2N/A/*
2N/A * Copyright 2004 Sun Microsystems, Inc. All rights reserved.
2N/A * Use is subject to license terms.
2N/A */
2N/A#pragma ident "%Z%%M% %I% %E% SMI"
2N/A
2N/A/* SASL server API implementation
2N/A * Rob Siemborski
2N/A * Tim Martin
2N/A * $Id: external.c,v 1.19 2003/04/08 17:30:54 rjs3 Exp $
2N/A */
2N/A/*
2N/A * Copyright (c) 1998-2003 Carnegie Mellon University. All rights reserved.
2N/A *
2N/A * Redistribution and use in source and binary forms, with or without
2N/A * modification, are permitted provided that the following conditions
2N/A * are met:
2N/A *
2N/A * 1. Redistributions of source code must retain the above copyright
2N/A * notice, this list of conditions and the following disclaimer.
2N/A *
2N/A * 2. Redistributions in binary form must reproduce the above copyright
2N/A * notice, this list of conditions and the following disclaimer in
2N/A * the documentation and/or other materials provided with the
2N/A * distribution.
2N/A *
2N/A * 3. The name "Carnegie Mellon University" must not be used to
2N/A * endorse or promote products derived from this software without
2N/A * prior written permission. For permission or any other legal
2N/A * details, please contact
2N/A * Office of Technology Transfer
2N/A * Carnegie Mellon University
2N/A * 5000 Forbes Avenue
2N/A * Pittsburgh, PA 15213-3890
2N/A * (412) 268-4387, fax: (412) 268-7395
2N/A * tech-transfer@andrew.cmu.edu
2N/A *
2N/A * 4. Redistributions of any form whatsoever must retain the following
2N/A * acknowledgment:
2N/A * "This product includes software developed by Computing Services
2N/A * at Carnegie Mellon University (http://www.cmu.edu/computing/)."
2N/A *
2N/A * CARNEGIE MELLON UNIVERSITY DISCLAIMS ALL WARRANTIES WITH REGARD TO
2N/A * THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
2N/A * AND FITNESS, IN NO EVENT SHALL CARNEGIE MELLON UNIVERSITY BE LIABLE
2N/A * FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
2N/A * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN
2N/A * AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING
2N/A * OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
2N/A */
2N/A
2N/A#include <config.h>
2N/A#include <stdio.h>
2N/A#include <stdlib.h>
2N/A#include <limits.h>
2N/A#include <ctype.h>
2N/A#include <string.h>
2N/A#include <sasl.h>
2N/A#include <saslplug.h>
2N/A#include "saslint.h"
2N/A
2N/A#include <plugin_common.h>
2N/A
2N/A/***************************** Common Section *****************************/
2N/A
2N/A#ifndef _SUN_SDK_
2N/Astatic const char plugin_id[] = "$Id: external.c,v 1.19 2003/04/08 17:30:54 rjs3 Exp $";
2N/A#endif /* !_SUN_SDK_ */
2N/A
2N/A/***************************** Server Section *****************************/
2N/A
2N/Astatic int
2N/Aexternal_server_mech_new(void *glob_context __attribute__((unused)),
2N/A sasl_server_params_t *sparams,
2N/A const char *challenge __attribute__((unused)),
2N/A unsigned challen __attribute__((unused)),
2N/A void **conn_context)
2N/A{
2N/A if (!conn_context
2N/A || !sparams
2N/A || !sparams->utils
2N/A || !sparams->utils->conn)
2N/A return SASL_BADPARAM;
2N/A
2N/A if (!sparams->utils->conn->external.auth_id)
2N/A return SASL_NOMECH;
2N/A
2N/A *conn_context = NULL;
2N/A
2N/A return SASL_OK;
2N/A}
2N/A
2N/Astatic int
2N/Aexternal_server_mech_step(void *conn_context __attribute__((unused)),
2N/A sasl_server_params_t *sparams,
2N/A const char *clientin,
2N/A unsigned clientinlen,
2N/A const char **serverout,
2N/A unsigned *serveroutlen,
2N/A sasl_out_params_t *oparams)
2N/A{
2N/A int result;
2N/A
2N/A if (!sparams
2N/A || !sparams->utils
2N/A || !sparams->utils->conn
2N/A || !sparams->utils->getcallback
2N/A || !serverout
2N/A || !serveroutlen
2N/A || !oparams)
2N/A return SASL_BADPARAM;
2N/A
2N/A if (!sparams->utils->conn->external.auth_id)
2N/A return SASL_BADPROT;
2N/A
2N/A if ((sparams->props.security_flags & SASL_SEC_NOANONYMOUS) &&
2N/A (!strcmp(sparams->utils->conn->external.auth_id, "anonymous"))) {
2N/A#ifdef _INTEGRATED_SOLARIS_
2N/A sasl_seterror(sparams->utils->conn,0,
2N/A gettext("anonymous login not allowed"));
2N/A#else
2N/A sasl_seterror(sparams->utils->conn,0,"anonymous login not allowed");
2N/A#endif /* _INTEGRATED_SOLARIS_ */
2N/A return SASL_NOAUTHZ;
2N/A }
2N/A
2N/A *serverout = NULL;
2N/A *serveroutlen = 0;
2N/A
2N/A if (!clientin) {
2N/A /* No initial data; we're in a protocol which doesn't support it.
