gsasl  2.2.0
About: GNU SASL is an implementation of the Simple Authentication and Security Layer (SASL).
  Fossies Dox: gsasl-2.2.0.tar.gz  ("unofficial" and yet experimental doxygen-generated source code documentation)  
Loading...
Searching...
No Matches
callbacks.c
Go to the documentation of this file.
1/* callbacks.c --- Implementation of gsasl callbacks.
2 * Copyright (C) 2002-2022 Simon Josefsson
3 *
4 * This file is part of GNU SASL.
5 *
6 * This program is free software: you can redistribute it and/or modify
7 * it under the terms of the GNU General Public License as published by
8 * the Free Software Foundation, either version 3 of the License, or
9 * (at your option) any later version.
10 *
11 * This program is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 * GNU General Public License for more details.
15 *
16 * You should have received a copy of the GNU General Public License
17 * along with this program. If not, see <http://www.gnu.org/licenses/>.
18 *
19 */
20
21#include "internal.h"
22#include "callbacks.h"
23
24#include "striconv.h"
25#include "readline.h"
26
27#if HAVE_LANGINFO_CODESET
28# include <langinfo.h> /* For nl_langinfo. */
29#endif
30
31static char *
32locale_to_utf8 (char *str)
33{
34#if HAVE_LANGINFO_CODESET
35 if (str)
36 {
37 char *from = nl_langinfo (CODESET);
38 char *q = str_iconv (str, from, "UTF-8");
39 if (!q)
40 fprintf (stderr, "warning: Could not convert string to UTF-8...\n");
41 else
42 {
43 free (str);
44 str = q;
45 }
46 }
47#endif
48
49 return str;
50}
51
52static char *
53readutf8line (const char *prompt)
54{
55 char *p = readline (prompt);
56
57 return locale_to_utf8 (p);
58}
59
60char *
61readutf8pass (const char *prompt)
62{
63 char *p = getpass (prompt);
64
65 return locale_to_utf8 (p);
66}
67
68int
69callback (Gsasl * ctx _GL_UNUSED, Gsasl_session * sctx, Gsasl_property prop)
70{
71 int rc = GSASL_NO_CALLBACK;
72
73 switch (prop)
74 {
75 case GSASL_ANONYMOUS_TOKEN:
76 if (args_info.anonymous_token_arg == NULL)
77 args_info.anonymous_token_arg =
78 readutf8line ("Enter anonymous token (e.g., email address): ");
79
80 rc = gsasl_property_set (sctx, GSASL_ANONYMOUS_TOKEN,
81 args_info.anonymous_token_arg);
82 break;
83
84 case GSASL_CB_TLS_UNIQUE:
85 if (!args_info.no_cb_flag && b64cbtlsunique == NULL
86 && args_info.hostname_arg == NULL)
87 b64cbtlsunique =
88 readutf8line ("Enter base64 encoded tls-unique channel binding: ");
89 rc = GSASL_OK;
90 if (!args_info.no_cb_flag && b64cbtlsunique && *b64cbtlsunique)
91 rc = gsasl_property_set (sctx, prop, b64cbtlsunique);
92 break;
93
94 case GSASL_CB_TLS_EXPORTER:
95 if (!args_info.no_cb_flag && b64cbtlsexporter == NULL
96 && args_info.hostname_arg == NULL)
97 b64cbtlsexporter =
98 readutf8line
99 ("Enter base64 encoded tls-exporter channel binding: ");
100 rc = GSASL_OK;
101 if (!args_info.no_cb_flag && b64cbtlsexporter && *b64cbtlsexporter)
102 rc = gsasl_property_set (sctx, prop, b64cbtlsexporter);
103 break;
104
105 case GSASL_PASSWORD:
106 if (args_info.password_arg == NULL)
107 args_info.password_arg = readutf8pass ("Enter password: ");
108
109 rc = gsasl_property_set (sctx, GSASL_PASSWORD, args_info.password_arg);
110 break;
111
112 case GSASL_PASSCODE:
113 if (args_info.passcode_arg == NULL)
114 args_info.passcode_arg = readutf8pass ("Enter passcode: ");
115
116 rc = gsasl_property_set (sctx, GSASL_PASSCODE, args_info.passcode_arg);
117 break;
118
119 case GSASL_AUTHID:
120 if (args_info.authentication_id_arg == NULL)
121 {
122#if HAVE_GETPWUID
123 uid_t uid;
124 struct passwd *pw;
125
126 uid = getuid ();
127 pw = getpwuid (uid);
128
129 if (pw && pw->pw_name)
130 {
131 printf ("Using system username `%s' as "
132 "authentication identity.\n", pw->pw_name);
133 args_info.authentication_id_arg = xstrdup (pw->pw_name);
134 }
135 else
136#endif
137 args_info.authentication_id_arg =
138 readutf8line ("Enter authentication ID: ");
139 }
140
141 rc = gsasl_property_set (sctx, GSASL_AUTHID,
142 args_info.authentication_id_arg);
143 break;
144
145 case GSASL_AUTHZID:
146 rc = gsasl_property_set (sctx, GSASL_AUTHZID,
147 args_info.authorization_id_arg);
148 break;
149
150 case GSASL_SERVICE:
151 if (args_info.service_arg == NULL)
152 args_info.service_arg =
153 readutf8line ("Enter GSSAPI service name (e.g. \"imap\"): ");
154
155 rc = gsasl_property_set (sctx, GSASL_SERVICE, args_info.service_arg);
156 break;
157
158 case GSASL_HOSTNAME:
159 if (args_info.hostname_arg == NULL)
160 args_info.hostname_arg = readutf8line ("Enter hostname of server: ");
161
162 rc = gsasl_property_set (sctx, GSASL_HOSTNAME, args_info.hostname_arg);
163 break;
164
165 case GSASL_REALM:
166 if (args_info.realm_arg == NULL)
167 args_info.realm_arg =
168 readutf8line ("Enter realm of server (optional): ");
169
170 rc = GSASL_OK;
171 if (args_info.realm_arg && *args_info.realm_arg)
172 rc = gsasl_property_set (sctx, GSASL_REALM, args_info.realm_arg);
173 break;
174
175 case GSASL_QOP:
176 if (args_info.quality_of_protection_arg == NULL)
177 args_info.quality_of_protection_arg = readutf8line
178 ("Enter quality of protection (optional, e.g. 'qop-int'): ");
179 rc = GSASL_OK;
180 if (args_info.quality_of_protection_arg
181 && *args_info.quality_of_protection_arg)
182 rc = gsasl_property_set (sctx, GSASL_QOP,
183 args_info.quality_of_protection_arg);
184 break;
185
186 case GSASL_VALIDATE_GSSAPI:
187 {
188 char *str;
189 printf ("Authzid: %s\nDisplay Name: %s\n",
190 gsasl_property_fast (sctx, GSASL_AUTHZID),
191 gsasl_property_fast (sctx, GSASL_GSSAPI_DISPLAY_NAME));
192 str = readutf8line ("Validate GSS-API user? (y/n) ");
193 if (str && (strcmp (str, "y") == 0 || strcmp (str, "Y") == 0))
194 rc = GSASL_OK;
195 else
196 rc = GSASL_AUTHENTICATION_ERROR;
197 free (str);
198 }
199 break;
200
201 case GSASL_SCRAM_SALTED_PASSWORD:
202 break;
203
204 case GSASL_SCRAM_ITER:
205 rc = gsasl_property_set (sctx, GSASL_SCRAM_ITER,
206 args_info.iteration_count_orig);
207 break;
