git.sur5r.net Git - openldap/blob - servers/slapd/sasl.c

   1 /* $OpenLDAP$ */
   2 /*
   3  * Copyright 1998-1999 The OpenLDAP Foundation, All Rights Reserved.
   4  * COPYING RESTRICTIONS APPLY, see COPYRIGHT file
   5  */
   6
   7 #include "portable.h"
   8
   9 #include <ac/stdlib.h>
  10 #include <stdio.h>
  11
  12 #include "slap.h"
  13 #include "proto-slap.h"
  14
  15 #include <lber.h>
  16 #include <ldap_log.h>
  17
  18 char **supportedSASLMechanisms = NULL;
  19
  20 #ifdef HAVE_CYRUS_SASL
  21 static sasl_callback_t callbacks[] = {
  22         { SASL_CB_LIST_END, NULL, NULL }
  23 };
  24
  25 int sasl_init( void )
  26 {
  27         int rc;
  28         char *mechs;
  29         sasl_conn_t *server = NULL;
  30
  31         rc = sasl_server_init( callbacks, "slapd" );
  32
  33         if( rc != SASL_OK ) {
  34                 Debug( LDAP_DEBUG_ANY, "sasl_server_init failed\n",
  35                         0, 0, 0 );
  36                 return -1;
  37         }
  38
  39         rc = sasl_server_new( "ldap", NULL, NULL, NULL,
  40                 SASL_SECURITY_LAYER,
  41                 &server );
  42
  43         if( rc != SASL_OK ) {
  44                 Debug( LDAP_DEBUG_ANY, "sasl_server_new failed\n",
  45                         0, 0, 0 );
  46                 return -1;
  47         }
  48
  49 #ifdef RESTRICT_SASL
  50         {
  51                 sasl_security_properties_t secprops;
  52                 memset(&secprops, 0, sizeof(secprops));
  53                 secprops.security_flags = SASL_SEC_NOPLAINTEXT | SASL_SEC_NOANONYMOUS;
  54                 secprops.property_names = NULL;
  55                 secprops.property_values = NULL;
  56
  57                 rc = sasl_setprop( server, SASL_SEC_PROPS, &secprops );
  58
  59                 if( rc != SASL_OK ) {
  60                         Debug( LDAP_DEBUG_ANY, "sasl_setprop failed\n",
  61                                 0, 0, 0 );
  62                         return -1;
  63                 }
  64         }
  65 #endif
  66
  67         rc = sasl_listmech( server, NULL, NULL, ",", NULL,
  68                 &mechs, NULL, NULL);
  69
  70         if( rc != SASL_OK ) {
  71                 Debug( LDAP_DEBUG_ANY, "sasl_listmech failed: %d\n",
  72                         rc, 0, 0 );
  73                 return -1;
  74         }
  75
  76         Debug( LDAP_DEBUG_TRACE, "SASL mechanisms: %s\n",
  77                 mechs, 0, 0 );
  78
  79         supportedSASLMechanisms = str2charray( mechs, "," );
  80         sasl_dispose( &server );
  81
  82         return 0;
  83 }
  84
  85 int sasl_destroy( void )
  86 {
  87         charray_free( supportedSASLMechanisms );
  88         return 0;
  89 }
  90
  91 #else
  92 /* no SASL support */
  93 int sasl_init( void ) { return 0; }
  94 int sasl_destroy( void ) { return 0; }
  95 #endif