1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
|
/* $OpenLDAP$ */
/*
* Copyright 2000 The OpenLDAP Foundation, All Rights Reserved.
* COPYING RESTRICTIONS APPLY, see LICENSE.OpenLDAP
*/
#include "config.h"
#if defined(HAVE_LDAP_SASL_INTERACTIVE_BIND_S) && defined(HAVE_SASL_H)
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <unistd.h>
#include <sasl.h>
#include <ldap.h>
#include "ldap-lutil.h"
typedef struct lutil_sasl_defaults_s
{
char *mech;
char *realm;
char *authcid;
char *passwd;
char *authzid;
}
lutilSASLdefaults;
void *
_nss_ldap_sasl_defaults (LDAP * ld,
char *mech,
char *realm,
char *authcid, char *passwd, char *authzid)
{
lutilSASLdefaults *defaults;
defaults = ber_memalloc (sizeof (lutilSASLdefaults));
if (defaults == NULL)
return NULL;
defaults->mech = mech;
defaults->realm = realm;
defaults->authcid = authcid;
defaults->passwd = passwd;
defaults->authzid = authzid;
if (defaults->mech == NULL)
{
ldap_get_option (ld, LDAP_OPT_X_SASL_MECH, &defaults->mech);
}
if (defaults->realm == NULL)
{
ldap_get_option (ld, LDAP_OPT_X_SASL_REALM, &defaults->realm);
}
if (defaults->authcid == NULL)
{
ldap_get_option (ld, LDAP_OPT_X_SASL_AUTHCID, &defaults->authcid);
}
if (defaults->authzid == NULL)
{
ldap_get_option (ld, LDAP_OPT_X_SASL_AUTHZID, &defaults->authzid);
}
return defaults;
}
/* Simple function that returns the pre-loaded token. No interaction is
allowed when we're inside of an nss backend! */
static int
interaction (sasl_interact_t * interact, lutilSASLdefaults * defaults)
{
const char *dflt = interact->defresult;
int noecho = 0;
int challenge = 0;
switch (interact->id)
{
case SASL_CB_GETREALM:
if (defaults)
dflt = defaults->realm;
break;
case SASL_CB_AUTHNAME:
if (defaults)
dflt = defaults->authcid;
break;
case SASL_CB_PASS:
if (defaults)
dflt = defaults->passwd;
noecho = 1;
break;
case SASL_CB_USER:
if (defaults)
dflt = defaults->authzid;
break;
case SASL_CB_NOECHOPROMPT:
noecho = 1;
challenge = 1;
break;
case SASL_CB_ECHOPROMPT:
challenge = 1;
break;
}
if (dflt && !*dflt)
dflt = NULL;
/* input must be empty */
interact->result = strdup ((dflt && *dflt) ? dflt : "");
interact->len = interact->result ? strlen (interact->result) : 0;
if (defaults && defaults->passwd && interact->id == SASL_CB_PASS)
{
/* zap password after first use */
memset (defaults->passwd, '\0', strlen (defaults->passwd));
defaults->passwd = NULL;
}
return LDAP_SUCCESS;
}
int
_nss_ldap_sasl_interact (LDAP * ld, unsigned flags, void *defaults, void *in)
{
sasl_interact_t *interact = in;
if (flags == LDAP_SASL_INTERACTIVE)
{
fputs ("SASL Interaction\n", stderr);
}
while (interact->id != SASL_CB_LIST_END)
{
int rc = interaction (interact, defaults);
if (rc)
return rc;
interact++;
}
return LDAP_SUCCESS;
}
#endif
|
