git.sur5r.net Git - openldap/blob - servers/slapd/sasl.c

   1 #include "portable.h"
   2
   3 #include <ac/stdlib.h>
   4 #include <stdio.h>
   5
   6 #include "slap.h"
   7 #include "proto-slap.h"
   8
   9 #include <lber.h>
  10 #include <ldap_log.h>
  11
  12 char **supportedSASLMechanisms = NULL;
  13
  14 #ifdef HAVE_CYRUS_SASL
  15 static sasl_callback_t callbacks[] = {
  16         { SASL_CB_LIST_END, NULL, NULL }
  17 };
  18
  19 int sasl_init( void )
  20 {
  21         int rc;
  22         char *mechs;
  23         sasl_conn_t *server = NULL;
  24
  25         rc = sasl_server_init( callbacks, "slapd" );
  26
  27         if( rc != SASL_OK ) {
  28                 Debug( LDAP_DEBUG_ANY, "sasl_server_init failed\n",
  29                         0, 0, 0 );
  30                 return -1;
  31         }
  32
  33         rc = sasl_server_new( "ldap", NULL, NULL, NULL,
  34                 SASL_SECURITY_LAYER,
  35                 &server );
  36
  37         if( rc != SASL_OK ) {
  38                 Debug( LDAP_DEBUG_ANY, "sasl_server_new failed\n",
  39                         0, 0, 0 );
  40                 return -1;
  41         }
  42
  43 #ifdef RESTRICT_SASL
  44         {
  45                 sasl_security_properties_t secprops;
  46                 memset(&secprops, 0, sizeof(secprops));
  47                 secprops.security_flags = SASL_SEC_NOPLAINTEXT | SASL_SEC_NOANONYMOUS;
  48                 secprops.property_names = NULL;
  49                 secprops.property_values = NULL;
  50
  51                 rc = sasl_setprop( server, SASL_SEC_PROPS, &secprops );
  52
  53                 if( rc != SASL_OK ) {
  54                         Debug( LDAP_DEBUG_ANY, "sasl_setprop failed\n",
  55                                 0, 0, 0 );
  56                         return -1;
  57                 }
  58         }
  59 #endif
  60
  61         rc = sasl_listmech( server, NULL, NULL, ",", NULL,
  62                 &mechs, NULL, NULL);
  63
  64         if( rc != SASL_OK ) {
  65                 Debug( LDAP_DEBUG_ANY, "sasl_listmech failed: %d\n",
  66                         rc, 0, 0 );
  67                 return -1;
  68         }
  69
  70         Debug( LDAP_DEBUG_TRACE, "SASL mechanisms: %s\n",
  71                 mechs, 0, 0 );
  72
  73         supportedSASLMechanisms = str2charray( mechs, "," );
  74         sasl_dispose( &server );
  75
  76         return 0;
  77 }
  78
  79 int sasl_destroy( void )
  80 {
  81         charray_free( supportedSASLMechanisms );
  82         return 0;
  83 }
  84
  85 #else
  86 /* no SASL support */
  87 int sasl_init( void ) { return 0; }
  88 int sasl_destroy( void ) { return 0; }
  89 #endif