2N/A * So we let the server app know that we need some... */
2N/A return SASL_CONTINUE;
2N/A }
2N/A
2N/A if (clientinlen) { /* if we have a non-zero authorization id */
2N/A /* The user's trying to authorize as someone they didn't
2N/A * authenticate as */
2N/A result = sparams->canon_user(sparams->utils->conn,
2N/A clientin, 0, SASL_CU_AUTHZID, oparams);
2N/A if(result != SASL_OK) return result;
2N/A
2N/A result = sparams->canon_user(sparams->utils->conn,
2N/A sparams->utils->conn->external.auth_id, 0,
2N/A SASL_CU_AUTHID, oparams);
2N/A } else {
2N/A result = sparams->canon_user(sparams->utils->conn,
2N/A sparams->utils->conn->external.auth_id, 0,
2N/A SASL_CU_AUTHID | SASL_CU_AUTHZID, oparams);
2N/A }
2N/A
2N/A if (result != SASL_OK) return result;
2N/A
2N/A /* set oparams */
2N/A oparams->doneflag = 1;
2N/A oparams->mech_ssf = 0;
2N/A oparams->maxoutbuf = 0;
2N/A oparams->encode_context = NULL;
2N/A oparams->encode = NULL;
2N/A oparams->decode_context = NULL;
2N/A oparams->decode = NULL;
2N/A oparams->param_version = 0;
2N/A
2N/A return SASL_OK;
2N/A}
2N/A
2N/Astatic int
2N/Aexternal_server_mech_avail(void *glob_context __attribute__((unused)),
2N/A sasl_server_params_t *sparams,
2N/A void **conn_context __attribute__((unused)))
2N/A{
2N/A if (!sparams->utils->conn->external.auth_id)
2N/A return SASL_NOMECH;
2N/A return SASL_OK;
2N/A}
2N/A
2N/Astatic sasl_server_plug_t external_server_plugins[] =
2N/A{
2N/A {
2N/A "EXTERNAL", /* mech_name */
2N/A 0, /* max_ssf */
2N/A SASL_SEC_NOPLAINTEXT
2N/A | SASL_SEC_NOANONYMOUS
2N/A | SASL_SEC_NODICTIONARY, /* security_flags */
2N/A SASL_FEAT_WANT_CLIENT_FIRST
2N/A | SASL_FEAT_ALLOWS_PROXY, /* features */
2N/A NULL, /* glob_context */
2N/A &external_server_mech_new, /* mech_new */
2N/A &external_server_mech_step, /* mech_step */
2N/A NULL, /* mech_dispose */
2N/A NULL, /* mech_free */
2N/A NULL, /* setpass */
2N/A NULL, /* user_query */
2N/A NULL, /* idle */
2N/A &external_server_mech_avail, /* mech_avail */
2N/A NULL /* spare */
2N/A }
2N/A};
2N/A
2N/Aint external_server_plug_init(const sasl_utils_t *utils,
2N/A int max_version,
2N/A int *out_version,
2N/A sasl_server_plug_t **pluglist,
2N/A int *plugcount)
2N/A{
2N/A if (!out_version || !pluglist || !plugcount)
2N/A return SASL_BADPARAM;
2N/A
2N/A if (max_version != SASL_SERVER_PLUG_VERSION) {
2N/A#ifdef _SUN_SDK_
2N/A utils->log(utils->conn, SASL_LOG_ERR, "EXTERNAL version mismatch");
2N/A#else
2N/A SETERROR( utils, "EXTERNAL version mismatch" );
2N/A#endif /* _SUN_SDK_ */
2N/A return SASL_BADVERS;
2N/A }
2N/A
2N/A *out_version = SASL_SERVER_PLUG_VERSION;
2N/A *pluglist = external_server_plugins;
2N/A *plugcount = 1;
2N/A return SASL_OK;
2N/A}
2N/A
2N/A/***************************** Client Section *****************************/
