git.sur5r.net Git - openldap/blob - servers/slapd/sasl.c

   1 /*
   2  * Copyright 1998-1999 The OpenLDAP Foundation, All Rights Reserved.
   3  * COPYING RESTRICTIONS APPLY, see COPYRIGHT file
   4  */
   5
   6 #include "portable.h"
   7
   8 #include <ac/stdlib.h>
   9 #include <stdio.h>
  10
  11 #include "slap.h"
  12 #include "proto-slap.h"
  13
  14 #include <lber.h>
  15 #include <ldap_log.h>
  16
  17 char **supportedSASLMechanisms = NULL;
  18
  19 #ifdef HAVE_CYRUS_SASL
  20 static sasl_callback_t callbacks[] = {
  21         { SASL_CB_LIST_END, NULL, NULL }
  22 };
  23
  24 int sasl_init( void )
  25 {
  26         int rc;
  27         char *mechs;
  28         sasl_conn_t *server = NULL;
  29
  30         rc = sasl_server_init( callbacks, "slapd" );
  31
  32         if( rc != SASL_OK ) {
  33                 Debug( LDAP_DEBUG_ANY, "sasl_server_init failed\n",
  34                         0, 0, 0 );
  35                 return -1;
  36         }
  37
  38         rc = sasl_server_new( "ldap", NULL, NULL, NULL,
  39                 SASL_SECURITY_LAYER,
  40                 &server );
  41
  42         if( rc != SASL_OK ) {
  43                 Debug( LDAP_DEBUG_ANY, "sasl_server_new failed\n",
  44                         0, 0, 0 );
  45                 return -1;
  46         }
  47
  48 #ifdef RESTRICT_SASL
  49         {
  50                 sasl_security_properties_t secprops;
  51                 memset(&secprops, 0, sizeof(secprops));
  52                 secprops.security_flags = SASL_SEC_NOPLAINTEXT | SASL_SEC_NOANONYMOUS;
  53                 secprops.property_names = NULL;
  54                 secprops.property_values = NULL;
  55
  56                 rc = sasl_setprop( server, SASL_SEC_PROPS, &secprops );
  57
  58                 if( rc != SASL_OK ) {
  59                         Debug( LDAP_DEBUG_ANY, "sasl_setprop failed\n",
  60                                 0, 0, 0 );
  61                         return -1;
  62                 }
  63         }
  64 #endif
  65
  66         rc = sasl_listmech( server, NULL, NULL, ",", NULL,
  67                 &mechs, NULL, NULL);
  68
  69         if( rc != SASL_OK ) {
  70                 Debug( LDAP_DEBUG_ANY, "sasl_listmech failed: %d\n",
  71                         rc, 0, 0 );
  72                 return -1;
  73         }
  74
  75         Debug( LDAP_DEBUG_TRACE, "SASL mechanisms: %s\n",
  76                 mechs, 0, 0 );
  77
  78         supportedSASLMechanisms = str2charray( mechs, "," );
  79         sasl_dispose( &server );
  80
  81         return 0;
  82 }
  83
  84 int sasl_destroy( void )
  85 {
  86         charray_free( supportedSASLMechanisms );
  87         return 0;
  88 }
  89
  90 #else
  91 /* no SASL support */
  92 int sasl_init( void ) { return 0; }
  93 int sasl_destroy( void ) { return 0; }
  94 #endif