Imported Upstream version 2.1.24~rc1.dfsg1
Ondřej Surý
12 years ago
12 | 12 | |
13 | 13 | Leandro Santi <lesanti@sinectis.com.ar> added Courier authdaemon support. |
14 | 14 | |
15 | Alexey Melnikov <mel@isode.com> wrote the first pass of the | |
15 | Alexey Melnikov <alexey.melnikov@isode.com> wrote the first pass of the | |
16 | 16 | DIGEST-MD5 plugin and continues to work on it. He also wrote |
17 | 17 | a good deal of the current Windows support. |
18 | 18 | |
43 | 43 | which is based on the IPv6 code written by KIKUCHI Takahiro |
44 | 44 | <kick@kyoto.wide.ad.jp> |
45 | 45 | |
46 | $Id: AUTHORS,v 1.17 2004/01/08 15:30:25 ken3 Exp $ | |
46 | $Id: AUTHORS,v 1.18 2006/12/01 17:34:58 mel Exp $ |
0 | 2009-04-27 Ken Murchison <murch@andrew.cmu.edu> | |
1 | * Ready for 2.1.23 | |
0 | 2009-08-14 Alexey Melnikov <alexey.melnikov@isode.com> | |
1 | * saslauthd/auth_shadow.c: Rolled back the previous commit | |
2 | (#define _XOPEN_SOURCE before including unistd.h), | |
3 | as this seems to break Solaris 8 build. Note that crypt.h | |
4 | should be present on a Solaris 8 machine, as well is on Debian, | |
5 | so this shouldn't be a problem. | |
6 | ||
7 | 2009-08-04 Alexey Melnikov <alexey.melnikov@isode.com> | |
8 | * plugins/gssapi.c: Properly set serveroutlen to 0 in one place. | |
9 | Don't send empty challenge once server context establishment is done, | |
10 | as this is in violation of the RFC 2222 and its successor. | |
11 | ||
12 | 2009-07-24 Alexey Melnikov <alexey.melnikov@isode.com> | |
13 | * plugins/gssapi.c: Don't send maxbuf, if no security layer | |
14 | can be established. Added additional checks for buffer lengths. | |
15 | ||
16 | 2009-05-20 Ken Murchison <murch@andrew.cmu.edu> | |
17 | * configure.in, cmulocal/sasl2.m4, | |
18 | config/kerberos_v4.m4, config/plain.m4, config/sasldb.m4, | |
19 | lib/Makefile.am: Fixes to allow static libs to be built in the | |
20 | CMU build environment | |
21 | ||
22 | 2009-05-07 Ken Murchison <murch@andrew.cmu.edu> | |
23 | * configure.in, include/sasl.h, lib/Makefile.am, | |
24 | plugins/Makefile.am, saslauthd/configure.in, sasldb/Makefile.am, | |
25 | win32/common.mak, win32/include/config.h: 2.1.24 | |
26 | ||
27 | 2009-05-03 Alexey Melnikov <alexey.melnikov@isode.com> | |
28 | * sample/sample-client.c, sample/sample-server.c, utils/smtptest.c: | |
29 | Fixed bug # 2895 (passing LF to sasl_decode64) | |
30 | ||
31 | 2009-05-03 Alexey Melnikov <alexey.melnikov@isode.com> | |
32 | * lib/NTMakefile: Disabled annoying warnings about use of | |
33 | deprecated standard C library functions, enabled | |
34 | warnings about Windows64 portability | |
35 | ||
36 | 2009-05-03 Alexey Melnikov <alexey.melnikov@isode.com> | |
37 | * configure.in: Added support for SQLite3 | |
38 | (patch by Maxim Gorbachyov) | |
2 | 39 | |
3 | 40 | 2009-04-27 Ken Murchison <murch@andrew.cmu.edu> |
4 | 41 | * lib/saslutil.c: Fixed CERT VU#238019 (make sure sasl_encode64() |
5 | 42 | always NUL terminates output or returns SASL_BUFOVER). |
43 | ||
44 | 2009-04-11 Alexey Melnikov <alexey.melnikov@isode.com> | |
45 | * plugins/sql.c: Fixed SQLite lookup function. | |
46 | Also fixed SASL PLAIN authentication when used with | |
47 | SQLite auxprop backend. | |
48 | ||
49 | 2009-04-11 Alexey Melnikov <alexey.melnikov@isode.com> | |
50 | * lib/dlopen.c: Updated to use .plugin extension on MacOS | |
51 | ||
52 | 2009-04-08 Alexey Melnikov <alexey.melnikov@isode.com> | |
53 | * lib/client.c, lib/server.c: Removed unused mutexes | |
54 | (bug # 3141) | |
55 | ||
56 | 2009-03-10 Alexey Melnikov <alexey.melnikov@isode.com> | |
57 | * include/sasl.h, include/saslplug.h, lib/canonusr.c, | |
58 | lib/checkpw.c, plugins/sasldb.c, plugins/sql.c: | |
59 | Added direct support for hashed password to auxprop API | |
60 | ||
61 | 2009-03-10 Alexey Melnikov <alexey.melnikov@isode.com> | |
62 | * include/sasl.h, lib/canonusr.c, lib/external.c, | |
63 | plugins/gssapi.c, plugins/kerberos4.c: Make auxprop lookup | |
64 | calls in SASL GSSAPI/EXTERNAL optional | |
65 | ||
66 | 2009-03-10 Alexey Melnikov <alexey.melnikov@isode.com> | |
67 | * plugins/sasldb.c: A better fix for spurious 'user not found' | |
68 | errors caused by an attempt to delete a non-existent property | |
69 | ||
70 | 2009-02-21 Alexey Melnikov <alexey.melnikov@isode.com> | |
71 | * include/saslutil.h, lib/saslint.h: Made sasl_config_init public | |
72 | ||
73 | 2009-02-20 Alexey Melnikov <alexey.melnikov@isode.com> | |
74 | * lib/saslint.h, lib/client.c, lib/common.c, lib/server.c: | |
75 | Make sure that sasl_set_alloc() has no effect once sasl_client_init() | |
76 | or sasl_server_init() is called [patch from Debian by | |
77 | fabbe@debian.org] | |
78 | ||
79 | 2009-02-20 Alexey Melnikov <alexey.melnikov@isode.com> | |
80 | * plugins/digestmd5.c: GCC 4.4 requires that the #elif | |
81 | preprocessor directive have a test condition [patch from Debian by | |
82 | fabbe@paniq.net] | |
83 | ||
84 | 2009-02-20 Alexey Melnikov <alexey.melnikov@isode.com> | |
85 | * saslauthd/lak.c: Define LDAP_DEPRECATED so that ldap_get_values | |
86 | is properly defined when compiling [patch from Debian by | |
87 | Dann Frazier <dannf@debian.org>] | |
88 | ||
89 | 2009-02-20 Alexey Melnikov <alexey.melnikov@isode.com> | |
90 | * saslauthd/auth_sasldb.c: pid_file_lock is created with a mask | |
91 | of 644 instead of 0644 [patch from Debian by Sam Hocevar <sam@zoy.org>] | |
92 | ||
93 | 2009-02-20 Alexey Melnikov <alexey.melnikov@isode.com> | |
94 | * saslauthd/auth_sasldb.c: Include config.h so that MAXHOSTNAMELEN | |
95 | is available when building on hurd-i386 [patch from Debian | |
96 | by mbanck@debian.org] | |
97 | ||
98 | 2009-02-20 Alexey Melnikov <alexey.melnikov@isode.com> | |
99 | * saslauthd/auth_shadow.c: Define _XOPEN_SOURCE before including | |
100 | unistd.h, so that crypt is correctly defined [patch from Debian | |
101 | by dannf@debian.org] | |
102 | ||
103 | 2009-02-14 Alexey Melnikov <alexey.melnikov@isode.com> | |
104 | * utils/pluginviewer.c: Code cleanup, improved human readable messages | |
105 | ||
106 | 2009-02-14 Alexey Melnikov <alexey.melnikov@isode.com> | |
107 | * lib/config.c: Strip trailing spaces from config file option | |
108 | values (bug # 3139, bug # 3041) | |
109 | ||
110 | 2009-02-14 Alexey Melnikov <alexey.melnikov@isode.com> | |
111 | * plugins/otp.c: Don't use a stack variable for an OTP prompt | |
112 | (bug # 2822) | |
113 | ||
114 | 2009-02-13 Alexey Melnikov <alexey.melnikov@isode.com> | |
115 | * saslauthd/auth_getpwent.c: Fixed Solaris build (patch by Leena | |
116 | Heino for bug # 2666) | |
117 | ||
118 | 2009-02-13 Alexey Melnikov <alexey.melnikov@isode.com> | |
119 | * include/saslplug.h, lib/server.c, plugins/anonymous.c, | |
120 | plugins/gssapi.c, plugins/otp.c: Partial support for the | |
121 | SASL_FEAT_DONTUSE_USERPASSWD feature | |
122 | ||
123 | 2009-01-28 Alexey Melnikov <alexey.melnikov@isode.com> | |
124 | * include/sasl.h, lib/auxprop.c, lib/common.c, lib/server.c: | |
125 | Don't treat a constraint violation as an error to store an auxprop | |
126 | property | |
127 | ||
128 | 2009-01-28 Alexey Melnikov <alexey.melnikov@isode.com> | |
129 | * include/sasl.h, lib/server.c: Extended libsasl (auxprop) to support | |
130 | user deletion | |
131 | ||
132 | 2009-01-28 Alexey Melnikov <alexey.melnikov@isode.com> | |
133 | * plugins/otp.c: Downgrade the failure to store OTP secret to debug level | |
134 | ||
135 | 2009-01-25 Alexey Melnikov <alexey.melnikov@isode.com> | |
136 | * lib/windlopen.c: Free handles of shared libraries on Windows | |
137 | that were loaded but are not SASL plugins (patch by Petr Prazak) | |
138 | [Bug # 2089]. | |
139 | ||
140 | 2008-11-23 Alexey Melnikov <alexey.melnikov@isode.com> | |
141 | * plugins/NTMakefile, win32/common.mak: Added support for building | |
142 | SQLite3 on Windows. | |
143 | ||
144 | 2008-11-23 Alexey Melnikov <alexey.melnikov@isode.com> | |
145 | * plugins/ldapdb.c: Updated LDAPDB lookup function to match auxprop | |
146 | API changes | |
147 | ||
148 | 2008-11-15 Alexey Melnikov <alexey.melnikov@isode.com> | |
149 | * plugins/sql.c: Added SQLITE3 support (patch by Maxim Gorbachyov) | |
150 | ||
151 | 2008-10-31 Ken Murchison <murch@andrew.cmu.edu> | |
152 | * lib/saslint.h, lib/server.c: order advertised mechanisms | |
153 | per the specified 'mech_list' option or by relative "strength" | |
154 | ||
155 | 2008-10-30 Alexey Melnikov <alexey.melnikov@isode.com> | |
156 | * plugins/digestmd5.c: Fixed more portability warnings. | |
157 | Fixed some rare memory leaks. More detailed error reporting. | |
158 | ||
159 | 2008-10-30 Alexey Melnikov <alexey.melnikov@isode.com> | |
160 | * win32/include/config.h, lib/canonusr.c, lib/config.c, | |
161 | sasldb/allockey.c, utils/saslpasswd.c, utils/testsuite.c, | |
162 | sample/sample-server.c, plugins/anonymous.c, plugins/digestmd5.c, | |
163 | plugins/login.c, plugins/ntlm.c, plugins/otp.c: | |
164 | Fixed Windows 64 portability and other types of warnings | |
165 | ||
166 | 2008-10-29 Alexey Melnikov <alexey.melnikov@isode.com> | |
167 | * win32/common.mak: Added support for building libraries. | |
168 | Added support for Windows64. | |
169 | ||
170 | 2008-10-29 Alexey Melnikov <alexey.melnikov@isode.com> | |
171 | * lib/common.c: Prevent freeing of common state on a subsequent | |
172 | call to _sasl_common_init. Make sure that the last global callback | |
173 | always wins. | |
174 | ||
175 | 2008-10-29 Alexey Melnikov <alexey.melnikov@isode.com> | |
176 | * lib/saslint.h, lib/canonusr.c, lib/checkpw.c, lib/client.c, | |
177 | lib/server.c: Further fixes to auxprop lookup and _sasl_canon_user | |
178 | cleanup | |
179 | ||
180 | 2008-10-29 Alexey Melnikov <alexey.melnikov@isode.com> | |
181 | * include/saslplug.h, lib/auxprop.c, lib/canonusr.c, lib/saslint.h, | |
182 | plugins/sasldb.c, plugins/sql.c: | |
183 | Extended SASL auxprop_lookup to return error code | |
184 | ||
185 | 2008-10-29 Alexey Melnikov <alexey.melnikov@isode.com> | |
186 | * lib/saslutil.c: Fixed Mac OS X 10.3 build. | |
187 | ||
188 | 2008-10-29 Alexey Melnikov <alexey.melnikov@isode.com> | |
189 | * plugins/sql.c: Uninitialized variables cause crash when | |
190 | the searched user is not found (patch from | |
191 | Maxim Gorbachyov <maxim.gorbachyov@gmail.com>) | |
192 | ||
193 | 2008-10-23 Alexey Melnikov <alexey.melnikov@isode.com> | |
194 | * sasldb/db_berkeley.c: Return SASL_NOUSER instead of SASL_FAIL | |
195 | when the database file doesn't exist | |
196 | ||
197 | 2008-10-23 Alexey Melnikov <alexey.melnikov@isode.com> | |
198 | * lib/checkpw.c: Updated sasl_user_exists so that it can handle | |
199 | passwordless accounts (e.g. disabled) | |
200 | ||
201 | 2008-10-23 Alexey Melnikov <alexey.melnikov@isode.com> | |
202 | * include/saslutil.h, lib/saslint.h, lib/client.c, lib/common.c, | |
203 | lib/saslutil.c, lib/server.c: Added hostname canonicalization | |
204 | ||
205 | 2008-10-22 Alexey Melnikov <alexey.melnikov@isode.com> | |
206 | * lib/NTMakefile, utils/NTMakefile, sample/NTMakefile, | |
207 | plugins/NTMakefile: Updated to build with VC 8.0 (VC++ 2005) | |
208 | ||
209 | 2008-10-22 Alexey Melnikov <alexey.melnikov@isode.com> | |
210 | * lib/NTMakefile: Don't install .exp and .manifest files. | |
211 | Updated build dependencies. | |
212 | ||
213 | 2008-10-21 Alexey Melnikov <alexey.melnikov@isode.com> | |
214 | * lib/saslint.h, lib/client.c, lib/common.c, lib/server.c: | |
215 | Implemented sasl_client_done/sasl_server_done | |
216 | ||
217 | 2008-10-19 Alexey Melnikov <alexey.melnikov@isode.com> | |
218 | * plugins/login.c, plugins/plain.c: Advertise | |
219 | SASL_SEC_PASS_CREDENTIALS feature in PLAIN and LOGIN | |
220 | ||
221 | 2008-10-02 Ken Murchison <murch@andrew.cmu.edu> | |
222 | * lib/checkpw.c: Fixed potential buffer overflow in | |
223 | saslautd_verify_password(). | |
224 | ||
225 | 2008-09-30 Alexey Melnikov <alexey.melnikov@isode.com> | |
226 | * lib/common.c: Fixed sasl_set_mutex() to disallow changing | |
227 | mutex management functions once sasl_server_init/ | |
228 | sasl_client_init is called. Failure to do this is causing | |
229 | a crash while locking mutexes. [Bug # 3083] | |
230 | ||
231 | 2008-01-24 Ken Murchison <murch@andrew.cmu.edu> | |
232 | * plugins/ntlm.c: Fixed crash in calculating NTv2 reponse | |
233 | (patch from Tim Costen from Isode) | |
234 | ||
235 | 2008-01-23 Ken Murchison <murch@andrew.cmu.edu> | |
236 | * plugins/ntlm.c, doc/options.html: allow a comma separated | |
237 | list of servernames in 'ntlm_server' option | |
238 | (patch from Enrico Persiani <enrico@ninfea-soft.org>) | |
239 | ||
240 | 2008-01-23 Ken Murchison <murch@andrew.cmu.edu> | |
241 | * plugins/ldapdb.c, plugins/makeinit.sh, doc/options.html: | |
242 | Added code to extend ldapdb into a canon_user plugin | |
243 | in addition to its existing auxprop plugin functionality | |
244 | (patch from Howard Chu <hyc@symas.com> | |
245 | and Torsten Schlabach <tschlabach@gmx.net>) | |
246 | ||
247 | 2008-01-23 Ken Murchison <murch@andrew.cmu.edu> | |
248 | * saslauthd/auth_rimap.c: fixed bug counting double-quotes in | |
249 | username/password. Also fixed bug zeroing password. | |
250 | (patch from Robert Sanderson <rwsiv1@gmail.com>) | |
251 | ||
252 | 2008-01-23 Ken Murchison <murch@andrew.cmu.edu> | |
253 | * saslauthd/auth_krb.c: improved diagnostic in the | |
254 | k5support_verify_tgt() function. Now, detailed krb5 error | |
255 | information will be given out in the LOG_DEBUG syslog | |
256 | channel (based on patch from Enrico Scholz | |
257 | <enrico.scholz@informatik.tu-chemnitz.de>) | |
258 | ||
259 | 2007-06-13 Alexey Melnikov <alexey.melnikov@isode.com> | |
260 | * lib/dlopen.c: 64bit HP-UX uses .so for shared libraries | |
261 | (patch by Nathan Kinder <nkinder@redhat.com>). | |
262 | ||
263 | 2007-06-13 Alexey Melnikov <alexey.melnikov@isode.com> | |
264 | * plugins/digestmd5.c: Fixed a memory leak in the DIGEST-MD5 | |
265 | security layer (based on patch from Nathan Kinder | |
266 | <nkinder@redhat.com>). | |
267 | ||
268 | 2007-05-14 Alexey Melnikov <alexey.melnikov@isode.com> | |
269 | * man/*: updated to reference RFC 4422 instead of | |
270 | RFC 2222. | |
271 | ||
272 | 2007-03-02 Alexey Melnikov <alexey.melnikov@isode.com> | |
273 | * plugins/sasldb.c, plugins/sql.c: Ignore properties | |
274 | starting with '*' in the auxprop store function. | |
275 | ||
276 | 2007-02-14 Alexey Melnikov <alexey.melnikov@isode.com> | |
277 | * plugins/digestmd5.c: Fixed parsing of challenges/ | |
278 | responses with extra commas. | |
279 | ||
280 | 2007-01-29 Alexey Melnikov <alexey.melnikov@isode.com> | |
281 | * plugins/gssapi.c: Check that params->serverFQDN is | |
282 | not NULL before using strlen on it (reported by | |
283 | Steven Simon <simon.s@apple.com>) | |
284 | ||
285 | 2006-12-01 Alexey Melnikov <alexey.melnikov@isode.com> | |
286 | * lib/common.c: Typecast iov_base to (char *), | |
287 | in case it is defined as "void *" on a platform | |
288 | like HPUX (Olaf Flebbe). | |
289 | ||
290 | 2006-11-27 Alexey Melnikov <alexey.melnikov@isode.com> | |
291 | * plugins/digestmd5.c: Cleaned up comments and | |
292 | some error messages. | |
293 | ||
294 | 2006-08-24 Alexey Melnikov <alexey.melnikov@isode.com> | |
295 | * lib/dlopen.c: Fixed segfault in dlclose on HPUX, | |
296 | based on feedback from <biswatosh2001@yahoo.com>. | |
297 | ||
298 | 2006-07-16 Alexey Melnikov <alexey.melnikov@isode.com> | |
299 | * win32/common.mak: Abstracted out compiler command | |
300 | line options for exception handling. | |
301 | ||
302 | 2006-07-04 Alexey Melnikov <alexey.melnikov@isode.com> | |
303 | * saslauthd/auth_shadow.c: Include crypt.h, so that crypt() | |
304 | is defined. This fixes crash on x64 Suse where | |
305 | sizeof(int) != sizeof(char *). Based on patch from | |
306 | rhafer@suse.de. | |
307 | ||
308 | 2006-06-26 Alexey Melnikov <alexey.melnikov@isode.com> | |
309 | * plugins/digestmd5.c: Allow for multiple qop options | |
310 | from the server and require a single qop option | |
311 | from the client. | |
6 | 312 | |
7 | 313 | 2006-05-19 Ken Murchison <murch@andrew.cmu.edu> |
8 | 314 | * Makefile.am: include INSTALL.TXT in distro |
88 | 88 | LIB_PGSQL = @LIB_PGSQL@ |
89 | 89 | LIB_SOCKET = @LIB_SOCKET@ |
90 | 90 | LIB_SQLITE = @LIB_SQLITE@ |
91 | LIB_SQLITE3 = @LIB_SQLITE3@ | |
91 | 92 | LN_S = @LN_S@ |
92 | 93 | LTGETADDRINFOOBJS = @LTGETADDRINFOOBJS@ |
93 | 94 | LTGETNAMEINFOOBJS = @LTGETNAMEINFOOBJS@ |
0 | New in 2.1.24 | |
1 | ------------- | |
2 | ||
3 | * Order advertised server-side SASL mechanisms per the specified 'mech_list' | |
4 | option or by relative "strength" | |
5 | * Make sure that sasl_set_alloc() has no effect once sasl_client_init() | |
6 | or sasl_server_init() is called | |
7 | * Fixed sasl_set_mutex() to disallow changing mutex management functions | |
8 | once sasl_server_init()/sasl_client_init() is called (bug # 3083) | |
9 | * Removed unused mutexes in lib/client.c and lib/server.c (bug # 3141) | |
10 | * Added direct support for hashed password to auxprop API | |
11 | * Don't treat a constraint violation as an error to store an auxprop property | |
12 | * Extended libsasl (auxprop) to support user deletion | |
13 | * Extended SASL auxprop_lookup to return error code | |
14 | * Updated sasl_user_exists() so that it can handle passwordless accounts (e.g. disabled) | |
15 | * (Windows) Free handles of shared libraries on Windows that were loaded | |
16 | but are not SASL plugins (bug # 2089) | |
17 | * Prevent freeing of common state on a subsequent call to _sasl_common_init. | |
18 | Make sure that the last global callback always wins. | |
19 | * Implemented sasl_client_done()/sasl_server_done() | |
20 | * Added automatic hostname canonicalization inside libsasl | |
21 | * Made sasl_config_init() public | |
22 | * Strip trailing spaces from server config file option values (bug # 3139, bug # 3041) | |
23 | * Fixed potential buffer overflow in saslautd_verify_password(). | |
24 | * Fixed segfault in dlclose() on HPUX | |
25 | * Various bugfixes for 64bit platforms | |
26 | * Fixed bug # 2895 (passing LF to sasl_decode64) in sample/sample-client.c, | |
27 | sample/sample-server.c, utils/smtptest.c | |
28 | * pluginviewer: Code cleanup, improved human readable messages | |
29 | * Build: | |
30 | - (Windows) Updated makefiles to build with VC 8.0 (VC++ 2005) | |
31 | - (Windows) Added Windows64 build | |
32 | - Updated to use .plugin extension on MacOS | |
33 | - Changed 64bit HP-UX build to use .so for shared libraries | |
34 | * saslauthd: | |
35 | - Fixed bug counting double-quotes in username/password in | |
36 | auth_rimap.c. Also fixed bug zeroing password. | |
37 | - auth_krb.c: improved diagnostic in the k5support_verify_tgt() function. | |
38 | - auth_sasldb.c: pid_file_lock is created with a mask of 644 instead of 0644 | |
39 | - auth_shadow.c: Define _XOPEN_SOURCE before including unistd.h, | |
40 | so that crypt is correctly defined | |
41 | - auth_getpwent.c: Fixed Solaris build | |
42 | * SASLDB plugin: | |
43 | - Fixed spurious 'user not found' errors caused by an attempt | |
44 | to delete a non-existent property | |
45 | - Added direct support for hashed password to auxprop API | |
46 | - Sleepycat driver: Return SASL_NOUSER instead of SASL_FAIL when the database | |
47 | file doesn't exist | |
48 | - Ignore properties starting with '*' in the auxprop store function | |
49 | * SQL plugin: | |
50 | - Added support for SQLITE3 | |
51 | - Uninitialized variables can cause crash when the searched user is not found | |
52 | - Added direct support for hashed password | |
53 | - Ignore properties starting with '*' in the auxprop store function | |
54 | * LDAPDB plugin: | |
55 | - Added code to extend LDAPDB into a canon_user plugin in addition | |
56 | to its existing auxprop plugin functionality | |
57 | * PLAIN plugin: | |
58 | - Advertise SASL_SEC_PASS_CREDENTIALS feature | |
59 | * LOGIN plugin: | |
60 | - Advertise SASL_SEC_PASS_CREDENTIALS feature | |
61 | * DIGEST-MD5 plugin: | |
62 | - Fixed a memory leak in the DIGEST-MD5 security layer | |
63 | - Fixed memory leaks in client-side reauth and other places | |
64 | - More detailed error reporting. | |
65 | - Fixed parsing of challenges/responses with extra commas. | |
66 | - Allow for multiple qop options from the server and require | |
67 | a single qop option from the client. | |
68 | * GSSAPI plugin: | |
69 | - Check that params->serverFQDN is not NULL before using strlen on it | |
70 | - Make auxprop lookup calls optional | |
71 | * EXTERNAL plugin: | |
72 | - Make auxprop lookup calls optional | |
73 | * NTLM plugin: | |
74 | - allow a comma separated list of servernames in 'ntlm_server' option | |
75 | - Fixed crash in calculating NTv2 reponse | |
76 | * OTP plugin: | |
77 | - Don't use a stack variable for an OTP prompt (bug # 2822) | |
78 | - Downgrade the failure to store OTP secret to debug level | |
79 | * KERBEROS_V4 plugin: | |
80 | - Make auxprop lookup calls optional | |
81 | ||
0 | 82 | New in 2.1.23 |
1 | 83 | ------------- |
2 | 84 | * Fixed CERT VU#238019 (make sure sasl_encode64() always NUL |
0 | $Id: README,v 1.32 2002/04/06 03:44:52 rjs3 Exp $ | |
0 | $Id: README,v 1.33 2008/01/25 01:57:40 murch Exp $ | |
1 | 1 | |
2 | 2 | This is the Cyrus SASL API implentation. It can be used on the client |
3 | 3 | or server side to provide authentication and authorization services. |
4 | See RFC 2222 for more information. | |
4 | See RFC 4422 for more information. | |
5 | 5 | |
6 | 6 | The latest version is available at: |
7 | 7 | ftp://ftp.andrew.cmu.edu/pub/cyrus-mail |
842 | 842 | ]) |
843 | 843 | |
844 | 844 | dnl |
845 | dnl $Id: c-attribute.m4,v 1.3 2003/10/08 20:35:24 rjs3 Exp $ | |
845 | dnl $Id: c-attribute.m4,v 1.4 2007/08/30 16:57:55 murch Exp $ | |
846 | 846 | dnl |
847 | 847 | |
848 | 848 | dnl |
854 | 854 | AC_CACHE_VAL(ac_cv___attribute__, [ |
855 | 855 | AC_TRY_COMPILE([ |
856 | 856 | #include <stdlib.h> |
857 | ], | |
858 | [ | |
859 | 857 | static void foo(void) __attribute__ ((noreturn)); |
860 | 858 | |
861 | 859 | static void |
864 | 862 | exit(1); |
865 | 863 | } |
866 | 864 | ], |
865 | [ | |
866 | ], | |
867 | 867 | ac_cv___attribute__=yes, |
868 | 868 | ac_cv___attribute__=no)]) |
869 | 869 | if test "$ac_cv___attribute__" = "yes"; then |
875 | 875 | |
876 | 876 | dnl |
877 | 877 | dnl Additional macros for configure.in packaged up for easier theft. |
878 | dnl $Id: cyrus.m4,v 1.4 2003/10/08 20:35:24 rjs3 Exp $ | |
878 | dnl $Id: cyrus.m4,v 1.5 2009/03/31 04:09:47 brong Exp $ | |
879 | 879 | dnl tjs@andrew.cmu.edu 6-may-1998 |
880 | 880 | dnl |
881 | 881 | |
886 | 886 | dnl (so the runpath for shared libraries is set). |
887 | 887 | AC_DEFUN([CMU_ADD_LIBPATH], [ |
888 | 888 | # this is CMU ADD LIBPATH |
889 | if test "$andrew_runpath_switch" = "none" ; then | |
889 | if test "$andrew_cv_runpath_switch" = "none" ; then | |
890 | 890 | LDFLAGS="-L$1 ${LDFLAGS}" |
891 | 891 | else |
892 | LDFLAGS="-L$1 $andrew_runpath_switch$1 ${LDFLAGS}" | |
892 | LDFLAGS="-L$1 $andrew_cv_runpath_switch$1 ${LDFLAGS}" | |
893 | 893 | fi |
894 | 894 | ]) |
895 | 895 | |
897 | 897 | dnl (so the runpath for shared libraries is set). |
898 | 898 | AC_DEFUN([CMU_ADD_LIBPATH_TO], [ |
899 | 899 | # this is CMU ADD LIBPATH TO |
900 | if test "$andrew_runpath_switch" = "none" ; then | |
900 | if test "$andrew_cv_runpath_switch" = "none" ; then | |
901 | 901 | $2="-L$1 ${$2}" |
902 | 902 | else |
903 | $2="-L$1 ${$2} $andrew_runpath_switch$1" | |
903 | $2="-L$1 ${$2} $andrew_cv_runpath_switch$1" | |
904 | 904 | fi |
905 | 905 | ]) |
906 | 906 | |
907 | 907 | dnl runpath initialization |
908 | 908 | AC_DEFUN([CMU_GUESS_RUNPATH_SWITCH], [ |
909 | 909 | # CMU GUESS RUNPATH SWITCH |
910 | AC_CACHE_CHECK(for runpath switch, andrew_runpath_switch, [ | |
910 | AC_CACHE_CHECK(for runpath switch, andrew_cv_runpath_switch, [ | |
911 | 911 | # first, try -R |
912 | 912 | SAVE_LDFLAGS="${LDFLAGS}" |
913 | 913 | LDFLAGS="-R /usr/lib" |
914 | AC_TRY_LINK([],[],[andrew_runpath_switch="-R"], [ | |
914 | AC_TRY_LINK([],[],[andrew_cv_runpath_switch="-R"], [ | |
915 | 915 | LDFLAGS="-Wl,-rpath,/usr/lib" |
916 | AC_TRY_LINK([],[],[andrew_runpath_switch="-Wl,-rpath,"], | |
917 | [andrew_runpath_switch="none"]) | |
916 | AC_TRY_LINK([],[],[andrew_cv_runpath_switch="-Wl,-rpath,"], | |
917 | [andrew_cv_runpath_switch="none"]) | |
918 | 918 | ]) |
919 | 919 | LDFLAGS="${SAVE_LDFLAGS}" |
920 | 920 | ])]) |
1467 | 1467 | |
1468 | 1468 | SASL_DB_BACKEND="db_${dblib}.lo" |
1469 | 1469 | SASL_DB_BACKEND_STATIC="db_${dblib}.o allockey.o" |
1470 | SASL_DB_BACKEND_STATIC_SRCS="../sasldb/db_${dblib}.c ../sasldb/allockey.c" | |
1470 | SASL_DB_BACKEND_STATIC_SRCS="\$(top_srcdir)/sasldb/db_${dblib}.c \$(top_srcdir)/sasldb/allockey.c" | |
1471 | 1471 | SASL_DB_UTILS="saslpasswd2 sasldblistusers2" |
1472 | 1472 | SASL_DB_MANS="saslpasswd2.8 sasldblistusers2.8" |
1473 | 1473 | |
1490 | 1490 | dnl will just fail to load anyway. |
1491 | 1491 | SASL_DB_BACKEND="db_none.lo" |
1492 | 1492 | SASL_DB_BACKEND_STATIC="db_none.o" |
1493 | SASL_DB_BACKEND_STATIC_SRCS="../sasldb/db_none.c" | |
1493 | SASL_DB_BACKEND_STATIC_SRCS="\$(top_srcdir)/sasldb/db_none.c" | |
1494 | 1494 | SASL_DB_UTILS="" |
1495 | 1495 | SASL_DB_MANS="" |
1496 | 1496 | SASL_DB_LIB="" |
1499 | 1499 | |
1500 | 1500 | if test "$enable_static" = yes; then |
1501 | 1501 | if test "$dblib" != "none"; then |
1502 | SASL_STATIC_SRCS="$SASL_STATIC_SRCS ../plugins/sasldb.c $SASL_DB_BACKEND_STATIC_SRCS" | |
1502 | SASL_STATIC_SRCS="$SASL_STATIC_SRCS \$(top_srcdir)/plugins/sasldb.c $SASL_DB_BACKEND_STATIC_SRCS" | |
1503 | 1503 | SASL_STATIC_OBJS="$SASL_STATIC_OBJS sasldb.o $SASL_DB_BACKEND_STATIC" |
1504 | 1504 | AC_DEFINE(STATIC_SASLDB,[],[Link SASLdb Staticly]) |
1505 | 1505 | else |
1525 | 1525 | AC_MSG_RESULT($dbpath) |
1526 | 1526 | AC_DEFINE_UNQUOTED(SASL_DB_PATH, "$dbpath", [Path to default SASLdb database])]) |
1527 | 1527 | |
1528 | dnl $Id: berkdb.m4,v 1.20 2005/04/26 19:14:07 shadow Exp $ | |
1528 | dnl $Id: berkdb.m4,v 1.22 2007/08/15 17:18:01 murch Exp $ | |
1529 | 1529 | |
1530 | 1530 | AC_DEFUN([CMU_DB_INC_WHERE1], [ |
1531 | 1531 | saved_CPPFLAGS=$CPPFLAGS |
1740 | 1740 | fi |
1741 | 1741 | |
1742 | 1742 | saved_LIBS=$LIBS |
1743 | for dbname in db-4.4 db4.4 db44 db-4.3 db4.3 db43 db-4.2 db4.2 db42 db-4.1 db4.1 db41 db-4.0 db4.0 db-4 db40 db4 db-3.3 db3.3 db33 db-3.2 db3.2 db32 db-3.1 db3.1 db31 db-3 db30 db3 db | |
1743 | for dbname in ${with_bdb} db-4.6 db4.6 db46 db-4.5 db4.5 db45 db-4.4 db4.4 db44 db-4.3 db4.3 db43 db-4.2 db4.2 db42 db-4.1 db4.1 db41 db-4.0 db4.0 db-4 db40 db4 db-3.3 db3.3 db33 db-3.2 db3.2 db32 db-3.1 db3.1 db31 db-3 db30 db3 db | |
1744 | 1744 | do |
1745 | 1745 | LIBS="$saved_LIBS -l$dbname" |
1746 | AC_TRY_LINK([#include <db.h>], | |
1746 | AC_TRY_LINK([#include <stdio.h> | |
1747 | #include <db.h>], | |
1747 | 1748 | [db_create(NULL, NULL, 0);], |
1748 | 1749 | BDB_LIBADD="$BDB_LIBADD -l$dbname"; dblib="berkeley"; dbname=db, |
1749 | 1750 | dblib="no") |
1751 | 1752 | done |
1752 | 1753 | if test "$dblib" = "no"; then |
1753 | 1754 | LIBS="$saved_LIBS -ldb" |
1754 | AC_TRY_LINK([#include <db.h>], | |
1755 | AC_TRY_LINK([#include <stdio.h> | |
1756 | #include <db.h>], | |
1755 | 1757 | [db_open(NULL, 0, 0, 0, NULL, NULL, NULL);], |
1756 | 1758 | BDB_LIBADD="$BDB_LIBADD -ldb"; dblib="berkeley"; dbname=db, |
1757 | 1759 | dblib="no") |
2802 | 2804 | if test "$krb4" != no; then |
2803 | 2805 | AC_MSG_RESULT(enabled) |
2804 | 2806 | SASL_MECHS="$SASL_MECHS libkerberos4.la" |
2805 | SASL_STATIC_SRCS="$SASL_STATIC_SRCS ../plugins/kerberos4.c" | |
2807 | SASL_STATIC_SRCS="$SASL_STATIC_SRCS \$(top_srcdir)/plugins/kerberos4.c" | |
2806 | 2808 | SASL_STATIC_OBJS="$SASL_STATIC_OBJS kerberos4.o" |
2807 | 2809 | AC_DEFINE(STATIC_KERBEROS4,[],[User KERBEROS_V4 Staticly]) |
2808 | 2810 | AC_DEFINE(HAVE_KRB,[],[Do we have Kerberos 4 Support?]) |
2816 | 2818 | |
2817 | 2819 | # sasl2.m4--sasl2 libraries and includes |
2818 | 2820 | # Rob Siemborski |
2819 | # $Id: sasl2.m4,v 1.52 2006/05/18 19:25:00 murch Exp $ | |
2821 | # $Id: sasl2.m4,v 1.54 2009/05/20 12:24:48 murch Exp $ | |
2820 | 2822 | |
2821 | 2823 | # SASL2_CRYPT_CHK |
2822 | 2824 | # --------------- |
2878 | 2880 | fi |
2879 | 2881 | fi |
2880 | 2882 | fi |
2881 | AC_CHECK_HEADER([gssapi.h], | |
2882 | [AC_DEFINE(HAVE_GSSAPI_H,, | |
2883 | [Define if you have the gssapi.h header file])], | |
2883 | AC_CHECK_HEADER([gssapi.h],, | |
2884 | 2884 | [AC_CHECK_HEADER([gssapi/gssapi.h],, |
2885 | 2885 | [AC_WARN([Disabling GSSAPI - no include files found]); gssapi=no])]) |
2886 | 2886 | |
2889 | 2889 | fi |
2890 | 2890 | |
2891 | 2891 | if test "$gssapi" != no; then |
2892 | if test "$ac_cv_header_gssapi_h" = "yes" -o "$ac_cv_header_gssapi_gssapi_h" = "yes"; then | |
2893 | AC_DEFINE(HAVE_GSSAPI_H,,[Define if you have the gssapi.h header file]) | |
2894 | fi | |
2895 | ||
2892 | 2896 | # We need to find out which gssapi implementation we are |
2893 | 2897 | # using. Supported alternatives are: MIT Kerberos 5, |
2894 | 2898 | # Heimdal Kerberos 5 (http://www.pdc.kth.se/heimdal), |
3066 | 3070 | AC_CHECK_LIB(resolv,res_search,GSSAPIBASE_LIBS="$GSSAPIBASE_LIBS -lresolv") |
3067 | 3071 | SASL_MECHS="$SASL_MECHS libgssapiv2.la" |
3068 | 3072 | SASL_STATIC_OBJS="$SASL_STATIC_OBJS gssapi.o" |
3069 | SASL_STATIC_SRCS="$SASL_STATIC_SRCS ../plugins/gssapi.c" | |
3073 | SASL_STATIC_SRCS="$SASL_STATIC_SRCS \$(top_srcdir)/plugins/gssapi.c" | |
3070 | 3074 | |
3071 | 3075 | cmu_save_LIBS="$LIBS" |
3072 | 3076 | LIBS="$LIBS $GSSAPIBASE_LIBS" |
3309 | 3313 | SASL_MECHS="$SASL_MECHS libplain.la" |
3310 | 3314 | if test "$enable_static" = yes; then |
3311 | 3315 | SASL_STATIC_OBJS="$SASL_STATIC_OBJS plain.o" |
3312 | SASL_STATIC_SRCS="$SASL_STATIC_SRCS ../plugins/plain.c" | |
3316 | SASL_STATIC_SRCS="$SASL_STATIC_SRCS \$(top_srcdir)/plugins/plain.c" | |
3313 | 3317 | AC_DEFINE(STATIC_PLAIN,[],[Link PLAIN Staticly]) |
3314 | 3318 | fi |
3315 | 3319 | else |
0 | Copyright 1998 by Carnegie Mellon University | |
1 | 0 | |
2 | All Rights Reserved | |
1 | Copyright (c) 1994-2008 Carnegie Mellon University. All rights reserved. | |
3 | 2 | |
4 | Permission to use, copy, modify, and distribute this software and its | |
5 | documentation for any purpose and without fee is hereby granted, | |
6 | provided that the above copyright notice appear in all copies and that | |
7 | both that copyright notice and this permission notice appear in | |
8 | supporting documentation, and that the name of Carnegie Mellon University | |
9 | not be used in advertising or publicity pertaining to distribution of the | |
10 | software without specific, written prior permission. | |
3 | Redistribution and use in source and binary forms, with or without | |
4 | modification, are permitted provided that the following conditions | |
5 | are met: | |
11 | 6 | |
12 | CARNEGIE MELLON UNIVERSITY DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS | |
13 | SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, | |
14 | IN NO EVENT SHALL CARNEGIE MELLON UNIVERSITY BE LIABLE FOR ANY SPECIAL, | |
15 | INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM | |
16 | LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE | |
17 | OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR | |
18 | PERFORMANCE OF THIS SOFTWARE. | |
7 | 1. Redistributions of source code must retain the above copyright | |
8 | notice, this list of conditions and the following disclaimer. | |
19 | 9 | |
10 | 2. Redistributions in binary form must reproduce the above copyright | |
11 | notice, this list of conditions and the following disclaimer in | |
12 | the documentation and/or other materials provided with the | |
13 | distribution. | |
14 | ||
15 | 3. The name "Carnegie Mellon University" must not be used to | |
16 | endorse or promote products derived from this software without | |
17 | prior written permission. For permission or any legal | |
18 | details, please contact | |
19 | Carnegie Mellon University | |
20 | Center for Technology Transfer and Enterprise Creation | |
21 | 4615 Forbes Avenue | |
22 | Suite 302 | |
23 | Pittsburgh, PA 15213 | |
24 | (412) 268-7393, fax: (412) 268-7395 | |
25 | innovation@andrew.cmu.edu | |
26 | ||
27 | 4. Redistributions of any form whatsoever must retain the following | |
28 | acknowledgment: | |
29 | "This product includes software developed by Computing Services | |
30 | at Carnegie Mellon University (http://www.cmu.edu/computing/)." | |
31 | ||
32 | CARNEGIE MELLON UNIVERSITY DISCLAIMS ALL WARRANTIES WITH REGARD TO | |
33 | THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY | |
34 | AND FITNESS, IN NO EVENT SHALL CARNEGIE MELLON UNIVERSITY BE LIABLE | |
35 | FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES | |
36 | WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN | |
37 | AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING | |
38 | OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. |
0 | dnl $Id: berkdb.m4,v 1.20 2005/04/26 19:14:07 shadow Exp $ | |
0 | dnl $Id: berkdb.m4,v 1.22 2007/08/15 17:18:01 murch Exp $ | |
1 | 1 | |
2 | 2 | AC_DEFUN([CMU_DB_INC_WHERE1], [ |
3 | 3 | saved_CPPFLAGS=$CPPFLAGS |
212 | 212 | fi |
213 | 213 | |
214 | 214 | saved_LIBS=$LIBS |
215 | for dbname in db-4.4 db4.4 db44 db-4.3 db4.3 db43 db-4.2 db4.2 db42 db-4.1 db4.1 db41 db-4.0 db4.0 db-4 db40 db4 db-3.3 db3.3 db33 db-3.2 db3.2 db32 db-3.1 db3.1 db31 db-3 db30 db3 db | |
215 | for dbname in ${with_bdb} db-4.6 db4.6 db46 db-4.5 db4.5 db45 db-4.4 db4.4 db44 db-4.3 db4.3 db43 db-4.2 db4.2 db42 db-4.1 db4.1 db41 db-4.0 db4.0 db-4 db40 db4 db-3.3 db3.3 db33 db-3.2 db3.2 db32 db-3.1 db3.1 db31 db-3 db30 db3 db | |
216 | 216 | do |
217 | 217 | LIBS="$saved_LIBS -l$dbname" |
218 | AC_TRY_LINK([#include <db.h>], | |
218 | AC_TRY_LINK([#include <stdio.h> | |
219 | #include <db.h>], | |
219 | 220 | [db_create(NULL, NULL, 0);], |
220 | 221 | BDB_LIBADD="$BDB_LIBADD -l$dbname"; dblib="berkeley"; dbname=db, |
221 | 222 | dblib="no") |
223 | 224 | done |
224 | 225 | if test "$dblib" = "no"; then |
225 | 226 | LIBS="$saved_LIBS -ldb" |
226 | AC_TRY_LINK([#include <db.h>], | |
227 | AC_TRY_LINK([#include <stdio.h> | |
228 | #include <db.h>], | |
227 | 229 | [db_open(NULL, 0, 0, 0, NULL, NULL, NULL);], |
228 | 230 | BDB_LIBADD="$BDB_LIBADD -ldb"; dblib="berkeley"; dbname=db, |
229 | 231 | dblib="no") |
0 | 0 | dnl |
1 | dnl $Id: c-attribute.m4,v 1.3 2003/10/08 20:35:24 rjs3 Exp $ | |
1 | dnl $Id: c-attribute.m4,v 1.4 2007/08/30 16:57:55 murch Exp $ | |
2 | 2 | dnl |
3 | 3 | |
4 | 4 | dnl |
10 | 10 | AC_CACHE_VAL(ac_cv___attribute__, [ |
11 | 11 | AC_TRY_COMPILE([ |
12 | 12 | #include <stdlib.h> |
13 | ], | |
14 | [ | |
15 | 13 | static void foo(void) __attribute__ ((noreturn)); |
16 | 14 | |
17 | 15 | static void |
19 | 17 | { |
20 | 18 | exit(1); |
21 | 19 | } |
20 | ], | |
21 | [ | |
22 | 22 | ], |
23 | 23 | ac_cv___attribute__=yes, |
24 | 24 | ac_cv___attribute__=no)]) |
0 | 0 | dnl |
1 | dnl $Id: c-fpic.m4,v 1.2 2003/10/08 20:35:24 rjs3 Exp $ | |
1 | dnl $Id: c-fpic.m4,v 1.3 2007/08/30 16:57:55 murch Exp $ | |
2 | 2 | dnl |
3 | 3 | |
4 | 4 | dnl |
12 | 12 | CFLAGS="${CFLAGS} -fPIC" |
13 | 13 | AC_TRY_COMPILE([ |
14 | 14 | #include <stdlib.h> |
15 | ], | |
16 | [ | |
17 | 15 | static void |
18 | 16 | foo(void) |
19 | 17 | { |
20 | 18 | exit(1); |
21 | 19 | } |
20 | ], | |
21 | [ | |
22 | 22 | ], |
23 | 23 | ac_cv_fpic=yes, |
24 | 24 | ac_cv_fpic=no) |
0 | 0 | dnl |
1 | 1 | dnl Additional macros for configure.in packaged up for easier theft. |
2 | dnl $Id: cyrus.m4,v 1.4 2003/10/08 20:35:24 rjs3 Exp $ | |
2 | dnl $Id: cyrus.m4,v 1.5 2009/03/31 04:09:47 brong Exp $ | |
3 | 3 | dnl tjs@andrew.cmu.edu 6-may-1998 |
4 | 4 | dnl |
5 | 5 | |
10 | 10 | dnl (so the runpath for shared libraries is set). |
11 | 11 | AC_DEFUN([CMU_ADD_LIBPATH], [ |
12 | 12 | # this is CMU ADD LIBPATH |
13 | if test "$andrew_runpath_switch" = "none" ; then | |
13 | if test "$andrew_cv_runpath_switch" = "none" ; then | |
14 | 14 | LDFLAGS="-L$1 ${LDFLAGS}" |
15 | 15 | else |
16 | LDFLAGS="-L$1 $andrew_runpath_switch$1 ${LDFLAGS}" | |
16 | LDFLAGS="-L$1 $andrew_cv_runpath_switch$1 ${LDFLAGS}" | |
17 | 17 | fi |
18 | 18 | ]) |
19 | 19 | |
21 | 21 | dnl (so the runpath for shared libraries is set). |
22 | 22 | AC_DEFUN([CMU_ADD_LIBPATH_TO], [ |
23 | 23 | # this is CMU ADD LIBPATH TO |
24 | if test "$andrew_runpath_switch" = "none" ; then | |
24 | if test "$andrew_cv_runpath_switch" = "none" ; then | |
25 | 25 | $2="-L$1 ${$2}" |
26 | 26 | else |
27 | $2="-L$1 ${$2} $andrew_runpath_switch$1" | |
27 | $2="-L$1 ${$2} $andrew_cv_runpath_switch$1" | |
28 | 28 | fi |
29 | 29 | ]) |
30 | 30 | |
31 | 31 | dnl runpath initialization |
32 | 32 | AC_DEFUN([CMU_GUESS_RUNPATH_SWITCH], [ |
33 | 33 | # CMU GUESS RUNPATH SWITCH |
34 | AC_CACHE_CHECK(for runpath switch, andrew_runpath_switch, [ | |
34 | AC_CACHE_CHECK(for runpath switch, andrew_cv_runpath_switch, [ | |
35 | 35 | # first, try -R |
36 | 36 | SAVE_LDFLAGS="${LDFLAGS}" |
37 | 37 | LDFLAGS="-R /usr/lib" |
38 | AC_TRY_LINK([],[],[andrew_runpath_switch="-R"], [ | |
38 | AC_TRY_LINK([],[],[andrew_cv_runpath_switch="-R"], [ | |
39 | 39 | LDFLAGS="-Wl,-rpath,/usr/lib" |
40 | AC_TRY_LINK([],[],[andrew_runpath_switch="-Wl,-rpath,"], | |
41 | [andrew_runpath_switch="none"]) | |
40 | AC_TRY_LINK([],[],[andrew_cv_runpath_switch="-Wl,-rpath,"], | |
41 | [andrew_cv_runpath_switch="none"]) | |
42 | 42 | ]) |
43 | 43 | LDFLAGS="${SAVE_LDFLAGS}" |
44 | 44 | ])]) |
0 | 0 | # sasl2.m4--sasl2 libraries and includes |
1 | 1 | # Rob Siemborski |
2 | # $Id: sasl2.m4,v 1.52 2006/05/18 19:25:00 murch Exp $ | |
2 | # $Id: sasl2.m4,v 1.54 2009/05/20 12:24:48 murch Exp $ | |
3 | 3 | |
4 | 4 | # SASL2_CRYPT_CHK |
5 | 5 | # --------------- |
64 | 64 | fi |
65 | 65 | fi |
66 | 66 | fi |
67 | AC_CHECK_HEADER([gssapi.h], | |
68 | [AC_DEFINE(HAVE_GSSAPI_H,, | |
69 | [Define if you have the gssapi.h header file])], | |
67 | AC_CHECK_HEADER([gssapi.h],, | |
70 | 68 | [AC_CHECK_HEADER([gssapi/gssapi.h],, |
71 | 69 | [AC_WARN([Disabling GSSAPI - no include files found]); gssapi=no])]) |
72 | 70 | |
75 | 73 | fi |
76 | 74 | |
77 | 75 | if test "$gssapi" != no; then |
76 | if test "$ac_cv_header_gssapi_h" = "yes" -o "$ac_cv_header_gssapi_gssapi_h" = "yes"; then | |
77 | AC_DEFINE(HAVE_GSSAPI_H,,[Define if you have the gssapi.h header file]) | |
78 | fi | |
79 | ||
78 | 80 | # We need to find out which gssapi implementation we are |
79 | 81 | # using. Supported alternatives are: MIT Kerberos 5, |
80 | 82 | # Heimdal Kerberos 5 (http://www.pdc.kth.se/heimdal), |
252 | 254 | AC_CHECK_LIB(resolv,res_search,GSSAPIBASE_LIBS="$GSSAPIBASE_LIBS -lresolv") |
253 | 255 | SASL_MECHS="$SASL_MECHS libgssapiv2.la" |
254 | 256 | SASL_STATIC_OBJS="$SASL_STATIC_OBJS gssapi.o" |
