From: Kurt Zeilenga <kurt@openldap.org>
Date: Tue, 3 Aug 1999 02:37:42 +0000 (+0000)
Subject: Add a little SASL framework and remove old X-DIGEST-MD5 hardcode.
X-Git-Tag: TWEB_OL_BASE~318
X-Git-Url: https://git.sur5r.net/?a=commitdiff_plain;h=f90ed5aef8f41ee90e1f67b0badbb793cb99f3ed;p=openldap

Add a little SASL framework and remove old X-DIGEST-MD5 hardcode.
This code is not called (yet).
---

diff --git a/configure b/configure
index fd79ea9437..40a2a636d9 100755
--- a/configure
+++ b/configure
@@ -10492,7 +10492,7 @@ fi
 		if test $have_cyrus_sasl != no ; then
 			LUTIL_LIBS="$LUTIL_LIBS -lsasl"
 			cat >> confdefs.h <<\EOF
-#define HAVE_CRYUS_SASL 1
+#define HAVE_CYRUS_SASL 1
 EOF
 
 			ol_link_sasl=yes
diff --git a/configure.in b/configure.in
index 54ea8bdf31..6cce7a6648 100644
--- a/configure.in
+++ b/configure.in
@@ -1653,7 +1653,7 @@ if test $ol_with_cyrus_sasl != no ; then
 
 		if test $have_cyrus_sasl != no ; then
 			LUTIL_LIBS="$LUTIL_LIBS -lsasl"
-			AC_DEFINE(HAVE_CRYUS_SASL,1,[define if you have Cyrus SASL])
+			AC_DEFINE(HAVE_CYRUS_SASL,1,[define if you have Cyrus SASL])
 			ol_link_sasl=yes
 		fi
 	fi
diff --git a/include/portable.h.in b/include/portable.h.in
index c18e14bc6f..f8a74c960c 100644
--- a/include/portable.h.in
+++ b/include/portable.h.in
@@ -700,7 +700,7 @@
 #undef NO_TERMCAP
 
 /* define if you have Cyrus SASL */
-#undef HAVE_CRYUS_SASL
+#undef HAVE_CYRUS_SASL
 
 /* define if you actually have FreeBSD fetch(3) */
 #undef HAVE_FETCH
diff --git a/servers/slapd/Makefile.in b/servers/slapd/Makefile.in
index 8285e58ea6..8106d61dcd 100644
--- a/servers/slapd/Makefile.in
+++ b/servers/slapd/Makefile.in
@@ -11,7 +11,7 @@ SRCS	= main.c daemon.c connection.c search.c filter.c add.c charray.c \
 		phonetic.c acl.c str2filter.c aclparse.c init.c user.c \
 		repl.c lock.c controls.c extended.c \
 		schema.c schemaparse.c monitor.c configinfo.c \
-		root_dse.c module.c suffixalias.c
+		root_dse.c sasl.c module.c suffixalias.c
 OBJS	= main.o daemon.o connection.o search.o filter.o add.o charray.o \
 		attr.o entry.o config.o backend.o result.o operation.o \
 		dn.o compare.o modify.o delete.o modrdn.o ch_malloc.o \
@@ -19,7 +19,7 @@ OBJS	= main.o daemon.o connection.o search.o filter.o add.o charray.o \
 		phonetic.o acl.o str2filter.o aclparse.o init.o user.o \
 		repl.o lock.o controls.o extended.o \
 		schema.o schemaparse.o monitor.o configinfo.o \
-		root_dse.o module.o suffixalias.o
+		root_dse.o sasl.o module.o suffixalias.o
 
 LDAP_INCDIR= ../../include
 LDAP_LIBDIR= ../../libraries
diff --git a/servers/slapd/bind.c b/servers/slapd/bind.c
index bbd2f9d5fd..7094b6a71f 100644
--- a/servers/slapd/bind.c
+++ b/servers/slapd/bind.c
@@ -21,10 +21,7 @@
 
 #include "slap.h"
 
