2N/A * Copyright (c) 2003, 2011, Oracle and/or its affiliates. All rights reserved. 2N/A/* SASL server API implementation 2N/A * Copyright (c) 1998-2003 Carnegie Mellon University. All rights reserved. 2N/A * Redistribution and use in source and binary forms, with or without 2N/A * modification, are permitted provided that the following conditions 2N/A * 1. Redistributions of source code must retain the above copyright 2N/A * notice, this list of conditions and the following disclaimer. 2N/A * 2. Redistributions in binary form must reproduce the above copyright 2N/A * notice, this list of conditions and the following disclaimer in 2N/A * the documentation and/or other materials provided with the 2N/A * 3. The name "Carnegie Mellon University" must not be used to 2N/A * endorse or promote products derived from this software without 2N/A * prior written permission. For permission or any other legal 2N/A * details, please contact 2N/A * Office of Technology Transfer 2N/A * Carnegie Mellon University 2N/A * 5000 Forbes Avenue 2N/A * Pittsburgh, PA 15213-3890 2N/A * (412) 268-4387, fax: (412) 268-7395 2N/A * tech-transfer@andrew.cmu.edu 2N/A * 4. Redistributions of any form whatsoever must retain the following 2N/A * "This product includes software developed by Computing Services 2N/A * CARNEGIE MELLON UNIVERSITY DISCLAIMS ALL WARRANTIES WITH REGARD TO 2N/A * THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY 2N/A * AND FITNESS, IN NO EVENT SHALL CARNEGIE MELLON UNIVERSITY BE LIABLE 2N/A * FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 2N/A * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN 2N/A * AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING 2N/A * OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 2N/A * client_plug_mutex ensures only one client plugin is init'ed at a time 2N/A * If a plugin is loaded more than once, the glob_context may be overwritten 2N/A * which may lead to a memory leak. We keep glob_context with each mech 2N/A * to avoid this problem. 2N/A#
endif /* _SUN_SDK_ */ 2N/A#
endif /* _SUN_SDK_ */ 2N/A#
endif /* _SUN_SDK_ */ 2N/A#
endif /* _SUN_SDK_ */ 2N/A /* Don't de-init yet! Our refcount is nonzero. */ 2N/A /* Don't de-init yet! Our refcount is nonzero. */ 2N/A#
endif /* _SUN_SDK_ */ 2N/A#
endif /* _SUN_SDK_ */ 2N/A#
endif /* _SUN_SDK_ */ 2N/A /* EXPORT DELETE START */ 2N/A /* CRYPT DELETE START */ 2N/A /* CRYPT DELETE END */ 2N/A /* EXPORT DELETE END */ 2N/A#
endif /* _INTEGRATED_SOLARIS_ */ 2N/A#
endif /* _SUN_SDK_ */ 2N/A /* Check to see if this plugin has already been registered */ 2N/A#
endif /* _SUN_SDK_ */ 2N/A /* EXPORT DELETE START */ 2N/A /* CRYPT DELETE START */ 2N/A#
endif /* _INTEGRATED_SOLARIS_ */ 2N/A /* CRYPT DELETE END */ 2N/A /* EXPORT DELETE END */ 2N/A "entry_point failed in sasl_client_add_plugin for %s",
2N/A "entry_point failed in sasl_client_add_plugin for %s",
2N/A#
endif /* _SUN_SDK_ */ 2N/A "version conflict in sasl_client_add_plugin for %s",
plugname);
2N/A "version conflict in sasl_client_add_plugin for %s",
plugname);
2N/A#
endif /* _SUN_SDK_ */ 2N/A /* Check plugins to make sure mech_name is non-NULL */ 2N/A#
endif /* _SUN_SDK_ */ 2N/A#
endif /* _SUN_SDK_ */ 2N/A#
endif /* _SUN_SDK_ */ 2N/A /* EXPORT DELETE START */ 2N/A /* CRYPT DELETE START */ 2N/A#
endif /* _INTEGRATED_SOLARIS_ */ 2N/A /* CRYPT DELETE END */ 2N/A /* EXPORT DELETE END */ 2N/A#
endif /* _SUN_SDK_ */ 2N/A#
endif /* _SUN_SDK_ */ 2N/A#
endif /* _SUN_SDK_ */ 2N/A#
