Diff for /libraries/libldap/sasl.c between versions 1.64.2.5 and 1.84

version 1.64.2.5, 2008/11/08 00:14:45 version 1.84, 2011/01/04 23:43:05
Line 1 Line 1
 /* $OpenLDAP: pkg/ldap/libraries/libldap/sasl.c,v 1.64.2.4 2008/02/11 23:26:41 kurt Exp $ */  /* $OpenLDAP: pkg/ldap/libraries/libldap/sasl.c,v 1.83 2010/10/13 23:47:09 hyc Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.  /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *   *
  * Copyright 1998-2008 The OpenLDAP Foundation.   * Copyright 1998-2011 The OpenLDAP Foundation.
  * All rights reserved.   * All rights reserved.
  *   *
  * Redistribution and use in source and binary forms, with or without   * Redistribution and use in source and binary forms, with or without
Line 401  ldap_pvt_sasl_getmechs ( LDAP *ld, char Line 401  ldap_pvt_sasl_getmechs ( LDAP *ld, char
 }  }
   
 /*  /*
  * ldap_sasl_interactive_bind_s - interactive SASL authentication   * ldap_sasl_interactive_bind - interactive SASL authentication
  *   *
  * This routine uses interactive callbacks.   * This routine uses interactive callbacks.
  *   *
  * LDAP_SUCCESS is returned upon success, the ldap error code   * LDAP_SUCCESS is returned upon success, the ldap error code
  * otherwise.   * otherwise. LDAP_SASL_BIND_IN_PROGRESS is returned if further
    * calls are needed.
  */   */
 int  int
 ldap_sasl_interactive_bind_s(  ldap_sasl_interactive_bind(
         LDAP *ld,          LDAP *ld,
         LDAP_CONST char *dn, /* usually NULL */          LDAP_CONST char *dn, /* usually NULL */
         LDAP_CONST char *mechs,          LDAP_CONST char *mechs,
Line 417  ldap_sasl_interactive_bind_s( Line 418  ldap_sasl_interactive_bind_s(
         LDAPControl **clientControls,          LDAPControl **clientControls,
         unsigned flags,          unsigned flags,
         LDAP_SASL_INTERACT_PROC *interact,          LDAP_SASL_INTERACT_PROC *interact,
         void *defaults )          void *defaults,
           LDAPMessage *result,
           const char **rmech,
           int *msgid )
 {  {
         int rc;  
         char *smechs = NULL;          char *smechs = NULL;
           int rc;
   
 #if defined( LDAP_R_COMPILE ) && defined( HAVE_CYRUS_SASL )  #if defined( HAVE_CYRUS_SASL )
         ldap_pvt_thread_mutex_lock( &ldap_int_sasl_mutex );          LDAP_MUTEX_LOCK( &ldap_int_sasl_mutex );
 #endif  #endif
 #ifdef LDAP_CONNECTIONLESS  #ifdef LDAP_CONNECTIONLESS
         if( LDAP_IS_UDP(ld) ) {          if( LDAP_IS_UDP(ld) ) {
Line 437  ldap_sasl_interactive_bind_s( Line 441  ldap_sasl_interactive_bind_s(
         } else          } else
 #endif  #endif
   
           /* First time */
           if ( !result ) {
   
 #ifdef HAVE_CYRUS_SASL  #ifdef HAVE_CYRUS_SASL
         if( mechs == NULL || *mechs == '\0' ) {          if( mechs == NULL || *mechs == '\0' ) {
                 mechs = ld->ld_options.ldo_def_sasl_mech;                  mechs = ld->ld_options.ldo_def_sasl_mech;
Line 444  ldap_sasl_interactive_bind_s( Line 451  ldap_sasl_interactive_bind_s(
 #endif  #endif
                                   
         if( mechs == NULL || *mechs == '\0' ) {          if( mechs == NULL || *mechs == '\0' ) {
                   /* FIXME: this needs to be asynchronous too;
                    * perhaps NULL should be disallowed for async usage?
                    */
                 rc = ldap_pvt_sasl_getmechs( ld, &smechs );                  rc = ldap_pvt_sasl_getmechs( ld, &smechs );
                 if( rc != LDAP_SUCCESS ) {                  if( rc != LDAP_SUCCESS ) {
                         goto done;                          goto done;
                 }                  }
   
