gtoken.tcl

Go to the documentation of this file.
00001 /*  gtoken.tcl - Copyright (C) 2006 Pat Thoyts <patthoyts@users.sourceforge.net>*/
00002 /* */
00003 /*  This is an implementation of Google's X-GOOGLE-TOKEN authentication */
00004 /*  mechanism. This actually passes the login details to the Google*/
00005 /*  accounts server which gives us a short lived token that may be passed */
00006 /*  over an insecure link.*/
00007 /* */
00008 /*  -------------------------------------------------------------------------*/
00009 /*  See the file "license.terms" for information on usage and redistribution*/
00010 /*  of this file, and for a DISCLAIMER OF ALL WARRANTIES.*/
00011 /*  -------------------------------------------------------------------------*/
00012 
00013 package require Tcl 8.2
00014 package require SASL
00015 package require http
00016 package require tls
00017 
00018 namespace ::SASL {
00019     namespace XGoogleToken {
00020         variable version 1.0.1
00021         variable rcsid {$Id: gtoken.tcl,v 1.4 2007/08/26 00:36:45 patthoyts Exp $}
00022         variable URLa https://www.google.com/accounts/ClientAuth
00023         variable URLb https://www.google.com/accounts/IssueAuthToken
00024 
00025         /*  Should use autoproxy and register autoproxy::tls_socket*/
00026         /*  Leave to application author?*/
00027         if {![info exists ::http::urlTypes(https)]} {
00028             http::register https 443 tls::socket
00029         }
00030     }
00031 }
00032 
00033 ret  ::SASL::XGoogleToken::client (type context , type challenge , type args) {
00034     upvar #0 $context ctx
00035     variable URLa
00036     variable URLb
00037     set reply ""
00038     set err ""
00039 
00040     if {$ctx(step) != 0} {
00041         return -code error "unexpected state: X-GOOGLE-TOKEN has only 1 step"
00042     }
00043     set username [eval $ctx(callback) [list $context username]]
00044     set password [eval $ctx(callback) [list $context password]]
00045     set query [http::formatQuery Email $username Passwd $password \
00046                    PersistentCookie false source googletalk]
00047     set tok [http::geturl $URLa -query $query -timeout 30000]
00048     if {[http::status $tok] eq "ok"} {
00049         foreach line [split [http::data $tok] \n] {
00050             array set g [split $line =]
00051         }
00052         if {![info exists g(Error)]} {
00053             set query [http::formatQuery SID $g(SID) LSID $g(LSID) \
00054                            service mail Session true]
00055             set tok2 [http::geturl $URLb -query $query -timeout 30000]
00056 
00057             if {[http::status $tok2] eq "ok"} {
00058                 set reply "\0$username\0[http::data $tok2]"
00059             } else {
00060                 set err [http::error $tok2]
00061             }
00062             http::cleanup $tok2
00063        } else {
00064            set err "Invalid username or password"
00065        }
00066     } else {
00067         set err [http::error $tok]
00068     }
00069     http::cleanup $tok
00070     
00071     if {[string length $err] > 0} {
00072         return -code error $err
00073     } else {
00074         set ctx(response) $reply
00075         incr ctx(step)
00076     }
00077     return 0
00078 }
00079 
00080 /*  -------------------------------------------------------------------------*/
00081 
00082 /*  Register this SASL mechanism with the Tcllib SASL package.*/
00083 /* */
00084 if {[llength [package provide SASL]] != 0} {
00085     ::SASL::register X-GOOGLE-TOKEN 40 ::SASL::XGoogleToken::client
00086 }
00087 
00088 package provide SASL::XGoogleToken $::SASL::XGoogleToken::version
00089 
00090 /*  -------------------------------------------------------------------------*/
00091 /* */
00092 /*  Local variables:*/
00093 /*  indent-tabs-mode: nil*/
00094 /*  End:*/
00095
Generated on 21 Sep 2010 for Gui by  doxygen 1.6.1