Changeset 426

Timestamp:

18/10/07 07:44:14 (14 months ago)

Author:

markdoliner

Message:

I believe this fixes ANONYMOUS SASL authentication when using gsasl.
The problem was that we were calling gsasl_step() with an empty
input string, but the first step of ANONYMOUS SASL login requires
an arbitrary token. I think the token is just any random string
that can optionally be used to track the user.

In our case we call the ctx->cb with "sx_sasl_cb_GEN_AUTHZID" as
the type. This causes c2s to generate a random node that can be
used for this user. It looked like this is what the cyrus and
sasl code do. I was only able to test this a little... by
hacking some SASL ANONYMOUS support into Pidgin.

Does anyone know of a jabber client with SASL anonymous support?

Location:

trunk

Files:

• ChangeLog (modified) (1 diff)
• sx/sasl_gsasl.c (modified) (2 diffs)

trunk/ChangeLog

@@ +1 @@
+2007-10-18 Mark Doliner <mark@meebo.com>
+        * Fix gsasl ANONYMOUS login
+
 2007-10-16 Mark Doliner <mark@meebo.com>
         * Minor comments and whitespace changes

trunk/sx/sasl_gsasl.c

@@ -153 +153 @@
 /** move the stream to the auth state */
 void _sx_sasl_open(sx_t s, Gsasl_session *sd) {
-    char *method, *authzid, *realm = NULL;
+    char *method, *authzid;
+    const char *realm = NULL;
     struct sx_sasl_creds_st creds = {NULL, NULL, NULL, NULL};
     _sx_sasl_t ctx = gsasl_session_hook_get(sd);
@@ -337 +338 @@
         /* decode and process */
         _sx_sasl_decode(in, inlen, &buf, &buflen);
+        if(buflen == 0 && strcmp(mech, "ANONYMOUS") == 0) {
+            if(buf != NULL) free(buf);
+            (ctx->cb)(sx_sasl_cb_GEN_AUTHZID, NULL, (void **)&out, s, ctx->cbarg);
+            buf = strdup(out);
+            buflen = strlen(buf);
+        }
         ret = gsasl_step(sd, buf, buflen, &out, (size_t *) &outlen);
         if(ret != GSASL_OK && ret != GSASL_NEEDS_MORE) {