255 | SASL_STATIC_SRCS="$SASL_STATIC_SRCS ../plugins/gssapi.c" | |
257 | SASL_STATIC_SRCS="$SASL_STATIC_SRCS \$(top_srcdir)/plugins/gssapi.c" | |
256 | 258 | |
257 | 259 | cmu_save_LIBS="$LIBS" |
258 | 260 | LIBS="$LIBS $GSSAPIBASE_LIBS" |
0 | dnl | |
1 | dnl macros for configure.in to detect zlib | |
2 | dnl $Id: zlib.m4,v 1.3 2009/05/06 13:48:04 murch Exp $ | |
3 | dnl | |
4 | ||
5 | AC_DEFUN([CMU_HAVE_ZLIB], [ | |
6 | AC_REQUIRE([CMU_FIND_LIB_SUBDIR]) | |
7 | AC_ARG_WITH(zlib,[ --with-zlib=PATH use zlib from PATH], | |
8 | with_zlib=$withval, with_zlib="yes") | |
9 | ||
10 | save_CPPFLAGS=$CPPFLAGS | |
11 | save_LDFLAGS=$LDFLAGS | |
12 | ||
13 | if test -d $with_zlib; then | |
14 | CPPFLAGS="${CPPFLAGS} -I${with_lib}/include" | |
15 | CMU_ADD_LIBPATH(${with_zlib}/$CMU_LIB_SUBDIR) | |
16 | fi | |
17 | ||
18 | ZLIB="" | |
19 | case "$with_zlib" in | |
20 | no) | |
21 | with_zlib="no";; | |
22 | *) | |
23 | AC_CHECK_HEADER(zlib.h, [ | |
24 | AC_CHECK_LIB(z, deflate, | |
25 | LIBS="${LIBS} -lz"; with_zlib="yes", | |
26 | with_zlib="no",)], | |
27 | with_zlib=no) | |
28 | ;; | |
29 | esac | |
30 | ||
31 | if test "$with_zlib" != "no"; then | |
32 | AC_DEFINE(HAVE_ZLIB,[],[Do we have zlib?]) | |
33 | ZLIB="-lz" | |
34 | else | |
35 | CPPFLAGS=$save_CPPFLAGS | |
36 | LDFLAGS=$save_LDFLAGS | |
37 | fi | |
38 | ]) |
139 | 139 | if test "$krb4" != no; then |
140 | 140 | AC_MSG_RESULT(enabled) |
141 | 141 | SASL_MECHS="$SASL_MECHS libkerberos4.la" |
142 | SASL_STATIC_SRCS="$SASL_STATIC_SRCS ../plugins/kerberos4.c" | |
142 | SASL_STATIC_SRCS="$SASL_STATIC_SRCS \$(top_srcdir)/plugins/kerberos4.c" | |
143 | 143 | SASL_STATIC_OBJS="$SASL_STATIC_OBJS kerberos4.o" |
144 | 144 | AC_DEFINE(STATIC_KERBEROS4,[],[User KERBEROS_V4 Staticly]) |
145 | 145 | AC_DEFINE(HAVE_KRB,[],[Do we have Kerberos 4 Support?]) |
22 | 22 | SASL_MECHS="$SASL_MECHS libplain.la" |
23 | 23 | if test "$enable_static" = yes; then |
24 | 24 | SASL_STATIC_OBJS="$SASL_STATIC_OBJS plain.o" |
25 | SASL_STATIC_SRCS="$SASL_STATIC_SRCS ../plugins/plain.c" | |
25 | SASL_STATIC_SRCS="$SASL_STATIC_SRCS \$(top_srcdir)/plugins/plain.c" | |
26 | 26 | AC_DEFINE(STATIC_PLAIN,[],[Link PLAIN Staticly]) |
27 | 27 | fi |
28 | 28 | else |
96 | 96 | |
97 | 97 | SASL_DB_BACKEND="db_${dblib}.lo" |
98 | 98 | SASL_DB_BACKEND_STATIC="db_${dblib}.o allockey.o" |
99 | SASL_DB_BACKEND_STATIC_SRCS="../sasldb/db_${dblib}.c ../sasldb/allockey.c" | |
99 | SASL_DB_BACKEND_STATIC_SRCS="\$(top_srcdir)/sasldb/db_${dblib}.c \$(top_srcdir)/sasldb/allockey.c" | |
100 | 100 | SASL_DB_UTILS="saslpasswd2 sasldblistusers2" |
101 | 101 | SASL_DB_MANS="saslpasswd2.8 sasldblistusers2.8" |
102 | 102 | |
119 | 119 | dnl will just fail to load anyway. |
120 | 120 | SASL_DB_BACKEND="db_none.lo" |
121 | 121 | SASL_DB_BACKEND_STATIC="db_none.o" |
122 | SASL_DB_BACKEND_STATIC_SRCS="../sasldb/db_none.c" | |
122 | SASL_DB_BACKEND_STATIC_SRCS="\$(top_srcdir)/sasldb/db_none.c" | |
123 | 123 | SASL_DB_UTILS="" |
124 | 124 | SASL_DB_MANS="" |
125 | 125 | SASL_DB_LIB="" |
128 | 128 | |
129 | 129 | if test "$enable_static" = yes; then |
130 | 130 | if test "$dblib" != "none"; then |
131 | SASL_STATIC_SRCS="$SASL_STATIC_SRCS ../plugins/sasldb.c $SASL_DB_BACKEND_STATIC_SRCS" | |
131 | SASL_STATIC_SRCS="$SASL_STATIC_SRCS \$(top_srcdir)/plugins/sasldb.c $SASL_DB_BACKEND_STATIC_SRCS" | |
132 | 132 | SASL_STATIC_OBJS="$SASL_STATIC_OBJS sasldb.o $SASL_DB_BACKEND_STATIC" |
133 | 133 | AC_DEFINE(STATIC_SASLDB,[],[Link SASLdb Staticly]) |
134 | 134 | else |
100 | 100 | /* Do we have a getnameinfo() function? */ |
101 | 101 | #undef HAVE_GETNAMEINFO |
102 | 102 | |
103 | /* Define to 1 if you have the `getpassphrase' function. */ | |
104 | #undef HAVE_GETPASSPHRASE | |
105 | ||
103 | 106 | /* Define to 1 if you have the `getpwnam' function. */ |
104 | 107 | #undef HAVE_GETPWNAM |
105 | 108 | |
211 | 214 | |
212 | 215 | /* Do we have SQLite support? */ |
213 | 216 | #undef HAVE_SQLITE |
217 | ||
218 | /* Do we have SQLite3 support? */ | |
219 | #undef HAVE_SQLITE3 | |
214 | 220 | |
215 | 221 | /* Is there an ss_family in sockaddr_storage? */ |
216 | 222 | #undef HAVE_SS_FAMILY |
308 | 308 | #endif" |
309 | 309 | |
310 | 310 | ac_subdirs_all="$ac_subdirs_all saslauthd" |
311 | ac_subst_vars='SHELL PATH_SEPARATOR PACKAGE_NAME PACKAGE_TARNAME PACKAGE_VERSION PACKAGE_STRING PACKAGE_BUGREPORT exec_prefix prefix program_transform_name bindir sbindir libexecdir datadir sysconfdir sharedstatedir localstatedir libdir includedir oldincludedir infodir mandir build_alias host_alias target_alias DEFS ECHO_C ECHO_N ECHO_T LIBS build build_cpu build_vendor build_os host host_cpu host_vendor host_os target target_cpu target_vendor target_os INSTALL_PROGRAM INSTALL_SCRIPT INSTALL_DATA CYGPATH_W PACKAGE VERSION ACLOCAL AUTOCONF AUTOMAKE AUTOHEADER MAKEINFO AMTAR install_sh STRIP ac_ct_STRIP INSTALL_STRIP_PROGRAM AWK SET_MAKE am__leading_dot CC CFLAGS LDFLAGS CPPFLAGS ac_ct_CC EXEEXT OBJEXT DEPDIR am__include am__quote AMDEP_TRUE AMDEP_FALSE AMDEPBACKSLASH CCDEPMODE am__fastdepCC_TRUE am__fastdepCC_FALSE CPP LN_S RANLIB ac_ct_RANLIB LIBTOOL PURECOV PURIFY JAVAC JAVAH JAVADOC JAVA_TRUE JAVA_FALSE JAVA_INCLUDES JAVAROOT SAMPLE_TRUE SAMPLE_FALSE LIB_SOCKET EGREP SASL_DB_UTILS SASL_DB_MANS SASL_DB_BACKEND SASL_DB_BACKEND_STATIC SASL_DB_INC SASL_DB_LIB NO_SASL_DB_MANS_TRUE NO_SASL_DB_MANS_FALSE SASL_DL_LIB NM SASLAUTHD_TRUE SASLAUTHD_FALSE PWCHECKMETH PWCHECK_TRUE PWCHECK_FALSE IPCTYPE LIB_DOOR CMU_LIB_SUBDIR LIB_DES OTP_LIBS SRP_LIBS SASL_KRB_LIB LIB_CRYPT GSSAPI_LIBS GSSAPIBASE_LIBS PLAIN_LIBS NTLM_LIBS PASSDSS_LIBS LIB_MYSQL LIB_PGSQL LIB_SQLITE LIB_LDAP SASL_MECHS SASL_STATIC_SRCS SASL_STATIC_OBJS SASL_STATIC_LIBS plugindir configdir MACOSX_TRUE MACOSX_FALSE DMALLOC_LIBS SFIO_INC_FLAGS SFIO_LIB_FLAGS SMTPTEST_PROGRAM SASL_UTIL_LIBS_EXTRA SASL_UTIL_HEADERS_EXTRA LIBOBJS GETSUBOPT SNPRINTFOBJS LTSNPRINTFOBJS GETADDRINFOOBJS LTGETADDRINFOOBJS GETNAMEINFOOBJS LTGETNAMEINFOOBJS LTLIBOBJS DIRS subdirs' | |
311 | ac_subst_vars='SHELL PATH_SEPARATOR PACKAGE_NAME PACKAGE_TARNAME PACKAGE_VERSION PACKAGE_STRING PACKAGE_BUGREPORT exec_prefix prefix program_transform_name bindir sbindir libexecdir datadir sysconfdir sharedstatedir localstatedir libdir includedir oldincludedir infodir mandir build_alias host_alias target_alias DEFS ECHO_C ECHO_N ECHO_T LIBS build build_cpu build_vendor build_os host host_cpu host_vendor host_os target target_cpu target_vendor target_os INSTALL_PROGRAM INSTALL_SCRIPT INSTALL_DATA CYGPATH_W PACKAGE VERSION ACLOCAL AUTOCONF AUTOMAKE AUTOHEADER MAKEINFO AMTAR install_sh STRIP ac_ct_STRIP INSTALL_STRIP_PROGRAM AWK SET_MAKE am__leading_dot CC CFLAGS LDFLAGS CPPFLAGS ac_ct_CC EXEEXT OBJEXT DEPDIR am__include am__quote AMDEP_TRUE AMDEP_FALSE AMDEPBACKSLASH CCDEPMODE am__fastdepCC_TRUE am__fastdepCC_FALSE CPP LN_S RANLIB ac_ct_RANLIB LIBTOOL PURECOV PURIFY JAVAC JAVAH JAVADOC JAVA_TRUE JAVA_FALSE JAVA_INCLUDES JAVAROOT SAMPLE_TRUE SAMPLE_FALSE LIB_SOCKET EGREP SASL_DB_UTILS SASL_DB_MANS SASL_DB_BACKEND SASL_DB_BACKEND_STATIC SASL_DB_INC SASL_DB_LIB NO_SASL_DB_MANS_TRUE NO_SASL_DB_MANS_FALSE SASL_DL_LIB NM SASLAUTHD_TRUE SASLAUTHD_FALSE PWCHECKMETH PWCHECK_TRUE PWCHECK_FALSE IPCTYPE LIB_DOOR CMU_LIB_SUBDIR LIB_DES OTP_LIBS SRP_LIBS SASL_KRB_LIB LIB_CRYPT GSSAPI_LIBS GSSAPIBASE_LIBS PLAIN_LIBS NTLM_LIBS PASSDSS_LIBS LIB_MYSQL LIB_PGSQL LIB_SQLITE LIB_SQLITE3 LIB_LDAP SASL_MECHS SASL_STATIC_SRCS SASL_STATIC_OBJS SASL_STATIC_LIBS plugindir configdir MACOSX_TRUE MACOSX_FALSE DMALLOC_LIBS SFIO_INC_FLAGS SFIO_LIB_FLAGS SMTPTEST_PROGRAM SASL_UTIL_LIBS_EXTRA SASL_UTIL_HEADERS_EXTRA LIBOBJS GETSUBOPT SNPRINTFOBJS LTSNPRINTFOBJS GETADDRINFOOBJS LTGETADDRINFOOBJS GETNAMEINFOOBJS LTGETNAMEINFOOBJS LTLIBOBJS DIRS subdirs' | |
312 | 312 | ac_subst_files='' |
313 | 313 | |
314 | 314 | # Initialize some variables set by options. |
908 | 908 | --with-mysql=PATH use MySQL from PATH |
909 | 909 | --with-pgsql=PATH use PostgreSQL from PATH |
910 | 910 | --with-sqlite=PATH use SQLite from PATH |
911 | --with-sqlite3=PATH use SQLite3 from PATH | |
911 | 912 | --with-plugindir=DIR set the directory where plugins will |
912 | 913 | be found [/usr/lib/sasl2] |
913 | 914 | --with-configdir=DIR set the directory where config files will |
1710 | 1711 | |
1711 | 1712 | # Define the identity of the package. |
1712 | 1713 | PACKAGE=cyrus-sasl |
1713 | VERSION=2.1.23 | |
1714 | VERSION=2.1.24 | |
1714 | 1715 | |
1715 | 1716 | |
1716 | 1717 | cat >>confdefs.h <<_ACEOF |
3303 | 3304 | /* end confdefs.h. */ |
3304 | 3305 | |
3305 | 3306 | #include <stdlib.h> |
3306 | ||
3307 | int | |
3308 | main () | |
3309 | { | |
3310 | ||
3311 | 3307 | static void foo(void) __attribute__ ((noreturn)); |
3312 | 3308 | |
3313 | 3309 | static void |
3316 | 3312 | exit(1); |
3317 | 3313 | } |
3318 | 3314 | |
3315 | int | |
3316 | main () | |
3317 | { | |
3318 | ||
3319 | ||
3319 | 3320 | ; |
3320 | 3321 | return 0; |
3321 | 3322 | } |
3357 | 3358 | # CMU GUESS RUNPATH SWITCH |
3358 | 3359 | echo "$as_me:$LINENO: checking for runpath switch" >&5 |
3359 | 3360 | echo $ECHO_N "checking for runpath switch... $ECHO_C" >&6 |
3360 | if test "${andrew_runpath_switch+set}" = set; then | |
3361 | if test "${andrew_cv_runpath_switch+set}" = set; then | |
3361 | 3362 | echo $ECHO_N "(cached) $ECHO_C" >&6 |
3362 | 3363 | else |
3363 | 3364 | |
3392 | 3393 | ac_status=$? |
3393 | 3394 | echo "$as_me:$LINENO: \$? = $ac_status" >&5 |
3394 | 3395 | (exit $ac_status); }; }; then |
3395 | andrew_runpath_switch="-R" | |
3396 | andrew_cv_runpath_switch="-R" | |
3396 | 3397 | else |
3397 | 3398 | echo "$as_me: failed program was:" >&5 |
3398 | 3399 | sed 's/^/| /' conftest.$ac_ext >&5 |
3427 | 3428 | ac_status=$? |
3428 | 3429 | echo "$as_me:$LINENO: \$? = $ac_status" >&5 |
3429 | 3430 | (exit $ac_status); }; }; then |
3430 | andrew_runpath_switch="-Wl,-rpath," | |
3431 | andrew_cv_runpath_switch="-Wl,-rpath," | |
3431 | 3432 | else |
3432 | 3433 | echo "$as_me: failed program was:" >&5 |
3433 | 3434 | sed 's/^/| /' conftest.$ac_ext >&5 |
3434 | 3435 | |
3435 | andrew_runpath_switch="none" | |
3436 | andrew_cv_runpath_switch="none" | |
3436 | 3437 | fi |
3437 | 3438 | rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext |
3438 | 3439 | |
3441 | 3442 | LDFLAGS="${SAVE_LDFLAGS}" |
3442 | 3443 | |
3443 | 3444 | fi |
3444 | echo "$as_me:$LINENO: result: $andrew_runpath_switch" >&5 | |
3445 | echo "${ECHO_T}$andrew_runpath_switch" >&6 | |
3445 | echo "$as_me:$LINENO: result: $andrew_cv_runpath_switch" >&5 | |
3446 | echo "${ECHO_T}$andrew_cv_runpath_switch" >&6 | |
3446 | 3447 | |
3447 | 3448 | |
3448 | 3449 | # Check whether --with-staticsasl or --without-staticsasl was given. |
3765 | 3766 | case "$lt_target" in |
3766 | 3767 | *-*-irix6*) |
3767 | 3768 | # Find out which ABI we are using. |
3768 | echo '#line 3769 "configure"' > conftest.$ac_ext | |
3769 | echo '#line 3770 "configure"' > conftest.$ac_ext | |
3769 | 3770 | if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5 |
3770 | 3771 | (eval $ac_compile) 2>&5 |
3771 | 3772 | ac_status=$? |
5127 | 5128 | if test -d $with_bdb_lib; then |
5128 | 5129 | |
5129 | 5130 | # this is CMU ADD LIBPATH TO |
5130 | if test "$andrew_runpath_switch" = "none" ; then | |
5131 | if test "$andrew_cv_runpath_switch" = "none" ; then | |
5131 | 5132 | LDFLAGS="-L$with_bdb_lib ${LDFLAGS}" |
5132 | 5133 | else |
5133 | LDFLAGS="-L$with_bdb_lib ${LDFLAGS} $andrew_runpath_switch$with_bdb_lib" | |
5134 | LDFLAGS="-L$with_bdb_lib ${LDFLAGS} $andrew_cv_runpath_switch$with_bdb_lib" | |
5134 | 5135 | fi |
5135 | 5136 | |
5136 | 5137 | |
5137 | 5138 | # this is CMU ADD LIBPATH TO |
5138 | if test "$andrew_runpath_switch" = "none" ; then | |
5139 | if test "$andrew_cv_runpath_switch" = "none" ; then | |
5139 | 5140 | BDB_LIBADD="-L$with_bdb_lib ${BDB_LIBADD}" |
5140 | 5141 | else |
5141 | BDB_LIBADD="-L$with_bdb_lib ${BDB_LIBADD} $andrew_runpath_switch$with_bdb_lib" | |
5142 | BDB_LIBADD="-L$with_bdb_lib ${BDB_LIBADD} $andrew_cv_runpath_switch$with_bdb_lib" | |
5142 | 5143 | fi |
5143 | 5144 | |
5144 | 5145 | else |
5146 | 5147 | fi |
5147 | 5148 | |
5148 | 5149 | saved_LIBS=$LIBS |
5149 | for dbname in db-4.4 db4.4 db44 db-4.3 db4.3 db43 db-4.2 db4.2 db42 db-4.1 db4.1 db41 db-4.0 db4.0 db-4 db40 db4 db-3.3 db3.3 db33 db-3.2 db3.2 db32 db-3.1 db3.1 db31 db-3 db30 db3 db | |
5150 | for dbname in ${with_bdb} db-4.6 db4.6 db46 db-4.5 db4.5 db45 db-4.4 db4.4 db44 db-4.3 db4.3 db43 db-4.2 db4.2 db42 db-4.1 db4.1 db41 db-4.0 db4.0 db-4 db40 db4 db-3.3 db3.3 db33 db-3.2 db3.2 db32 db-3.1 db3.1 db31 db-3 db30 db3 db | |
5150 | 5151 | do |
5151 | 5152 | LIBS="$saved_LIBS -l$dbname" |
5152 | 5153 | cat >conftest.$ac_ext <<_ACEOF |
5156 | 5157 | cat confdefs.h >>conftest.$ac_ext |
5157 | 5158 | cat >>conftest.$ac_ext <<_ACEOF |
5158 | 5159 | /* end confdefs.h. */ |
5160 | #include <stdio.h> | |
5159 | 5161 | #include <db.h> |
5160 | 5162 | int |
5161 | 5163 | main () |
5196 | 5198 | cat confdefs.h >>conftest.$ac_ext |
5197 | 5199 | cat >>conftest.$ac_ext <<_ACEOF |
5198 | 5200 | /* end confdefs.h. */ |
5201 | #include <stdio.h> | |
5199 | 5202 | #include <db.h> |
5200 | 5203 | int |
5201 | 5204 | main () |
5884 | 5887 | if test -d $with_bdb_lib; then |
5885 | 5888 | |
5886 | 5889 | # this is CMU ADD LIBPATH TO |
5887 | if test "$andrew_runpath_switch" = "none" ; then | |
5890 | if test "$andrew_cv_runpath_switch" = "none" ; then | |
5888 | 5891 | LDFLAGS="-L$with_bdb_lib ${LDFLAGS}" |
5889 | 5892 | else |
5890 | LDFLAGS="-L$with_bdb_lib ${LDFLAGS} $andrew_runpath_switch$with_bdb_lib" | |
5893 | LDFLAGS="-L$with_bdb_lib ${LDFLAGS} $andrew_cv_runpath_switch$with_bdb_lib" | |
5891 | 5894 | fi |
5892 | 5895 | |
5893 | 5896 | |
5894 | 5897 | # this is CMU ADD LIBPATH TO |
5895 | if test "$andrew_runpath_switch" = "none" ; then | |
5898 | if test "$andrew_cv_runpath_switch" = "none" ; then | |
5896 | 5899 | BDB_LIBADD="-L$with_bdb_lib ${BDB_LIBADD}" |
5897 | 5900 | else |
5898 | BDB_LIBADD="-L$with_bdb_lib ${BDB_LIBADD} $andrew_runpath_switch$with_bdb_lib" | |
5901 | BDB_LIBADD="-L$with_bdb_lib ${BDB_LIBADD} $andrew_cv_runpath_switch$with_bdb_lib" | |
5899 | 5902 | fi |
5900 | 5903 | |
5901 | 5904 | else |
5903 | 5906 | fi |
5904 | 5907 | |
5905 | 5908 | saved_LIBS=$LIBS |
5906 | for dbname in db-4.4 db4.4 db44 db-4.3 db4.3 db43 db-4.2 db4.2 db42 db-4.1 db4.1 db41 db-4.0 db4.0 db-4 db40 db4 db-3.3 db3.3 db33 db-3.2 db3.2 db32 db-3.1 db3.1 db31 db-3 db30 db3 db | |
5909 | for dbname in ${with_bdb} db-4.6 db4.6 db46 db-4.5 db4.5 db45 db-4.4 db4.4 db44 db-4.3 db4.3 db43 db-4.2 db4.2 db42 db-4.1 db4.1 db41 db-4.0 db4.0 db-4 db40 db4 db-3.3 db3.3 db33 db-3.2 db3.2 db32 db-3.1 db3.1 db31 db-3 db30 db3 db | |
5907 | 5910 | do |
5908 | 5911 | LIBS="$saved_LIBS -l$dbname" |
5909 | 5912 | cat >conftest.$ac_ext <<_ACEOF |
5913 | 5916 | cat confdefs.h >>conftest.$ac_ext |
5914 | 5917 | cat >>conftest.$ac_ext <<_ACEOF |
5915 | 5918 | /* end confdefs.h. */ |
5919 | #include <stdio.h> | |
5916 | 5920 | #include <db.h> |
5917 | 5921 | int |
5918 | 5922 | main () |
5953 | 5957 | cat confdefs.h >>conftest.$ac_ext |
5954 | 5958 | cat >>conftest.$ac_ext <<_ACEOF |
5955 | 5959 | /* end confdefs.h. */ |
5960 | #include <stdio.h> | |
5956 | 5961 | #include <db.h> |
5957 | 5962 | int |
5958 | 5963 | main () |
6500 | 6505 | |
6501 | 6506 | SASL_DB_BACKEND="db_${dblib}.lo" |
6502 | 6507 | SASL_DB_BACKEND_STATIC="db_${dblib}.o allockey.o" |
6503 | SASL_DB_BACKEND_STATIC_SRCS="../sasldb/db_${dblib}.c ../sasldb/allockey.c" | |
6508 | SASL_DB_BACKEND_STATIC_SRCS="\$(top_srcdir)/sasldb/db_${dblib}.c \$(top_srcdir)/sasldb/allockey.c" | |
6504 | 6509 | SASL_DB_UTILS="saslpasswd2 sasldblistusers2" |
6505 | 6510 | SASL_DB_MANS="saslpasswd2.8 sasldblistusers2.8" |
6506 | 6511 | |
6534 | 6539 | echo "$as_me: WARNING: Disabling SASL authentication database support" >&2;} |
6535 | 6540 | SASL_DB_BACKEND="db_none.lo" |
6536 | 6541 | SASL_DB_BACKEND_STATIC="db_none.o" |
6537 | SASL_DB_BACKEND_STATIC_SRCS="../sasldb/db_none.c" | |
6542 | SASL_DB_BACKEND_STATIC_SRCS="\$(top_srcdir)/sasldb/db_none.c" | |
6538 | 6543 | SASL_DB_UTILS="" |
6539 | 6544 | SASL_DB_MANS="" |
6540 | 6545 | SASL_DB_LIB="" |
6543 | 6548 | |
6544 | 6549 | if test "$enable_static" = yes; then |
6545 | 6550 | if test "$dblib" != "none"; then |
6546 | SASL_STATIC_SRCS="$SASL_STATIC_SRCS ../plugins/sasldb.c $SASL_DB_BACKEND_STATIC_SRCS" | |
6551 | SASL_STATIC_SRCS="$SASL_STATIC_SRCS \$(top_srcdir)/plugins/sasldb.c $SASL_DB_BACKEND_STATIC_SRCS" | |
6547 | 6552 | SASL_STATIC_OBJS="$SASL_STATIC_OBJS sasldb.o $SASL_DB_BACKEND_STATIC" |
6548 | 6553 | |
6549 | 6554 | cat >>confdefs.h <<\_ACEOF |
7444 | 7449 | SASL_MECHS="$SASL_MECHS libcrammd5.la" |
7445 | 7450 | if test "$enable_static" = yes; then |
7446 | 7451 | SASL_STATIC_OBJS="$SASL_STATIC_OBJS cram.o" |
7447 | SASL_STATIC_SRCS="$SASL_STATIC_SRCS ../plugins/cram.c" | |
7452 | SASL_STATIC_SRCS="$SASL_STATIC_SRCS \$(top_srcdir)/plugins/cram.c" | |
7448 | 7453 | |
7449 | 7454 | cat >>confdefs.h <<\_ACEOF |
7450 | 7455 | #define STATIC_CRAMMD5 |
7865 | 7870 | CPPFLAGS="${CPPFLAGS} -I${with_openssl}/include" |
7866 | 7871 | |
7867 | 7872 | # this is CMU ADD LIBPATH |
7868 | if test "$andrew_runpath_switch" = "none" ; then | |
7873 | if test "$andrew_cv_runpath_switch" = "none" ; then | |
7869 | 7874 | LDFLAGS="-L${with_openssl}/$CMU_LIB_SUBDIR ${LDFLAGS}" |
7870 | 7875 | else |
7871 | LDFLAGS="-L${with_openssl}/$CMU_LIB_SUBDIR $andrew_runpath_switch${with_openssl}/$CMU_LIB_SUBDIR ${LDFLAGS}" | |
7876 | LDFLAGS="-L${with_openssl}/$CMU_LIB_SUBDIR $andrew_cv_runpath_switch${with_openssl}/$CMU_LIB_SUBDIR ${LDFLAGS}" | |
7872 | 7877 | fi |
7873 | 7878 | |
7874 | 7879 | fi |
9139 | 9144 | echo "${ECHO_T}enabled" >&6 |
9140 | 9145 | SASL_MECHS="$SASL_MECHS libdigestmd5.la" |
9141 | 9146 | if test "$enable_static" = yes; then |
9142 | SASL_STATIC_SRCS="$SASL_STATIC_SRCS ../plugins/digestmd5.c" | |
9147 | SASL_STATIC_SRCS="$SASL_STATIC_SRCS \$(top_srcdir)/plugins/digestmd5.c" | |
9143 | 9148 | SASL_STATIC_OBJS="$SASL_STATIC_OBJS digestmd5.o" |
9144 | 9149 | |
9145 | 9150 | cat >>confdefs.h <<\_ACEOF |
9175 | 9180 | |
9176 | 9181 | SASL_MECHS="$SASL_MECHS libotp.la" |
9177 | 9182 | if test "$enable_static" = yes; then |
9178 | SASL_STATIC_SRCS="$SASL_STATIC_SRCS ../plugins/otp.c" | |
9183 | SASL_STATIC_SRCS="$SASL_STATIC_SRCS \$(top_srcdir)/plugins/otp.c" | |
9179 | 9184 | SASL_STATIC_OBJS="$SASL_STATIC_OBJS otp.o" |
9180 | 9185 | |
9181 | 9186 | cat >>confdefs.h <<\_ACEOF |
9444 | 9449 | |
9445 | 9450 | SASL_MECHS="$SASL_MECHS libsrp.la" |
9446 | 9451 | if test "$enable_static" = yes; then |
9447 | SASL_STATIC_SRCS="$SASL_STATIC_SRCS ../plugins/srp.c" | |
9452 | SASL_STATIC_SRCS="$SASL_STATIC_SRCS \$(top_srcdir)/plugins/srp.c" | |
9448 | 9453 | SASL_STATIC_OBJS="$SASL_STATIC_OBJS srp.o" |
9449 | 9454 | |
9450 | 9455 | cat >>confdefs.h <<\_ACEOF |
10071 | 10076 | echo "$as_me:$LINENO: result: enabled" >&5 |
10072 | 10077 | echo "${ECHO_T}enabled" >&6 |
10073 | 10078 | SASL_MECHS="$SASL_MECHS libkerberos4.la" |
10074 | SASL_STATIC_SRCS="$SASL_STATIC_SRCS ../plugins/kerberos4.c" | |
10079 | SASL_STATIC_SRCS="$SASL_STATIC_SRCS \$(top_srcdir)/plugins/kerberos4.c" | |
10075 | 10080 | SASL_STATIC_OBJS="$SASL_STATIC_OBJS kerberos4.o" |
10076 | 10081 | |
10077 | 10082 | cat >>confdefs.h <<\_ACEOF |
10424 | 10429 | |
10425 | 10430 | fi |
10426 | 10431 | if test $ac_cv_header_gssapi_h = yes; then |
10427 | ||
10428 | cat >>confdefs.h <<\_ACEOF | |
10429 | #define HAVE_GSSAPI_H | |
10430 | _ACEOF | |
10431 | ||
10432 | : | |
10432 | 10433 | else |
10433 | 10434 | if test "${ac_cv_header_gssapi_gssapi_h+set}" = set; then |
10434 | 10435 | echo "$as_me:$LINENO: checking for gssapi/gssapi.h" >&5 |
10576 | 10577 | fi |
10577 | 10578 | |
10578 | 10579 | if test "$gssapi" != no; then |
10580 | if test "$ac_cv_header_gssapi_h" = "yes" -o "$ac_cv_header_gssapi_gssapi_h" = "yes"; then | |
10581 | ||
10582 | cat >>confdefs.h <<\_ACEOF | |
10583 | #define HAVE_GSSAPI_H | |
10584 | _ACEOF | |
10585 | ||
10586 | fi | |
10587 | ||
10579 | 10588 | # We need to find out which gssapi implementation we are |
10580 | 10589 | # using. Supported alternatives are: MIT Kerberos 5, |
10581 | 10590 | # Heimdal Kerberos 5 (http://www.pdc.kth.se/heimdal), |
11326 | 11335 | |
11327 | 11336 | SASL_MECHS="$SASL_MECHS libgssapiv2.la" |
11328 | 11337 | SASL_STATIC_OBJS="$SASL_STATIC_OBJS gssapi.o" |
11329 | SASL_STATIC_SRCS="$SASL_STATIC_SRCS ../plugins/gssapi.c" | |
11338 | SASL_STATIC_SRCS="$SASL_STATIC_SRCS \$(top_srcdir)/plugins/gssapi.c" | |
11330 | 11339 | |
11331 | 11340 | cmu_save_LIBS="$LIBS" |
11332 | 11341 | LIBS="$LIBS $GSSAPIBASE_LIBS" |
11480 | 11489 | SASL_MECHS="$SASL_MECHS libplain.la" |
11481 | 11490 | if test "$enable_static" = yes; then |
11482 | 11491 | SASL_STATIC_OBJS="$SASL_STATIC_OBJS plain.o" |
11483 | SASL_STATIC_SRCS="$SASL_STATIC_SRCS ../plugins/plain.c" | |
11492 | SASL_STATIC_SRCS="$SASL_STATIC_SRCS \$(top_srcdir)/plugins/plain.c" | |
11484 | 11493 | |
11485 | 11494 | cat >>confdefs.h <<\_ACEOF |
11486 | 11495 | #define STATIC_PLAIN |
11509 | 11518 | SASL_MECHS="$SASL_MECHS libanonymous.la" |
11510 | 11519 | if test "$enable_static" = yes; then |
11511 | 11520 | SASL_STATIC_OBJS="$SASL_STATIC_OBJS anonymous.o" |
11512 | SASL_STATIC_SRCS="$SASL_STATIC_SRCS ../plugins/anonymous.c" | |
11521 | SASL_STATIC_SRCS="$SASL_STATIC_SRCS \$(top_srcdir)/plugins/anonymous.c" | |
11513 | 11522 | |
11514 | 11523 | cat >>confdefs.h <<\_ACEOF |
11515 | 11524 | #define STATIC_ANONYMOUS |
11536 | 11545 | echo "${ECHO_T}enabled" >&6 |
11537 | 11546 | SASL_MECHS="$SASL_MECHS liblogin.la" |
11538 | 11547 | if test "$enable_static" = yes; then |
11539 | SASL_STATIC_SRCS="$SASL_STATIC_SRCS ../plugins/login.c" | |
11548 | SASL_STATIC_SRCS="$SASL_STATIC_SRCS \$(top_srcdir)/plugins/login.c" | |
11540 | 11549 | SASL_STATIC_OBJS="$SASL_STATIC_OBJS login.o" |
11541 | 11550 | |
11542 | 11551 | cat >>confdefs.h <<\_ACEOF |
11573 | 11582 | |
11574 | 11583 | SASL_MECHS="$SASL_MECHS libntlm.la" |
11575 | 11584 | if test "$enable_static" = yes; then |
11576 | SASL_STATIC_SRCS="$SASL_STATIC_SRCS ../plugins/ntlm.c" | |
11585 | SASL_STATIC_SRCS="$SASL_STATIC_SRCS \$(top_srcdir)/plugins/ntlm.c" | |
11577 | 11586 | SASL_STATIC_OBJS="$SASL_STATIC_OBJS ntlm.o" |
11578 | 11587 | |
11579 | 11588 | cat >>confdefs.h <<\_ACEOF |
11611 | 11620 | SASL_MECHS="$SASL_MECHS libpassdss.la" |
11612 | 11621 | if test "$enable_static" = yes; then |
11613 | 11622 | SASL_STATIC_OBJS="$SASL_STATIC_OBJS passdss.o" |
11614 | SASL_STATIC_SRCS="$SASL_STATIC_SRCS ../plugins/passdss.c" | |
11623 | SASL_STATIC_SRCS="$SASL_STATIC_SRCS \$(top_srcdir)/plugins/passdss.c" | |
11615 | 11624 | |
11616 | 11625 | cat >>confdefs.h <<\_ACEOF |
11617 | 11626 | #define STATIC_PASSDSS |
11652 | 11661 | echo "${ECHO_T}enabled" >&6 |
11653 | 11662 | SASL_MECHS="$SASL_MECHS libsql.la" |
11654 | 11663 | if test "$enable_static" = yes; then |
11655 | SASL_STATIC_SRCS="$SASL_STATIC_SRCS ../plugins/sql.c" | |
11664 | SASL_STATIC_SRCS="$SASL_STATIC_SRCS \$(top_srcdir)/plugins/sql.c" | |
11656 | 11665 | SASL_STATIC_OBJS="$SASL_STATIC_OBJS sql.o" |
11657 | 11666 | |
11658 | 11667 | cat >>confdefs.h <<\_ACEOF |
11703 | 11712 | if test -d ${with_mysql}/lib/mysql; then |
11704 | 11713 | |
11705 | 11714 | # this is CMU ADD LIBPATH TO |
11706 | if test "$andrew_runpath_switch" = "none" ; then | |
11715 | if test "$andrew_cv_runpath_switch" = "none" ; then | |
11707 | 11716 | LIB_MYSQL="-L${with_mysql}/lib/mysql ${LIB_MYSQL}" |
11708 | 11717 | else |
11709 | LIB_MYSQL="-L${with_mysql}/lib/mysql ${LIB_MYSQL} $andrew_runpath_switch${with_mysql}/lib/mysql" | |
11718 | LIB_MYSQL="-L${with_mysql}/lib/mysql ${LIB_MYSQL} $andrew_cv_runpath_switch${with_mysql}/lib/mysql" | |
11710 | 11719 | fi |
11711 | 11720 | |
11712 | 11721 | elif test -d ${with_mysql}/mysql/lib; then |
11713 | 11722 | |
11714 | 11723 | # this is CMU ADD LIBPATH TO |
11715 | if test "$andrew_runpath_switch" = "none" ; then | |
11724 | if test "$andrew_cv_runpath_switch" = "none" ; then | |
11716 | 11725 | LIB_MYSQL="-L${with_mysql}/mysql/lib ${LIB_MYSQL}" |
11717 | 11726 | else |
11718 | LIB_MYSQL="-L${with_mysql}/mysql/lib ${LIB_MYSQL} $andrew_runpath_switch${with_mysql}/mysql/lib" | |
11727 | LIB_MYSQL="-L${with_mysql}/mysql/lib ${LIB_MYSQL} $andrew_cv_runpath_switch${with_mysql}/mysql/lib" | |
11719 | 11728 | fi |
11720 | 11729 | |
11721 | 11730 | elif test -d ${with_mysql}/lib; then |
11722 | 11731 | |
11723 | 11732 | # this is CMU ADD LIBPATH TO |
11724 | if test "$andrew_runpath_switch" = "none" ; then | |
11733 | if test "$andrew_cv_runpath_switch" = "none" ; then | |
11725 | 11734 | LIB_MYSQL="-L${with_mysql}/lib ${LIB_MYSQL}" |
11726 | 11735 | else |
11727 | LIB_MYSQL="-L${with_mysql}/lib ${LIB_MYSQL} $andrew_runpath_switch${with_mysql}/lib" | |
11736 | LIB_MYSQL="-L${with_mysql}/lib ${LIB_MYSQL} $andrew_cv_runpath_switch${with_mysql}/lib" | |
11728 | 11737 | fi |
11729 | 11738 | |
11730 | 11739 | else |
11731 | 11740 | |
11732 | 11741 | # this is CMU ADD LIBPATH TO |
11733 | if test "$andrew_runpath_switch" = "none" ; then | |
11742 | if test "$andrew_cv_runpath_switch" = "none" ; then | |
11734 | 11743 | LIB_MYSQL="-L${with_mysql} ${LIB_MYSQL}" |
11735 | 11744 | else |
11736 | LIB_MYSQL="-L${with_mysql} ${LIB_MYSQL} $andrew_runpath_switch${with_mysql}" | |
11745 | LIB_MYSQL="-L${with_mysql} ${LIB_MYSQL} $andrew_cv_runpath_switch${with_mysql}" | |
11737 | 11746 | fi |
11738 | 11747 | |
11739 | 11748 | fi |
11862 | 11871 | if test -d ${with_pgsql}/lib/pgsql; then |
11863 | 11872 | |
11864 | 11873 | # this is CMU ADD LIBPATH TO |
11865 | if test "$andrew_runpath_switch" = "none" ; then | |
11874 | if test "$andrew_cv_runpath_switch" = "none" ; then | |
11866 | 11875 | LIB_PGSQL="-L${with_pgsql}/lib/pgsql ${LIB_PGSQL}" |
11867 | 11876 | else |
11868 | LIB_PGSQL="-L${with_pgsql}/lib/pgsql ${LIB_PGSQL} $andrew_runpath_switch${with_pgsql}/lib/pgsql" | |
11877 | LIB_PGSQL="-L${with_pgsql}/lib/pgsql ${LIB_PGSQL} $andrew_cv_runpath_switch${with_pgsql}/lib/pgsql" | |
11869 | 11878 | fi |
11870 | 11879 | |
11871 | 11880 | elif test -d ${with_pgsql}/pgsql/lib; then |
11872 | 11881 | |
11873 | 11882 | # this is CMU ADD LIBPATH TO |
11874 | if test "$andrew_runpath_switch" = "none" ; then | |
11883 | if test "$andrew_cv_runpath_switch" = "none" ; then | |
11875 | 11884 | LIB_PGSQL="-L${with_pgsql}/pgsql/lib ${LIB_PGSQL}" |
11876 | 11885 | else |
11877 | LIB_PGSQL="-L${with_pgsql}/pgsql/lib ${LIB_PGSQL} $andrew_runpath_switch${with_pgsql}/pgsql/lib" | |
11886 | LIB_PGSQL="-L${with_pgsql}/pgsql/lib ${LIB_PGSQL} $andrew_cv_runpath_switch${with_pgsql}/pgsql/lib" | |
11878 | 11887 | fi |
11879 | 11888 | |
11880 | 11889 | elif test -d ${with_pgsql}/lib; then |
11881 | 11890 | |
11882 | 11891 | # this is CMU ADD LIBPATH TO |
11883 | if test "$andrew_runpath_switch" = "none" ; then | |
11892 | if test "$andrew_cv_runpath_switch" = "none" ; then | |
11884 | 11893 | LIB_PGSQL="-L${with_pgsql}/lib ${LIB_PGSQL}" |
11885 | 11894 | else |
11886 | LIB_PGSQL="-L${with_pgsql}/lib ${LIB_PGSQL} $andrew_runpath_switch${with_pgsql}/lib" | |
11895 | LIB_PGSQL="-L${with_pgsql}/lib ${LIB_PGSQL} $andrew_cv_runpath_switch${with_pgsql}/lib" | |
11887 | 11896 | fi |
11888 | 11897 | |
11889 | 11898 | else |
11890 | 11899 | |
11891 | 11900 | # this is CMU ADD LIBPATH TO |
11892 | if test "$andrew_runpath_switch" = "none" ; then | |
11901 | if test "$andrew_cv_runpath_switch" = "none" ; then | |
11893 | 11902 | LIB_PGSQL="-L${with_pgsql} ${LIB_PGSQL}" |
11894 | 11903 | else |
11895 | LIB_PGSQL="-L${with_pgsql} ${LIB_PGSQL} $andrew_runpath_switch${with_pgsql}" | |
11904 | LIB_PGSQL="-L${with_pgsql} ${LIB_PGSQL} $andrew_cv_runpath_switch${with_pgsql}" | |
11896 | 11905 | fi |
11897 | 11906 | |
11898 | 11907 | fi |
12103 | 12112 | esac |
12104 | 12113 | |
12105 | 12114 | |
12106 | if test "$sql" = yes -a "$with_pgsql" = no -a "$with_mysql" = no -a "$with_sqlite" = no; then | |
12107 | { { echo "$as_me:$LINENO: error: --enable-sql chosen but neither Postgres nor MySQL nor SQLite found" >&5 | |
12108 | echo "$as_me: error: --enable-sql chosen but neither Postgres nor MySQL nor SQLite found" >&2;} | |
12115 | ||
12116 | # Check whether --with-sqlite3 or --without-sqlite3 was given. | |
12117 | if test "${with_sqlite3+set}" = set; then | |
12118 | withval="$with_sqlite3" | |
12119 | with_sqlite3=$withval | |
12120 | else | |
12121 | with_sqlite3=$sql | |
12122 | fi; | |
12123 | ||
12124 | # find location of library | |
12125 | # we assume that if one given then it is correct | |
12126 | if test "${with_sqlite3}" = "yes"; then | |
12127 | with_sqlite3=notfound | |
12128 | for sqlite3loc in lib | |
12129 | do | |
12130 | if test -f ${prefix}/${sqlite3loc}/libsqlite3.a; then | |
12131 | with_sqlite3="${prefix}" | |
12132 | break | |
12133 | elif test -f /usr/local/${sqlite3loc}/libsqlite3.a; then | |
12134 | with_sqlite3="/usr/local" | |
12135 | break | |
12136 | elif test -f /usr/${sqlite3loc}/libsqlite3.a; then | |
12137 | with_sqlite3="/usr" | |
12138 | break | |
12139 | fi | |
12140 | done | |
12141 | fi | |
12142 | ||
12143 | LIB_SQLITE3="" | |
12144 | ||
12145 | case "$with_sqlite3" in | |
12146 | no) true;; | |
12147 | notfound) { echo "$as_me:$LINENO: WARNING: SQLite3 Library not found" >&5 | |
12148 | echo "$as_me: WARNING: SQLite3 Library not found" >&2;}; true;; | |
12149 | *) | |
12150 | if test -d ${with_sqlite3}/lib; then | |
12151 | LIB_SQLITE3="-L${with_sqlite3}/lib -R${with_sqlite3}/lib" | |
12152 | else | |
12153 | LIB_SQLITE3="-L${with_sqlite3} -R${with_sqlite3}" | |
12154 | fi | |
12155 | ||
12156 | LIB_SQLITE3_DIR=$LIB_SQLITE3 | |
12157 | LIB_SQLITE3="$LIB_SQLITE3 -lsqlite3" | |
12158 | ||
12159 | if test -d ${with_sqlite3}/include; then | |
12160 | CPPFLAGS="${CPPFLAGS} -I${with_sqlite3}/include" | |
12161 | else | |
12162 | CPPFLAGS="${CPPFLAGS} -I${with_sqlite3}" | |
12163 | fi | |
12164 | echo "$as_me:$LINENO: checking for sqlite3_open in -lsqlite3" >&5 | |
12165 | echo $ECHO_N "checking for sqlite3_open in -lsqlite3... $ECHO_C" >&6 | |
12166 | if test "${ac_cv_lib_sqlite3_sqlite3_open+set}" = set; then | |
12167 | echo $ECHO_N "(cached) $ECHO_C" >&6 | |
12168 | else | |
12169 | ac_check_lib_save_LIBS=$LIBS | |
12170 | LIBS="-lsqlite3 $LIB_SQLITE3_DIR $LIBS" | |
12171 | cat >conftest.$ac_ext <<_ACEOF | |
12172 | #line $LINENO "configure" | |
12173 | /* confdefs.h. */ | |
12174 | _ACEOF | |
12175 | cat confdefs.h >>conftest.$ac_ext | |
12176 | cat >>conftest.$ac_ext <<_ACEOF | |
12177 | /* end confdefs.h. */ | |
12178 | ||
12179 | /* Override any gcc2 internal prototype to avoid an error. */ | |
12180 | #ifdef __cplusplus | |
12181 | extern "C" | |
12182 | #endif | |
12183 | /* We use char because int might match the return type of a gcc2 | |
12184 | builtin and then its argument prototype would still apply. */ | |
12185 | char sqlite3_open (); | |
12186 | int | |
12187 | main () | |
12188 | { | |
12189 | sqlite3_open (); | |
12190 | ; | |
12191 | return 0; | |
12192 | } | |
12193 | _ACEOF | |
12194 | rm -f conftest.$ac_objext conftest$ac_exeext | |
12195 | if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5 | |
12196 | (eval $ac_link) 2>&5 | |
12197 | ac_status=$? | |
12198 | echo "$as_me:$LINENO: \$? = $ac_status" >&5 | |
12199 | (exit $ac_status); } && | |
12200 | { ac_try='test -s conftest$ac_exeext' | |
12201 | { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 | |
12202 | (eval $ac_try) 2>&5 | |
12203 | ac_status=$? | |
12204 | echo "$as_me:$LINENO: \$? = $ac_status" >&5 | |
12205 | (exit $ac_status); }; }; then | |
12206 | ac_cv_lib_sqlite3_sqlite3_open=yes | |
12207 | else | |
12208 | echo "$as_me: failed program was:" >&5 | |
12209 | sed 's/^/| /' conftest.$ac_ext >&5 | |
12210 | ||
12211 | ac_cv_lib_sqlite3_sqlite3_open=no | |
12212 | fi | |
12213 | rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext | |
12214 | LIBS=$ac_check_lib_save_LIBS | |
12215 | fi | |
12216 | echo "$as_me:$LINENO: result: $ac_cv_lib_sqlite3_sqlite3_open" >&5 | |
12217 | echo "${ECHO_T}$ac_cv_lib_sqlite3_sqlite3_open" >&6 | |
12218 | if test $ac_cv_lib_sqlite3_sqlite3_open = yes; then | |
12219 | ||
12220 | cat >>confdefs.h <<\_ACEOF | |
12221 | #define HAVE_SQLITE3 | |
12222 | _ACEOF | |
12223 | ||
12224 | else | |
12225 | { echo "$as_me:$LINENO: WARNING: SQLite3 Library sqlite3 does not work" >&5 | |
12226 | echo "$as_me: WARNING: SQLite3 Library sqlite3 does not work" >&2;} | |
12227 | with_sqlite3=no | |
12228 | fi | |
12229 | ;; | |
12230 | ||
12231 | esac | |
12232 | ||
12233 | ||
12234 | if test "$sql" = yes -a "$with_pgsql" = no -a "$with_mysql" = no -a "$with_sqlite" = no -a "$with_sqlite3" = no; then | |
12235 | { { echo "$as_me:$LINENO: error: --enable-sql chosen but neither Postgres nor MySQL nor SQLite nor SQLite3 found" >&5 | |
12236 | echo "$as_me: error: --enable-sql chosen but neither Postgres nor MySQL nor SQLite nor SQLite3 found" >&2;} | |
12109 | 12237 | { (exit 1); exit 1; }; } |
12110 | 12238 | fi |
12111 | 12239 | |
12143 | 12271 | CPPFLAGS="${CPPFLAGS} -I${with_ldap}/include" |
12144 | 12272 | |
12145 | 12273 | # this is CMU ADD LIBPATH |
12146 | if test "$andrew_runpath_switch" = "none" ; then | |
12274 | if test "$andrew_cv_runpath_switch" = "none" ; then | |
12147 | 12275 | LDFLAGS="-L${with_ldap}/lib ${LDFLAGS}" |
12148 | 12276 | else |
12149 | LDFLAGS="-L${with_ldap}/lib $andrew_runpath_switch${with_ldap}/lib ${LDFLAGS}" | |
12277 | LDFLAGS="-L${with_ldap}/lib $andrew_cv_runpath_switch${with_ldap}/lib ${LDFLAGS}" | |
12150 | 12278 | fi |
12151 | 12279 | |
12152 | 12280 | fi |
12448 | 12576 | |
12449 | 12577 | SASL_MECHS="$SASL_MECHS libldapdb.la" |
12450 | 12578 | if test "$enable_static" = yes; then |
12451 | SASL_STATIC_SRCS="$SASL_STATIC_SRCS ../plugins/ldapdb.c" | |
12579 | SASL_STATIC_SRCS="$SASL_STATIC_SRCS \$(top_srcdir)/plugins/ldapdb.c" | |
12452 | 12580 | SASL_STATIC_OBJS="$SASL_STATIC_OBJS ldapdb.o" |
12453 | 12581 | |
12454 | 12582 | cat >>confdefs.h <<\_ACEOF |
15287 | 15415 | |
15288 | 15416 | |
15289 | 15417 | |
15290 | for ac_func in gethostname getdomainname getpwnam getspnam gettimeofday inet_aton memcpy mkdir select socket strchr strdup strerror strspn strstr strtol jrand48 | |
15418 | ||
15419 | for ac_func in gethostname getdomainname getpwnam getspnam gettimeofday inet_aton memcpy mkdir select socket strchr strdup strerror strspn strstr strtol jrand48 getpassphrase | |
15291 | 15420 | do |
15292 | 15421 | as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh` |
15293 | 15422 | echo "$as_me:$LINENO: checking for $ac_func" >&5 |
16215 | 16344 | s,@LIB_MYSQL@,$LIB_MYSQL,;t t |
16216 | 16345 | s,@LIB_PGSQL@,$LIB_PGSQL,;t t |
16217 | 16346 | s,@LIB_SQLITE@,$LIB_SQLITE,;t t |
16347 | s,@LIB_SQLITE3@,$LIB_SQLITE3,;t t | |
16218 | 16348 | s,@LIB_LDAP@,$LIB_LDAP,;t t |
16219 | 16349 | s,@SASL_MECHS@,$SASL_MECHS,;t t |
16220 | 16350 | s,@SASL_STATIC_SRCS@,$SASL_STATIC_SRCS,;t t |
0 | 0 | dnl configure.in for the SASL library |
1 | 1 | dnl Rob Siemborski |
2 | 2 | dnl Rob Earhart |
3 | dnl $Id: configure.in,v 1.213.2.1 2009/04/27 17:58:25 murch Exp $ | |
3 | dnl $Id: configure.in,v 1.218 2009/05/20 12:24:48 murch Exp $ | |
4 | 4 | dnl |
5 | 5 | dnl Copyright (c) 2001 Carnegie Mellon University. All rights reserved. |
6 | 6 | dnl |
58 | 58 | dnl REMINDER: When changing the version number here, please also update |
59 | 59 | dnl the values in win32/include/config.h and include/sasl.h as well. |
60 | 60 | dnl |
61 | AM_INIT_AUTOMAKE(cyrus-sasl, 2.1.23) | |
61 | AM_INIT_AUTOMAKE(cyrus-sasl, 2.1.24) | |
62 | 62 | CMU_INIT_AUTOMAKE |
63 | 63 | |
64 | 64 | # and include our config dir scripts |
383 | 383 | SASL_MECHS="$SASL_MECHS libcrammd5.la" |
384 | 384 | if test "$enable_static" = yes; then |
385 | 385 | SASL_STATIC_OBJS="$SASL_STATIC_OBJS cram.o" |
386 | SASL_STATIC_SRCS="$SASL_STATIC_SRCS ../plugins/cram.c" | |
386 | SASL_STATIC_SRCS="$SASL_STATIC_SRCS \$(top_srcdir)/plugins/cram.c" | |
387 | 387 | AC_DEFINE(STATIC_CRAMMD5, [], [Link CRAM-MD5 Staticly]) |
388 | 388 | fi |
389 | 389 | else |
417 | 417 | AC_MSG_RESULT(enabled) |
418 | 418 | SASL_MECHS="$SASL_MECHS libdigestmd5.la" |
419 | 419 | if test "$enable_static" = yes; then |
420 | SASL_STATIC_SRCS="$SASL_STATIC_SRCS ../plugins/digestmd5.c" | |
420 | SASL_STATIC_SRCS="$SASL_STATIC_SRCS \$(top_srcdir)/plugins/digestmd5.c" | |
421 | 421 | SASL_STATIC_OBJS="$SASL_STATIC_OBJS digestmd5.o" |
422 | 422 | AC_DEFINE(STATIC_DIGESTMD5, [], [Link DIGEST-MD5 Staticly]) |
423 | 423 | fi |
442 | 442 | |
443 | 443 | SASL_MECHS="$SASL_MECHS libotp.la" |
444 | 444 | if test "$enable_static" = yes; then |
445 | SASL_STATIC_SRCS="$SASL_STATIC_SRCS ../plugins/otp.c" | |
445 | SASL_STATIC_SRCS="$SASL_STATIC_SRCS \$(top_srcdir)/plugins/otp.c" | |
446 | 446 | SASL_STATIC_OBJS="$SASL_STATIC_OBJS otp.o" |
447 | 447 | AC_DEFINE(STATIC_OTP, [], [Link OTP Staticly]) |
448 | 448 | fi |
499 | 499 | |
500 | 500 | SASL_MECHS="$SASL_MECHS libsrp.la" |
501 | 501 | if test "$enable_static" = yes; then |
502 | SASL_STATIC_SRCS="$SASL_STATIC_SRCS ../plugins/srp.c" | |
502 | SASL_STATIC_SRCS="$SASL_STATIC_SRCS \$(top_srcdir)/plugins/srp.c" | |
503 | 503 | SASL_STATIC_OBJS="$SASL_STATIC_OBJS srp.o" |
504 | 504 | AC_DEFINE(STATIC_SRP, [], [Link SRP Staticly]) |
505 | 505 | fi |
556 | 556 | SASL_MECHS="$SASL_MECHS libanonymous.la" |
557 | 557 | if test "$enable_static" = yes; then |
558 | 558 | SASL_STATIC_OBJS="$SASL_STATIC_OBJS anonymous.o" |
559 | SASL_STATIC_SRCS="$SASL_STATIC_SRCS ../plugins/anonymous.c" | |
559 | SASL_STATIC_SRCS="$SASL_STATIC_SRCS \$(top_srcdir)/plugins/anonymous.c" | |
560 | 560 | AC_DEFINE(STATIC_ANONYMOUS, [], [Link ANONYMOUS Staticly]) |
561 | 561 | fi |
562 | 562 | else |
573 | 573 | AC_MSG_RESULT(enabled) |
574 | 574 | SASL_MECHS="$SASL_MECHS liblogin.la" |
575 | 575 | if test "$enable_static" = yes; then |
576 | SASL_STATIC_SRCS="$SASL_STATIC_SRCS ../plugins/login.c" | |
576 | SASL_STATIC_SRCS="$SASL_STATIC_SRCS \$(top_srcdir)/plugins/login.c" | |
577 | 577 | SASL_STATIC_OBJS="$SASL_STATIC_OBJS login.o" |
578 | 578 | AC_DEFINE(STATIC_LOGIN,[],[Link LOGIN Staticly]) |
579 | 579 | fi |
599 | 599 | |
600 | 600 | SASL_MECHS="$SASL_MECHS libntlm.la" |
601 | 601 | if test "$enable_static" = yes; then |
602 | SASL_STATIC_SRCS="$SASL_STATIC_SRCS ../plugins/ntlm.c" | |
602 | SASL_STATIC_SRCS="$SASL_STATIC_SRCS \$(top_srcdir)/plugins/ntlm.c" | |
603 | 603 | SASL_STATIC_OBJS="$SASL_STATIC_OBJS ntlm.o" |
604 | 604 | AC_DEFINE(STATIC_NTLM,[],[Link NTLM Staticly]) |
605 | 605 | fi |
626 | 626 | SASL_MECHS="$SASL_MECHS libpassdss.la" |
627 | 627 | if test "$enable_static" = yes; then |
628 | 628 | SASL_STATIC_OBJS="$SASL_STATIC_OBJS passdss.o" |
629 | SASL_STATIC_SRCS="$SASL_STATIC_SRCS ../plugins/passdss.c" | |
629 | SASL_STATIC_SRCS="$SASL_STATIC_SRCS \$(top_srcdir)/plugins/passdss.c" | |
630 | 630 | AC_DEFINE(STATIC_PASSDSS,[],[Link PASSDSS Staticly]) |
631 | 631 | fi |
632 | 632 | else |
656 | 656 | AC_MSG_RESULT(enabled) |
657 | 657 | SASL_MECHS="$SASL_MECHS libsql.la" |
658 | 658 | if test "$enable_static" = yes; then |
659 | SASL_STATIC_SRCS="$SASL_STATIC_SRCS ../plugins/sql.c" | |
659 | SASL_STATIC_SRCS="$SASL_STATIC_SRCS \$(top_srcdir)/plugins/sql.c" | |
660 | 660 | SASL_STATIC_OBJS="$SASL_STATIC_OBJS sql.o" |
661 | 661 | AC_DEFINE(STATIC_SQL,[],[Link SQL plugin staticly]) |
662 | 662 | fi |
845 | 845 | esac |
846 | 846 | AC_SUBST(LIB_SQLITE) |
847 | 847 | |
848 | if test "$sql" = yes -a "$with_pgsql" = no -a "$with_mysql" = no -a "$with_sqlite" = no; then | |
849 | AC_ERROR([--enable-sql chosen but neither Postgres nor MySQL nor SQLite found]) | |
848 | dnl SQLite3 | |
849 | AC_ARG_WITH(sqlite3, [ --with-sqlite3=PATH use SQLite3 from PATH ], | |
850 | with_sqlite3=$withval, | |
851 | with_sqlite3=$sql) | |
852 | ||
853 | # find location of library | |
854 | # we assume that if one given then it is correct | |
855 | if test "${with_sqlite3}" = "yes"; then | |
856 | with_sqlite3=notfound | |
857 | for sqlite3loc in lib | |
858 | do | |
859 | if test -f ${prefix}/${sqlite3loc}/libsqlite3.a; then | |
860 | with_sqlite3="${prefix}" | |
861 | break | |
862 | elif test -f /usr/local/${sqlite3loc}/libsqlite3.a; then | |
863 | with_sqlite3="/usr/local" | |
864 | break | |
865 | elif test -f /usr/${sqlite3loc}/libsqlite3.a; then | |
866 | with_sqlite3="/usr" | |
867 | break | |
868 | fi | |
869 | done | |
870 | fi | |
871 | ||
872 | LIB_SQLITE3="" | |
873 | ||
874 | case "$with_sqlite3" in | |
875 | no) true;; | |
876 | notfound) AC_WARN([SQLite3 Library not found]); true;; | |
877 | *) | |
878 | if test -d ${with_sqlite3}/lib; then | |
879 | LIB_SQLITE3="-L${with_sqlite3}/lib -R${with_sqlite3}/lib" | |
880 | else | |
881 | LIB_SQLITE3="-L${with_sqlite3} -R${with_sqlite3}" | |
882 | fi | |
883 | ||
884 | LIB_SQLITE3_DIR=$LIB_SQLITE3 | |
885 | LIB_SQLITE3="$LIB_SQLITE3 -lsqlite3" | |
886 | ||
887 | if test -d ${with_sqlite3}/include; then | |
888 | CPPFLAGS="${CPPFLAGS} -I${with_sqlite3}/include" | |
889 | else | |
890 | CPPFLAGS="${CPPFLAGS} -I${with_sqlite3}" | |
891 | fi | |
892 | AC_CHECK_LIB(sqlite3, sqlite3_open, AC_DEFINE(HAVE_SQLITE3,[], | |
893 | [Do we have SQLite3 support?]), | |
894 | [AC_WARN([SQLite3 Library sqlite3 does not work]) | |
895 | with_sqlite3=no], $LIB_SQLITE3_DIR);; | |
896 | ||
897 | esac | |
898 | AC_SUBST(LIB_SQLITE3) | |
899 | ||
900 | if test "$sql" = yes -a "$with_pgsql" = no -a "$with_mysql" = no -a "$with_sqlite" = no -a "$with_sqlite3" = no; then | |
901 | AC_ERROR([--enable-sql chosen but neither Postgres nor MySQL nor SQLite nor SQLite3 found]) | |
850 | 902 | fi |
851 | 903 | |
852 | 904 | if test "$enable_shared" = yes; then |
896 | 948 | |
897 | 949 | SASL_MECHS="$SASL_MECHS libldapdb.la" |
898 | 950 | if test "$enable_static" = yes; then |
899 | SASL_STATIC_SRCS="$SASL_STATIC_SRCS ../plugins/ldapdb.c" | |
951 | SASL_STATIC_SRCS="$SASL_STATIC_SRCS \$(top_srcdir)/plugins/ldapdb.c" | |
900 | 952 | SASL_STATIC_OBJS="$SASL_STATIC_OBJS ldapdb.o" |
901 | 953 | AC_DEFINE(STATIC_LDAPDB,[],[Link ldapdb plugin Staticly]) |
902 | 954 | fi |
1114 | 1166 | |
1115 | 1167 | #AC_FUNC_MEMCMP |
1116 | 1168 | #AC_FUNC_VPRINTF |
1117 | AC_CHECK_FUNCS(gethostname getdomainname getpwnam getspnam gettimeofday inet_aton memcpy mkdir select socket strchr strdup strerror strspn strstr strtol jrand48) | |
1169 | AC_CHECK_FUNCS(gethostname getdomainname getpwnam getspnam gettimeofday inet_aton memcpy mkdir select socket strchr strdup strerror strspn strstr strtol jrand48 getpassphrase) | |
1118 | 1170 | |
1119 | 1171 | if test $enable_cmulocal = yes; then |
1120 | 1172 | AC_WARN([enabling CMU local kludges]) |
133 | 133 | LIB_PGSQL = @LIB_PGSQL@ |
134 | 134 | LIB_SOCKET = @LIB_SOCKET@ |
135 | 135 | LIB_SQLITE = @LIB_SQLITE@ |
136 | LIB_SQLITE3 = @LIB_SQLITE3@ | |
136 | 137 | LN_S = @LN_S@ |
137 | 138 | LTGETADDRINFOOBJS = @LTGETADDRINFOOBJS@ |
138 | 139 | LTGETNAMEINFOOBJS = @LTGETNAMEINFOOBJS@ |
0 | 0 | <HTML><HEAD> |
1 | 1 | <title>SASL Components</title> |
2 | <!-- $Id: components.html,v 1.4 2003/07/15 17:38:57 ken3 Exp $ --> | |
2 | <!-- $Id: components.html,v 1.5 2008/01/23 21:29:55 murch Exp $ --> | |
3 | 3 | </HEAD> |
4 | 4 | <BODY> |
5 | 5 | <H1>SASL Components</H1> |
67 | 67 | such as MIME Base-64 encoding and decoding, and random number generation. |
68 | 68 | Others are more specific to the task of authentication, such as providing |
69 | 69 | password verification services. Such services are capable of taking |
70 | a username and a plaintext password and saying "yes&quit; or | |
70 | a username and a plaintext password and saying "yes" or | |
71 | 71 | "no". Details of available password verification services are |
72 | 72 | discussed below.</p> |
73 | 73 |
0 | <!-- $Id: mechanisms.html,v 1.6 2003/09/16 23:57:37 ken3 Exp $ --> | |
0 | <!-- $Id: mechanisms.html,v 1.8 2008/10/31 15:18:46 murch Exp $ --> | |
1 | 1 | <HTML> |
2 | 2 | <HEAD> |
3 | 3 | <TITLE>SASL Mechanism Properties/Features</TITLE> |
135 | 135 | <TD><CENTER><br></CENTER></TD> |
136 | 136 | <TD><CENTER><br></CENTER></TD> |
137 | 137 | <TD><CENTER>X</CENTER></TD> |
138 | <TD><CENTER><br></CENTER></TD> | |
138 | <TD><CENTER>X</CENTER></TD> | |
139 | 139 | <TD><CENTER><br></CENTER></TD> |
140 | 140 | <TD><CENTER><br></CENTER></TD> |
141 | 141 | <TD><CENTER>X</CENTER></TD> |
176 | 176 | </TR> |
177 | 177 | |
178 | 178 | <TR> |
179 | <TH>PASSDSS-3DES-1</TH> | |
180 | <TD><CENTER>112</CENTER></TD> | |
181 | <TD><CENTER>X</CENTER></TD> | |
182 | <TD><CENTER>X</CENTER></TD> | |
183 | <TD><CENTER>X</CENTER></TD> | |
184 | <TD><CENTER>X</CENTER></TD> | |
185 | <TD><CENTER>X</CENTER></TD> | |
186 | <TD><CENTER>X</CENTER></TD> | |
187 | <TD><CENTER>X</CENTER></TD> | |
188 | <TD><CENTER>X</CENTER></TD> | |
189 | <TD><CENTER><br></CENTER></TD> | |
190 | <TD><CENTER><br></CENTER></TD> | |
191 | <TD><CENTER>X</CENTER></TD> | |
192 | </TR> | |
193 | ||
194 | <TR> | |
179 | 195 | <TH>PLAIN</TH> |
180 | 196 | <TD><CENTER>0</CENTER></TD> |
181 | 197 | <TD><CENTER><br></CENTER></TD> |
183 | 199 | <TD><CENTER><br></CENTER></TD> |
184 | 200 | <TD><CENTER><br></CENTER></TD> |
185 | 201 | <TD><CENTER>X</CENTER></TD> |
186 | <TD><CENTER><br></CENTER></TD> | |
202 | <TD><CENTER>X</CENTER></TD> | |
187 | 203 | <TD><CENTER><br></CENTER></TD> |
188 | 204 | <TD><CENTER>X</CENTER></TD> |
189 | 205 | <TD><CENTER><br></CENTER></TD> |
252 | 268 | <li><b>NOACTIVE</b> - Protection from active (non-dictionary) attacks |
253 | 269 | during authentication exchange. (Implies <b>MUTUAL</b>).</li> |
254 | 270 | <li><b>NODICT</b> - Not susceptable to passive dictionary attack.</li> |
255 | <li><b>NOFORWARD</b> - Breaking one session won't help break the next.</li> | |
271 | <li><b>FORWARD</b> - Breaking one session won't help break the next.</li> | |
256 | 272 | <li><b>NOANON</b> - Don't permit anonymous logins.</li> |
257 | 273 | <li><b>CRED</b> - Mechanism can pass client credentials.</li> |
258 | 274 | <li><b>MUTUAL</b> - Supports mutual authentication (authenticates the server |
0 | 0 | <HTML><HEAD> |
1 | 1 | <title>Options for Cyrus SASL</title> |
2 | <!-- $Id: options.html,v 1.30 2005/02/16 20:52:05 shadow Exp $ --> | |
2 | <!-- $Id: options.html,v 1.33 2009/01/25 13:02:29 mel Exp $ --> | |
3 | 3 | </HEAD> |
4 | 4 | <BODY> |
5 | 5 | <h1>Options for Cyrus SASL</h1> |
82 | 82 | <TD>none</TD> |
83 | 83 | </TR> |
84 | 84 | <TR> |
85 | <TD>ldapdb_canon_attr</TD><TD>LDAPDB plugin</TD> | |
86 | <TD>Use the value of the specified attribute as the user's | |
87 | canonical name. The attribute will be looked up in the user's LDAP | |
88 | entry. This setting must be configured in order to use LDAPDB as | |
89 | a canonuser plugin.</TD> | |
90 | <TD>none</TD> | |
91 | </TR> | |
92 | <TR> | |
85 | 93 | <TD>log_level</TD><TD>SASL Library</TD> |
86 | 94 | <TD><b>Numeric</b> Logging Level (see <TT>SASL_LOG_*</TT> in <tt>sasl.h</tt> |
87 | 95 | for values and descriptions</TD> |
95 | 103 | </TR> |
96 | 104 | <TR> |
97 | 105 | <TD>ntlm_server</TD><TD>NTLM (server)</TD> |
98 | <TD>Name of server (WinNT, Win2K, Samba, etc) to which authentication | |
99 | will be proxied.</TD> | |
106 | <TD>Comma separated list of servernames (WinNT, Win2K, Samba, etc) to | |
107 | which authentication will be proxied.</TD> | |
100 | 108 | <TD>(null) - perform authentication internally</TD> |
101 | 109 | </TR> |
102 | 110 | <TR> |
141 | 149 | <TD>Path to sasldb file</TD><TD><tt>/etc/sasldb2</tt> (system dependant)</TD> |
142 | 150 | <TR> |
143 | 151 | <TD>sql_engine</TD><TD>SQL plugin</TD> |
144 | <TD>Name of SQL engine to use (possible values: 'mysql', 'pgsql', 'sqlite').</TD> | |
152 | <TD>Name of SQL engine to use (possible values: 'mysql', 'pgsql', 'sqlite', 'sqlite3').</TD> | |
145 | 153 | <TD><tt>mysql</tt></TD> |
146 | 154 | </TR> |
147 | 155 | <TR> |
272 | 280 | </pre> |
273 | 281 | is a valid value for <tt>sql_select</tt>. |
274 | 282 | |
275 | <h2>Notes on LDAPDB auxprop options</h2> | |
283 | <h2>Notes on LDAPDB plugin options</h2> | |
276 | 284 | |
277 | 285 | <p> |
278 | 286 | </p> |
285 | 293 | makes the configuration of remote services much simpler.</p> |
286 | 294 | |
287 | 295 | <p>This plugin is not for use with slapd itself. When OpenLDAP is |
288 | built with SASL support, slapd uses its own internal auxprop module. | |
296 | built with SASL support, slapd uses its own internal auxprop and | |
297 | canonuser module. | |
289 | 298 | By default, without configuring anything else, slapd will fail to load |
290 | 299 | the ldapdb module when it's present. This is as it should be. If you |
291 | 300 | don't like the "auxpropfunc: error -7" message that is sent to syslog |
302 | 311 | ldapdb_id: root |
303 | 312 | ldapdb_pw: secret |
304 | 313 | ldapdb_mech: DIGEST-MD5 |
314 | ldapdb_canon_attr: uid | |
305 | 315 | </pre> |
306 | 316 | |
307 | 317 | <p>The LDAP server must be configured to map the SASL authcId "root" into a DN |
0 | 0 | <HTML><HEAD> |
1 | 1 | <title>Cyrus SASL for System Administrators</title> |
2 | <!-- $Id: sysadmin.html,v 1.50 2005/02/16 20:52:05 shadow Exp $ --> | |
2 | <!-- $Id: sysadmin.html,v 1.52 2007/04/23 14:34:53 murch Exp $ --> | |
3 | 3 | </HEAD> |
4 | 4 | <BODY> |
5 | 5 | <H1>Cyrus SASL for System Administrators</H1> |
182 | 182 | |
183 | 183 | <p>To enable <tt>authdaemond</tt> support, pass <tt>--with-authdaemon</tt> to the |
184 | 184 | configuration script, set pwcheck_method to ``authdaemond'' and point |
185 | authdaemon_path to <tt>authdaemond</tt>'s unix socket. Optionally, you can | |
185 | authdaemond_path to <tt>authdaemond</tt>'s unix socket. Optionally, you can | |
186 | 186 | specify --with-authdaemond=PATH to the configure script so that |
187 | 187 | authdaemond_path points to a default, static, location. |
188 | 188 | |
462 | 462 | <p><b>A:</b> Check syslog output (usually stored in |
463 | 463 | <tt>/var/log</tt>) for more information. You might want to change your |
464 | 464 | syslog configuration (usually <tt>/etc/syslogd.conf</tt>) to log |
465 | "debug.*" to a file while debugging a problem.</p> | |
465 | "*.debug" to a file while debugging a problem.</p> | |
466 | 466 | |
467 | 467 | <p>The developers make heavy use of <tt>strace</tt> or <tt>truss</tt> |
468 | 468 | when debugging a problem that isn't outputting any useful |
132 | 132 | LIB_PGSQL = @LIB_PGSQL@ |
133 | 133 | LIB_SOCKET = @LIB_SOCKET@ |
134 | 134 | LIB_SQLITE = @LIB_SQLITE@ |
135 | LIB_SQLITE3 = @LIB_SQLITE3@ | |
135 | 136 | LN_S = @LN_S@ |
136 | 137 | LTGETADDRINFOOBJS = @LTGETADDRINFOOBJS@ |
137 | 138 | LTGETNAMEINFOOBJS = @LTGETNAMEINFOOBJS@ |
123 | 123 | /* Keep in sync with win32/common.mak */ |
124 | 124 | #define SASL_VERSION_MAJOR 2 |
125 | 125 | #define SASL_VERSION_MINOR 1 |
126 | #define SASL_VERSION_STEP 23 | |
126 | #define SASL_VERSION_STEP 24 | |
127 | 127 | |
128 | 128 | /* A convenience macro: same as was defined in the OpenLDAP LDAPDB */ |
129 | 129 | #define SASL_VERSION_FULL ((SASL_VERSION_MAJOR << 16) |\ |
170 | 170 | #define SASL_NOCHANGE -22 /* requested change was not needed */ |
171 | 171 | #define SASL_WEAKPASS -27 /* passphrase is too weak for security policy */ |
172 | 172 | #define SASL_NOUSERPASS -28 /* user supplied passwords not permitted */ |
173 | #define SASL_NEED_OLD_PASSWD -29 /* sasl_setpass needs old password in order | |
174 | to perform password change */ | |
175 | #define SASL_CONSTRAINT_VIOLAT -30 /* a property can't be stored, | |
176 | because of some constrains/policy violation */ | |
173 | 177 | |
174 | 178 | /* max size of a sasl mechanism name */ |
175 | 179 | #define SASL_MECHNAMEMAX 20 |
625 | 629 | /* One of the following two is required */ |
626 | 630 | #define SASL_CU_AUTHID 0x01 |
627 | 631 | #define SASL_CU_AUTHZID 0x02 |
632 | /* Combine the following with SASL_CU_AUTHID, if you don't want | |
633 | to fail if auxprop returned SASL_NOUSER */ | |
634 | #define SASL_CU_EXTERNALLY_VERIFIED 0x04 | |
635 | ||
636 | #define SASL_CU_OVERRIDE 0x08 /* mapped to SASL_AUXPROP_OVERRIDE */ | |
637 | ||
638 | /* The following CU flags are passed "as is" down to auxprop lookup */ | |
639 | #define SASL_CU_ASIS_MASK 0xFFF0 | |
640 | /* NOTE: Keep in sync with SASL_AUXPROP_<XXX> flags */ | |
641 | #define SASL_CU_VERIFY_AGAINST_HASH 0x10 | |
642 | ||
628 | 643 | |
629 | 644 | typedef int sasl_canon_user_t(sasl_conn_t *conn, |
630 | 645 | void *context, |
678 | 693 | |
679 | 694 | /* dispose of all SASL plugins. Connection |
680 | 695 | * states have to be disposed of before calling this. |
696 | * | |
697 | * This function is DEPRECATED in favour of sasl_server_done/ | |
698 | * sasl_client_done. | |
681 | 699 | */ |
682 | 700 | LIBSASL_API void sasl_done(void); |
701 | ||
702 | /* dispose of all SASL plugins. Connection | |
703 | * states have to be disposed of before calling this. | |
704 | * This function should be called instead of sasl_done(), | |
705 | whenever possible. | |
706 | */ | |
707 | LIBSASL_API int sasl_server_done(void); | |
708 | ||
709 | /* dispose of all SASL plugins. Connection | |
710 | * states have to be disposed of before calling this. | |
711 | * This function should be called instead of sasl_done(), | |
712 | whenever possible. | |
713 | */ | |
714 | LIBSASL_API int sasl_client_done(void); | |
683 | 715 | |
684 | 716 | /* dispose connection state, sets it to NULL |
685 | 717 | * checks for pointer to NULL |
1102 | 1134 | * SASL_NOUSER -- user not found |
1103 | 1135 | * SASL_NOVERIFY -- user found, but no usable mechanism |
1104 | 1136 | * SASL_NOMECH -- no mechanisms enabled |
1137 | * SASL_UNAVAIL -- remote authentication server unavailable, try again later | |
1105 | 1138 | */ |
1106 | 1139 | LIBSASL_API int sasl_user_exists(sasl_conn_t *conn, |
1107 | 1140 | const char *service, |
1146 | 1179 | |
1147 | 1180 | #define SASL_AUX_END NULL /* last auxiliary property */ |
1148 | 1181 | |
1182 | #define SASL_AUX_ALL "*" /* A special flag to signal user deletion */ | |
1183 | ||
1149 | 1184 | /* traditional Posix items (should be implemented on Posix systems) */ |
1150 | 1185 | #define SASL_AUX_PASSWORD_PROP "userPassword" /* User Password */ |
1151 | 1186 | #define SASL_AUX_PASSWORD "*" SASL_AUX_PASSWORD_PROP /* User Password (of authid) */ |
328 | 328 | /* This plugin allows proxying */ |
329 | 329 | #define SASL_FEAT_ALLOWS_PROXY 0x0020 |
330 | 330 | |
331 | /* server plugin don't use cleartext userPassword attribute */ | |
332 | #define SASL_FEAT_DONTUSE_USERPASSWD 0x0080 | |
333 | ||
331 | 334 | /* client plug-in features */ |
332 | 335 | #define SASL_FEAT_NEEDSERVERFQDN 0x0001 |
333 | 336 | |
887 | 890 | * last element in array has id of SASL_AUX_END |
888 | 891 | * elements with non-0 len should be ignored. |
889 | 892 | */ |
890 | void (*auxprop_lookup)(void *glob_context, | |
893 | int (*auxprop_lookup)(void *glob_context, | |
891 | 894 | sasl_server_params_t *sparams, |
892 | 895 | unsigned flags, |
893 | 896 | const char *user, unsigned ulen); |
918 | 921 | * we are looking up the authzid flags |
919 | 922 | * (no prefix) */ |
920 | 923 | |
921 | #define SASL_AUXPROP_PLUG_VERSION 4 | |
924 | /* NOTE: Keep in sync with SASL_CU_<XXX> flags */ | |
925 | #define SASL_AUXPROP_VERIFY_AGAINST_HASH 0x10 | |
926 | ||
927 | ||
928 | #define SASL_AUXPROP_PLUG_VERSION 8 | |
922 | 929 | |
923 | 930 | /* default name for auxprop plug-in entry point is "sasl_auxprop_init" |
924 | 931 | * similar to sasl_server_plug_init model, except only returns one |
76 | 76 | */ |
77 | 77 | LIBSASL_API void sasl_erasebuffer(char *pass, unsigned len); |
78 | 78 | |
79 | /* Lowercase string in place */ | |
80 | LIBSASL_API char *sasl_strlower (char *val); | |
81 | ||
82 | LIBSASL_API int sasl_config_init(const char *filename); | |
83 | ||
79 | 84 | #ifdef WIN32 |
80 | 85 | /* Just in case a different DLL defines this as well */ |
81 | 86 | #if defined(NEED_GETOPT) |
113 | 113 | LIB_PGSQL = @LIB_PGSQL@ |
114 | 114 | LIB_SOCKET = @LIB_SOCKET@ |
115 | 115 | LIB_SQLITE = @LIB_SQLITE@ |
116 | LIB_SQLITE3 = @LIB_SQLITE3@ | |
116 | 117 | LN_S = @LN_S@ |
117 | 118 | LTGETADDRINFOOBJS = @LTGETADDRINFOOBJS@ |
118 | 119 | LTGETNAMEINFOOBJS = @LTGETNAMEINFOOBJS@ |
113 | 113 | LIB_PGSQL = @LIB_PGSQL@ |
114 | 114 | LIB_SOCKET = @LIB_SOCKET@ |
115 | 115 | LIB_SQLITE = @LIB_SQLITE@ |
116 | LIB_SQLITE3 = @LIB_SQLITE3@ | |
116 | 117 | LN_S = @LN_S@ |
117 | 118 | LTGETADDRINFOOBJS = @LTGETADDRINFOOBJS@ |
118 | 119 | LTGETNAMEINFOOBJS = @LTGETNAMEINFOOBJS@ |
113 | 113 | LIB_PGSQL = @LIB_PGSQL@ |
114 | 114 | LIB_SOCKET = @LIB_SOCKET@ |
115 | 115 | LIB_SQLITE = @LIB_SQLITE@ |
116 | LIB_SQLITE3 = @LIB_SQLITE3@ | |
116 | 117 | LN_S = @LN_S@ |
117 | 118 | LTGETADDRINFOOBJS = @LTGETADDRINFOOBJS@ |
118 | 119 | LTGETNAMEINFOOBJS = @LTGETNAMEINFOOBJS@ |
129 | 129 | LIB_PGSQL = @LIB_PGSQL@ |
130 | 130 | LIB_SOCKET = @LIB_SOCKET@ |
131 | 131 | LIB_SQLITE = @LIB_SQLITE@ |
132 | LIB_SQLITE3 = @LIB_SQLITE3@ | |
132 | 133 | LN_S = @LN_S@ |
133 | 134 | LTGETADDRINFOOBJS = @LTGETADDRINFOOBJS@ |
134 | 135 | LTGETNAMEINFOOBJS = @LTGETNAMEINFOOBJS@ |
129 | 129 | LIB_PGSQL = @LIB_PGSQL@ |
130 | 130 | LIB_SOCKET = @LIB_SOCKET@ |
131 | 131 | LIB_SQLITE = @LIB_SQLITE@ |
132 | LIB_SQLITE3 = @LIB_SQLITE3@ | |
132 | 133 | LN_S = @LN_S@ |
133 | 134 | LTGETADDRINFOOBJS = @LTGETADDRINFOOBJS@ |
134 | 135 | LTGETNAMEINFOOBJS = @LTGETNAMEINFOOBJS@ |
129 | 129 | LIB_PGSQL = @LIB_PGSQL@ |
130 | 130 | LIB_SOCKET = @LIB_SOCKET@ |
131 | 131 | LIB_SQLITE = @LIB_SQLITE@ |
132 | LIB_SQLITE3 = @LIB_SQLITE3@ | |
132 | 133 | LN_S = @LN_S@ |
133 | 134 | LTGETADDRINFOOBJS = @LTGETADDRINFOOBJS@ |
134 | 135 | LTGETNAMEINFOOBJS = @LTGETNAMEINFOOBJS@ |
129 | 129 | LIB_PGSQL = @LIB_PGSQL@ |
130 | 130 | LIB_SOCKET = @LIB_SOCKET@ |
131 | 131 | LIB_SQLITE = @LIB_SQLITE@ |
132 | LIB_SQLITE3 = @LIB_SQLITE3@ | |
132 | 133 | LN_S = @LN_S@ |
133 | 134 | LTGETADDRINFOOBJS = @LTGETADDRINFOOBJS@ |
134 | 135 | LTGETNAMEINFOOBJS = @LTGETNAMEINFOOBJS@ |
0 | 0 | # Makefile.am for the SASL library |
1 | 1 | # Rob Earhart |
2 | # $Id: Makefile.am,v 1.85.2.1 2009/04/27 17:58:26 murch Exp $ | |
2 | # $Id: Makefile.am,v 1.87 2009/05/20 12:24:49 murch Exp $ | |
3 | 3 | # Copyright (c) 2000 Carnegie Mellon University. All rights reserved. |
4 | 4 | # |
5 | 5 | # Redistribution and use in source and binary forms, with or without |
40 | 40 | # |
41 | 41 | |
42 | 42 | # Library version info - here at the top, for sanity |
43 | sasl_version = 2:23:0 | |
43 | sasl_version = 2:24:0 | |
44 | 44 | |
45 | 45 | INCLUDES=-I$(top_srcdir)/include -I$(top_srcdir)/plugins -I$(top_builddir)/include -I$(top_srcdir)/sasldb |
46 | 46 | |
48 | 48 | EXTRA_LIBRARIES = libsasl2.a |
49 | 49 | noinst_LIBRARIES = @SASL_STATIC_LIBS@ |
50 | 50 | libsasl2_a_SOURCES= |
51 | ||
52 | BUILT_SOURCES = $(SASL_STATIC_SRCS) | |
51 | 53 | |
52 | 54 | common_headers = saslint.h |
53 | 55 | common_sources = auxprop.c canonusr.c checkpw.c client.c common.c config.c external.c md5.c saslutil.c server.c seterror.c dlopen.c ../plugins/plugin_common.c |
92 | 94 | rm -f $@ |
93 | 95 | ln -s .libs/$@ $@ |
94 | 96 | |
95 | $(SASL_STATIC_OBJS): linksrcs | |
97 | $(SASL_STATIC_SRCS): linksrcs | |
96 | 98 | |
97 | 99 | linksrcs: |
98 | 100 | -ln -s $(SASL_STATIC_SRCS) . |
15 | 15 | |
16 | 16 | # Makefile.am for the SASL library |
17 | 17 | # Rob Earhart |
18 | # $Id: Makefile.am,v 1.85.2.1 2009/04/27 17:58:26 murch Exp $ | |
18 | # $Id: Makefile.am,v 1.87 2009/05/20 12:24:49 murch Exp $ | |
19 | 19 | # Copyright (c) 2000 Carnegie Mellon University. All rights reserved. |
20 | 20 | # |
21 | 21 | # Redistribution and use in source and binary forms, with or without |
130 | 130 | LIB_PGSQL = @LIB_PGSQL@ |
131 | 131 | LIB_SOCKET = @LIB_SOCKET@ |
132 | 132 | LIB_SQLITE = @LIB_SQLITE@ |
133 | LIB_SQLITE3 = @LIB_SQLITE3@ | |
133 | 134 | LN_S = @LN_S@ |
134 | 135 | LTGETADDRINFOOBJS = @LTGETADDRINFOOBJS@ |
135 | 136 | LTGETNAMEINFOOBJS = @LTGETNAMEINFOOBJS@ |
231 | 232 | target_vendor = @target_vendor@ |
232 | 233 | |
233 | 234 | # Library version info - here at the top, for sanity |
234 | sasl_version = 2:23:0 | |
235 | sasl_version = 2:24:0 | |
235 | 236 | |
236 | 237 | INCLUDES = -I$(top_srcdir)/include -I$(top_srcdir)/plugins -I$(top_builddir)/include -I$(top_srcdir)/sasldb |
237 | 238 | |
239 | 240 | EXTRA_LIBRARIES = libsasl2.a |
240 | 241 | noinst_LIBRARIES = @SASL_STATIC_LIBS@ |
241 | 242 | libsasl2_a_SOURCES = |
243 | ||
244 | BUILT_SOURCES = $(SASL_STATIC_SRCS) | |
242 | 245 | |
243 | 246 | common_headers = saslint.h |
244 | 247 | common_sources = auxprop.c canonusr.c checkpw.c client.c common.c config.c external.c md5.c saslutil.c server.c seterror.c dlopen.c ../plugins/plugin_common.c |
296 | 299 | getnameinfo.c getsubopt.c snprintf.c |
297 | 300 | SOURCES = $(libsasl2_a_SOURCES) $(libsasl2_la_SOURCES) |
298 | 301 | |
299 | all: all-am | |
302 | all: $(BUILT_SOURCES) | |
303 | $(MAKE) $(AM_MAKEFLAGS) all-am | |
300 | 304 | |
301 | 305 | .SUFFIXES: |
302 | 306 | .SUFFIXES: .c .lo .o .obj |
527 | 531 | fi; \ |
528 | 532 | done |
529 | 533 | check-am: all-am |
530 | check: check-am | |
534 | check: $(BUILT_SOURCES) | |
535 | $(MAKE) $(AM_MAKEFLAGS) check-am | |
531 | 536 | all-am: Makefile $(LIBRARIES) $(LTLIBRARIES) |
532 | 537 | |
533 | 538 | installdirs: |
534 | 539 | $(mkinstalldirs) $(DESTDIR)$(libdir) |
535 | install: install-am | |
540 | install: $(BUILT_SOURCES) | |
541 | $(MAKE) $(AM_MAKEFLAGS) install-am | |
536 | 542 | install-exec: install-exec-am |
537 | 543 | install-data: install-data-am |
538 | 544 | uninstall: uninstall-am |
556 | 562 | maintainer-clean-generic: |
557 | 563 | @echo "This command is intended for maintainers to use" |
558 | 564 | @echo "it deletes files that may require special tools to rebuild." |
565 | -test -z "$(BUILT_SOURCES)" || rm -f $(BUILT_SOURCES) | |
559 | 566 | clean: clean-am |
560 | 567 | |
561 | 568 | clean-am: clean-generic clean-libLTLIBRARIES clean-libtool \ |
645 | 652 | rm -f $@ |
646 | 653 | ln -s .libs/$@ $@ |
647 | 654 | |
648 | $(SASL_STATIC_OBJS): linksrcs | |
655 | $(SASL_STATIC_SRCS): linksrcs | |
649 | 656 | |
650 | 657 | linksrcs: |
651 | 658 | -ln -s $(SASL_STATIC_SRCS) . |
13 | 13 | libsasl_res = libsasl.res |
14 | 14 | libsasl_out = libsasl.dll libsasl.exp libsasl.lib $(libsasl_res) |
15 | 15 | |
16 | CPPFLAGS = /D NEED_GETOPT /I "..\win32\include" /I "." /I "..\include" /D "WIN32" /D "_WINDOWS" /D "_MBCS" /D "_USRDLL" /D "LIBSASL_EXPORTS" | |
16 | CPPFLAGS = /wd4996 /Wp64 /D NEED_GETOPT /I "..\win32\include" /I "." /I "..\include" /D "WIN32" /D "_WINDOWS" /D "_MBCS" /D "_USRDLL" /D "LIBSASL_EXPORTS" | |
17 | 17 | |
18 | 18 | !IF $(TARGET_WIN_SYSTEM) >= 51 |
19 | 19 | CPPFLAGS = /D TARGET_WIN_SYSTEM=$(TARGET_WIN_SYSTEM) $(CPPFLAGS) |
37 | 37 | # |
38 | 38 | install: libsasl.dll |
39 | 39 | @echo libsasl.exp > $(exclude_list) |
40 | @echo libsasl.res >> $(exclude_list) | |
41 | @echo libsasl.dll.manifest >> $(exclude_list) | |
42 | # .lib is excluded only because it is copied separately below | |
40 | 43 | @echo libsasl.lib >> $(exclude_list) |
41 | @echo libsasl.res >> $(exclude_list) | |
42 | 44 | @xcopy libsasl.* $(bindir) /I /F /Y /EXCLUDE:$(exclude_list) |
43 | 45 | @xcopy libsasl.l* $(libdir) /I /F /Y |
44 | 46 | |
47 | 49 | libsasl.dll: $(libsasl_objs) $(libsasl_res) |
48 | 50 | $(LINK32DLL) @<< $(LINK32DLL_FLAGS) /out:"libsasl.dll" /implib:"libsasl.lib" /pdb:"libsasl.pdb" $(libsasl_objs) $(libsasl_res) |
49 | 51 | << |
52 | IF EXIST $@.manifest mt -manifest $@.manifest -outputresource:$@;2 | |
50 | 53 | |
51 | 54 | plugin_common.c: ..\plugins\plugin_common.c plugin_common.h |
52 | 55 | copy ..\plugins\plugin_common.c . |
54 | 57 | plugin_common.h: ..\plugins\plugin_common.h |
55 | 58 | copy ..\plugins\plugin_common.h . |
56 | 59 | |
57 | client.c common.c external.c plugin_common.c server.c seterror.c: ..\include\saslplug.h | |
60 | auxprop.c checkpw.c client.c common.c external.c plugin_common.c server.c seterror.c: ..\include\saslplug.h | |
61 | ||
62 | auxprop.c canonusr.c checkpw.c client.c common.c config.c external.c getsubopt.c md5.c plugin_common.c server.c seterror.c windlopen.c: ..\include\sasl.h | |
58 | 63 | |
59 | 64 | CLEAN : |
60 | 65 | -@erase $(all_objs) |
61 | 66 | -@erase "*.idb" |
62 | 67 | -@erase "*.pdb" |
68 | -@erase "*.manifest" | |
63 | 69 | -@erase $(all_out) |
64 | 70 | -@erase plugin_common.h |
65 | 71 | -@erase plugin_common.c |
90 | 96 | VALUE "FileDescription", "CMU SASL API v2\0" |
91 | 97 | VALUE "FileVersion", "$(SASL_VERSION_MAJOR).$(SASL_VERSION_MINOR).$(SASL_VERSION_STEP).0\0" |
92 | 98 | VALUE "InternalName", "libsasl\0" |
93 | VALUE "LegalCopyright", "Copyright (c) Carnegie Mellon University 2005\0" | |
99 | VALUE "LegalCopyright", "Copyright (c) Carnegie Mellon University 2002-2009\0" | |
94 | 100 | VALUE "OriginalFilename", "libsasl.dll\0" |
95 | 101 | VALUE "ProductName", "Carnegie Mellon University SASL\0" |
96 | 102 | VALUE "ProductVersion", "$(SASL_VERSION_MAJOR).$(SASL_VERSION_MINOR).$(SASL_VERSION_STEP)-0" |
0 | 0 | /* auxprop.c - auxilliary property support |
1 | 1 | * Rob Siemborski |
2 | * $Id: auxprop.c,v 1.16 2006/03/14 14:23:55 mel Exp $ | |
2 | * $Id: auxprop.c,v 1.19 2009/01/28 22:49:14 mel Exp $ | |
3 | 3 | */ |
4 | 4 | /* |
5 | 5 | * Copyright (c) 1998-2003 Carnegie Mellon University. All rights reserved. |
45 | 45 | #include <sasl.h> |
46 | 46 | #include <prop.h> |
47 | 47 | #include <ctype.h> |
48 | #include <stdio.h> | |
48 | 49 | #include "saslint.h" |
49 | 50 | |
50 | 51 | struct proppool |
809 | 810 | result = auxpropfunc(sasl_global_utils, SASL_AUXPROP_PLUG_VERSION, |
810 | 811 | &out_version, &plug, plugname); |
811 | 812 | |
813 | /* Check if out_version is too old. | |
814 | We only support the current at the moment */ | |
815 | if (result == SASL_OK && out_version < SASL_AUXPROP_PLUG_VERSION) { | |
816 | result = SASL_BADVERS; | |
817 | } | |
818 | ||
812 | 819 | if(result != SASL_OK) { |
813 | 820 | _sasl_log(NULL, SASL_LOG_ERR, "auxpropfunc error %s\n", |
814 | 821 | sasl_errstring(result, NULL, NULL)); |
844 | 851 | auxprop_head = NULL; |
845 | 852 | } |
846 | 853 | |
854 | /* Return the updated account status based on the current ("so far") and | |
855 | the specific status returned by the latest auxprop call */ | |
856 | static int | |
857 | _sasl_account_status (int current_status, | |
858 | int specific_status) | |
859 | { | |
860 | switch (specific_status) { | |
861 | case SASL_NOVERIFY: | |
862 | specific_status = SASL_OK; | |
863 | /* fall through */ | |
864 | case SASL_OK: | |
865 | if (current_status == SASL_NOMECH || | |
866 | current_status == SASL_NOUSER) { | |
867 | current_status = specific_status; | |
868 | } | |
869 | break; | |
870 | ||
871 | case SASL_NOUSER: | |
872 | if (current_status == SASL_NOMECH) { | |
873 | current_status = specific_status; | |
874 | } | |
875 | break; | |
876 | ||
877 | /* NOTE: The disabled flag sticks, unless we hit an error */ | |
878 | case SASL_DISABLED: | |
879 | if (current_status == SASL_NOMECH || | |
880 | current_status == SASL_NOUSER || | |
881 | current_status == SASL_OK) { | |
882 | current_status = specific_status; | |
883 | } | |
884 | break; | |
885 | ||
886 | case SASL_NOMECH: | |
887 | /* ignore */ | |
888 | break; | |
889 | ||
890 | /* SASL_UNAVAIL overrides everything */ | |
891 | case SASL_UNAVAIL: | |
892 | current_status = specific_status; | |
893 | break; | |
894 | ||
895 | default: | |
896 | current_status = specific_status; | |
897 | break; | |
898 | } | |
899 | return (current_status); | |
900 | } | |
847 | 901 | |
848 | 902 | /* Do the callbacks for auxprop lookups */ |
849 | void _sasl_auxprop_lookup(sasl_server_params_t *sparams, | |
903 | int _sasl_auxprop_lookup(sasl_server_params_t *sparams, | |
850 | 904 | unsigned flags, |
851 | 905 | const char *user, unsigned ulen) |
852 | 906 | { |
855 | 909 | void *context; |
856 | 910 | const char *plist = NULL; |
857 | 911 | auxprop_plug_list_t *ptr; |
912 | int result = SASL_NOMECH; | |
858 | 913 | |
859 | 914 | if(_sasl_getcallback(sparams->utils->conn, |
860 | 915 | SASL_CB_GETOPT, &getopt, &context) == SASL_OK) { |
864 | 919 | |
865 | 920 | if(!plist) { |
866 | 921 | /* Do lookup in all plugins */ |
922 | ||
923 | /* TODO: Ideally, each auxprop plugin should be marked if its failure | |
924 | should be ignored or treated as a fatal error of the whole lookup. */ | |
867 | 925 | for(ptr = auxprop_head; ptr; ptr = ptr->next) { |
868 | 926 | found=1; |
869 | ptr->plug->auxprop_lookup(ptr->plug->glob_context, | |
927 | ret = ptr->plug->auxprop_lookup(ptr->plug->glob_context, | |
870 | 928 | sparams, flags, user, ulen); |
929 | result = _sasl_account_status (result, ret); | |
871 | 930 | } |
872 | 931 | } else { |
873 | 932 | char *pluginlist = NULL, *freeptr = NULL, *thisplugin = NULL; |
874 | 933 | |
875 | if(_sasl_strdup(plist, &pluginlist, NULL) != SASL_OK) return; | |
934 | if(_sasl_strdup(plist, &pluginlist, NULL) != SASL_OK) return SASL_NOMEM; | |
876 | 935 | thisplugin = freeptr = pluginlist; |
877 | 936 | |
878 | 937 | /* Do lookup in all *specified* plugins, in order */ |
894 | 953 | continue; |
895 | 954 | |
896 | 955 | found=1; |
897 | ptr->plug->auxprop_lookup(ptr->plug->glob_context, | |
956 | ret = ptr->plug->auxprop_lookup(ptr->plug->glob_context, | |
898 | 957 | sparams, flags, user, ulen); |
958 | result = _sasl_account_status (result, ret); | |
899 | 959 | } |
900 | 960 | |
901 | 961 | if(last) break; |
906 | 966 | sasl_FREE(freeptr); |
907 | 967 | } |
908 | 968 | |
909 | if(!found) | |
969 | if(!found) { | |
910 | 970 | _sasl_log(sparams->utils->conn, SASL_LOG_DEBUG, |
911 | 971 | "could not find auxprop plugin, was searching for '%s'", |
912 | 972 | plist ? plist : "[all]"); |
973 | } | |
974 | ||
975 | return result; | |
913 | 976 | } |
914 | 977 | |
915 | 978 | /* Do the callbacks for auxprop stores */ |
917 | 980 | struct propctx *ctx, const char *user) |
918 | 981 | { |
919 | 982 | sasl_getopt_t *getopt; |
920 | int ret, found = 0; | |
983 | int ret; | |
921 | 984 | void *context; |
922 | 985 | const char *plist = NULL; |
923 | 986 | auxprop_plug_list_t *ptr; |
924 | 987 | sasl_server_params_t *sparams = NULL; |
925 | 988 | unsigned userlen = 0; |
989 | int num_constraint_violations = 0; | |
990 | int total_plugins = 0; | |
926 | 991 | |
927 | 992 | if (ctx) { |
928 | 993 | if (!conn || !user) |
942 | 1007 | if(!plist) { |
943 | 1008 | /* Do store in all plugins */ |
944 | 1009 | for(ptr = auxprop_head; ptr && ret == SASL_OK; ptr = ptr->next) { |
945 | found=1; | |
946 | if (ptr->plug->auxprop_store) | |
1010 | total_plugins++; | |
1011 | if (ptr->plug->auxprop_store) { | |
947 | 1012 | ret = ptr->plug->auxprop_store(ptr->plug->glob_context, |
948 | 1013 | sparams, ctx, user, userlen); |
1014 | if (ret == SASL_CONSTRAINT_VIOLAT) { | |
1015 | ret = SASL_OK; | |
1016 | num_constraint_violations++; | |
1017 | } | |
1018 | } | |
949 | 1019 | } |
950 | 1020 | } else { |
951 | 1021 | char *pluginlist = NULL, *freeptr = NULL, *thisplugin = NULL; |
971 | 1041 | || strcasecmp(ptr->plug->name, thisplugin))) |
972 | 1042 | continue; |
973 | 1043 | |
974 | found=1; | |
975 | if (ptr->plug->auxprop_store) | |
1044 | total_plugins++; | |
1045 | if (ptr->plug->auxprop_store) { | |
976 | 1046 | ret = ptr->plug->auxprop_store(ptr->plug->glob_context, |
977 | 1047 | sparams, ctx, user, userlen); |
1048 | if (ret == SASL_CONSTRAINT_VIOLAT) { | |
1049 | ret = SASL_OK; | |
1050 | num_constraint_violations++; | |
1051 | } | |
1052 | } | |
978 | 1053 | } |
979 | 1054 | |
980 | 1055 | if(last) break; |
985 | 1060 | sasl_FREE(freeptr); |
986 | 1061 | } |
987 | 1062 | |
988 | if(!found) { | |
1063 | if(total_plugins == 0) { | |
989 | 1064 | _sasl_log(NULL, SASL_LOG_ERR, |
990 | 1065 | "could not find auxprop plugin, was searching for %s", |
991 | 1066 | plist ? plist : "[all]"); |
992 | 1067 | return SASL_FAIL; |
1068 | } else if (total_plugins == num_constraint_violations) { | |
1069 | ret = SASL_CONSTRAINT_VIOLAT; | |
993 | 1070 | } |
994 | 1071 | |
995 | 1072 | return ret; |
1000 | 1077 | _sasl_print_mechanism ( |
1001 | 1078 | sasl_auxprop_plug_t *m, |
1002 | 1079 | sasl_info_callback_stage_t stage, |
1003 | void *rock | |
1080 | void *rock __attribute__((unused)) | |
1004 | 1081 | ) |
1005 | 1082 | { |
1006 | char delimiter; | |
1007 | ||
1008 | 1083 | if (stage == SASL_INFO_LIST_START) { |
1009 | 1084 | printf ("List of auxprop plugins follows\n"); |
1010 | 1085 | return; |
0 | 0 | /* canonusr.c - user canonicalization support |
1 | 1 | * Rob Siemborski |
2 | * $Id: canonusr.c,v 1.15 2004/02/20 23:54:51 rjs3 Exp $ | |
2 | * $Id: canonusr.c,v 1.20 2009/03/10 16:27:52 mel Exp $ | |
3 | 3 | */ |
4 | 4 | /* |
5 | 5 | * Copyright (c) 1998-2003 Carnegie Mellon University. All rights reserved. |
62 | 62 | /* default behavior: |
63 | 63 | * eliminate leading & trailing whitespace, |
64 | 64 | * null-terminate, and get into the outparams |
65 | * | |
66 | 65 | * (handled by INTERNAL plugin) */ |
67 | /* Also does auxprop lookups once username is canonicalized */ | |
68 | 66 | /* a zero ulen or alen indicates that it is strlen(value) */ |
69 | 67 | int _sasl_canon_user(sasl_conn_t *conn, |
70 | 68 | const char *user, unsigned ulen, |
108 | 106 | result = cuser_cb(conn, context, |
109 | 107 | user, ulen, |
110 | 108 | flags, (conn->type == SASL_CONN_SERVER ? |
111 | ((sasl_server_conn_t *)conn)->user_realm : | |
109 | sconn->user_realm : | |
112 | 110 | NULL), |
113 | 111 | user_buf, CANON_BUF_SIZE, lenp); |
114 | 112 | |
128 | 126 | } |
129 | 127 | |
130 | 128 | if(!plugin_name) { |
131 | /* Use Defualt */ | |
129 | /* Use Default */ | |
132 | 130 | plugin_name = "INTERNAL"; |
133 | 131 | } |
134 | 132 | |
182 | 180 | oparams->user = conn->user_buf; |
183 | 181 | } |
184 | 182 | |
183 | RETURN(conn, result); | |
184 | } | |
185 | ||
186 | /* Lookup all properties for authentication and/or authorization identity. */ | |
187 | static int _sasl_auxprop_lookup_user_props (sasl_conn_t *conn, | |
188 | unsigned flags, | |
189 | sasl_out_params_t *oparams) | |
190 | { | |
191 | sasl_server_conn_t *sconn = NULL; | |
192 | int result = SASL_OK; | |
193 | ||
194 | if (!conn) return SASL_BADPARAM; | |
195 | if (!oparams) return SASL_BADPARAM; | |
196 | ||
185 | 197 | #ifndef macintosh |
198 | if (conn->type == SASL_CONN_SERVER) sconn = (sasl_server_conn_t *)conn; | |
199 | ||
186 | 200 | /* do auxprop lookups (server only) */ |
187 | if(sconn) { | |
188 | if(flags & SASL_CU_AUTHID) { | |
189 | _sasl_auxprop_lookup(sconn->sparams, 0, | |
190 | oparams->authid, oparams->alen); | |
201 | if (sconn) { | |
202 | int authz_result; | |
203 | unsigned auxprop_lookup_flags = flags & SASL_CU_ASIS_MASK; | |
204 | ||
205 | if (flags & SASL_CU_OVERRIDE) { | |
206 | auxprop_lookup_flags |= SASL_AUXPROP_OVERRIDE; | |
191 | 207 | } |
192 | if(flags & SASL_CU_AUTHZID) { | |
193 | _sasl_auxprop_lookup(sconn->sparams, SASL_AUXPROP_AUTHZID, | |
194 | oparams->user, oparams->ulen); | |
208 | ||
209 | if (flags & SASL_CU_AUTHID) { | |
210 | result = _sasl_auxprop_lookup(sconn->sparams, | |
211 | auxprop_lookup_flags, | |
212 | oparams->authid, | |
213 | oparams->alen); | |
214 | } else { | |
215 | result = SASL_CONTINUE; | |
195 | 216 | } |
217 | if (flags & SASL_CU_AUTHZID) { | |
218 | authz_result = _sasl_auxprop_lookup(sconn->sparams, | |
219 | auxprop_lookup_flags | SASL_AUXPROP_AUTHZID, | |
220 | oparams->user, | |
221 | oparams->ulen); | |
222 | ||
223 | if (result == SASL_CONTINUE) { | |
224 | /* Only SASL_CU_AUTHZID was requested. | |
225 | The authz_result value is authoritative. */ | |
226 | result = authz_result; | |
227 | } else if (result == SASL_OK && authz_result != SASL_NOUSER) { | |
228 | /* Use the authz_result value, unless "result" | |
229 | already contains an error */ | |
230 | result = authz_result; | |
231 | } | |
232 | } | |
233 | ||
234 | if (result == SASL_NOUSER && (flags & SASL_CU_EXTERNALLY_VERIFIED)) { | |
235 | /* The called has explicitly told us that the authentication identity | |
236 | was already verified. So a failure to retrieve any associated properties | |
237 | is not an error. For example the caller is using Kerberos to verify user, | |
238 | but the LDAPDB/SASLDB auxprop plugin doesn't contain any auxprops for | |
239 | the user. */ | |
240 | result = SASL_OK; | |
241 | } | |
196 | 242 | } |
197 | 243 | #endif |
198 | 244 | |
199 | ||
200 | RETURN(conn, SASL_OK); | |
245 | RETURN(conn, result); | |
246 | } | |
247 | ||
248 | /* default behavior: | |
249 | * Eliminate leading & trailing whitespace, | |
250 | * null-terminate, and get into the outparams | |
251 | * (handled by INTERNAL plugin). | |
252 | * | |
253 | * Server only: Also does auxprop lookups once username | |
254 | * is canonicalized. */ | |
255 | int _sasl_canon_user_lookup (sasl_conn_t *conn, | |
256 | const char *user, | |
257 | unsigned ulen, | |
258 | unsigned flags, | |
259 | sasl_out_params_t *oparams) | |
260 | { | |
261 | int result; | |
262 | ||
263 | result = _sasl_canon_user (conn, | |
264 | user, | |
265 | ulen, | |
266 | flags, | |
267 | oparams); | |
268 | if (result == SASL_OK) { | |
269 | result = _sasl_auxprop_lookup_user_props (conn, | |
270 | flags, | |
271 | oparams); | |
272 | } | |
273 | ||
274 | RETURN(conn, result); | |
201 | 275 | } |
202 | 276 | |
203 | 277 | void _sasl_canonuser_free() |
269 | 343 | unsigned i; |
270 | 344 | char *in_buf, *userin; |
271 | 345 | const char *begin_u; |
272 | size_t u_apprealm = 0; | |
346 | unsigned u_apprealm = 0; | |
273 | 347 | sasl_server_conn_t *sconn = NULL; |
274 | 348 | |
275 | 349 | if(!utils || !user) return SASL_BADPARAM; |
299 | 373 | |
300 | 374 | /* Need to append realm if necessary (see sasl.h) */ |
301 | 375 | if(sconn && sconn->user_realm && !strchr(user, '@')) { |
302 | u_apprealm = strlen(sconn->user_realm) + 1; | |
376 | u_apprealm = (unsigned) strlen(sconn->user_realm) + 1; | |