2N/A
2N/Atypedef struct client_context
2N/A{
2N/A char *out_buf;
2N/A#ifdef _SUN_SDK_
2N/A unsigned out_buf_len;
2N/A#else
2N/A size_t out_buf_len;
2N/A#endif /* _SUN_SDK_ */
2N/A#ifdef _INTEGRATED_SOLARIS_
2N/A void *h;
2N/A#endif /* _INTEGRATED_SOLARIS_ */
2N/A} client_context_t;
2N/A
2N/Astatic int external_client_mech_new(void *glob_context __attribute__((unused)),
2N/A sasl_client_params_t *params,
2N/A void **conn_context)
2N/A{
2N/A client_context_t *text;
2N/A
2N/A if (!params
2N/A || !params->utils
2N/A || !params->utils->conn
2N/A || !conn_context)
2N/A return SASL_BADPARAM;
2N/A
2N/A if (!params->utils->conn->external.auth_id)
2N/A return SASL_NOMECH;
2N/A
2N/A#ifdef _SUN_SDK_
2N/A text = params->utils->malloc(sizeof(client_context_t));
2N/A#else
2N/A text = sasl_ALLOC(sizeof(client_context_t));
2N/A#endif /* _SUN_SDK_ */
2N/A if(!text) return SASL_NOMEM;
2N/A
2N/A memset(text, 0, sizeof(client_context_t));
2N/A
2N/A *conn_context = text;
2N/A
2N/A return SASL_OK;
2N/A}
2N/A
2N/Astatic int
2N/Aexternal_client_mech_step(void *conn_context,
2N/A sasl_client_params_t *params,
2N/A const char *serverin __attribute__((unused)),
2N/A unsigned serverinlen,
2N/A sasl_interact_t **prompt_need,
2N/A const char **clientout,
2N/A unsigned *clientoutlen,
2N/A sasl_out_params_t *oparams)
2N/A{
2N/A client_context_t *text = (client_context_t *)conn_context;
2N/A const char *user = NULL;
2N/A int user_result = SASL_OK;
2N/A int result;
2N/A
2N/A if (!params
2N/A || !params->utils
2N/A || !params->utils->conn
2N/A || !params->utils->getcallback
2N/A || !clientout
2N/A || !clientoutlen
2N/A || !oparams)
2N/A return SASL_BADPARAM;
2N/A
2N/A if (!params->utils->conn->external.auth_id)
2N/A return SASL_BADPROT;
2N/A
2N/A if (serverinlen != 0)
2N/A return SASL_BADPROT;
2N/A
2N/A *clientout = NULL;
2N/A *clientoutlen = 0;
2N/A
2N/A /* try to get the userid */
2N/A if (user == NULL) {
2N/A user_result = _plug_get_userid(params->utils, &user, prompt_need);
2N/A
2N/A if ((user_result != SASL_OK) && (user_result != SASL_INTERACT))
2N/A return user_result;
2N/A }
2N/A
2N/A /* free prompts we got */
2N/A if (prompt_need && *prompt_need) {
2N/A params->utils->free(*prompt_need);
2N/A *prompt_need = NULL;
2N/A }
2N/A
2N/A /* if there are prompts not filled in */
2N/A if (user_result == SASL_INTERACT) {
2N/A /* make the prompt list */
2N/A int result =
2N/A#ifdef _INTEGRATED_SOLARIS_
2N/A _plug_make_prompts(params->utils, &text->h, prompt_need,
2N/A user_result == SASL_INTERACT ?
2N/A convert_prompt(params->utils, &text->h,
2N/A gettext("Please enter your authorization name"))
2N/A : NULL,
2N/A#else
2N/A _plug_make_prompts(params->utils, prompt_need,
2N/A user_result == SASL_INTERACT ?
