From: Kurt Zeilenga Date: Mon, 17 Jul 2000 21:23:59 +0000 (+0000) Subject: Expose sasl flags to -lldap (so they can be quiet) X-Git-Tag: LDBM_PRE_GIANT_RWLOCK~2430 X-Git-Url: https://git.sur5r.net/?a=commitdiff_plain;h=6393523ffa71bffabcafffda064c04b36742cb2c;p=openldap Expose sasl flags to -lldap (so they can be quiet) Fix interactive and automatic modes. Quiet needs work. --- diff --git a/clients/tools/ldapdelete.c b/clients/tools/ldapdelete.c index ef9f94245f..1f7ec530ec 100644 --- a/clients/tools/ldapdelete.c +++ b/clients/tools/ldapdelete.c @@ -27,7 +27,7 @@ static char *ldaphost = NULL; static int ldapport = 0; static int prune = 0; #ifdef HAVE_CYRUS_SASL -static unsigned sasl_flags = LUTIL_SASL_AUTOMATIC; +static unsigned sasl_flags = LDAP_SASL_AUTOMATIC; static char *sasl_mech = NULL; static char *sasl_realm = NULL; static char *sasl_authc_id = NULL; @@ -142,6 +142,28 @@ main( int argc, char **argv ) } ldaphost = strdup( optarg ); break; + case 'I': +#ifdef HAVE_CYRUS_SASL + if( version == LDAP_VERSION2 ) { + fprintf( stderr, "%s: -I incompatible with version %d\n", + prog, version ); + return EXIT_FAILURE; + } + if( authmethod != -1 && authmethod != LDAP_AUTH_SASL ) { + fprintf( stderr, "%s: incompatible previous " + "authentication choice\n", + prog ); + return EXIT_FAILURE; + } + authmethod = LDAP_AUTH_SASL; + version = LDAP_VERSION3; + sasl_flags = LDAP_SASL_INTERACTIVE; + break; +#else + fprintf( stderr, "%s: was not compiled with SASL support\n", + prog ); + return( EXIT_FAILURE ); +#endif case 'k': /* kerberos bind */ #ifdef LDAP_API_FEATURE_X_OPENLDAP_V2_KBIND if( version > LDAP_VERSION2 ) { @@ -265,7 +287,8 @@ main( int argc, char **argv ) } authmethod = LDAP_AUTH_SASL; version = LDAP_VERSION3; - sasl_flags = LUTIL_SASL_QUIET; + sasl_flags = LDAP_SASL_QUIET; + break; #else fprintf( stderr, "%s: was not compiled with SASL support\n", prog ); @@ -507,7 +530,7 @@ main( int argc, char **argv ) } } - defaults = lutil_sasl_defaults( ld, sasl_flags, + defaults = lutil_sasl_defaults( ld, sasl_mech, sasl_realm, sasl_authc_id, @@ -516,7 +539,7 @@ main( int argc, char **argv ) rc = ldap_sasl_interactive_bind_s( ld, binddn, sasl_mech, NULL, NULL, - lutil_sasl_interact, defaults ); + sasl_flags, lutil_sasl_interact, defaults ); if( rc != LDAP_SUCCESS ) { ldap_perror( ld, "ldap_sasl_interactive_bind_s" ); diff --git a/clients/tools/ldapmodify.c b/clients/tools/ldapmodify.c index e5a2af05f2..a57c5852e5 100644 --- a/clients/tools/ldapmodify.c +++ b/clients/tools/ldapmodify.c @@ -39,7 +39,7 @@ static struct berval passwd = { 0, NULL }; static char *ldaphost = NULL; static int ldapport = 0; #ifdef HAVE_CYRUS_SASL -static unsigned sasl_flags = LUTIL_SASL_AUTOMATIC; +static unsigned sasl_flags = LDAP_SASL_AUTOMATIC; static char *sasl_realm = NULL; static char *sasl_authc_id = NULL; static char *sasl_authz_id = NULL; @@ -200,6 +200,28 @@ main( int argc, char **argv ) } ldaphost = strdup( optarg ); break; + case 'I': +#ifdef HAVE_CYRUS_SASL + if( version == LDAP_VERSION2 ) { + fprintf( stderr, "%s: -I incompatible with version %d\n", + prog, version ); + return EXIT_FAILURE; + } + if( authmethod != -1 && authmethod != LDAP_AUTH_SASL ) { + fprintf( stderr, "%s: incompatible previous " + "authentication choice\n", + prog ); + return EXIT_FAILURE; + } + authmethod = LDAP_AUTH_SASL; + version = LDAP_VERSION3; + sasl_flags = LDAP_SASL_INTERACTIVE; + break; +#else + fprintf( stderr, "%s: was not compiled with SASL support\n", + prog ); + return( EXIT_FAILURE ); +#endif case 'k': /* kerberos bind */ #ifdef LDAP_API_FEATURE_X_OPENLDAP_V2_KBIND if( version > LDAP_VERSION2 ) { @@ -323,7 +345,8 @@ main( int argc, char **argv ) } authmethod = LDAP_AUTH_SASL; version = LDAP_VERSION3; - sasl_flags = LUTIL_SASL_QUIET; + sasl_flags = LDAP_SASL_QUIET; + break; #else fprintf( stderr, "%s: was not compiled with SASL support\n", prog ); @@ -571,7 +594,7 @@ main( int argc, char **argv ) } } - defaults = lutil_sasl_defaults( ld, sasl_flags, + defaults = lutil_sasl_defaults( ld, sasl_mech, sasl_realm, sasl_authc_id, @@ -580,7 +603,7 @@ main( int argc, char **argv ) rc = ldap_sasl_interactive_bind_s( ld, binddn, sasl_mech, NULL, NULL, - lutil_sasl_interact, defaults ); + sasl_flags, lutil_sasl_interact, defaults ); if( rc != LDAP_SUCCESS ) { ldap_perror( ld, "ldap_sasl_interactive_bind_s" ); diff --git a/clients/tools/ldapmodrdn.c b/clients/tools/ldapmodrdn.c index 101a651c65..d30815bafc 100644 --- a/clients/tools/ldapmodrdn.c +++ b/clients/tools/ldapmodrdn.c @@ -37,7 +37,7 @@ static struct berval passwd = { 0, NULL }; static char *ldaphost = NULL; static int ldapport = 0; #ifdef HAVE_CYRUS_SASL -static unsigned sasl_flags = LUTIL_SASL_AUTOMATIC; +static unsigned sasl_flags = LDAP_SASL_AUTOMATIC; static char *sasl_realm = NULL; static char *sasl_authc_id = NULL; static char *sasl_authz_id = NULL; @@ -161,6 +161,28 @@ main(int argc, char **argv) } ldaphost = strdup( optarg ); break; + case 'I': +#ifdef HAVE_CYRUS_SASL + if( version == LDAP_VERSION2 ) { + fprintf( stderr, "%s: -I incompatible with version %d\n", + prog, version ); + return EXIT_FAILURE; + } + if( authmethod != -1 && authmethod != LDAP_AUTH_SASL ) { + fprintf( stderr, "%s: incompatible previous " + "authentication choice\n", + prog ); + return EXIT_FAILURE; + } + authmethod = LDAP_AUTH_SASL; + version = LDAP_VERSION3; + sasl_flags = LDAP_SASL_INTERACTIVE; + break; +#else + fprintf( stderr, "%s: was not compiled with SASL support\n", + prog ); + return( EXIT_FAILURE ); +#endif case 'k': /* kerberos bind */ #ifdef LDAP_API_FEATURE_X_OPENLDAP_V2_KBIND if( version > LDAP_VERSION2 ) { @@ -284,7 +306,8 @@ main(int argc, char **argv) } authmethod = LDAP_AUTH_SASL; version = LDAP_VERSION3; - sasl_flags = LUTIL_SASL_QUIET; + sasl_flags = LDAP_SASL_QUIET; + break; #else fprintf( stderr, "%s: was not compiled