X-Git-Url: https://git.sur5r.net/?a=blobdiff_plain;f=libraries%2Flibldap%2Fcyrus.c;h=63eb7d1357cc207155ce66b5e29fbdeb759c75ff;hb=7887ef7e92a4b91d20814242322dfc33d3ebb0ee;hp=b53570561d7df1c8f073a392e4a81e911e40c86d;hpb=2a6f092422c917bcdbe822cb881dfafb97d81139;p=openldap diff --git a/libraries/libldap/cyrus.c b/libraries/libldap/cyrus.c index b53570561d..63eb7d1357 100644 --- a/libraries/libldap/cyrus.c +++ b/libraries/libldap/cyrus.c @@ -1,35 +1,34 @@ /* $OpenLDAP$ */ /* - * Copyright 1999-2000 The OpenLDAP Foundation, All Rights Reserved. + * Copyright 1999-2002 The OpenLDAP Foundation, All Rights Reserved. * COPYING RESTRICTIONS APPLY, see COPYRIGHT file */ #include "portable.h" -#include #include #include +#include #include #include #include #include #include "ldap-int.h" + +#ifdef HAVE_CYRUS_SASL + #ifdef LDAP_R_COMPILE -#include "ldap_pvt_thread.h" +ldap_pvt_thread_mutex_t ldap_int_sasl_mutex; #endif -#ifdef HAVE_CYRUS_SASL #include /* * Various Cyrus SASL related stuff. */ -#define SASL_MAX_BUFF_SIZE 65536 -#define SASL_MIN_BUFF_SIZE 4096 - int ldap_int_sasl_init( void ) { /* XXX not threadsafe */ @@ -65,6 +64,8 @@ int ldap_int_sasl_init( void ) ldap_pvt_sasl_mutex_lock, ldap_pvt_sasl_mutex_unlock, ldap_pvt_sasl_mutex_dispose ); + + ldap_pvt_thread_mutex_init( &ldap_int_sasl_mutex ); #endif if ( sasl_client_init( client_callbacks ) == SASL_OK ) { @@ -127,23 +128,27 @@ sb_sasl_remove( Sockbuf_IO_Desc *sbiod ) } static ber_len_t -sb_sasl_pkt_length( const char *buf, int debuglevel ) +sb_sasl_pkt_length( const unsigned char *buf, int debuglevel ) { ber_len_t size; - long tmp; assert( buf != NULL ); - tmp = *((long *)buf); - size = ntohl( tmp ); + size = buf[0] << 24 + | buf[1] << 16 + | buf[2] << 8 + | buf[3]; + /* we really should check against actual buffer size set + * in the secopts. + */ if ( size > SASL_MAX_BUFF_SIZE ) { /* somebody is trying to mess me up. */ ber_log_printf( LDAP_DEBUG_ANY, debuglevel, "sb_sasl_pkt_length: received illegal packet length " "of %lu bytes\n", (unsigned long)size ); size = 16; /* this should lead to an error. */ -} + } return size + 4; /* include the size !!! */ } @@ -156,7 +161,7 @@ sb_sasl_drop_packet ( Sockbuf_Buf *sec_buf_in, int debuglevel ) len = sec_buf_in->buf_ptr - sec_buf_in->buf_end; if ( len > 0 ) - memmove( sec_buf_in->buf_base, sec_buf_in->buf_base + + AC_MEMCPY( sec_buf_in->buf_base, sec_buf_in->buf_base + sec_buf_in->buf_end, len ); if ( len >= 4 ) { @@ -209,7 +214,7 @@ sb_sasl_read( Sockbuf_IO_Desc *sbiod, void *buf, ber_len_t len) sbiod->sbiod_sb->sb_debug ); /* Grow the packet buffer if neccessary */ - if ( ( p->sec_buf_in.buf_size < ret ) && + if ( ( p->sec_buf_in.buf_size < (ber_len_t) ret ) && ber_pvt_sb_grow_buffer( &p->sec_buf_in, ret ) < 0 ) { errno = ENOMEM; @@ -393,7 +398,7 @@ ldap_int_sasl_open( sasl_conn_t *ctx; sasl_callback_t *session_callbacks = - ber_memcalloc( 2, sizeof( sasl_callback_t ) ); + LDAP_CALLOC( 2, sizeof( sasl_callback_t ) ); if( session_callbacks == NULL ) return LDAP_NO_MEMORY; @@ -414,13 +419,14 @@ ldap_int_sasl_open( rc = sasl_client_new( "ldap", host, session_callbacks, SASL_SECURITY_LAYER, &ctx ); + LDAP_FREE( session_callbacks ); if ( rc != SASL_OK ) { ld->ld_errno = sasl_err2ldap( rc ); return ld->ld_errno; } - Debug( LDAP_DEBUG_TRACE, "ldap_int_sasl_open: %s\n", + Debug( LDAP_DEBUG_TRACE, "ldap_int_sasl_open: host=%s\n", host, 0, 0 ); lc->lconn_sasl_ctx = ctx; @@ -564,7 +570,7 @@ ldap_int_sasl_bind( } if ( rc != LDAP_SUCCESS && rc != LDAP_SASL_BIND_IN_PROGRESS ) { - if( scred ) { + if( scred && scred->bv_len ) { /* and server provided us with data? */ Debug( LDAP_DEBUG_TRACE, "ldap_int_sasl_bind: rc=%d sasl=%d len=%ld\n", @@ -576,7 +582,7 @@ ldap_int_sasl_bind( if( rc == LDAP_SUCCESS && saslrc == SASL_OK ) { /* we're done, no need to step */ - if( scred ) { + if( scred && scred->bv_len ) { /* but server provided us with data! */ Debug( LDAP_DEBUG_TRACE, "ldap_int_sasl_bind: rc=%d sasl=%d len=%ld\n", @@ -648,13 +654,45 @@ ldap_int_sasl_bind( if( flags != LDAP_SASL_QUIET ) { fprintf( stderr, "SASL installing layers\n" ); } - ldap_pvt_sasl_install( ld->ld_sb, ctx ); + ldap_pvt_sasl_install( ld->ld_conns->lconn_sb, ctx ); } } return rc; } +int +ldap_int_sasl_external( + LDAP *ld, + LDAPConn *conn, + const char * authid, + ber_len_t ssf ) +{ + int sc; + sasl_conn_t *ctx; + sasl_external_properties_t extprops; + + ctx = conn->lconn_sasl_ctx; + + if ( ctx == NULL ) { + return LDAP_LOCAL_ERROR; + } + + memset( &extprops, '\0', sizeof(extprops) ); + extprops.ssf = ssf; + extprops.auth_id = (char *) authid; + + sc = sasl_setprop( ctx, SASL_SSF_EXTERNAL, + (void *) &extprops ); + + if ( sc != SASL_OK ) { + return LDAP_LOCAL_ERROR; + } + + return LDAP_SUCCESS; +} + + int ldap_pvt_sasl_secprops( const char *in, sasl_security_properties_t *secprops ) @@ -732,6 +770,13 @@ int ldap_pvt_sasl_secprops( return LDAP_NOT_SUPPORTED; } + if( maxbufsize && (( maxbufsize < SASL_MIN_BUFF_SIZE ) + || (maxbufsize > SASL_MAX_BUFF_SIZE ))) + { + /* bad maxbufsize */ + return LDAP_PARAM_ERROR; + } + } else { return LDAP_NOT_SUPPORTED; } @@ -954,4 +999,13 @@ ldap_int_sasl_bind( LDAP_SASL_INTERACT_PROC *interact, void * defaults ) { return LDAP_NOT_SUPPORTED; } + +int +ldap_int_sasl_external( + LDAP *ld, + LDAPConn *conn, + const char * authid, + ber_len_t ssf ) +{ return LDAP_SUCCESS; } + #endif /* HAVE_CYRUS_SASL */