2000-07-14 06:54:38 +08:00
|
|
|
/* $OpenLDAP$ */
|
2003-11-26 07:17:08 +08:00
|
|
|
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
|
|
|
|
*
|
2008-01-08 08:19:56 +08:00
|
|
|
* Copyright 1998-2008 The OpenLDAP Foundation.
|
2003-11-26 07:17:08 +08:00
|
|
|
* All rights reserved.
|
|
|
|
*
|
|
|
|
* Redistribution and use in source and binary forms, with or without
|
|
|
|
* modification, are permitted only as authorized by the OpenLDAP
|
|
|
|
* Public License.
|
|
|
|
*
|
|
|
|
* A copy of this license is available in the file LICENSE in the
|
|
|
|
* top-level directory of the distribution or, alternatively, at
|
|
|
|
* <http://www.OpenLDAP.org/license.html>.
|
2000-07-14 06:54:38 +08:00
|
|
|
*/
|
|
|
|
|
|
|
|
#include "portable.h"
|
|
|
|
|
|
|
|
#ifdef HAVE_CYRUS_SASL
|
|
|
|
|
|
|
|
#include <stdio.h>
|
|
|
|
#include <ac/stdlib.h>
|
|
|
|
#include <ac/string.h>
|
|
|
|
#include <ac/unistd.h>
|
|
|
|
|
2002-02-11 17:39:15 +08:00
|
|
|
#ifdef HAVE_SASL_SASL_H
|
|
|
|
#include <sasl/sasl.h>
|
|
|
|
#else
|
2000-07-14 06:54:38 +08:00
|
|
|
#include <sasl.h>
|
2002-02-11 17:39:15 +08:00
|
|
|
#endif
|
2000-07-14 06:54:38 +08:00
|
|
|
|
|
|
|
#include <ldap.h>
|
2003-04-29 22:46:54 +08:00
|
|
|
#include "ldap_pvt.h"
|
2000-07-14 06:54:38 +08:00
|
|
|
#include "lutil_ldap.h"
|
|
|
|
|
2000-07-17 08:56:29 +08:00
|
|
|
|
|
|
|
typedef struct lutil_sasl_defaults_s {
|
|
|
|
char *mech;
|
|
|
|
char *realm;
|
|
|
|
char *authcid;
|
|
|
|
char *passwd;
|
|
|
|
char *authzid;
|
2003-04-06 08:47:55 +08:00
|
|
|
char **resps;
|
|
|
|
int nresps;
|
2000-07-17 08:56:29 +08:00
|
|
|
} lutilSASLdefaults;
|
|
|
|
|
|
|
|
|
2003-04-06 08:47:55 +08:00
|
|
|
void
|
|
|
|
lutil_sasl_freedefs(
|
|
|
|
void *defaults )
|
|
|
|
{
|
|
|
|
lutilSASLdefaults *defs = defaults;
|
2007-08-21 18:52:16 +08:00
|
|
|
|
|
|
|
assert( defs != NULL );
|
2003-04-06 08:47:55 +08:00
|
|
|
|
|
|
|
if (defs->mech) ber_memfree(defs->mech);
|
|
|
|
if (defs->realm) ber_memfree(defs->realm);
|
|
|
|
if (defs->authcid) ber_memfree(defs->authcid);
|
|
|
|
if (defs->passwd) ber_memfree(defs->passwd);
|
|
|
|
if (defs->authzid) ber_memfree(defs->authzid);
|
|
|
|
if (defs->resps) ldap_charray_free(defs->resps);
|
|
|
|
|
|
|
|
ber_memfree(defs);
|
|
|
|
}
|
|
|
|
|
2000-07-17 08:56:29 +08:00
|
|
|
void *
|
|
|
|
lutil_sasl_defaults(
|
|
|
|
LDAP *ld,
|
|
|
|
char *mech,
|
|
|
|
char *realm,
|
|
|
|
char *authcid,
|
|
|
|
char *passwd,
|
|
|
|
char *authzid )
|
|
|
|
{
|
|
|
|
lutilSASLdefaults *defaults;
|
|
|
|
|
|
|
|
defaults = ber_memalloc( sizeof( lutilSASLdefaults ) );
|
|
|
|
|
|
|
|
if( defaults == NULL ) return NULL;
|
|
|
|
|
2003-04-06 08:47:55 +08:00
|
|
|
defaults->mech = mech ? ber_strdup(mech) : NULL;
|
|
|
|
