CoCalc -- cyrus.c

GitHub Repository: wine-mirror/wine
Path: blob/master/libs/ldap/libldap/cyrus.c
⁴³⁹⁴ views
1
/* $OpenLDAP$ */
2
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
3
 *
4
 * Copyright 1998-2024 The OpenLDAP Foundation.
5
 * All rights reserved.
6
 *
7
 * Redistribution and use in source and binary forms, with or without
8
 * modification, are permitted only as authorized by the OpenLDAP
9
 * Public License.
10
 *
11
 * A copy of this license is available in the file LICENSE in the
12
 * top-level directory of the distribution or, alternatively, at
13
 * <http://www.OpenLDAP.org/license.html>.
14
 */
15

16
#include "portable.h"
17

18
#include <ac/errno.h>
19
#include "ldap-int.h"
20

21
#ifdef HAVE_CYRUS_SASL
22

23
#include <stdio.h>
24

25
#include <ac/socket.h>
26
#include <ac/stdlib.h>
27
#include <ac/string.h>
28
#include <ac/time.h>
29
#include <ac/ctype.h>
30
#include <ac/unistd.h>
31

32
#ifdef HAVE_LIMITS_H
33
#include <limits.h>
34
#endif
35

36
#ifndef INT_MAX
37
#define	INT_MAX	2147483647	/* 32 bit signed max */
38
#endif
39

40
#if !defined(HOST_NAME_MAX) && defined(_POSIX_HOST_NAME_MAX)
41
#define HOST_NAME_MAX _POSIX_HOST_NAME_MAX
42
#endif
43

44
#ifdef HAVE_SASL_SASL_H
45
#include <sasl/sasl.h>
46
#else
47
#include <sasl.h>
48
#endif
49

50
#if SASL_VERSION_MAJOR >= 2
51
#define SASL_CONST const
52
#else
53
#define SASL_CONST
54
#endif
55

56
/*
57
* Various Cyrus SASL related stuff.
58
*/
59

60
static const sasl_callback_t client_callbacks[] = {
61
#ifdef SASL_CB_GETREALM
62
	{ SASL_CB_GETREALM, NULL, NULL },
63
#endif
64
	{ SASL_CB_USER, NULL, NULL },
65
	{ SASL_CB_AUTHNAME, NULL, NULL },
66
	{ SASL_CB_PASS, NULL, NULL },
67
	{ SASL_CB_ECHOPROMPT, NULL, NULL },
68
	{ SASL_CB_NOECHOPROMPT, NULL, NULL },
69
	{ SASL_CB_LIST_END, NULL, NULL }
70
};
71

72
/*
73
 * ldap_int_initialize is responsible for calling this only once.
74
 */
75
int ldap_int_sasl_init( void )
76
{
77
#ifdef HAVE_SASL_VERSION
78
	/* stringify the version number, sasl.h doesn't do it for us */
79
#define VSTR0(maj, min, pat)	#maj "." #min "." #pat
80
#define VSTR(maj, min, pat)	VSTR0(maj, min, pat)
81
#define SASL_VERSION_STRING	VSTR(SASL_VERSION_MAJOR, SASL_VERSION_MINOR, \
82
				SASL_VERSION_STEP)
83
	{ int rc;
84
	sasl_version( NULL, &rc );
85
	if ( ((rc >> 16) != ((SASL_VERSION_MAJOR << 8)|SASL_VERSION_MINOR)) ||
86
		(rc & 0xffff) < SASL_VERSION_STEP) {
87
		char version[sizeof("xxx.xxx.xxxxx")];
88
		sprintf( version, "%u.%d.%d", (unsigned)rc >> 24, (rc >> 16) & 0xff,
89
			rc & 0xffff );
90

91
		Debug1( LDAP_DEBUG_ANY,
92
		"ldap_int_sasl_init: SASL library version mismatch:"
93
		" expected " SASL_VERSION_STRING ","
94
		" got %s\n", version );
95
		return -1;
96
	}
97
	}
98
#endif
99

100
/* SASL 2 takes care of its own memory completely internally */
101
#if SASL_VERSION_MAJOR < 2 && !defined(CSRIMALLOC)
102
	sasl_set_alloc(
103
		ber_memalloc,
104
		ber_memcalloc,
105
		ber_memrealloc,
106
		ber_memfree );
107
#endif /* CSRIMALLOC */
108

109
#ifdef LDAP_R_COMPILE
110
	sasl_set_mutex(
111
		ldap_pvt_sasl_mutex_new,
112
		ldap_pvt_sasl_mutex_lock,
113
		ldap_pvt_sasl_mutex_unlock,
114
		ldap_pvt_sasl_mutex_dispose );
115
#endif
116

117
	if ( sasl_client_init( NULL ) == SASL_OK ) {
118
		return 0;
119
	}
120

121
#if SASL_VERSION_MAJOR < 2
122
	/* A no-op to make sure we link with Cyrus 1.5 */
123
	sasl_client_auth( NULL, NULL, NULL, 0, NULL, NULL );
124
#endif
125
	return -1;
126
}
127

128
static void
129
sb_sasl_cyrus_init(
130
	struct sb_sasl_generic_data *p,
131
	ber_len_t *min_send,
132
	ber_len_t *max_send,
133
	ber_len_t *max_recv)
134
{
135
	sasl_conn_t *sasl_context = (sasl_conn_t *)p->ops_private;
136
	ber_len_t maxbuf;
137

138
	sasl_getprop( sasl_context, SASL_MAXOUTBUF,
139
		      (SASL_CONST void **)(char *) &maxbuf );
140

141
	*min_send = SASL_MIN_BUFF_SIZE;
142
	*max_send = maxbuf;
143
	*max_recv = SASL_MAX_BUFF_SIZE;
144
}
145

146
static ber_int_t
147
sb_sasl_cyrus_encode(
148
	struct sb_sasl_generic_data *p,
149
	unsigned char *buf,
150
	ber_len_t len,
151
	Sockbuf_Buf *dst)
152
{
153
	sasl_conn_t *sasl_context = (sasl_conn_t *)p->ops_private;
154
	ber_int_t ret;
155
	unsigned tmpsize = dst->buf_size;
156

157
	ret = sasl_encode( sasl_context, (char *)buf, len,
158
			   (SASL_CONST char **)&dst->buf_base,
159
			   &tmpsize );
160

161
	dst->buf_size = tmpsize;
162
	dst->buf_end = dst->buf_size;
163

164
	if ( ret != SASL_OK ) {
165
		ber_log_printf( LDAP_DEBUG_ANY, p->sbiod->sbiod_sb->sb_debug,
166
				"sb_sasl_cyrus_encode: failed to encode packet: %s\n",
167
				sasl_errstring( ret, NULL, NULL ) );
168
		return -1;
169
	}
170