303 | 377 | } |
304 | 378 | |
305 | 379 | /* Now Copy */ |
0 | 0 | /* SASL server API implementation |
1 | 1 | * Rob Siemborski |
2 | 2 | * Tim Martin |
3 | * $Id: checkpw.c,v 1.73 2006/03/13 18:30:41 mel Exp $ | |
3 | * $Id: checkpw.c,v 1.79 2009/05/08 00:43:44 murch Exp $ | |
4 | 4 | */ |
5 | 5 | /* |
6 | 6 | * Copyright (c) 1998-2003 Carnegie Mellon University. All rights reserved. |
73 | 73 | #include <string.h> |
74 | 74 | #endif |
75 | 75 | |
76 | #include <limits.h> | |
76 | 77 | #include <sys/types.h> |
77 | 78 | #include <ctype.h> |
78 | 79 | |
125 | 126 | return SASL_OK; |
126 | 127 | } |
127 | 128 | |
128 | /* erase & dispose of a sasl_secret_t | |
129 | /* verify user password using auxprop plugins | |
129 | 130 | */ |
130 | 131 | static int auxprop_verify_password(sasl_conn_t *conn, |
131 | 132 | const char *userstr, |
134 | 135 | const char *user_realm __attribute__((unused))) |
135 | 136 | { |
136 | 137 | int ret = SASL_FAIL; |
137 | char *userid = NULL; | |
138 | char *realm = NULL; | |
139 | 138 | int result = SASL_OK; |
140 | 139 | sasl_server_conn_t *sconn = (sasl_server_conn_t *)conn; |
141 | 140 | const char *password_request[] = { SASL_AUX_PASSWORD, |
149 | 148 | /* We need to clear any previous results and re-canonify to |
150 | 149 | * ensure correctness */ |
151 | 150 | |
152 | prop_clear(sconn->sparams->propctx, 0); | |
151 | prop_clear (sconn->sparams->propctx, 0); | |
153 | 152 | |
154 | 153 | /* ensure its requested */ |
155 | 154 | result = prop_request(sconn->sparams->propctx, password_request); |
156 | 155 | |
157 | 156 | if(result != SASL_OK) return result; |
158 | 157 | |
159 | result = _sasl_canon_user(conn, userstr, 0, | |
160 | SASL_CU_AUTHID | SASL_CU_AUTHZID, | |
161 | &(conn->oparams)); | |
158 | result = _sasl_canon_user_lookup (conn, | |
159 | userstr, | |
160 | 0, | |
161 | SASL_CU_AUTHID | SASL_CU_AUTHZID, | |
162 | &(conn->oparams)); | |
162 | 163 | if(result != SASL_OK) return result; |
163 | 164 | |
164 | 165 | result = prop_getnames(sconn->sparams->propctx, password_request, |
165 | 166 | auxprop_values); |
166 | if(result < 0) | |
167 | if (result < 0) { | |
167 | 168 | return result; |
168 | ||
169 | if((!auxprop_values[0].name | |
170 | || !auxprop_values[0].values || !auxprop_values[0].values[0]) | |
171 | && (!auxprop_values[1].name | |
172 | || !auxprop_values[1].values || !auxprop_values[1].values[0])) | |
173 | return SASL_NOUSER; | |
169 | } | |
170 | ||
171 | /* Verify that the returned <name>s are correct. | |
172 | But we defer checking for NULL values till after we verify | |
173 | that a passwd is specified. */ | |
174 | if (!auxprop_values[0].name && !auxprop_values[1].name) { | |
175 | return SASL_NOUSER; | |
176 | } | |
174 | 177 | |
175 | 178 | /* It is possible for us to get useful information out of just |
176 | 179 | * the lookup, so we won't check that we have a password until now */ |
179 | 182 | goto done; |
180 | 183 | } |
181 | 184 | |
185 | if ((!auxprop_values[0].values || !auxprop_values[0].values[0]) | |
186 | && (!auxprop_values[1].values || !auxprop_values[1].values[0])) { | |
187 | return SASL_NOUSER; | |
188 | } | |
189 | ||
182 | 190 | /* At the point this has been called, the username has been canonified |
183 | 191 | * and we've done the auxprop lookup. This should be easy. */ |
184 | 192 | if(auxprop_values[0].name |
219 | 227 | password_request[0]); |
220 | 228 | |
221 | 229 | done: |
222 | if (userid) sasl_FREE(userid); | |
223 | if (realm) sasl_FREE(realm); | |
224 | ||
230 | /* We're not going to erase the property here because other people | |
231 | * may want it */ | |
232 | return ret; | |
233 | } | |
234 | ||
235 | /* Verify user password using auxprop plugins. Allow verification against a hashed password, | |
236 | * or non-retrievable password. Don't use cmusaslsecretPLAIN attribute. | |
237 | * | |
238 | * This function is similar to auxprop_verify_password(). | |
239 | */ | |
240 | static int auxprop_verify_password_hashed(sasl_conn_t *conn, | |
241 | const char *userstr, | |
242 | const char *passwd, | |
243 | const char *service __attribute__((unused)), | |
244 | const char *user_realm __attribute__((unused))) | |
245 | { | |
246 | int ret = SASL_FAIL; | |
247 | int result = SASL_OK; | |
248 | sasl_server_conn_t *sconn = (sasl_server_conn_t *)conn; | |
249 | const char *password_request[] = { SASL_AUX_PASSWORD, | |
250 | NULL }; | |
251 | struct propval auxprop_values[2]; | |
252 | unsigned extra_cu_flags = 0; | |
253 | ||
254 | if (!conn || !userstr) | |
255 | return SASL_BADPARAM; | |
256 | ||
257 | /* We need to clear any previous results and re-canonify to | |
258 | * ensure correctness */ | |
259 | ||
260 | prop_clear(sconn->sparams->propctx, 0); | |
261 | ||
262 | /* ensure its requested */ | |
263 | result = prop_request(sconn->sparams->propctx, password_request); | |
264 | ||
265 | if (result != SASL_OK) return result; | |
266 | ||
267 | /* We need to pass "password" down to the auxprop_lookup */ | |
268 | /* NB: We don't support binary passwords */ | |
269 | if (passwd != NULL) { | |
270 | prop_set (sconn->sparams->propctx, | |
271 | SASL_AUX_PASSWORD, | |
272 | passwd, | |
273 | -1); | |
274 | extra_cu_flags = SASL_CU_VERIFY_AGAINST_HASH; | |
275 | } | |
276 | ||
277 | result = _sasl_canon_user_lookup (conn, | |
278 | userstr, | |
279 | 0, | |
280 | SASL_CU_AUTHID | SASL_CU_AUTHZID | extra_cu_flags, | |
281 | &(conn->oparams)); | |
282 | ||
283 | if (result != SASL_OK) return result; | |
284 | ||
285 | result = prop_getnames(sconn->sparams->propctx, password_request, | |
286 | auxprop_values); | |
287 | if (result < 0) { | |
288 | return result; | |
289 | } | |
290 | ||
291 | /* Verify that the returned <name>s are correct. | |
292 | But we defer checking for NULL values till after we verify | |
293 | that a passwd is specified. */ | |
294 | if (!auxprop_values[0].name && !auxprop_values[1].name) { | |
295 | return SASL_NOUSER; | |
296 | } | |
297 | ||
298 | /* It is possible for us to get useful information out of just | |
299 | * the lookup, so we won't check that we have a password until now */ | |
300 | if (!passwd) { | |
301 | ret = SASL_BADPARAM; | |
302 | goto done; | |
303 | } | |
304 | ||
305 | if ((!auxprop_values[0].values || !auxprop_values[0].values[0])) { | |
306 | return SASL_NOUSER; | |
307 | } | |
308 | ||
309 | /* At the point this has been called, the username has been canonified | |
310 | * and we've done the auxprop lookup. This should be easy. */ | |
311 | ||
312 | /* NB: Note that if auxprop_lookup failed to verify the password, | |
313 | then the userPassword property value would be NULL */ | |
314 | if (auxprop_values[0].name | |
315 | && auxprop_values[0].values | |
316 | && auxprop_values[0].values[0] | |
317 | && !strcmp(auxprop_values[0].values[0], passwd)) { | |
318 | /* We have a plaintext version and it matched! */ | |
319 | return SASL_OK; | |
320 | } else { | |
321 | /* passwords do not match */ | |
322 | ret = SASL_BADAUTH; | |
323 | } | |
324 | ||
325 | done: | |
225 | 326 | /* We're not going to erase the property here because other people |
226 | 327 | * may want it */ |
227 | 328 | return ret; |
589 | 690 | * count authid count password count service count realm |
590 | 691 | */ |
591 | 692 | { |
592 | unsigned short u_len, p_len, s_len, r_len; | |
693 | unsigned short max_len, req_len, u_len, p_len, s_len, r_len; | |
593 | 694 | |
695 | max_len = (unsigned short) sizeof(query); | |
696 | ||
697 | /* prevent buffer overflow */ | |
698 | if ((strlen(userid) > USHRT_MAX) || | |
699 | (strlen(passwd) > USHRT_MAX) || | |
700 | (strlen(service) > USHRT_MAX) || | |
701 | (user_realm && (strlen(user_realm) > USHRT_MAX))) { | |
702 | goto toobig; | |
703 | } | |
704 | ||
594 | 705 | u_len = (strlen(userid)); |
595 | 706 | p_len = (strlen(passwd)); |
596 | 707 | s_len = (strlen(service)); |
597 | 708 | r_len = ((user_realm ? strlen(user_realm) : 0)); |
598 | 709 | |
599 | if (u_len + p_len + s_len + r_len + 30 > (unsigned short) sizeof(query)) { | |
600 | /* request just too damn big */ | |
601 | sasl_seterror(conn, 0, "saslauthd request too large"); | |
602 | goto fail; | |
603 | } | |
710 | /* prevent buffer overflow */ | |
711 | req_len = 30; | |
712 | if (max_len - req_len < u_len) goto toobig; | |
713 | req_len += u_len; | |
714 | if (max_len - req_len < p_len) goto toobig; | |
715 | req_len += p_len; | |
716 | if (max_len - req_len < s_len) goto toobig; | |
717 | req_len += s_len; | |
718 | if (max_len - req_len < r_len) goto toobig; | |
604 | 719 | |
605 | 720 | u_len = htons(u_len); |
606 | 721 | p_len = htons(p_len); |
730 | 845 | |
731 | 846 | sasl_seterror(conn, SASL_NOLOG, "authentication failed"); |
732 | 847 | return SASL_BADAUTH; |
848 | ||
849 | toobig: | |
850 | /* request just too damn big */ | |
851 | sasl_seterror(conn, 0, "saslauthd request too large"); | |
733 | 852 | |
734 | 853 | fail: |
735 | 854 | if (freeme) free(freeme); |
960 | 1079 | |
961 | 1080 | struct sasl_verify_password_s _sasl_verify_password[] = { |
962 | 1081 | { "auxprop", &auxprop_verify_password }, |
1082 | { "auxprop-hashed", &auxprop_verify_password_hashed }, | |
963 | 1083 | #ifdef HAVE_PWCHECK |
964 | 1084 | { "pwcheck", &pwcheck_verify_password }, |
965 | 1085 | #endif |
0 | 0 | /* SASL client API implementation |
1 | 1 | * Rob Siemborski |
2 | 2 | * Tim Martin |
3 | * $Id: client.c,v 1.67 2006/04/26 15:33:41 mel Exp $ | |
3 | * $Id: client.c,v 1.76 2009/08/04 17:13:51 mel Exp $ | |
4 | 4 | */ |
5 | 5 | /* |
6 | 6 | * Copyright (c) 1998-2003 Carnegie Mellon University. All rights reserved. |
64 | 64 | |
65 | 65 | static int init_mechlist() |
66 | 66 | { |
67 | cmechlist->mutex = sasl_MUTEX_ALLOC(); | |
68 | if(!cmechlist->mutex) return SASL_FAIL; | |
69 | ||
70 | 67 | cmechlist->utils=_sasl_alloc_utils(NULL, &global_callbacks_client); |
71 | 68 | if (cmechlist->utils==NULL) |
72 | 69 | return SASL_NOMEM; |
77 | 74 | return SASL_OK; |
78 | 75 | } |
79 | 76 | |
77 | int sasl_client_done(void) | |
78 | { | |
79 | int result = SASL_CONTINUE; | |
80 | ||
81 | if (_sasl_server_cleanup_hook == NULL && _sasl_client_cleanup_hook == NULL) { | |
82 | return SASL_NOTINIT; | |
83 | } | |
84 | ||
85 | if (_sasl_client_cleanup_hook) { | |
86 | result = _sasl_client_cleanup_hook(); | |
87 | ||
88 | if (result == SASL_OK) { | |
89 | _sasl_client_idle_hook = NULL; | |
90 | _sasl_client_cleanup_hook = NULL; | |
91 | } else { | |
92 | return result; | |
93 | } | |
94 | } | |
95 | ||
96 | if (_sasl_server_cleanup_hook || _sasl_client_cleanup_hook) { | |
97 | return result; | |
98 | } | |
99 | ||
100 | sasl_common_done(); | |
101 | ||
102 | return SASL_OK; | |
103 | } | |
104 | ||
80 | 105 | static int client_done(void) { |
81 | cmechanism_t *cm; | |
82 | cmechanism_t *cprevm; | |
83 | ||
84 | if(!_sasl_client_active) | |
85 | return SASL_NOTINIT; | |
86 | else | |
87 | _sasl_client_active--; | |
88 | ||
89 | if(_sasl_client_active) { | |
90 | /* Don't de-init yet! Our refcount is nonzero. */ | |
91 | return SASL_CONTINUE; | |
92 | } | |
93 | ||
94 | cm=cmechlist->mech_list; /* m point to begging of the list */ | |
95 | while (cm!=NULL) | |
96 | { | |
97 | cprevm=cm; | |
98 | cm=cm->next; | |
99 | ||
100 | if (cprevm->m.plug->mech_free) { | |
101 | cprevm->m.plug->mech_free(cprevm->m.plug->glob_context, | |
102 | cmechlist->utils); | |
103 | } | |
104 | ||
105 | sasl_FREE(cprevm->m.plugname); | |
106 | sasl_FREE(cprevm); | |
107 | } | |
108 | sasl_MUTEX_FREE(cmechlist->mutex); | |
109 | _sasl_free_utils(&cmechlist->utils); | |
110 | sasl_FREE(cmechlist); | |
111 | ||
112 | cmechlist = NULL; | |
113 | ||
114 | return SASL_OK; | |
106 | cmechanism_t *cm; | |
107 | cmechanism_t *cprevm; | |
108 | ||
109 | if (!_sasl_client_active) { | |
110 | return SASL_NOTINIT; | |
111 | } else { | |
112 | _sasl_client_active--; | |
113 | } | |
114 | ||
115 | if(_sasl_client_active) { | |
116 | /* Don't de-init yet! Our refcount is nonzero. */ | |
117 | return SASL_CONTINUE; | |
118 | } | |
119 | ||
120 | cm = cmechlist->mech_list; /* m point to beggining of the list */ | |
121 | while (cm!=NULL) | |
122 | { | |
123 | cprevm = cm; | |
124 | cm = cm->next; | |
125 | ||
126 | if (cprevm->m.plug->mech_free) { | |
127 | cprevm->m.plug->mech_free(cprevm->m.plug->glob_context, | |
128 | cmechlist->utils); | |
129 | } | |
130 | ||
131 | sasl_FREE(cprevm->m.plugname); | |
132 | sasl_FREE(cprevm); | |
133 | } | |
134 | _sasl_free_utils(&cmechlist->utils); | |
135 | sasl_FREE(cmechlist); | |
136 | ||
137 | cmechlist = NULL; | |
138 | ||
139 | return SASL_OK; | |
115 | 140 | } |
116 | 141 | |
117 | 142 | int sasl_client_add_plugin(const char *plugname, |
118 | 143 | sasl_client_plug_init_t *entry_point) |
119 | 144 | { |
120 | int plugcount; | |
121 | sasl_client_plug_t *pluglist; | |
122 | cmechanism_t *mech; | |
123 | int result; | |
124 | int version; | |
125 | int lupe; | |
126 | ||
127 | if(!plugname || !entry_point) return SASL_BADPARAM; | |
128 | ||
129 | result = entry_point(cmechlist->utils, SASL_CLIENT_PLUG_VERSION, &version, | |
130 | &pluglist, &plugcount); | |
131 | ||
132 | if (result != SASL_OK) | |
133 | { | |
134 | _sasl_log(NULL, SASL_LOG_WARN, | |
145 | int plugcount; | |
146 | sasl_client_plug_t *pluglist; | |
147 | cmechanism_t *mech; | |
148 | int result; | |
149 | int version; | |
150 | int lupe; | |
151 | ||
152 | if (!plugname || !entry_point) return SASL_BADPARAM; | |
153 | ||
154 | result = entry_point(cmechlist->utils, | |
155 | SASL_CLIENT_PLUG_VERSION, | |
156 | &version, | |
157 | &pluglist, | |
158 | &plugcount); | |
159 | ||
160 | if (result != SASL_OK) | |
161 | { | |
162 | _sasl_log(NULL, SASL_LOG_WARN, | |
135 | 163 | "entry_point failed in sasl_client_add_plugin for %s", |
136 | 164 | plugname); |
137 | return result; | |
138 | } | |
139 | ||
140 | if (version != SASL_CLIENT_PLUG_VERSION) | |
141 | { | |
142 | _sasl_log(NULL, SASL_LOG_WARN, | |
165 | return result; | |
166 | } | |
167 | ||
168 | if (version != SASL_CLIENT_PLUG_VERSION) | |
169 | { | |
170 | _sasl_log(NULL, SASL_LOG_WARN, | |
143 | 171 | "version conflict in sasl_client_add_plugin for %s", plugname); |
144 | return SASL_BADVERS; | |
145 | } | |
146 | ||
147 | for (lupe=0;lupe< plugcount ;lupe++) | |
172 | return SASL_BADVERS; | |
173 | } | |
174 | ||
175 | for (lupe=0; lupe< plugcount ;lupe++) | |
148 | 176 | { |
149 | mech = sasl_ALLOC(sizeof(cmechanism_t)); | |
150 | if (! mech) return SASL_NOMEM; | |
151 | ||
152 | mech->m.plug=pluglist++; | |
153 | if(_sasl_strdup(plugname, &mech->m.plugname, NULL) != SASL_OK) { | |
154 | sasl_FREE(mech); | |
155 | return SASL_NOMEM; | |
156 | } | |
157 | mech->m.version = version; | |
158 | mech->next = cmechlist->mech_list; | |
159 | cmechlist->mech_list = mech; | |
160 | cmechlist->mech_length++; | |
161 | } | |
162 | ||
163 | return SASL_OK; | |
177 | mech = sasl_ALLOC(sizeof(cmechanism_t)); | |
178 | if (!mech) return SASL_NOMEM; | |
179 | ||
180 | mech->m.plug = pluglist++; | |
181 | if (_sasl_strdup(plugname, &mech->m.plugname, NULL) != SASL_OK) { | |
182 | sasl_FREE(mech); | |
183 | return SASL_NOMEM; | |
184 | } | |
185 | mech->m.version = version; | |
186 | mech->next = cmechlist->mech_list; | |
187 | cmechlist->mech_list = mech; | |
188 | cmechlist->mech_length++; | |
189 | } | |
190 | ||
191 | return SASL_OK; | |
164 | 192 | } |
165 | 193 | |
166 | 194 | static int |
201 | 229 | { NULL, NULL } |
202 | 230 | }; |
203 | 231 | |
232 | /* lock allocation type */ | |
233 | _sasl_allocation_locked++; | |
234 | ||
204 | 235 | if(_sasl_client_active) { |
205 | 236 | /* We're already active, just increase our refcount */ |
206 | 237 | /* xxx do something with the callback structure? */ |
342 | 373 | /* Setup the non-lazy parts of cparams, the rest is done in |
343 | 374 | * sasl_client_start */ |
344 | 375 | conn->cparams->utils = utils; |
345 | conn->cparams->canon_user = &_sasl_canon_user; | |
376 | conn->cparams->canon_user = &_sasl_canon_user_lookup; | |
346 | 377 | conn->cparams->flags = flags; |
347 | 378 | conn->cparams->prompt_supp = (*pconn)->callbacks; |
348 | 379 | |
349 | 380 | /* get the clientFQDN (serverFQDN was set in _sasl_conn_init) */ |
350 | 381 | memset(name, 0, sizeof(name)); |
351 | gethostname(name, MAXHOSTNAMELEN); | |
382 | if (get_fqhostname (name, MAXHOSTNAMELEN, 0) != 0) { | |
383 | return (SASL_FAIL); | |
384 | } | |
352 | 385 | |
353 | 386 | result = _sasl_strdup(name, &conn->clientFQDN, NULL); |
354 | 387 | |
406 | 439 | |
407 | 440 | /* xxx confirm this with rfc 2222 |
408 | 441 | * SASL mechanism allowable characters are "AZaz-_" |
409 | * seperators can be any other characters and of any length | |
442 | * separators can be any other characters and of any length | |
410 | 443 | * even variable lengths between |
411 | 444 | * |
412 | 445 | * Apps should be encouraged to simply use space or comma space |
709 | 742 | unsigned *plen, |
710 | 743 | int *pcount) |
711 | 744 | { |
712 | cmechanism_t *m=NULL; | |
745 | cmechanism_t *m = NULL; | |
713 | 746 | sasl_ssf_t minssf = 0; |
714 | 747 | int ret; |
715 | 748 | size_t resultlen; |
716 | 749 | int flag; |
717 | 750 | const char *mysep; |
718 | 751 | |
719 | if(_sasl_client_active == 0) return SASL_NOTINIT; | |
752 | if (_sasl_client_active == 0) return SASL_NOTINIT; | |
720 | 753 | if (!conn) return SASL_BADPARAM; |
721 | if(conn->type != SASL_CONN_CLIENT) PARAMERROR(conn); | |
754 | if (conn->type != SASL_CONN_CLIENT) PARAMERROR(conn); | |
722 | 755 | |
723 | 756 | if (! result) |
724 | 757 | PARAMERROR(conn); |
734 | 767 | mysep = " "; |
735 | 768 | } |
736 | 769 | |
737 | if(conn->props.min_ssf < conn->external.ssf) { | |
770 | if (conn->props.min_ssf < conn->external.ssf) { | |
738 | 771 | minssf = 0; |
739 | 772 | } else { |
740 | 773 | minssf = conn->props.min_ssf - conn->external.ssf; |
856 | 889 | _sasl_print_mechanism ( |
857 | 890 | client_sasl_mechanism_t *m, |
858 | 891 | sasl_info_callback_stage_t stage, |
859 | void *rock | |
892 | void *rock __attribute__((unused)) | |
860 | 893 | ) |
861 | 894 | { |
862 | 895 | char delimiter; |
0 | 0 | /* common.c - Functions that are common to server and clinet |
1 | 1 | * Rob Siemborski |
2 | 2 | * Tim Martin |
3 | * $Id: common.c,v 1.114 2006/04/19 18:39:59 mel Exp $ | |
3 | * $Id: common.c,v 1.124 2009/02/20 23:10:53 mel Exp $ | |
4 | 4 | */ |
5 | 5 | /* |
6 | 6 | * Copyright (c) 1998-2003 Carnegie Mellon University. All rights reserved. |
106 | 106 | (sasl_realloc_t *) &realloc, |
107 | 107 | (sasl_free_t *) &free |
108 | 108 | }; |
109 | int _sasl_allocation_locked = 0; | |
109 | 110 | |
110 | 111 | #define SASL_ENCODEV_EXTRA 4096 |
111 | 112 | |
120 | 121 | static char * default_plugin_path = NULL; |
121 | 122 | static char * default_conf_path = NULL; |
122 | 123 | |
124 | static int _sasl_global_getopt(void *context, | |
125 | const char *plugin_name, | |
126 | const char *option, | |
127 | const char ** result, | |
128 | unsigned *len); | |
129 | ||
123 | 130 | /* Intenal mutex functions do as little as possible (no thread protection) */ |
124 | 131 | static void *sasl_mutex_alloc(void) |
125 | 132 | { |
148 | 155 | &sasl_mutex_free |
149 | 156 | }; |
150 | 157 | |
151 | void sasl_set_mutex(sasl_mutex_alloc_t *n, sasl_mutex_lock_t *l, | |
152 | sasl_mutex_unlock_t *u, sasl_mutex_free_t *d) | |
153 | { | |
154 | _sasl_mutex_utils.alloc=n; | |
155 | _sasl_mutex_utils.lock=l; | |
156 | _sasl_mutex_utils.unlock=u; | |
157 | _sasl_mutex_utils.free=d; | |
158 | void sasl_set_mutex(sasl_mutex_alloc_t *n, | |
159 | sasl_mutex_lock_t *l, | |
160 | sasl_mutex_unlock_t *u, | |
161 | sasl_mutex_free_t *d) | |
162 | { | |
163 | /* Disallow mutex function changes once sasl_client_init | |
164 | and/or sasl_server_init is called */ | |
165 | if (_sasl_server_cleanup_hook || _sasl_client_cleanup_hook) { | |
166 | return; | |
167 | } | |
168 | ||
169 | _sasl_mutex_utils.alloc=n; | |
170 | _sasl_mutex_utils.lock=l; | |
171 | _sasl_mutex_utils.unlock=u; | |
172 | _sasl_mutex_utils.free=d; | |
158 | 173 | } |
159 | 174 | |
160 | 175 | /* copy a string to malloced memory */ |
239 | 254 | |
240 | 255 | /* return the version of the cyrus sasl library as compiled, |
241 | 256 | * using 32 bits: high byte is major version, second byte is minor version, |
242 | * low 16 bits are step # */ | |
257 | * low 16 bits are step #. | |
258 | * Patch version is not available using this function, | |
259 | * use sasl_version_info() instead. | |
260 | */ | |
243 | 261 | void sasl_version(const char **implementation, int *version) |
244 | 262 | { |
245 | 263 | if(implementation) *implementation = implementation_string; |
383 | 401 | const char **output, |
384 | 402 | unsigned *outputlen) |
385 | 403 | { |
386 | int result; | |
404 | int result = SASL_OK; | |
387 | 405 | unsigned i; |
388 | 406 | unsigned j; |
389 | 407 | size_t total_size = 0; |
496 | 514 | the conn->oparams.maxoutbuf buffer. */ |
497 | 515 | /* Note, if next_buf points to the very end of the IOV record, |
498 | 516 | it will be reset to NULL below */ |
499 | next_buf = last_invec.iov_base + last_invec.iov_len; | |
517 | /* Note, that some platforms define iov_base as "void *", | |
518 | thus the typecase below */ | |
519 | next_buf = (char *) last_invec.iov_base + last_invec.iov_len; | |
500 | 520 | /* Note - remainder_len is how many bytes left to be encoded in |
501 | 521 | the current IOV slot. */ |
502 | 522 | remainder_len = (total_size + invec[i].iov_len) - conn->oparams.maxoutbuf; |
512 | 532 | |
513 | 533 | /* Note, if next_buf points to the very end of the IOV record, |
514 | 534 | it will be reset to NULL below */ |
515 | next_buf = last_invec.iov_base + last_invec.iov_len; | |
535 | /* Note, that some platforms define iov_base as "void *", | |
536 | thus the typecase below */ | |
537 | next_buf = (char *) last_invec.iov_base + last_invec.iov_len; | |
516 | 538 | remainder_len = remainder_len - conn->oparams.maxoutbuf; |
517 | 539 | |
518 | 540 | result = _sasl_encodev (conn, |
636 | 658 | sasl_realloc_t *r, |
637 | 659 | sasl_free_t *f) |
638 | 660 | { |
661 | if (_sasl_allocation_locked++) return; | |
662 | ||
639 | 663 | _sasl_allocation_utils.malloc=m; |
640 | 664 | _sasl_allocation_utils.calloc=c; |
641 | 665 | _sasl_allocation_utils.realloc=r; |
642 | 666 | _sasl_allocation_utils.free=f; |
643 | 667 | } |
644 | 668 | |
645 | void sasl_done(void) | |
646 | { | |
647 | if (_sasl_server_cleanup_hook && _sasl_server_cleanup_hook() == SASL_OK) { | |
648 | _sasl_server_idle_hook = NULL; | |
649 | _sasl_server_cleanup_hook = NULL; | |
650 | } | |
651 | ||
652 | if (_sasl_client_cleanup_hook && _sasl_client_cleanup_hook() == SASL_OK) { | |
653 | _sasl_client_idle_hook = NULL; | |
654 | _sasl_client_cleanup_hook = NULL; | |
655 | } | |
656 | ||
657 | if (_sasl_server_cleanup_hook || _sasl_client_cleanup_hook) { | |
658 | return; | |
659 | } | |
660 | ||
669 | void sasl_common_done(void) | |
670 | { | |
661 | 671 | /* NOTE - the caller will need to reinitialize the values, |
662 | 672 | if it is going to call sasl_client_init/sasl_server_init again. */ |
663 | 673 | if (default_plugin_path != NULL) { |
677 | 687 | |
678 | 688 | _sasl_free_utils(&sasl_global_utils); |
679 | 689 | |
680 | if(global_mech_list) sasl_FREE(global_mech_list); | |
681 | global_mech_list = NULL; | |
690 | if (global_mech_list) { | |
691 | sasl_FREE(global_mech_list); | |
692 | global_mech_list = NULL; | |
693 | } | |
694 | } | |
695 | ||
696 | /* This function is for backward compatibility */ | |
697 | void sasl_done(void) | |
698 | { | |
699 | if (_sasl_server_cleanup_hook && _sasl_server_cleanup_hook() == SASL_OK) { | |
700 | _sasl_server_idle_hook = NULL; | |
701 | _sasl_server_cleanup_hook = NULL; | |
702 | } | |
703 | ||
704 | if (_sasl_client_cleanup_hook && _sasl_client_cleanup_hook() == SASL_OK) { | |
705 | _sasl_client_idle_hook = NULL; | |
706 | _sasl_client_cleanup_hook = NULL; | |
707 | } | |
708 | ||
709 | if (_sasl_server_cleanup_hook || _sasl_client_cleanup_hook) { | |
710 | return; | |
711 | } | |
712 | ||
713 | sasl_common_done(); | |
682 | 714 | } |
683 | 715 | |
684 | 716 | /* fills in the base sasl_conn_t info */ |
739 | 771 | |
740 | 772 | if(serverFQDN) { |
741 | 773 | result = _sasl_strdup(serverFQDN, &conn->serverFQDN, NULL); |
774 | sasl_strlower (conn->serverFQDN); | |
742 | 775 | } else if (conn->type == SASL_CONN_SERVER) { |
743 | 776 | /* We can fake it because we *are* the server */ |
744 | 777 | char name[MAXHOSTNAMELEN]; |
745 | 778 | memset(name, 0, sizeof(name)); |
746 | gethostname(name, MAXHOSTNAMELEN); | |
779 | if (get_fqhostname (name, MAXHOSTNAMELEN, 0) != 0) { | |
780 | return (SASL_FAIL); | |
781 | } | |
747 | 782 | |
748 | 783 | result = _sasl_strdup(name, &conn->serverFQDN, NULL); |
749 | 784 | } else { |
759 | 794 | int _sasl_common_init(sasl_global_callbacks_t *global_callbacks) |
760 | 795 | { |
761 | 796 | int result; |
762 | ||
797 | ||
798 | /* The last specified global callback always wins */ | |
799 | if (sasl_global_utils != NULL) { | |
800 | sasl_utils_t * global_utils = (sasl_utils_t *)sasl_global_utils; | |
801 | global_utils->getopt = &_sasl_global_getopt; | |
802 | global_utils->getopt_context = global_callbacks; | |
803 | } | |
804 | ||
805 | /* Do nothing if we are already initialized */ | |
806 | if (free_mutex) { | |
807 | return SASL_OK; | |
808 | } | |
809 | ||
763 | 810 | /* Setup the global utilities */ |
764 | 811 | if(!sasl_global_utils) { |
765 | 812 | sasl_global_utils = _sasl_alloc_utils(NULL, global_callbacks); |
770 | 817 | result = sasl_canonuser_add_plugin("INTERNAL", internal_canonuser_init); |
771 | 818 | if(result != SASL_OK) return result; |
772 | 819 | |
773 | if (!free_mutex) | |
820 | if (!free_mutex) { | |
774 | 821 | free_mutex = sasl_MUTEX_ALLOC(); |
822 | } | |
775 | 823 | if (!free_mutex) return SASL_FAIL; |
776 | 824 | |
777 | 825 | return SASL_OK; |
844 | 892 | * returns: |
845 | 893 | * SASL_OK -- no error |
846 | 894 | * SASL_NOTDONE -- property not available yet |
847 | * SASL_BADPARAM -- bad property number | |
895 | * SASL_BADPARAM -- bad property number or SASL context is NULL | |
848 | 896 | */ |
849 | 897 | int sasl_getprop(sasl_conn_t *conn, int propnum, const void **pvalue) |
850 | 898 | { |
1248 | 1296 | case SASL_NOCHANGE: return "requested change was not needed"; |
1249 | 1297 | case SASL_WEAKPASS: return "passphrase is too weak for security policy"; |
1250 | 1298 | case SASL_NOUSERPASS: return "user supplied passwords are not permitted"; |
1299 | case SASL_NEED_OLD_PASSWD: return "sasl_setpass needs old password in order " | |
1300 | "to perform password change"; | |
1301 | case SASL_CONSTRAINT_VIOLAT: return "sasl_setpass can't store a property because " | |
1302 | "of a constraint violation"; | |
1251 | 1303 | |
1252 | 1304 | default: return "undefined error!"; |
1253 | 1305 | } |
2242 | 2294 | } |
2243 | 2295 | |
2244 | 2296 | if(!olist) { |
2297 | /* This is not going to be very useful */ | |
2245 | 2298 | printf ("no olist"); |
2246 | 2299 | return SASL_FAIL; |
2247 | 2300 | } |
0 | 0 | /* SASL Config file API |
1 | 1 | * Rob Siemborski |
2 | 2 | * Tim Martin (originally in Cyrus distribution) |
3 | * $Id: config.c,v 1.15 2006/04/10 13:28:06 mel Exp $ | |
3 | * $Id: config.c,v 1.18 2009/02/14 14:01:24 mel Exp $ | |
4 | 4 | */ |
5 | 5 | /* |
6 | * Copyright (c) 1998-2003 Carnegie Mellon University. All rights reserved. | |
6 | * Copyright (c) 1998-2009 Carnegie Mellon University. All rights reserved. | |
7 | 7 | * |
8 | 8 | * Redistribution and use in source and binary forms, with or without |
9 | 9 | * modification, are permitted provided that the following conditions |
42 | 42 | * OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. |
43 | 43 | */ |
44 | 44 | |
45 | /* | |
46 | * Current Valid keys: | |
47 | * | |
48 | * canon_user_plugin: <string> | |
49 | * pwcheck_method: <string> | |
50 | * auto_transition: <boolean> | |
51 | * plugin_list: <string> | |
52 | * | |
53 | * srvtab: <string> | |
54 | */ | |
55 | ||
45 | #include <stdio.h> | |
46 | #include <stdlib.h> | |
47 | #include <ctype.h> | |
56 | 48 | |
57 | 49 | #include "sasl.h" |
58 | 50 | #include "saslint.h" |
59 | ||
60 | #include <stdio.h> | |
61 | #include <stdlib.h> | |
62 | #include <ctype.h> | |
63 | 51 | |
64 | 52 | struct configlist { |
65 | 53 | char *key; |
78 | 66 | int alloced = 0; |
79 | 67 | char buf[4096]; |
80 | 68 | char *p, *key; |
69 | char *tail; | |
81 | 70 | int result; |
82 | 71 | |
83 | 72 | nconfiglist=0; |
96 | 85 | |
97 | 86 | key = p; |
98 | 87 | while (*p && (isalnum((int) *p) || *p == '-' || *p == '_')) { |
99 | if (isupper((int) *p)) *p = tolower(*p); | |
88 | if (isupper((int) *p)) *p = (char) tolower(*p); | |
100 | 89 | p++; |
101 | 90 | } |
102 | 91 | if (*p != ':') { |
110 | 99 | return SASL_FAIL; |
111 | 100 | } |
112 | 101 | |
102 | /* Now strip trailing spaces, if any */ | |
103 | tail = p + strlen(p) - 1; | |
104 | while (tail > p && isspace((int) *tail)) { | |
105 | *tail = '\0'; | |
106 | tail--; | |
107 | } | |
108 | ||
113 | 109 | if (nconfiglist == alloced) { |
114 | 110 | alloced += CONFIGLISTGROWSIZE; |
115 | 111 | configlist=sasl_REALLOC((char *)configlist, |
116 | 112 | alloced * sizeof(struct configlist)); |
117 | 113 | if (configlist==NULL) return SASL_NOMEM; |
118 | 114 | } |
119 | ||
120 | ||
121 | 115 | |
122 | 116 | result = _sasl_strdup(key, |
123 | 117 | &(configlist[nconfiglist].key), |
0 | 0 | /* dlopen.c--Unix dlopen() dynamic loader interface |
1 | 1 | * Rob Siemborski |
2 | 2 | * Rob Earhart |
3 | * $Id: dlopen.c,v 1.49 2005/03/15 13:33:30 mel Exp $ | |
3 | * $Id: dlopen.c,v 1.52 2009/04/11 10:21:43 mel Exp $ | |
4 | 4 | */ |
5 | 5 | /* |
6 | 6 | * Copyright (c) 1998-2003 Carnegie Mellon University. All rights reserved. |
94 | 94 | #ifndef HAVE_DLFCN_H |
95 | 95 | #include <dl.h> |
96 | 96 | |
97 | typedef shl_t dll_handle; | |
97 | typedef shl_t * dll_handle; | |
98 | 98 | typedef void * dll_func; |
99 | 99 | |
100 | 100 | dll_handle |
116 | 116 | } |
117 | 117 | |
118 | 118 | int |
119 | dlclose(dll_handle h) | |
120 | { | |
121 | shl_t hp = *((shl_t *)h); | |
122 | if (hp != NULL) free(hp); | |
123 | return shl_unload(h); | |
119 | dlclose(dll_handle hp) | |
120 | { | |
121 | shl_t h; | |
122 | ||
123 | if (hp != NULL) { | |
124 | h = *((shl_t *)hp); | |
125 | free(hp); | |
126 | return shl_unload(h); | |
127 | } else { | |
128 | /* Return error */ | |
129 | return -1; | |
130 | } | |
124 | 131 | } |
125 | 132 | |
126 | 133 | dll_func |
143 | 150 | } |
144 | 151 | |
145 | 152 | #endif /* HAVE_DLFCN_H */ |
153 | ||
154 | #ifdef __ia64 | |
155 | #define SO_SUFFIX ".so" | |
156 | #else | |
146 | 157 | #define SO_SUFFIX ".sl" |
147 | #else /* __hpux */ | |
158 | #endif /* __ia64 */ | |
159 | #elif defined(__APPLE__) | |
160 | #define SO_SUFFIX ".plugin" | |
161 | #else /* __APPLE__ */ | |
148 | 162 | #define SO_SUFFIX ".so" |
149 | #endif /* __hpux */ | |
163 | #endif | |
150 | 164 | |
151 | 165 | #define LA_SUFFIX ".la" |
152 | 166 |
0 | 0 | /* SASL server API implementation |
1 | 1 | * Rob Siemborski |
2 | 2 | * Tim Martin |
3 | * $Id: external.c,v 1.22 2004/02/20 17:23:58 rjs3 Exp $ | |
3 | * $Id: external.c,v 1.24 2009/03/10 16:27:52 mel Exp $ | |
4 | 4 | */ |
5 | 5 | /* |
6 | 6 | * Copyright (c) 1998-2003 Carnegie Mellon University. All rights reserved. |
56 | 56 | |
57 | 57 | /***************************** Common Section *****************************/ |
58 | 58 | |
59 | static const char plugin_id[] = "$Id: external.c,v 1.22 2004/02/20 17:23:58 rjs3 Exp $"; | |
59 | static const char plugin_id[] = "$Id: external.c,v 1.24 2009/03/10 16:27:52 mel Exp $"; | |
60 | 60 | |
61 | 61 | /***************************** Server Section *****************************/ |
62 | 62 | |
132 | 132 | |
133 | 133 | result = sparams->canon_user(sparams->utils->conn, |
134 | 134 | sparams->utils->conn->external.auth_id, 0, |
135 | SASL_CU_AUTHID, oparams); | |
135 | SASL_CU_AUTHID | SASL_CU_EXTERNALLY_VERIFIED, oparams); | |
136 | 136 | } else { |
137 | 137 | result = sparams->canon_user(sparams->utils->conn, |
138 | 138 | sparams->utils->conn->external.auth_id, 0, |
139 | SASL_CU_AUTHID | SASL_CU_AUTHZID, oparams); | |
139 | SASL_CU_AUTHID | SASL_CU_EXTERNALLY_VERIFIED | SASL_CU_AUTHZID, oparams); | |
140 | 140 | } |
141 | 141 | |
142 | 142 | if (result != SASL_OK) return result; |
361 | 361 | sasl_FREE(text); |
362 | 362 | } |
363 | 363 | |
364 | static const long external_required_prompts[] = { | |
364 | static const unsigned long external_required_prompts[] = { | |
365 | 365 | SASL_CB_LIST_END |
366 | 366 | }; |
367 | 367 |
0 | 0 | /* saslint.h - internal SASL library definitions |
1 | 1 | * Rob Siemborski |
2 | 2 | * Tim Martin |
3 | * $Id: saslint.h,v 1.60 2006/04/18 20:25:45 mel Exp $ | |
3 | * $Id: saslint.h,v 1.69 2009/02/21 20:07:45 mel Exp $ | |
4 | 4 | */ |
5 | 5 | /* |
6 | 6 | * Copyright (c) 1998-2003 Carnegie Mellon University. All rights reserved. |
199 | 199 | const sasl_utils_t *utils; /* gotten from plug_init */ |
200 | 200 | |
201 | 201 | void *mutex; /* mutex for this data */ |
202 | mechanism_t *mech_list; /* list of mechanisms */ | |
203 | int mech_length; /* number of mechanisms */ | |
202 | mechanism_t *mech_list; /* list of loaded mechanisms */ | |
203 | int mech_length; /* number of loaded mechanisms */ | |
204 | 204 | } mech_list_t; |
205 | 205 | |
206 | 206 | typedef struct context_list |
222 | 222 | mechanism_t *mech; /* mechanism trying to use */ |
223 | 223 | sasl_server_params_t *sparams; |
224 | 224 | context_list_t *mech_contexts; |
225 | mechanism_t *mech_list; /* list of available mechanisms */ | |
226 | int mech_length; /* number of available mechanisms */ | |
225 | 227 | } sasl_server_conn_t; |
226 | 228 | |
227 | 229 | /* Client Conn Type Information */ |
299 | 301 | |
300 | 302 | extern sasl_allocation_utils_t _sasl_allocation_utils; |
301 | 303 | extern sasl_mutex_utils_t _sasl_mutex_utils; |
304 | extern int _sasl_allocation_locked; | |
305 | ||
306 | void sasl_common_done(void); | |
302 | 307 | |
303 | 308 | /* |
304 | 309 | * checkpw.c |
347 | 352 | extern int _sasl_locate_entry(void *library, const char *entryname, |
348 | 353 | void **entry_point); |
349 | 354 | extern int _sasl_done_with_plugins(); |
350 | ||
351 | 355 | |
352 | 356 | /* |
353 | 357 | * common.c |
450 | 454 | /* |
451 | 455 | * config file declarations (config.c) |
452 | 456 | */ |
453 | extern int sasl_config_init(const char *filename); | |
454 | 457 | extern const char *sasl_config_getstring(const char *key,const char *def); |
455 | 458 | |
456 | 459 | /* checkpw.c */ |
462 | 465 | const char *user_realm); |
463 | 466 | #endif /* DO_SASL_CHECKAPOP */ |
464 | 467 | |
465 | /* Auxprop Plugin (checkpw.c) */ | |
468 | /* Auxprop Plugin (sasldb.c) */ | |
466 | 469 | extern int sasldb_auxprop_plug_init(const sasl_utils_t *utils, |
467 | 470 | int max_version, |
468 | 471 | int *out_version, |
474 | 477 | */ |
475 | 478 | extern int _sasl_auxprop_add_plugin(void *p, void *library); |
476 | 479 | extern void _sasl_auxprop_free(void); |
477 | extern void _sasl_auxprop_lookup(sasl_server_params_t *sparams, | |
480 | extern int _sasl_auxprop_lookup(sasl_server_params_t *sparams, | |
478 | 481 | unsigned flags, |
479 | 482 | const char *user, unsigned ulen); |
480 | 483 | |
488 | 491 | sasl_canonuser_plug_t **plug, |
489 | 492 | const char *plugname); |
490 | 493 | extern int _sasl_canon_user(sasl_conn_t *conn, |
491 | const char *user, unsigned ulen, | |
494 | const char *user, | |
495 | unsigned ulen, | |
492 | 496 | unsigned flags, |
493 | 497 | sasl_out_params_t *oparams); |
498 | int _sasl_canon_user_lookup (sasl_conn_t *conn, | |
499 | const char *user, | |
500 | unsigned ulen, | |
501 | unsigned flags, | |
502 | sasl_out_params_t *oparams); | |
503 | ||
504 | /* | |
505 | * saslutil.c | |
506 | */ | |
507 | int get_fqhostname( | |
508 | char *name, | |
509 | int namelen, | |
510 | int abort_if_no_fqdn | |
511 | ); | |
494 | 512 | |
495 | 513 | #endif /* SASLINT_H */ |
0 | 0 | /* saslutil.c |
1 | 1 | * Rob Siemborski |
2 | 2 | * Tim Martin |
3 | * $Id: saslutil.c,v 1.44.2.1 2009/04/27 17:47:17 murch Exp $ | |
3 | * $Id: saslutil.c,v 1.49 2009/04/27 13:26:27 murch Exp $ | |
4 | 4 | */ |
5 | 5 | /* |
6 | 6 | * Copyright (c) 1998-2003 Carnegie Mellon University. All rights reserved. |
71 | 71 | * sasl_randseed |
72 | 72 | * sasl_rand |
73 | 73 | * sasl_churn |
74 | */ | |
74 | * sasl_erasebuffer | |
75 | */ | |
76 | ||
77 | #ifdef sun | |
78 | /* gotta define gethostname ourselves on suns */ | |
79 | extern int gethostname(char *, int); | |
80 | #endif | |
75 | 81 | |
76 | 82 | char *encode_table; |
77 | 83 | char *decode_table; |
110 | 116 | * Returns SASL_OK on success, SASL_BUFOVER if result won't fit |
111 | 117 | */ |
112 | 118 | |
113 | int sasl_encode64(const char *_in, unsigned inlen, | |
114 | char *_out, unsigned outmax, unsigned *outlen) | |
119 | int sasl_encode64(const char *_in, | |
120 | unsigned inlen, | |
121 | char *_out, | |
122 | unsigned outmax, | |
123 | unsigned *outlen) | |
115 | 124 | { |
116 | 125 | const unsigned char *in = (const unsigned char *)_in; |
117 | 126 | unsigned char *out = (unsigned char *)_out; |
120 | 129 | unsigned olen; |
121 | 130 | |
122 | 131 | /* check params */ |
123 | if ((inlen >0) && (in == NULL)) return SASL_BADPARAM; | |
132 | if ((inlen > 0) && (in == NULL)) return SASL_BADPARAM; | |
124 | 133 | |
125 | 134 | /* Will it fit? */ |
126 | 135 | olen = (inlen + 2) / 3 * 4; |
127 | 136 | if (outlen) { |
128 | *outlen = olen; | |
137 | *outlen = olen; | |
129 | 138 | } |
130 | 139 | if (outmax <= olen) { |
131 | return SASL_BUFOVER; | |
140 | return SASL_BUFOVER; | |
132 | 141 | } |
133 | 142 | |
134 | 143 | /* Do the work... */ |
135 | blah=(char *) out; | |
144 | blah = (char *) out; | |
136 | 145 | while (inlen >= 3) { |
137 | 146 | /* user provided max buffer size; make sure we don't go over it */ |
138 | 147 | *out++ = basis_64[in[0] >> 2]; |
467 | 476 | |
468 | 477 | void sasl_erasebuffer(char *buf, unsigned len) { |
469 | 478 | memset(buf, 0, len); |
479 | } | |
480 | ||
481 | /* Lowercase string in place */ | |
482 | char *sasl_strlower ( | |
483 | char *val | |
484 | ) | |
485 | { | |
486 | int i; | |
487 | ||
488 | if (val == NULL) { | |
489 | return (NULL); | |
490 | } | |
491 | ||
492 | /* don't use tolower(), as it is locale dependent */ | |
493 | ||
494 | for (i = 0; val[i] != '\0'; i++) { | |
495 | if (val[i] >= 'A' && val[i] <= 'Z') { | |
496 | val[i] = val[i] - 'A' + 'a'; | |
497 | } | |
498 | } | |
499 | ||
500 | return (val); | |
501 | } | |
502 | ||
503 | /* A version of gethostname that tries hard to return a FQDN */ | |
504 | int get_fqhostname( | |
505 | char *name, | |
506 | int namelen, | |
507 | int abort_if_no_fqdn | |
508 | ) | |
509 | { | |
510 | int return_value; | |
511 | struct addrinfo hints; | |
512 | struct addrinfo *result; | |
513 | ||
514 | return_value = gethostname (name, namelen); | |
515 | if (return_value != 0) { | |
516 | return (return_value); | |
517 | } | |
518 | ||
519 | if (strchr (name, '.') != NULL) { | |
520 | goto LOWERCASE; | |
521 | } | |
522 | ||
523 | /* gethostname hasn't returned a FQDN, we have to canonify it ourselves */ | |
524 | hints.ai_family = PF_UNSPEC; | |
525 | hints.ai_flags = AI_CANONNAME; | |
526 | hints.ai_socktype = SOCK_STREAM; /* TCP only */ | |
527 | /* A value of zero for ai_protocol indicates the caller will accept any protocol. or IPPROTO_TCP? */ | |
528 | hints.ai_protocol = 0; /* 0 or IPPROTO_xxx for IPv4 and IPv6 */ | |
529 | hints.ai_addrlen = 0; | |
530 | hints.ai_canonname = NULL; | |
531 | hints.ai_addr = NULL; | |
532 | hints.ai_next = NULL; | |
533 | ||
534 | if (getaddrinfo(name, | |
535 | NULL, /* don't care abour service/port */ | |
536 | &hints, | |
537 | &result) != 0) { | |
538 | /* errno on Unix, WSASetLastError on Windows are already done by the function */ | |
539 | return (-1); | |
540 | } | |
541 | ||
542 | if (abort_if_no_fqdn && (result == NULL || result->ai_canonname == NULL)) { | |
543 | freeaddrinfo (result); | |
544 | #ifdef WIN32 | |
545 | WSASetLastError (WSANO_DATA); | |
546 | #elif defined(ENODATA) | |
547 | errno = ENODATA; | |
548 | #elif defined(EADDRNOTAVAIL) | |
549 | errno = EADDRNOTAVAIL; | |
550 | #endif | |
551 | return (-1); | |
552 | } | |
553 | ||
554 | if (abort_if_no_fqdn && strchr (result->ai_canonname, '.') == NULL) { | |
555 | freeaddrinfo (result); | |
556 | #ifdef WIN32 | |
557 | WSASetLastError (WSANO_DATA); | |
558 | #elif defined(ENODATA) | |
559 | errno = ENODATA; | |
560 | #elif defined(EADDRNOTAVAIL) | |
561 | errno = EADDRNOTAVAIL; | |
562 | #endif | |
563 | return (-1); | |
564 | } | |
565 | ||
566 | ||
567 | /* Do we need to check for buffer overflow and set errno? */ | |
568 | strncpy (name, result->ai_canonname, namelen); | |
569 | freeaddrinfo (result); | |
570 | ||
571 | LOWERCASE: | |
572 | sasl_strlower (name); | |
573 | return (0); | |
470 | 574 | } |
471 | 575 | |
472 | 576 | #ifdef WIN32 |
656 | 760 | const char *prompt; |
657 | 761 | { |
658 | 762 | register char *p; |
659 | register c; | |
763 | register int c; | |
660 | 764 | static char pbuf[PASSWORD_MAX]; |
661 | 765 | |
662 | 766 | fprintf(stderr, "%s", prompt); (void) fflush(stderr); |
663 | 767 | for (p=pbuf; (c = _getch())!=13 && c!=EOF;) { |
664 | 768 | if (p < &pbuf[sizeof(pbuf)-1]) |
665 | *p++ = c; | |
769 | *p++ = (char) c; | |
666 | 770 | } |
667 | 771 | *p = '\0'; |
668 | 772 | fprintf(stderr, "\n"); (void) fflush(stderr); |
0 | 0 | /* SASL server API implementation |
1 | 1 | * Rob Siemborski |
2 | 2 | * Tim Martin |
3 | * $Id: server.c,v 1.146 2006/04/26 17:45:53 murch Exp $ | |
3 | * $Id: server.c,v 1.161 2009/08/04 17:45:55 mel Exp $ | |
4 | 4 | */ |
5 | 5 | /* |
6 | 6 | * Copyright (c) 1998-2003 Carnegie Mellon University. All rights reserved. |
62 | 62 | #include "saslplug.h" |
63 | 63 | #include "saslutil.h" |
64 | 64 | |
65 | #ifdef sun | |
66 | /* gotta define gethostname ourselves on suns */ | |
67 | extern int gethostname(char *, int); | |
68 | #endif | |
69 | ||
70 | 65 | #define DEFAULT_CHECKPASS_MECH "auxprop" |
71 | 66 | |
72 | 67 | /* Contains functions: |
120 | 115 | |
121 | 116 | int sasl_setpass(sasl_conn_t *conn, |
122 | 117 | const char *user, |
123 | const char *pass, unsigned passlen, | |
118 | const char *pass, | |
119 | unsigned passlen, | |
124 | 120 | const char *oldpass, |
125 | 121 | unsigned oldpasslen, |
126 | 122 | unsigned flags) |
128 | 124 | int result = SASL_OK, tmpresult; |
129 | 125 | sasl_server_conn_t *s_conn = (sasl_server_conn_t *) conn; |
130 | 126 | const char *password_request[] = { SASL_AUX_PASSWORD_PROP, NULL }; |
127 | const char *user_delete_request[] = { SASL_AUX_PASSWORD_PROP, SASL_AUX_ALL, NULL }; | |
131 | 128 | sasl_server_userdb_setpass_t *setpass_cb = NULL; |
132 | 129 | void *context = NULL; |
133 | 130 | int tried_setpass = 0; |
131 | int failed = 0; | |
134 | 132 | mechanism_t *sm; |
135 | 133 | server_sasl_mechanism_t *m; |
136 | 134 | char *current_mech; |
170 | 168 | if (flags & SASL_SET_DISABLE) { |
171 | 169 | pass = NULL; |
172 | 170 | passlen = 0; |
173 | } | |
174 | ||
175 | result = prop_request(s_conn->sparams->propctx, password_request); | |
171 | result = prop_request(s_conn->sparams->propctx, user_delete_request); | |
172 | } else { | |
173 | result = prop_request(s_conn->sparams->propctx, password_request); | |
174 | } | |
176 | 175 | if (result == SASL_OK) { |
176 | /* NOTE: When deleting users, this will work in a backward compatible way */ | |
177 | 177 | result = prop_set(s_conn->sparams->propctx, SASL_AUX_PASSWORD_PROP, |
178 | 178 | pass, passlen); |
179 | } | |
180 | if (result == SASL_OK && flags & SASL_SET_DISABLE) { | |
181 | result = prop_set(s_conn->sparams->propctx, SASL_AUX_ALL, | |
182 | NULL, 0); | |
179 | 183 | } |
180 | 184 | if (result == SASL_OK) { |
181 | 185 | result = sasl_auxprop_store(conn, s_conn->sparams->propctx, user); |
184 | 188 | _sasl_log(conn, SASL_LOG_ERR, |
185 | 189 | "setpass failed for %s: %z", |
186 | 190 | user, result); |
191 | failed++; | |
187 | 192 | } else { |
188 | 193 | _sasl_log(conn, SASL_LOG_NOTE, |
189 | 194 | "setpass succeeded for %s", user); |
202 | 207 | tmpresult = setpass_cb(conn, context, user, pass, passlen, |
203 | 208 | s_conn->sparams->propctx, flags); |
204 | 209 | if(tmpresult != SASL_OK) { |
205 | result = tmpresult; | |
210 | if (tmpresult == SASL_CONSTRAINT_VIOLAT) { | |
211 | if (result == SASL_OK) { | |
212 | result = tmpresult; | |
213 | } | |
214 | } else { | |
215 | result = tmpresult; | |
216 | } | |
206 | 217 | _sasl_log(conn, SASL_LOG_ERR, |
207 | 218 | "setpass callback failed for %s: %z", |
208 | 219 | user, tmpresult); |
220 | failed++; | |
209 | 221 | } else { |
210 | 222 | _sasl_log(conn, SASL_LOG_NOTE, |
211 | 223 | "setpass callback succeeded for %s", user); |
213 | 225 | } |
214 | 226 | |
215 | 227 | /* now we let the mechanisms set their secrets */ |
216 | for (sm = mechlist->mech_list; sm; sm = sm->next) { | |
228 | for (sm = s_conn->mech_list; sm; sm = sm->next) { | |
217 | 229 | m = &sm->m; |
218 | 230 | |
219 | 231 | if (!m->plug->setpass) { |
248 | 260 | } else if (tmpresult == SASL_NOCHANGE) { |
249 | 261 | _sasl_log(conn, SASL_LOG_NOTE, |
250 | 262 | "%s: secret not changed for %s", m->plug->mech_name, user); |
263 | } else if (tmpresult == SASL_CONSTRAINT_VIOLAT) { | |
264 | _sasl_log(conn, SASL_LOG_ERR, | |
265 | "%s: failed to set secret for %s: constrain violation", | |
266 | m->plug->mech_name, user); | |
267 | if (result == SASL_OK) { | |
268 | result = tmpresult; | |
269 | } | |
270 | failed++; | |
251 | 271 | } else { |
252 | 272 | result = tmpresult; |
253 | 273 | _sasl_log(conn, SASL_LOG_ERR, |
259 | 279 | GetLastError() |
260 | 280 | #endif |
261 | 281 | ); |
282 | failed++; | |
262 | 283 | } |
263 | 284 | } |
264 | 285 | |
267 | 288 | "secret not changed for %s: " |
268 | 289 | "no writable auxprop plugin or setpass callback found", |
269 | 290 | user); |
291 | } else if (result == SASL_CONSTRAINT_VIOLAT) { | |
292 | /* If not all setpass failed with SASL_CONSTRAINT_VIOLAT - | |
293 | ignore SASL_CONSTRAINT_VIOLAT */ | |
294 | if (failed < tried_setpass) { | |
295 | result = SASL_OK; | |
296 | } | |
270 | 297 | } |
271 | 298 | |
272 | 299 | RETURN(conn, result); |
307 | 334 | if (s_conn->sparams) |
308 | 335 | sasl_FREE(s_conn->sparams); |
309 | 336 | |
337 | if (s_conn->mech_list != mechlist->mech_list) { | |
338 | /* free connection-specific mech_list */ | |
339 | mechanism_t *m, *prevm; | |
340 | ||
341 | m = s_conn->mech_list; /* m point to beginning of the list */ | |
342 | ||
343 | while (m) { | |
344 | prevm = m; | |
345 | m = m->next; | |
346 | sasl_FREE(prevm); | |
347 | } | |
348 | } | |
349 | ||
310 | 350 | _sasl_conn_dispose(pconn); |
311 | 351 | } |
312 | 352 | |
313 | 353 | static int init_mechlist(void) |
314 | 354 | { |
315 | 355 | sasl_utils_t *newutils = NULL; |
316 | ||
317 | mechlist->mutex = sasl_MUTEX_ALLOC(); | |
318 | if(!mechlist->mutex) return SASL_FAIL; | |
319 | 356 | |
320 | 357 | /* set util functions - need to do rest */ |
321 | 358 | newutils = _sasl_alloc_utils(NULL, &global_callbacks); |
329 | 366 | mechlist->mech_length=0; |
330 | 367 | |
331 | 368 | return SASL_OK; |
369 | } | |
370 | ||
371 | static int mech_compare(const sasl_server_plug_t *a, | |
372 | const sasl_server_plug_t *b) | |
373 | { | |
374 | unsigned sec_diff; | |
375 | ||
376 | if (a->max_ssf > b->max_ssf) return 1; | |
377 | if (a->max_ssf < b->max_ssf) return -1; | |
378 | ||
379 | /* XXX the following is fairly arbitrary, but its independent | |
380 | of the order in which the plugins are loaded | |
381 | */ | |
382 | sec_diff = a->security_flags ^ b->security_flags; | |
383 | if (sec_diff & a->security_flags & SASL_SEC_FORWARD_SECRECY) return 1; | |
384 | if (sec_diff & b->security_flags & SASL_SEC_FORWARD_SECRECY) return -1; | |
385 | if (sec_diff & a->security_flags & SASL_SEC_NOACTIVE) return 1; | |
386 | if (sec_diff & b->security_flags & SASL_SEC_NOACTIVE) return -1; | |
387 | if (sec_diff & a->security_flags & SASL_SEC_NODICTIONARY) return 1; | |
388 | if (sec_diff & b->security_flags & SASL_SEC_NODICTIONARY) return -1; | |
389 | if (sec_diff & a->security_flags & SASL_SEC_MUTUAL_AUTH) return 1; | |
390 | if (sec_diff & b->security_flags & SASL_SEC_MUTUAL_AUTH) return -1; | |
391 | if (sec_diff & a->security_flags & SASL_SEC_NOANONYMOUS) return 1; | |
392 | if (sec_diff & b->security_flags & SASL_SEC_NOANONYMOUS) return -1; | |
393 | if (sec_diff & a->security_flags & SASL_SEC_NOPLAINTEXT) return 1; | |
394 | if (sec_diff & b->security_flags & SASL_SEC_NOPLAINTEXT) return -1; | |
395 | ||
396 | return 0; | |
332 | 397 | } |
333 | 398 | |
334 | 399 | /* |
340 | 405 | { |
341 | 406 | int plugcount; |
342 | 407 | sasl_server_plug_t *pluglist; |
343 | mechanism_t *mech; | |
344 | 408 | sasl_server_plug_init_t *entry_point; |
345 | 409 | int result; |
346 | 410 | int version; |
370 | 434 | return SASL_BADVERS; |
371 | 435 | } |
372 | 436 | |
373 | for (lupe=0;lupe < plugcount ;lupe++) | |
437 | for (lupe=0;lupe < plugcount ;lupe++, pluglist++) | |
374 | 438 | { |
439 | mechanism_t *mech, *mp; | |
440 | ||
375 | 441 | mech = sasl_ALLOC(sizeof(mechanism_t)); |
376 | 442 | if (! mech) return SASL_NOMEM; |
377 | 443 | memset (mech, 0, sizeof(mechanism_t)); |
378 | 444 | |
379 | mech->m.plug = pluglist++; | |
445 | mech->m.plug = pluglist; | |
380 | 446 | if(_sasl_strdup(plugname, &mech->m.plugname, NULL) != SASL_OK) { |
381 | 447 | sasl_FREE(mech); |
382 | 448 | return SASL_NOMEM; |
383 | 449 | } |
384 | 450 | mech->m.version = version; |
385 | 451 | |
386 | /* wheather this mech actually has any users in it's db */ | |
452 | /* whether this mech actually has any users in it's db */ | |
387 | 453 | mech->m.condition = result; /* SASL_OK, SASL_CONTINUE or SASL_NOUSER */ |
388 | 454 | |
389 | 455 | /* mech->m.f = NULL; */ |
390 | 456 | |
391 | mech->next = mechlist->mech_list; | |
392 | mechlist->mech_list = mech; | |
457 | /* sort mech_list by relative "strength" */ | |
458 | mp = mechlist->mech_list; | |
459 | if (!mp || mech_compare(pluglist, mp->m.plug) >= 0) { | |
460 | /* add mech to head of list */ | |
461 | mech->next = mechlist->mech_list; | |
462 | mechlist->mech_list = mech; | |
463 | } else { | |
464 | /* find where to insert mech into list */ | |
465 | while (mp->next && | |
466 | mech_compare(pluglist, mp->next->m.plug) <= 0) mp = mp->next; | |
467 | mech->next = mp->next; | |
468 | mp->next = mech; | |
469 | } | |
393 | 470 | mechlist->mech_length++; |
394 | 471 | } |
472 | ||
473 | return SASL_OK; | |
474 | } | |
475 | ||
476 | int sasl_server_done(void) | |
477 | { | |
478 | int result = SASL_CONTINUE; | |
479 | ||
480 | if (_sasl_server_cleanup_hook == NULL && _sasl_client_cleanup_hook == NULL) { | |
481 | return SASL_NOTINIT; | |
482 | } | |
483 | ||
484 | if (_sasl_server_cleanup_hook) { | |
485 | result = _sasl_server_cleanup_hook(); | |
486 | ||
487 | if (result == SASL_OK) { | |
488 | _sasl_server_idle_hook = NULL; | |
489 | _sasl_server_cleanup_hook = NULL; | |
490 | } else { | |
491 | return result; | |
492 | } | |
493 | } | |
494 | ||
495 | if (_sasl_server_cleanup_hook || _sasl_client_cleanup_hook) { | |
496 | return result; | |
497 | } | |
498 | ||
499 | sasl_common_done(); | |
395 | 500 | |
396 | 501 | return SASL_OK; |
397 | 502 | } |
428 | 533 | sasl_FREE(prevm); |
429 | 534 | } |
430 | 535 | _sasl_free_utils(&mechlist->utils); |
431 | sasl_MUTEX_FREE(mechlist->mutex); | |
432 | 536 | sasl_FREE(mechlist); |
433 | 537 | mechlist = NULL; |
434 | 538 | } |
483 | 587 | /* getconfpath_cb->proc MUST be a sasl_getconfpath_t; if only C had a type |
484 | 588 | system */ |
485 | 589 | result = ((sasl_getconfpath_t *)(getconfpath_cb->proc))(getconfpath_cb->context, |
486 | &path_to_config); | |
590 | (char **) &path_to_config); | |
487 | 591 | if (result != SASL_OK) goto done; |
488 | 592 | if (path_to_config == NULL) path_to_config = ""; |
489 | 593 | |
696 | 800 | { "sasl_canonuser_init", (add_plugin_t *)sasl_canonuser_add_plugin }, |
697 | 801 | { NULL, NULL } |
698 | 802 | }; |
803 | ||
804 | /* lock allocation type */ | |
805 | _sasl_allocation_locked++; | |
699 | 806 | |
700 | 807 | /* we require the appname (if present) to be short enough to be a path */ |
701 | 808 | if (appname != NULL && strlen(appname) >= PATH_MAX) |
886 | 993 | sasl_getopt_t *getopt; |
887 | 994 | void *context; |
888 | 995 | const char *log_level, *auto_trans; |
996 | const char *mlist = NULL; | |
889 | 997 | |
890 | 998 | if (_sasl_server_active==0) return SASL_NOTINIT; |
891 | 999 | if (! pconn) return SASL_FAIL; |
967 | 1075 | if(_sasl_getcallback(*pconn, SASL_CB_GETOPT, &getopt, &context) == SASL_OK) { |
968 | 1076 | getopt(context, NULL, "log_level", &log_level, NULL); |
969 | 1077 | getopt(context, NULL, "auto_transition", &auto_trans, NULL); |
1078 | getopt(context, NULL, "mech_list", &mlist, NULL); | |
970 | 1079 | } |
971 | 1080 | serverconn->sparams->log_level = log_level ? atoi(log_level) : SASL_LOG_ERR; |
972 | 1081 | |
980 | 1089 | serverconn->sparams->transition = &_sasl_transition; |
981 | 1090 | } |
982 | 1091 | |
983 | serverconn->sparams->canon_user = &_sasl_canon_user; | |
1092 | /* if we have a mech_list, create ordered list of avail mechs for this conn */ | |
1093 | if (mlist) { | |
1094 | const char *cp; | |
1095 | mechanism_t *mptr, *tail = NULL; | |
1096 | ||
1097 | while (*mlist) { | |
1098 | /* find end of current mech name */ | |
1099 | for (cp = mlist; *cp && !isspace((int) *cp); cp++); | |
1100 | ||
1101 | /* search for mech name in loaded plugins */ | |
1102 | for (mptr = mechlist->mech_list; mptr; mptr = mptr->next) { | |
1103 | const sasl_server_plug_t *plug = mptr->m.plug; | |
1104 | ||
1105 | if (((size_t) (cp - mlist) == strlen(plug->mech_name)) && | |
1106 | !strncasecmp(mlist, plug->mech_name, strlen(plug->mech_name))) | |
1107 | /* found a match */ | |
1108 | break; | |
1109 | } | |
1110 | if (mptr) { | |
1111 | mechanism_t *new = sasl_ALLOC(sizeof(mechanism_t)); | |
1112 | if (!new) return SASL_NOMEM; | |
1113 | ||
1114 | memcpy(&new->m, &mptr->m, sizeof(server_sasl_mechanism_t)); | |
1115 | new->next = NULL; | |
1116 | ||
1117 | if (!serverconn->mech_list) { | |
1118 | serverconn->mech_list = new; | |
1119 | tail = serverconn->mech_list; | |
1120 | } | |
1121 | else { | |
1122 | tail->next = new; | |
1123 | tail = new; | |
1124 | } | |
1125 | serverconn->mech_length++; | |
1126 | } | |
1127 | ||
1128 | /* find next mech name */ | |
1129 | mlist = cp; | |
1130 | while (*mlist && isspace((int) *mlist)) mlist++; | |
1131 | } | |
1132 | } | |
1133 | else { | |
1134 | serverconn->mech_list = mechlist->mech_list; | |
1135 | serverconn->mech_length = mechlist->mech_length; | |
1136 | } | |
1137 | ||
1138 | serverconn->sparams->canon_user = &_sasl_canon_user_lookup; | |
984 | 1139 | serverconn->sparams->props = serverconn->base.props; |
985 | 1140 | serverconn->sparams->flags = flags; |
986 | 1141 | |
995 | 1150 | |
996 | 1151 | /* |
997 | 1152 | * The rule is: |
998 | * IF mech strength + external strength < min ssf THEN FAIL | |
1153 | * IF mech strength + external strength < min ssf THEN FAIL. | |
999 | 1154 | * We also have to look at the security properties and make sure |
1000 | * that this mechanism has everything we want | |
1155 | * that this mechanism has everything we want. | |
1001 | 1156 | */ |
1002 | 1157 | static int mech_permitted(sasl_conn_t *conn, |
1003 | 1158 | mechanism_t *mech) |
1007 | 1162 | int ret; |
1008 | 1163 | int myflags; |
1009 | 1164 | context_list_t *cur; |
1010 | sasl_getopt_t *getopt; | |
1011 | 1165 | void *context; |
1012 | 1166 | sasl_ssf_t minssf = 0; |
1013 | 1167 | |
1019 | 1173 | } |
1020 | 1174 | |
1021 | 1175 | plug = mech->m.plug; |
1022 | ||
1023 | /* get the list of allowed mechanisms (default = all) */ | |
1024 | if (_sasl_getcallback(conn, SASL_CB_GETOPT, &getopt, &context) | |
1025 | == SASL_OK) { | |
1026 | const char *mlist = NULL; | |
1027 | ||
1028 | getopt(context, NULL, "mech_list", &mlist, NULL); | |
1029 | ||
1030 | /* if we have a list, check the plugin against it */ | |
1031 | if (mlist) { | |
1032 | const char *cp; | |
1033 | ||
1034 | while (*mlist) { | |
1035 | for (cp = mlist; *cp && !isspace((int) *cp); cp++); | |
1036 | if (((size_t) (cp - mlist) == strlen(plug->mech_name)) && | |
1037 | !strncasecmp(mlist, plug->mech_name, | |
1038 | strlen(plug->mech_name))) { | |
1039 | break; | |
1040 | } | |
1041 | mlist = cp; | |
1042 | while (*mlist && isspace((int) *mlist)) mlist++; | |
1043 | } | |
1044 | ||
1045 | if (!*mlist) return SASL_NOMECH; /* reached EOS -> not in our list */ | |
1046 | } | |
1047 | } | |
1048 | 1176 | |
1049 | 1177 | /* setup parameters for the call to mech_avail */ |
1050 | 1178 | s_conn->sparams->serverFQDN=conn->serverFQDN; |
1216 | 1344 | |
1217 | 1345 | if (_sasl_server_active==0) return SASL_NOTINIT; |
1218 | 1346 | |
1347 | /* check parameters */ | |
1348 | if(!conn) return SASL_BADPARAM; | |
1349 | ||
1350 | if (!mech || ((clientin==NULL) && (clientinlen>0))) | |
1351 | PARAMERROR(conn); | |
1352 | ||
1353 | if (serverout) *serverout = NULL; | |
1354 | if (serveroutlen) *serveroutlen = 0; | |
1355 | ||
1219 | 1356 | /* make sure mech is valid mechanism |
1220 | 1357 | if not return appropriate error */ |
1221 | m=mechlist->mech_list; | |
1222 | ||
1223 | /* check parameters */ | |
1224 | if(!conn) return SASL_BADPARAM; | |
1225 | ||
1226 | if (!mech || ((clientin==NULL) && (clientinlen>0))) | |
1227 | PARAMERROR(conn); | |
1228 | ||
1229 | if(serverout) *serverout = NULL; | |
1230 | if(serveroutlen) *serveroutlen = 0; | |
1358 | m = s_conn->mech_list; | |
1231 | 1359 | |
1232 | 1360 | while (m!=NULL) |
1233 | 1361 | { |
1347 | 1475 | } else { |
1348 | 1476 | /* Mech wants client-first, so let them have it */ |
1349 | 1477 | result = sasl_server_step(conn, |
1350 | clientin, clientinlen, | |
1351 | serverout, serveroutlen); | |
1478 | clientin, | |
1479 | clientinlen, | |
1480 | serverout, | |
1481 | serveroutlen); | |
1352 | 1482 | } |
1353 | 1483 | } else { |
1354 | 1484 | if(s_conn->mech->m.plug->features & SASL_FEAT_WANT_CLIENT_FIRST) { |
1359 | 1489 | } else { |
1360 | 1490 | /* Mech wants server-first, so let them have it */ |
1361 | 1491 | result = sasl_server_step(conn, |
1362 | clientin, clientinlen, | |
1363 | serverout, serveroutlen); | |
1492 | clientin, | |
1493 | clientinlen, | |
1494 | serverout, | |
1495 | serveroutlen); | |
1364 | 1496 | } |
1365 | 1497 | } |
1366 | 1498 | } |
1381 | 1513 | |
1382 | 1514 | |
1383 | 1515 | /* perform one step of the SASL exchange |
1384 | * inputlen & input -- client data | |
1516 | * clientinlen & clientin -- client data | |
1385 | 1517 | * NULL on first step if no optional client step |
1386 | * outputlen & output -- set to the server data to transmit | |
1518 | * serveroutlen & serverout -- set to the server data to transmit | |
1387 | 1519 | * to the client in the next step |
1388 | 1520 | * (library handles freeing this) |
1389 | 1521 | * |
1413 | 1545 | PARAMERROR(conn); |
1414 | 1546 | |
1415 | 1547 | /* If we've already done the last send, return! */ |
1416 | if(s_conn->sent_last == 1) { | |
1548 | if (s_conn->sent_last == 1) { | |
1417 | 1549 | return SASL_OK; |
1418 | 1550 | } |
1419 | 1551 | |
1423 | 1555 | return SASL_FAIL; |
1424 | 1556 | } |
1425 | 1557 | |
1426 | if(serverout) *serverout = NULL; | |
1427 | if(serveroutlen) *serveroutlen = 0; | |
1558 | if (serverout) *serverout = NULL; | |
1559 | if (serveroutlen) *serveroutlen = 0; | |
1428 | 1560 | |
1429 | 1561 | ret = s_conn->mech->m.plug->mech_step(conn->context, |
1430 | 1562 | s_conn->sparams, |
1478 | 1610 | * added up |
1479 | 1611 | */ |
1480 | 1612 | |
1481 | static unsigned mech_names_len() | |
1613 | static unsigned mech_names_len(mechanism_t *mech_list) | |
1482 | 1614 | { |
1483 | 1615 | mechanism_t *listptr; |
1484 | 1616 | unsigned result = 0; |
1485 | 1617 | |
1486 | for (listptr = mechlist->mech_list; | |
1618 | for (listptr = mech_list; | |
1487 | 1619 | listptr; |
1488 | 1620 | listptr = listptr->next) |
1489 | 1621 | result += (unsigned) strlen(listptr->m.plug->mech_name); |
1493 | 1625 | |
1494 | 1626 | /* This returns a list of mechanisms in a NUL-terminated string |
1495 | 1627 | * |
1496 | * The default behavior is to seperate with spaces if sep==NULL | |
1628 | * The default behavior is to separate with spaces if sep == NULL | |
1497 | 1629 | */ |
1498 | 1630 | int _sasl_server_listmech(sasl_conn_t *conn, |
1499 | 1631 | const char *user __attribute__((unused)), |
1504 | 1636 | unsigned *plen, |
1505 | 1637 | int *pcount) |
1506 | 1638 | { |
1639 | sasl_server_conn_t *s_conn = (sasl_server_conn_t *)conn; | |
1507 | 1640 | int lup; |
1508 | 1641 | mechanism_t *listptr; |
1509 | 1642 | int ret; |
1530 | 1663 | mysep = " "; |
1531 | 1664 | } |
1532 | 1665 | |
1533 | if (! mechlist || mechlist->mech_length <= 0) | |
1666 | if (!s_conn->mech_list || s_conn->mech_length <= 0) | |
1534 | 1667 | INTERROR(conn, SASL_NOMECH); |
1535 | 1668 | |
1536 | 1669 | resultlen = (prefix ? strlen(prefix) : 0) |
1537 | + (strlen(mysep) * (mechlist->mech_length - 1)) | |
1538 | + mech_names_len() | |
1670 | + (strlen(mysep) * (s_conn->mech_length - 1)) | |
1671 | + mech_names_len(s_conn->mech_list) | |
1539 | 1672 | + (suffix ? strlen(suffix) : 0) |
1540 | 1673 | + 1; |
1541 | 1674 | ret = _buf_alloc(&conn->mechlist_buf, |
1547 | 1680 | else |
1548 | 1681 | *(conn->mechlist_buf) = '\0'; |
1549 | 1682 | |
1550 | listptr = mechlist->mech_list; | |
1683 | listptr = s_conn->mech_list; | |
1551 | 1684 | |
1552 | 1685 | flag = 0; |
1553 | 1686 | /* make list */ |
1554 | for (lup = 0; lup < mechlist->mech_length; lup++) { | |
1687 | for (lup = 0; lup < s_conn->mech_length; lup++) { | |
1555 | 1688 | /* currently, we don't use the "user" parameter for anything */ |
1556 | 1689 | if (mech_permitted(conn, listptr) == SASL_OK) { |
1557 | 1690 | if (pcount != NULL) |
1734 | 1867 | if(result != SASL_OK) RETURN(conn, result); |
1735 | 1868 | user = conn->oparams.user; |
1736 | 1869 | |
1737 | /* Check the password */ | |
1870 | /* Check the password and lookup additional properties */ | |
1738 | 1871 | result = _sasl_checkpass(conn, user, userlen, pass, passlen); |
1739 | 1872 | |
1740 | 1873 | /* Do authorization */ |
1757 | 1890 | * SASL_NOUSER -- user not found |
1758 | 1891 | * SASL_NOVERIFY -- user found, but no usable mechanism [FIXME: not supported] |
1759 | 1892 | * SASL_NOMECH -- no mechanisms enabled |
1893 | * SASL_UNAVAIL -- remote authentication server unavailable, try again later | |
1760 | 1894 | */ |
1761 | 1895 | int sasl_user_exists(sasl_conn_t *conn, |
1762 | 1896 | const char *service, |
1804 | 1938 | |
1805 | 1939 | /* Screen out the SASL_BADPARAM response |
1806 | 1940 | * we'll get from not giving a password */ |
1807 | if(result == SASL_BADPARAM) { | |
1941 | if (result == SASL_BADPARAM) { | |
1808 | 1942 | result = SASL_OK; |
1809 | 1943 | } |
1810 | 1944 | |
1895 | 2029 | s_conn->sparams->utils->prop_erase(s_conn->sparams->propctx, |
1896 | 2030 | password_request[0]); |
1897 | 2031 | |
1898 | /* Cannonify it */ | |
1899 | result = _sasl_canon_user(conn, user, user_len, | |
1900 | SASL_CU_AUTHID | SASL_CU_AUTHZID, | |
1901 | &(conn->oparams)); | |
2032 | /* canonicalize the username and lookup any associated properties */ | |
2033 | result = _sasl_canon_user_lookup (conn, | |
2034 | user, | |
2035 | user_len, | |
2036 | SASL_CU_AUTHID | SASL_CU_AUTHZID, | |
2037 | &(conn->oparams)); | |
1902 | 2038 | sasl_FREE(user); |
1903 | 2039 | |
1904 | 2040 | if(result != SASL_OK) RETURN(conn, result); |
1929 | 2065 | _sasl_print_mechanism ( |
1930 | 2066 | server_sasl_mechanism_t *m, |
1931 | 2067 | sasl_info_callback_stage_t stage, |
1932 | void *rock | |
2068 | void *rock __attribute__((unused)) | |
1933 | 2069 | ) |
1934 | 2070 | { |
1935 | 2071 | char delimiter; |
2013 | 2149 | |
2014 | 2150 | |
2015 | 2151 | printf ("\n\tfeatures:"); |
2016 | ||
2152 | ||
2017 | 2153 | delimiter = ' '; |
2018 | 2154 | if (m->plug->features & SASL_FEAT_WANT_CLIENT_FIRST) { |
2019 | 2155 | printf ("%cWANT_CLIENT_FIRST", delimiter); |
2027 | 2163 | |
2028 | 2164 | if (m->plug->features & SASL_FEAT_ALLOWS_PROXY) { |
2029 | 2165 | printf ("%cPROXY_AUTHENTICATION", delimiter); |
2166 | delimiter = '|'; | |
2167 | } | |
2168 | ||
2169 | if (m->plug->features & SASL_FEAT_DONTUSE_USERPASSWD) { | |
2170 | printf ("%cDONTUSE_USERPASSWD", delimiter); | |
2030 | 2171 | delimiter = '|'; |
2031 | 2172 | } |
2032 | 2173 |
0 | 0 | /* windlopen.c--Windows dynamic loader interface |
1 | 1 | * Ryan Troll |
2 | * $Id: windlopen.c,v 1.16 2003/10/20 15:19:59 rjs3 Exp $ | |
2 | * $Id: windlopen.c,v 1.17 2009/01/25 20:20:57 mel Exp $ | |
3 | 3 | */ |
4 | 4 | /* |
5 | 5 | * Copyright (c) 1998-2003 Carnegie Mellon University. All rights reserved. |
133 | 133 | if (r != SASL_OK) return r; |
134 | 134 | |
135 | 135 | newhead = sasl_ALLOC(sizeof(lib_list_t)); |
136 | if(!newhead) return SASL_NOMEM; | |
136 | if (!newhead) return SASL_NOMEM; | |
137 | 137 | |
138 | 138 | if (!(library = LoadLibrary (file))) { |
139 | 139 | _sasl_log(NULL, SASL_LOG_ERR, |
150 | 150 | return SASL_OK; |
151 | 151 | } |
152 | 152 | |
153 | ||
153 | /* undoes actions done by _sasl_get_plugin */ | |
154 | void _sasl_remove_last_plugin() | |
155 | { | |
156 | lib_list_t *last_plugin = lib_list_head; | |
157 | lib_list_head = lib_list_head->next; | |
158 | if (last_plugin->library) { | |
159 | FreeLibrary(last_plugin->library); | |
160 | } | |
161 | sasl_FREE(last_plugin); | |
162 | } | |
154 | 163 | |
155 | 164 | /* gets the list of mechanisms */ |
156 | 165 | int _sasl_load_plugins(const add_plugin_list_t *entrypoints, |
242 | 251 | void *library; |
243 | 252 | char *c; |
244 | 253 | char plugname[PATH_MAX]; |
254 | int entries; | |
245 | 255 | |
246 | 256 | length = strlen(finddata.name); |
247 | 257 | if (length < 5) { /* At least <Ch>.dll */ |
276 | 286 | continue; |
277 | 287 | } |
278 | 288 | |
289 | entries = 0; | |
279 | 290 | for (cur_ep = entrypoints; cur_ep->entryname; cur_ep++) { |
280 | _sasl_plugin_load(plugname, library, cur_ep->entryname, | |
281 | cur_ep->add_plugin); | |
291 | result = _sasl_plugin_load(plugname, | |
292 | library, | |
293 | cur_ep->entryname, | |
294 | cur_ep->add_plugin); | |
295 | if (result == SASL_OK) { | |
296 | ++entries; | |
297 | } | |
282 | 298 | /* If this fails, it's not the end of the world */ |
283 | 299 | } |
300 | if (entries == 0) { | |
301 | _sasl_remove_last_plugin(); | |
302 | } | |
303 | ||
284 | 304 | } while (_findnext (fhandle, &finddata) == 0); |
285 | 305 | |
286 | 306 | _findclose (fhandle); |
131 | 131 | LIB_PGSQL = @LIB_PGSQL@ |
132 | 132 | LIB_SOCKET = @LIB_SOCKET@ |
133 | 133 | LIB_SQLITE = @LIB_SQLITE@ |
134 | LIB_SQLITE3 = @LIB_SQLITE3@ | |
134 | 135 | LN_S = @LN_S@ |
135 | 136 | LTGETADDRINFOOBJS = @LTGETADDRINFOOBJS@ |
136 | 137 | LTGETNAMEINFOOBJS = @LTGETNAMEINFOOBJS@ |
37 | 37 | .\" AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING |
38 | 38 | .\" OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. |
39 | 39 | .\" |
40 | .TH SASL "10 July 2001" SASL "SASL man pages" | |
40 | .TH SASL 3 "10 July 2001" SASL "SASL man pages" | |
41 | 41 | .SH NAME |
42 | 42 | SASL \- SASL authentication library |
43 | 43 | .SH DESCRIPTION |
55 | 55 | .I Programmers Guide |
56 | 56 | in the doc/ directory of the SASL distribution. |
57 | 57 | .SH "CONFORMING TO" |
58 | RFC 2222 | |
58 | RFC 4422 | |
59 | 59 | .SH "SEE ALSO" |
60 | 60 | sasl_authorize_t(3), sasl_auxprop(3), sasl_auxprop_getctx(3), sasl_auxprop_request(3), sasl_canon_user_t(3), sasl_callbacks(3), sasl_chalprompt_t(3), sasl_checkapop(3), sasl_checkpass(3), sasl_client_init(3), sasl_client_new(3), sasl_client_start(3), sasl_client_step(3), sasl_decode(3), sasl_dispose(3), sasl_done(3), sasl_encode(3), sasl_encodev(3), sasl_errdetail(3), sasl_errors(3), sasl_errstring(3), sasl_errors(3), sasl_getopt_t(3), sasl_getpath_t(3), sasl_getprop(3), sasl_getrealm_t(3), sasl_getsecret_t(3), sasl_getsimple_t(3), sasl_idle(3), sasl_listmech(3), sasl_log_t(3), sasl_server_init(3), sasl_server_new(3), sasl_server_start(3), sasl_server_step(3), sasl_server_userdb_checkpass_t(3), sasl_server_userdb_setpass_t(3), sasl_setpass(3), sasl_setprop(3), sasl_user_exists(3), sasl_verifyfile_t(3), sasl_global_listmech(3) |
37 | 37 | .\" AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING |
38 | 38 | .\" OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. |
39 | 39 | .\" |
40 | .TH sasl_authorize_t "10 July 2001" SASL "SASL man pages" | |
40 | .TH sasl_authorize_t 3 "10 July 2001" SASL "SASL man pages" | |
41 | 41 | .SH NAME |
42 | 42 | sasl_authorize_t \- The SASL authorization callback |
43 | 43 |
37 | 37 | .\" AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING |
38 | 38 | .\" OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. |
39 | 39 | .\" |
40 | .TH sasl_auxprop "10 July 2001" SASL "SASL man pages" | |
40 | .TH sasl_auxprop 3 "10 July 2001" SASL "SASL man pages" | |
41 | 41 | .SH NAME |
42 | 42 | sasl_auxprop \- How to work with SASL auxiliary properties |
43 | 43 | |
206 | 206 | on success, or NULL on any error. |
207 | 207 | |
208 | 208 | .SH "CONFORMING TO" |
209 | RFC 2222 | |
209 | RFC 4422 | |
210 | 210 | |
211 | 211 | .SH "SEE ALSO" |
212 | 212 | sasl(3), sasl_errors(3), sasl_auxprop_request(3), sasl_auxprop_getctx(3) |
37 | 37 | .\" AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING |
38 | 38 | .\" OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. |
39 | 39 | .\" |
40 | .TH sasl_auxprop_getctx "10 July 2001" SASL "SASL man pages" | |
40 | .TH sasl_auxprop_getctx 3 "10 July 2001" SASL "SASL man pages" | |
41 | 41 | .SH NAME |
42 | 42 | sasl_auxprop_getctx \- Acquire an auxiliary property context |
43 | 43 | |
63 | 63 | Returns a pointer the the context on success. Returns NULL on failure. |
64 | 64 | |
65 | 65 | .SH "CONFORMING TO" |
66 | RFC 2222 | |
66 | RFC 4422 | |
67 | 67 | .SH "SEE ALSO" |
68 | 68 | sasl(3), sasl_auxprop(3), sasl_auxprop_request(3)⏎ |
37 | 37 | .\" AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING |
38 | 38 | .\" OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. |
39 | 39 | .\" |
40 | .TH sasl_auxprop_request "10 July 2001" SASL "SASL man pages" | |
40 | .TH sasl_auxprop_request 3 "10 July 2001" SASL "SASL man pages" | |
41 | 41 | .SH NAME |
42 | 42 | sasl_auxprop_request \- Request Auxiliary Properties from SASL |
43 | 43 | |
71 | 71 | codes. |
72 | 72 | |
73 | 73 | .SH "CONFORMING TO" |
74 | RFC 2222 | |
74 | RFC 4422 | |
75 | 75 | .SH "SEE ALSO" |
76 | 76 | sasl(3), sasl_errors(3), sasl_auxprop(3), sasl_auxprop_getctx(3), |
77 | 77 | sasl_server_new(3), sasl_server_start(3) |
37 | 37 | .\" AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING |
38 | 38 | .\" OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. |
39 | 39 | .\" |
40 | .TH sasl_callbacks "12 February 2006" SASL "SASL man pages" | |
40 | .TH sasl_callbacks 3 "12 February 2006" SASL "SASL man pages" | |
41 | 41 | .SH NAME |
42 | 42 | sasl_callbacks \- How to work with SASL callbacks |
43 | 43 | |
114 | 114 | SASL callback functions should return SASL return codes. See sasl.h for a complete list. SASL_OK typically indicates success. |
115 | 115 | |
116 | 116 | .SH "CONFORMING TO" |
117 | RFC 2222 | |
117 | RFC 4422 | |
118 | 118 | |
119 | 119 | .SH "SEE ALSO" |
120 | 120 | sasl(3), sasl_errors(3), sasl_authorize_t(3), sasl_log_t(3), sasl_getpath_t(3), |
37 | 37 | .\" AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING |
38 | 38 | .\" OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. |
39 | 39 | .\" |
40 | .TH sasl_server_userdb_checkpass_t "10 July 2001" SASL "SASL man pages" | |
40 | .TH sasl_server_userdb_checkpass_t 3 "10 July 2001" SASL "SASL man pages" | |
41 | 41 | .SH NAME |
42 | 42 | sasl_server_userdb_checkpass_t \- Plaintext Password Verification Callback |
43 | 43 |
37 | 37 | .\" AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING |
38 | 38 | .\" OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. |
39 | 39 | .\" |
40 | .TH sasl_chalprompt_t "10 July 2001" SASL "SASL man pages" | |
40 | .TH sasl_chalprompt_t 3 "10 July 2001" SASL "SASL man pages" | |
41 | 41 | .SH NAME |
42 | 42 | sasl_chalprompt_t \- Realm Acquisition Callback |
43 | 43 |
37 | 37 | .\" AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING |
38 | 38 | .\" OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. |
39 | 39 | .\" |
40 | .TH sasl_checkapop "29 June 2001" SASL "SASL man pages" | |
40 | .TH sasl_checkapop 3 "29 June 2001" SASL "SASL man pages" | |
41 | 41 | .SH NAME |
42 | 42 | sasl_checkapop \- Check an APOP challenge/response |
43 | 43 | .SH SYNOPSIS |
73 | 73 | for meanings of return codes. |
74 | 74 | |
75 | 75 | .SH "CONFORMING TO" |
76 | RFC 2222, RFC 1939 | |
76 | RFC 4422, RFC 1939 | |
77 | 77 | .SH "SEE ALSO" |
78 | 78 | sasl(3), sasl_errors(3)⏎ |
37 | 37 | .\" AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING |
38 | 38 | .\" OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. |
39 | 39 | .\" |
40 | .TH sasl_checkpass "10 July 2001" SASL "SASL man pages" | |
40 | .TH sasl_checkpass 3 "10 July 2001" SASL "SASL man pages" | |
41 | 41 | .SH NAME |
42 | 42 | sasl_checkpass \- Check a plaintext password |
43 | 43 | .SH SYNOPSIS |
65 | 65 | for meanings of return codes. |
66 | 66 | |
67 | 67 | .SH "CONFORMING TO" |
68 | RFC 2222 | |
68 | RFC 4422 | |
69 | 69 | .SH "SEE ALSO" |
70 | 70 | sasl(3), sasl_errors(3), sasl_callbacks(3), sasl_setpass(3) |
37 | 37 | .\" AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING |
38 | 38 | .\" OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. |
39 | 39 | .\" |
40 | .TH sasl_client_init "21 June 2001" SASL "SASL man pages" | |
40 | .TH sasl_client_init 3 "21 June 2001" SASL "SASL man pages" | |
41 | 41 | .SH NAME |
42 | 42 | sasl_client_init \- SASL client authentication initialization |
43 | 43 | |
82 | 82 | Not enough memory to complete operation |
83 | 83 | |
84 | 84 | .SH "CONFORMING TO" |
85 | RFC 2222 | |
85 | RFC 4422 | |
86 | 86 | .SH "SEE ALSO" |
87 | 87 | sasl(3), sasl_callbacks(3), sasl_client_new(3), sasl_client_start(3), sasl_client_step(3) |
37 | 37 | .\" AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING |
38 | 38 | .\" OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. |
39 | 39 | .\" |
40 | .TH sasl_client_new "21 June 2001" SASL "SASL man pages" | |
40 | .TH sasl_client_new 3 "21 June 2001" SASL "SASL man pages" | |
41 | 41 | .SH NAME |
42 | 42 | sasl_client_new \- Create a new client authentication object |
43 | 43 | |
121 | 121 | Not enough memory to complete operation |
122 | 122 | |
123 | 123 | .SH "CONFORMING TO" |
124 | RFC 2222 | |
124 | RFC 4422 | |
125 | 125 | .SH "SEE ALSO" |
126 | 126 | sasl(3), sasl_client_init(3), sasl_client_start(3), sasl_client_step(3), sasl_setprop(3) |
37 | 37 | .\" AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING |
38 | 38 | .\" OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. |
39 | 39 | .\" |
40 | .TH sasl_client_start "10 July 2001" SASL "SASL man pages" | |
40 | .TH sasl_client_start 3 "10 July 2001" SASL "SASL man pages" | |
41 | 41 | .SH NAME |
42 | 42 | sasl_client_start \- Begin an authentication negotiation |
43 | 43 | .SH SYNOPSIS |
72 | 72 | |
73 | 73 | .PP |
74 | 74 | .I mechlist |
75 | is a list of mechanisms the server has available. Punctuation if ignored. | |
75 | is a list of mechanisms the server has available. Punctuation is ignored. | |
76 | 76 | .PP |
77 | 77 | .I prompt_need |
78 | 78 | is filled in with a list of prompts needed to continue (if necessary). |
106 | 106 | session should be quit. |
107 | 107 | |
108 | 108 | .SH "CONFORMING TO" |
109 | RFC 2222 | |
109 | RFC 4422 | |
110 | 110 | .SH "SEE ALSO" |
111 | 111 | sasl(3), sasl_callbacks(3), sasl_errors(3), sasl_client_init(3), sasl_client_new(3), sasl_client_step(3) |
37 | 37 | .\" AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING |
38 | 38 | .\" OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. |
39 | 39 | .\" |
40 | .TH sasl_client_step "10 July 2001" SASL "SASL man pages" | |
40 | .TH sasl_client_step 3 "10 July 2001" SASL "SASL man pages" | |
41 | 41 | .SH NAME |
42 | 42 | sasl_client_step \- Perform a step in the authentication negotiation |
43 | 43 | |
99 | 99 | should either be handled or the authentication session should be quit. |
100 | 100 | |
101 | 101 | .SH "CONFORMING TO" |
102 | RFC 2222 | |
102 | RFC 4422 | |
103 | 103 | .SH "SEE ALSO" |
104 | 104 | sasl(3), sasl_callbacks(3), sasl_errors(3), sasl_client_init(3), sasl_client_new(3), sasl_client_start(3) |
37 | 37 | .\" AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING |
38 | 38 | .\" OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. |
39 | 39 | .\" |
40 | .TH sasl_decode "10 July 2001" SASL "SASL man pages" | |
40 | .TH sasl_decode 3 "10 July 2001" SASL "SASL man pages" | |
41 | 41 | .SH NAME |
42 | 42 | sasl_decode \- Decode data received |
43 | 43 | |
77 | 77 | codes. |
78 | 78 | |
79 | 79 | .SH "CONFORMING TO" |
80 | RFC 2222 | |
80 | RFC 4422 | |
81 | 81 | .SH "SEE ALSO" |
82 | 82 | sasl(3), sasl_errors(3), sasl_encode(3)⏎ |
37 | 37 | .\" AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING |
38 | 38 | .\" OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. |
39 | 39 | .\" |
40 | .TH sasl_dispose "10 July 2001" SASL "SASL man pages" | |
40 | .TH sasl_dispose 3 "10 July 2001" SASL "SASL man pages" | |
41 | 41 | .SH NAME |
42 | 42 | sasl_dispose \- Dispose of a SASL connection object |
43 | 43 | |
63 | 63 | No return values |
64 | 64 | |
65 | 65 | .SH "CONFORMING TO" |
66 | RFC 2222 | |
66 | RFC 4422 | |
67 | 67 | .SH "SEE ALSO" |
68 | 68 | sasl(3), sasl_server_new(3), sasl_client_new(3)⏎ |
37 | 37 | .\" AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING |
38 | 38 | .\" OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. |
39 | 39 | .\" |
40 | .TH sasl_done "10 July 2001" SASL "SASL man pages" | |
40 | .TH sasl_done 3 "10 July 2001" SASL "SASL man pages" | |
41 | 41 | .SH NAME |
42 | 42 | sasl_done \- Dispose of a SASL connection object |
43 | 43 | |
60 | 60 | No return values |
61 | 61 | |
62 | 62 | .SH "CONFORMING TO" |
63 | RFC 2222 | |
63 | RFC 4422 | |
64 | 64 | .SH "SEE ALSO" |
65 | 65 | sasl(3), sasl_server_init(3), sasl_client_init(3)⏎ |
37 | 37 | .\" AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING |
38 | 38 | .\" OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. |
39 | 39 | .\" |
40 | .TH sasl_encode "10 July 2001" SASL "SASL man pages" | |
40 | .TH sasl_encode 3 "10 July 2001" SASL "SASL man pages" | |
41 | 41 | .SH NAME |
42 | 42 | sasl_encode \- Encode data for transport to authenticated host |
43 | 43 | |
76 | 76 | codes. |
77 | 77 | |
78 | 78 | .SH "CONFORMING TO" |
79 | RFC 2222 | |
79 | RFC 4422 | |
80 | 80 | .SH "SEE ALSO" |
81 | 81 | sasl(3), sasl_errors(3), sasl_decode(3)⏎ |
37 | 37 | .\" AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING |
38 | 38 | .\" OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. |
39 | 39 | .\" |
40 | .TH sasl_encode "10 July 2001" SASL "SASL man pages" | |
40 | .TH sasl_encode 3 "10 July 2001" SASL "SASL man pages" | |
41 | 41 | .SH NAME |
42 | 42 | sasl_encode \- Encode data for transport to authenticated host |
43 | 43 | |
76 | 76 | codes. |
77 | 77 | |
78 | 78 | .SH "CONFORMING TO" |
79 | RFC 2222 | |
79 | RFC 4422 | |
80 | 80 | .SH "SEE ALSO" |
81 | 81 | sasl(3), sasl_errors(3), sasl_decode(3)⏎ |
37 | 37 | .\" AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING |
38 | 38 | .\" OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. |
39 | 39 | .\" |
40 | .TH sasl_errdetail "10 July 2001" SASL "SASL man pages" | |
40 | .TH sasl_errdetail 3 "10 July 2001" SASL "SASL man pages" | |
41 | 41 | .SH NAME |
42 | 42 | sasl_errdetail \- Retrieve detailed information about an error |
43 | 43 | |
63 | 63 | no error has occurred, or there was an error retrieving it. |
64 | 64 | |
65 | 65 | .SH "CONFORMING TO" |
66 | RFC 2222 | |
66 | RFC 4422 | |
67 | 67 | .SH "SEE ALSO" |
68 | 68 | sasl(3)⏎ |
37 | 37 | .\" AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING |
38 | 38 | .\" OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. |
39 | 39 | .\" |
40 | .TH sasl_errors "10 July 2001" SASL "SASL man pages" | |
40 | .TH sasl_errors 3 "10 July 2001" SASL "SASL man pages" | |
41 | 41 | .SH NAME |
42 | 42 | sasl_errors \- SASL error codes |
43 | 43 | |
148 | 148 | User supplied passwords are not permitted |
149 | 149 | |
150 | 150 | .SH "CONFORMING TO" |
151 | RFC 2222 | |
151 | RFC 4422 | |
152 | 152 | |
153 | 153 | .SH "SEE ALSO" |
154 | 154 | sasl(3) |
37 | 37 | .\" AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING |
38 | 38 | .\" OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. |
39 | 39 | .\" |
40 | .TH sasl_errstring "10 July 2001" SASL "SASL man pages" | |
40 | .TH sasl_errstring 3 "10 July 2001" SASL "SASL man pages" | |
41 | 41 | .SH NAME |
42 | 42 | sasl_errstring \- Translate a SASL return code to a human-readable form |
43 | 43 | |
79 | 79 | Returns the string. If langlist is NULL, US-ASCII is used. |
80 | 80 | .PP |
81 | 81 | .SH "CONFORMING TO" |
82 | RFC 2222 | |
82 | RFC 4422 | |
83 | 83 | .SH "SEE ALSO" |
84 | 84 | sasl(3), sasl_errdetail(3), sasl_errors(3) |
37 | 37 | .\" AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING |
38 | 38 | .\" OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. |
39 | 39 | .\" |
40 | .TH sasl_getconfpath_t "12 February 2006" SASL "SASL man pages" | |
40 | .TH sasl_getconfpath_t 3 "12 February 2006" SASL "SASL man pages" | |
41 | 41 | .SH NAME |
42 | 42 | sasl_getconfpath_t \- The SASL callback to indicate location of the config files |
43 | 43 | |
62 | 62 | SASL callback functions should return SASL return codes. See sasl.h for a complete list. SASL_OK indicates success. |
63 | 63 | |
64 | 64 | .SH "CONFORMING TO" |
65 | RFC 2222 | |
65 | RFC 4422 | |
66 | 66 | .SH "SEE ALSO" |
67 | 67 | sasl(3), sasl_callbacks(3), sasl_errors(3) |
37 | 37 | .\" AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING |
38 | 38 | .\" OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. |
39 | 39 | .\" |
40 | .TH sasl_getopt_t "10 July 2001" SASL "SASL man pages" | |
40 | .TH sasl_getopt_t 3 "10 July 2001" SASL "SASL man pages" | |
41 | 41 | .SH NAME |
42 | 42 | sasl_getopt_t \- The SASL get option callback |
43 | 43 | |
78 | 78 | SASL callback functions should return SASL return codes. See sasl.h for a complete list. SASL_OK indicates success. |
79 | 79 | |
80 | 80 | .SH "CONFORMING TO" |
81 | RFC 2222 | |
81 | RFC 4422 | |
82 | 82 | .SH "SEE ALSO" |
83 | 83 | sasl(3), sasl_callbacks(3), sasl_errors(3) |
37 | 37 | .\" AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING |
38 | 38 | .\" OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. |
39 | 39 | .\" |
40 | .TH sasl_getpath_t "10 July 2001" SASL "SASL man pages" | |
40 | .TH sasl_getpath_t 3 "10 July 2001" SASL "SASL man pages" | |
41 | 41 | .SH NAME |
42 | 42 | sasl_getpath_t \- The SASL callback to indicate location of the mechanism drivers |
43 | 43 | |
62 | 62 | SASL callback functions should return SASL return codes. See sasl.h for a complete list. SASL_OK indicates success. |
63 | 63 | |
64 | 64 | .SH "CONFORMING TO" |
65 | RFC 2222 | |
65 | RFC 4422 | |
66 | 66 | .SH "SEE ALSO" |
67 | 67 | sasl(3), sasl_callbacks(3), sasl_errors(3) |
37 | 37 | .\" AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING |
38 | 38 | .\" OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. |
39 | 39 | .\" |
40 | .TH sasl_getprop "10 July 2001" SASL "SASL man pages" | |
40 | .TH sasl_getprop 3 "10 July 2001" SASL "SASL man pages" | |
41 | 41 | .SH NAME |
42 | 42 | sasl_getprop \- Get a SASL property |
43 | 43 | |
90 | 90 | Returns SASL_OK on success. SASL error code on failure. |
91 | 91 | |
92 | 92 | .SH "CONFORMING TO" |
93 | RFC 2222 | |
93 | RFC 4422 | |
94 | 94 | .SH "SEE ALSO" |
95 | 95 | sasl(3), sasl_errors(3), sasl_server_new(3), sasl_client_new(3) |
37 | 37 | .\" AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING |
38 | 38 | .\" OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. |
39 | 39 | .\" |
40 | .TH sasl_getrealm_t "10 July 2001" SASL "SASL man pages" | |
40 | .TH sasl_getrealm_t 3 "10 July 2001" SASL "SASL man pages" | |
41 | 41 | .SH NAME |
42 | 42 | sasl_getrealm_t \- Realm Acquisition Callback |
43 | 43 |
37 | 37 | .\" AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING |
38 | 38 | .\" OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. |
39 | 39 | .\" |
40 | .TH sasl_getsecret_t "10 July 2001" SASL "SASL man pages" | |
40 | .TH sasl_getsecret_t 3 "10 July 2001" SASL "SASL man pages" | |
41 | 41 | .SH NAME |
42 | 42 | sasl_getsecret_t \- The SASL callback for secrets (passwords) |
43 | 43 | |
68 | 68 | SASL callback functions should return SASL return codes. See sasl.h for a complete list. SASL_OK indicates success. |
69 | 69 | |
70 | 70 | .SH "CONFORMING TO" |
71 | RFC 2222 | |
71 | RFC 4422 | |
72 | 72 | .SH "SEE ALSO" |
73 | 73 | sasl(3), sasl_callbacks(3), sasl_errors(3)⏎ |
37 | 37 | .\" AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING |
38 | 38 | .\" OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. |
39 | 39 | .\" |
40 | .TH sasl_getsimple_t "10 July 2001" SASL "SASL man pages" | |
40 | .TH sasl_getsimple_t 3 "10 July 2001" SASL "SASL man pages" | |
41 | 41 | .SH NAME |
42 | 42 | sasl_getsimple_t \- The SASL callback for username/authname/realm |
43 | 43 | |
75 | 75 | SASL callback functions should return SASL return codes. See sasl.h for a complete list. SASL_OK indicates success. |
76 | 76 | |
77 | 77 | .SH "CONFORMING TO" |
78 | RFC 2222 | |
78 | RFC 4422 | |
79 | 79 | .SH "SEE ALSO" |
80 | 80 | sasl(3), sasl_callbacks(3), sasl_errors(3)⏎ |
37 | 37 | .\" AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING |
38 | 38 | .\" OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. |
39 | 39 | .\" |
40 | .TH sasl_listmech "10 July 2001" SASL "SASL man pages" | |
40 | .TH sasl_listmech 3 "10 July 2001" SASL "SASL man pages" | |
41 | 41 | .SH NAME |
42 | 42 | sasl_listmech \- Retrieve a list of the supported SASL mechanisms |
43 | 43 | .SH SYNOPSIS |
59 | 59 | uninitialized). |
60 | 60 | |
61 | 61 | .SH "CONFORMING TO" |
62 | RFC 2222 | |
62 | RFC 4422 | |
63 | 63 | .SH "SEE ALSO" |
64 | 64 | sasl(3), sasl_listmech(3), sasl_server_init(3), sasl_client_init(3) |
37 | 37 | .\" AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING |
38 | 38 | .\" OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. |
39 | 39 | .\" |
40 | .TH sasl_idle "10 July 2001" SASL "SASL man pages" | |
40 | .TH sasl_idle 3 "10 July 2001" SASL "SASL man pages" | |
41 | 41 | .SH NAME |
42 | 42 | sasl_idle \- Perform precalculations during an idle period |
43 | 43 | |
62 | 62 | Returns 1 if action was taken, 0 if no action was taken. |
63 | 63 | |
64 | 64 | .SH "CONFORMING TO" |
65 | RFC 2222 | |
65 | RFC 4422 | |
66 | 66 | .SH "SEE ALSO" |
67 | 67 | sasl(3) |
37 | 37 | .\" AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING |
38 | 38 | .\" OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. |
39 | 39 | .\" |
40 | .TH sasl_listmech "10 July 2001" SASL "SASL man pages" | |
40 | .TH sasl_listmech 3 "10 July 2001" SASL "SASL man pages" | |
41 | 41 | .SH NAME |
42 | 42 | sasl_listmech \- Retrieve a list of the supported SASL mechanisms |
43 | 43 | .SH SYNOPSIS |
91 | 91 | Returns SASL_OK on success. SASL error code on failure. |
92 | 92 | |
93 | 93 | .SH "CONFORMING TO" |
94 | RFC 2222 | |
94 | RFC 4422 | |
95 | 95 | .SH "SEE ALSO" |
96 | 96 | sasl(3), sasl_errors(3), sasl_server_new(3), sasl_client_new(3) |
37 | 37 | .\" AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING |
38 | 38 | .\" OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. |
39 | 39 | .\" |
40 | .TH sasl_log_t "10 July 2001" SASL "SASL man pages" | |
40 | .TH sasl_log_t 3 "10 July 2001" SASL "SASL man pages" | |
41 | 41 | .SH NAME |
42 | 42 | sasl_log_t \- The SASL logging callback |
43 | 43 | |
64 | 64 | SASL callback functions should return SASL return codes. See sasl.h for a complete list. SASL_OK indicates success. |
65 | 65 | |
66 | 66 | .SH "CONFORMING TO" |
67 | RFC 2222 | |
67 | RFC 4422 | |
68 | 68 | .SH "SEE ALSO" |
69 | 69 | sasl(3), sasl_callbacks(3), sasl_errors(3)⏎ |
37 | 37 | .\" AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING |
38 | 38 | .\" OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. |
39 | 39 | .\" |
40 | .TH sasl_server_init "10 July 2001" SASL "SASL man pages" | |
40 | .TH sasl_server_init 3 "10 July 2001" SASL "SASL man pages" | |
41 | 41 | .SH NAME |
42 | 42 | sasl_server_init \- SASL server authentication initialization |
43 | 43 | |
77 | 77 | authentication session should be quit. |
78 | 78 | |
79 | 79 | .SH "CONFORMING TO" |
80 | RFC 2222 | |
80 | RFC 4422 | |
81 | 81 | .SH "SEE ALSO" |
82 | 82 | sasl(3), sasl_callbacks(3), sasl_errors(3), sasl_server_new(3), sasl_server_start(3), sasl_server_step(3) |
37 | 37 | .\" AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING |
38 | 38 | .\" OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. |
39 | 39 | .\" |
40 | .TH sasl_server_new "16 May 2001" SASL "SASL man pages" | |
40 | .TH sasl_server_new 3 "16 May 2001" SASL "SASL man pages" | |
41 | 41 | .SH NAME |
42 | 42 | sasl_server_new \- Create a new server authentication object |
43 | 43 | |
109 | 109 | authentication session should be quit. |
110 | 110 | |
111 | 111 | .SH "CONFORMING TO" |
112 | RFC 2222 | |
112 | RFC 4422 | |
113 | 113 | .SH "SEE ALSO" |
114 | 114 | sasl(3), sasl_errors(3), sasl_server_init(3), sasl_server_start(3), sasl_server_step(3), sasl_setprop(3) |
37 | 37 | .\" AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING |
38 | 38 | .\" OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. |
39 | 39 | .\" |
40 | .TH sasl_server_start "10 July 2001" SASL "SASL man pages" | |
40 | .TH sasl_server_start 3 "10 July 2001" SASL "SASL man pages" | |
41 | 41 | .SH NAME |
42 | 42 | sasl_server_start \- Begin an authentication negotiation |
43 | 43 | |
99 | 99 | session should be quit. |
100 | 100 | |
101 | 101 | .SH "CONFORMING TO" |
102 | RFC 2222 | |
102 | RFC 4422 | |
103 | 103 | .SH "SEE ALSO" |
104 | 104 | sasl(3), sasl_errors(3), sasl_server_init(3), sasl_server_new(3), sasl_server_step(3) |
37 | 37 | .\" AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING |
38 | 38 | .\" OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. |
39 | 39 | .\" |
40 | .TH sasl_server_step "10 July 2001" SASL "SASL man pages" | |
40 | .TH sasl_server_step 3 "10 July 2001" SASL "SASL man pages" | |
41 | 41 | .SH NAME |
42 | 42 | sasl_server_step \- Perform a step in the authentication negotiation |
43 | 43 | |
84 | 84 | should either be handled or the authentication session should be quit. |
85 | 85 | |
86 | 86 | .SH "CONFORMING TO" |
87 | RFC 2222 | |
87 | RFC 4422 | |
88 | 88 | .SH "SEE ALSO" |
89 | 89 | sasl(3), sasl_errors(3), sasl_server_init(3), sasl_server_new(3), sasl_server_start(3) |
37 | 37 | .\" AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING |
38 | 38 | .\" OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. |
39 | 39 | .\" |
40 | .TH sasl_server_userdb_checkpass_t "10 July 2001" SASL "SASL man pages" | |
40 | .TH sasl_server_userdb_checkpass_t 3 "10 July 2001" SASL "SASL man pages" | |
41 | 41 | .SH NAME |
42 | 42 | sasl_server_userdb_checkpass_t \- Plaintext Password Verification Callback |
43 | 43 |
37 | 37 | .\" AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING |
38 | 38 | .\" OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. |
39 | 39 | .\" |
40 | .TH sasl_server_userdb_setpass_t "10 July 2001" SASL "SASL man pages" | |
40 | .TH sasl_server_userdb_setpass_t 3 "10 July 2001" SASL "SASL man pages" | |
41 | 41 | .SH NAME |
42 | 42 | sasl_server_userdb_setpass_t \- UserDB Plaintext Password Setting Callback |
43 | 43 |
37 | 37 | .\" AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING |
38 | 38 | .\" OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. |
39 | 39 | .\" |
40 | .TH sasl_setpass "10 July 2001" SASL "SASL man pages" | |
40 | .TH sasl_setpass 3 "10 July 2001" SASL "SASL man pages" | |
41 | 41 | .SH NAME |
42 | 42 | sasl_setpass \- Check a plaintext password |
43 | 43 | .SH SYNOPSIS |
85 | 85 | Returns SASL_OK on success. SASL error code on failure. |
86 | 86 | |
87 | 87 | .SH "CONFORMING TO" |
88 | RFC 2222 | |
88 | RFC 4422 | |
89 | 89 | .SH "SEE ALSO" |
90 | 90 | sasl(3), sasl_errors(3), sasl_checkpass(3)⏎ |
37 | 37 | .\" AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING |
38 | 38 | .\" OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. |
39 | 39 | .\" |
40 | .TH sasl_setprop "10 July 2001" SASL "SASL man pages" | |
40 | .TH sasl_setprop 3 "10 July 2001" SASL "SASL man pages" | |
41 | 41 | .SH NAME |
42 | 42 | sasl_setprop \- Set a SASL property |
43 | 43 | .SH SYNOPSIS |
77 | 77 | Returns SASL_OK on success. SASL error code on failure. |
78 | 78 | |
79 | 79 | .SH "CONFORMING TO" |
80 | RFC 2222 | |
80 | RFC 4422 | |
81 | 81 | .SH "SEE ALSO" |
82 | 82 | sasl(3), sasl_errors(3) |
37 | 37 | .\" AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING |
38 | 38 | .\" OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. |
39 | 39 | .\" |
40 | .TH sasl_user_exists "10 July 2001" SASL "SASL man pages" | |
40 | .TH sasl_user_exists 3 "10 July 2001" SASL "SASL man pages" | |
41 | 41 | .SH NAME |
42 | 42 | sasl_user_exists \- Check if a user exists on server |
43 | 43 | |
72 | 72 | Returns SASL_OK on success. SASL error code on failure. |
73 | 73 | |
74 | 74 | .SH "CONFORMING TO" |
75 | RFC 2222 | |
75 | RFC 4422 | |
76 | 76 | .SH "SEE ALSO" |
77 | 77 | sasl(3), sasl_errors(3) |
37 | 37 | .\" AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING |
38 | 38 | .\" OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. |
39 | 39 | .\" |
40 | .TH sasl_verifyfile_t "10 July 2001" SASL "SASL man pages" | |
40 | .TH sasl_verifyfile_t 3 "10 July 2001" SASL "SASL man pages" | |
41 | 41 | .SH NAME |
42 | 42 | sasl_verifyfile_t \- The SASL file verification |
43 | 43 |
0 | 0 | # Makefile.am for the SASL plugins |
1 | 1 | # Rob Siemborski |
2 | 2 | # Rob Earhart |
3 | # $Id: Makefile.am,v 1.78.2.1 2009/04/27 17:58:26 murch Exp $ | |
3 | # $Id: Makefile.am,v 1.80 2009/05/07 13:49:31 murch Exp $ | |
4 | 4 | # |
5 | 5 | ################################################################ |
6 | 6 | # Copyright (c) 2000 Carnegie Mellon University. All rights reserved. |
45 | 45 | |
46 | 46 | # Library version info - here at the top, for sanity |
47 | 47 | # CURRENT:REVISION:AGE |
48 | anonymous_version = 2:23:0 | |
49 | digestmd5_version = 2:23:0 | |
50 | kerberos4_version = 2:23:0 | |
51 | gssapiv2_version = 2:23:0 | |
52 | crammd5_version = 2:23:0 | |
53 | passdss_version = 2:23:0 | |
54 | sasldb_version = 2:23:0 | |
55 | login_version = 2:23:0 | |
56 | plain_version = 2:23:0 | |
57 | ntlm_version = 2:23:0 | |
58 | otp_version = 2:23:0 | |
59 | sql_version = 2:23:0 | |
60 | ldapdb_version = 2:23:0 | |
61 | srp_version = 2:23:0 | |
48 | plugin_version = 2:24:0 | |
62 | 49 | |
63 | 50 | INCLUDES=-I$(top_srcdir)/include -I$(top_srcdir)/lib -I$(top_srcdir)/sasldb -I$(top_builddir)/include |
64 | AM_LDFLAGS = -module -export-dynamic -rpath $(plugindir) | |
51 | AM_LDFLAGS = -module -export-dynamic -rpath $(plugindir) -version-info $(plugin_version) | |
65 | 52 | |
66 | 53 | COMPAT_OBJS = @LTGETADDRINFOOBJS@ @LTGETNAMEINFOOBJS@ @LTSNPRINTFOBJS@ |
67 | 54 | |
81 | 68 | libntlm.la libpassdss.la libsasldb.la libsql.la libldapdb.la |
82 | 69 | |
83 | 70 | libplain_la_SOURCES = plain.c plain_init.c $(common_sources) |
84 | libplain_la_LDFLAGS = -version-info $(plain_version) | |
85 | 71 | libplain_la_DEPENDENCIES = $(COMPAT_OBJS) |
86 | 72 | libplain_la_LIBADD = $(PLAIN_LIBS) $(COMPAT_OBJS) |
87 | 73 | |
88 | 74 | libanonymous_la_SOURCES = anonymous.c anonymous_init.c $(common_sources) |
89 | libanonymous_la_LDFLAGS = -version-info $(anonymous_version) | |
90 | 75 | libanonymous_la_DEPENDENCIES = $(COMPAT_OBJS) |
91 | 76 | libanonymous_la_LIBADD = $(COMPAT_OBJS) |
92 | 77 | |
93 | 78 | libkerberos4_la_SOURCES = kerberos4.c kerberos4_init.c $(common_sources) |
94 | libkerberos4_la_LDFLAGS = -version-info $(kerberos4_version) | |
95 | 79 | libkerberos4_la_DEPENDENCIES = $(COMPAT_OBJS) |
96 | 80 | libkerberos4_la_LIBADD = $(SASL_KRB_LIB) $(LIB_SOCKET) $(COMPAT_OBJS) |
97 | 81 | |
98 | 82 | libgssapiv2_la_SOURCES = gssapi.c gssapiv2_init.c $(common_sources) |
99 | libgssapiv2_la_LDFLAGS = -version-info $(gssapiv2_version) | |
100 | 83 | libgssapiv2_la_DEPENDENCIES = $(COMPAT_OBJS) |
101 | 84 | libgssapiv2_la_LIBADD = $(GSSAPIBASE_LIBS) $(GSSAPI_LIBS) $(LIB_SOCKET) $(COMPAT_OBJS) |
102 | 85 | |
103 | 86 | libcrammd5_la_SOURCES = cram.c crammd5_init.c $(common_sources) |
104 | libcrammd5_la_LDFLAGS = -version-info $(crammd5_version) | |
105 | 87 | libcrammd5_la_DEPENDENCIES = $(COMPAT_OBJS) |
106 | 88 | libcrammd5_la_LIBADD = $(COMPAT_OBJS) |
107 | 89 | |
108 | 90 | libdigestmd5_la_SOURCES = digestmd5.c digestmd5_init.c $(common_sources) |
109 | libdigestmd5_la_LDFLAGS = -version-info $(digestmd5_version) | |
110 | 91 | libdigestmd5_la_DEPENDENCIES = $(COMPAT_OBJS) |
111 | 92 | libdigestmd5_la_LIBADD = $(LIB_DES) $(LIB_SOCKET) $(COMPAT_OBJS) |
112 | 93 | |
113 | 94 | liblogin_la_SOURCES = login.c login_init.c $(common_sources) |
114 | liblogin_la_LDFLAGS = -version-info $(login_version) | |
115 | 95 | liblogin_la_DEPENDENCIES = $(COMPAT_OBJS) |
116 | 96 | liblogin_la_LIBADD = $(PLAIN_LIBS) $(COMPAT_OBJS) |
117 | 97 | |
118 | 98 | libsrp_la_SOURCES = srp.c srp_init.c $(common_sources) |
119 | libsrp_la_LDFLAGS = -version-info $(srp_version) | |
120 | 99 | libsrp_la_DEPENDENCIES = $(COMPAT_OBJS) |
121 | 100 | libsrp_la_LIBADD = $(SRP_LIBS) $(COMPAT_OBJS) |
122 | 101 | |
123 | 102 | libotp_la_SOURCES = otp.c otp_init.c otp.h $(common_sources) |
124 | libotp_la_LDFLAGS = -version-info $(otp_version) | |
125 | 103 | libotp_la_DEPENDENCIES = $(COMPAT_OBJS) |
126 | 104 | libotp_la_LIBADD = $(OTP_LIBS) $(COMPAT_OBJS) |
127 | 105 | |
128 | 106 | libntlm_la_SOURCES = ntlm.c ntlm_init.c $(common_sources) |
129 | libntlm_la_LDFLAGS = -version-info $(ntlm_version) | |
130 | 107 | libntlm_la_DEPENDENCIES = $(COMPAT_OBJS) |
131 | 108 | libntlm_la_LIBADD = $(NTLM_LIBS) $(COMPAT_OBJS) |
132 | 109 | |
133 | 110 | libpassdss_la_SOURCES = passdss.c passdss_init.c $(common_sources) |
134 | libpassdss_la_LDFLAGS = -version-info $(passdss_version) | |
135 | 111 | libpassdss_la_DEPENDENCIES = $(COMPAT_OBJS) |
136 | 112 | libpassdss_la_LIBADD = $(PASSDSS_LIBS) $(COMPAT_OBJS) |
137 | 113 | |
138 | 114 | # Auxprop Plugins |
139 | 115 | libsasldb_la_SOURCES = sasldb.c sasldb_init.c $(common_sources) |
140 | libsasldb_la_LDFLAGS = -version-info $(sasldb_version) | |
141 | 116 | libsasldb_la_DEPENDENCIES = $(COMPAT_OBJS) |
142 | 117 | libsasldb_la_LIBADD = ../sasldb/libsasldb.la $(SASL_DB_LIB) $(COMPAT_OBJS) |
143 | 118 | |
144 | 119 | libldapdb_la_SOURCES = ldapdb.c ldapdb_init.c $(common_sources) |
145 | libldapdb_la_LDFLAGS = $(LIB_LDAP) -version-info $(ldapdb_version) | |
146 | 120 | libldapdb_la_DEPENDENCIES = $(COMPAT_OBJS) |
147 | 121 | libldapdb_la_LIBADD = $(COMPAT_OBJS) |
148 | 122 | |
149 | 123 | libsql_la_SOURCES = sql.c sql_init.c $(common_sources) |
150 | libsql_la_LDFLAGS = $(LIB_MYSQL) $(LIB_PGSQL) $(LIB_SQLITE) -version-info $(sql_version) | |
124 | libsql_la_LDFLAGS = $(LIB_MYSQL) $(LIB_PGSQL) $(LIB_SQLITE) $(AM_LDFLAGS) | |
151 | 125 | libsql_la_DEPENDENCIES = $(COMPAT_OBJS) |
152 | 126 | libsql_la_LIBADD = $(COMPAT_OBJS) |
153 | 127 |
16 | 16 | # Makefile.am for the SASL plugins |
17 | 17 | # Rob Siemborski |
18 | 18 | # Rob Earhart |
19 | # $Id: Makefile.am,v 1.78.2.1 2009/04/27 17:58:26 murch Exp $ | |
19 | # $Id: Makefile.am,v 1.80 2009/05/07 13:49:31 murch Exp $ | |
20 | 20 | # |
21 | 21 | ################################################################ |
22 | 22 | # Copyright (c) 2000 Carnegie Mellon University. All rights reserved. |
135 | 135 | LIB_PGSQL = @LIB_PGSQL@ |
136 | 136 | LIB_SOCKET = @LIB_SOCKET@ |
137 | 137 | LIB_SQLITE = @LIB_SQLITE@ |
138 | LIB_SQLITE3 = @LIB_SQLITE3@ | |
138 | 139 | LN_S = @LN_S@ |
139 | 140 | LTGETADDRINFOOBJS = @LTGETADDRINFOOBJS@ |
140 | 141 | LTGETNAMEINFOOBJS = @LTGETNAMEINFOOBJS@ |
237 | 238 | |
238 | 239 | # Library version info - here at the top, for sanity |
239 | 240 | # CURRENT:REVISION:AGE |
240 | anonymous_version = 2:23:0 | |
241 | digestmd5_version = 2:23:0 | |
242 | kerberos4_version = 2:23:0 | |
243 | gssapiv2_version = 2:23:0 | |
244 | crammd5_version = 2:23:0 | |
245 | passdss_version = 2:23:0 | |
246 | sasldb_version = 2:23:0 | |
247 | login_version = 2:23:0 | |
248 | plain_version = 2:23:0 | |
249 | ntlm_version = 2:23:0 | |
250 | otp_version = 2:23:0 | |
251 | sql_version = 2:23:0 | |
252 | ldapdb_version = 2:23:0 | |
253 | srp_version = 2:23:0 | |
241 | plugin_version = 2:24:0 | |
254 | 242 | |
255 | 243 | INCLUDES = -I$(top_srcdir)/include -I$(top_srcdir)/lib -I$(top_srcdir)/sasldb -I$(top_builddir)/include |
256 | AM_LDFLAGS = -module -export-dynamic -rpath $(plugindir) | |
244 | AM_LDFLAGS = -module -export-dynamic -rpath $(plugindir) -version-info $(plugin_version) | |
257 | 245 | |
258 | 246 | COMPAT_OBJS = @LTGETADDRINFOOBJS@ @LTGETNAMEINFOOBJS@ @LTSNPRINTFOBJS@ |
259 | 247 | |
270 | 258 | |
271 | 259 | |
272 | 260 | libplain_la_SOURCES = plain.c plain_init.c $(common_sources) |
273 | libplain_la_LDFLAGS = -version-info $(plain_version) | |
274 | 261 | libplain_la_DEPENDENCIES = $(COMPAT_OBJS) |
275 | 262 | libplain_la_LIBADD = $(PLAIN_LIBS) $(COMPAT_OBJS) |
276 | 263 | |
277 | 264 | libanonymous_la_SOURCES = anonymous.c anonymous_init.c $(common_sources) |
278 | libanonymous_la_LDFLAGS = -version-info $(anonymous_version) | |
279 | 265 | libanonymous_la_DEPENDENCIES = $(COMPAT_OBJS) |
280 | 266 | libanonymous_la_LIBADD = $(COMPAT_OBJS) |
281 | 267 | |
282 | 268 | libkerberos4_la_SOURCES = kerberos4.c kerberos4_init.c $(common_sources) |
283 | libkerberos4_la_LDFLAGS = -version-info $(kerberos4_version) | |
284 | 269 | libkerberos4_la_DEPENDENCIES = $(COMPAT_OBJS) |
285 | 270 | libkerberos4_la_LIBADD = $(SASL_KRB_LIB) $(LIB_SOCKET) $(COMPAT_OBJS) |
286 | 271 | |
287 | 272 | libgssapiv2_la_SOURCES = gssapi.c gssapiv2_init.c $(common_sources) |
288 | libgssapiv2_la_LDFLAGS = -version-info $(gssapiv2_version) | |
289 | 273 | libgssapiv2_la_DEPENDENCIES = $(COMPAT_OBJS) |
290 | 274 | libgssapiv2_la_LIBADD = $(GSSAPIBASE_LIBS) $(GSSAPI_LIBS) $(LIB_SOCKET) $(COMPAT_OBJS) |
291 | 275 | |
292 | 276 | libcrammd5_la_SOURCES = cram.c crammd5_init.c $(common_sources) |
293 | libcrammd5_la_LDFLAGS = -version-info $(crammd5_version) | |
294 | 277 | libcrammd5_la_DEPENDENCIES = $(COMPAT_OBJS) |
295 | 278 | libcrammd5_la_LIBADD = $(COMPAT_OBJS) |
296 | 279 | |
297 | 280 | libdigestmd5_la_SOURCES = digestmd5.c digestmd5_init.c $(common_sources) |
298 | libdigestmd5_la_LDFLAGS = -version-info $(digestmd5_version) | |
299 | 281 | libdigestmd5_la_DEPENDENCIES = $(COMPAT_OBJS) |
300 | 282 | libdigestmd5_la_LIBADD = $(LIB_DES) $(LIB_SOCKET) $(COMPAT_OBJS) |
301 | 283 | |
302 | 284 | liblogin_la_SOURCES = login.c login_init.c $(common_sources) |
303 | liblogin_la_LDFLAGS = -version-info $(login_version) | |
304 | 285 | liblogin_la_DEPENDENCIES = $(COMPAT_OBJS) |
305 | 286 | liblogin_la_LIBADD = $(PLAIN_LIBS) $(COMPAT_OBJS) |
306 | 287 | |
307 | 288 | libsrp_la_SOURCES = srp.c srp_init.c $(common_sources) |
308 | libsrp_la_LDFLAGS = -version-info $(srp_version) | |
309 | 289 | libsrp_la_DEPENDENCIES = $(COMPAT_OBJS) |
310 | 290 | libsrp_la_LIBADD = $(SRP_LIBS) $(COMPAT_OBJS) |
311 | 291 | |
312 | 292 | libotp_la_SOURCES = otp.c otp_init.c otp.h $(common_sources) |
313 | libotp_la_LDFLAGS = -version-info $(otp_version) | |
314 | 293 | libotp_la_DEPENDENCIES = $(COMPAT_OBJS) |
315 | 294 | libotp_la_LIBADD = $(OTP_LIBS) $(COMPAT_OBJS) |
316 | 295 | |
317 | 296 | libntlm_la_SOURCES = ntlm.c ntlm_init.c $(common_sources) |
318 | libntlm_la_LDFLAGS = -version-info $(ntlm_version) | |
319 | 297 | libntlm_la_DEPENDENCIES = $(COMPAT_OBJS) |
320 | 298 | libntlm_la_LIBADD = $(NTLM_LIBS) $(COMPAT_OBJS) |
321 | 299 | |
322 | 300 | libpassdss_la_SOURCES = passdss.c passdss_init.c $(common_sources) |
323 | libpassdss_la_LDFLAGS = -version-info $(passdss_version) | |
324 | 301 | libpassdss_la_DEPENDENCIES = $(COMPAT_OBJS) |
325 | 302 | libpassdss_la_LIBADD = $(PASSDSS_LIBS) $(COMPAT_OBJS) |
326 | 303 | |
327 | 304 | # Auxprop Plugins |
328 | 305 | libsasldb_la_SOURCES = sasldb.c sasldb_init.c $(common_sources) |
329 | libsasldb_la_LDFLAGS = -version-info $(sasldb_version) | |
330 | 306 | libsasldb_la_DEPENDENCIES = $(COMPAT_OBJS) |
331 | 307 | libsasldb_la_LIBADD = ../sasldb/libsasldb.la $(SASL_DB_LIB) $(COMPAT_OBJS) |
332 | 308 | |
333 | 309 | libldapdb_la_SOURCES = ldapdb.c ldapdb_init.c $(common_sources) |
334 | libldapdb_la_LDFLAGS = $(LIB_LDAP) -version-info $(ldapdb_version) | |
335 | 310 | libldapdb_la_DEPENDENCIES = $(COMPAT_OBJS) |
336 | 311 | libldapdb_la_LIBADD = $(COMPAT_OBJS) |
337 | 312 | |
338 | 313 | libsql_la_SOURCES = sql.c sql_init.c $(common_sources) |
339 | libsql_la_LDFLAGS = $(LIB_MYSQL) $(LIB_PGSQL) $(LIB_SQLITE) -version-info $(sql_version) | |
314 | libsql_la_LDFLAGS = $(LIB_MYSQL) $(LIB_PGSQL) $(LIB_SQLITE) $(AM_LDFLAGS) | |
340 | 315 | libsql_la_DEPENDENCIES = $(COMPAT_OBJS) |
341 | 316 | libsql_la_LIBADD = $(COMPAT_OBJS) |
342 | 317 | |
355 | 330 | CONFIG_CLEAN_FILES = |
356 | 331 | LTLIBRARIES = $(sasl_LTLIBRARIES) |
357 | 332 | |
333 | libanonymous_la_LDFLAGS = | |
358 | 334 | am__objects_1 = plugin_common.lo |
359 | 335 | am_libanonymous_la_OBJECTS = anonymous.lo anonymous_init.lo \ |
360 | 336 | $(am__objects_1) |
361 | 337 | libanonymous_la_OBJECTS = $(am_libanonymous_la_OBJECTS) |
338 | libcrammd5_la_LDFLAGS = | |
362 | 339 | am_libcrammd5_la_OBJECTS = cram.lo crammd5_init.lo $(am__objects_1) |
363 | 340 | libcrammd5_la_OBJECTS = $(am_libcrammd5_la_OBJECTS) |
341 | libdigestmd5_la_LDFLAGS = | |
364 | 342 | am_libdigestmd5_la_OBJECTS = digestmd5.lo digestmd5_init.lo \ |
365 | 343 | $(am__objects_1) |
366 | 344 | libdigestmd5_la_OBJECTS = $(am_libdigestmd5_la_OBJECTS) |
345 | libgssapiv2_la_LDFLAGS = | |
367 | 346 | am_libgssapiv2_la_OBJECTS = gssapi.lo gssapiv2_init.lo $(am__objects_1) |
368 | 347 | libgssapiv2_la_OBJECTS = $(am_libgssapiv2_la_OBJECTS) |
348 | libkerberos4_la_LDFLAGS = | |
369 | 349 | am_libkerberos4_la_OBJECTS = kerberos4.lo kerberos4_init.lo \ |
370 | 350 | $(am__objects_1) |
371 | 351 | libkerberos4_la_OBJECTS = $(am_libkerberos4_la_OBJECTS) |
352 | libldapdb_la_LDFLAGS = | |
372 | 353 | am_libldapdb_la_OBJECTS = ldapdb.lo ldapdb_init.lo $(am__objects_1) |
373 | 354 | libldapdb_la_OBJECTS = $(am_libldapdb_la_OBJECTS) |
355 | liblogin_la_LDFLAGS = | |
374 | 356 | am_liblogin_la_OBJECTS = login.lo login_init.lo $(am__objects_1) |
375 | 357 | liblogin_la_OBJECTS = $(am_liblogin_la_OBJECTS) |
358 | libntlm_la_LDFLAGS = | |
376 | 359 | am_libntlm_la_OBJECTS = ntlm.lo ntlm_init.lo $(am__objects_1) |
377 | 360 | libntlm_la_OBJECTS = $(am_libntlm_la_OBJECTS) |
361 | libotp_la_LDFLAGS = | |
378 | 362 | am_libotp_la_OBJECTS = otp.lo otp_init.lo $(am__objects_1) |
379 | 363 | libotp_la_OBJECTS = $(am_libotp_la_OBJECTS) |
364 | libpassdss_la_LDFLAGS = | |
380 | 365 | am_libpassdss_la_OBJECTS = passdss.lo passdss_init.lo $(am__objects_1) |
381 | 366 | libpassdss_la_OBJECTS = $(am_libpassdss_la_OBJECTS) |
367 | libplain_la_LDFLAGS = | |
382 | 368 | am_libplain_la_OBJECTS = plain.lo plain_init.lo $(am__objects_1) |
383 | 369 | libplain_la_OBJECTS = $(am_libplain_la_OBJECTS) |
370 | libsasldb_la_LDFLAGS = | |
384 | 371 | am_libsasldb_la_OBJECTS = sasldb.lo sasldb_init.lo $(am__objects_1) |
385 | 372 | libsasldb_la_OBJECTS = $(am_libsasldb_la_OBJECTS) |
386 | 373 | am_libsql_la_OBJECTS = sql.lo sql_init.lo $(am__objects_1) |
387 | 374 | libsql_la_OBJECTS = $(am_libsql_la_OBJECTS) |
375 | libsrp_la_LDFLAGS = | |
388 | 376 | am_libsrp_la_OBJECTS = srp.lo srp_init.lo $(am__objects_1) |
389 | 377 | libsrp_la_OBJECTS = $(am_libsrp_la_OBJECTS) |
390 | 378 | SCRIPTS = $(noinst_SCRIPTS) |
32 | 32 | PLUGINS_EXT=$(PLUGINS_EXT) saslSQLITE.dll |
33 | 33 | SQL_FLAGS= $(SQLITE_INCLUDES) /DHAVE_SQLITE=1 |
34 | 34 | SQLITE_LIBS = /libpath:$(SQLITE_LIBPATH) libsqlite.lib |
35 | !ENDIF | |
36 | !IF "$(SQL)" == "SQLITE3" | |
37 | PLUGINS_EXT=$(PLUGINS_EXT) saslSQLITE.dll | |
38 | SQL_FLAGS= $(SQLITE_INCLUDES3) /DHAVE_SQLITE3=1 | |
39 | SQLITE_LIBS = /libpath:$(SQLITE_LIBPATH3) libsqlite3.lib | |
35 | 40 | !ENDIF |
36 | 41 | |
37 | 42 | PLUGINS=saslANONYMOUS.dll \ |
178 | 183 | saslANONYMOUS.dll: $(saslANONYMOUS_objs) saslANONYMOUS.res |
179 | 184 | $(LINK32DLL) @<< $(LINK32DLL_FLAGS) /out:"saslANONYMOUS.dll" /implib:"saslANONYMOUS.lib" $(saslANONYMOUS_objs) saslANONYMOUS.res |
180 | 185 | << |
186 | IF EXIST $@.manifest mt -manifest $@.manifest -outputresource:$@;2 | |
181 | 187 | |
182 | 188 | saslPLAIN.dll: $(saslPLAIN_objs) saslPLAIN.res |
183 | 189 | $(LINK32DLL) @<< $(LINK32DLL_FLAGS) /out:"saslPLAIN.dll" /implib:"saslPLAIN.lib" $(saslPLAIN_objs) saslPLAIN.res |
184 | 190 | << |
191 | IF EXIST $@.manifest mt -manifest $@.manifest -outputresource:$@;2 | |
185 | 192 | |
186 | 193 | saslCRAMMD5.dll: $(saslCRAMMD5_objs) saslCRAMMD5.res |
187 | 194 | $(LINK32DLL) @<< $(LINK32DLL_FLAGS) /out:"saslCRAMMD5.dll" /implib:"saslCRAMMD5.lib" $(saslCRAMMD5_objs) saslCRAMMD5.res |
188 | 195 | << |
196 | IF EXIST $@.manifest mt -manifest $@.manifest -outputresource:$@;2 | |
189 | 197 | |
190 | 198 | saslDIGESTMD5.dll: $(saslDIGESTMD5_objs) saslDIGESTMD5.res |
191 | 199 | $(LINK32DLL) @<< $(LINK32DLL_FLAGS) /out:"saslDIGESTMD5.dll" /implib:"saslDIGESTMD5.lib" $(saslDIGESTMD5_objs) saslDIGESTMD5.res |
192 | 200 | << |
201 | IF EXIST $@.manifest mt -manifest $@.manifest -outputresource:$@;2 | |
193 | 202 | |
194 | 203 | saslLOGIN.dll: $(saslLOGIN_objs) saslLOGIN.res |
195 | 204 | $(LINK32DLL) @<< $(LINK32DLL_FLAGS) /out:"saslLOGIN.dll" /implib:"saslLOGIN.lib" $(saslLOGIN_objs) saslLOGIN.res |
196 | 205 | << |
206 | IF EXIST $@.manifest mt -manifest $@.manifest -outputresource:$@;2 | |
197 | 207 | |
198 | 208 | saslNTLM.dll: $(saslNTLM_objs) saslNTLM.res |
199 | 209 | $(LINK32DLL) @<< $(OPENSSL_LIBS) $(LINK32DLL_FLAGS) /out:"saslNTLM.dll" /implib:"saslNTLM.lib" $(saslNTLM_objs) saslNTLM.res |
200 | 210 | << |
211 | IF EXIST $@.manifest mt -manifest $@.manifest -outputresource:$@;2 | |
201 | 212 | |
202 | 213 | saslGSSAPI.dll: $(saslGSSAPI_objs) saslGSSAPI.res |
203 | 214 | $(LINK32DLL) @<< $(GSS_LIBS) $(LINK32DLL_FLAGS) /out:"saslGSSAPI.dll" /implib:"saslGSSAPI.lib" $(saslGSSAPI_objs) saslGSSAPI.res |
204 | 215 | << |
216 | IF EXIST $@.manifest mt -manifest $@.manifest -outputresource:$@;2 | |
205 | 217 | |
206 | 218 | saslSRP.dll: $(saslSRP_objs) saslSRP.res |
207 | 219 | $(LINK32DLL) @<< $(OPENSSL_LIBS) $(LINK32DLL_FLAGS) /out:"saslSRP.dll" /implib:"saslSRP.lib" $(saslSRP_objs) saslSRP.res |
208 | 220 | << |
221 | IF EXIST $@.manifest mt -manifest $@.manifest -outputresource:$@;2 | |
209 | 222 | |
210 | 223 | saslOTP.dll: $(saslOTP_objs) saslOTP.res |
211 | 224 | $(LINK32DLL) @<< $(OPENSSL_LIBS) $(LINK32DLL_FLAGS) /out:"saslOTP.dll" /implib:"saslOTP.lib" $(saslOTP_objs) saslOTP.res |
212 | 225 | << |
226 | IF EXIST $@.manifest mt -manifest $@.manifest -outputresource:$@;2 | |
213 | 227 | |
214 | 228 | saslSASLDB.dll: $(saslSASLDB_objs) saslSASLDB.res |
215 | 229 | $(LINK32DLL) @<< $(DB_LIBS) $(LINK32DLL_FLAGS) /out:"saslSASLDB.dll" /implib:"saslSASLDB.lib" $(saslSASLDB_objs) saslSASLDB.res |
216 | 230 | << |
231 | IF EXIST $@.manifest mt -manifest $@.manifest -outputresource:$@;2 | |
217 | 232 | |
218 | 233 | saslSQLITE.dll: $(saslSQL_objs) saslSQLITE.res |
219 | 234 | $(LINK32DLL) @<< $(SQLITE_LIBS) $(LINK32DLL_FLAGS) /out:"saslSQLITE.dll" /implib:"saslSQLITE.lib" $(saslSQL_objs) saslSQLITE.res |
220 | 235 | << |
236 | IF EXIST $@.manifest mt -manifest $@.manifest -outputresource:$@;2 | |
221 | 237 | |
222 | 238 | saslLDAPDB.dll: $(saslLDAPDB_objs) saslLDAPDB.res |
223 | 239 | $(LINK32DLL) @<< $(LDAP_LIBS) $(OPENSSL_LIBS) $(LINK32DLL_FLAGS) /out:"saslLDAPDB.dll" /implib:"saslLDAPDB.lib" $(saslLDAPDB_objs) saslLDAPDB.res |
224 | 240 | << |
241 | IF EXIST $@.manifest mt -manifest $@.manifest -outputresource:$@;2 | |
225 | 242 | |
226 | 243 | CLEAN : |
227 | 244 | -@erase $(all_objs) |
228 | 245 | -@erase "*.idb" |
229 | 246 | -@erase "*.pdb" |
247 | -@erase "*.manifest" | |
230 | 248 | -@erase getaddrinfo.c |
231 | 249 | -@erase allockey.c |
232 | 250 | -@erase db_berkeley.c |
278 | 296 | VALUE "FileDescription", "CMU SASL $(@B) plugin\0" |
279 | 297 | VALUE "FileVersion", "$(SASL_VERSION_MAJOR).$(SASL_VERSION_MINOR).$(SASL_VERSION_STEP).0\0" |
280 | 298 | VALUE "InternalName", "$(@B)\0" |
281 | VALUE "LegalCopyright", "Copyright (c) Carnegie Mellon University 2005\0" | |
299 | VALUE "LegalCopyright", "Copyright (c) Carnegie Mellon University 2002-2009\0" | |
282 | 300 | VALUE "OriginalFilename", "$(@B).dll\0" |
283 | 301 | VALUE "ProductName", "Carnegie Mellon University SASL\0" |
284 | 302 | VALUE "ProductVersion", "$(SASL_VERSION_MAJOR).$(SASL_VERSION_MINOR).$(SASL_VERSION_STEP)-0" |
0 | 0 | /* Anonymous SASL plugin |
1 | 1 | * Rob Siemborski |
2 | 2 | * Tim Martin |
3 | * $Id: anonymous.c,v 1.51 2004/09/08 11:10:52 mel Exp $ | |
3 | * $Id: anonymous.c,v 1.53 2009/02/13 14:46:47 mel Exp $ | |
4 | 4 | */ |
5 | 5 | /* |
6 | 6 | * Copyright (c) 1998-2003 Carnegie Mellon University. All rights reserved. |
59 | 59 | |
60 | 60 | /***************************** Common Section *****************************/ |
61 | 61 | |
62 | static const char plugin_id[] = "$Id: anonymous.c,v 1.51 2004/09/08 11:10:52 mel Exp $"; | |
62 | static const char plugin_id[] = "$Id: anonymous.c,v 1.53 2009/02/13 14:46:47 mel Exp $"; | |
63 | 63 | |
64 | 64 | static const char anonymous_id[] = "anonymous"; |
65 | 65 | |
156 | 156 | "ANONYMOUS", /* mech_name */ |
157 | 157 | 0, /* max_ssf */ |
158 | 158 | SASL_SEC_NOPLAINTEXT, /* security_flags */ |
159 | SASL_FEAT_WANT_CLIENT_FIRST, /* features */ | |
159 | SASL_FEAT_WANT_CLIENT_FIRST | |
160 | | SASL_FEAT_DONTUSE_USERPASSWD, /* features */ | |
160 | 161 | NULL, /* glob_context */ |
161 | 162 | &anonymous_server_mech_new, /* mech_new */ |
162 | 163 | &anonymous_server_mech_step, /* mech_step */ |
346 | 347 | utils->free(text); |
347 | 348 | } |
348 | 349 | |
349 | static const long anonymous_required_prompts[] = { | |
350 | static const unsigned long anonymous_required_prompts[] = { | |
350 | 351 | SASL_CB_LIST_END |
351 | 352 | }; |
352 | 353 |
2 | 2 | * Rob Siemborski |
3 | 3 | * Tim Martin |
4 | 4 | * Alexey Melnikov |
5 | * $Id: digestmd5.c,v 1.180 2006/04/26 17:39:26 mel Exp $ | |
5 | * $Id: digestmd5.c,v 1.190 2009/02/20 22:55:58 mel Exp $ | |
6 | 6 | */ |
7 | 7 | /* |
8 | 8 | * Copyright (c) 1998-2003 Carnegie Mellon University. All rights reserved. |
121 | 121 | |
122 | 122 | /***************************** Common Section *****************************/ |
123 | 123 | |
124 | static const char plugin_id[] = "$Id: digestmd5.c,v 1.180 2006/04/26 17:39:26 mel Exp $"; | |
124 | static const char plugin_id[] = "$Id: digestmd5.c,v 1.190 2009/02/20 22:55:58 mel Exp $"; | |
125 | 125 | |
126 | 126 | /* Definitions */ |
127 | 127 | #define NONCE_SIZE (32) /* arbitrary */ |
203 | 203 | enum Context_type i_am; /* are we the client or server? */ |
204 | 204 | time_t timeout; |
205 | 205 | void *mutex; |
206 | size_t size; | |
206 | unsigned size; | |
207 | 207 | |
208 | 208 | reauth_entry_t *e; /* fixed-size hash table of entries */ |
209 | 209 | } reauth_cache_t; |
274 | 274 | cipher_init_t *cipher_init; |
275 | 275 | cipher_free_t *cipher_free; |
276 | 276 | }; |
277 | ||
277 | #if 0 | |
278 | 278 | static const unsigned char *COLON = ":"; |
279 | ||
279 | #else | |
280 | static const unsigned char COLON[] = { ':', '\0' }; | |
281 | #endif | |
280 | 282 | /* Hashes a string to produce an unsigned short */ |
281 | 283 | static unsigned hash(const char *str) |
282 | 284 | { |
340 | 342 | utils->MD5Init(&Md5Ctx); |
341 | 343 | |
342 | 344 | if (pszMethod != NULL) { |
343 | utils->MD5Update(&Md5Ctx, pszMethod, strlen((char *) pszMethod)); | |
344 | } | |
345 | utils->MD5Update(&Md5Ctx, (unsigned char *) COLON, 1); | |
345 | utils->MD5Update(&Md5Ctx, pszMethod, (unsigned) strlen((char *) pszMethod)); | |
346 | } | |