defaults->realm = realm ? ber_strdup(realm) : NULL;
|
|
|
|
defaults->authcid = authcid ? ber_strdup(authcid) : NULL;
|
|
|
|
defaults->passwd = passwd ? ber_strdup(passwd) : NULL;
|
|
|
|
defaults->authzid = authzid ? ber_strdup(authzid) : NULL;
|
2000-07-17 08:56:29 +08:00
|
|
|
|
|
|
|
if( defaults->mech == NULL ) {
|
|
|
|
ldap_get_option( ld, LDAP_OPT_X_SASL_MECH, &defaults->mech );
|
|
|
|
}
|
|
|
|
if( defaults->realm == NULL ) {
|
|
|
|
ldap_get_option( ld, LDAP_OPT_X_SASL_REALM, &defaults->realm );
|
|
|
|
}
|
|
|
|
if( defaults->authcid == NULL ) {
|
|
|
|
ldap_get_option( ld, LDAP_OPT_X_SASL_AUTHCID, &defaults->authcid );
|
|
|
|
}
|
|
|
|
if( defaults->authzid == NULL ) {
|
|
|
|
ldap_get_option( ld, LDAP_OPT_X_SASL_AUTHZID, &defaults->authzid );
|
|
|
|
}
|
2003-04-06 08:47:55 +08:00
|
|
|
defaults->resps = NULL;
|
|
|
|
defaults->nresps = 0;
|
2000-07-17 08:56:29 +08:00
|
|
|
|
|
|
|
return defaults;
|
|
|
|
}
|
|
|
|
|
2000-07-14 06:54:38 +08:00
|
|
|
static int interaction(
|
2000-07-18 05:23:59 +08:00
|
|
|
unsigned flags,
|
|
|
|
sasl_interact_t *interact,
|
|
|
|
lutilSASLdefaults *defaults )
|
2000-07-14 06:54:38 +08:00
|
|
|
{
|
2000-07-17 08:56:29 +08:00
|
|
|
const char *dflt = interact->defresult;
|
2000-07-14 06:54:38 +08:00
|
|
|
char input[1024];
|
|
|
|
|
|
|
|
int noecho=0;
|
|
|
|
int challenge=0;
|
|
|
|
|
|
|
|
switch( interact->id ) {
|
2000-07-17 08:56:29 +08:00
|
|
|
case SASL_CB_GETREALM:
|
|
|
|
if( defaults ) dflt = defaults->realm;
|
|
|
|
break;
|
|
|
|
case SASL_CB_AUTHNAME:
|
|
|
|
if( defaults ) dflt = defaults->authcid;
|
|
|
|
break;
|
|
|
|
case SASL_CB_PASS:
|
|
|
|
if( defaults ) dflt = defaults->passwd;
|
|
|
|
noecho = 1;
|
|
|
|
break;
|
|
|
|
case SASL_CB_USER:
|
|
|
|
if( defaults ) dflt = defaults->authzid;
|
|
|
|
break;
|
2000-07-14 06:54:38 +08:00
|
|
|
case SASL_CB_NOECHOPROMPT:
|
|
|
|
noecho = 1;
|
|
|
|
challenge = 1;
|
|
|
|
break;
|
|
|
|
case SASL_CB_ECHOPROMPT:
|
|
|
|
challenge = 1;
|
|
|
|
break;
|
2000-07-17 08:56:29 +08:00
|
|
|
}
|
|
|
|
|
|
|
|
if( dflt && !*dflt ) dflt = NULL;
|
|
|
|
|
2000-07-18 05:36:30 +08:00
|
|
|
if( flags != LDAP_SASL_INTERACTIVE &&
|
|
|
|
( dflt || interact->id == SASL_CB_USER ) )
|
|
|
|
{
|
2000-07-17 08:56:29 +08:00
|
|
|
goto use_default;
|
|
|
|
}
|
|
|
|
|
2000-07-18 05:23:59 +08:00
|
|
|
if( flags == LDAP_SASL_QUIET ) {
|
2000-07-17 08:56:29 +08:00
|
|
|
/* don't prompt */
|
|
|
|
return LDAP_OTHER;
|
2000-07-14 06:54:38 +08:00
|
|
|
}
|
|
|
|
|
|
|
|
if( challenge ) {
|
|
|
|
if( interact->challenge ) {
|
2003-04-06 14:47:31 +08:00
|
|
|
fprintf( stderr, _("Challenge: %s\n"), interact->challenge );
|
2000-07-14 06:54:38 +08:00
|
|
|
}
|
2000-07-17 08:56:29 +08:00
|
|
|
}
|
|
|
|
|
|
|
|
if( dflt ) {
|
2003-04-06 14:47:31 +08:00
|
|
|
fprintf( stderr, _("Default: %s\n"), dflt );
|
2000-07-14 06:54:38 +08:00
|
|
|
}
|
|
|
|
|
2002-07-24 02:26:33 +08:00
|
|
|
snprintf( input, sizeof input, "%s: ",
|
2003-04-06 14:47:31 +08:00
|
|
|
interact->prompt ? interact->prompt : _("Interact") );
|
2000-07-14 06:54:38 +08:00
|
|
|
|
|
|
|
if( noecho ) {
|
|
|
|
interact->result = (char *) getpassphrase( input );
|
|
|
|
interact->len = interact->result
|
|
|
|
? strlen( interact->result ) : 0;
|
|
|
|
|
|
|
|
} else {
|
|
|
|
/* prompt user */
|
|
|
|
fputs( input, stderr );
|
|
|
|
|
|
|
|
/* get input */
|
|
|
|
interact->result = fgets( input, sizeof(input), stdin );
|
|
|
|
|
|
|
|
if( interact->result == NULL ) {
|
|
|
|
interact->len = 0;
|
|
|
|
return LDAP_UNAVAILABLE;
|
|
|
|
}
|
|
|
|
|
|
|
|
/* len of input */
|
|
|
|
interact->len = strlen(input);
|
|
|
|
|
|
|
|
if( interact->len > 0 && input[interact->len - 1] == '\n' ) {
|
|
|
|
/* input includes '\n', trim it */
|
|
|
|
interact->len--;
|
|
|
|
input[interact->len] = '\0';
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
if( interact->len > 0 ) {
|
|
|
|
/* duplicate */
|
2002-02-10 22:27:23 +08:00
|
|
|
char *p = (char *)interact->result;
|
2003-04-06 08:47:55 +08:00
|
|
|
ldap_charray_add(&defaults->resps, interact->result);
|
|
|
|
interact->result = defaults->resps[defaults->nresps++];
|
2000-07-14 06:54:38 +08:00
|
|
|
|
|
|
|
/* zap */
|
|
|
|
memset( p, '\0', interact->len );
|
|
|
|
|
|
|
|
} else {
|
2000-07-17 08:56:29 +08:00
|
|
|
use_default:
|
2000-07-18 05:45:18 +08:00
|
|
|
/* input must be empty */
|
2003-04-06 08:47:55 +08:00
|
|
|
interact->result = (dflt && *dflt) ? dflt : "";
|
|
|
|
interact->len = strlen( interact->result );
|
2000-07-14 06:54:38 +08:00
|
|
|
}
|
|
|
|
|
|
|
|
return LDAP_SUCCESS;
|
|
|
|
}
|
|
|
|
|
|
|
|
int lutil_sasl_interact(
|
|
|
|
LDAP *ld,
|
2000-07-18 05:23:59 +08:00
|
|
|
unsigned flags,
|
2000-07-17 08:56:29 +08:00
|
|
|
void *defaults,
|
2000-07-14 06:54:38 +08:00
|
|
|
void *in )
|
|
|
|
{
|
|
|
|
sasl_interact_t *interact = in;
|
|
|
|
|
2003-02-22 03:27:54 +08:00
|
|
|
if( ld == NULL ) return LDAP_PARAM_ERROR;
|
2003-02-22 02:39:26 +08:00
|
|
|
|
2000-07-18 05:36:30 +08:00
|
|
|
if( flags == LDAP_SASL_INTERACTIVE ) {
|
2003-04-06 14:47:31 +08:00
|
|
|
fputs( _("SASL Interaction\n"), stderr );
|
2000-07-18 05:23:59 +08:00
|
|
|
}
|
2000-07-15 09:28:16 +08:00
|
|
|
|
2000-07-14 06:54:38 +08:00
|
|
|
while( interact->id != SASL_CB_LIST_END ) {
|
2000-07-18 05:23:59 +08:00
|
|
|
int rc = interaction( flags, interact, defaults );
|
2000-07-14 06:54:38 +08:00
|
|
|
|
|
|
|
if( rc ) return rc;
|
|
|
|
interact++;
|
|
|
|
}
|
|
|
|
|
|
|
|
return LDAP_SUCCESS;
|
|
|
|
}
|
|
|
|
#endif
|