endif /* _SUN_SDK_ */ 2N/A/* initialize the SASL client drivers 2N/A * callbacks -- base callbacks for all client connections 2N/A * SASL_OK -- Success 2N/A * SASL_NOMEM -- Not enough memory 2N/A * SASL_BADVERS -- Mechanism version mismatch 2N/A * SASL_BADPARAM -- error in config file 2N/A * SASL_NOMECH -- No mechanisms available 2N/A /* We're already active, just increase our refcount */ 2N/A /* xxx do something with the callback structure? */ 2N/A /* We're already active, just increase our refcount */ 2N/A /* xxx do something with the callback structure? */ 2N/A /* We need to call client_done if we fail now */ 2N/A#
endif /* _SUN_SDK_ */ 2N/A#
endif /* _SUN_SDK_ */ 2N/A /* If sasl_client_init returns error, sasl_done() need not be called */ 2N/A#
endif /* _SUN_SDK_ */ 2N/A#
endif /* _SUN_SDK_ */ 2N/A#
endif /* _SUN_SDK_ */ 2N/A#
endif /* _SUN_SDK_ */ 2N/A/* initialize a client exchange based on the specified mechanism 2N/A * service -- registered name of the service using SASL (e.g. "imap") 2N/A * serverFQDN -- the fully qualified domain name of the server 2N/A * iplocalport -- client IPv4/IPv6 domain literal string with port 2N/A * (if NULL, then mechanisms requiring IPaddr are disabled) 2N/A * ipremoteport -- server IPv4/IPv6 domain literal string with port 2N/A * (if NULL, then mechanisms requiring IPaddr are disabled) 2N/A * prompt_supp -- list of client interactions supported 2N/A * may also include sasl_getopt_t context & call 2N/A * NULL proc = interaction supported via SASL_INTERACT 2N/A * secflags -- security flags (see above) 2N/A * pconn -- connection negotiation structure 2N/A * pointer to NULL => allocate new 2N/A * non-NULL => recycle storage and go for next available mech 2N/A * SASL_OK -- success 2N/A * SASL_NOMECH -- no mechanism meets requested properties 2N/A * SASL_NOMEM -- not enough memory 2N/A#
endif /* _SUN_SDK_ */ 2N/A#
endif /* _SUN_SDK_ */ 2N/A /* Remember, iplocalport and ipremoteport can be NULL and be valid! */ 2N/A "Out of memory allocating connection context");
2N/A "Out of memory allocating connection context");
2N/A#
endif /* _SUN_SDK_ */ 2N/A#
endif /* _SUN_SDK_ */ 2N/A#
endif /* _SUN_SDK_ */ 2N/A#
endif /* _SUN_SDK_ */ 2N/A /* Setup the non-lazy parts of cparams, the rest is done in 2N/A * sasl_client_start */ 2N/A /* get the clientFQDN (serverFQDN was set in _sasl_conn_init) */ 2N/A#
endif /* _SUN_SDK_ */ 2N/A /* result isn't SASL_OK */ 2N/A "Out of memory in sasl_client_new");
2N/A#
endif /* _SUN_SDK_ */ 2N/A return 0;
/* we don't have this required prompt */ 2N/A return 1;
/* we have all the prompts */ 2N/A/* select a mechanism for a connection 2N/A * mechlist -- mechanisms server has available (punctuation ignored) 2N/A * secret -- optional secret from previous session 2N/A * prompt_need -- on SASL_INTERACT, list of prompts needed to continue 2N/A * clientout -- the initial client response to send to the server 2N/A * mech -- set to mechanism name 2N/A * SASL_OK -- success 2N/A * SASL_NOMEM -- not enough memory 2N/A * SASL_NOMECH -- no mechanism meets requested properties 2N/A * SASL_INTERACT -- user interaction needed to fill in prompt_need list 2N/A/* xxx confirm this with rfc 2222 2N/A * SASL mechanism allowable characters are "AZaz-_" 2N/A * separators can be any other characters and of any length 2N/A * even variable lengths between 2N/A * Apps should be encouraged to simply use space or comma space 2N/A#
endif /* _SUN_SDK_ */ 2N/A /* verify parameters */ 2N/A /* if prompt_need != NULL we've already been here 2N/A and just need to do the continue step again */ 2N/A /* FIXME: Hopefully they only give us our own prompt_need back */ 2N/A#
endif /* _SUN_SDK_ */ 2N/A /* parse mechlist */ 2N/A /* foreach in server list */ 2N/A /* Is this the mechanism the server is suggesting? */ 2N/A /* Do we have the prompts for it? */ 2N/A /* Is it strong enough? */ 2N/A /* EXPORT DELETE START */ 2N/A /* CRYPT DELETE START */ 2N/A /* If not SUN supplied mech, it has no strength */ 2N/A#
