Commit bc7f2e5d authored by Alexander Kanavin's avatar Alexander Kanavin

Re-do referencing session_data from gsasl callback

parent c4dd3189
......@@ -55,32 +55,6 @@ static void response_callback(GSignondPlugin* plugin, GSignondSessionData* resul
gsignond_dictionary_unref(data);
}
//this callback differs from the previous one in that we also set a password
//when returning a server response to the plugin - this is mandated by scram-sha1
//mechanism
static void scram_sha1_response_callback(GSignondPlugin* plugin, GSignondSessionData* result,
gpointer user_data)
{
//print the received intermediate response
const gchar* response = gsignond_dictionary_get_string(result,
"ResponseBase64");
g_printf("Authenticated successfully, got intermediate response:\n%s\n",
response);
//here the response should be sent to the server, and the server should
//respond with a challenge
//to make the example simpler (and non-functional) we hardcode a challenge
const gchar* server_challenge = "some challenge";
//submit the challenge and a password to the plugin
GSignondSessionData* data = gsignond_dictionary_new();
gsignond_dictionary_set_string(data, "ChallengeBase64", server_challenge);
gsignond_session_data_set_secret(data, "megapassword");
gsignond_plugin_request(plugin, data);
gsignond_dictionary_unref(data);
}
// print an error and exit the mainloop
static void error_callback(GSignondPlugin* plugin, GError* error,
gpointer user_data)
......@@ -157,6 +131,8 @@ static void scram_sha1_authorization(gpointer plugin)
//fill in necessary data
gsignond_session_data_set_username(data, "megauser@example.com");
gsignond_session_data_set_secret(data, "megapassword");
//initial server challenge, for simplicty it's hardcoded
gsignond_dictionary_set_string(data, "ChallengeBase64", "some challenge");
......@@ -185,12 +161,6 @@ int main (void)
plain_authorization(plugin);
cram_md5_authorization(plugin);
digest_md5_authorization(plugin);
//how to use SCRAM-SHA-1 authorization
//SCRAM-SHA-1 mechanism requires a custom response callback where in addition
//to the server response also a password is provided
g_signal_handler_disconnect(plugin, response_id);
g_signal_connect(plugin, "response", G_CALLBACK(scram_sha1_response_callback), NULL);
scram_sha1_authorization(plugin);
g_object_unref(plugin);
......
......@@ -157,17 +157,15 @@
*
* <refsect1><title>How to use SCRAM-SHA-1 mechanism</title></refsect1>
* Issue gsignond_plugin_request_initial() with @mechanism set to "SCRAM-SHA-1"
* and @session_data containing authentication identity and initial
* server challenge. Optionally, also
* and @session_data containing authentication identity, initial
* server challenge and password. The password can be provided via "ScramSaltedPassword" property
* or if this property is absent, the normal password property is used. Optionally, also
* authorization identity and channel binding data can be provided.
*
* This mechanism contains two rounds of response-challenge exchanges (as described
* above) - gsignond_plugin_request_initial() should be followed by
* #GSignondPlugin::response, gsignond_plugin_request(), #GSignondPlugin::response,
* gsignond_plugin_request(), and #GSignondPlugin::response-final. The first
* gsignond_plugin_request() in addition to the server challenge should also provide
* a password. The password can be provided via "ScramSaltedPassword" property
* or if this property is absent, the normal password property is used.
* gsignond_plugin_request(), and #GSignondPlugin::response-final.
*
*/
......@@ -195,13 +193,14 @@ static void gsignond_sasl_plugin_cancel (GSignondPlugin *self)
static void _reset_session(GSignondSaslPlugin *self)
{
if (self->session_data) {
gsignond_dictionary_unref(self->session_data);
self->session_data = NULL;
}
if (self->gsasl_session) {
GSignondSessionData *session_data = gsasl_session_hook_get(
self->gsasl_session);
gsignond_dictionary_unref(session_data);
gsasl_finish(self->gsasl_session);
self->gsasl_session = NULL;
}
self->gsasl_session = NULL;
}
......@@ -253,10 +252,11 @@ _gsasl_callback (Gsasl * gsasl_context,
Gsasl_session * gsasl_session,
Gsasl_property gsasl_property)
{
GSignondSessionData *session_data = gsasl_session_hook_get(gsasl_session);
GSignondSaslPlugin *self = gsasl_callback_hook_get(gsasl_context);
INFO ("Gsasl callback invoked, for property %d", gsasl_property);
GSignondSessionData *session_data = self->session_data;
if (session_data == NULL)
return GSASL_NO_CALLBACK;
......@@ -405,7 +405,7 @@ static void gsignond_sasl_plugin_request_initial (
return;
}
gsignond_dictionary_ref(session_data);
gsasl_session_hook_set(self->gsasl_session, session_data);
self->session_data = session_data;
_do_gsasl_iteration(plugin, gsignond_dictionary_get_string(session_data, "ChallengeBase64"));
}
......@@ -453,6 +453,7 @@ gsignond_sasl_plugin_init (GSignondSaslPlugin *self)
if ((rc = gsasl_init (&self->gsasl_context)) != GSASL_OK) {
ERR ("Cannot initialize libgsasl (%d): %s",rc, gsasl_strerror (rc));
} else {
gsasl_callback_hook_set(self->gsasl_context, self);
gsasl_callback_set (self->gsasl_context, _gsasl_callback);
}
}
......
......@@ -28,6 +28,8 @@
#include <glib-object.h>
#include <gsasl.h>
#include <gsignond/gsignond-plugin-interface.h>
#define GSIGNOND_TYPE_SASL_PLUGIN (gsignond_sasl_plugin_get_type ())
#define GSIGNOND_SASL_PLUGIN(obj) (G_TYPE_CHECK_INSTANCE_CAST ((obj), GSIGNOND_TYPE_SASL_PLUGIN, GSignondSaslPlugin))
......@@ -55,6 +57,7 @@ struct _GSignondSaslPlugin
Gsasl *gsasl_context;
Gsasl_session *gsasl_session;
GSignondDictionary* session_data;
};
struct _GSignondSaslPluginClass
......
......@@ -336,6 +336,7 @@ START_TEST (test_saslplugin_request_scram_sha_1)
gsignond_dictionary_set_string(data, "ChallengeBase64", server_challenge);
free(server_challenge);
gsignond_session_data_set_username(data, "megauser@example.com");
gsignond_session_data_set_secret(data, "megapassword");
gsignond_plugin_request_initial(plugin, data, "SCRAM-SHA-1");
......@@ -352,7 +353,6 @@ START_TEST (test_saslplugin_request_scram_sha_1)
gsignond_dictionary_set_string(data, "ChallengeBase64", server_challenge);
free(server_challenge);
gsignond_session_data_set_secret(data, "megapassword");
gsignond_plugin_request(plugin, data);
fail_if(result == NULL);
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment