help-gsasl
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

ANONYMOUS SASL profile

From: Francis Brosnan Blazquez
Subject: ANONYMOUS SASL profile
Date: Tue, 13 Dec 2005 17:40:08 +0100 
Hi,

First of all, congratulate for your effort on building GNU SASL. 

Well, I've found some problems while implementing the ANONYMOUS profile,
as a first step on switch the proyect to GNU SASL. 

Once I've successfully initiated the client side to generate the base64
anonymous token and send it to the server side, I've found that inside
the execution requested for the GSASL_VALIDATE_ANONYMOUS callback, the
GSASL_ANONYMOUS_TOKEN have a not properly formated string. According to
the GNU SASL doc, it should contain the anonymous token.

Explained in more detail:

1) Client side perform next calls:

   gsasl_init
   gsasl_client_start
   gsasl_step64
  
   As as result the following base64 token is generated:
    ZnJhbmNpc0Bhc3BsLmVz

2) Server side receive previous token but before feeding gsasl_step64
call with the previous base64 blob, next calls were issued:
   
   gsasl_init
   gsasl_server_start
   gsasl_step64 (*) 

(*) At this point, it is called the callback requiring to validate the
anonymous SASL auth and, in our case, make the userid available for the
context of the connection. So, a call to get the anonymous token is done
from inside the callback with something like:

anonymous_token = gsasl_property_get (ctx, GSASL_ANONYMOUS_TOKEN);
g_print ("Anonymous auth requested: %s\n", anonymous_token);

But as a result from previous call I get the following:

"Anonymous auth requested: 'U\x89\xe5\x83\xec\x18\x89]\xf8\xe8R\xea\xff
\xff\x81\xc3\x1e\xbb\x01'"

The validation callback is set using gsasl_callback_set. 

Concrect questions could be:

1) How do I get current anonymous token received from the client side?
I've tried to translate it supposing that it is a base64 encoded string
but I didn't get the expected result.

2) Do we need to create a new Gsasl context, using gsasl_init, for every
connection we want to authenticate and then create the Gsasl session
with gsasl_client_start/gsasl_server_start? Which is the intention on
having the context and the session separeted and being created for every
connection to authenticate? 

Thanks for your attention,
Cherrs!


-- 
Francis Brosnan Blazquez <address@hidden>
Advanced Software Production Line, S.L.
reply via email to
[Prev in Thread] Current Thread [Next in Thread]