                 Debug( LDAP_DEBUG_TRACE,                  Debug( LDAP_DEBUG_TRACE,
                         "ldap_sasl_interactive_bind_s: server supports: %s\n",                          "ldap_sasl_interactive_bind: server supports: %s\n",
                         smechs, 0, 0 );                          smechs, 0, 0 );
   
                 mechs = smechs;                  mechs = smechs;
   
         } else {          } else {
                 Debug( LDAP_DEBUG_TRACE,                  Debug( LDAP_DEBUG_TRACE,
                         "ldap_sasl_interactive_bind_s: user selected: %s\n",                          "ldap_sasl_interactive_bind: user selected: %s\n",
                         mechs, 0, 0 );                          mechs, 0, 0 );
         }          }
           }
         rc = ldap_int_sasl_bind( ld, dn, mechs,          rc = ldap_int_sasl_bind( ld, dn, mechs,
                 serverControls, clientControls,                  serverControls, clientControls,
                 flags, interact, defaults );                  flags, interact, defaults, result, rmech, msgid );
   
 done:  done:
 #if defined( LDAP_R_COMPILE ) && defined( HAVE_CYRUS_SASL )  #if defined( HAVE_CYRUS_SASL )
         ldap_pvt_thread_mutex_unlock( &ldap_int_sasl_mutex );          LDAP_MUTEX_UNLOCK( &ldap_int_sasl_mutex );
 #endif  #endif
         if ( smechs ) LDAP_FREE( smechs );          if ( smechs ) LDAP_FREE( smechs );
   
         return rc;          return rc;
 }  }
   
   /*
    * ldap_sasl_interactive_bind_s - interactive SASL authentication
    *
    * This routine uses interactive callbacks.
    *
    * LDAP_SUCCESS is returned upon success, the ldap error code
    * otherwise.
    */
   int
   ldap_sasl_interactive_bind_s(
           LDAP *ld,
           LDAP_CONST char *dn, /* usually NULL */
           LDAP_CONST char *mechs,
           LDAPControl **serverControls,
           LDAPControl **clientControls,
           unsigned flags,
           LDAP_SASL_INTERACT_PROC *interact,
           void *defaults )
   {
           const char *rmech = NULL;
           LDAPMessage *result = NULL;
           int rc, msgid;
   
           do {
                   rc = ldap_sasl_interactive_bind( ld, dn, mechs,
                           serverControls, clientControls,
                           flags, interact, defaults, result, &rmech, &msgid );
   
                   ldap_msgfree( result );
   
                   if ( rc != LDAP_SASL_BIND_IN_PROGRESS )
                           break;
   
   #ifdef LDAP_CONNECTIONLESS
                   if (LDAP_IS_UDP(ld)) {
                           break;
                   }
   #endif
   
                   if ( ldap_result( ld, msgid, LDAP_MSG_ALL, NULL, &result ) == -1 || !result ) {
                           return( ld->ld_errno ); /* ldap_result sets ld_errno */
                   }
           } while ( rc == LDAP_SASL_BIND_IN_PROGRESS );
   
           return rc;
   }
   
 #ifdef HAVE_CYRUS_SASL  #ifdef HAVE_CYRUS_SASL
   
 #ifdef HAVE_SASL_SASL_H  #ifdef HAVE_SASL_SASL_H
Line 503  sb_sasl_generic_setup( Sockbuf_IO_Desc * Line 560  sb_sasl_generic_setup( Sockbuf_IO_Desc *
         p->ops = i->ops;          p->ops = i->ops;
         p->ops_private = i->ops_private;          p->ops_private = i->ops_private;
         p->sbiod = sbiod;          p->sbiod = sbiod;
           p->flags = 0;
         ber_pvt_sb_buf_init( &p->sec_buf_in );          ber_pvt_sb_buf_init( &p->sec_buf_in );
         ber_pvt_sb_buf_init( &p->buf_in );          ber_pvt_sb_buf_init( &p->buf_in );
         ber_pvt_sb_buf_init( &p->buf_out );          ber_pvt_sb_buf_init( &p->buf_out );
Line 678  sb_sasl_generic_write( Sockbuf_IO_Desc * Line 736  sb_sasl_generic_write( Sockbuf_IO_Desc *
 {  {
         struct sb_sasl_generic_data     *p;          struct sb_sasl_generic_data     *p;
         int                             ret;          int                             ret;
           ber_len_t                       len2;
   
