--- a/hasl/haslmechanismplain.c Tue Feb 14 22:50:55 2023 -0600
+++ b/hasl/haslmechanismplain.c Tue Feb 14 23:20:48 2023 -0600
@@ -28,7 +28,42 @@
/******************************************************************************
* HaslMechanism Implementation
*****************************************************************************/
+hasl_mechanism_plain_possible(G_GNUC_UNUSED HaslMechanism *mechanism, + const char *value = NULL; + value = hasl_context_get_username(context); + if(value == NULL || value[0] == '\0') { + g_set_error(error, HASL_MECHANISM_PLAIN_DOMAIN, 0, + value = hasl_context_get_password(context); + if(value == NULL || value[0] == '\0') { + g_set_error(error, HASL_MECHANISM_PLAIN_DOMAIN, 0, + if(!hasl_context_get_allow_plain_in_clear(context)) { + if(!hasl_context_get_tls(context)) { + g_set_error(error, HASL_MECHANISM_PLAIN_DOMAIN, 0, + "plain text is not allowed without TLS"); +static HaslMechanismResult hasl_mechanism_plain_step(G_GNUC_UNUSED HaslMechanism *mechanism,
G_GNUC_UNUSED const guint8 *server_in,
@@ -95,5 +130,6 @@
hasl_mechanism_plain_class_init(HaslMechanismPlainClass *klass) {
HaslMechanismClass *mechanism_class = HASL_MECHANISM_CLASS(klass);
+ mechanism_class->possible = hasl_mechanism_plain_possible; mechanism_class->step = hasl_mechanism_plain_step;
--- a/hasl/haslmechanismplain.h Tue Feb 14 22:50:55 2023 -0600
+++ b/hasl/haslmechanismplain.h Tue Feb 14 23:20:48 2023 -0600
@@ -26,6 +26,8 @@
+#define HASL_MECHANISM_PLAIN_DOMAIN (g_quark_from_static_string("hasl-mechanism-plain")) #define HASL_TYPE_MECHANISM_PLAIN (hasl_mechanism_plain_get_type())
G_DECLARE_FINAL_TYPE(HaslMechanismPlain, hasl_mechanism_plain, HASL,
MECHANISM_PLAIN, HaslMechanism)
--- a/hasl/tests/test-mechanism-plain.c Tue Feb 14 22:50:55 2023 -0600
+++ b/hasl/tests/test-mechanism-plain.c Tue Feb 14 23:20:48 2023 -0600
@@ -46,6 +46,30 @@
g_clear_object(&mechanism);
+test_hasl_mechanism_plain_possible(HaslContext *context, gboolean expected, + HaslMechanism *mechanism = NULL; + mechanism = g_object_new(HASL_TYPE_MECHANISM_PLAIN, NULL); + ret = hasl_mechanism_possible(mechanism, context, &error); + g_assert_error(error, HASL_MECHANISM_PLAIN_DOMAIN, 0); + g_assert_no_error(error); + g_assert_true(ret == expected); + g_clear_object(&mechanism); /******************************************************************************
*****************************************************************************/
@@ -111,6 +135,104 @@
+test_hasl_mechanism_plain_possible_empty_context(void) { + HaslContext *context = hasl_context_new(); + test_hasl_mechanism_plain_possible(context, FALSE, TRUE); + g_clear_object(&context); +test_hasl_mechanism_plain_possible_username_only(void) { + HaslContext *context = hasl_context_new(); + hasl_context_set_username(context, "alice"); + test_hasl_mechanism_plain_possible(context, FALSE, TRUE); + g_clear_object(&context); +test_hasl_mechanism_plain_possible_password_only(void) { + HaslContext *context = hasl_context_new(); + hasl_context_set_password(context, "hunter2"); + test_hasl_mechanism_plain_possible(context, FALSE, TRUE); + g_clear_object(&context); +test_hasl_mechanism_plain_possible_username_password(void) { + HaslContext *context = hasl_context_new(); + hasl_context_set_username(context, "alice"); + hasl_context_set_password(context, "hunter2"); + hasl_context_set_tls(context, TRUE); + test_hasl_mechanism_plain_possible(context, TRUE, FALSE); + g_clear_object(&context); +test_hasl_mechanism_plain_possible_authzid_username_password(void) { + HaslContext *context = hasl_context_new(); + hasl_context_set_authzid(context, "pointy haired boss"); + hasl_context_set_username(context, "alice"); + hasl_context_set_password(context, "hunter2"); + hasl_context_set_tls(context, TRUE); + test_hasl_mechanism_plain_possible(context, TRUE, FALSE); + g_clear_object(&context); +test_hasl_mechanism_plain_possible_allow_plain_in_clear_without_tls(void) { + HaslContext *context = hasl_context_new(); + hasl_context_set_username(context, "alice"); + hasl_context_set_password(context, "hunter2"); + hasl_context_set_allow_plain_in_clear(context, TRUE); + test_hasl_mechanism_plain_possible(context, TRUE, FALSE); + g_clear_object(&context); +test_hasl_mechanism_plain_possible_allow_plain_in_clear_with_tls(void) { + HaslContext *context = hasl_context_new(); + hasl_context_set_username(context, "alice"); + hasl_context_set_password(context, "hunter2"); + hasl_context_set_allow_plain_in_clear(context, TRUE); + hasl_context_set_tls(context, TRUE); + test_hasl_mechanism_plain_possible(context, TRUE, FALSE); + g_clear_object(&context); +test_hasl_mechanism_plain_possible_allow_plain_in_clear_required(void) { + HaslContext *context = hasl_context_new(); + hasl_context_set_username(context, "alice"); + hasl_context_set_password(context, "hunter2"); + hasl_context_set_tls(context, FALSE); + test_hasl_mechanism_plain_possible(context, FALSE, TRUE); + g_clear_object(&context); test_hasl_mechanism_plain_step_rfc4616_example1(void) {
HaslContext *context = NULL;
HaslMechanism *mechanism = NULL;
@@ -189,6 +311,23 @@
g_test_add_func("/hasl/mechanism-plain/password-required/empty",
test_hasl_mechanism_plain_password_required_empty);
+ g_test_add_func("/hasl/mechanism-plain/possible/empty-context", + test_hasl_mechanism_plain_possible_empty_context); + g_test_add_func("/hasl/mechanism-plain/possible/username-only", + test_hasl_mechanism_plain_possible_username_only); + g_test_add_func("/hasl/mechanism-plain/possible/password-only", + test_hasl_mechanism_plain_possible_password_only); + g_test_add_func("/hasl/mechanism-plain/possible/username-password", + test_hasl_mechanism_plain_possible_username_password); + g_test_add_func("/hasl/mechanism-plain/possible/authzid-username-password", + test_hasl_mechanism_plain_possible_authzid_username_password); + g_test_add_func("/hasl/mechanism-plain/possible/allow-plain-in-clear-without-tls", + test_hasl_mechanism_plain_possible_allow_plain_in_clear_without_tls); + g_test_add_func("/hasl/mechanism-plain/possible/allow-plain-in-clear-with-tls", + test_hasl_mechanism_plain_possible_allow_plain_in_clear_with_tls); + g_test_add_func("/hasl/mechanism-plain/possible/allow-plain-in-clear-required", + test_hasl_mechanism_plain_possible_allow_plain_in_clear_required); g_test_add_func("/hasl/mechanism-plain/step/rfc4616-example1",
test_hasl_mechanism_plain_step_rfc4616_example1);
g_test_add_func("/hasl/mechanism-plain/step/with-authzid",