From c8ca70f3ae5c8d3b390ec21d31762766820d94ff Mon Sep 17 00:00:00 2001 From: Kurt Zeilenga Date: Fri, 14 Jul 2000 22:00:16 +0000 Subject: [PATCH] Fix callbacks. --- libraries/libldap/cyrus.c | 25 +++++++++++----------- servers/slapd/sasl.c | 45 +++++++++++++++++++++++++++++++-------- 2 files changed, 49 insertions(+), 21 deletions(-) diff --git a/libraries/libldap/cyrus.c b/libraries/libldap/cyrus.c index da4bc62dab..d06ef3269e 100644 --- a/libraries/libldap/cyrus.c +++ b/libraries/libldap/cyrus.c @@ -34,7 +34,7 @@ int ldap_int_sasl_init( void ) /* XXX not threadsafe */ static int sasl_initialized = 0; - sasl_callback_t client_callbacks[] = { + static sasl_callback_t client_callbacks[] = { #ifdef SASL_CB_GETREALM { SASL_CB_GETREALM, NULL, NULL }, #endif @@ -381,17 +381,18 @@ ldap_int_sasl_open( int rc; sasl_conn_t *ctx; - sasl_callback_t session_callbacks[] = { -#ifdef SASL_CB_GETREALM - { SASL_CB_GETREALM, NULL, NULL }, -#endif - { SASL_CB_USER, NULL, NULL }, - { SASL_CB_AUTHNAME, NULL, NULL }, - { SASL_CB_PASS, NULL, NULL }, - { SASL_CB_ECHOPROMPT, NULL, NULL }, - { SASL_CB_NOECHOPROMPT, NULL, NULL }, - { SASL_CB_LIST_END, NULL, NULL } - }; + sasl_callback_t *session_callbacks = + ber_memcalloc( 2, sizeof( sasl_callback_t ) ); + + if( session_callbacks == NULL ) return LDAP_NO_MEMORY; + + session_callbacks[0].id = SASL_CB_USER; + session_callbacks[0].proc = NULL; + session_callbacks[0].context = ld; + + session_callbacks[1].id = SASL_CB_LIST_END; + session_callbacks[1].proc = NULL; + session_callbacks[1].context = NULL; assert( lc->lconn_sasl_ctx == NULL ); diff --git a/servers/slapd/sasl.c b/servers/slapd/sasl.c index 9f4b98978f..a877f63d40 100644 --- a/servers/slapd/sasl.c +++ b/servers/slapd/sasl.c @@ -68,30 +68,48 @@ sasl_cb_log( } static int -slap_sasl_proxy_policy( +slap_sasl_authorize( void *context, const char *authcid, const char *authzid, const char **user, const char **errstr) { + Connection *conn = context; char *canon = NULL; - if ( !authcid || *authcid ) { + if ( authcid == NULL || *authcid == '\0' ) { *errstr = "empty authentication identity"; + + Debug( LDAP_DEBUG_TRACE, "SASL Authorize [conn=%ld]: " + "empty authentication identity\n", + (long) (conn ? conn->c_connid : -1), + 0, 0 ); return SASL_BADAUTH; } - if ( !authzid || *authzid ) { + if ( authzid == NULL || *authzid == '\0' || + strcmp( authcid, authzid ) == 0 ) + { size_t len = sizeof("u:") + strlen( authcid ); canon = ch_malloc( len ); strcpy( canon, "u:" ); strcpy( &canon[sizeof("u:")-1], authcid ); *user = canon; + + Debug( LDAP_DEBUG_TRACE, "SASL Authorize [conn=%ld]: " + "\"%s\" as \"%s\"\n", + (long) (conn ? conn->c_connid : -1), + authcid, canon ); return SASL_OK; } + Debug( LDAP_DEBUG_TRACE, "SASL Authorize [conn=%ld]: " + "\"%s\" as \"%s\" disallowed. No policy.\n", + (long) (conn ? conn->c_connid : -1), + authcid, authzid ); + *errstr = "no proxy policy"; return SASL_BADAUTH; } @@ -140,7 +158,7 @@ int slap_sasl_init( void ) #ifdef HAVE_CYRUS_SASL int rc; sasl_conn_t *server = NULL; - sasl_callback_t server_callbacks[] = { + static sasl_callback_t server_callbacks[] = { { SASL_CB_LOG, &sasl_cb_log, NULL }, { SASL_CB_LIST_END, NULL, NULL } }; @@ -213,11 +231,20 @@ int slap_sasl_open( Connection *conn ) #ifdef HAVE_CYRUS_SASL sasl_conn_t *ctx = NULL; - sasl_callback_t session_callbacks[] = { - { SASL_CB_LOG, &sasl_cb_log, conn }, - { SASL_CB_PROXY_POLICY, &slap_sasl_proxy_policy, conn }, - { SASL_CB_LIST_END, NULL, NULL } - }; + sasl_callback_t *session_callbacks = + ch_calloc( 3, sizeof(sasl_callback_t)); + + session_callbacks[0].id = SASL_CB_LOG; + session_callbacks[0].proc = &sasl_cb_log; + session_callbacks[0].context = conn; + + session_callbacks[1].id = SASL_CB_PROXY_POLICY; + session_callbacks[1].proc = &slap_sasl_authorize; + session_callbacks[1].context = conn; + + session_callbacks[2].id = SASL_CB_LIST_END; + session_callbacks[2].proc = NULL; + session_callbacks[2].context = NULL; /* create new SASL context */ sc = sasl_server_new( "ldap", sasl_host, global_realm, -- 2.39.5