171
	return 0;
172
}
173

174
static ber_int_t
175
sb_sasl_cyrus_decode(
176
	struct sb_sasl_generic_data *p,
177
	const Sockbuf_Buf *src,
178
	Sockbuf_Buf *dst)
179
{
180
	sasl_conn_t *sasl_context = (sasl_conn_t *)p->ops_private;
181
	ber_int_t ret;
182
	unsigned tmpsize = dst->buf_size;
183

184
	ret = sasl_decode( sasl_context,
185
			   src->buf_base, src->buf_end,
186
			   (SASL_CONST char **)&dst->buf_base,
187
			   (unsigned *)&tmpsize );
188

189

190
	dst->buf_size = tmpsize;
191
	dst->buf_end = dst->buf_size;
192

193
	if ( ret != SASL_OK ) {
194
		ber_log_printf( LDAP_DEBUG_ANY, p->sbiod->sbiod_sb->sb_debug,
195
				"sb_sasl_cyrus_decode: failed to decode packet: %s\n",
196
				sasl_errstring( ret, NULL, NULL ) );
197
		return -1;
198
	}
199

200
	return 0;
201
}
202

203
static void
204
sb_sasl_cyrus_reset_buf(
205
	struct sb_sasl_generic_data *p,
206
	Sockbuf_Buf *buf)
207
{
208
#if SASL_VERSION_MAJOR >= 2
209
	ber_pvt_sb_buf_init( buf );
210
#else
211
	ber_pvt_sb_buf_destroy( buf );
212
#endif
213
}
214

215
static void
216
sb_sasl_cyrus_fini(
217
	struct sb_sasl_generic_data *p)
218
{
219
#if SASL_VERSION_MAJOR >= 2
220
	/*
221
	 * SASLv2 encode/decode buffers are managed by
222
	 * libsasl2. Ensure they are not freed by liblber.
223
	 */
224
	p->buf_in.buf_base = NULL;
225
	p->buf_out.buf_base = NULL;
226
#endif
227
}
228

229
static const struct sb_sasl_generic_ops sb_sasl_cyrus_ops = {
230
	sb_sasl_cyrus_init,
231
	sb_sasl_cyrus_encode,
232
	sb_sasl_cyrus_decode,
233
	sb_sasl_cyrus_reset_buf,
234
	sb_sasl_cyrus_fini
235
 };
236

237
int ldap_pvt_sasl_install( Sockbuf *sb, void *ctx_arg )
238
{
239
	struct sb_sasl_generic_install install_arg;
240

241
	install_arg.ops		= &sb_sasl_cyrus_ops;
242
	install_arg.ops_private = ctx_arg;
243

244
	return ldap_pvt_sasl_generic_install( sb, &install_arg );
245
}
246

247
void ldap_pvt_sasl_remove( Sockbuf *sb )
248
{
249
	ldap_pvt_sasl_generic_remove( sb );
250
}
251

252
static int
253
sasl_err2ldap( int saslerr )
254
{
255
	int rc;
256

257
	/* map SASL errors to LDAP API errors returned by:
258
	 *	sasl_client_new()
259
	 *		SASL_OK, SASL_NOMECH, SASL_NOMEM
260
	 *	sasl_client_start()
261
	 *		SASL_OK, SASL_NOMECH, SASL_NOMEM, SASL_INTERACT
262
	 *	sasl_client_step()
263
	 *		SASL_OK, SASL_INTERACT, SASL_BADPROT, SASL_BADSERV
264
	 */
265

266
	switch (saslerr) {
267
		case SASL_CONTINUE:
268
			rc = LDAP_MORE_RESULTS_TO_RETURN;
269
			break;
270
		case SASL_INTERACT:
271
			rc = LDAP_LOCAL_ERROR;
272
			break;
273
		case SASL_OK:
274
			rc = LDAP_SUCCESS;
275
			break;
276
		case SASL_NOMEM:
277
			rc = LDAP_NO_MEMORY;
278
			break;
279
		case SASL_NOMECH:
280
			rc = LDAP_AUTH_UNKNOWN;
281
			break;
282
		case SASL_BADPROT:
283
			rc = LDAP_DECODING_ERROR;
284
			break;
285
		case SASL_BADSERV:
286
			rc = LDAP_AUTH_UNKNOWN;
287
			break;
288

289
		/* other codes */
290
		case SASL_BADAUTH:
291
			rc = LDAP_AUTH_UNKNOWN;
292
			break;
293
		case SASL_NOAUTHZ:
294
			rc = LDAP_PARAM_ERROR;
295
			break;
296
		case SASL_FAIL:
297
			rc = LDAP_LOCAL_ERROR;
298
			break;
299
		case SASL_TOOWEAK:
300
		case SASL_ENCRYPT:
301
			rc = LDAP_AUTH_UNKNOWN;
302
			break;
303
		default:
304
			rc = LDAP_LOCAL_ERROR;
305
			break;
306
	}
307

308
	assert( rc == LDAP_SUCCESS || LDAP_API_ERROR( rc ) );
309
	return rc;
310
}
311

312
int
313
ldap_int_sasl_open(
314
	LDAP *ld,
315
	LDAPConn *lc,
316
	const char * host )
317
{
318
	int rc;
319
	sasl_conn_t *ctx;
320

321
	assert( lc->lconn_sasl_authctx == NULL );
322

323
	if ( host == NULL ) {
324
		ld->ld_errno = LDAP_LOCAL_ERROR;
325
		return ld->ld_errno;
326
	}
327

328
#if SASL_VERSION_MAJOR >= 2
329
	rc = sasl_client_new( "ldap", host, NULL, NULL,
330
		client_callbacks, 0, &ctx );
331
#else
332
	rc = sasl_client_new( "ldap", host, client_callbacks,
333
		SASL_SECURITY_LAYER, &ctx );
334
#endif
335

336
	if ( rc != SASL_OK ) {
337
		ld->ld_errno = sasl_err2ldap( rc );
338
		return ld->ld_errno;
339
	}
340

341
	Debug1( LDAP_DEBUG_TRACE, "ldap_int_sasl_open: host=%s\n",
342
		host );
343

344
	lc->lconn_sasl_authctx = ctx;
345

346
	return LDAP_SUCCESS;
347
}
348

349
int ldap_int_sasl_close( LDAP *ld, LDAPConn *lc )
350
{
351
	sasl_conn_t *ctx = lc->lconn_sasl_authctx;
352

