Commit bc7f2e5d authored by Alexander Kanavin's avatar Alexander Kanavin

Re-do referencing session_data from gsasl callback

parent c4dd3189
...@@ -55,32 +55,6 @@ static void response_callback(GSignondPlugin* plugin, GSignondSessionData* resul ...@@ -55,32 +55,6 @@ static void response_callback(GSignondPlugin* plugin, GSignondSessionData* resul
gsignond_dictionary_unref(data); gsignond_dictionary_unref(data);
} }
//this callback differs from the previous one in that we also set a password
//when returning a server response to the plugin - this is mandated by scram-sha1
//mechanism
static void scram_sha1_response_callback(GSignondPlugin* plugin, GSignondSessionData* result,
gpointer user_data)
{
//print the received intermediate response
const gchar* response = gsignond_dictionary_get_string(result,
"ResponseBase64");
g_printf("Authenticated successfully, got intermediate response:\n%s\n",
response);
//here the response should be sent to the server, and the server should
//respond with a challenge
//to make the example simpler (and non-functional) we hardcode a challenge
const gchar* server_challenge = "some challenge";
//submit the challenge and a password to the plugin
GSignondSessionData* data = gsignond_dictionary_new();
gsignond_dictionary_set_string(data, "ChallengeBase64", server_challenge);
gsignond_session_data_set_secret(data, "megapassword");
gsignond_plugin_request(plugin, data);
gsignond_dictionary_unref(data);
}
// print an error and exit the mainloop // print an error and exit the mainloop
static void error_callback(GSignondPlugin* plugin, GError* error, static void error_callback(GSignondPlugin* plugin, GError* error,
gpointer user_data) gpointer user_data)
...@@ -157,6 +131,8 @@ static void scram_sha1_authorization(gpointer plugin) ...@@ -157,6 +131,8 @@ static void scram_sha1_authorization(gpointer plugin)
//fill in necessary data //fill in necessary data
gsignond_session_data_set_username(data, "megauser@example.com"); gsignond_session_data_set_username(data, "megauser@example.com");
gsignond_session_data_set_secret(data, "megapassword");
//initial server challenge, for simplicty it's hardcoded //initial server challenge, for simplicty it's hardcoded
gsignond_dictionary_set_string(data, "ChallengeBase64", "some challenge"); gsignond_dictionary_set_string(data, "ChallengeBase64", "some challenge");
...@@ -185,12 +161,6 @@ int main (void) ...@@ -185,12 +161,6 @@ int main (void)
plain_authorization(plugin); plain_authorization(plugin);
cram_md5_authorization(plugin); cram_md5_authorization(plugin);
digest_md5_authorization(plugin); digest_md5_authorization(plugin);
//how to use SCRAM-SHA-1 authorization
//SCRAM-SHA-1 mechanism requires a custom response callback where in addition
//to the server response also a password is provided
g_signal_handler_disconnect(plugin, response_id);
g_signal_connect(plugin, "response", G_CALLBACK(scram_sha1_response_callback), NULL);
scram_sha1_authorization(plugin); scram_sha1_authorization(plugin);
g_object_unref(plugin); g_object_unref(plugin);
......
...@@ -157,17 +157,15 @@ ...@@ -157,17 +157,15 @@
* *
* <refsect1><title>How to use SCRAM-SHA-1 mechanism</title></refsect1> * <refsect1><title>How to use SCRAM-SHA-1 mechanism</title></refsect1>
* Issue gsignond_plugin_request_initial() with @mechanism set to "SCRAM-SHA-1" * Issue gsignond_plugin_request_initial() with @mechanism set to "SCRAM-SHA-1"
* and @session_data containing authentication identity and initial * and @session_data containing authentication identity, initial
* server challenge. Optionally, also * server challenge and password. The password can be provided via "ScramSaltedPassword" property
* or if this property is absent, the normal password property is used. Optionally, also
* authorization identity and channel binding data can be provided. * authorization identity and channel binding data can be provided.
* *
* This mechanism contains two rounds of response-challenge exchanges (as described * This mechanism contains two rounds of response-challenge exchanges (as described
* above) - gsignond_plugin_request_initial() should be followed by * above) - gsignond_plugin_request_initial() should be followed by
* #GSignondPlugin::response, gsignond_plugin_request(), #GSignondPlugin::response, * #GSignondPlugin::response, gsignond_plugin_request(), #GSignondPlugin::response,
* gsignond_plugin_request(), and #GSignondPlugin::response-final. The first * gsignond_plugin_request(), and #GSignondPlugin::response-final.
* gsignond_plugin_request() in addition to the server challenge should also provide
* a password. The password can be provided via "ScramSaltedPassword" property
* or if this property is absent, the normal password property is used.
