git.sur5r.net Git - openldap/blob - servers/slapd/sasl.c

   1 #include "portable.h"
   2
   3 #include <ac/stdlib.h>
   4 #include <stdio.h>
   5
   6 #include "slap.h"
   7 #include "proto-slap.h"
   8
   9 #include <lber.h>
  10 #include <ldap_log.h>
  11
  12 char **supportedSASLMechanisms = NULL;
  13
  14 #ifdef HAVE_CYRUS_SASL
  15 #include <sasl.h>
  16
  17 int sasl_init( void )
  18 {
  19         int rc;
  20         char *data;
  21         unsigned len, count;
  22         sasl_conn_t *server = NULL;
  23
  24         rc = sasl_server_init( NULL, "slapd" );
  25
  26         if( rc != SASL_OK ) {
  27                 Debug( LDAP_DEBUG_ANY, "sasl_server_init failed\n",
  28                         0, 0, 0 );
  29                 return -1;
  30         }
  31
  32         rc = sasl_server_new( "ldap", NULL, NULL, NULL,
  33                 SASL_SECURITY_LAYER,
  34                 &server );
  35
  36         if( rc != SASL_OK ) {
  37                 Debug( LDAP_DEBUG_ANY, "sasl_server_new failed\n",
  38                         0, 0, 0 );
  39                 return -1;
  40         }
  41
  42 #ifdef RESTRICT_SASL
  43         {
  44                 sasl_security_properties_t secprops;
  45                 memset(&secprops, 0, sizeof(secprops));
  46                 secprops.security_flags = SASL_SEC_NOPLAINTEXT | SASL_SEC_NOANONYMOUS;
  47                 secprops.property_names = NULL;
  48                 secprops.property_values = NULL;
  49
  50                 rc = sasl_setprop( server, SASL_SEC_PROPS, &secprops );
  51
  52                 if( rc != SASL_OK ) {
  53                         Debug( LDAP_DEBUG_ANY, "sasl_setprop failed\n",
  54                                 0, 0, 0 );
  55                         return -1;
  56                 }
  57         }
  58 #endif
  59
  60         rc = sasl_listmech( server, NULL, NULL, ",", NULL,
  61                 &data, &len, &count);
  62
  63         if( rc != SASL_OK ) {
  64                 Debug( LDAP_DEBUG_ANY, "sasl_listmech failed: %d\n",
  65                         rc, 0, 0 );
  66                 return -1;
  67         }
  68
  69         Debug( LDAP_DEBUG_TRACE, "SASL mechanisms: %s\n",
  70                 data, 0, 0 );
  71
  72         supportedSASLMechanisms = str2charray( data, "," );
  73         sasl_dispose( &server );
  74
  75         return 0;
  76 }
  77
  78 int sasl_destroy( void )
  79 {
  80         charray_free( supportedSASLMechanisms );
  81         return 0;
  82 }
  83
  84 #else
  85 /* no SASL support */
  86 int sasl_init( void ) { return 0; }
  87 int sasl_destroy( void ) { return 0; }
  88 #endif