jabber + sasl/gssapi (was: [Gaim-commits] CVS: gaim/src/protocols/jabber auth.c,1.42,1.43)
Greg Hudson
ghudson at MIT.EDU
Wed Oct 24 16:28:12 EDT 2007
The bug here is in Openfire, and is fixed for their 3.4 release.
(I don't currently understand the reasons why we're setting an empty
user and how that would interact with PLAIN auth in Cyrus SASL.)
On Wed, 2007-10-24 at 16:12 -0400, Stu Tomlinson wrote:
> (this is a late reply ;-) )
>
> This hunk of this patch...:
> case SASL_CB_USER:
> - *res = js->user->node;
> + *res = "";
>
> ... seems to break cyrus sasl GSSAPI authentication with Openfire (and
> possibly others?). Reverting this alone makes GSSAPI auth WorkForMe
> (tm). This is also reported as an Openfire issue :
> http://www.igniterealtime.org/issues/browse/JM-1060
>
> Is that change absolutely required for PLAIN to work with cyrus sasl, or
> can we safely revert it?
>
> Regards,
>
>
> Stu.
>
> On Sat, 2005-12-17 at 14:12 -0800, Nathan Walp wrote:
> > Update of /cvsroot/gaim/gaim/src/protocols/jabber
> > In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv9011/src/protocols/jabber
> >
> > Modified Files:
> > auth.c
> > Log Message:
> > cyrus sasl works for PLAIN now too, and it even logs!
> >
> >
> > Index: auth.c
> > ===================================================================
> > RCS file: /cvsroot/gaim/gaim/src/protocols/jabber/auth.c,v
> > retrieving revision 1.42
> > retrieving revision 1.43
> > diff -u -d -p -r1.42 -r1.43
> > --- auth.c 17 Dec 2005 21:01:40 -0000 1.42
> > +++ auth.c 17 Dec 2005 22:12:15 -0000 1.43
> > @@ -140,7 +140,7 @@ static int jabber_sasl_cb_simple(void *c
> > *res = js->user->node;
> > break;
> > case SASL_CB_USER:
> > - *res = js->user->node;
> > + *res = "";
> > break;
> > default:
> > return SASL_BADPARAM;
> > @@ -192,17 +192,15 @@ static void jabber_auth_start_cyrus(Jabb
> > /* Set up security properties and options */
> > secprops.min_ssf = 0;
> > secprops.security_flags = SASL_SEC_NOANONYMOUS;
> > + secprops.max_ssf = -1;
> > + secprops.maxbufsize = -1;
> >
> > if (!js->gsc) {
> > plaintext = gaim_account_get_bool(js->gc->account, "auth_plain_in_clear", FALSE);
> > if (!plaintext)
> > secprops.security_flags |= SASL_SEC_NOPLAINTEXT;
> > - secprops.max_ssf = -1;
> > - secprops.maxbufsize = 4096;
> > } else {
> > plaintext = TRUE;
> > - secprops.max_ssf = 0;
> > - secprops.maxbufsize = 0;
> > }
> > secprops.property_names = 0;
> > secprops.property_values = 0;
> > @@ -218,10 +216,12 @@ static void jabber_auth_start_cyrus(Jabb
> > js->sasl_state = sasl_client_new("xmpp", js->user->domain, NULL, NULL, js->sasl_cb, 0, &js->sasl);
> > if (js->sasl_state==SASL_OK) {
> > sasl_setprop(js->sasl, SASL_SEC_PROPS, &secprops);
> > + gaim_debug_info("sasl", "Mechs found: %s\n", js->sasl_mechs->str);
> > js->sasl_state = sasl_client_start(js->sasl, js->sasl_mechs->str, NULL, &clientout, &coutlen, &mech);
> > }
> > switch (js->sasl_state) {
> > /* Success */
> > + case SASL_OK:
> > case SASL_CONTINUE:
> > break;
> > case SASL_NOMECH:
> > @@ -253,6 +253,7 @@ static void jabber_auth_start_cyrus(Jabb
> >
> > /* For everything else, fail the mechanism and try again */
> > default:
> > + gaim_debug_info("sasl", "sasl_state is %d, failing the mech and trying again\n", js->sasl_state);
> > if (strlen(mech)>0) {
> > char *pos;
> > pos = strstr(js->sasl_mechs->str,mech);
> > @@ -264,7 +265,7 @@ static void jabber_auth_start_cyrus(Jabb
> > }
> > } while (again);
> >
> > - if (js->sasl_state == SASL_CONTINUE) {
> > + if (js->sasl_state == SASL_CONTINUE || js->sasl_state == SASL_OK) {
> > auth = xmlnode_new("auth");
> > xmlnode_set_attrib(auth, "xmlns", "urn:ietf:params:xml:ns:xmpp-sasl");
> > xmlnode_set_attrib(auth,"mechanism", mech);
> > @@ -284,6 +285,15 @@ static void jabber_auth_start_cyrus(Jabb
> > }
> > }
> >
> > +static int
> > +jabber_sasl_cb_log(void *context, int level, const char *message)
> > +{
> > + if(level <= SASL_LOG_TRACE)
> > + gaim_debug_info("sasl", "%s\n", message);
> > +
> > + return SASL_OK;
> > +}
> > +
> > #endif
> >
> > void
> > @@ -334,7 +344,7 @@ jabber_auth_start(JabberStream *js, xmln
> > js->auth_type = JABBER_AUTH_CYRUS;
> >
> > /* Set up our callbacks structure */
> > - js->sasl_cb = g_new0(sasl_callback_t,5);
> > + js->sasl_cb = g_new0(sasl_callback_t,6);
> >
> > id = 0;
> > js->sasl_cb[id].id = SASL_CB_GETREALM;
> > @@ -359,6 +369,11 @@ jabber_auth_start(JabberStream *js, xmln
> > id++;
> > }
> >
> > + js->sasl_cb[id].id = SASL_CB_LOG;
> > + js->sasl_cb[id].proc = jabber_sasl_cb_log;
> > + js->sasl_cb[id].context = (void*)js;
> > + id++;
> > +
> > js->sasl_cb[id].id = SASL_CB_LIST_END;
> >
> > jabber_auth_start_cyrus(js);
> > @@ -688,7 +703,8 @@ jabber_auth_handle_challenge(JabberStrea
> > unsigned char *dec_in;
> > char *enc_out;
> > const char *c_out;
> > - unsigned int clen,declen;
> > + unsigned int clen;
> > + gsize declen;
> > xmlnode *response;
> >
> > dec_in = gaim_base64_decode(enc_in, &declen);
> >
> >
> >
> > -------------------------------------------------------
> > This SF.net email is sponsored by: Splunk Inc. Do you grep through log files
> > for problems? Stop! Download the new AJAX search engine that makes
> > searching your log files as easy as surfing the web. DOWNLOAD SPLUNK!
> > http://ads.osdn.com/?ad_id=7637&alloc_id=16865&op=click
> > _______________________________________________
> > Gaim-commits mailing list
> > Gaim-commits at lists.sourceforge.net
> > https://lists.sourceforge.net/lists/listinfo/gaim-commits
>
> _______________________________________________
> Devel mailing list
> Devel at pidgin.im
> http://pidgin.im/cgi-bin/mailman/listinfo/devel
More information about the Devel
mailing list