         assert( sbiod != NULL );          assert( sbiod != NULL );
         assert( SOCKBUF_VALID( sbiod->sbiod_sb ) );          assert( SOCKBUF_VALID( sbiod->sbiod_sb ) );
   
         p = (struct sb_sasl_generic_data *)sbiod->sbiod_pvt;          p = (struct sb_sasl_generic_data *)sbiod->sbiod_pvt;
   
         /* Are there anything left in the buffer? */          /* Is there anything left in the buffer? */
         if ( p->buf_out.buf_ptr != p->buf_out.buf_end ) {          if ( p->buf_out.buf_ptr != p->buf_out.buf_end ) {
                 ret = ber_pvt_sb_do_write( sbiod, &p->buf_out );                  ret = ber_pvt_sb_do_write( sbiod, &p->buf_out );
                 if ( ret < 0 ) return ret;                  if ( ret < 0 ) return ret;
Line 696  sb_sasl_generic_write( Sockbuf_IO_Desc * Line 755  sb_sasl_generic_write( Sockbuf_IO_Desc *
                 }                  }
         }          }
   
         /* now encode the next packet. */          len2 = p->max_send - 100;       /* For safety margin */
         p->ops->reset_buf( p, &p->buf_out );          len2 = len > len2 ? len2 : len;
   
         if ( len > p->max_send - 100 ) {          /* If we're just retrying a partial write, tell the
                 len = p->max_send - 100;        /* For safety margin */           * caller it's done. Let them call again if there's
            * still more left to write.
            */
           if ( p->flags & LDAP_PVT_SASL_PARTIAL_WRITE ) {
                   p->flags ^= LDAP_PVT_SASL_PARTIAL_WRITE;
                   return len2;
         }          }
   
         ret = p->ops->encode( p, buf, len, &p->buf_out );          /* now encode the next packet. */
           p->ops->reset_buf( p, &p->buf_out );
   
           ret = p->ops->encode( p, buf, len2, &p->buf_out );
   
         if ( ret != 0 ) {          if ( ret != 0 ) {
                 ber_log_printf( LDAP_DEBUG_ANY, sbiod->sbiod_sb->sb_debug,                  ber_log_printf( LDAP_DEBUG_ANY, sbiod->sbiod_sb->sb_debug,
Line 714  sb_sasl_generic_write( Sockbuf_IO_Desc * Line 781  sb_sasl_generic_write( Sockbuf_IO_Desc *
   
         ret = ber_pvt_sb_do_write( sbiod, &p->buf_out );          ret = ber_pvt_sb_do_write( sbiod, &p->buf_out );
   
           if ( ret < 0 ) {
                   /* error? */
                   int err = sock_errno();
                   /* caller can retry this */
                   if ( err == EAGAIN || err == EWOULDBLOCK || err == EINTR )
                           p->flags |= LDAP_PVT_SASL_PARTIAL_WRITE;
                   return ret;
           } else if ( p->buf_out.buf_ptr != p->buf_out.buf_end ) {
                   /* partial write? pretend nothing got written */
                   p->flags |= LDAP_PVT_SASL_PARTIAL_WRITE;
                   sock_errset(EAGAIN);
                   len2 = -1;
           }
   
         /* return number of bytes encoded, not written, to ensure          /* return number of bytes encoded, not written, to ensure
          * no byte is encoded twice (even if only sent once).           * no byte is encoded twice (even if only sent once).
          */           */
         return len;          return len2;
 }  }
   
 static int  static int

Removed from v.1.64.2.5  
changed lines
  Added in v.1.84


______________
© Copyright 1998-2020, OpenLDAP Foundation, info@OpenLDAP.org