208
209 case GSASL_SCRAM_SALT:
210 rc = gsasl_property_set (sctx, GSASL_SCRAM_SALT, args_info.salt_arg);
211 break;
212
213 case GSASL_SAML20_IDP_IDENTIFIER:
214 {
215 char *str = readutf8line ("Enter SAML authentication identifier "
216 "(e.g. \"http://example.org/\"): ");
217
218 rc = gsasl_property_set (sctx, GSASL_SAML20_IDP_IDENTIFIER, str);
219 }
220 break;
221
222 case GSASL_SAML20_AUTHENTICATE_IN_BROWSER:
223 {
224 const char *url =
225 gsasl_property_get (sctx, GSASL_SAML20_REDIRECT_URL);
226
227 printf ("Proceed to this URL to authenticate using SAML 2.0:\n%s\n",
228 url);
229
230 rc = GSASL_OK;
231 }
232 break;
233
234 case GSASL_OPENID20_AUTHENTICATE_IN_BROWSER:
235 {
236 const char *url = gsasl_property_get (sctx,
237 GSASL_OPENID20_REDIRECT_URL);
238
239 printf ("Proceed to this URL to authenticate using OpenID 2.0:\n%s\n",
240 url);
241
242 rc = GSASL_OK;
243 }
244 break;
245
246 default:
247 fprintf (stderr,
248 "warning: mechanism requested unsupported property `%u'\n",
249 prop);
250 break;
251 }
252
253 return rc;
254}
locale_to_utf8
static char * locale_to_utf8(char *str)
Definition: callbacks.c:32
readutf8line
static char * readutf8line(const char *prompt)
Definition: callbacks.c:53
readutf8pass
char * readutf8pass(const char *prompt)
Definition: callbacks.c:61
callback
int callback(Gsasl *ctx _GL_UNUSED, Gsasl_session *sctx, Gsasl_property prop)
Definition: callbacks.c:69
getpass
char * getpass(const char *prompt)
Definition: getpass.c:87
free
_GL_EXTERN_C void free(void *)
b64cbtlsunique
char * b64cbtlsunique
Definition: gsasl.c:35
args_info
struct gengetopt_args_info args_info
Definition: gsasl.c:38
b64cbtlsexporter
char * b64cbtlsexporter
Definition: gsasl.c:36
gsasl_property_set
int gsasl_property_set(Gsasl_session *sctx, Gsasl_property prop, const char *data)
Definition: property.c:188
gsasl_property_get
const char * gsasl_property_get(Gsasl_session *sctx, Gsasl_property prop)
Definition: property.c:291
GSASL_NO_CALLBACK
@ GSASL_NO_CALLBACK
Definition: gsasl.h:142
GSASL_OK
@ GSASL_OK
Definition: gsasl.h:129
GSASL_AUTHENTICATION_ERROR
@ GSASL_AUTHENTICATION_ERROR
Definition: gsasl.h:138
gsasl_property_fast
const char * gsasl_property_fast(Gsasl_session *sctx, Gsasl_property prop)
Definition: property.c:261
Gsasl_property
Gsasl_property
Definition: gsasl.h:222
GSASL_SAML20_AUTHENTICATE_IN_BROWSER
@ GSASL_SAML20_AUTHENTICATE_IN_BROWSER
Definition: gsasl.h:250
GSASL_HOSTNAME
@ GSASL_HOSTNAME
Definition: gsasl.h:229
GSASL_AUTHZID
@ GSASL_AUTHZID
Definition: gsasl.h:225
GSASL_VALIDATE_GSSAPI
@ GSASL_VALIDATE_GSSAPI
Definition: gsasl.h:256
GSASL_OPENID20_AUTHENTICATE_IN_BROWSER
@ GSASL_OPENID20_AUTHENTICATE_IN_BROWSER
Definition: gsasl.h:251
GSASL_SCRAM_SALT
@ GSASL_SCRAM_SALT
Definition: gsasl.h:239
GSASL_QOP
@ GSASL_QOP
Definition: gsasl.h:237
GSASL_CB_TLS_UNIQUE
@ GSASL_CB_TLS_UNIQUE
Definition: gsasl.h:243
GSASL_SERVICE
@ GSASL_SERVICE
Definition: gsasl.h:228
GSASL_GSSAPI_DISPLAY_NAME