353
	if( ctx != NULL ) {
354
		sasl_dispose( &ctx );
355
		if ( lc->lconn_sasl_sockctx &&
356
			lc->lconn_sasl_authctx != lc->lconn_sasl_sockctx ) {
357
			ctx = lc->lconn_sasl_sockctx;
358
			sasl_dispose( &ctx );
359
		}
360
		lc->lconn_sasl_sockctx = NULL;
361
		lc->lconn_sasl_authctx = NULL;
362
	}
363
	if( lc->lconn_sasl_cbind ) {
364
		ldap_memfree( lc->lconn_sasl_cbind );
365
		lc->lconn_sasl_cbind = NULL;
366
	}
367

368
	return LDAP_SUCCESS;
369
}
370

371
int ldap_pvt_sasl_cbinding_parse( const char *arg )
372
{
373
	int i = -1;
374

375
	if ( strcasecmp(arg, "none") == 0 )
376
		i = LDAP_OPT_X_SASL_CBINDING_NONE;
377
	else if ( strcasecmp(arg, "tls-unique") == 0 )
378
		i = LDAP_OPT_X_SASL_CBINDING_TLS_UNIQUE;
379
	else if ( strcasecmp(arg, "tls-endpoint") == 0 )
380
		i = LDAP_OPT_X_SASL_CBINDING_TLS_ENDPOINT;
381

382
	return i;
383
}
384

385
void *ldap_pvt_sasl_cbinding( void *ssl, int type, int is_server )
386
{
387
#if defined(SASL_CHANNEL_BINDING) && defined(HAVE_TLS)
388
	char unique_prefix[] = "tls-unique:";
389
	char endpoint_prefix[] = "tls-server-end-point:";
390
	char cbinding[ 64 ];
391
	struct berval cbv = { 64, cbinding };
392
	unsigned char *cb_data; /* used since cb->data is const* */
393
	sasl_channel_binding_t *cb;
394
	char *prefix;
395
	int plen;
396

397
	switch (type) {
398
	case LDAP_OPT_X_SASL_CBINDING_NONE:
399
		return NULL;
400
	case LDAP_OPT_X_SASL_CBINDING_TLS_UNIQUE:
401
		if ( !ldap_pvt_tls_get_unique( ssl, &cbv, is_server ))
402
			return NULL;
403
		prefix = unique_prefix;
404
		plen = sizeof(unique_prefix) -1;
405
		break;
406
	case LDAP_OPT_X_SASL_CBINDING_TLS_ENDPOINT:
407
		if ( !ldap_pvt_tls_get_endpoint( ssl, &cbv, is_server ))
408
			return NULL;
409
		prefix = endpoint_prefix;
410
		plen = sizeof(endpoint_prefix) -1;
411
		break;
412
	default:
413
		return NULL;
414
	}
415

416
	cb = ldap_memalloc( sizeof(*cb) + plen + cbv.bv_len );
417
	cb->len = plen + cbv.bv_len;
418
	cb->data = cb_data = (unsigned char *)(cb+1);
419
	memcpy( cb_data, prefix, plen );
420
	memcpy( cb_data + plen, cbv.bv_val, cbv.bv_len );
421
	cb->name = "ldap";
422
	cb->critical = 0;
423

424
	return cb;
425
#else
426
	return NULL;
427
#endif
428
}
429

430
int
431
ldap_int_sasl_bind(
432
	LDAP			*ld,
433
	const char		*dn,
434
	const char		*mechs,
435
	LDAPControl		**sctrls,
436
	LDAPControl		**cctrls,
437
	unsigned		flags,
438
	LDAP_SASL_INTERACT_PROC *interact,
439
	void			*defaults,
440
	LDAPMessage		*result,
441
	const char		**rmech,
442
	int				*msgid )
443
{
444
	const char		*mech;
445
	sasl_ssf_t		*ssf;
446
	sasl_conn_t		*ctx;
447
	sasl_interact_t *prompts = NULL;
448
	struct berval	ccred = BER_BVNULL;
449
	int saslrc, rc;
450
	unsigned credlen;
451
#if !defined(_WIN32)
452
	char my_hostname[HOST_NAME_MAX + 1];
453
#endif
454
	int free_saslhost = 0;
455

456
	Debug1( LDAP_DEBUG_TRACE, "ldap_int_sasl_bind: %s\n",
457
		mechs ? mechs : "<null>" );
458

459
	/* do a quick !LDAPv3 check... ldap_sasl_bind will do the rest. */
460
	if (ld->ld_version < LDAP_VERSION3) {
461
		ld->ld_errno = LDAP_NOT_SUPPORTED;
462
		return ld->ld_errno;
463
	}
464

465
	/* Starting a Bind */
466
	if ( !result ) {
467
		const char *pmech = NULL;
468
		sasl_conn_t	*oldctx;
469
		ber_socket_t		sd;
470
		void	*ssl;
471

472
		rc = 0;
473
		LDAP_MUTEX_LOCK( &ld->ld_conn_mutex );
474
		ber_sockbuf_ctrl( ld->ld_sb, LBER_SB_OPT_GET_FD, &sd );
475

476
		if ( sd == AC_SOCKET_INVALID || !ld->ld_defconn ) {
477
			/* not connected yet */
478

479
			rc = ldap_open_defconn( ld );
480

481
			if ( rc == 0 ) {
482
				ber_sockbuf_ctrl( ld->ld_defconn->lconn_sb,
483
					LBER_SB_OPT_GET_FD, &sd );
484

485
				if( sd == AC_SOCKET_INVALID ) {
486
					ld->ld_errno = LDAP_LOCAL_ERROR;
487
					rc = ld->ld_errno;
488
				}
489
			}
490
		}
491
		if ( rc == 0 && ld->ld_defconn &&
492
			ld->ld_defconn->lconn_status == LDAP_CONNST_CONNECTING ) {
493
			rc = ldap_int_check_async_open( ld, sd );
494
		}
495
		LDAP_MUTEX_UNLOCK( &ld->ld_conn_mutex );
496
		if( rc != 0 ) return ld->ld_errno;
497

498
		oldctx = ld->ld_defconn->lconn_sasl_authctx;
499

500
		/* If we already have an authentication context, clear it out */
501
		if( oldctx ) {
502
			if ( oldctx != ld->ld_defconn->lconn_sasl_sockctx ) {
503
				sasl_dispose( &oldctx );
504
			}
505
			ld->ld_defconn->lconn_sasl_authctx = NULL;
506
		}
507

508
		{
509
			char *saslhost;
510
			int nocanon = (int)LDAP_BOOL_GET( &ld->ld_options,
511
				LDAP_BOOL_SASL_NOCANON );
512

513
			/* If we don't need to canonicalize just use the host
514
			 * from the LDAP URI.
515
			 * Always use the result of gethostname() for LDAPI.
516
			 * Skip for Windows which doesn't support LDAPI.
517
			 */
518
#if !defined(_WIN32)
519
			if (ld->ld_defconn->lconn_server->lud_scheme != NULL &&
520
			    strcmp("ldapi", ld->ld_defconn->lconn_server->lud_scheme) == 0) {
521
				rc = gethostname(my_hostname, HOST_NAME_MAX + 1);
522
				if (rc == 0) {
523
					saslhost = my_hostname;
524
				} else {
525
					saslhost = "localhost";
526
				}
527
			} else
528
#endif
529
			if ( nocanon )
530
				saslhost = ld->ld_defconn->lconn_server->lud_host;
531
			else {
532
				saslhost = ldap_host_connected_to( ld->ld_defconn->lconn_sb,
533
				"localhost" );
534
				free_saslhost = 1;
535
			}
536
			rc = ldap_int_sasl_open( ld, ld->ld_defconn, saslhost );
537
			if ( free_saslhost )
538
				LDAP_FREE( saslhost );
539
		}
540

541
		if ( rc != LDAP_SUCCESS ) return rc;
542

543
		ctx = ld->ld_defconn->lconn_sasl_authctx;
544

545
#ifdef HAVE_TLS
546
		/* Check for TLS */
547
		ssl = ldap_pvt_tls_sb_ctx( ld->ld_defconn->lconn_sb );
548
		if ( ssl ) {
549
			struct berval authid = BER_BVNULL;
550
			ber_len_t fac;
551

552
			fac = ldap_pvt_tls_get_strength( ssl );
553
			/* failure is OK, we just can't use SASL EXTERNAL */
554
			(void) ldap_pvt_tls_get_my_dn( ssl, &authid, NULL, 0 );
555

556
			(void) ldap_int_sasl_external( ld, ld->ld_defconn, authid.bv_val, fac );
557
			LDAP_FREE( authid.bv_val );
558
#ifdef SASL_CHANNEL_BINDING	/* 2.1.25+ */
559
			if ( ld->ld_defconn->lconn_sasl_cbind == NULL ) {
560
				void *cb;
561
				cb = ldap_pvt_sasl_cbinding( ssl,
562
							     ld->ld_options.ldo_sasl_cbinding,
563
							     0 );
564
				if ( cb != NULL ) {
565
					sasl_setprop( ld->ld_defconn->lconn_sasl_authctx,
566
						SASL_CHANNEL_BINDING, cb );
567
					ld->ld_defconn->lconn_sasl_cbind = cb;
568
				}
569
			}
570
#endif
571
		}
572
#endif
573

574
#if !defined(_WIN32)
575
		/* Check for local */
576
		if ( ldap_pvt_url_scheme2proto(
577
			ld->ld_defconn->lconn_server->lud_scheme ) == LDAP_PROTO_IPC )
578
		{
579
			char authid[sizeof("gidNumber=4294967295+uidNumber=4294967295,"
580
				"cn=peercred,cn=external,cn=auth")];
581
			sprintf( authid, "gidNumber=%u+uidNumber=%u,"
582
				"cn=peercred,cn=external,cn=auth",
583
				getegid(), geteuid() );
584
			(void) ldap_int_sasl_external( ld, ld->ld_defconn, authid,
585
				LDAP_PVT_SASL_LOCAL_SSF );
586
		}
587
#endif
588

589
		/* (re)set security properties */
590
		sasl_setprop( ctx, SASL_SEC_PROPS,
591
			&ld->ld_options.ldo_sasl_secprops );
592

593
		mech = NULL;
594

595
		do {
596
			saslrc = sasl_client_start( ctx,
597
				mechs,
598
#if SASL_VERSION_MAJOR < 2
599
				NULL,
600
#endif
601
				&prompts,
602
				(SASL_CONST char **)&ccred.bv_val,
603
				&credlen,
604
				&mech );
605

606
			if( pmech == NULL && mech != NULL ) {
607
				pmech = mech;
608
				*rmech = mech;
609

610
				if( flags != LDAP_SASL_QUIET ) {
611
					fprintf(stderr,
612
						"SASL/%s authentication started\n",
613
						pmech );
614
				}
615
			}
616

617
			if( saslrc == SASL_INTERACT ) {
618
				int res;
619
				if( !interact ) break;
620
				res = (interact)( ld, flags, defaults, prompts );
621

622
				if( res != LDAP_SUCCESS ) break;
623
			}
624
		} while ( saslrc == SASL_INTERACT );
625
		rc = LDAP_SASL_BIND_IN_PROGRESS;
626

627
	} else {
628
		/* continuing an in-progress Bind */
629
		struct berval *scred = NULL;
630

631
		ctx = ld->ld_defconn->lconn_sasl_authctx;
632

633
		rc = ldap_parse_sasl_bind_result( ld, result, &scred, 0 );
634
		if ( rc != LDAP_SUCCESS ) {
635
			if ( scred )
636
				ber_bvfree( scred );
637
			goto done;
638
		}
639

640
		rc = ldap_result2error( ld, result, 0 );
641
		if ( rc != LDAP_SUCCESS && rc != LDAP_SASL_BIND_IN_PROGRESS ) {
642
			if( scred ) {
643
				/* and server provided us with data? */
644
				Debug2( LDAP_DEBUG_TRACE,
645
					"ldap_int_sasl_bind: rc=%d len=%ld\n",
646
					rc, scred ? (long) scred->bv_len : -1L );
647
				ber_bvfree( scred );
648
				scred = NULL;
649
			}
650
			goto done;
651
		}
652

653
		mech = *rmech;
654
		if ( rc == LDAP_SUCCESS && mech == NULL ) {
655
			if ( scred )
656
				ber_bvfree( scred );
657
			goto success;
658
		}
659

660
		do {
661
			if( ! scred ) {
662
				/* no data! */
663
				Debug0( LDAP_DEBUG_TRACE,
664
					"ldap_int_sasl_bind: no data in step!\n" );
665
			}
666

667
			saslrc = sasl_client_step( ctx,
668
				(scred == NULL) ? NULL : scred->bv_val,
669
				(scred == NULL) ? 0 : scred->bv_len,
670
				&prompts,
671
				(SASL_CONST char **)&ccred.bv_val,
672
				&credlen );
673

674
			Debug1( LDAP_DEBUG_TRACE, "sasl_client_step: %d\n",
675
				saslrc );
676

677
			if( saslrc == SASL_INTERACT ) {
678
				int res;
679
				if( !interact ) break;
680
				res = (interact)( ld, flags, defaults, prompts );
681
				if( res != LDAP_SUCCESS ) break;
682
			}
683
		} while ( saslrc == SASL_INTERACT );
684

685
		ber_bvfree( scred );
686
	}
687

688
	if ( (saslrc != SASL_OK) && (saslrc != SASL_CONTINUE) ) {
689
		rc = ld->ld_errno = sasl_err2ldap( saslrc );
690
#if SASL_VERSION_MAJOR >= 2
691
		if ( ld->ld_error ) {
692
			LDAP_FREE( ld->ld_error );
693
		}
694
		ld->ld_error = LDAP_STRDUP( sasl_errdetail( ctx ) );
695
#endif
696
		goto done;
697
	}
698

699
	if ( saslrc == SASL_OK )
700
		*rmech = NULL;
701

702
	ccred.bv_len = credlen;
703

704
	if ( rc == LDAP_SASL_BIND_IN_PROGRESS ) {
705
		rc = ldap_sasl_bind( ld, dn, mech, &ccred, sctrls, cctrls, msgid );
706

707
		if ( ccred.bv_val != NULL ) {
708
#if SASL_VERSION_MAJOR < 2
709
			LDAP_FREE( ccred.bv_val );
710
#endif
711
			ccred.bv_val = NULL;
712
		}
713
		if ( rc == LDAP_SUCCESS )
714
			rc = LDAP_SASL_BIND_IN_PROGRESS;
715
		goto done;
716
	}
717

718
success:
719
	/* Conversation was completed successfully by now */
720
	if( flags != LDAP_SASL_QUIET ) {
721
		char *data;
722
		saslrc = sasl_getprop( ctx, SASL_USERNAME,
723
			(SASL_CONST void **)(char *) &data );
724
		if( saslrc == SASL_OK && data && *data ) {
725
			fprintf( stderr, "SASL username: %s\n", data );
726
		}
727

728
#if SASL_VERSION_MAJOR < 2
729
		saslrc = sasl_getprop( ctx, SASL_REALM,
730
			(SASL_CONST void **) &data );
731
		if( saslrc == SASL_OK && data && *data ) {
732
			fprintf( stderr, "SASL realm: %s\n", data );
733
		}
734
#endif
735
	}
736

737
	ssf = NULL;
738
	saslrc = sasl_getprop( ctx, SASL_SSF, (SASL_CONST void **)(char *) &ssf );
739
	if( saslrc == SASL_OK ) {
740
		if( flags != LDAP_SASL_QUIET ) {
741
			fprintf( stderr, "SASL SSF: %lu\n",
742
				(unsigned long) *ssf );
743
		}
744

745
		if( ssf && *ssf ) {
746
			if ( ld->ld_defconn->lconn_sasl_sockctx ) {
747
				sasl_conn_t	*oldctx = ld->ld_defconn->lconn_sasl_sockctx;
748
				sasl_dispose( &oldctx );
749
				ldap_pvt_sasl_remove( ld->ld_defconn->lconn_sb );
750
			}
751
			ldap_pvt_sasl_install( ld->ld_defconn->lconn_sb, ctx );
752
			ld->ld_defconn->lconn_sasl_sockctx = ctx;
753

754
			if( flags != LDAP_SASL_QUIET ) {
755
				fprintf( stderr, "SASL data security layer installed.\n" );
756
			}
757
		}
758
	}
759
	ld->ld_defconn->lconn_sasl_authctx = ctx;
760

761
done:
762
	return rc;
763
}
764

765
int
766
ldap_int_sasl_external(
767
	LDAP *ld,
768
	LDAPConn *conn,
769
	const char * authid,
770
	ber_len_t ssf )
771
{
772
	int sc;
773
	sasl_conn_t *ctx;
774
#if SASL_VERSION_MAJOR < 2
775
	sasl_external_properties_t extprops;
776
#else
777
	sasl_ssf_t sasl_ssf = ssf;
778
#endif
779

780
	ctx = conn->lconn_sasl_authctx;
781

782
	if ( ctx == NULL ) {
783
		return LDAP_LOCAL_ERROR;
784
	}
785

786
#if SASL_VERSION_MAJOR >= 2
787
	sc = sasl_setprop( ctx, SASL_SSF_EXTERNAL, &sasl_ssf );
788
	if ( sc == SASL_OK )
789
		sc = sasl_setprop( ctx, SASL_AUTH_EXTERNAL, authid );
790
#else
791
	memset( &extprops, '\0', sizeof(extprops) );
792
	extprops.ssf = ssf;
793
	extprops.auth_id = (char *) authid;
794

795
	sc = sasl_setprop( ctx, SASL_SSF_EXTERNAL,
796
		(void *) &extprops );
797
#endif
798

799
	if ( sc != SASL_OK ) {
800
		return LDAP_LOCAL_ERROR;
801
	}
802

803
	return LDAP_SUCCESS;
804
}
805

806

807
#define GOT_MINSSF	1
808
#define	GOT_MAXSSF	2
809
#define	GOT_MAXBUF	4
810

811
static struct {
812
	struct berval key;
813
	int sflag;
814
	int ival;
815
	int idef;
816
} sprops[] = {
817
	{ BER_BVC("none"), 0, 0, 0 },
818
	{ BER_BVC("nodict"), SASL_SEC_NODICTIONARY, 0, 0 },
819
	{ BER_BVC("noplain"), SASL_SEC_NOPLAINTEXT, 0, 0 },
820
	{ BER_BVC("noactive"), SASL_SEC_NOACTIVE, 0, 0 },
821
	{ BER_BVC("passcred"), SASL_SEC_PASS_CREDENTIALS, 0, 0 },
822
	{ BER_BVC("forwardsec"), SASL_SEC_FORWARD_SECRECY, 0, 0 },
823
	{ BER_BVC("noanonymous"), SASL_SEC_NOANONYMOUS, 0, 0 },
824
	{ BER_BVC("minssf="), 0, GOT_MINSSF, 0 },
825
	{ BER_BVC("maxssf="), 0, GOT_MAXSSF, INT_MAX },
826
	{ BER_BVC("maxbufsize="), 0, GOT_MAXBUF, 65536 },
827
	{ BER_BVNULL, 0, 0, 0 }
828
};
829

830
void ldap_pvt_sasl_secprops_unparse(
831
	sasl_security_properties_t *secprops,
832
	struct berval *out )
833
{
834
	int i, l = 0;
835
	int comma;
836
	char *ptr;
837

838
	if ( secprops == NULL || out == NULL ) {
839
		return;
840
	}
841

842
	comma = 0;
843
	for ( i=0; !BER_BVISNULL( &sprops[i].key ); i++ ) {
844
		if ( sprops[i].ival ) {
845
			int v = 0;
846

847
			switch( sprops[i].ival ) {
848
			case GOT_MINSSF: v = secprops->min_ssf; break;
849
			case GOT_MAXSSF: v = secprops->max_ssf; break;
850
			case GOT_MAXBUF: v = secprops->maxbufsize; break;
851
			}
852
			/* It is the default, ignore it */
853
			if ( v == sprops[i].idef ) continue;
854

855
			l += sprops[i].key.bv_len + 24;
856
		} else if ( sprops[i].sflag ) {
857
			if ( sprops[i].sflag & secprops->security_flags ) {
858
				l += sprops[i].key.bv_len;
859
			}
860
		} else if ( secprops->security_flags == 0 ) {
861
			l += sprops[i].key.bv_len;
862
		}
863
		if ( comma ) l++;
864
		comma = 1;
865
	}
866
	l++;
867

868
	out->bv_val = LDAP_MALLOC( l );
869
	if ( out->bv_val == NULL ) {
870
		out->bv_len = 0;
871
		return;
872
	}
873

874
	ptr = out->bv_val;
875
	comma = 0;
876
	for ( i=0; !BER_BVISNULL( &sprops[i].key ); i++ ) {
877
		if ( sprops[i].ival ) {
878
			int v = 0;
879

880
			switch( sprops[i].ival ) {
881
			case GOT_MINSSF: v = secprops->min_ssf; break;
882
			case GOT_MAXSSF: v = secprops->max_ssf; break;
883
			case GOT_MAXBUF: v = secprops->maxbufsize; break;
884
			}
885
			/* It is the default, ignore it */
886
			if ( v == sprops[i].idef ) continue;
887

888
			if ( comma ) *ptr++ = ',';
889
			ptr += sprintf(ptr, "%s%d", sprops[i].key.bv_val, v );
890
			comma = 1;
891
		} else if ( sprops[i].sflag ) {
892
			if ( sprops[i].sflag & secprops->security_flags ) {
893
				if ( comma ) *ptr++ = ',';
894
				ptr += sprintf(ptr, "%s", sprops[i].key.bv_val );
895
				comma = 1;
896
			}
897
		} else if ( secprops->security_flags == 0 ) {
898
			if ( comma ) *ptr++ = ',';
899
			ptr += sprintf(ptr, "%s", sprops[i].key.bv_val );
900
			comma = 1;
901
		}
902
	}
903
	out->bv_len = ptr - out->bv_val;
904
}
905

906
int ldap_pvt_sasl_secprops(
907
	const char *in,
908
	sasl_security_properties_t *secprops )
909
{
910
	unsigned i, j, l;
911
	char **props;
912
	unsigned sflags = 0;
913
	int got_sflags = 0;
914
	sasl_ssf_t max_ssf = 0;
915
	int got_max_ssf = 0;
916
	sasl_ssf_t min_ssf = 0;
917
	int got_min_ssf = 0;
918
	unsigned maxbufsize = 0;
919
	int got_maxbufsize = 0;
920

921
	if( secprops == NULL ) {
922
		return LDAP_PARAM_ERROR;
923
	}
924
	props = ldap_str2charray( in, "," );
925
	if( props == NULL ) {
926
		return LDAP_PARAM_ERROR;
927
	}
928

929
	for( i=0; props[i]; i++ ) {
930
		l = strlen( props[i] );
931
		for ( j=0; !BER_BVISNULL( &sprops[j].key ); j++ ) {
932
			if ( l < sprops[j].key.bv_len ) continue;
933
			if ( strncasecmp( props[i], sprops[j].key.bv_val,
934
				sprops[j].key.bv_len )) continue;
935
			if ( sprops[j].ival ) {
936
				unsigned v;
937
				char *next = NULL;
938
				if ( !isdigit( (unsigned char)props[i][sprops[j].key.bv_len] ))
939
					continue;
940
				v = strtoul( &props[i][sprops[j].key.bv_len], &next, 10 );
941
				if ( next == &props[i][sprops[j].key.bv_len] || next[0] != '\0' ) continue;
942
				switch( sprops[j].ival ) {
943
				case GOT_MINSSF:
944
					min_ssf = v; got_min_ssf++; break;
945
				case GOT_MAXSSF:
946
					max_ssf = v; got_max_ssf++; break;
947
				case GOT_MAXBUF:
948
					maxbufsize = v; got_maxbufsize++; break;
949
				}
950
			} else {
951
				if ( props[i][sprops[j].key.bv_len] ) continue;
952
				if ( sprops[j].sflag )
953
					sflags |= sprops[j].sflag;
954
				else
955
					sflags = 0;
956
				got_sflags++;
957
			}
958
			break;
959
		}
960
		if ( BER_BVISNULL( &sprops[j].key )) {
961
			ldap_charray_free( props );
962
			return LDAP_NOT_SUPPORTED;
963
		}
964
	}
965

966
	if(got_sflags) {
967
		secprops->security_flags = sflags;
968
	}
969
	if(got_min_ssf) {
970
		secprops->min_ssf = min_ssf;
971
	}
972
	if(got_max_ssf) {
973
		secprops->max_ssf = max_ssf;
974
	}
975
	if(got_maxbufsize) {
976
		secprops->maxbufsize = maxbufsize;
977
	}
978

979
	ldap_charray_free( props );
980
	return LDAP_SUCCESS;
981
}
982

983
int
984
ldap_int_sasl_config( struct ldapoptions *lo, int option, const char *arg )
985
{
986
	int rc, i;
987

988
	switch( option ) {
989
	case LDAP_OPT_X_SASL_SECPROPS:
990
		rc = ldap_pvt_sasl_secprops( arg, &lo->ldo_sasl_secprops );
991
		if( rc == LDAP_SUCCESS ) return 0;
992
		break;
993
	case LDAP_OPT_X_SASL_CBINDING:
994
		i = ldap_pvt_sasl_cbinding_parse( arg );
995
		if ( i >= 0 ) {
996
			lo->ldo_sasl_cbinding = i;
997
			return 0;
998
		}
999
		break;
1000
	}
1001

1002
	return -1;
1003
}
1004

1005
int
1006
ldap_int_sasl_get_option( LDAP *ld, int option, void *arg )
1007
{
1008
	if ( option == LDAP_OPT_X_SASL_MECHLIST ) {
1009
		*(char ***)arg = (char **)sasl_global_listmech();
1010
		return 0;
1011
	}
1012

1013
	if ( ld == NULL )
1014
		return -1;
1015

1016
	switch ( option ) {
1017
		case LDAP_OPT_X_SASL_MECH: {
1018
			*(char **)arg = ld->ld_options.ldo_def_sasl_mech
1019
				? LDAP_STRDUP( ld->ld_options.ldo_def_sasl_mech ) : NULL;
1020
		} break;
1021
		case LDAP_OPT_X_SASL_REALM: {
1022
			*(char **)arg = ld->ld_options.ldo_def_sasl_realm
1023
				? LDAP_STRDUP( ld->ld_options.ldo_def_sasl_realm ) : NULL;
1024
		} break;
1025
		case LDAP_OPT_X_SASL_AUTHCID: {
1026
			*(char **)arg = ld->ld_options.ldo_def_sasl_authcid
1027
				? LDAP_STRDUP( ld->ld_options.ldo_def_sasl_authcid ) : NULL;
1028
		} break;
1029
		case LDAP_OPT_X_SASL_AUTHZID: {
1030
			*(char **)arg = ld->ld_options.ldo_def_sasl_authzid
1031
				? LDAP_STRDUP( ld->ld_options.ldo_def_sasl_authzid ) : NULL;
1032
		} break;
1033

1034
		case LDAP_OPT_X_SASL_SSF: {
1035
			int sc;
1036
			sasl_ssf_t	*ssf;
1037
			sasl_conn_t *ctx;
1038

1039
			if( ld->ld_defconn == NULL ) {
1040
				return -1;
1041
			}
1042

1043
			ctx = ld->ld_defconn->lconn_sasl_sockctx;
1044

1045
			if ( ctx == NULL ) {
1046
				return -1;
1047
			}
1048

1049
			sc = sasl_getprop( ctx, SASL_SSF,
1050
				(SASL_CONST void **)(char *) &ssf );
1051

1052
			if ( sc != SASL_OK ) {
1053
				return -1;
1054
			}
1055

1056
			*(ber_len_t *)arg = *ssf;
1057
		} break;
1058

1059
		case LDAP_OPT_X_SASL_SSF_EXTERNAL:
1060
			/* this option is write only */
1061
			return -1;
1062

1063
		case LDAP_OPT_X_SASL_SSF_MIN:
1064
			*(ber_len_t *)arg = ld->ld_options.ldo_sasl_secprops.min_ssf;
1065
			break;
1066
		case LDAP_OPT_X_SASL_SSF_MAX:
1067
			*(ber_len_t *)arg = ld->ld_options.ldo_sasl_secprops.max_ssf;
1068
			break;
1069
		case LDAP_OPT_X_SASL_MAXBUFSIZE:
1070
			*(ber_len_t *)arg = ld->ld_options.ldo_sasl_secprops.maxbufsize;
1071
			break;
1072
		case LDAP_OPT_X_SASL_NOCANON:
1073
			*(int *)arg = (int) LDAP_BOOL_GET(&ld->ld_options, LDAP_BOOL_SASL_NOCANON );
1074
			break;
1075

1076
		case LDAP_OPT_X_SASL_USERNAME: {
1077
			int sc;
1078
			char *username;
1079
			sasl_conn_t *ctx;
1080

1081
			if( ld->ld_defconn == NULL ) {
1082
				return -1;
1083
			}
1084

1085
			ctx = ld->ld_defconn->lconn_sasl_authctx;
1086

1087
			if ( ctx == NULL ) {
1088
				return -1;
1089
			}
1090

1091
			sc = sasl_getprop( ctx, SASL_USERNAME,
1092
				(SASL_CONST void **)(char **) &username );
1093

1094
			if ( sc != SASL_OK ) {
1095
				return -1;
1096
			}
1097

1098
			*(char **)arg = username ? LDAP_STRDUP( username ) : NULL;
1099
		} break;
1100

1101
		case LDAP_OPT_X_SASL_SECPROPS:
1102
			/* this option is write only */
1103
			return -1;
1104

1105
		case LDAP_OPT_X_SASL_CBINDING:
1106
			*(int *)arg = ld->ld_options.ldo_sasl_cbinding;
1107
			break;
1108

1109
#ifdef SASL_GSS_CREDS
1110
		case LDAP_OPT_X_SASL_GSS_CREDS: {
1111
			sasl_conn_t *ctx;
1112
			int sc;
1113

1114
			if ( ld->ld_defconn == NULL )
1115
				return -1;
1116

1117
			ctx = ld->ld_defconn->lconn_sasl_authctx;
1118
			if ( ctx == NULL )
1119
				return -1;
1120

1121
			sc = sasl_getprop( ctx, SASL_GSS_CREDS, arg );
1122
			if ( sc != SASL_OK )
1123
				return -1;
1124
			}
1125
			break;
1126
#endif
1127

1128
		default:
1129
			return -1;
1130
	}
1131
	return 0;
1132
}
1133

1134
int
1135
ldap_int_sasl_set_option( LDAP *ld, int option, void *arg )
1136
{
1137
	if ( ld == NULL )
1138
		return -1;
1139

1140
	if ( arg == NULL && option != LDAP_OPT_X_SASL_NOCANON )
1141
		return -1;
1142

1143
	switch ( option ) {
1144
	case LDAP_OPT_X_SASL_SSF:
1145
	case LDAP_OPT_X_SASL_USERNAME:
1146
		/* This option is read-only */
1147
		return -1;
1148

1149
	case LDAP_OPT_X_SASL_SSF_EXTERNAL: {
1150
		int sc;
1151
#if SASL_VERSION_MAJOR < 2
1152
		sasl_external_properties_t extprops;
1153
#else
1154
		sasl_ssf_t sasl_ssf;
1155
#endif
1156
		sasl_conn_t *ctx;
1157

1158
		if( ld->ld_defconn == NULL ) {
1159
			return -1;
1160
		}
1161

1162
		ctx = ld->ld_defconn->lconn_sasl_authctx;
1163

1164
		if ( ctx == NULL ) {
1165
			return -1;
1166
		}
1167

1168
#if SASL_VERSION_MAJOR >= 2
1169
		sasl_ssf = * (ber_len_t *)arg;
1170
		sc = sasl_setprop( ctx, SASL_SSF_EXTERNAL, &sasl_ssf);
1171
#else
1172
		memset(&extprops, 0L, sizeof(extprops));
1173

1174
		extprops.ssf = * (ber_len_t *) arg;
1175

1176
		sc = sasl_setprop( ctx, SASL_SSF_EXTERNAL,
1177
			(void *) &extprops );
1178
#endif
1179

1180
		if ( sc != SASL_OK ) {
1181
			return -1;
1182
		}
1183
		} break;
1184

1185
	case LDAP_OPT_X_SASL_SSF_MIN:
1186
		ld->ld_options.ldo_sasl_secprops.min_ssf = *(ber_len_t *)arg;
1187
		break;
1188
	case LDAP_OPT_X_SASL_SSF_MAX:
1189
		ld->ld_options.ldo_sasl_secprops.max_ssf = *(ber_len_t *)arg;
1190
		break;
1191
	case LDAP_OPT_X_SASL_MAXBUFSIZE:
1192
		ld->ld_options.ldo_sasl_secprops.maxbufsize = *(ber_len_t *)arg;
1193
		break;
1194
	case LDAP_OPT_X_SASL_NOCANON:
1195
		if ( arg == LDAP_OPT_OFF ) {
1196
			LDAP_BOOL_CLR(&ld->ld_options, LDAP_BOOL_SASL_NOCANON );
1197
		} else {
1198
			LDAP_BOOL_SET(&ld->ld_options, LDAP_BOOL_SASL_NOCANON );
1199
		}
1200
		break;
1201

1202
	case LDAP_OPT_X_SASL_SECPROPS: {
1203
		int sc;
1204
		sc = ldap_pvt_sasl_secprops( (char *) arg,
1205
			&ld->ld_options.ldo_sasl_secprops );
1206

1207
		return sc == LDAP_SUCCESS ? 0 : -1;
1208
		}
1209

1210
	case LDAP_OPT_X_SASL_CBINDING:
1211
		if ( !arg ) return -1;
1212
		switch( *(int *) arg ) {
1213
		case LDAP_OPT_X_SASL_CBINDING_NONE:
1214
		case LDAP_OPT_X_SASL_CBINDING_TLS_UNIQUE:
1215
		case LDAP_OPT_X_SASL_CBINDING_TLS_ENDPOINT:
1216
			ld->ld_options.ldo_sasl_cbinding = *(int *) arg;
1217
			return 0;
1218
		}
1219
		return -1;
1220

1221
#ifdef SASL_GSS_CREDS
1222
	case LDAP_OPT_X_SASL_GSS_CREDS: {
1223
		sasl_conn_t *ctx;
1224
		int sc;
1225

1226
		if ( ld->ld_defconn == NULL )
1227
			return -1;
1228

1229
		ctx = ld->ld_defconn->lconn_sasl_authctx;
1230
		if ( ctx == NULL )
1231
			return -1;
1232

1233
		sc = sasl_setprop( ctx, SASL_GSS_CREDS, arg );
1234
		if ( sc != SASL_OK )
1235
			return -1;
1236
		}
1237
		break;
1238
#endif
1239

1240
	default:
1241
		return -1;
1242
	}
1243
	return 0;
1244
}
1245

1246
#ifdef LDAP_R_COMPILE
1247
#define LDAP_DEBUG_R_SASL
1248
void *ldap_pvt_sasl_mutex_new(void)
1249
{
1250
	ldap_pvt_thread_mutex_t *mutex;
1251

1252
	mutex = (ldap_pvt_thread_mutex_t *) LDAP_CALLOC( 1,
1253
		sizeof(ldap_pvt_thread_mutex_t) );
1254

1255
	if ( ldap_pvt_thread_mutex_init( mutex ) == 0 ) {
1256
		return mutex;
1257
	}
1258
	LDAP_FREE( mutex );
1259
#ifndef LDAP_DEBUG_R_SASL
1260
	assert( 0 );
1261
#endif /* !LDAP_DEBUG_R_SASL */
1262
	return NULL;
1263
}
1264

1265
int ldap_pvt_sasl_mutex_lock(void *mutex)
1266
{
1267
#ifdef LDAP_DEBUG_R_SASL
1268
	if ( mutex == NULL ) {
1269
		return SASL_OK;
1270
	}
1271
#else /* !LDAP_DEBUG_R_SASL */
1272
	assert( mutex != NULL );
1273
#endif /* !LDAP_DEBUG_R_SASL */
1274
	return ldap_pvt_thread_mutex_lock( (ldap_pvt_thread_mutex_t *)mutex )
1275
		? SASL_FAIL : SASL_OK;
1276
}
1277

1278
int ldap_pvt_sasl_mutex_unlock(void *mutex)
1279
{
1280
#ifdef LDAP_DEBUG_R_SASL
1281
	if ( mutex == NULL ) {
1282
		return SASL_OK;
1283
	}
1284
#else /* !LDAP_DEBUG_R_SASL */
1285
	assert( mutex != NULL );
1286
#endif /* !LDAP_DEBUG_R_SASL */
1287
	return ldap_pvt_thread_mutex_unlock( (ldap_pvt_thread_mutex_t *)mutex )
1288
		? SASL_FAIL : SASL_OK;
1289
}
1290

1291
void ldap_pvt_sasl_mutex_dispose(void *mutex)
1292
{
1293
#ifdef LDAP_DEBUG_R_SASL
1294
	if ( mutex == NULL ) {
1295
		return;
1296
	}
1297
#else /* !LDAP_DEBUG_R_SASL */
1298
	assert( mutex != NULL );
1299
#endif /* !LDAP_DEBUG_R_SASL */
1300
	(void) ldap_pvt_thread_mutex_destroy( (ldap_pvt_thread_mutex_t *)mutex );
1301
	LDAP_FREE( mutex );
1302
}
1303
#endif
1304

1305
#else
1306
int ldap_int_sasl_init( void )
1307
{ return LDAP_SUCCESS; }
1308

1309
int ldap_int_sasl_close( LDAP *ld, LDAPConn *lc )
1310
{ return LDAP_SUCCESS; }
1311

1312
int
1313
ldap_int_sasl_bind(
1314
	LDAP			*ld,
1315
	const char		*dn,
1316
	const char		*mechs,
1317
	LDAPControl		**sctrls,
1318
	LDAPControl		**cctrls,
1319
	unsigned		flags,
1320
	LDAP_SASL_INTERACT_PROC *interact,
1321
	void			*defaults,
1322
	LDAPMessage		*result,
1323
	const char		**rmech,
1324
	int				*msgid )
1325
{ return LDAP_NOT_SUPPORTED; }
1326

1327
int
1328
ldap_int_sasl_external(
1329
	LDAP *ld,
1330
	LDAPConn *conn,
1331
	const char * authid,
1332
	ber_len_t ssf )
1333
{ return LDAP_SUCCESS; }
1334

1335
#endif /* HAVE_CYRUS_SASL */
1336

1337
Product

Resources

Company
