/* $OpenLDAP$ */
/*
- * Copyright 1999-2000 The OpenLDAP Foundation, All Rights Reserved.
+ * Copyright 1999-2002 The OpenLDAP Foundation, All Rights Reserved.
* COPYING RESTRICTIONS APPLY, see COPYRIGHT file
*/
#include "portable.h"
-#include <stdlib.h>
#include <stdio.h>
#include <ac/socket.h>
+#include <ac/stdlib.h>
#include <ac/string.h>
#include <ac/time.h>
#include <ac/errno.h>
#include <ac/ctype.h>
#include "ldap-int.h"
+
+#ifdef HAVE_CYRUS_SASL
+
#ifdef LDAP_R_COMPILE
-#include "ldap_pvt_thread.h"
+ldap_pvt_thread_mutex_t ldap_int_sasl_mutex;
#endif
-#ifdef HAVE_CYRUS_SASL
#include <sasl.h>
/*
* Various Cyrus SASL related stuff.
*/
-#define SASL_MAX_BUFF_SIZE 65536
-#define SASL_MIN_BUFF_SIZE 4096
-
int ldap_int_sasl_init( void )
{
/* XXX not threadsafe */
ldap_pvt_sasl_mutex_lock,
ldap_pvt_sasl_mutex_unlock,
ldap_pvt_sasl_mutex_dispose );
+
+ ldap_pvt_thread_mutex_init( &ldap_int_sasl_mutex );
#endif
if ( sasl_client_init( client_callbacks ) == SASL_OK ) {
}
static ber_len_t
-sb_sasl_pkt_length( const char *buf, int debuglevel )
+sb_sasl_pkt_length( const unsigned char *buf, int debuglevel )
{
ber_len_t size;
- long tmp;
assert( buf != NULL );
- tmp = *((long *)buf);
- size = ntohl( tmp );
+ size = buf[0] << 24
+ | buf[1] << 16
+ | buf[2] << 8
+ | buf[3];
+ /* we really should check against actual buffer size set
+ * in the secopts.
+ */
if ( size > SASL_MAX_BUFF_SIZE ) {
/* somebody is trying to mess me up. */
ber_log_printf( LDAP_DEBUG_ANY, debuglevel,
"sb_sasl_pkt_length: received illegal packet length "
"of %lu bytes\n", (unsigned long)size );
size = 16; /* this should lead to an error. */
-}
+ }
return size + 4; /* include the size !!! */
}
len = sec_buf_in->buf_ptr - sec_buf_in->buf_end;
if ( len > 0 )
- memmove( sec_buf_in->buf_base, sec_buf_in->buf_base +
+ AC_MEMCPY( sec_buf_in->buf_base, sec_buf_in->buf_base +
sec_buf_in->buf_end, len );
if ( len >= 4 ) {
sbiod->sbiod_sb->sb_debug );
/* Grow the packet buffer if neccessary */
- if ( ( p->sec_buf_in.buf_size < ret ) &&
+ if ( ( p->sec_buf_in.buf_size < (ber_len_t) ret ) &&
ber_pvt_sb_grow_buffer( &p->sec_buf_in, ret ) < 0 )
{
errno = ENOMEM;
if ( !ber_sockbuf_ctrl( sb, LBER_SB_OPT_HAS_IO,
&ldap_pvt_sockbuf_io_sasl ) )
{
+#ifdef LDAP_DEBUG
+ ber_sockbuf_add_io( sb, &ber_sockbuf_io_debug,
+ LBER_SBIOD_LEVEL_APPLICATION, (void *)"sasl_" );
+#endif
ber_sockbuf_add_io( sb, &ldap_pvt_sockbuf_io_sasl,
LBER_SBIOD_LEVEL_APPLICATION, ctx_arg );
}
sasl_conn_t *ctx;
sasl_callback_t *session_callbacks =
- ber_memcalloc( 2, sizeof( sasl_callback_t ) );
+ LDAP_CALLOC( 2, sizeof( sasl_callback_t ) );
if( session_callbacks == NULL ) return LDAP_NO_MEMORY;
assert( lc->lconn_sasl_ctx == NULL );
if ( host == NULL ) {
- ld->ld_errno = LDAP_UNAVAILABLE;
+ ld->ld_errno = LDAP_LOCAL_ERROR;
return ld->ld_errno;
}
rc = sasl_client_new( "ldap", host, session_callbacks,
SASL_SECURITY_LAYER, &ctx );
+ LDAP_FREE( session_callbacks );
if ( rc != SASL_OK ) {
ld->ld_errno = sasl_err2ldap( rc );
return ld->ld_errno;
}
- Debug( LDAP_DEBUG_TRACE, "ldap_int_sasl_open: %s\n",
+ Debug( LDAP_DEBUG_TRACE, "ldap_int_sasl_open: host=%s\n",
host, 0, 0 );
lc->lconn_sasl_ctx = ctx;
if ( sd == AC_SOCKET_INVALID ) {
/* not connected yet */
- int rc = ldap_open_defconn( ld );
-
+ int rc;
+
+ rc = ldap_open_defconn( ld );
if( rc < 0 ) return ld->ld_errno;
+
ber_sockbuf_ctrl( ld->ld_sb, LBER_SB_OPT_GET_FD, &sd );
if( sd == AC_SOCKET_INVALID ) {
- ld->ld_errno = LDAP_UNAVAILABLE;
+ ld->ld_errno = LDAP_LOCAL_ERROR;
return ld->ld_errno;
}
}
ctx = ld->ld_defconn->lconn_sasl_ctx;
if( ctx == NULL ) {
- ld->ld_errno = LDAP_UNAVAILABLE;
+ ld->ld_errno = LDAP_LOCAL_ERROR;
return ld->ld_errno;
}
}
if ( rc != LDAP_SUCCESS && rc != LDAP_SASL_BIND_IN_PROGRESS ) {
- if( scred ) {
+ if( scred && scred->bv_len ) {
/* and server provided us with data? */
Debug( LDAP_DEBUG_TRACE,
"ldap_int_sasl_bind: rc=%d sasl=%d len=%ld\n",
if( rc == LDAP_SUCCESS && saslrc == SASL_OK ) {
/* we're done, no need to step */
- if( scred ) {
+ if( scred && scred->bv_len ) {
/* but server provided us with data! */
Debug( LDAP_DEBUG_TRACE,
"ldap_int_sasl_bind: rc=%d sasl=%d len=%ld\n",
if( flags != LDAP_SASL_QUIET ) {
fprintf( stderr, "SASL installing layers\n" );
}
- ldap_pvt_sasl_install( ld->ld_sb, ctx );
+ ldap_pvt_sasl_install( ld->ld_conns->lconn_sb, ctx );
}
}
return rc;
}
+int
+ldap_int_sasl_external(
+ LDAP *ld,
+ LDAPConn *conn,
+ const char * authid,
+ ber_len_t ssf )
+{
+ int sc;
+ sasl_conn_t *ctx;
+ sasl_external_properties_t extprops;
+
+ ctx = conn->lconn_sasl_ctx;
+
+ if ( ctx == NULL ) {
+ return LDAP_LOCAL_ERROR;
+ }
+
+ memset( &extprops, '\0', sizeof(extprops) );
+ extprops.ssf = ssf;
+ extprops.auth_id = (char *) authid;
+
+ sc = sasl_setprop( ctx, SASL_SSF_EXTERNAL,
+ (void *) &extprops );
+
+ if ( sc != SASL_OK ) {
+ return LDAP_LOCAL_ERROR;
+ }
+
+ return LDAP_SUCCESS;
+}
+
+
int ldap_pvt_sasl_secprops(
const char *in,
sasl_security_properties_t *secprops )
return LDAP_NOT_SUPPORTED;
}
+ if( maxbufsize && (( maxbufsize < SASL_MIN_BUFF_SIZE )
+ || (maxbufsize > SASL_MAX_BUFF_SIZE )))
+ {
+ /* bad maxbufsize */
+ return LDAP_PARAM_ERROR;
+ }
+
} else {
return LDAP_NOT_SUPPORTED;
}
LDAP_SASL_INTERACT_PROC *interact,
void * defaults )
{ return LDAP_NOT_SUPPORTED; }
+
+int
+ldap_int_sasl_external(
+ LDAP *ld,
+ LDAPConn *conn,
+ const char * authid,
+ ber_len_t ssf )
+{ return LDAP_SUCCESS; }
+
#endif /* HAVE_CYRUS_SASL */
projects / openldap / blobdiff