with SASL support\n", prog ); @@ -541,7 +564,7 @@ main(int argc, char **argv) } } - defaults = lutil_sasl_defaults( ld, sasl_flags, + defaults = lutil_sasl_defaults( ld, sasl_mech, sasl_realm, sasl_authc_id, @@ -550,7 +573,7 @@ main(int argc, char **argv) rc = ldap_sasl_interactive_bind_s( ld, binddn, sasl_mech, NULL, NULL, - lutil_sasl_interact, defaults ); + sasl_flags, lutil_sasl_interact, defaults ); if( rc != LDAP_SUCCESS ) { ldap_perror( ld, "ldap_sasl_interactive_bind_s" ); diff --git a/clients/tools/ldappasswd.c b/clients/tools/ldappasswd.c index be5f5d1b11..f3dc98047c 100644 --- a/clients/tools/ldappasswd.c +++ b/clients/tools/ldappasswd.c @@ -87,7 +87,7 @@ main( int argc, char *argv[] ) int authmethod = -1; int manageDSAit = 0; #ifdef HAVE_CYRUS_SASL - unsigned sasl_flags = LUTIL_SASL_AUTOMATIC; + unsigned sasl_flags = LDAP_SASL_AUTOMATIC; char *sasl_realm = NULL; char *sasl_authc_id = NULL; char *sasl_authz_id = NULL; @@ -167,6 +167,28 @@ main( int argc, char *argv[] ) } ldaphost = strdup( optarg ); break; + case 'I': +#ifdef HAVE_CYRUS_SASL + if( version == LDAP_VERSION2 ) { + fprintf( stderr, "%s: -I incompatible with version %d\n", + prog, version ); + return EXIT_FAILURE; + } + if( authmethod != -1 && authmethod != LDAP_AUTH_SASL ) { + fprintf( stderr, "%s: incompatible previous " + "authentication choice\n", + prog ); + return EXIT_FAILURE; + } + authmethod = LDAP_AUTH_SASL; + version = LDAP_VERSION3; + sasl_flags = LDAP_SASL_INTERACTIVE; + break; +#else + fprintf( stderr, "%s: was not compiled with SASL support\n", + prog ); + return( EXIT_FAILURE ); +#endif case 'k': /* kerberos bind */ #ifdef LDAP_API_FEATURE_X_OPENLDAP_V2_KBIND if( version > LDAP_VERSION2 ) { @@ -290,7 +312,8 @@ main( int argc, char *argv[] ) } authmethod = LDAP_AUTH_SASL; version = LDAP_VERSION3; - sasl_flags = LUTIL_SASL_QUIET; + sasl_flags = LDAP_SASL_QUIET; + break; #else fprintf( stderr, "%s: was not compiled with SASL support\n", prog ); @@ -566,7 +589,7 @@ main( int argc, char *argv[] ) } } - defaults = lutil_sasl_defaults( ld, sasl_flags, + defaults = lutil_sasl_defaults( ld, sasl_mech, sasl_realm, sasl_authc_id, @@ -575,7 +598,7 @@ main( int argc, char *argv[] ) rc = ldap_sasl_interactive_bind_s( ld, binddn, sasl_mech, NULL, NULL, - lutil_sasl_interact, defaults ); + sasl_flags, lutil_sasl_interact, defaults ); if( rc != LDAP_SUCCESS ) { ldap_perror( ld, "ldap_sasl_interactive_bind_s" ); diff --git a/clients/tools/ldapsearch.c b/clients/tools/ldapsearch.c index 01f0510584..fb894fd258 100644 --- a/clients/tools/ldapsearch.c +++ b/clients/tools/ldapsearch.c @@ -47,7 +47,7 @@ usage( const char *s ) "\t\t+ -- all operational attributes\n" "Search options:\n" -"\t-a deref\tdereference aliases: never (default), always, search, or find\n" +"\t-a deref\tone of never (default), always, search, or find\n" "\t-A\t\tretrieve attribute names only (no values)\n" "\t-b basedn\tbase dn