@ GSASL_GSSAPI_DISPLAY_NAME
Definition: gsasl.h:230
GSASL_SAML20_IDP_IDENTIFIER
@ GSASL_SAML20_IDP_IDENTIFIER
Definition: gsasl.h:244
GSASL_SCRAM_SALTED_PASSWORD
@ GSASL_SCRAM_SALTED_PASSWORD
Definition: gsasl.h:240
GSASL_PASSWORD
@ GSASL_PASSWORD
Definition: gsasl.h:226
GSASL_REALM
@ GSASL_REALM
Definition: gsasl.h:234
GSASL_SCRAM_ITER
@ GSASL_SCRAM_ITER
Definition: gsasl.h:238
GSASL_PASSCODE
@ GSASL_PASSCODE
Definition: gsasl.h:231
GSASL_AUTHID
@ GSASL_AUTHID
Definition: gsasl.h:224
GSASL_SAML20_REDIRECT_URL
@ GSASL_SAML20_REDIRECT_URL
Definition: gsasl.h:245
GSASL_ANONYMOUS_TOKEN
@ GSASL_ANONYMOUS_TOKEN
Definition: gsasl.h:227
GSASL_CB_TLS_EXPORTER
@ GSASL_CB_TLS_EXPORTER
Definition: gsasl.h:248
GSASL_OPENID20_REDIRECT_URL
@ GSASL_OPENID20_REDIRECT_URL
Definition: gsasl.h:246
rc
int rc
Definition: error.c:36
p
const char * p
Definition: mbrtowc-impl.h:42
readline
char * readline(const char *prompt)
Definition: readline.c:36
str_iconv
char * str_iconv(const char *src, const char *from_codeset, const char *to_codeset)
Definition: striconv.c:393
Gsasl_session
Definition: internal.h:53
Gsasl
Definition: internal.h:41
gengetopt_args_info::salt_arg
char * salt_arg
Indicate PBKDF2 salt as base64-encoded string (SCRAM only)..
Definition: gsasl_cmd.h:107
gengetopt_args_info::anonymous_token_arg
char * anonymous_token_arg
Token for anonymous authentication, usually mail address (ANONYMOUS only)..
Definition: gsasl_cmd.h:70
gengetopt_args_info::service_arg
char * service_arg
Set the requested service name (should be a registered GSSAPI host based service name)....
Definition: gsasl_cmd.h:88
gengetopt_args_info::password_arg
char * password_arg
Password for authentication (insecure for non-testing purposes)..
Definition: gsasl_cmd.h:79
gengetopt_args_info::authorization_id_arg
char * authorization_id_arg
Identity to request service for..
Definition: gsasl_cmd.h:76
gengetopt_args_info::realm_arg
char * realm_arg
Realm. Defaults to hostname..
Definition: gsasl_cmd.h:82
gengetopt_args_info::passcode_arg
char * passcode_arg
Passcode for authentication (SECURID only)..
Definition: gsasl_cmd.h:85
gengetopt_args_info::hostname_arg
char * hostname_arg
Set the name of the server with the requested service..
Definition: gsasl_cmd.h:91
gengetopt_args_info::no_cb_flag
int no_cb_flag
Don't use channel bindings from TLS. (default=off).
Definition: gsasl_cmd.h:114
gengetopt_args_info::quality_of_protection_arg
char * quality_of_protection_arg
How application payload will be protected. 'qop-auth' means no protection, 'qop-int' means integrity ...
Definition: gsasl_cmd.h:101
gengetopt_args_info::authentication_id_arg
char * authentication_id_arg
Identity of credential owner..
Definition: gsasl_cmd.h:73
gengetopt_args_info::iteration_count_orig
char * iteration_count_orig
Indicate PBKDF2 hash iteration count (SCRAM only). original value given at command line.
Definition: gsasl_cmd.h:105
xstrdup
char * xstrdup(char const *string)
Definition: xmalloc.c:336