endif /* _INTEGRATED_SOLARIS_ */ 2N/A /* CRYPT DELETE END */ 2N/A /* EXPORT DELETE END */ 2N/A /* Does it meet our security properties? */ 2N/A /* if there's an external layer this is no longer plaintext */ 2N/A /* Can we meet it's features? */ 2N/A /* Can it meet our features? */ 2N/A /* EXPORT DELETE START */ 2N/A /* CRYPT DELETE START */ 2N/A /* CRYPT DELETE END */ 2N/A /* EXPORT DELETE END */ 2N/A /* EXPORT DELETE START */ 2N/A /* CRYPT DELETE START */ 2N/A#
endif /* _INTEGRATED_SOLARIS_ */ 2N/A /* CRYPT DELETE END */ 2N/A /* EXPORT DELETE END */ 2N/A /* this mechanism isn't our favorite, and it's no better 2N/A than what we already have! */ 2N/A /* EXPORT DELETE START */ 2N/A /* CRYPT DELETE START */ 2N/A /* CRYPT DELETE END */ 2N/A /* EXPORT DELETE END */ 2N/A /* EXPORT DELETE START */ 2N/A /* CRYPT DELETE START */ 2N/A#
endif /* _INTEGRATED_SOLARIS_ */ 2N/A /* CRYPT DELETE END */ 2N/A /* EXPORT DELETE END */ 2N/A /* this mechanism is no better than what we already have! */ 2N/A /* compare security flags, only take new mechanism if it has 2N/A * all the security flags of the previous one. 2N/A * From the mechanisms we ship with, this yields the order: 2N/A * GSSAPI + KERBEROS_V4 2N/A * PLAIN + LOGIN + ANONYMOUS 2N/A * This might be improved on by comparing the numeric value of 2N/A * are depending on the numeric values of the flags (which may 2N/A * change, and their ordering could be considered dumb luck. 2N/A /* EXPORT DELETE START */ 2N/A /* CRYPT DELETE START */ 2N/A /* CRYPT DELETE END */ 2N/A /* EXPORT DELETE END */ 2N/A /* EXPORT DELETE START */ 2N/A /* CRYPT DELETE START */ 2N/A#
endif /* _INTEGRATED_SOLARIS_ */ 2N/A /* CRYPT DELETE END */ 2N/A /* EXPORT DELETE END */ 2N/A#
endif /* _INTEGRATED_SOLARIS_ */ 2N/A /* make (the rest of) cparams */ 2N/A /* EXPORT DELETE START */ 2N/A /* CRYPT DELETE START */ 2N/A#
endif /* _INTEGRATED_SOLARIS_ */ 2N/A /* CRYPT DELETE END */ 2N/A /* EXPORT DELETE END */ 2N/A /* init that plugin */ 2N/A#
endif /* _SUN_SDK_ */ 2N/A /* do a step -- but only if we can do a client-send-first */ 2N/A/* do a single authentication step. 2N/A * serverin -- the server message received by the client, MUST have a NUL 2N/A * sentinel, not counted by serverinlen 2N/A * prompt_need -- on SASL_INTERACT, list of prompts needed to continue 2N/A * clientout -- the client response to send to the server 2N/A * SASL_OK -- success 2N/A * SASL_INTERACT -- user interaction needed to fill in prompt_need list 2N/A * SASL_BADSERV -- server failed mutual auth 2N/A#
endif /* _SUN_SDK_ */ 2N/A /* check parameters */ 2N/A /* Don't do another step if the plugin told us that we're done */ 2N/A /* So we're done on this end, but if both 2N/A * 1. the mech does server-send-last 2N/A * 2. the protocol does not 2N/A * we need to return no data */ 2N/A "mech did not call canon_user for both authzid and authid");
2N/A "mech did not call canon_user for both authzid and authid");
2N/A#
endif /* _SUN_SDK_ */ 2N/A/* returns the length of all the mechanisms 2N/A#
endif /* _SUN_SDK_ */ 2N/A#
endif /* _SUN_SDK_ */ 2N/A#
endif /* _SUN_SDK_ */ 2N/A#
endif /* _SUN_SDK_ */ 2N/A /* do we have the prompts for it? */ 2N/A /* is it strong enough? */ 2N/A /* EXPORT DELETE START */ 2N/A /* CRYPT DELETE START */ 2N/A /* If not SUN supplied mech, it has no strength */ 2N/A#
endif /* _INTEGRATED_SOLARIS_ */ 2N/A /* CRYPT DELETE END */ 2N/A /* EXPORT DELETE END */ 2N/A /* does it meet our security properties? */ 2N/A /* Can we meet it's features? */ 2N/A /* Can it meet our features? */ 2N/A /* Okay, we like it, add it to the list! */ 2N/A /* print separator */ 2N/A /* now print the mechanism name */ 2N/A#
endif /* _SUN_SDK_ */ 2N/A#
endif /* _SUN_SDK_ */