2N/A "Please enter your authorization name" : NULL,
2N/A#endif /* _INTEGRATED_SOLARIS_ */
2N/A "",
2N/A NULL, NULL,
2N/A NULL, NULL,
2N/A NULL, NULL, NULL,
2N/A NULL, NULL, NULL);
2N/A if (result != SASL_OK) return result;
2N/A
2N/A return SASL_INTERACT;
2N/A }
2N/A
2N/A *clientoutlen = user ? strlen(user) : 0;
2N/A
2N/A#ifdef _SUN_SDK_
2N/A result = _plug_buf_alloc(params->utils, &text->out_buf,
2N/A &text->out_buf_len, *clientoutlen + 1);
2N/A#else
2N/A result = _buf_alloc(&text->out_buf, &text->out_buf_len, *clientoutlen + 1);
2N/A#endif /* _SUN_SDK_ */
2N/A
2N/A if (result != SASL_OK) return result;
2N/A
2N/A if (user && *user) {
2N/A result = params->canon_user(params->utils->conn,
2N/A user, 0, SASL_CU_AUTHZID, oparams);
2N/A if (result != SASL_OK) return result;
2N/A
2N/A result = params->canon_user(params->utils->conn,
2N/A params->utils->conn->external.auth_id, 0,
2N/A SASL_CU_AUTHID, oparams);
2N/A if (result != SASL_OK) return result;
2N/A
2N/A memcpy(text->out_buf, user, *clientoutlen);
2N/A } else {
2N/A result = params->canon_user(params->utils->conn,
2N/A params->utils->conn->external.auth_id, 0,
2N/A SASL_CU_AUTHID | SASL_CU_AUTHZID, oparams);
2N/A if (result != SASL_OK) return result;
2N/A }
2N/A
2N/A text->out_buf[*clientoutlen] = '\0';
2N/A
2N/A *clientout = text->out_buf;
2N/A
2N/A /* set oparams */
2N/A oparams->doneflag = 1;
2N/A oparams->mech_ssf = 0;
2N/A oparams->maxoutbuf = 0;
2N/A oparams->encode_context = NULL;
2N/A oparams->encode = NULL;
2N/A oparams->decode_context = NULL;
2N/A oparams->decode = NULL;
2N/A oparams->param_version = 0;
2N/A
2N/A return SASL_OK;
2N/A}
2N/A
2N/Astatic void
2N/Aexternal_client_mech_dispose(void *conn_context,
2N/A const sasl_utils_t *utils __attribute__((unused)))
2N/A{
2N/A client_context_t *text = (client_context_t *) conn_context;
2N/A
2N/A if (!text) return;
2N/A
2N/A#ifdef _INTEGRATED_SOLARIS_
2N/A convert_prompt(utils, &text->h, NULL);
2N/A#endif /* _INTEGRATED_SOLARIS_ */
2N/A
2N/A#ifdef _SUN_SDK_
2N/A if(text->out_buf) utils->free(text->out_buf);
2N/A
2N/A utils->free(text);
2N/A#else
2N/A if(text->out_buf) sasl_FREE(text->out_buf);
2N/A
2N/A sasl_FREE(text);
2N/A#endif /* _SUN_SDK_ */
2N/A}
2N/A
2N/A#ifdef _SUN_SDK_
2N/Astatic const unsigned long external_required_prompts[] = {
2N/A#else
2N/Astatic const long external_required_prompts[] = {
2N/A#endif /* _SUN_SDK_ */
2N/A SASL_CB_LIST_END
2N/A};
2N/A
2N/Astatic sasl_client_plug_t external_client_plugins[] =
2N/A{
2N/A {
2N/A "EXTERNAL", /* mech_name */
2N/A 0, /* max_ssf */
2N/A SASL_SEC_NOPLAINTEXT
2N/A | SASL_SEC_NOANONYMOUS
2N/A | SASL_SEC_NODICTIONARY, /* security_flags */
2N/A SASL_FEAT_WANT_CLIENT_FIRST
2N/A | SASL_FEAT_ALLOWS_PROXY, /* features */
2N/A external_required_prompts, /* required_prompts */
2N/A NULL, /* glob_context */
2N/A &external_client_mech_new, /* mech_new */
2N/A &external_client_mech_step, /* mech_step */
2N/A &external_client_mech_dispose, /* mech_dispose */
2N/A NULL, /* mech_free */
2N/A NULL, /* idle */
2N/A NULL, /* spare */
2N/A NULL /* spare */
2N/A }
2N/A};
2N/A
2N/Aint external_client_plug_init(const sasl_utils_t *utils,
2N/A int max_version,
2N/A int *out_version,
2N/A sasl_client_plug_t **pluglist,
2N/A int *plugcount)
2N/A{
2N/A if (!utils || !out_version || !pluglist || !plugcount)
2N/A return SASL_BADPARAM;
2N/A
2N/A if (max_version != SASL_CLIENT_PLUG_VERSION) {
2N/A#ifdef _SUN_SDK_
2N/A utils->log(utils->conn, SASL_LOG_ERR, "EXTERNAL version mismatch");
2N/A#else
2N/A SETERROR( utils, "EXTERNAL version mismatch" );
2N/A#endif /* _SUN_SDK_ */
2N/A return SASL_BADVERS;
2N/A }
2N/A
2N/A *out_version = SASL_CLIENT_PLUG_VERSION;
2N/A *pluglist = external_client_plugins;
2N/A *plugcount = 1;
2N/A
2N/A return SASL_OK;
2N/A}