jabber + sasl/gssapi (was: [Gaim-commits] CVS: gaim/src/protocols/jabber auth.c,1.42,1.43)

Stu Tomlinson stu at nosnilmot.com
Wed Oct 24 16:12:08 EDT 2007 

(this is a late reply ;-) )

This hunk of this patch...:
                case SASL_CB_USER:
-                       *res = js->user->node;
+                       *res = "";

... seems to break cyrus sasl GSSAPI authentication with Openfire (and
possibly others?). Reverting this alone makes GSSAPI auth WorkForMe
(tm). This is also reported as an Openfire issue :
http://www.igniterealtime.org/issues/browse/JM-1060

Is that change absolutely required for PLAIN to work with cyrus sasl, or
can we safely revert it?

Regards,


Stu.

On Sat, 2005-12-17 at 14:12 -0800, Nathan Walp wrote:
> Update of /cvsroot/gaim/gaim/src/protocols/jabber
> In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv9011/src/protocols/jabber
> 
> Modified Files:
> 	auth.c 
> Log Message:
> cyrus sasl works for PLAIN now too, and it even logs!
> 
> 
> Index: auth.c
> ===================================================================
> RCS file: /cvsroot/gaim/gaim/src/protocols/jabber/auth.c,v
> retrieving revision 1.42
> retrieving revision 1.43
> diff -u -d -p -r1.42 -r1.43
> --- auth.c	17 Dec 2005 21:01:40 -0000	1.42
> +++ auth.c	17 Dec 2005 22:12:15 -0000	1.43
> @@ -140,7 +140,7 @@ static int jabber_sasl_cb_simple(void *c
>  			*res = js->user->node;
>  			break;
>  		case SASL_CB_USER:
> -			*res = js->user->node;
> +			*res = "";
>  			break;
>  		default:
>  			return SASL_BADPARAM;
> @@ -192,17 +192,15 @@ static void jabber_auth_start_cyrus(Jabb
>  	/* Set up security properties and options */
>  	secprops.min_ssf = 0;
>  	secprops.security_flags = SASL_SEC_NOANONYMOUS;
> +	secprops.max_ssf = -1;
> +	secprops.maxbufsize = -1;
>  
>  	if (!js->gsc) {
>  		plaintext = gaim_account_get_bool(js->gc->account, "auth_plain_in_clear", FALSE);
>  		if (!plaintext)
>  			secprops.security_flags |= SASL_SEC_NOPLAINTEXT;
> -		secprops.max_ssf = -1;
> -		secprops.maxbufsize = 4096;
>  	} else {
>  		plaintext = TRUE;
> -		secprops.max_ssf = 0;
> -		secprops.maxbufsize = 0;
>  	}
>  	secprops.property_names = 0;
>  	secprops.property_values = 0;
> @@ -218,10 +216,12 @@ static void jabber_auth_start_cyrus(Jabb
>  		js->sasl_state = sasl_client_new("xmpp", js->user->domain, NULL, NULL, js->sasl_cb, 0, &js->sasl);
>  		if (js->sasl_state==SASL_OK) {
>  			sasl_setprop(js->sasl, SASL_SEC_PROPS, &secprops);
> +			gaim_debug_info("sasl", "Mechs found: %s\n", js->sasl_mechs->str);
>  			js->sasl_state = sasl_client_start(js->sasl, js->sasl_mechs->str, NULL, &clientout, &coutlen, &mech);
>  		}
>  		switch (js->sasl_state) {
>  			/* Success */
> +			case SASL_OK:
>  			case SASL_CONTINUE:
>  				break;
>  			case SASL_NOMECH:
> @@ -253,6 +253,7 @@ static void jabber_auth_start_cyrus(Jabb
>  
>  				/* For everything else, fail the mechanism and try again */
>  			default:
> +				gaim_debug_info("sasl", "sasl_state is %d, failing the mech and trying again\n", js->sasl_state);
>  				if (strlen(mech)>0) {
>  					char *pos;
>  					pos = strstr(js->sasl_mechs->str,mech);
> @@ -264,7 +265,7 @@ static void jabber_auth_start_cyrus(Jabb
>  		}
>  	} while (again);
>  
> -	if (js->sasl_state == SASL_CONTINUE) {
> +	if (js->sasl_state == SASL_CONTINUE || js->sasl_state == SASL_OK) {
>  		auth = xmlnode_new("auth");
>  		xmlnode_set_attrib(auth, "xmlns", "urn:ietf:params:xml:ns:xmpp-sasl");
>  		xmlnode_set_attrib(auth,"mechanism", mech);
> @@ -284,6 +285,15 @@ static void jabber_auth_start_cyrus(Jabb
>  	}
>  }
>  
> +static int
> +jabber_sasl_cb_log(void *context, int level, const char *message)
> +{
> +	if(level <= SASL_LOG_TRACE)
> +		gaim_debug_info("sasl", "%s\n", message);
> +
> +	return SASL_OK;
> +}
> +
>  #endif
>  
>  void
> @@ -334,7 +344,7 @@ jabber_auth_start(JabberStream *js, xmln
>  	js->auth_type = JABBER_AUTH_CYRUS;
>  
>  	/* Set up our callbacks structure */
> -	js->sasl_cb = g_new0(sasl_callback_t,5);
> +	js->sasl_cb = g_new0(sasl_callback_t,6);
>  
>  	id = 0;
>  	js->sasl_cb[id].id = SASL_CB_GETREALM;
> @@ -359,6 +369,11 @@ jabber_auth_start(JabberStream *js, xmln
>  		id++;
>  	}
>  
> +	js->sasl_cb[id].id = SASL_CB_LOG;
> +	js->sasl_cb[id].proc = jabber_sasl_cb_log;
> +	js->sasl_cb[id].context = (void*)js;
> +	id++;
> +
>  	js->sasl_cb[id].id = SASL_CB_LIST_END;
>  
>  	jabber_auth_start_cyrus(js);
> @@ -688,7 +703,8 @@ jabber_auth_handle_challenge(JabberStrea
>  		unsigned char *dec_in;
>  		char *enc_out;
>  		const char *c_out;
> -		unsigned int clen,declen;
> +		unsigned int clen;
> +		gsize declen;
>  		xmlnode *response;
>  
>  		dec_in = gaim_base64_decode(enc_in, &declen);
> 
> 
> 
> -------------------------------------------------------
> This SF.net email is sponsored by: Splunk Inc. Do you grep through log files
> for problems?  Stop!  Download the new AJAX search engine that makes
> searching your log files as easy as surfing the  web.  DOWNLOAD SPLUNK!
> http://ads.osdn.com/?ad_id=7637&alloc_id=16865&op=click
> _______________________________________________
> Gaim-commits mailing list
> Gaim-commits at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/gaim-commits

More information about the Devel mailing list