From: Mark Donnelly Date: Fri, 5 Sep 2014 15:45:09 +0000 (-0400) Subject: Merge branch 'gssweb-apache' of ssh://moonshot.suchdamage.org/srv/git/mod_auth_kerb... X-Git-Tag: gssweb-apache-2014-09-08~2 X-Git-Url: http://www.project-moonshot.org/gitweb/?a=commitdiff_plain;h=0d9a7dee3f47592f7a0a9d893c84480ed8edc304;hp=29326d6a19f2045521e9d8f3a3be37c3363739eb;p=mod_auth_kerb.git Merge branch 'gssweb-apache' of ssh://moonshot.suchdamage.org/srv/git/mod_auth_kerb into gssweb-apache --- diff --git a/protocol.txt b/protocol.txt index 41a602d..be39e17 100644 --- a/protocol.txt +++ b/protocol.txt @@ -1,24 +1,34 @@ GSSWEB PROTOCOL DESCRIPTION -This file describes the protocol used for GSSWeb authentication. +This file describes the protocol used for GSSWeb authentication. + +Note: All messages in the protocol are exchanged in +'application/x-www-form-urlencoded' format, and no newlines should be +inserted into the base64 output. The client goes to //gss and does a POST containing: token: -nonce: +nonce: The server will respond by sending a JSON response: {gssweb: { - token= "", + token= "", nonce= ""}, application: { - data: "", + data: "", content-type: "", content-length: ""} } -The "gssweb" section in the response is used for the GSS exchange. -Upon completion of the GSS exchange, the "application" section is used -by the client to reconstruct the application response upon completion -of the GSS exchange. +The "gssweb" section in the response is used for the GSS exchange. If +no token was returned by the call to gss_accept_sec_context(), the +"token" value will be a zero-length string. + +The "application" section contains the original server-side +application or web server response, which will contain an error +response unless/until the GSS exchange completes successfully. Upon +completion of the exchange (whether successful or not), the client can +use the application data to reconstruct the original response and pass +it up to the client-side application. diff --git a/test/gssweb_client.pl b/test/gssweb_client.pl index 48dab76..a3f7157 100755 --- a/test/gssweb_client.pl +++ b/test/gssweb_client.pl @@ -13,7 +13,7 @@ sub parse_token($) { my ($json) = @_; print $json; my $ref = decode_json($json); - return decode_base64($ref->{'gssweb'}{'token'}); + return decode_base64($ref->{'gssweb'}{'token'}) or die "No token\n"; } ; @@ -41,7 +41,7 @@ sub token_body($$) { print "$status\n"; return undef unless $otoken; print "Pre-encoding token: $otoken\n"; - my $encoded_token = encode_base64($otoken); + my $encoded_token = encode_base64($otoken, ''); chomp($encoded_token); my $out = "token=" . uri_encode($encoded_token, {encode_reserved => 1}) ."&nonce=42"; print "$out\n";