X-Git-Url: https://git.sur5r.net/?a=blobdiff_plain;f=servers%2Fslapd%2Fsasl.c;h=f42a13de13586c11b5f7f5bedfe3a8d84dca733f;hb=d23c55964651929e7b2b5a1730b33efee9661033;hp=c322d23e54d16e0ca31ab8d0d2abf6a2cf798c1d;hpb=8a4e92b259fc1f260de0b566b98471fc01ebbe7d;p=openldap diff --git a/servers/slapd/sasl.c b/servers/slapd/sasl.c index c322d23e54..f42a13de13 100644 --- a/servers/slapd/sasl.c +++ b/servers/slapd/sasl.c @@ -17,12 +17,17 @@ #ifdef HAVE_CYRUS_SASL #include -#ifdef HAVE_CYRUS_SASL2 + +#ifdef HAVE_SASL_SASL_H #include +#else +#include +#endif + +#if SASL_VERSION_MAJOR >= 2 #include #define SASL_CONST const #else -#include #define SASL_CONST #endif @@ -54,7 +59,7 @@ slap_sasl_log( } switch (priority) { -#ifdef HAVE_CYRUS_SASL2 +#if SASL_VERSION_MAJOR >= 2 case SASL_LOG_NONE: level = LDAP_DEBUG_NONE; label = "None"; @@ -132,7 +137,8 @@ slap_sasl_log( static struct berval ext_bv = { sizeof("EXTERNAL")-1, "EXTERNAL" }; -int slap_sasl_getdn( Connection *conn, char *id, char *user_realm, struct berval *dn, int flags ) +int slap_sasl_getdn( Connection *conn, char *id, + char *user_realm, struct berval *dn, int flags ) { char *c1; int rc, len, is_dn = 0; @@ -282,7 +288,7 @@ int slap_sasl_getdn( Connection *conn, char *id, char *user_realm, struct berval return( LDAP_SUCCESS ); } -#ifdef HAVE_CYRUS_SASL2 +#if SASL_VERSION_MAJOR >= 2 static int slap_sasl_checkpass( sasl_conn_t *sconn, @@ -309,7 +315,8 @@ slap_sasl_checkpass( } if ( dn.bv_len == 0 ) { - sasl_seterror( sconn, 0, "No password is associated with the Root DSE" ); + sasl_seterror( sconn, 0, + "No password is associated with the Root DSE" ); if ( dn.bv_val != NULL ) { ch_free( dn.bv_val ); } @@ -504,7 +511,7 @@ slap_sasl_authorize( #endif /* Figure out how much data we have for the dn */ - rc = sasl_getprop( ctx, SASL_REALM, (void **)&realm ); + rc = sasl_getprop( conn->c_sasl_context, SASL_REALM, (void **)&realm ); if( rc != SASL_OK && rc != SASL_NOTDONE ) { #ifdef NEW_LOGGING LDAP_LOG(( "sasl", LDAP_LEVEL_ERR, @@ -579,7 +586,7 @@ slap_sasl_authorize( *errstr = NULL; return SASL_OK; } -#endif /* HAVE_CYRUS_SASL2 */ +#endif /* SASL_VERSION_MAJOR >= 2 */ static int slap_sasl_err2ldap( int saslerr ) @@ -688,8 +695,8 @@ int slap_sasl_destroy( void ) int slap_sasl_open( Connection *conn ) { - int sc = LDAP_SUCCESS; -#ifdef HAVE_CYRUS_SASL2 + int cb, sc = LDAP_SUCCESS; +#if SASL_VERSION_MAJOR >= 2 char *ipremoteport = NULL, *iplocalport = NULL; #endif @@ -703,45 +710,42 @@ int slap_sasl_open( Connection *conn ) conn->c_sasl_layers = 0; session_callbacks = -#ifdef HAVE_CYRUS_SASL2 +#if SASL_VERSION_MAJOR >= 2 ch_calloc( 5, sizeof(sasl_callback_t)); #else ch_calloc( 3, sizeof(sasl_callback_t)); #endif conn->c_sasl_extra = session_callbacks; - session_callbacks[0].id = SASL_CB_LOG; - session_callbacks[0].proc = &slap_sasl_log; - session_callbacks[0].context = conn; - - session_callbacks[1].id = SASL_CB_PROXY_POLICY; - session_callbacks[1].proc = &slap_sasl_authorize; - session_callbacks[1].context = conn; + session_callbacks[cb=0].id = SASL_CB_LOG; + session_callbacks[cb].proc = &slap_sasl_log; + session_callbacks[cb++].context = conn; -#ifdef HAVE_CYRUS_SASL2 - session_callbacks[2].id = SASL_CB_CANON_USER; - session_callbacks[2].proc = &slap_sasl_canonicalize; - session_callbacks[2].context = conn; + session_callbacks[cb].id = SASL_CB_PROXY_POLICY; + session_callbacks[cb].proc = &slap_sasl_authorize; + session_callbacks[cb++].context = conn; - session_callbacks[3].id = SASL_CB_SERVER_USERDB_CHECKPASS; - session_callbacks[3].proc = &slap_sasl_checkpass; - session_callbacks[3].context = conn; +#if SASL_VERSION_MAJOR >= 2 + session_callbacks[cb].id = SASL_CB_CANON_USER; + session_callbacks[cb].proc = &slap_sasl_canonicalize; + session_callbacks[cb++].context = conn; - session_callbacks[4].id = SASL_CB_LIST_END; - session_callbacks[4].proc = NULL; - session_callbacks[4].context = NULL; -#else - session_callbacks[2].id = SASL_CB_LIST_END; - session_callbacks[2].proc = NULL; - session_callbacks[2].context = NULL; + /* XXXX: this should be conditional */ + session_callbacks[cb].id = SASL_CB_SERVER_USERDB_CHECKPASS; + session_callbacks[cb].proc = &slap_sasl_checkpass; + session_callbacks[cb++].context = conn; #endif + session_callbacks[cb].id = SASL_CB_LIST_END; + session_callbacks[cb].proc = NULL; + session_callbacks[cb++].context = NULL; + if( global_host == NULL ) { global_host = ldap_pvt_get_fqdn( NULL ); } /* create new SASL context */ -#ifdef HAVE_CYRUS_SASL2 +#if SASL_VERSION_MAJOR >= 2 if ( conn->c_sock_name.bv_len != 0 && strncmp( conn->c_sock_name.bv_val, "IP=", 3 ) == 0) { char *p; @@ -819,7 +823,7 @@ int slap_sasl_external( slap_ssf_t ssf, const char *auth_id ) { -#if defined(HAVE_CYRUS_SASL2) +#if SASL_VERSION_MAJOR >= 2 int sc; sasl_conn_t *ctx = conn->c_sasl_context; @@ -838,6 +842,7 @@ int slap_sasl_external( if ( sc != SASL_OK ) { return LDAP_OTHER; } + #elif defined(HAVE_CYRUS_SASL) int sc; sasl_conn_t *ctx = conn->c_sasl_context; @@ -903,7 +908,7 @@ char ** slap_sasl_mechs( Connection *conn ) mechs = str2charray( mechstr, "," ); -#ifndef HAVE_CYRUS_SASL2 +#if SASL_VERSION_MAJOR < 2 ch_free( mechstr ); #endif } @@ -970,7 +975,7 @@ int slap_sasl_bind( return rc; } -#ifdef HAVE_CYRUS_SASL2 +#if SASL_VERSION_MAJOR >= 2 #define START( ctx, mech, cred, clen, resp, rlen, err ) \ sasl_server_start( ctx, mech, cred, clen, resp, rlen ) #define STEP( ctx, cred, clen, resp, rlen, err ) \ @@ -1001,7 +1006,7 @@ int slap_sasl_bind( char *username = NULL; char *realm = NULL; -#ifdef HAVE_CYRUS_SASL2 +#if SASL_VERSION_MAJOR >= 2 sc = sasl_getprop( ctx, SASL_DEFUSERREALM, (const void **)&realm ); #else sc = sasl_getprop( ctx, SASL_REALM, (void **)&realm ); @@ -1056,7 +1061,7 @@ int slap_sasl_bind( NULL, errstr, NULL, NULL ); } -#ifndef HAVE_CYRUS_SASL2 +#if SASL_VERSION_MAJOR < 2 if( response.bv_len ) { ch_free( response.bv_val ); }