Commit 0a0124ce authored by Jussi Laako's avatar Jussi Laako

Add checks for realm & hostname against allowed realms

parent 60d8f46e
......@@ -169,11 +169,14 @@
*
*/
#include <stdlib.h>
#include <gsignond/gsignond-plugin-interface.h>
#include "gsignond-sasl-plugin.h"
#include <gsignond/gsignond-error.h>
#include <gsignond/gsignond-log.h>
#include <stdlib.h>
#include <gsignond/gsignond-utils.h>
#include "gsignond-sasl-plugin.h"
static void gsignond_plugin_interface_init (GSignondPluginInterface *iface);
......@@ -381,13 +384,54 @@ static void gsignond_sasl_plugin_request_initial (
const gchar *mechanism)
{
GSignondSaslPlugin *self = GSIGNOND_SASL_PLUGIN (plugin);
gboolean realm_ok = FALSE;
gboolean host_ok = FALSE;
const gchar *realm;
const gchar *host;
GSequence *allowed_realms;
GSequenceIter *realm_iter;
if (!self->gsasl_context) {
GError* error = g_error_new(GSIGNOND_ERROR,
GSIGNOND_ERROR_OPERATION_NOT_SUPPORTED,
"Couldn't initialize gsasl library");
GError *error = g_error_new (GSIGNOND_ERROR,
GSIGNOND_ERROR_OPERATION_NOT_SUPPORTED,
"Couldn't initialize gsasl library");
gsignond_plugin_error (plugin, error);
g_error_free(error);
g_error_free (error);
return;
}
realm = gsignond_session_data_get_realm (session_data);
host = gsignond_dictionary_get_string(session_data, "Hostname");
allowed_realms = gsignond_session_data_get_allowed_realms (session_data);
if (allowed_realms) {
for (realm_iter = g_sequence_get_begin_iter (allowed_realms);
!g_sequence_iter_is_end (realm_iter);
realm_iter = g_sequence_iter_next (realm_iter)) {
const gchar *item = (const gchar *) g_sequence_get (realm_iter);
if (realm) {
if (g_strcmp0 (realm, item) == 0)
realm_ok = TRUE;
}
if (host) {
if (gsignond_is_host_in_domain (host, item))
host_ok = TRUE;
}
}
}
g_sequence_free (allowed_realms);
if (realm && !realm_ok) {
GError *error = g_error_new (GSIGNOND_ERROR,
GSIGNOND_ERROR_NOT_AUTHORIZED,
"Unauthorized realm");
gsignond_plugin_error (plugin, error);
g_error_free (error);
return;
}
if (host && !host_ok) {
GError *error = g_error_new (GSIGNOND_ERROR,
GSIGNOND_ERROR_NOT_AUTHORIZED,
"Unauthorized hostname");
gsignond_plugin_error (plugin, error);
g_error_free (error);
return;
}
......@@ -397,12 +441,12 @@ static void gsignond_sasl_plugin_request_initial (
mechanism, &self->gsasl_session);
if (res != GSASL_OK) {
GError* error = g_error_new(GSIGNOND_ERROR,
GSIGNOND_ERROR_OPERATION_NOT_SUPPORTED,
"Couldn't initialize gsasl session, error %d",
res);
GError *error = g_error_new (GSIGNOND_ERROR,
GSIGNOND_ERROR_OPERATION_NOT_SUPPORTED,
"Couldn't initialize gsasl session, error %d",
res);
gsignond_plugin_error (plugin, error);
g_error_free(error);
g_error_free (error);
return;
}
gsignond_dictionary_ref(session_data);
......
......@@ -30,7 +30,13 @@
#include <gsignond/gsignond-plugin-interface.h>
#include <gsignond/gsignond-error.h>
#include <gsignond/gsignond-config.h>
#include <gsignond/gsignond-utils.h>
static const gchar *allowed_realms[] = {
"microhostname",
"megahostname",
NULL
};
static void check_plugin(GSignondPlugin* plugin)
{
......@@ -207,6 +213,8 @@ START_TEST (test_saslplugin_request_digest_md5)
free(server_challenge);
gsignond_dictionary_set_string(data, "Service", "megaservice");
gsignond_dictionary_set_string(data, "Hostname", "megahostname");
gsignond_session_data_set_allowed_realms(data,
gsignond_copy_array_to_sequence(allowed_realms));
gsignond_session_data_set_username(data, "megauser@example.com");
gsignond_session_data_set_secret(data, "megapassword");
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment