X-Git-Url: https://git.sur5r.net/?a=blobdiff_plain;f=servers%2Fslapd%2Fsasl.c;h=bf068e85c1d3b59f76cd296700deec480a8bf76e;hb=c2a9642850cef813e15f6d8e29799e2b99e52726;hp=975df3755f30f02a5b1aea226faa47629982123a;hpb=89210b710095003a6d9707523c272be53badff05;p=openldap diff --git a/servers/slapd/sasl.c b/servers/slapd/sasl.c index 975df3755f..bf068e85c1 100644 --- a/servers/slapd/sasl.c +++ b/servers/slapd/sasl.c @@ -768,7 +768,66 @@ slap_sasl_err2ldap( int saslerr ) return rc; } -#endif + +#ifdef SLAPD_SPASSWD + +static struct berval sasl_pwscheme = BER_BVC("{SASL}"); + +static int chk_sasl( + const struct berval *sc, + const struct berval * passwd, + const struct berval * cred, + const char **text ) +{ + unsigned int i; + int rtn; + void *ctx, *sconn = NULL; + + for( i=0; ibv_len; i++) { + if(cred->bv_val[i] == '\0') { + return LUTIL_PASSWD_ERR; /* NUL character in password */ + } + } + + if( cred->bv_val[i] != '\0' ) { + return LUTIL_PASSWD_ERR; /* cred must behave like a string */ + } + + for( i=0; ibv_len; i++) { + if(passwd->bv_val[i] == '\0') { + return LUTIL_PASSWD_ERR; /* NUL character in password */ + } + } + + if( passwd->bv_val[i] != '\0' ) { + return LUTIL_PASSWD_ERR; /* passwd must behave like a string */ + } + + rtn = LUTIL_PASSWD_ERR; + + ctx = ldap_pvt_thread_pool_context(); + ldap_pvt_thread_pool_getkey( ctx, slap_sasl_bind, &sconn, NULL ); + + if( sconn != NULL ) { + int sc; +# if SASL_VERSION_MAJOR < 2 + sc = sasl_checkpass( sconn, + passwd->bv_val, passwd->bv_len, + cred->bv_val, cred->bv_len, + text ); +# else + sc = sasl_checkpass( sconn, + passwd->bv_val, passwd->bv_len, + cred->bv_val, cred->bv_len ); +# endif + rtn = ( sc != SASL_OK ) ? LUTIL_PASSWD_ERR : LUTIL_PASSWD_OK; + } + + return rtn; +} +#endif /* SLAPD_SPASSWD */ + +#endif /* HAVE_CYRUS_SASL */ int slap_sasl_init( void ) { @@ -840,6 +899,10 @@ int slap_sasl_init( void ) return -1; } +#ifdef SLAPD_SPASSWD + lutil_passwd_add( &sasl_pwscheme, chk_sasl, NULL ); +#endif + Debug( LDAP_DEBUG_TRACE, "slap_sasl_init: initialized!\n", 0, 0, 0 );