for search\n" "\t-l limit\ttime limit (in seconds) for search\n" @@ -146,7 +146,7 @@ static char *base = NULL; static char *ldaphost = NULL; static int ldapport = 0; #ifdef HAVE_CYRUS_SASL -static unsigned sasl_flags = LUTIL_SASL_AUTOMATIC; +static unsigned sasl_flags = LDAP_SASL_AUTOMATIC; static char *sasl_realm = NULL; static char *sasl_authc_id = NULL; static char *sasl_authz_id = NULL; @@ -270,6 +270,28 @@ main( int argc, char **argv ) } ldaphost = strdup( optarg ); break; + case 'I': +#ifdef HAVE_CYRUS_SASL + if( version == LDAP_VERSION2 ) { + fprintf( stderr, "%s: -I incompatible with version %d\n", + prog, version ); + return EXIT_FAILURE; + } + if( authmethod != -1 && authmethod != LDAP_AUTH_SASL ) { + fprintf( stderr, "%s: incompatible previous " + "authentication choice\n", + prog ); + return EXIT_FAILURE; + } + authmethod = LDAP_AUTH_SASL; + version = LDAP_VERSION3; + sasl_flags = LDAP_SASL_INTERACTIVE; + break; +#else + fprintf( stderr, "%s: was not compiled with SASL support\n", + prog ); + return( EXIT_FAILURE ); +#endif case 'k': /* kerberos bind */ #ifdef LDAP_API_FEATURE_X_OPENLDAP_V2_KBIND if( version > LDAP_VERSION2 ) { @@ -393,7 +415,8 @@ main( int argc, char **argv ) } authmethod = LDAP_AUTH_SASL; version = LDAP_VERSION3; - sasl_flags = LUTIL_SASL_QUIET; + sasl_flags = LDAP_SASL_QUIET; + break; #else fprintf( stderr, "%s: was not compiled with SASL support\n", prog ); @@ -698,7 +721,7 @@ main( int argc, char **argv ) } } - defaults = lutil_sasl_defaults( ld, sasl_flags, + defaults = lutil_sasl_defaults( ld, sasl_mech, sasl_realm, sasl_authc_id, @@ -707,7 +730,7 @@ main( int argc, char **argv ) rc = ldap_sasl_interactive_bind_s( ld, binddn, sasl_mech, NULL, NULL, - lutil_sasl_interact, defaults ); + sasl_flags, lutil_sasl_interact, defaults ); if( rc != LDAP_SUCCESS ) { ldap_perror( ld, "ldap_sasl_interactive_bind_s" ); diff --git a/include/ldap.h b/include/ldap.h index 7162cc9063..540e095930 100644 --- a/include/ldap.h +++ b/include/ldap.h @@ -695,10 +695,22 @@ ldap_sasl_bind LDAP_P(( LDAPControl **clientctrls, int *msgidp )); -/* V3 SASL Interaction Function Callback Prototype */ -/* when using Cyrus SASL, interact is pointer to sasl_interact_t */ +/* Interaction flags (should be passed about in a control) + * Automatic (default): use defaults, prompt otherwise + * Interactive: prompt always + * Quiet: never prompt + */ +#define LDAP_SASL_AUTOMATIC 0U +#define LDAP_SASL_INTERACTIVE 1U +#define LDAP_SASL_QUIET 2U + +/* + * V3 SASL Interaction Function Callback Prototype + * when using Cyrus SASL, interact is pointer to sasl_interact_t + * should likely passed in a control (and provided controls) + */ typedef int (LDAP_SASL_INTERACT_PROC) LDAP_P(( - LDAP *ld, void* defaults, void *interact )); + LDAP *ld, unsigned flags, void* defaults, void *interact )); LDAP_F( int ) ldap_sasl_interactive_bind_s LDAP_P(( @@ -707,6 +719,9 @@ ldap_sasl_interactive_bind_s