* *
*/ */
...@@ -195,13 +193,14 @@ static void gsignond_sasl_plugin_cancel (GSignondPlugin *self) ...@@ -195,13 +193,14 @@ static void gsignond_sasl_plugin_cancel (GSignondPlugin *self)
static void _reset_session(GSignondSaslPlugin *self) static void _reset_session(GSignondSaslPlugin *self)
{ {
if (self->session_data) {
gsignond_dictionary_unref(self->session_data);
self->session_data = NULL;
}
if (self->gsasl_session) { if (self->gsasl_session) {
GSignondSessionData *session_data = gsasl_session_hook_get(
self->gsasl_session);
gsignond_dictionary_unref(session_data);
gsasl_finish(self->gsasl_session); gsasl_finish(self->gsasl_session);
self->gsasl_session = NULL;
} }
self->gsasl_session = NULL;
} }
...@@ -253,10 +252,11 @@ _gsasl_callback (Gsasl * gsasl_context, ...@@ -253,10 +252,11 @@ _gsasl_callback (Gsasl * gsasl_context,
Gsasl_session * gsasl_session, Gsasl_session * gsasl_session,
Gsasl_property gsasl_property) Gsasl_property gsasl_property)
{ {
GSignondSessionData *session_data = gsasl_session_hook_get(gsasl_session); GSignondSaslPlugin *self = gsasl_callback_hook_get(gsasl_context);
INFO ("Gsasl callback invoked, for property %d", gsasl_property); INFO ("Gsasl callback invoked, for property %d", gsasl_property);
GSignondSessionData *session_data = self->session_data;
if (session_data == NULL) if (session_data == NULL)
return GSASL_NO_CALLBACK; return GSASL_NO_CALLBACK;
...@@ -405,7 +405,7 @@ static void gsignond_sasl_plugin_request_initial ( ...@@ -405,7 +405,7 @@ static void gsignond_sasl_plugin_request_initial (
return; return;
} }
gsignond_dictionary_ref(session_data); gsignond_dictionary_ref(session_data);
gsasl_session_hook_set(self->gsasl_session, session_data); self->session_data = session_data;
_do_gsasl_iteration(plugin, gsignond_dictionary_get_string(session_data, "ChallengeBase64")); _do_gsasl_iteration(plugin, gsignond_dictionary_get_string(session_data, "ChallengeBase64"));
} }
...@@ -453,6 +453,7 @@ gsignond_sasl_plugin_init (GSignondSaslPlugin *self) ...@@ -453,6 +453,7 @@ gsignond_sasl_plugin_init (GSignondSaslPlugin *self)
if ((rc = gsasl_init (&self->gsasl_context)) != GSASL_OK) { if ((rc = gsasl_init (&self->gsasl_context)) != GSASL_OK) {
ERR ("Cannot initialize libgsasl (%d): %s",rc, gsasl_strerror (rc)); ERR ("Cannot initialize libgsasl (%d): %s",rc, gsasl_strerror (rc));
} else { } else {
gsasl_callback_hook_set(self->gsasl_context, self);
gsasl_callback_set (self->gsasl_context, _gsasl_callback); gsasl_callback_set (self->gsasl_context, _gsasl_callback);
} }
} }
......
...@@ -28,6 +28,8 @@ ...@@ -28,6 +28,8 @@
#include <glib-object.h> #include <glib-object.h>
#include <gsasl.h> #include <gsasl.h>
#include <gsignond/gsignond-plugin-interface.h>
#define GSIGNOND_TYPE_SASL_PLUGIN (gsignond_sasl_plugin_get_type ()) #define GSIGNOND_TYPE_SASL_PLUGIN (gsignond_sasl_plugin_get_type ())
#define GSIGNOND_SASL_PLUGIN(obj) (G_TYPE_CHECK_INSTANCE_CAST ((obj), GSIGNOND_TYPE_SASL_PLUGIN, GSignondSaslPlugin)) #define GSIGNOND_SASL_PLUGIN(obj) (G_TYPE_CHECK_INSTANCE_CAST ((obj), GSIGNOND_TYPE_SASL_PLUGIN, GSignondSaslPlugin))
...@@ -55,6 +57,7 @@ struct _GSignondSaslPlugin ...@@ -55,6 +57,7 @@ struct _GSignondSaslPlugin
Gsasl *gsasl_context; Gsasl *gsasl_context;
Gsasl_session *gsasl_session; Gsasl_session *gsasl_session;
GSignondDictionary* session_data;
}; };
struct _GSignondSaslPluginClass struct _GSignondSaslPluginClass
......
...@@ -336,6 +336,7 @@ START_TEST (test_saslplugin_request_scram_sha_1) ...@@ -336,6 +336,7 @@ START_TEST (test_saslplugin_request_scram_sha_1)
gsignond_dictionary_set_string(data, "ChallengeBase64", server_challenge); gsignond_dictionary_set_string(data, "ChallengeBase64", server_challenge);
free(server_challenge); free(server_challenge);
gsignond_session_data_set_username(data, "megauser@example.com"); gsignond_session_data_set_username(data, "megauser@example.com");
gsignond_session_data_set_secret(data, "megapassword");
gsignond_plugin_request_initial(plugin, data, "SCRAM-SHA-1"); gsignond_plugin_request_initial(plugin, data, "SCRAM-SHA-1");
...@@ -352,7 +353,6 @@ START_TEST (test_saslplugin_request_scram_sha_1) ...@@ -352,7 +353,6 @@ START_TEST (test_saslplugin_request_scram_sha_1)
gsignond_dictionary_set_string(data, "ChallengeBase64", server_challenge); gsignond_dictionary_set_string(data, "ChallengeBase64", server_challenge);
free(server_challenge); free(server_challenge);
gsignond_session_data_set_secret(data, "megapassword");
gsignond_plugin_request(plugin, data); gsignond_plugin_request(plugin, data);
fail_if(result == NULL); fail_if(result == NULL);
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment