libraries/libldap/sasl.c - diff

Return to sasl.c CVS log

Up to [OpenLDAP] / libraries / libldap

Diff for /libraries/libldap/sasl.c between versions 1.40 and 1.63

version 1.40, 2001/12/18 00:24:31	version 1.63, 2006/01/03 22:12:09
Line 1	Line 1
/* $OpenLDAP: pkg/ldap/libraries/libldap/sasl.c,v 1.39 2001/10/01 23:02:23 hyc Exp $ */	/* $OpenLDAP: pkg/ldap/libraries/libldap/sasl.c,v 1.62 2005/12/13 19:11:26 ando Exp $ */
/*	/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
* Copyright 1998-2000 The OpenLDAP Foundation, All Rights Reserved.	*
* COPYING RESTRICTIONS APPLY, see COPYRIGHT file	* Copyright 1998-2006 The OpenLDAP Foundation.
	* All rights reserved.
	*
	* Redistribution and use in source and binary forms, with or without
	* modification, are permitted only as authorized by the OpenLDAP
	* Public License.
	*
	* A copy of this license is available in the file LICENSE in the
	* top-level directory of the distribution or, alternatively, at
	* <http://www.OpenLDAP.org/license.html>.
	*/
	/* Portions Copyright (C) The Internet Society (1997)
	* ASN.1 fragments are from RFC 2251; see RFC for full legal notices.
*/	*/

/*	/*
Line 60 ldap_sasl_bind(	Line 72 ldap_sasl_bind(
{	{
BerElement *ber;	BerElement *ber;
int rc;	int rc;
	ber_int_t id;

Debug( LDAP_DEBUG_TRACE, "ldap_sasl_bind\n", 0, 0, 0 );	Debug( LDAP_DEBUG_TRACE, "ldap_sasl_bind\n", 0, 0, 0 );

Line 71 ldap_sasl_bind(	Line 84 ldap_sasl_bind(
rc = ldap_int_client_controls( ld, cctrls );	rc = ldap_int_client_controls( ld, cctrls );
if( rc != LDAP_SUCCESS ) return rc;	if( rc != LDAP_SUCCESS ) return rc;

if( msgidp == NULL ) {
ld->ld_errno = LDAP_PARAM_ERROR;
return ld->ld_errno;
}

if( mechanism == LDAP_SASL_SIMPLE ) {	if( mechanism == LDAP_SASL_SIMPLE ) {
if( dn == NULL && cred != NULL ) {	if( dn == NULL && cred != NULL && cred->bv_len ) {
/* use default binddn */	/* use default binddn */
dn = ld->ld_defbinddn;	dn = ld->ld_defbinddn;
}	}
Line 99 ldap_sasl_bind(	Line 107 ldap_sasl_bind(

assert( LBER_VALID( ber ) );	assert( LBER_VALID( ber ) );

	LDAP_NEXT_MSGID( ld, id );
if( mechanism == LDAP_SASL_SIMPLE ) {	if( mechanism == LDAP_SASL_SIMPLE ) {
/* simple bind */	/* simple bind */
rc = ber_printf( ber, "{it{istON}" /}/,	rc = ber_printf( ber, "{it{istON}" /}/,
++ld->ld_msgid, LDAP_REQ_BIND,	id, LDAP_REQ_BIND,
ld->ld_version, dn, LDAP_AUTH_SIMPLE,	ld->ld_version, dn, LDAP_AUTH_SIMPLE,
cred );	cred );

} else if ( cred == NULL \|\| !cred->bv_len ) {	} else if ( cred == NULL \|\| cred->bv_val == NULL ) {
/* SASL bind w/o creditials */	/* SASL bind w/o credentials */
rc = ber_printf( ber, "{it{ist{sN}N}" /}/,	rc = ber_printf( ber, "{it{ist{sN}N}" /}/,
++ld->ld_msgid, LDAP_REQ_BIND,	id, LDAP_REQ_BIND,
ld->ld_version, dn, LDAP_AUTH_SASL,	ld->ld_version, dn, LDAP_AUTH_SASL,
mechanism );	mechanism );

} else {	} else {
/* SASL bind w/ creditials */	/* SASL bind w/ credentials */
rc = ber_printf( ber, "{it{ist{sON}N}" /}/,	rc = ber_printf( ber, "{it{ist{sON}N}" /}/,
++ld->ld_msgid, LDAP_REQ_BIND,	id, LDAP_REQ_BIND,
ld->ld_version, dn, LDAP_AUTH_SASL,	ld->ld_version, dn, LDAP_AUTH_SASL,
mechanism, cred );	mechanism, cred );
}	}
Line 139 ldap_sasl_bind(	Line 148 ldap_sasl_bind(
return ld->ld_errno;	return ld->ld_errno;
}	}

#ifndef LDAP_NOCACHE
if ( ld->ld_cache != NULL ) {
ldap_flush_cache( ld );
}
#endif /* !LDAP_NOCACHE */

/* send the message */	/* send the message */
*msgidp = ldap_send_initial_request( ld, LDAP_REQ_BIND, dn, ber );	*msgidp = ldap_send_initial_request( ld, LDAP_REQ_BIND, dn, ber, id );

if(*msgidp < 0)	if(*msgidp < 0)
return ld->ld_errno;	return ld->ld_errno;
Line 192 ldap_sasl_bind_s(	Line 196 ldap_sasl_bind_s(
}	}
#endif	#endif

if ( ldap_result( ld, msgid, 1, NULL, &result ) == -1 ) {	if ( ldap_result( ld, msgid, LDAP_MSG_ALL, NULL, &result ) == -1 ) {
return( ld->ld_errno ); /* ldap_result sets ld_errno */	return( ld->ld_errno ); /* ldap_result sets ld_errno */
}	}

Line 257 ldap_parse_sasl_bind_result(	Line 261 ldap_parse_sasl_bind_result(
assert( LDAP_VALID( ld ) );	assert( LDAP_VALID( ld ) );
assert( res != NULL );	assert( res != NULL );

if ( ld == NULL \|\| res == NULL ) {
return LDAP_PARAM_ERROR;
}

if( servercredp != NULL ) {	if( servercredp != NULL ) {
if( ld->ld_version < LDAP_VERSION2 ) {	if( ld->ld_version < LDAP_VERSION2 ) {
return LDAP_NOT_SUPPORTED;	return LDAP_NOT_SUPPORTED;
Line 294 ldap_parse_sasl_bind_result(	Line 294 ldap_parse_sasl_bind_result(
}	}

if ( ld->ld_version < LDAP_VERSION2 ) {	if ( ld->ld_version < LDAP_VERSION2 ) {
	#ifdef LDAP_NULL_IS_NULL
	tag = ber_scanf( ber, "{iA}",
	&errcode, &ld->ld_error );
	#else /* ! LDAP_NULL_IS_NULL */
tag = ber_scanf( ber, "{ia}",	tag = ber_scanf( ber, "{ia}",
&errcode, &ld->ld_error );	&errcode, &ld->ld_error );
	#endif /* ! LDAP_NULL_IS_NULL */

if( tag == LBER_ERROR ) {	if( tag == LBER_ERROR ) {
ber_free( ber, 0 );	ber_free( ber, 0 );
Line 306 ldap_parse_sasl_bind_result(	Line 311 ldap_parse_sasl_bind_result(
} else {	} else {
ber_len_t len;	ber_len_t len;

tag = ber_scanf( ber, "{iaa" /}/,	#ifdef LDAP_NULL_IS_NULL
	tag = ber_scanf( ber, "{eAA" /}/,
	&errcode, &ld->ld_matched, &ld->ld_error );
	#else /* ! LDAP_NULL_IS_NULL */
	tag = ber_scanf( ber, "{eaa" /}/,
&errcode, &ld->ld_matched, &ld->ld_error );	&errcode, &ld->ld_matched, &ld->ld_error );
	#endif /* ! LDAP_NULL_IS_NULL */

if( tag == LBER_ERROR ) {	if( tag == LBER_ERROR ) {
ber_free( ber, 0 );	ber_free( ber, 0 );
Line 425 ldap_sasl_interactive_bind_s(	Line 435 ldap_sasl_interactive_bind_s(
void *defaults )	void *defaults )
{	{
int rc;	int rc;
	char *smechs = NULL;

#if defined( LDAP_R_COMPILE ) && defined( HAVE_CYRUS_SASL )	#if defined( LDAP_R_COMPILE ) && defined( HAVE_CYRUS_SASL )
ldap_pvt_thread_mutex_lock( &ldap_int_sasl_mutex );	ldap_pvt_thread_mutex_lock( &ldap_int_sasl_mutex );
Line 435 ldap_sasl_interactive_bind_s(	Line 446 ldap_sasl_interactive_bind_s(
* ask all the time. No, we don't ever actually bind, but I'll	* ask all the time. No, we don't ever actually bind, but I'll
* let the final bind handler take care of saving the cdn.	* let the final bind handler take care of saving the cdn.
*/	*/
rc = ldap_simple_bind(ld, dn, NULL);	rc = ldap_simple_bind( ld, dn, NULL );
return rc < 0 ? rc : 0;	rc = rc < 0 ? rc : 0;
	goto done;
} else	} else
#endif	#endif
if( mechs == NULL \|\| *mechs == '\0' ) {
char *smechs;

	#ifdef HAVE_CYRUS_SASL
	if( mechs == NULL \|\| *mechs == '\0' ) {
	mechs = ld->ld_options.ldo_def_sasl_mech;
	}
	#endif

	if( mechs == NULL \|\| *mechs == '\0' ) {
rc = ldap_pvt_sasl_getmechs( ld, &smechs );	rc = ldap_pvt_sasl_getmechs( ld, &smechs );

if( rc != LDAP_SUCCESS ) {	if( rc != LDAP_SUCCESS ) {
goto done;	goto done;
}	}

Debug( LDAP_DEBUG_TRACE,	Debug( LDAP_DEBUG_TRACE,
"ldap_interactive_sasl_bind_s: server supports: %s\n",	"ldap_sasl_interactive_bind_s: server supports: %s\n",
smechs, 0, 0 );	smechs, 0, 0 );

mechs = smechs;	mechs = smechs;

} else {	} else {
Debug( LDAP_DEBUG_TRACE,	Debug( LDAP_DEBUG_TRACE,
"ldap_interactive_sasl_bind_s: user selected: %s\n",	"ldap_sasl_interactive_bind_s: user selected: %s\n",
mechs, 0, 0 );	mechs, 0, 0 );
}	}

Line 468 done:	Line 484 done:
#if defined( LDAP_R_COMPILE ) && defined( HAVE_CYRUS_SASL )	#if defined( LDAP_R_COMPILE ) && defined( HAVE_CYRUS_SASL )
ldap_pvt_thread_mutex_unlock( &ldap_int_sasl_mutex );	ldap_pvt_thread_mutex_unlock( &ldap_int_sasl_mutex );
#endif	#endif
	if ( smechs ) LDAP_FREE( smechs );

return rc;	return rc;
}	}

Removed from v.1.40
changed lines
	Added in v.1.63