LDAP_P(( LDAP_CONST char *saslMechanism, LDAPControl **serverControls, LDAPControl **clientControls, + + /* should be client controls */ + unsigned flags, LDAP_SASL_INTERACT_PROC *proc, void *defaults )); diff --git a/include/lutil_ldap.h b/include/lutil_ldap.h index 0c5467c0e5..87e00c7562 100644 --- a/include/lutil_ldap.h +++ b/include/lutil_ldap.h @@ -21,19 +21,9 @@ LDAP_BEGIN_DECL -/* - * Automatic (default): use defaults, prompt otherwise - * Interactive: prompt always - * Quiet: never prompt - */ -#define LUTIL_SASL_AUTOMATIC 0U -#define LUTIL_SASL_INTERACTIVE 1U -#define LUTIL_SASL_QUIET 2U - LDAP_LUTIL_F( void * ) lutil_sasl_defaults LDAP_P(( LDAP *ld, - unsigned flags, char *mech, char *realm, char *authcid, @@ -42,7 +32,7 @@ lutil_sasl_defaults LDAP_P(( LDAP_LUTIL_F( int ) lutil_sasl_interact LDAP_P(( - LDAP *ld, void *defaults, void *p )); + LDAP *ld, unsigned flags, void *defaults, void *p )); LDAP_END_DECL diff --git a/libraries/libldap/cyrus.c b/libraries/libldap/cyrus.c index c6058fca2a..3349fc9942 100644 --- a/libraries/libldap/cyrus.c +++ b/libraries/libldap/cyrus.c @@ -455,6 +455,7 @@ ldap_int_sasl_bind( const char *mechs, LDAPControl **sctrls, LDAPControl **cctrls, + unsigned flags, LDAP_SASL_INTERACT_PROC *interact, void * defaults ) { @@ -519,14 +520,16 @@ ldap_int_sasl_bind( if( pmech == NULL && mech != NULL ) { pmech = mech; - fprintf(stderr, - "SASL/%s authentication started\n", - pmech ); + if( flags != LDAP_SASL_QUIET ) { + fprintf(stderr, + "SASL/%s authentication started\n", + pmech ); + } } if( saslrc == SASL_INTERACT ) { if( !interact ) break; - rc = (interact)( ld, defaults, prompts ); + rc = (interact)( ld, flags, defaults, prompts ); if( rc != LDAP_SUCCESS ) { break; } @@ -575,7 +578,7 @@ ldap_int_sasl_bind( if( saslrc == SASL_INTERACT ) { int res; if( !interact ) break; - res = (interact)( ld, defaults, prompts ); + rc = (interact)( ld, flags, defaults, prompts ); if( res != LDAP_SUCCESS ) { break; } @@ -595,24 +598,30 @@ ldap_int_sasl_bind( /* likely should add a quiet option */ - saslrc = sasl_getprop( ctx, SASL_USERNAME, (void **) &data ); - if( saslrc == SASL_OK ) { - fprintf( stderr, "SASL username: %s\n", data ); - } + if( flags != LDAP_SASL_QUIET ) { + saslrc = sasl_getprop( ctx, SASL_USERNAME, (void **) &data ); + if( saslrc == SASL_OK ) { + fprintf( stderr, "SASL username: %s\n", data ); + } - saslrc = sasl_getprop( ctx, SASL_REALM, (void **) &data ); - if( saslrc == SASL_OK ) { - fprintf( stderr, "SASL realm: %s\n", data ); + saslrc = sasl_getprop( ctx, SASL_REALM, (void **) &data ); + if( saslrc == SASL_OK ) { + fprintf( stderr, "SASL realm: %s\n", data ); + } } saslrc = sasl_getprop( ctx, SASL_SSF, (void **) &ssf ); if( saslrc == SASL_OK ) { - fprintf( stderr, "SASL SSF: %lu\n", - (unsigned long) *ssf ); + if( flags != LDAP_SASL_QUIET ) { + fprintf( stderr, "SASL SSF: %lu\n", + (unsigned long) *ssf ); + } #ifdef LDAP_SASL_SECURITY_LAYER if( ssf && *ssf ) { - fprintf( stderr, "SASL installing layers\n" ); + if( flags != LDAP_SASL_QUIET ) { + fprintf( stderr, "SASL installing layers\n" ); + } ldap_pvt_sasl_install( ld->ld_sb, ctx ); } #endif diff --git a/libraries/libldap/ldap-int.h b/libraries/libldap/ldap-int.h index 51939c3701..53fad1e0ea 100644 --- a/libraries/libldap/ldap-int.h +++ b/libraries/libldap/ldap-int.h @@ -556,8 +556,11 @@ LDAP_F (int) ldap_int_sasl_bind LDAP_P(( const char *, const char *, LDAPControl **, LDAPControl **, + + /* should be passed in client controls */ + unsigned flags, LDAP_SASL_INTERACT_PROC *interact, - void *defaults)); + void *defaults )); /* * in tls.c diff --git a/libraries/libldap/sasl.c b/libraries/libldap/sasl.c index c63efd5d0d..a98f41e205 100644 --- a/libraries/libldap/sasl.c +++ b/libraries/libldap/sasl.c @@ -410,6 +410,7 @@ ldap_sasl_interactive_bind_s( LDAP_CONST char *mechs, LDAPControl **serverControls, LDAPControl **clientControls, + unsigned flags, LDAP_SASL_INTERACT_PROC *interact, void *defaults ) { @@ -438,7 +439,7 @@ ldap_sasl_interactive_bind_s( rc = ldap_int_sasl_bind( ld, dn, mechs, serverControls, clientControls, - interact, defaults ); + flags, interact, defaults ); return rc; } diff --git a/libraries/liblutil/sasl.c b/libraries/liblutil/sasl.c index c1636e639e..743758f815 100644 --- a/libraries/liblutil/sasl.c +++ b/libraries/liblutil/sasl.c @@ -20,7 +20,6 @@ typedef struct lutil_sasl_defaults_s { - unsigned flags; char *mech; char *realm; char *authcid; @@ -32,7 +31,6 @@ typedef struct lutil_sasl_defaults_s { void * lutil_sasl_defaults( LDAP *ld, - unsigned flags, char *mech, char *realm, char *authcid, @@ -45,7 +43,6 @@ lutil_sasl_defaults( if( defaults == NULL ) return NULL; - defaults->flags = flags; defaults->mech = mech; defaults->realm = realm; defaults->authcid = authcid; @@ -69,9 +66,10 @@ lutil_sasl_defaults( } static int interaction( - sasl_interact_t *interact, lutilSASLdefaults *defaults ) + unsigned flags, + sasl_interact_t *interact, + lutilSASLdefaults *defaults ) { - unsigned flags = defaults ? defaults->flags : 0; const char *dflt = interact->defresult; char input[1024]; @@ -103,11 +101,11 @@ static int interaction( if( dflt && !*dflt ) dflt = NULL; - if( flags != LUTIL_SASL_INTERACTIVE && dflt ) { + if( flags != LDAP_SASL_INTERACTIVE && dflt ) { goto use_default; } - if( flags == LUTIL_SASL_QUIET ) { + if( flags == LDAP_SASL_QUIET ) { /* don't prompt */ return LDAP_OTHER; } @@ -180,15 +178,18 @@ use_default: int lutil_sasl_interact( LDAP *ld, + unsigned flags, void *defaults, void *in ) { sasl_interact_t *interact = in; - fputs( "SASL Interaction\n", stderr ); + if( flags != LDAP_SASL_QUIET ) { + fputs( "SASL Interaction\n", stderr ); + } while( interact->id != SASL_CB_LIST_END ) { - int rc = interaction( interact, defaults ); + int rc = interaction( flags, interact, defaults ); if( rc ) return rc; interact++;