-char *supportedSASLMechanisms[] = {
-	"X-DIGEST-MD5",
-	NULL
-};
+char **supportedSASLMechanisms = NULL;
 
 int
 do_bind(
diff --git a/servers/slapd/proto-slap.h b/servers/slapd/proto-slap.h
index 473927dcaf..ea41602032 100644
--- a/servers/slapd/proto-slap.h
+++ b/servers/slapd/proto-slap.h
@@ -243,7 +243,7 @@ int load_module LDAP_P(( const char* file_name, int argc, char *argv[] ));
  */
 extern char *supportedExtensions[];
 extern char *supportedControls[];
-extern char *supportedSASLMechanisms[];
+extern char **supportedSASLMechanisms;
 
 void monitor_info LDAP_P((
 	Connection *conn,
diff --git a/servers/slapd/root_dse.c b/servers/slapd/root_dse.c
index 361f7bc4e3..13e7a9258a 100644
--- a/servers/slapd/root_dse.c
+++ b/servers/slapd/root_dse.c
@@ -88,10 +88,12 @@ root_dse_info( Connection *conn, Operation *op, char **attrs, int attrsonly )
 	}
 
 	/* supportedSASLMechanism */
-	for ( i=0; supportedSASLMechanisms[i] != NULL; i++ ) {
-		val.bv_val = supportedSASLMechanisms[i];
-		val.bv_len = strlen( val.bv_val );
-		attr_merge( e, "supportedSASLMechanisms", vals );
+	if( supportedSASLMechanisms != NULL ) {
+		for ( i=0; supportedSASLMechanisms[i] != NULL; i++ ) {
+			val.bv_val = supportedSASLMechanisms[i];
+			val.bv_len = strlen( val.bv_val );
+			attr_merge( e, "supportedSASLMechanisms", vals );
+		}
 	}
 
 	if ( default_referral != NULL ) {
diff --git a/servers/slapd/sasl.c b/servers/slapd/sasl.c
new file mode 100644
index 0000000000..b2cf4fc1f4
--- /dev/null
+++ b/servers/slapd/sasl.c
@@ -0,0 +1,93 @@
+#include "portable.h"
+
+#ifdef HAVE_CYRUS_SASL
+
+#include <stdio.h>
+
+#include "slap.h"
+#include "proto-slap.h"
+
+#include <lber.h>
+#include <ldap_log.h>
+
+#ifdef MAIN
+#undef Debug
+#define Debug(x,s,a,b,c) fprintf(stderr, s, a, b, c)
+#endif
+
+#include <sasl.h>
+
+/* sasl server context */
+static sasl_conn_t *server = NULL;
+
+int sasl_init( void )
+{
+	int rc;
+	char *data;
+	unsigned len, count;
+	sasl_security_properties_t secprops;
+
+	rc = sasl_server_init( NULL, "slapd" );
+
+	if( rc != SASL_OK ) {
+		Debug( LDAP_DEBUG_ANY, "sasl_server_init failed\n",
+			0, 0, 0 );
+		exit(-1);
+	}
+
+	rc = sasl_server_new( "ldap", NULL, NULL, NULL,
+		SASL_SECURITY_LAYER, 
+		&server );
+
+	if( rc != SASL_OK ) {
+		Debug( LDAP_DEBUG_ANY, "sasl_server_new failed\n",
+			0, 0, 0 );
+		exit(-1);
+	}
+
+	memset(&secprops, 0, sizeof(secprops));
+	secprops.security_flags = SASL_SEC_NOPLAINTEXT | SASL_SEC_NOANONYMOUS;
+	secprops.property_names = NULL;
+	secprops.property_values = NULL;
+	
+	rc = sasl_setprop( server, SASL_SEC_PROPS, &secprops );
+
+	if( rc != SASL_OK ) {
+		Debug( LDAP_DEBUG_ANY, "sasl_setprop failed\n",
+			0, 0, 0 );
+		exit(-1);
+	}
+
+	rc = sasl_listmech( server, NULL, NULL, ",", NULL,
+		&data, &len, &count);
+
+	if( rc != SASL_OK ) {
+		Debug( LDAP_DEBUG_ANY, "sasl_listmech failed: %d\n",
+			rc, 0, 0 );
+		exit(-1);
+	}
+
+	Debug( LDAP_DEBUG_TRACE, "SASL mechanisms: %s\n",
+		data, 0, 0 );
+
+	return 0;
+}
+
+int sasl_destory( void )
+{
+	if( server != NULL ) {
+		sasl_dispose( &server );
+	}
+}
+
+#ifdef MAIN
+int main( int argc, char* argv[] )
+{
+	int rc = sasl_init();
+
+	sasl_destory();
+
+	exit(rc);
+}
+#endif
+#endif