perlgssapi-users

[Perlgssapi-users] Ws-Security

[Massimiliano M. <mas...@ce...>]

Hello, 

I've another tedious question. I've decided to implement 
my webservices as is, exchanging gss messages in the soap
envelope. Is secure by the protocol. 

I'm referring at your examples, from now:

As you told me, once created the context, I would like to use
this context, using GSS_wrap() and GSS_unwrap(). 

First question: are these function available in your perl module?

What is the value of the variable $gss_output_token, after the first call
to GSSAPI::Context::init?

Where is stored the session key?

Second question: of course, the webservice is stateless. I've to
mantaining a state between the client and the webserver, as a session. 

I've to create a function like this (your example: line 123 and following):

# $gss_output_token is returned by the init() context

if($gss_output_token) {
  print "$counter CLIENT::have token to send ...\n";
  print "$counter CLIENT::GSS token length is " . length($gss_output_token) . "\n";

  #
  # $gss_output_token is binary data
  #
  my $gss_input_token = soap_send(encode_base64($gss_output_token, ''),
	                          uniqueid);
	
  print "$counter CLIENT::sent token to server\n";
}

if ($status->major & GSS_S_CONTINUE_NEEDED) {
 print "$counter CLIENT::Mutual auth requested ...\n";
 if ($gss_input_token) {
   print "$counter CLIENT::got mutual auth token from server\n";
   $gss_input_token = decode_base64($gss_input_token);
   print "$counter CLIENT::mutual auth token length is " . length($gss_input_token) . "\n";
} else {
    print "$counter CLIENT::server did not send needed continue token back\n";
	    $error = 1;
}

And then, second time of while, call to init() for the second time, 
and get mutualauth.


Where uniqueid is a value unique for the client that the server stores 
in the disk as httpsession for maintaining a state. My question is:

Imagine that now I've to send a message to the server, containing the 
string "Achim".

What I should pass now to the server, for using the context? What I must
store with the uniqueid for continuing to use the context, after the
death of the webserice?

Thank you!


-- 
Massimiliano Masi

http://www.comunidelchianti.it/~max

Re: [Perlgssapi-users] Ws-Security

[Achim G. <ac...@gr...>]

On Friday 13 October 2006 15:57, Massimiliano Masi wrote:

> As you told me, once created the context, I would like to use
> this context, using GSS_wrap() and GSS_unwrap().
>
> First question: are these function available in your perl module?

Both are available.

Achim

Re: [Perlgssapi-users] Ws-Security

[Massimiliano M. <mas...@ce...>]

Hi, 

On Sunday 15 October 2006, alle 18:56, Achim Grolms wrote:
> > As you told me, once created the context, I would like to use
> > this context, using GSS_wrap() and GSS_unwrap().
> >
> > First question: are these function available in your perl module?
> 
> Both are available.

Yes, I see. Have you any examples of use or documentation?

What I should maintain on the server side for having a valid 
context between the client and the webservice?

Thank you!

-- 
Massimiliano Masi

http://www.comunidelchianti.it/~max

Re: [Perlgssapi-users] Ws-Security

[Achim G. <ac...@gr...>]

On Monday 16 October 2006 09:15, Massimiliano Masi wrote:
> Hi,
>
> On Sunday 15 October 2006, alle 18:56, Achim Grolms wrote:
> > > As you told me, once created the context, I would like to use
> > > this context, using GSS_wrap() and GSS_unwrap().
> > >
> > > First question: are these function available in your perl module?
> >
> > Both are available.
>
> Yes, I see. Have you any examples of use 

Authen::SASL::Perl::GSSAPI

Re: [Perlgssapi-users] Ws-Security

[Massimiliano M. <mas...@ce...>]

Hi, 

On luned? 16 ottobre 2006, alle 18:53, Achim Grolms wrote:
> > Yes, I see. Have you any examples of use 
> 
> Authen::SASL::Perl::GSSAPI

Ok, I got the examples working with gss_wrap and gss_unwrap. It's really easy! :)

But my problem persist: how can I store the context? 

I've to send two messages to my webservice: one for mutual authentication, 
and one for sending the message encrypted. But In the first message, I've to
store in the disk the servercontext (The webservice is stateless).

How can I?

Someone has any idea?



Thank you a lot!






-- 
Massimiliano Masi

http://gauss.comunidelchianti.it/~max

Re: [Perlgssapi-users] Ws-Security

[David L. <Dav...@qu...>]

Massimiliano Masi wrote:
> Hi, 
>
> On luned? 16 ottobre 2006, alle 18:53, Achim Grolms wrote:
>   
>>> Yes, I see. Have you any examples of use 
>>>       
>> Authen::SASL::Perl::GSSAPI
>>     
>
> Ok, I got the examples working with gss_wrap and gss_unwrap. It's really easy! :)
>
> But my problem persist: how can I store the context? 
>
> I've to send two messages to my webservice: one for mutual authentication, 
> and one for sending the message encrypted. But In the first message, I've to
> store in the disk the servercontext (The webservice is stateless).
>
> How can I?
>
> Someone has any idea?
>
>   
I've not tried these, but they might do what you want?

  GSSAPI::Context::export(context, token)
  GSSAPI::Context::import(class, context, token)

d

Re: [Perlgssapi-users] Ws-Security

[Massimiliano M. <mas...@ce...>]

Hi, 

On Tuesday 17 October 2006, alle 07:56, David Leonard wrote:
> I've not tried these, but they might do what you want?
> 
>  GSSAPI::Context::export(context, token)
>  GSSAPI::Context::import(class, context, token)

Seems to be. From the manpage:

   The gss_export_sec_context() deactivates the security context for the 
   calling process and creates an interprocess token which, when passed to
   gss_import_sec_context() in another process, will re-activate the 
   context in the second process. [...] The ability to transfer a security 
   context is indicated when the context is created, by gss_init_sec_context() 
   or gss_accept_sec_context() setting the GSS_C_TRANS_FLAG bit in their 
   ret_flags parameter.

I'll try with these two functions.

:-)

-- 
Massimiliano Masi

http://www.comunidelchianti.it/~max