasl_session * sctx, Gsasl_property prop) { const char *url = gsasl_property_get (sctx, GSASL_SAML20_REDIRECT_URL); - printf ("Please visit this URL to authenticate:\n%s\n", url); + printf ("Proceed to this URL to authenticate using SAML 2.0:\n%s\n", + url); + + rc = GSASL_OK; + } + break; + + case GSASL_OPENID20_AUTHENTICATE_IN_BROWSER: + { + const char *url = gsasl_property_get (sctx, + GSASL_OPENID20_REDIRECT_URL); + + printf ("Proceed to this URL to authenticate using OpenID 2.0:\n%s\n", + url); rc = GSASL_OK; } hooks/post-receive -- GNU gsasl _______________________________________________ Gsasl-commit mailing list [email protected] https://lists.gnu.org/mailman/listinfo/gsasl-commit