347 | utils->MD5Update(&Md5Ctx, COLON, 1); | |
346 | 348 | |
347 | 349 | /* utils->MD5Update(&Md5Ctx, (unsigned char *) "AUTHENTICATE:", 13); */ |
348 | utils->MD5Update(&Md5Ctx, pszDigestUri, strlen((char *) pszDigestUri)); | |
350 | utils->MD5Update(&Md5Ctx, pszDigestUri, (unsigned) strlen((char *) pszDigestUri)); | |
349 | 351 | if (strcasecmp((char *) pszQop, "auth") != 0) { |
350 | 352 | /* append ":00000000000000000000000000000000" */ |
351 | 353 | utils->MD5Update(&Md5Ctx, COLON, 1); |
358 | 360 | utils->MD5Init(&Md5Ctx); |
359 | 361 | utils->MD5Update(&Md5Ctx, HA1, HASHHEXLEN); |
360 | 362 | utils->MD5Update(&Md5Ctx, COLON, 1); |
361 | utils->MD5Update(&Md5Ctx, pszNonce, strlen((char *) pszNonce)); | |
363 | utils->MD5Update(&Md5Ctx, pszNonce, (unsigned) strlen((char *) pszNonce)); | |
362 | 364 | utils->MD5Update(&Md5Ctx, COLON, 1); |
363 | 365 | if (*pszQop) { |
364 | 366 | sprintf(ncvalue, "%08x", pszNonceCount); |
365 | utils->MD5Update(&Md5Ctx, ncvalue, strlen(ncvalue)); | |
367 | utils->MD5Update(&Md5Ctx, (unsigned char *) ncvalue, (unsigned) strlen(ncvalue)); | |
366 | 368 | utils->MD5Update(&Md5Ctx, COLON, 1); |
367 | utils->MD5Update(&Md5Ctx, pszCNonce, strlen((char *) pszCNonce)); | |
369 | utils->MD5Update(&Md5Ctx, pszCNonce, (unsigned) strlen((char *) pszCNonce)); | |
368 | 370 | utils->MD5Update(&Md5Ctx, COLON, 1); |
369 | utils->MD5Update(&Md5Ctx, pszQop, strlen((char *) pszQop)); | |
371 | utils->MD5Update(&Md5Ctx, pszQop, (unsigned) strlen((char *) pszQop)); | |
370 | 372 | utils->MD5Update(&Md5Ctx, COLON, 1); |
371 | 373 | } |
372 | 374 | utils->MD5Update(&Md5Ctx, HA2Hex, HASHHEXLEN); |
374 | 376 | CvtHex(RespHash, Response); |
375 | 377 | } |
376 | 378 | |
377 | static bool UTF8_In_8859_1(const unsigned char *base, int len) | |
379 | static bool UTF8_In_8859_1(const unsigned char *base, size_t len) | |
378 | 380 | { |
379 | 381 | const unsigned char *scan, *end; |
380 | 382 | |
416 | 418 | do { |
417 | 419 | for (scan = base; scan < end && *scan < 0xC0; ++scan); |
418 | 420 | if (scan != base) |
419 | utils->MD5Update(ctx, base, scan - base); | |
421 | utils->MD5Update(ctx, base, (unsigned) (scan - base)); | |
420 | 422 | if (scan + 1 >= end) |
421 | 423 | break; |
422 | 424 | cbuf = ((scan[0] & 0x3) << 6) | (scan[1] & 0x3f); |
446 | 448 | /* We have to convert UTF-8 to ISO-8859-1 if possible */ |
447 | 449 | In_8859_1 = UTF8_In_8859_1(pszUserName, strlen((char *) pszUserName)); |
448 | 450 | MD5_UTF8_8859_1(utils, &Md5Ctx, In_8859_1, |
449 | pszUserName, strlen((char *) pszUserName)); | |
451 | pszUserName, (unsigned) strlen((char *) pszUserName)); | |
450 | 452 | |
451 | 453 | utils->MD5Update(&Md5Ctx, COLON, 1); |
452 | 454 | |
455 | 457 | /* We have to convert UTF-8 to ISO-8859-1 if possible */ |
456 | 458 | In_8859_1 = UTF8_In_8859_1(pszRealm, strlen((char *) pszRealm)); |
457 | 459 | MD5_UTF8_8859_1(utils, &Md5Ctx, In_8859_1, |
458 | pszRealm, strlen((char *) pszRealm)); | |
460 | pszRealm, (unsigned) strlen((char *) pszRealm)); | |
459 | 461 | } |
460 | 462 | |
461 | 463 | utils->MD5Update(&Md5Ctx, COLON, 1); |
507 | 509 | unsigned char *value, |
508 | 510 | bool need_quotes) |
509 | 511 | { |
510 | int namesize = strlen(name); | |
511 | int valuesize = strlen((char *) value); | |
512 | size_t namesize = strlen(name); | |
513 | size_t valuesize = strlen((char *) value); | |
514 | unsigned newlen; | |
512 | 515 | int ret; |
513 | 516 | |
514 | ret = _plug_buf_alloc(utils, str, buflen, | |
515 | *curlen + 1 + namesize + 2 + valuesize + 2); | |
517 | newlen = (unsigned) (*curlen + 1 + namesize + 2 + valuesize + 2); | |
518 | ret = _plug_buf_alloc(utils, str, buflen, newlen); | |
516 | 519 | if(ret != SASL_OK) return ret; |
517 | 520 | |
518 | 521 | if (*curlen > 0) { |
531 | 534 | valuesize = strlen(quoted); |
532 | 535 | /* As the quoted string is bigger, make sure we have enough |
533 | 536 | space now */ |
534 | ret = _plug_buf_alloc(utils, str, buflen, | |
535 | *curlen + 1 + namesize + 2 + valuesize + 2); | |
537 | ret = _plug_buf_alloc(utils, str, buflen, newlen); | |
536 | 538 | if (ret == SASL_OK) { |
537 | 539 | strcat(*str, quoted); |
538 | 540 | free (quoted); |
549 | 551 | strcat(*str, (char *) value); |
550 | 552 | } |
551 | 553 | |
552 | *curlen = *curlen + 1 + namesize + 2 + valuesize + 2; | |
554 | *curlen = newlen; | |
553 | 555 | return SASL_OK; |
554 | 556 | } |
555 | 557 | |
558 | static int is_lws_char (char c) | |
559 | { | |
560 | return (c == ' ' || c == HT || c == CR || c == LF); | |
561 | } | |
562 | ||
556 | 563 | static char *skip_lws (char *s) |
557 | 564 | { |
558 | 565 | if (!s) return NULL; |
559 | 566 | |
560 | 567 | /* skipping spaces: */ |
561 | while (s[0] == ' ' || s[0] == HT || s[0] == CR || s[0] == LF) { | |
568 | while (is_lws_char(s[0])) { | |
562 | 569 | if (s[0] == '\0') break; |
563 | 570 | s++; |
564 | 571 | } |
747 | 754 | static void get_pair(char **in, char **name, char **value) |
748 | 755 | { |
749 | 756 | char *endpair; |
750 | /* int inQuotes; */ | |
751 | 757 | char *curp = *in; |
752 | 758 | *name = NULL; |
753 | 759 | *value = NULL; |
754 | 760 | |
755 | 761 | if (curp == NULL) return; |
756 | if (curp[0] == '\0') return; | |
757 | ||
758 | /* skipping spaces: */ | |
759 | curp = skip_lws(curp); | |
760 | ||
762 | ||
763 | while (curp[0] != '\0') { | |
764 | /* skipping spaces: */ | |
765 | curp = skip_lws(curp); | |
766 | ||
767 | /* 'LWS "," LWS "," ...' is allowed by the DIGEST-MD5 ABNF */ | |
768 | if (curp[0] == ',') { | |
769 | curp++; | |
770 | } else { | |
771 | break; | |
772 | } | |
773 | } | |
774 | ||
775 | if (curp[0] == '\0') { | |
776 | /* End of the string is not an error */ | |
777 | *name = ""; | |
778 | return; | |
779 | } | |
780 | ||
761 | 781 | *name = curp; |
762 | 782 | |
763 | 783 | curp = skip_token(curp,1); |
784 | 804 | endpair = unquote (curp); |
785 | 805 | if (endpair == NULL) { /* Unbalanced quotes */ |
786 | 806 | *name = NULL; |
807 | *value = NULL; | |
787 | 808 | return; |
788 | 809 | } |
789 | if (endpair[0] != ',') { | |
790 | if (endpair[0]!='\0') { | |
791 | *endpair++ = '\0'; | |
792 | } | |
793 | } | |
794 | ||
795 | endpair = skip_lws(endpair); | |
796 | ||
810 | ||
811 | /* An optional LWS is allowed after the value. Skip it. */ | |
812 | if (is_lws_char (endpair[0])) { | |
813 | /* Remove the trailing LWS from the value */ | |
814 | *endpair++ = '\0'; | |
815 | endpair = skip_lws(endpair); | |
816 | } | |
817 | ||
797 | 818 | /* syntax check: MUST be '\0' or ',' */ |
798 | 819 | if (endpair[0] == ',') { |
799 | 820 | endpair[0] = '\0'; |
800 | 821 | endpair++; /* skipping <,> */ |
801 | 822 | } else if (endpair[0] != '\0') { |
802 | 823 | *name = NULL; |
824 | *value = NULL; | |
803 | 825 | return; |
804 | 826 | } |
805 | 827 | |
1264 | 1286 | static int create_layer_keys(context_t *text, |
1265 | 1287 | const sasl_utils_t *utils, |
1266 | 1288 | HASH key, int keylen, |
1267 | char enckey[16], char deckey[16]) | |
1289 | unsigned char enckey[16], | |
1290 | unsigned char deckey[16]) | |
1268 | 1291 | { |
1269 | 1292 | MD5_CTX Md5Ctx; |
1270 | 1293 | |
1294 | utils->log(utils->conn, SASL_LOG_DEBUG, | |
1295 | "DIGEST-MD5 create_layer_keys()"); | |
1296 | ||
1271 | 1297 | utils->MD5Init(&Md5Ctx); |
1272 | 1298 | utils->MD5Update(&Md5Ctx, key, keylen); |
1273 | 1299 | if (text->i_am == SERVER) { |
1274 | 1300 | utils->MD5Update(&Md5Ctx, (const unsigned char *) SEALING_SERVER_CLIENT, |
1275 | strlen(SEALING_SERVER_CLIENT)); | |
1301 | (unsigned) strlen(SEALING_SERVER_CLIENT)); | |
1276 | 1302 | } else { |
1277 | 1303 | utils->MD5Update(&Md5Ctx, (const unsigned char *) SEALING_CLIENT_SERVER, |
1278 | strlen(SEALING_CLIENT_SERVER)); | |
1279 | } | |
1280 | utils->MD5Final((unsigned char *) enckey, &Md5Ctx); | |
1304 | (unsigned) strlen(SEALING_CLIENT_SERVER)); | |
1305 | } | |
1306 | utils->MD5Final(enckey, &Md5Ctx); | |
1281 | 1307 | |
1282 | 1308 | utils->MD5Init(&Md5Ctx); |
1283 | 1309 | utils->MD5Update(&Md5Ctx, key, keylen); |
1284 | 1310 | if (text->i_am != SERVER) { |
1285 | utils->MD5Update(&Md5Ctx, (const unsigned char *)SEALING_SERVER_CLIENT, | |
1286 | strlen(SEALING_SERVER_CLIENT)); | |
1311 | utils->MD5Update(&Md5Ctx, (const unsigned char *) SEALING_SERVER_CLIENT, | |
1312 | (unsigned) strlen(SEALING_SERVER_CLIENT)); | |
1287 | 1313 | } else { |
1288 | utils->MD5Update(&Md5Ctx, (const unsigned char *)SEALING_CLIENT_SERVER, | |
1289 | strlen(SEALING_CLIENT_SERVER)); | |
1290 | } | |
1291 | utils->MD5Final((unsigned char *) deckey, &Md5Ctx); | |
1314 | utils->MD5Update(&Md5Ctx, (const unsigned char *) SEALING_CLIENT_SERVER, | |
1315 | (unsigned) strlen(SEALING_CLIENT_SERVER)); | |
1316 | } | |
1317 | utils->MD5Final(deckey, &Md5Ctx); | |
1292 | 1318 | |
1293 | 1319 | /* create integrity keys */ |
1294 | 1320 | /* sending */ |
1296 | 1322 | utils->MD5Update(&Md5Ctx, text->HA1, HASHLEN); |
1297 | 1323 | if (text->i_am == SERVER) { |
1298 | 1324 | utils->MD5Update(&Md5Ctx, (const unsigned char *)SIGNING_SERVER_CLIENT, |
1299 | strlen(SIGNING_SERVER_CLIENT)); | |
1325 | (unsigned) strlen(SIGNING_SERVER_CLIENT)); | |
1300 | 1326 | } else { |
1301 | 1327 | utils->MD5Update(&Md5Ctx, (const unsigned char *)SIGNING_CLIENT_SERVER, |
1302 | strlen(SIGNING_CLIENT_SERVER)); | |
1328 | (unsigned) strlen(SIGNING_CLIENT_SERVER)); | |
1303 | 1329 | } |
1304 | 1330 | utils->MD5Final(text->Ki_send, &Md5Ctx); |
1305 | 1331 | |
1308 | 1334 | utils->MD5Update(&Md5Ctx, text->HA1, HASHLEN); |
1309 | 1335 | if (text->i_am != SERVER) { |
1310 | 1336 | utils->MD5Update(&Md5Ctx, (const unsigned char *)SIGNING_SERVER_CLIENT, |
1311 | strlen(SIGNING_SERVER_CLIENT)); | |
1337 | (unsigned) strlen(SIGNING_SERVER_CLIENT)); | |
1312 | 1338 | } else { |
1313 | 1339 | utils->MD5Update(&Md5Ctx, (const unsigned char *)SIGNING_CLIENT_SERVER, |
1314 | strlen(SIGNING_CLIENT_SERVER)); | |
1340 | (unsigned) strlen(SIGNING_CLIENT_SERVER)); | |
1315 | 1341 | } |
1316 | 1342 | utils->MD5Final(text->Ki_receive, &Md5Ctx); |
1317 | 1343 | |
1397 | 1423 | text->utils->hmac_md5((const unsigned char *) text->encode_buf, |
1398 | 1424 | inblob->curlen + 4, |
1399 | 1425 | text->Ki_send, HASHLEN, |
1400 | text->encode_buf + inblob->curlen + 4); | |
1426 | (unsigned char *) text->encode_buf + | |
1427 | inblob->curlen + 4); | |
1401 | 1428 | |
1402 | 1429 | *outputlen = inblob->curlen + 10; /* for message + CMAC */ |
1403 | 1430 | out+=inblob->curlen + 10; |
1462 | 1489 | |
1463 | 1490 | if (seqnum != text->rec_seqnum) { |
1464 | 1491 | text->utils->seterror(text->utils->conn, 0, |
1465 | "Incorrect Sequence Number"); | |
1492 | "Incorrect Sequence Number: received %u, expected %u", | |
1493 | seqnum, | |
1494 | text->rec_seqnum); | |
1466 | 1495 | return SASL_FAIL; |
1467 | 1496 | } |
1468 | 1497 | |
1493 | 1522 | memcpy(*output, input, inputlen - 6); |
1494 | 1523 | *outputlen = inputlen - 16; /* -16 to skip HMAC, ver and seqnum */ |
1495 | 1524 | } |
1496 | digest = *output + (inputlen - 16); | |
1525 | digest = (unsigned char *) *output + (inputlen - 16); | |
1497 | 1526 | |
1498 | 1527 | /* check the CMAC */ |
1499 | 1528 | |
1537 | 1566 | |
1538 | 1567 | if (!text || !utils) return; |
1539 | 1568 | |
1569 | utils->log(utils->conn, SASL_LOG_DEBUG, | |
1570 | "DIGEST-MD5 common mech dispose"); | |
1571 | ||
1540 | 1572 | if (text->authid) utils->free(text->authid); |
1541 | 1573 | if (text->realm) utils->free(text->realm); |
1542 | 1574 | |
1595 | 1627 | reauth_cache_t *reauth_cache = my_glob_context->reauth; |
1596 | 1628 | size_t n; |
1597 | 1629 | |
1630 | utils->log(utils->conn, SASL_LOG_DEBUG, | |
1631 | "DIGEST-MD5 common mech free"); | |
1632 | ||
1598 | 1633 | if (!reauth_cache) return; |
1599 | 1634 | |
1600 | 1635 | for (n = 0; n < reauth_cache->size; n++) |
1633 | 1668 | utils->MD5Init(&Md5Ctx); |
1634 | 1669 | utils->MD5Update(&Md5Ctx, HA1, HASHLEN); |
1635 | 1670 | utils->MD5Update(&Md5Ctx, COLON, 1); |
1636 | utils->MD5Update(&Md5Ctx, pszNonce, strlen((char *) pszNonce)); | |
1671 | utils->MD5Update(&Md5Ctx, pszNonce, (unsigned) strlen((char *) pszNonce)); | |
1637 | 1672 | utils->MD5Update(&Md5Ctx, COLON, 1); |
1638 | utils->MD5Update(&Md5Ctx, pszCNonce, strlen((char *) pszCNonce)); | |
1673 | utils->MD5Update(&Md5Ctx, pszCNonce, (unsigned) strlen((char *) pszCNonce)); | |
1639 | 1674 | if (authorization_id != NULL) { |
1640 | 1675 | utils->MD5Update(&Md5Ctx, COLON, 1); |
1641 | utils->MD5Update(&Md5Ctx, authorization_id, strlen((char *) authorization_id)); | |
1676 | utils->MD5Update(&Md5Ctx, authorization_id, | |
1677 | (unsigned) strlen((char *) authorization_id)); | |
1642 | 1678 | } |
1643 | 1679 | utils->MD5Final(HA1, &Md5Ctx); |
1644 | 1680 | |
1693 | 1729 | memcpy(result, Response, HASHHEXLEN); |
1694 | 1730 | result[HASHHEXLEN] = 0; |
1695 | 1731 | |
1696 | /* response_value (used for reauth i think */ | |
1732 | /* response_value (used for reauth i think) */ | |
1697 | 1733 | if (response_value != NULL) { |
1734 | char * new_response_value; | |
1735 | ||
1698 | 1736 | DigestCalcResponse(utils, |
1699 | 1737 | SessionKey, /* HEX(H(A1)) */ |
1700 | 1738 | nonce, /* nonce from server */ |
1708 | 1746 | Response /* request-digest or response-digest */ |
1709 | 1747 | ); |
1710 | 1748 | |
1711 | *response_value = utils->malloc(HASHHEXLEN + 1); | |
1712 | if (*response_value == NULL) | |
1749 | new_response_value = utils->realloc(*response_value, HASHHEXLEN + 1); | |
1750 | if (new_response_value == NULL) { | |
1751 | free (*response_value); | |
1752 | *response_value = NULL; | |
1713 | 1753 | return NULL; |
1754 | } | |
1755 | *response_value = new_response_value; | |
1756 | ||
1714 | 1757 | memcpy(*response_value, Response, HASHHEXLEN); |
1715 | 1758 | (*response_value)[HASHHEXLEN] = 0; |
1716 | 1759 | } |
1733 | 1776 | *realm = (char *) params->serverFQDN; |
1734 | 1777 | } else { |
1735 | 1778 | params->utils->seterror(params->utils->conn, 0, |
1736 | "no way to obtain domain"); | |
1779 | "no way to obtain DIGEST-MD5 realm"); | |
1737 | 1780 | return SASL_FAIL; |
1738 | 1781 | } |
1739 | 1782 | |
1745 | 1788 | */ |
1746 | 1789 | static int htoi(unsigned char *hexin, unsigned int *res) |
1747 | 1790 | { |
1748 | int lup, inlen; | |
1791 | size_t lup, inlen; | |
1749 | 1792 | inlen = strlen((char *) hexin); |
1750 | 1793 | |
1751 | 1794 | *res = 0; |
1879 | 1922 | * charset | cipher-opts | auth-param ) |
1880 | 1923 | */ |
1881 | 1924 | |
1882 | /* FIXME: get nonce XXX have to clean up after self if fail */ | |
1883 | 1925 | nonce = create_nonce(sparams->utils); |
1884 | 1926 | if (nonce == NULL) { |
1885 | 1927 | SETERROR(sparams->utils, "internal erorr: failed creating a nonce"); |
1943 | 1985 | if (stext->stale && |
1944 | 1986 | add_to_challenge(sparams->utils, |
1945 | 1987 | &text->out_buf, &text->out_buf_len, &resplen, |
1946 | "stale", "true", FALSE) != SASL_OK) { | |
1988 | "stale", (unsigned char *) "true", FALSE) != SASL_OK) { | |
1947 | 1989 | SETERROR(sparams->utils, "internal error: add_to_challenge failed"); |
1948 | 1990 | return SASL_FAIL; |
1949 | 1991 | } |
1968 | 2010 | } |
1969 | 2011 | } |
1970 | 2012 | |
1971 | ||
1972 | 2013 | if (add_to_challenge(sparams->utils, |
1973 | 2014 | &text->out_buf, &text->out_buf_len, &resplen, |
1974 | 2015 | "charset", |
1981 | 2022 | /* |
1982 | 2023 | * algorithm |
1983 | 2024 | * This directive is required for backwards compatibility with HTTP |
1984 | * Digest., which supports other algorithms. . This directive is | |
2025 | * Digest, which supports other algorithms. This directive is | |
1985 | 2026 | * required and MUST appear exactly once; if not present, or if multiple |
1986 | 2027 | * instances are present, the client should abort the authentication |
1987 | 2028 | * exchange. |
2007 | 2048 | } |
2008 | 2049 | |
2009 | 2050 | text->authid = NULL; |
2010 | _plug_strdup(sparams->utils, realm, &text->realm, NULL); | |
2051 | if (_plug_strdup(sparams->utils, realm, &text->realm, NULL) != SASL_OK) { | |
2052 | SETERROR(sparams->utils, | |
2053 | "internal error: out of memory when saving realm"); | |
2054 | return SASL_FAIL; | |
2055 | } | |
2011 | 2056 | text->nonce = nonce; |
2012 | 2057 | text->nonce_count = 1; |
2013 | 2058 | text->cnonce = NULL; |
2014 | 2059 | stext->timestamp = time(0); |
2015 | 2060 | |
2016 | *serveroutlen = strlen(text->out_buf); | |
2061 | *serveroutlen = (unsigned) strlen(text->out_buf); | |
2017 | 2062 | *serverout = text->out_buf; |
2018 | 2063 | |
2019 | 2064 | text->state = 2; |
2045 | 2090 | |
2046 | 2091 | /* setting the default value (65536) */ |
2047 | 2092 | unsigned long client_maxbuf = 65536; |
2048 | int maxbuf_count = 0; /* How many maxbuf instaces was found */ | |
2093 | int maxbuf_count = 0; /* How many maxbuf instances was found */ | |
2049 | 2094 | |
2050 | 2095 | char *charset = NULL; |
2051 | 2096 | char *cipher = NULL; |
2052 | unsigned int n=0; | |
2053 | ||
2054 | HASH Secret; | |
2097 | unsigned int n = 0; | |
2098 | ||
2099 | HASH Secret; | |
2055 | 2100 | |
2056 | 2101 | /* password prop_request */ |
2057 | 2102 | const char *password_request[] = { SASL_AUX_PASSWORD, |
2058 | 2103 | "*cmusaslsecretDIGEST-MD5", |
2059 | 2104 | NULL }; |
2060 | unsigned len; | |
2105 | size_t len; | |
2061 | 2106 | struct propval auxprop_values[2]; |
2062 | 2107 | |
2063 | 2108 | /* can we mess with clientin? copy it to be safe */ |
2064 | 2109 | char *in_start = NULL; |
2065 | char *in = NULL; | |
2110 | char *in = NULL; | |
2111 | cipher_free_t *old_cipher_free = NULL; | |
2066 | 2112 | |
2067 | 2113 | sparams->utils->log(sparams->utils->conn, SASL_LOG_DEBUG, |
2068 | 2114 | "DIGEST-MD5 server step 2"); |
2080 | 2126 | char *name = NULL, *value = NULL; |
2081 | 2127 | get_pair(&in, &name, &value); |
2082 | 2128 | |
2083 | if (name == NULL) | |
2129 | if (name == NULL) { | |
2130 | SETERROR(sparams->utils, | |
2131 | "Parse error"); | |
2132 | result = SASL_BADAUTH; | |
2133 | goto FreeAllMem; | |
2134 | } | |
2135 | ||
2136 | if (*name == '\0') { | |
2084 | 2137 | break; |
2085 | ||
2138 | } | |
2139 | ||
2086 | 2140 | /* Extracting parameters */ |
2087 | 2141 | |
2088 | 2142 | /* |
2115 | 2169 | } else if (strcasecmp(name, "nonce") == 0) { |
2116 | 2170 | _plug_strdup(sparams->utils, value, (char **) &nonce, NULL); |
2117 | 2171 | } else if (strcasecmp(name, "qop") == 0) { |
2172 | if (qop) { | |
2173 | SETERROR(sparams->utils, | |
2174 | "duplicate qop: authentication aborted"); | |
2175 | result = SASL_FAIL; | |
2176 | goto FreeAllMem; | |
2177 | } | |
2118 | 2178 | _plug_strdup(sparams->utils, value, &qop, NULL); |
2119 | 2179 | } else if (strcasecmp(name, "digest-uri") == 0) { |
2120 | 2180 | size_t service_len; |
2208 | 2268 | * "6" | "7" | "8" | "9" | "a" | "b" | "c" | "d" | "e" | "f" |
2209 | 2269 | * cipher = "cipher" "=" cipher-value |
2210 | 2270 | */ |
2211 | /* Verifing that all parameters was defined */ | |
2212 | if ((username == NULL) || | |
2213 | (nonce == NULL) || | |
2214 | (noncecount == 0) || | |
2215 | (cnonce == NULL) || | |
2216 | (digesturi == NULL) || | |
2217 | (response == NULL)) { | |
2218 | SETERROR(sparams->utils, "required parameters missing"); | |
2271 | /* Verifing that all required parameters were received */ | |
2272 | if ((username == NULL)) { | |
2273 | SETERROR(sparams->utils, "required parameters missing: username"); | |
2274 | result = SASL_BADAUTH; | |
2275 | goto FreeAllMem; | |
2276 | } | |
2277 | if ((nonce == NULL)) { | |
2278 | SETERROR(sparams->utils, "required parameters missing: nonce"); | |
2279 | result = SASL_BADAUTH; | |
2280 | goto FreeAllMem; | |
2281 | } | |
2282 | if ((noncecount == 0)) { | |
2283 | SETERROR(sparams->utils, "required parameters missing: noncecount"); | |
2284 | result = SASL_BADAUTH; | |
2285 | goto FreeAllMem; | |
2286 | } | |
2287 | if ((cnonce == NULL)) { | |
2288 | SETERROR(sparams->utils, "required parameters missing: cnonce"); | |
2289 | result = SASL_BADAUTH; | |
2290 | goto FreeAllMem; | |
2291 | } | |
2292 | if ((digesturi == NULL)) { | |
2293 | SETERROR(sparams->utils, "required parameters missing: digesturi"); | |
2294 | result = SASL_BADAUTH; | |
2295 | goto FreeAllMem; | |
2296 | } | |
2297 | if ((response == NULL)) { | |
2298 | SETERROR(sparams->utils, "required parameters missing: response"); | |
2219 | 2299 | result = SASL_BADAUTH; |
2220 | 2300 | goto FreeAllMem; |
2221 | 2301 | } |
2230 | 2310 | |
2231 | 2311 | _plug_strdup(sparams->utils, text->reauth->e[val].realm, |
2232 | 2312 | &text->realm, NULL); |
2233 | _plug_strdup(sparams->utils, text->reauth->e[val].nonce, | |
2313 | _plug_strdup(sparams->utils, (char *) text->reauth->e[val].nonce, | |
2234 | 2314 | (char **) &text->nonce, NULL); |
2235 | 2315 | text->nonce_count = ++text->reauth->e[val].nonce_count; |
2236 | _plug_strdup(sparams->utils, text->reauth->e[val].cnonce, | |
2316 | _plug_strdup(sparams->utils, (char *) text->reauth->e[val].cnonce, | |
2237 | 2317 | (char **) &text->cnonce, NULL); |
2238 | 2318 | stext->timestamp = text->reauth->e[val].u.s.timestamp; |
2239 | 2319 | } |
2249 | 2329 | |
2250 | 2330 | /* Sanity check the parameters */ |
2251 | 2331 | if (realm == NULL) { |
2252 | /* From 2821bis: | |
2332 | /* From 2831bis: | |
2253 | 2333 | If the directive is missing, "realm-value" will set to |
2254 | 2334 | the empty string when computing A1. */ |
2255 | 2335 | _plug_strdup(sparams->utils, "", &realm, NULL); |
2270 | 2350 | result = SASL_BADAUTH; |
2271 | 2351 | goto FreeAllMem; |
2272 | 2352 | } |
2273 | if (strcmp(nonce, (char *) text->nonce) != 0) { | |
2353 | if (strcmp((char *) nonce, (char *) text->nonce) != 0) { | |
2274 | 2354 | SETERROR(sparams->utils, |
2275 | 2355 | "nonce changed: authentication aborted"); |
2276 | 2356 | result = SASL_BADAUTH; |
2282 | 2362 | result = SASL_BADAUTH; |
2283 | 2363 | goto FreeAllMem; |
2284 | 2364 | } |
2285 | if (text->cnonce && strcmp(cnonce, text->cnonce) != 0) { | |
2365 | if (text->cnonce && strcmp((char *) cnonce, (char *) text->cnonce) != 0) { | |
2286 | 2366 | SETERROR(sparams->utils, |
2287 | 2367 | "cnonce changed: authentication aborted"); |
2288 | 2368 | result = SASL_BADAUTH; |
2346 | 2426 | goto FreeAllMem; |
2347 | 2427 | } |
2348 | 2428 | |
2349 | sec->len = len; | |
2350 | strncpy(sec->data, auxprop_values[0].values[0], len + 1); | |
2429 | sec->len = (unsigned) len; | |
2430 | strncpy((char *) sec->data, auxprop_values[0].values[0], len + 1); | |
2351 | 2431 | |
2352 | 2432 | /* |
2353 | 2433 | * Verifying response obtained from client |
2364 | 2444 | * (used to build A1) |
2365 | 2445 | */ |
2366 | 2446 | |
2367 | DigestCalcSecret(sparams->utils, username, | |
2368 | text->realm, sec->data, sec->len, Secret); | |
2447 | DigestCalcSecret(sparams->utils, | |
2448 | (unsigned char *) username, | |
2449 | (unsigned char *) text->realm, | |
2450 | sec->data, | |
2451 | sec->len, | |
2452 | Secret); | |
2369 | 2453 | Secret[HASHLEN] = '\0'; |
2370 | 2454 | } |
2371 | 2455 | |
2372 | 2456 | /* We're done with sec now. Let's get rid of it */ |
2373 | 2457 | _plug_free_secret(sparams->utils, &sec); |
2374 | 2458 | } else if (auxprop_values[1].name && auxprop_values[1].values) { |
2459 | /* NB: This will most likely fail for clients that | |
2460 | choose to ignore server-advertised realm */ | |
2375 | 2461 | memcpy(Secret, auxprop_values[1].values[0], HASHLEN); |
2376 | 2462 | Secret[HASHLEN] = '\0'; |
2377 | 2463 | } else { |
2386 | 2472 | /* defaulting qop to "auth" if not specified */ |
2387 | 2473 | if (qop == NULL) { |
2388 | 2474 | _plug_strdup(sparams->utils, "auth", &qop, NULL); |
2475 | } | |
2476 | ||
2477 | if (oparams->mech_ssf > 1) { | |
2478 | /* Remember the old cipher free function (if any). | |
2479 | It will be called later, once we are absolutely | |
2480 | sure that authentication was successful. */ | |
2481 | old_cipher_free = text->cipher_free; | |
2482 | /* free the old cipher context first */ | |
2389 | 2483 | } |
2390 | 2484 | |
2391 | 2485 | /* check which layer/cipher to use */ |
2497 | 2591 | text->rec_seqnum = 0; /* for integrity/privacy */ |
2498 | 2592 | text->utils = sparams->utils; |
2499 | 2593 | |
2594 | /* Free the old security layer, if any */ | |
2595 | if (old_cipher_free) old_cipher_free(text); | |
2596 | ||
2500 | 2597 | /* used by layers */ |
2501 | 2598 | _plug_decode_init(&text->decode_context, text->utils, |
2502 | 2599 | sparams->props.maxbufsize ? sparams->props.maxbufsize : |
2503 | 2600 | DEFAULT_BUFSIZE); |
2504 | 2601 | |
2505 | 2602 | if (oparams->mech_ssf > 0) { |
2506 | char enckey[16]; | |
2507 | char deckey[16]; | |
2603 | unsigned char enckey[16]; | |
2604 | unsigned char deckey[16]; | |
2508 | 2605 | |
2509 | 2606 | create_layer_keys(text, sparams->utils,text->HA1,n,enckey,deckey); |
2510 | 2607 | |
2511 | 2608 | /* initialize cipher if need be */ |
2512 | if (text->cipher_init) | |
2609 | if (text->cipher_init) { | |
2513 | 2610 | if (text->cipher_init(text, enckey, deckey) != SASL_OK) { |
2514 | 2611 | sparams->utils->seterror(sparams->utils->conn, 0, |
2515 | 2612 | "couldn't init cipher"); |
2516 | 2613 | } |
2614 | } | |
2517 | 2615 | } |
2518 | 2616 | |
2519 | 2617 | /* |
2533 | 2631 | |
2534 | 2632 | /* add to challenge */ |
2535 | 2633 | { |
2536 | unsigned resplen = | |
2537 | strlen(text->response_value) + strlen("rspauth") + 3; | |
2634 | unsigned resplen = (unsigned) | |
2635 | (strlen(text->response_value) + strlen("rspauth") + 3); | |
2538 | 2636 | |
2539 | 2637 | result = _plug_buf_alloc(sparams->utils, &(text->out_buf), |
2540 | 2638 | &(text->out_buf_len), resplen); |
2551 | 2649 | } |
2552 | 2650 | } |
2553 | 2651 | |
2554 | *serveroutlen = strlen(text->out_buf); | |
2652 | *serveroutlen = (unsigned) strlen(text->out_buf); | |
2555 | 2653 | *serverout = text->out_buf; |
2556 | 2654 | |
2557 | 2655 | result = SASL_OK; |
2714 | 2812 | "DIGEST-MD5", /* mech_name */ |
2715 | 2813 | #ifdef WITH_RC4 |
2716 | 2814 | 128, /* max_ssf */ |
2717 | #elif WITH_DES | |
2815 | #elif defined(WITH_DES) | |
2718 | 2816 | 112, |
2719 | 2817 | #else |
2720 | 2818 | 1, |
2828 | 2926 | utils->MD5Init(&Md5Ctx); |
2829 | 2927 | utils->MD5Update(&Md5Ctx, HA1, HASHLEN); |
2830 | 2928 | utils->MD5Update(&Md5Ctx, COLON, 1); |
2831 | utils->MD5Update(&Md5Ctx, pszNonce, strlen((char *) pszNonce)); | |
2929 | utils->MD5Update(&Md5Ctx, pszNonce, (unsigned) strlen((char *) pszNonce)); | |
2832 | 2930 | utils->MD5Update(&Md5Ctx, COLON, 1); |
2833 | utils->MD5Update(&Md5Ctx, pszCNonce, strlen((char *) pszCNonce)); | |
2931 | utils->MD5Update(&Md5Ctx, pszCNonce, (unsigned) strlen((char *) pszCNonce)); | |
2834 | 2932 | if (pszAuthorization_id != NULL) { |
2835 | 2933 | utils->MD5Update(&Md5Ctx, COLON, 1); |
2836 | 2934 | utils->MD5Update(&Md5Ctx, pszAuthorization_id, |
2837 | strlen((char *) pszAuthorization_id)); | |
2935 | (unsigned) strlen((char *) pszAuthorization_id)); | |
2838 | 2936 | } |
2839 | 2937 | utils->MD5Final(HA1, &Md5Ctx); |
2840 | 2938 | |
2909 | 3007 | result[HASHHEXLEN] = 0; |
2910 | 3008 | |
2911 | 3009 | if (response_value != NULL) { |
3010 | char * new_response_value; | |
3011 | ||
2912 | 3012 | DigestCalcResponse(utils, |
2913 | 3013 | SessionKey, /* HEX(H(A1)) */ |
2914 | 3014 | nonce, /* nonce from server */ |
2922 | 3022 | Response /* request-digest or response-digest */ |
2923 | 3023 | ); |
2924 | 3024 | |
2925 | *response_value = utils->malloc(HASHHEXLEN + 1); | |
2926 | if (*response_value == NULL) | |
3025 | new_response_value = utils->realloc(*response_value, HASHHEXLEN + 1); | |
3026 | if (new_response_value == NULL) { | |
3027 | free (*response_value); | |
3028 | *response_value = NULL; | |
2927 | 3029 | return NULL; |
3030 | } | |
3031 | *response_value = new_response_value; | |
2928 | 3032 | |
2929 | 3033 | memcpy(*response_value, Response, HASHHEXLEN); |
2930 | 3034 | (*response_value)[HASHHEXLEN] = 0; |
2948 | 3052 | char *response = NULL; |
2949 | 3053 | unsigned resplen = 0; |
2950 | 3054 | int result = SASL_OK; |
3055 | cipher_free_t *old_cipher_free = NULL; | |
3056 | ||
3057 | params->utils->log(params->utils->conn, SASL_LOG_DEBUG, | |
3058 | "DIGEST-MD5 make_client_response()"); | |
3059 | ||
3060 | if (oparams->mech_ssf > 1) { | |
3061 | /* Remember the old cipher free function (if any). | |
3062 | It will be called later, once we are absolutely | |
3063 | sure that authentication was successful. */ | |
3064 | old_cipher_free = text->cipher_free; | |
3065 | /* free the old cipher context first */ | |
3066 | } | |
2951 | 3067 | |
2952 | 3068 | switch (ctext->protection) { |
2953 | 3069 | case DIGEST_PRIVACY: |
2996 | 3112 | response = |
2997 | 3113 | calculate_response(text, |
2998 | 3114 | params->utils, |
2999 | (char *) oparams->authid, | |
3115 | (unsigned char *) oparams->authid, | |
3000 | 3116 | (unsigned char *) text->realm, |
3001 | 3117 | text->nonce, |
3002 | 3118 | text->nonce_count, |
3005 | 3121 | digesturi, |
3006 | 3122 | ctext->password, |
3007 | 3123 | strcmp(oparams->user, oparams->authid) ? |
3008 | (char *) oparams->user : NULL, | |
3124 | (unsigned char *) oparams->user : NULL, | |
3009 | 3125 | &text->response_value); |
3010 | 3126 | |
3011 | 3127 | |
3030 | 3146 | if (strcmp(oparams->user, oparams->authid)) { |
3031 | 3147 | if (add_to_challenge(params->utils, |
3032 | 3148 | &text->out_buf, &text->out_buf_len, &resplen, |
3033 | "authzid", (char *) oparams->user, TRUE) != SASL_OK) { | |
3149 | "authzid", (unsigned char *) oparams->user, TRUE) != SASL_OK) { | |
3034 | 3150 | result = SASL_FAIL; |
3035 | 3151 | goto FreeAllocatedMem; |
3036 | 3152 | } |
3127 | 3243 | text->rec_seqnum = 0; /* for integrity/privacy */ |
3128 | 3244 | text->utils = params->utils; |
3129 | 3245 | |
3246 | /* Free the old security layer, if any */ | |
3247 | if (old_cipher_free) old_cipher_free(text); | |
3248 | ||
3130 | 3249 | /* used by layers */ |
3131 | 3250 | _plug_decode_init(&text->decode_context, text->utils, |
3132 | 3251 | params->props.maxbufsize ? params->props.maxbufsize : |
3133 | 3252 | DEFAULT_BUFSIZE); |
3134 | 3253 | |
3135 | 3254 | if (oparams->mech_ssf > 0) { |
3136 | char enckey[16]; | |
3137 | char deckey[16]; | |
3255 | unsigned char enckey[16]; | |
3256 | unsigned char deckey[16]; | |
3138 | 3257 | |
3139 | 3258 | create_layer_keys(text, params->utils, text->HA1, nbits, |
3140 | 3259 | enckey, deckey); |
3141 | 3260 | |
3142 | 3261 | /* initialize cipher if need be */ |
3143 | if (text->cipher_init) | |
3144 | text->cipher_init(text, enckey, deckey); | |
3262 | if (text->cipher_init) { | |
3263 | text->cipher_init(text, enckey, deckey); | |
3264 | } | |
3145 | 3265 | } |
3146 | 3266 | |
3147 | 3267 | result = SASL_OK; |
3167 | 3287 | sasl_ssf_t limit, musthave = 0; |
3168 | 3288 | sasl_ssf_t external; |
3169 | 3289 | int protection = 0; |
3290 | int saw_qop = 0; | |
3170 | 3291 | int ciphers = 0; |
3171 | 3292 | int maxbuf_count = 0; |
3172 | 3293 | bool IsUTF8 = FALSE; |
3173 | 3294 | int algorithm_count = 0; |
3295 | ||
3296 | params->utils->log(params->utils->conn, SASL_LOG_DEBUG, | |
3297 | "DIGEST-MD5 parse_server_challenge()"); | |
3174 | 3298 | |
3175 | 3299 | if (!serverin || !serverinlen) { |
3176 | 3300 | params->utils->seterror(params->utils->conn, 0, |
3204 | 3328 | /* if parse error */ |
3205 | 3329 | if (name == NULL) { |
3206 | 3330 | params->utils->seterror(params->utils->conn, 0, "Parse error"); |
3207 | result = SASL_FAIL; | |
3331 | result = SASL_BADAUTH; | |
3208 | 3332 | goto FreeAllocatedMem; |
3209 | 3333 | } |
3210 | 3334 | |
3335 | if (*name == '\0') { | |
3336 | break; | |
3337 | } | |
3338 | ||
3211 | 3339 | if (strcasecmp(name, "realm") == 0) { |
3212 | 3340 | nrealm++; |
3213 | 3341 | |
3229 | 3357 | NULL); |
3230 | 3358 | text->nonce_count = 1; |
3231 | 3359 | } else if (strcasecmp(name, "qop") == 0) { |
3360 | saw_qop = 1; | |
3232 | 3361 | while (value && *value) { |
3233 | 3362 | char *comma; |
3234 | 3363 | char *end_val; |
3277 | 3406 | } |
3278 | 3407 | |
3279 | 3408 | value = comma; |
3280 | } | |
3281 | ||
3282 | if (protection == 0) { | |
3283 | result = SASL_BADAUTH; | |
3284 | params->utils->seterror(params->utils->conn, 0, | |
3285 | "Server doesn't support any known qop level"); | |
3286 | goto FreeAllocatedMem; | |
3287 | 3409 | } |
3288 | 3410 | } else if (strcasecmp(name, "cipher") == 0) { |
3289 | 3411 | while (value && *value) { |
3411 | 3533 | } |
3412 | 3534 | } |
3413 | 3535 | |
3536 | if (protection == 0) { | |
3537 | /* From RFC 2831[bis]: | |
3538 | This directive is optional; if not present it defaults to "auth". */ | |
3539 | if (saw_qop == 0) { | |
3540 | protection = DIGEST_NOLAYER; | |
3541 | } else { | |
3542 | result = SASL_BADAUTH; | |
3543 | params->utils->seterror(params->utils->conn, 0, | |
3544 | "Server doesn't support any known qop level"); | |
3545 | goto FreeAllocatedMem; | |
3546 | } | |
3547 | } | |
3548 | ||
3414 | 3549 | if (algorithm_count != 1) { |
3415 | 3550 | params->utils->seterror(params->utils->conn, 0, |
3416 | 3551 | "Must see 'algorithm' once. Didn't see at all"); |
3537 | 3672 | int realm_result = SASL_FAIL; |
3538 | 3673 | int i; |
3539 | 3674 | size_t len; |
3675 | ||
3676 | params->utils->log(params->utils->conn, SASL_LOG_DEBUG, | |
3677 | "DIGEST-MD5 ask_user_info()"); | |
3540 | 3678 | |
3541 | 3679 | /* try to get the authid */ |
3542 | 3680 | if (oparams->authid == NULL) { |
3725 | 3863 | !strcmp(text->reauth->e[val].authid, oparams->authid)) { |
3726 | 3864 | |
3727 | 3865 | /* we have info, so use it */ |
3866 | if (text->realm) params->utils->free(text->realm); | |
3728 | 3867 | _plug_strdup(params->utils, text->reauth->e[val].realm, |
3729 | 3868 | &text->realm, NULL); |
3730 | _plug_strdup(params->utils, text->reauth->e[val].nonce, | |
3869 | _plug_strdup(params->utils, (char *) text->reauth->e[val].nonce, | |
3731 | 3870 | (char **) &text->nonce, NULL); |
3732 | 3871 | text->nonce_count = ++text->reauth->e[val].nonce_count; |
3733 | _plug_strdup(params->utils, text->reauth->e[val].cnonce, | |
3872 | _plug_strdup(params->utils, (char *) text->reauth->e[val].cnonce, | |
3734 | 3873 | (char **) &text->cnonce, NULL); |
3735 | 3874 | ctext->protection = text->reauth->e[val].u.c.protection; |
3736 | 3875 | ctext->cipher = text->reauth->e[val].u.c.cipher; |
3754 | 3893 | result = make_client_response(text, params, oparams); |
3755 | 3894 | if (result != SASL_OK) return result; |
3756 | 3895 | |
3757 | *clientoutlen = strlen(text->out_buf); | |
3896 | *clientoutlen = (unsigned) strlen(text->out_buf); | |
3758 | 3897 | *clientout = text->out_buf; |
3759 | 3898 | |
3760 | 3899 | text->state = 3; |
3818 | 3957 | result = make_client_response(text, params, oparams); |
3819 | 3958 | if (result != SASL_OK) goto FreeAllocatedMem; |
3820 | 3959 | |
3821 | *clientoutlen = strlen(text->out_buf); | |
3960 | *clientoutlen = (unsigned) strlen(text->out_buf); | |
3822 | 3961 | *clientout = text->out_buf; |
3823 | 3962 | |
3824 | 3963 | text->state = 3; |
3862 | 4001 | if (name == NULL) { |
3863 | 4002 | params->utils->seterror(params->utils->conn, 0, |
3864 | 4003 | "DIGEST-MD5 Received Garbage"); |
4004 | result = SASL_BADAUTH; | |
3865 | 4005 | break; |
3866 | 4006 | } |
3867 | 4007 | |
4008 | if (*name == '\0') { | |
4009 | break; | |
4010 | } | |
4011 | ||
3868 | 4012 | if (strcasecmp(name, "rspauth") == 0) { |
3869 | 4013 | |
3870 | 4014 | if (strcmp(text->response_value, value) != 0) { |
3996 | 4140 | if (text->realm) params->utils->free(text->realm); |
3997 | 4141 | if (text->nonce) params->utils->free(text->nonce); |
3998 | 4142 | if (text->cnonce) params->utils->free(text->cnonce); |
3999 | text->realm = text->nonce = text->cnonce = NULL; | |
4143 | text->realm = NULL; | |
4144 | text->nonce = text->cnonce = NULL; | |
4000 | 4145 | ctext->cipher = NULL; |
4001 | 4146 | |
4002 | 4147 | case 2: |
4022 | 4167 | |
4023 | 4168 | if (!ctext || !utils) return; |
4024 | 4169 | |
4170 | utils->log(utils->conn, SASL_LOG_DEBUG, | |
4171 | "DIGEST-MD5 client mech dispose"); | |
4172 | ||
4025 | 4173 | if (ctext->free_password) _plug_free_secret(utils, &ctext->password); |
4026 | 4174 | |
4027 | 4175 | digestmd5_common_mech_dispose(conn_context, utils); |
4033 | 4181 | "DIGEST-MD5", |
4034 | 4182 | #ifdef WITH_RC4 /* mech_name */ |
4035 | 4183 | 128, /* max ssf */ |
4036 | #elif WITH_DES | |
4184 | #elif defined(WITH_DES) | |
4037 | 4185 | 112, |
4038 | 4186 | #else |
4039 | 4187 | 1, |
0 | 0 | /* GSSAPI SASL plugin |
1 | 1 | * Leif Johansson |
2 | 2 | * Rob Siemborski (SASL v2 Conversion) |
3 | * $Id: gssapi.c,v 1.92 2004/07/21 14:39:06 rjs3 Exp $ | |
3 | * $Id: gssapi.c,v 1.100 2009/08/04 17:17:26 mel Exp $ | |
4 | 4 | */ |
5 | 5 | /* |
6 | 6 | * Copyright (c) 1998-2003 Carnegie Mellon University. All rights reserved. |
81 | 81 | |
82 | 82 | /***************************** Common Section *****************************/ |
83 | 83 | |
84 | static const char plugin_id[] = "$Id: gssapi.c,v 1.92 2004/07/21 14:39:06 rjs3 Exp $"; | |
84 | static const char plugin_id[] = "$Id: gssapi.c,v 1.100 2009/08/04 17:17:26 mel Exp $"; | |
85 | 85 | |
86 | 86 | static const char * GSSAPI_BLANK_STRING = ""; |
87 | 87 | |
319 | 319 | |
320 | 320 | if(!output) return SASL_BADPARAM; |
321 | 321 | |
322 | if(numiov > 1) { | |
322 | if (numiov > 1) { | |
323 | 323 | ret = _plug_iovec_to_buf(text->utils, invec, numiov, &text->enc_in_buf); |
324 | if(ret != SASL_OK) return ret; | |
324 | if (ret != SASL_OK) return ret; | |
325 | 325 | inblob = text->enc_in_buf; |
326 | 326 | } else { |
327 | 327 | bufinfo.data = invec[0].iov_base; |
350 | 350 | output_token); |
351 | 351 | GSS_UNLOCK_MUTEX(text->utils); |
352 | 352 | |
353 | if (GSS_ERROR(maj_stat)) | |
354 | { | |
355 | sasl_gss_seterror(text->utils, maj_stat, min_stat); | |
356 | if (output_token->value) { | |
357 | GSS_LOCK_MUTEX(text->utils); | |
358 | gss_release_buffer(&min_stat, output_token); | |
359 | GSS_UNLOCK_MUTEX(text->utils); | |
360 | } | |
361 | return SASL_FAIL; | |
362 | } | |
353 | if (GSS_ERROR(maj_stat)) { | |
354 | sasl_gss_seterror(text->utils, maj_stat, min_stat); | |
355 | if (output_token->value) { | |
356 | GSS_LOCK_MUTEX(text->utils); | |
357 | gss_release_buffer(&min_stat, output_token); | |
358 | GSS_UNLOCK_MUTEX(text->utils); | |
359 | } | |
360 | return SASL_FAIL; | |
361 | } | |
363 | 362 | |
364 | 363 | if (output_token->value && output) { |
365 | 364 | int len; |
389 | 388 | GSS_LOCK_MUTEX(text->utils); |
390 | 389 | gss_release_buffer(&min_stat, output_token); |
391 | 390 | GSS_UNLOCK_MUTEX(text->utils); |
392 | } | |
391 | } | |
392 | ||
393 | 393 | return SASL_OK; |
394 | 394 | } |
395 | 395 | |
407 | 407 | return sasl_gss_encode(context,invec,numiov,output,outputlen,0); |
408 | 408 | } |
409 | 409 | |
410 | static int gssapi_decode_packet(void *context, | |
411 | const char *input, unsigned inputlen, | |
412 | char **output, unsigned *outputlen) | |
410 | static int | |
411 | gssapi_decode_packet(void *context, | |
412 | const char *input, | |
413 | unsigned inputlen, | |
414 | char **output, | |
415 | unsigned *outputlen) | |
413 | 416 | { |
414 | 417 | context_t *text = (context_t *) context; |
415 | 418 | OM_uint32 maj_stat, min_stat; |
439 | 442 | NULL); |
440 | 443 | GSS_UNLOCK_MUTEX(text->utils); |
441 | 444 | |
442 | if (GSS_ERROR(maj_stat)) | |
443 | { | |
444 | sasl_gss_seterror(text->utils,maj_stat,min_stat); | |
445 | if (output_token->value) { | |
446 | GSS_LOCK_MUTEX(text->utils); | |
447 | gss_release_buffer(&min_stat, output_token); | |
448 | GSS_UNLOCK_MUTEX(text->utils); | |
449 | } | |
450 | return SASL_FAIL; | |
451 | } | |
452 | ||
453 | if (outputlen) | |
445 | if (GSS_ERROR(maj_stat)) { | |
446 | sasl_gss_seterror(text->utils,maj_stat,min_stat); | |
447 | if (output_token->value) { | |
448 | GSS_LOCK_MUTEX(text->utils); | |
449 | gss_release_buffer(&min_stat, output_token); | |
450 | GSS_UNLOCK_MUTEX(text->utils); | |
451 | } | |
452 | return SASL_FAIL; | |
453 | } | |
454 | ||
455 | if (outputlen) { | |
454 | 456 | *outputlen = output_token->length; |
457 | } | |
455 | 458 | |
456 | 459 | if (output_token->value) { |
457 | 460 | if (output) { |
458 | 461 | result = _plug_buf_alloc(text->utils, &text->decode_once_buf, |
459 | 462 | &text->decode_once_buf_len, |
460 | 463 | *outputlen); |
461 | if(result != SASL_OK) { | |
464 | if (result != SASL_OK) { | |
462 | 465 | GSS_LOCK_MUTEX(text->utils); |
463 | 466 | gss_release_buffer(&min_stat, output_token); |
464 | 467 | GSS_UNLOCK_MUTEX(text->utils); |
722 | 725 | input_token, |
723 | 726 | GSS_C_NO_CHANNEL_BINDINGS, |
724 | 727 | &text->client_name, |
725 | NULL, | |
728 | NULL, /* resulting mech_name */ | |
726 | 729 | output_token, |
727 | 730 | &out_flags, |
728 | NULL, | |
731 | NULL, /* context validity period */ | |
729 | 732 | &(text->client_creds)); |
730 | 733 | GSS_UNLOCK_MUTEX(params->utils); |
731 | 734 | |
773 | 776 | } else { |
774 | 777 | /* No output token, send an empty string */ |
775 | 778 | *serverout = GSSAPI_BLANK_STRING; |
776 | serveroutlen = 0; | |
777 | } | |
778 | ||
779 | *serveroutlen = 0; | |
780 | } | |
781 | ||
779 | 782 | if (maj_stat == GSS_S_COMPLETE) { |
780 | 783 | /* Switch to ssf negotiation */ |
781 | 784 | text->state = SASL_GSSAPI_STATE_SSFCAP; |
782 | } | |
783 | ||
784 | return SASL_CONTINUE; | |
785 | ||
786 | if (*serveroutlen != 0) { | |
787 | return SASL_CONTINUE; | |
788 | } | |
789 | ||
790 | /* Pretend that we just got an empty response from the client */ | |
791 | clientinlen = 0; | |
792 | ||
793 | /* fall through */ | |
794 | } else { | |
795 | return SASL_CONTINUE; | |
796 | } | |
785 | 797 | |
786 | 798 | case SASL_GSSAPI_STATE_SSFCAP: { |
787 | 799 | unsigned char sasldata[4]; |
793 | 805 | name_token.value = NULL; |
794 | 806 | name_without_realm.value = NULL; |
795 | 807 | |
796 | /* We ignore whatever the client sent us at this stage */ | |
808 | if (clientinlen != 0) { | |
809 | SETERROR(text->utils, "GSSAPI server is not expecting data at this stage"); | |
810 | sasl_gss_free_context_contents(text); | |
811 | return SASL_BADAUTH; | |
812 | } | |
797 | 813 | |
798 | 814 | GSS_LOCK_MUTEX(params->utils); |
799 | 815 | maj_stat = gss_display_name (&min_stat, |
803 | 819 | GSS_UNLOCK_MUTEX(params->utils); |
804 | 820 | |
805 | 821 | if (GSS_ERROR(maj_stat)) { |
806 | if (without) { | |
807 | GSS_LOCK_MUTEX(params->utils); | |
808 | gss_release_name(&min_stat, &without); | |
809 | GSS_UNLOCK_MUTEX(params->utils); | |
810 | } | |
811 | 822 | SETERROR(text->utils, "GSSAPI Failure"); |
812 | 823 | sasl_gss_free_context_contents(text); |
813 | 824 | return SASL_BADAUTH; |
918 | 929 | } |
919 | 930 | if (name_without_realm.value) { |
920 | 931 | params->utils->free(name_without_realm.value); |
921 | } | |
932 | } | |
922 | 933 | |
923 | 934 | /* we have to decide what sort of encryption/integrity/etc., |
924 | 935 | we support */ |
934 | 945 | } |
935 | 946 | |
936 | 947 | /* build up our security properties token */ |
937 | if (params->props.maxbufsize > 0xFFFFFF) { | |
938 | /* make sure maxbufsize isn't too large */ | |
939 | /* maxbufsize = 0xFFFFFF */ | |
940 | sasldata[1] = sasldata[2] = sasldata[3] = 0xFF; | |
941 | } else { | |
942 | sasldata[1] = (params->props.maxbufsize >> 16) & 0xFF; | |
943 | sasldata[2] = (params->props.maxbufsize >> 8) & 0xFF; | |
944 | sasldata[3] = (params->props.maxbufsize >> 0) & 0xFF; | |
945 | } | |
948 | if (text->requiressf != 0) { | |
949 | if (params->props.maxbufsize > 0xFFFFFF) { | |
950 | /* make sure maxbufsize isn't too large */ | |
951 | /* maxbufsize = 0xFFFFFF */ | |
952 | sasldata[1] = sasldata[2] = sasldata[3] = 0xFF; | |
953 | } else { | |
954 | sasldata[1] = (params->props.maxbufsize >> 16) & 0xFF; | |
955 | sasldata[2] = (params->props.maxbufsize >> 8) & 0xFF; | |
956 | sasldata[3] = (params->props.maxbufsize >> 0) & 0xFF; | |
957 | } | |
958 | } else { | |
959 | /* From RFC 4752: "The client verifies that the server maximum buffer is 0 | |
960 | if the server does not advertise support for any security layer." */ | |
961 | sasldata[1] = sasldata[2] = sasldata[3] = 0; | |
962 | } | |
963 | ||
946 | 964 | sasldata[0] = 0; |
947 | 965 | if(text->requiressf != 0 && !params->props.maxbufsize) { |
948 | 966 | params->utils->seterror(params->utils->conn, 0, |
1031 | 1049 | |
1032 | 1050 | if (GSS_ERROR(maj_stat)) { |
1033 | 1051 | sasl_gss_seterror(text->utils, maj_stat, min_stat); |
1052 | sasl_gss_free_context_contents(text); | |
1053 | return SASL_FAIL; | |
1054 | } | |
1055 | ||
1056 | if (output_token->length < 4) { | |
1057 | SETERROR(text->utils, | |
1058 | "token too short"); | |
1059 | GSS_LOCK_MUTEX(params->utils); | |
1060 | gss_release_buffer(&min_stat, output_token); | |
1061 | GSS_UNLOCK_MUTEX(params->utils); | |
1034 | 1062 | sasl_gss_free_context_contents(text); |
1035 | 1063 | return SASL_FAIL; |
1036 | 1064 | } |
1082 | 1110 | ret = params->canon_user(params->utils->conn, |
1083 | 1111 | text->authid, |
1084 | 1112 | 0, /* strlen(text->authid) */ |
1085 | SASL_CU_AUTHID, oparams); | |
1113 | SASL_CU_AUTHID | SASL_CU_EXTERNALLY_VERIFIED, oparams); | |
1086 | 1114 | if (ret != SASL_OK) { |
1087 | 1115 | sasl_gss_free_context_contents(text); |
1088 | 1116 | return ret; |
1089 | 1117 | } |
1090 | } else if(output_token->length == 4) { | |
1118 | } else /* if (output_token->length == 4) */ { | |
1091 | 1119 | /* null authzid */ |
1092 | 1120 | int ret; |
1093 | 1121 | |
1094 | 1122 | ret = params->canon_user(params->utils->conn, |
1095 | 1123 | text->authid, |
1096 | 1124 | 0, /* strlen(text->authid) */ |
1097 | SASL_CU_AUTHZID | SASL_CU_AUTHID, | |
1125 | SASL_CU_AUTHZID | SASL_CU_AUTHID | SASL_CU_EXTERNALLY_VERIFIED, | |
1098 | 1126 | oparams); |
1099 | 1127 | |
1100 | 1128 | if (ret != SASL_OK) { |
1101 | 1129 | sasl_gss_free_context_contents(text); |
1102 | 1130 | return ret; |
1103 | } | |
1104 | } else { | |
1105 | SETERROR(text->utils, | |
1106 | "token too short"); | |
1107 | GSS_LOCK_MUTEX(params->utils); | |
1108 | gss_release_buffer(&min_stat, output_token); | |
1109 | GSS_UNLOCK_MUTEX(params->utils); | |
1110 | sasl_gss_free_context_contents(text); | |
1111 | return SASL_FAIL; | |
1112 | } | |
1131 | } | |
1132 | } | |
1113 | 1133 | |
1114 | 1134 | /* No matter what, set the rest of the oparams */ |
1115 | 1135 | |
1149 | 1169 | text->state = SASL_GSSAPI_STATE_AUTHENTICATED; |
1150 | 1170 | |
1151 | 1171 | /* used by layers */ |
1152 | _plug_decode_init(&text->decode_context, text->utils, | |
1172 | _plug_decode_init(&text->decode_context, | |
1173 | text->utils, | |
1153 | 1174 | (params->props.maxbufsize > 0xFFFFFF) ? 0xFFFFFF : |
1154 | 1175 | params->props.maxbufsize); |
1155 | 1176 | |
1178 | 1199 | | SASL_SEC_MUTUAL_AUTH /* security_flags */ |
1179 | 1200 | | SASL_SEC_PASS_CREDENTIALS, |
1180 | 1201 | SASL_FEAT_WANT_CLIENT_FIRST |
1181 | | SASL_FEAT_ALLOWS_PROXY, /* features */ | |
1202 | | SASL_FEAT_ALLOWS_PROXY | |
1203 | | SASL_FEAT_DONTUSE_USERPASSWD, /* features */ | |
1182 | 1204 | NULL, /* glob_context */ |
1183 | 1205 | &gssapi_server_mech_new, /* mech_new */ |
1184 | 1206 | &gssapi_server_mech_step, /* mech_step */ |
1347 | 1369 | } |
1348 | 1370 | |
1349 | 1371 | if (text->server_name == GSS_C_NO_NAME) { /* only once */ |
1372 | if (params->serverFQDN == NULL | |
1373 | || strlen(params->serverFQDN) == 0) { | |
1374 | SETERROR(text->utils, "GSSAPI Failure: no serverFQDN"); | |
1375 | return SASL_FAIL; | |
1376 | } | |
1350 | 1377 | name_token.length = strlen(params->service) + 1 + strlen(params->serverFQDN); |
1351 | 1378 | name_token.value = (char *)params->utils->malloc((name_token.length + 1) * sizeof(char)); |
1352 | 1379 | if (name_token.value == NULL) { |
1353 | 1380 | sasl_gss_free_context_contents(text); |
1354 | 1381 | return SASL_NOMEM; |
1355 | } | |
1356 | if (params->serverFQDN == NULL | |
1357 | || strlen(params->serverFQDN) == 0) { | |
1358 | SETERROR(text->utils, "GSSAPI Failure: no serverFQDN"); | |
1359 | return SASL_FAIL; | |
1360 | 1382 | } |
1361 | 1383 | |
1362 | 1384 | sprintf(name_token.value,"%s@%s", params->service, params->serverFQDN); |
1560 | 1582 | return SASL_FAIL; |
1561 | 1583 | } |
1562 | 1584 | |
1585 | if (output_token->length != 4) { | |
1586 | SETERROR(text->utils, | |
1587 | (output_token->length < 4) ? "token too short" : "token too long"); | |
1588 | GSS_LOCK_MUTEX(params->utils); | |
1589 | gss_release_buffer(&min_stat, output_token); | |
1590 | GSS_UNLOCK_MUTEX(params->utils); | |
1591 | sasl_gss_free_context_contents(text); | |
1592 | return SASL_FAIL; | |
1593 | } | |
1594 | ||
1563 | 1595 | /* taken from kerberos.c */ |
1564 | 1596 | if (secprops->min_ssf > (K5_MAX_SSF + external)) { |
1565 | 1597 | return SASL_TOOWEAK; |
1579 | 1611 | /* good to go */ |
1580 | 1612 | need = 0; |
1581 | 1613 | } |
1582 | ||
1614 | ||
1583 | 1615 | /* bit mask of server support */ |
1584 | 1616 | serverhas = ((char *)output_token->value)[0]; |
1585 | 1617 | |
1614 | 1646 | (((unsigned char *) output_token->value)[2] << 8) | |
1615 | 1647 | (((unsigned char *) output_token->value)[3] << 0); |
1616 | 1648 | |
1617 | if(oparams->mech_ssf) { | |
1649 | if (oparams->mech_ssf) { | |
1618 | 1650 | maj_stat = gss_wrap_size_limit( &min_stat, |
1619 | 1651 | text->gss_ctx, |
1620 | 1652 | 1, |
1622 | 1654 | (OM_uint32) oparams->maxoutbuf, |
1623 | 1655 | &max_input); |
1624 | 1656 | |
1625 | if(max_input > oparams->maxoutbuf) { | |
1657 | if (max_input > oparams->maxoutbuf) { | |
1626 | 1658 | /* Heimdal appears to get this wrong */ |
1627 | 1659 | oparams->maxoutbuf -= (max_input - oparams->maxoutbuf); |
1628 | 1660 | } else { |
1639 | 1671 | * Make sure the client actually requested it though, by checking |
1640 | 1672 | * if our context was set. |
1641 | 1673 | */ |
1642 | if (text->user && text->user[0]) | |
1674 | if (text->user && text->user[0]) { | |
1643 | 1675 | alen = strlen(oparams->user); |
1644 | else | |
1676 | } else { | |
1645 | 1677 | alen = 0; |
1678 | } | |
1646 | 1679 | |
1647 | 1680 | input_token->length = 4 + alen; |
1648 | 1681 | input_token->value = |
1656 | 1689 | memcpy((char *)input_token->value+4,oparams->user,alen); |
1657 | 1690 | |
1658 | 1691 | /* build up our security properties token */ |
1659 | if (params->props.maxbufsize > 0xFFFFFF) { | |
1660 | /* make sure maxbufsize isn't too large */ | |
1661 | /* maxbufsize = 0xFFFFFF */ | |
1662 | ((unsigned char *)input_token->value)[1] = 0xFF; | |
1663 | ((unsigned char *)input_token->value)[2] = 0xFF; | |
1664 | ((unsigned char *)input_token->value)[3] = 0xFF; | |
1665 | } else { | |
1666 | ((unsigned char *)input_token->value)[1] = | |
1667 | (params->props.maxbufsize >> 16) & 0xFF; | |
1668 | ((unsigned char *)input_token->value)[2] = | |
1669 | (params->props.maxbufsize >> 8) & 0xFF; | |
1670 | ((unsigned char *)input_token->value)[3] = | |
1671 | (params->props.maxbufsize >> 0) & 0xFF; | |
1672 | } | |
1692 | if (mychoice > 1) { | |
1693 | if (params->props.maxbufsize > 0xFFFFFF) { | |
1694 | /* make sure maxbufsize isn't too large */ | |
1695 | /* maxbufsize = 0xFFFFFF */ | |
1696 | ((unsigned char *)input_token->value)[1] = 0xFF; | |
1697 | ((unsigned char *)input_token->value)[2] = 0xFF; | |
1698 | ((unsigned char *)input_token->value)[3] = 0xFF; | |
1699 | } else { | |
1700 | ((unsigned char *)input_token->value)[1] = | |
1701 | (params->props.maxbufsize >> 16) & 0xFF; | |
1702 | ((unsigned char *)input_token->value)[2] = | |
1703 | (params->props.maxbufsize >> 8) & 0xFF; | |
1704 | ((unsigned char *)input_token->value)[3] = | |
1705 | (params->props.maxbufsize >> 0) & 0xFF; | |
1706 | } | |
1707 | } else { | |
1708 | ((unsigned char *)input_token->value)[1] = 0; | |
1709 | ((unsigned char *)input_token->value)[2] = 0; | |
1710 | ((unsigned char *)input_token->value)[3] = 0; | |
1711 | } | |
1673 | 1712 | ((unsigned char *)input_token->value)[0] = mychoice; |
1674 | 1713 | |
1675 | 1714 | GSS_LOCK_MUTEX(params->utils); |
1696 | 1735 | return SASL_FAIL; |
1697 | 1736 | } |
1698 | 1737 | |
1699 | if (clientoutlen) | |
1738 | if (clientoutlen) { | |
1700 | 1739 | *clientoutlen = output_token->length; |
1740 | } | |
1701 | 1741 | if (output_token->value) { |
1702 | 1742 | if (clientout) { |
1703 | ret = _plug_buf_alloc(text->utils, &(text->out_buf), | |
1704 | &(text->out_buf_len), *clientoutlen); | |
1743 | ret = _plug_buf_alloc(text->utils, | |
1744 | &(text->out_buf), | |
1745 | &(text->out_buf_len), | |
1746 | *clientoutlen); | |
1705 | 1747 | if (ret != SASL_OK) { |
1706 | 1748 | GSS_LOCK_MUTEX(params->utils); |
1707 | 1749 | gss_release_buffer(&min_stat, output_token); |
0 | 0 | /* Kerberos4 SASL plugin |
1 | 1 | * Rob Siemborski |
2 | 2 | * Tim Martin |
3 | * $Id: kerberos4.c,v 1.99 2005/01/10 07:08:53 shadow Exp $ | |
3 | * $Id: kerberos4.c,v 1.100 2009/03/10 16:27:52 mel Exp $ | |
4 | 4 | */ |
5 | 5 | /* |
6 | 6 | * Copyright (c) 1998-2003 Carnegie Mellon University. All rights reserved. |
114 | 114 | |
115 | 115 | /***************************** Common Section *****************************/ |
116 | 116 | |
117 | static const char plugin_id[] = "$Id: kerberos4.c,v 1.99 2005/01/10 07:08:53 shadow Exp $"; | |
117 | static const char plugin_id[] = "$Id: kerberos4.c,v 1.100 2009/03/10 16:27:52 mel Exp $"; | |
118 | 118 | |
119 | 119 | #ifndef KEYFILE |
120 | 120 | #define KEYFILE "/etc/srvtab"; |
744 | 744 | if (sparams->canon_user) { |
745 | 745 | char *user=NULL, *authid=NULL; |
746 | 746 | size_t ulen = 0, alen = strlen(text->pname); |
747 | int ret, cflag = SASL_CU_AUTHID; | |
747 | int ret, cflag = SASL_CU_AUTHID | SASL_CU_EXTERNALLY_VERIFIED; | |
748 | 748 | |
749 | 749 | if (text->pinst[0]) { |
750 | 750 | alen += strlen(text->pinst) + 1 /* for the . */; |
0 | 0 | /* $OpenLDAP: pkg/ldap/contrib/ldapsasl/ldapdb.c,v 1.1.2.7 2003/11/29 22:10:03 hyc Exp $ */ |
1 | /* SASL LDAP auxprop implementation | |
2 | * Copyright (C) 2002,2003 Howard Chu, All rights reserved. <hyc@symas.com> | |
1 | /* SASL LDAP auxprop+canonuser implementation | |
2 | * Copyright (C) 2002-2007 Howard Chu, All rights reserved. <hyc@symas.com> | |
3 | 3 | * |
4 | 4 | * Redistribution and use in source and binary forms, with or without |
5 | 5 | * modification, are permitted only as authorized by the OpenLDAP |
13 | 13 | #include <config.h> |
14 | 14 | |
15 | 15 | #include <stdio.h> |
16 | #include <ctype.h> | |
16 | 17 | |
17 | 18 | #include "sasl.h" |
18 | 19 | #include "saslutil.h" |
25 | 26 | static char ldapdb[] = "ldapdb"; |
26 | 27 | |
27 | 28 | typedef struct ldapctx { |
29 | int inited; /* Have we already read the config? */ | |
28 | 30 | const char *uri; /* URI of LDAP server */ |
29 | 31 | struct berval id; /* SASL authcid to bind as */ |
30 | 32 | struct berval pw; /* password for bind */ |
31 | 33 | struct berval mech; /* SASL mech */ |
32 | 34 | int use_tls; /* Issue StartTLS request? */ |
35 | struct berval canon; /* Use attr in user entry for canonical name */ | |
33 | 36 | } ldapctx; |
37 | ||
38 | static ldapctx ldapdb_ctx; | |
34 | 39 | |
35 | 40 | static int ldapdb_interact(LDAP *ld, unsigned flags __attribute__((unused)), |
36 | 41 | void *def, void *inter) |
78 | 83 | char *authzid; |
79 | 84 | |
80 | 85 | if((i=ldap_initialize(&cp->ld, ctx->uri))) { |
81 | return i; | |
86 | return i; | |
82 | 87 | } |
83 | 88 | |
84 | 89 | authzid = sparams->utils->malloc(ulen + sizeof("u:")); |
125 | 130 | return i; |
126 | 131 | } |
127 | 132 | |
128 | static void ldapdb_auxprop_lookup(void *glob_context, | |
133 | static int ldapdb_auxprop_lookup(void *glob_context, | |
129 | 134 | sasl_server_params_t *sparams, |
130 | 135 | unsigned flags, |
131 | 136 | const char *user, |
134 | 139 | ldapctx *ctx = glob_context; |
135 | 140 | connparm cp; |
136 | 141 | int ret, i, n, *aindx; |
142 | int result; | |
143 | int j; | |
137 | 144 | const struct propval *pr; |
138 | 145 | struct berval **bvals; |
139 | 146 | LDAPMessage *msg, *res; |
140 | 147 | char **attrs = NULL; |
141 | 148 | |
142 | if(!ctx || !sparams || !user) return; | |
149 | if(!ctx || !sparams || !user) return SASL_BADPARAM; | |
143 | 150 | |
144 | 151 | pr = sparams->utils->prop_get(sparams->propctx); |
145 | if(!pr) return; | |
152 | if (!pr) return SASL_FAIL; | |
146 | 153 | |
147 | 154 | /* count how many attrs to fetch */ |
148 | 155 | for(i = 0, n = 0; pr[i].name; i++) { |
152 | 159 | continue; |
153 | 160 | n++; |
154 | 161 | } |
162 | ||
155 | 163 | /* nothing to do, bail out */ |
156 | if (!n) return; | |
164 | if (!n) return SASL_OK; | |
157 | 165 | |
158 | 166 | /* alloc an array of attr names for search, and index to the props */ |
159 | 167 | attrs = sparams->utils->malloc((n+1)*sizeof(char *)*2); |
160 | if (!attrs) return; | |
168 | if (!attrs) { | |
169 | result = SASL_NOMEM; | |
170 | goto done; | |
171 | } | |
161 | 172 | |
162 | 173 | aindx = (int *)(attrs + n + 1); |
163 | 174 | |
174 | 185 | } |
175 | 186 | attrs[n] = NULL; |
176 | 187 | |
177 | if(ldapdb_connect(ctx, sparams, user, ulen, &cp)) { | |
178 | goto done; | |
188 | if ((ret = ldapdb_connect(ctx, sparams, user, ulen, &cp)) != LDAP_SUCCESS) { | |
189 | goto process_ldap_error; | |
179 | 190 | } |
180 | 191 | |
181 | 192 | ret = ldap_search_ext_s(cp.ld, cp.dn->bv_val+3, LDAP_SCOPE_BASE, |
182 | 193 | "(objectclass=*)", attrs, 0, cp.ctrl, NULL, NULL, 1, &res); |
183 | 194 | ber_bvfree(cp.dn); |
184 | 195 | |
185 | if (ret != LDAP_SUCCESS) goto done; | |
186 | ||
187 | for(msg=ldap_first_message(cp.ld, res); msg; msg=ldap_next_message(cp.ld, msg)) | |
188 | { | |
196 | if (ret != LDAP_SUCCESS) { | |
197 | goto process_ldap_error; | |
198 | } | |
199 | ||
200 | /* Assume no user by default */ | |
201 | ret = LDAP_NO_SUCH_OBJECT; | |
202 | ||
203 | for (msg = ldap_first_message(cp.ld, res); | |
204 | msg; | |
205 | msg = ldap_next_message(cp.ld, msg)) { | |
189 | 206 | if (ldap_msgtype(msg) != LDAP_RES_SEARCH_ENTRY) continue; |
190 | for (i=0; i<n; i++) | |
191 | { | |
207 | ||
208 | /* Presence of a search result response indicates that the user exists */ | |
209 | ret = LDAP_SUCCESS; | |
210 | ||
211 | for (i = 0; i < n; i++) { | |
192 | 212 | bvals = ldap_get_values_len(cp.ld, msg, attrs[i]); |
193 | 213 | if (!bvals) continue; |
194 | if (pr[aindx[i]].values) | |
214 | ||
215 | if (pr[aindx[i]].values) { | |
195 | 216 | sparams->utils->prop_erase(sparams->propctx, pr[aindx[i]].name); |
196 | sparams->utils->prop_set(sparams->propctx, pr[aindx[i]].name, | |
197 | bvals[0]->bv_val, bvals[0]->bv_len); | |
217 | } | |
218 | ||
219 | for ( j = 0; bvals[j] != NULL; j++ ) { | |
220 | sparams->utils->prop_set(sparams->propctx, | |
221 | pr[aindx[i]].name, | |
222 | bvals[j]->bv_val, | |
223 | bvals[j]->bv_len); | |
224 | } | |
198 | 225 | ber_bvecfree(bvals); |
199 | 226 | } |
200 | 227 | } |
201 | 228 | ldap_msgfree(res); |
202 | 229 | |
230 | process_ldap_error: | |
231 | switch (ret) { | |
232 | case LDAP_SUCCESS: | |
233 | result = SASL_OK; | |
234 | break; | |
235 | ||
236 | case LDAP_NO_SUCH_OBJECT: | |
237 | result = SASL_NOUSER; | |
238 | break; | |
239 | ||
240 | case LDAP_NO_MEMORY: | |
241 | result = SASL_NOMEM; | |
242 | break; | |
243 | ||
244 | case LDAP_SERVER_DOWN: | |
245 | case LDAP_BUSY: | |
246 | case LDAP_UNAVAILABLE: | |
247 | case LDAP_CONNECT_ERROR: | |
248 | result = SASL_UNAVAIL; | |
249 | break; | |
250 | ||
251 | case LDAP_PROXY_AUTHZ_FAILURE: | |
252 | case LDAP_INAPPROPRIATE_AUTH: | |
253 | case LDAP_INVALID_CREDENTIALS: | |
254 | case LDAP_INSUFFICIENT_ACCESS: | |
255 | result = SASL_BADAUTH; | |
256 | break; | |
257 | ||
258 | default: | |
259 | result = SASL_FAIL; | |
260 | break; | |
261 | } | |
262 | ||
203 | 263 | done: |
204 | 264 | if(attrs) sparams->utils->free(attrs); |
205 | if(cp.ld) ldap_unbind(cp.ld); | |
265 | if(cp.ld) ldap_unbind_ext(cp.ld, NULL, NULL); | |
266 | ||
267 | return result; | |
206 | 268 | } |
207 | 269 | |
208 | 270 | static int ldapdb_auxprop_store(void *glob_context, |
253 | 315 | if (i == LDAP_NO_MEMORY) i = SASL_NOMEM; |
254 | 316 | else i = SASL_FAIL; |
255 | 317 | } |
256 | if (cp.ld) ldap_unbind(cp.ld); | |
318 | if(cp.ld) ldap_unbind_ext(cp.ld, NULL, NULL); | |
257 | 319 | return i; |
258 | 320 | } |
259 | 321 | |
260 | static void ldapdb_auxprop_free(void *glob_ctx, const sasl_utils_t *utils) | |
261 | { | |
262 | utils->free(glob_ctx); | |
263 | } | |
264 | ||
265 | static sasl_auxprop_plug_t ldapdb_auxprop_plugin = { | |
266 | 0, /* Features */ | |
267 | 0, /* spare */ | |
268 | NULL, /* glob_context */ | |
269 | ldapdb_auxprop_free, /* auxprop_free */ | |
270 | ldapdb_auxprop_lookup, /* auxprop_lookup */ | |
271 | ldapdb, /* name */ | |
272 | ldapdb_auxprop_store /* auxprop store */ | |
273 | }; | |
274 | ||
275 | int ldapdb_auxprop_plug_init(const sasl_utils_t *utils, | |
276 | int max_version, | |
277 | int *out_version, | |
278 | sasl_auxprop_plug_t **plug, | |
279 | const char *plugname __attribute__((unused))) | |
280 | { | |
281 | ldapctx tmp, *p; | |
322 | static int | |
323 | ldapdb_canon_server(void *glob_context, | |
324 | sasl_server_params_t *sparams, | |
325 | const char *user, | |
326 | unsigned ulen, | |
327 | unsigned flags, | |
328 | char *out, | |
329 | unsigned out_max, | |
330 | unsigned *out_ulen) | |
331 | { | |
332 | ldapctx *ctx = glob_context; | |
333 | connparm cp; | |
334 | struct berval **bvals; | |
335 | LDAPMessage *msg, *res; | |
336 | char *rdn, *attrs[2]; | |
337 | unsigned len; | |
338 | int ret; | |
339 | ||
340 | if(!ctx || !sparams || !user) return SASL_BADPARAM; | |
341 | ||
342 | /* If no canon attribute was configured, we can't do anything */ | |
343 | if(!ctx->canon.bv_val) return SASL_BADPARAM; | |
344 | ||
345 | /* Trim whitespace */ | |
346 | while(isspace(*(unsigned char *)user)) { | |
347 | user++; | |
348 | ulen--; | |
349 | } | |
350 | while(isspace((unsigned char)user[ulen-1])) { | |
351 | ulen--; | |
352 | } | |
353 | ||
354 | if (!ulen) { | |
355 | sparams->utils->seterror(sparams->utils->conn, 0, | |
356 | "All-whitespace username."); | |
357 | return SASL_FAIL; | |
358 | } | |
359 | ||
360 | ret = ldapdb_connect(ctx, sparams, user, ulen, &cp); | |
361 | if ( ret ) goto done; | |
362 | ||
363 | /* See if the RDN uses the canon attr. If so, just use the RDN | |
364 | * value, we don't need to do a search. | |
365 | */ | |
366 | rdn = cp.dn->bv_val+3; | |
367 | if (!strncasecmp(ctx->canon.bv_val, rdn, ctx->canon.bv_len) && | |
368 | rdn[ctx->canon.bv_len] == '=') { | |
369 | char *comma; | |
370 | rdn += ctx->canon.bv_len + 1; | |
371 | comma = strchr(rdn, ','); | |
372 | if ( comma ) | |
373 | len = comma - rdn; | |
374 | else | |
375 | len = cp.dn->bv_len - (rdn - cp.dn->bv_val); | |
376 | if ( len > out_max ) | |
377 | len = out_max; | |
378 | memcpy(out, rdn, len); | |
379 | out[len] = '\0'; | |
380 | *out_ulen = len; | |
381 | ret = SASL_OK; | |
382 | ber_bvfree(cp.dn); | |
383 | goto done; | |
384 | } | |
385 | ||
386 | /* Have to read the user's entry */ | |
387 | attrs[0] = ctx->canon.bv_val; | |
388 | attrs[1] = NULL; | |
389 | ret = ldap_search_ext_s(cp.ld, cp.dn->bv_val+3, LDAP_SCOPE_BASE, | |
390 | "(objectclass=*)", attrs, 0, cp.ctrl, NULL, NULL, 1, &res); | |
391 | ber_bvfree(cp.dn); | |
392 | ||
393 | if (ret != LDAP_SUCCESS) goto done; | |
394 | ||
395 | for(msg=ldap_first_message(cp.ld, res); msg; msg=ldap_next_message(cp.ld, msg)) | |
396 | { | |
397 | if (ldap_msgtype(msg) != LDAP_RES_SEARCH_ENTRY) continue; | |
398 | bvals = ldap_get_values_len(cp.ld, msg, attrs[0]); | |
399 | if (!bvals) continue; | |
400 | len = bvals[0]->bv_len; | |
401 | if ( len > out_max ) | |
402 | len = out_max; | |
403 | memcpy(out, bvals[0]->bv_val, len); | |
404 | *out_ulen = len; | |
405 | ber_bvecfree(bvals); | |
406 | } | |
407 | ldap_msgfree(res); | |
408 | ||
409 | done: | |
410 | if(cp.ld) ldap_unbind_ext(cp.ld, NULL, NULL); | |
411 | if (ret) { | |
412 | sparams->utils->seterror(sparams->utils->conn, 0, | |
413 | ldap_err2string(ret)); | |
414 | if (ret == LDAP_NO_MEMORY) ret = SASL_NOMEM; | |
415 | else ret = SASL_FAIL; | |
416 | } | |
417 | return ret; | |
418 | } | |
419 | ||
420 | static int | |
421 | ldapdb_canon_client(void *glob_context, | |
422 | sasl_client_params_t *cparams, | |
423 | const char *user, | |
424 | unsigned ulen, | |
425 | unsigned flags, | |
426 | char *out, | |
427 | unsigned out_max, | |
428 | unsigned *out_ulen) | |
429 | { | |
430 | if(!cparams || !user) return SASL_BADPARAM; | |
431 | ||
432 | /* Trim whitespace */ | |
433 | while(isspace(*(unsigned char *)user)) { | |
434 | user++; | |
435 | ulen--; | |
436 | } | |
437 | while(isspace((unsigned char)user[ulen-1])) { | |
438 | ulen--; | |
439 | } | |
440 | ||
441 | if (!ulen) { | |
442 | cparams->utils->seterror(cparams->utils->conn, 0, | |
443 | "All-whitespace username."); | |
444 | return SASL_FAIL; | |
445 | } | |
446 | memcpy(out, user, ulen); | |
447 | out[ulen] = '\0'; | |
448 | *out_ulen = ulen; | |
449 | return SASL_OK; | |
450 | } | |
451 | ||
452 | static int | |
453 | ldapdb_config(const sasl_utils_t *utils) | |
454 | { | |
455 | ldapctx *p = &ldapdb_ctx; | |
282 | 456 | const char *s; |
283 | 457 | unsigned len; |
284 | 458 | |
285 | if(!out_version || !plug) return SASL_BADPARAM; | |
286 | ||
287 | if(max_version < SASL_AUXPROP_PLUG_VERSION) return SASL_BADVERS; | |
288 | ||
289 | memset(&tmp, 0, sizeof(tmp)); | |
290 | ||
291 | utils->getopt(utils->getopt_context, ldapdb, "ldapdb_uri", &tmp.uri, NULL); | |
292 | if(!tmp.uri) return SASL_BADPARAM; | |
459 | if(p->inited) return SASL_OK; | |
460 | ||
461 | utils->getopt(utils->getopt_context, ldapdb, "ldapdb_uri", &p->uri, NULL); | |
462 | if(!p->uri) return SASL_BADPARAM; | |
293 | 463 | |
294 | 464 | utils->getopt(utils->getopt_context, ldapdb, "ldapdb_id", |
295 | (const char **)&tmp.id.bv_val, &len); | |
296 | tmp.id.bv_len = len; | |
465 | (const char **)&p->id.bv_val, &len); | |
466 | p->id.bv_len = len; | |
297 | 467 | utils->getopt(utils->getopt_context, ldapdb, "ldapdb_pw", |
298 | (const char **)&tmp.pw.bv_val, &len); | |
299 | tmp.pw.bv_len = len; | |
468 | (const char **)&p->pw.bv_val, &len); | |
469 | p->pw.bv_len = len; | |
300 | 470 | utils->getopt(utils->getopt_context, ldapdb, "ldapdb_mech", |
301 | (const char **)&tmp.mech.bv_val, &len); | |
302 | tmp.mech.bv_len = len; | |
471 | (const char **)&p->mech.bv_val, &len); | |
472 | p->mech.bv_len = len; | |
303 | 473 | utils->getopt(utils->getopt_context, ldapdb, "ldapdb_starttls", &s, NULL); |
304 | 474 | if (s) |
305 | 475 | { |
306 | if (!strcasecmp(s, "demand")) tmp.use_tls = 2; | |
307 | else if (!strcasecmp(s, "try")) tmp.use_tls = 1; | |
476 | if (!strcasecmp(s, "demand")) p->use_tls = 2; | |
477 | else if (!strcasecmp(s, "try")) p->use_tls = 1; | |
308 | 478 | } |
309 | 479 | utils->getopt(utils->getopt_context, ldapdb, "ldapdb_rc", &s, &len); |
310 | 480 | if (s) |
319 | 489 | return SASL_NOMEM; |
320 | 490 | } |
321 | 491 | } |
322 | ||
323 | p = utils->malloc(sizeof(ldapctx)); | |
324 | if (!p) return SASL_NOMEM; | |
325 | *p = tmp; | |
326 | ldapdb_auxprop_plugin.glob_context = p; | |
492 | utils->getopt(utils->getopt_context, ldapdb, "ldapdb_canon_attr", | |
493 | (const char **)&p->canon.bv_val, &len); | |
494 | p->canon.bv_len = len; | |
495 | p->inited = 1; | |
496 | ||
497 | return SASL_OK; | |
498 | } | |
499 | ||
500 | static sasl_auxprop_plug_t ldapdb_auxprop_plugin = { | |
501 | 0, /* Features */ | |
502 | 0, /* spare */ | |
503 | &ldapdb_ctx, /* glob_context */ | |
504 | NULL, /* auxprop_free */ | |
505 | ldapdb_auxprop_lookup, /* auxprop_lookup */ | |
506 | ldapdb, /* name */ | |
507 | ldapdb_auxprop_store /* auxprop store */ | |
508 | }; | |
509 | ||
510 | int ldapdb_auxprop_plug_init(const sasl_utils_t *utils, | |
511 | int max_version, | |
512 | int *out_version, | |
513 | sasl_auxprop_plug_t **plug, | |
514 | const char *plugname __attribute__((unused))) | |
515 | { | |
516 | int rc; | |
517 | ||
518 | if(!out_version || !plug) return SASL_BADPARAM; | |
519 | ||
520 | if(max_version < SASL_AUXPROP_PLUG_VERSION) return SASL_BADVERS; | |
521 | ||
522 | rc = ldapdb_config(utils); | |
327 | 523 | |
328 | 524 | *out_version = SASL_AUXPROP_PLUG_VERSION; |
329 | 525 | |
330 | 526 | *plug = &ldapdb_auxprop_plugin; |
331 | 527 | |
332 | return SASL_OK; | |
333 | } | |
528 | return rc; | |
529 | } | |
530 | ||
531 | static sasl_canonuser_plug_t ldapdb_canonuser_plugin = { | |
532 | 0, /* features */ | |
533 | 0, /* spare */ | |
534 | &ldapdb_ctx, /* glob_context */ | |
535 | ldapdb, /* name */ | |
536 | NULL, /* canon_user_free */ | |
537 | ldapdb_canon_server, /* canon_user_server */ | |
538 | ldapdb_canon_client, /* canon_user_client */ | |
539 | NULL, | |
540 | NULL, | |
541 | NULL | |
542 | }; | |
543 | ||
544 | int ldapdb_canonuser_plug_init(const sasl_utils_t *utils, | |
545 | int max_version, | |
546 | int *out_version, | |
547 | sasl_canonuser_plug_t **plug, | |
548 | const char *plugname __attribute__((unused))) | |
549 | { | |
550 | int rc; | |
551 | ||
552 | if(!out_version || !plug) return SASL_BADPARAM; | |
553 | ||
554 | if(max_version < SASL_CANONUSER_PLUG_VERSION) return SASL_BADVERS; | |
555 | ||
556 | rc = ldapdb_config(utils); | |
557 | ||
558 | *out_version = SASL_CANONUSER_PLUG_VERSION; | |
559 | ||
560 | *plug = &ldapdb_canonuser_plugin; | |
561 | ||
562 | return rc; | |
563 | } |
1 | 1 | * Rob Siemborski (SASLv2 Conversion) |
2 | 2 | * contributed by Rainer Schoepf <schoepf@uni-mainz.de> |
3 | 3 | * based on PLAIN, by Tim Martin <tmartin@andrew.cmu.edu> |
4 | * $Id: login.c,v 1.27 2004/09/08 11:09:10 mel Exp $ | |
4 | * $Id: login.c,v 1.30 2008/10/30 14:19:46 mel Exp $ | |
5 | 5 | */ |
6 | 6 | /* |
7 | 7 | * Copyright (c) 1998-2003 Carnegie Mellon University. All rights reserved. |
53 | 53 | |
54 | 54 | /***************************** Common Section *****************************/ |
55 | 55 | |
56 | static const char plugin_id[] = "$Id: login.c,v 1.27 2004/09/08 11:09:10 mel Exp $"; | |
56 | static const char plugin_id[] = "$Id: login.c,v 1.30 2008/10/30 14:19:46 mel Exp $"; | |
57 | 57 | |
58 | 58 | /***************************** Server Section *****************************/ |
59 | 59 | |
168 | 168 | return SASL_NOMEM; |
169 | 169 | } |
170 | 170 | |
171 | strncpy(password->data, clientin, clientinlen); | |
171 | strncpy((char *) password->data, clientin, clientinlen); | |
172 | 172 | password->data[clientinlen] = '\0'; |
173 | 173 | password->len = clientinlen; |
174 | 174 | |
182 | 182 | /* verify_password - return sasl_ok on success */ |
183 | 183 | result = params->utils->checkpass(params->utils->conn, |
184 | 184 | oparams->authid, oparams->alen, |
185 | password->data, password->len); | |
185 | (char *) password->data, password->len); | |
186 | 186 | |
187 | 187 | if (result != SASL_OK) { |
188 | 188 | _plug_free_secret(params->utils, &password); |
233 | 233 | { |
234 | 234 | "LOGIN", /* mech_name */ |
235 | 235 | 0, /* max_ssf */ |
236 | SASL_SEC_NOANONYMOUS, /* security_flags */ | |
236 | SASL_SEC_NOANONYMOUS | |
237 | | SASL_SEC_PASS_CREDENTIALS, /* security_flags */ | |
237 | 238 | 0, /* features */ |
238 | 239 | NULL, /* glob_context */ |
239 | 240 | &login_server_mech_new, /* mech_new */ |
314 | 315 | switch (text->state) { |
315 | 316 | |
316 | 317 | case 1: { |
317 | const char *user; | |
318 | const char *user = NULL; | |
318 | 319 | int auth_result = SASL_OK; |
319 | 320 | int pass_result = SASL_OK; |
320 | 321 | int result; |
413 | 414 | } |
414 | 415 | |
415 | 416 | if (clientoutlen) *clientoutlen = text->password->len; |
416 | *clientout = text->password->data; | |
417 | *clientout = (char *) text->password->data; | |
417 | 418 | |
418 | 419 | /* set oparams */ |
419 | 420 | oparams->doneflag = 1; |
454 | 455 | { |
455 | 456 | "LOGIN", /* mech_name */ |
456 | 457 | 0, /* max_ssf */ |
457 | SASL_SEC_NOANONYMOUS, /* security_flags */ | |
458 | SASL_SEC_NOANONYMOUS | |
459 | | SASL_SEC_PASS_CREDENTIALS, /* security_flags */ | |
458 | 460 | SASL_FEAT_SERVER_FIRST, /* features */ |
459 | 461 | NULL, /* required_prompts */ |
460 | 462 | NULL, /* glob_context */ |
0 | # mechanism plugins | |
0 | 1 | for mech in anonymous crammd5 digestmd5 gssapiv2 kerberos4 login ntlm otp passdss plain srp; do |
1 | 2 | |
2 | 3 | echo " |
44 | 45 | " > ${mech}_init.c |
45 | 46 | done |
46 | 47 | |
47 | for mech in sasldb sql ldapdb; do | |
48 | # auxprop plugins | |
49 | for auxprop in sasldb sql ldapdb; do | |
48 | 50 | |
49 | 51 | echo " |
50 | 52 | #include <config.h> |
82 | 84 | } |
83 | 85 | #endif |
84 | 86 | |
85 | SASL_AUXPROP_PLUG_INIT( $mech ) | |
86 | " > ${mech}_init.c | |
87 | SASL_AUXPROP_PLUG_INIT( $auxprop ) | |
88 | " > ${auxprop}_init.c | |
87 | 89 | done |
88 | 90 | |
91 | # ldapdb is also a canon_user plugin | |
92 | echo "SASL_CANONUSER_PLUG_INIT( ldap )" >> ldapdb_init.c |
0 | 0 | /* NTLM SASL plugin |
1 | 1 | * Ken Murchison |
2 | * $Id: ntlm.c,v 1.30 2005/07/07 16:10:14 mel Exp $ | |
2 | * $Id: ntlm.c,v 1.33 2008/10/30 14:19:46 mel Exp $ | |
3 | 3 | * |
4 | 4 | * References: |
5 | 5 | * http://www.innovation.ch/java/ntlm.html |
99 | 99 | |
100 | 100 | /***************************** Common Section *****************************/ |
101 | 101 | |
102 | static const char plugin_id[] = "$Id: ntlm.c,v 1.30 2005/07/07 16:10:14 mel Exp $"; | |
102 | static const char plugin_id[] = "$Id: ntlm.c,v 1.33 2008/10/30 14:19:46 mel Exp $"; | |
103 | 103 | |
104 | 104 | #ifdef WIN32 |
105 | 105 | static ssize_t writev (SOCKET fd, const struct iovec *iov, size_t iovcnt); |
426 | 426 | HMAC_CTX ctx; |
427 | 427 | unsigned char hash[EVP_MAX_MD_SIZE]; |
428 | 428 | char *upper; |
429 | int len; | |
429 | unsigned int len; | |
430 | 430 | |
431 | 431 | /* Allocate enough space for the unicode target */ |
432 | len = (int) (strlen(authid) + xstrlen(target)); | |
432 | len = (unsigned int) (strlen(authid) + xstrlen(target)); | |
433 | 433 | if (_plug_buf_alloc(utils, buf, buflen, 2 * len + 1) != SASL_OK) { |
434 | 434 | SETERROR(utils, "cannot allocate NTLMv2 hash"); |
435 | 435 | *result = SASL_NOMEM; |
696 | 696 | |
697 | 697 | if (!iovcnt) return written; |
698 | 698 | |
699 | n = writev(fd, iov, iovcnt > iov_max ? iov_max : iovcnt); | |
699 | n = (int) writev(fd, iov, iovcnt > iov_max ? iov_max : iovcnt); | |
700 | 700 | if (n == -1) { |
701 | 701 | #ifndef WIN32 |
702 | 702 | if (errno == EINVAL && iov_max > 10) { |
1335 | 1335 | return SASL_FAIL; |
1336 | 1336 | } |
1337 | 1337 | |
1338 | *outlen = offset + 2 * xstrlen(target); | |
1338 | *outlen = offset + 2 * (unsigned) xstrlen(target); | |
1339 | 1339 | |
1340 | 1340 | if (_plug_buf_alloc(utils, buf, buflen, *outlen) != SASL_OK) { |
1341 | 1341 | SETERROR(utils, "cannot allocate NTLM challenge"); |
1369 | 1369 | sparams->utils->getopt(sparams->utils->getopt_context, |
1370 | 1370 | "NTLM", "ntlm_server", &serv, &len); |
1371 | 1371 | if (serv) { |
1372 | /* try to start a NetBIOS session with the server */ | |
1373 | sock = smb_connect_server(sparams->utils, sparams->serverFQDN, serv); | |
1372 | unsigned int i,j; | |
1373 | char *tmp, *next; | |
1374 | ||
1375 | /* strip any whitespace */ | |
1376 | if(_plug_strdup(sparams->utils, serv, &tmp, NULL) != SASL_OK) { | |
1377 | MEMERROR( sparams->utils ); | |
1378 | return SASL_NOMEM; | |
1379 | } | |
1380 | for(i=0, j=0; i<len; i++) { | |
1381 | if(!isspace(tmp[i])) tmp[j++] = tmp[i]; | |
1382 | } | |
1383 | tmp[j] = '\0'; | |
1384 | next = tmp; | |
1385 | ||
1386 | /* try to connect to a list of servers */ | |
1387 | do { | |
1388 | serv = next; | |
1389 | next = strchr(serv, ','); | |
1390 | if(next) *(next++) = '\0'; | |
1391 | /* try to start a NetBIOS session with the server */ | |
1392 | sock = smb_connect_server(sparams->utils, sparams->serverFQDN, serv); | |
1393 | } while(sock == (SOCKET) -1 && next); | |
1394 | ||
1395 | sparams->utils->free(tmp); | |
1374 | 1396 | if (sock == (SOCKET) -1) return SASL_UNAVAIL; |
1375 | 1397 | } |
1376 | 1398 | |
1571 | 1593 | sparams->utils->log(NULL, SASL_LOG_DEBUG, |
1572 | 1594 | "calculating NTv2 response"); |
1573 | 1595 | V2(resp, password, authid, domain, text->nonce, |
1574 | lm_resp + MD5_DIGEST_LENGTH, nt_resp_len - MD5_DIGEST_LENGTH, | |
1596 | nt_resp + MD5_DIGEST_LENGTH, nt_resp_len - MD5_DIGEST_LENGTH, | |
1575 | 1597 | sparams->utils, &text->out_buf, &text->out_buf_len, |
1576 | 1598 | &result); |
1577 | 1599 | |
1771 | 1793 | uint32 offset = NTLM_TYPE1_DATA_OFFSET; |
1772 | 1794 | u_char *base; |
1773 | 1795 | |
1774 | *outlen = offset + xstrlen(domain) + xstrlen(wkstn); | |
1796 | *outlen = (unsigned) (offset + xstrlen(domain) + xstrlen(wkstn)); | |
1775 | 1797 | if (_plug_buf_alloc(utils, buf, buflen, *outlen) != SASL_OK) { |
1776 | 1798 | SETERROR(utils, "cannot allocate NTLM request"); |
1777 | 1799 | return SASL_NOMEM; |
1819 | 1841 | return SASL_FAIL; |
1820 | 1842 | } |
1821 | 1843 | |
1822 | *outlen = offset + (flags & NTLM_USE_UNICODE ? 2 : 1) * | |
1823 | (xstrlen(domain) + xstrlen(user) + xstrlen(wkstn)); | |
1844 | *outlen = (unsigned) (offset + (flags & NTLM_USE_UNICODE ? 2 : 1) * | |
1845 | (xstrlen(domain) + xstrlen(user) + xstrlen(wkstn))); | |
1824 | 1846 | if (lm_resp) *outlen += NTLM_RESP_LENGTH; |
1825 | 1847 | if (nt_resp) *outlen += NTLM_RESP_LENGTH; |
1826 | 1848 | if (key) *outlen += NTLM_SESSKEY_LENGTH; |
0 | 0 | /* OTP SASL plugin |
1 | 1 | * Ken Murchison |
2 | * $Id: otp.c,v 1.36 2004/06/23 18:43:37 rjs3 Exp $ | |
2 | * $Id: otp.c,v 1.41 2009/02/14 12:45:29 mel Exp $ | |
3 | 3 | */ |
4 | 4 | /* |
5 | * Copyright (c) 1998-2003 Carnegie Mellon University. All rights reserved. | |
5 | * Copyright (c) 1998-2009 Carnegie Mellon University. All rights reserved. | |
6 | 6 | * |
7 | 7 | * Redistribution and use in source and binary forms, with or without |
8 | 8 | * modification, are permitted provided that the following conditions |
67 | 67 | |
68 | 68 | /***************************** Common Section *****************************/ |
69 | 69 | |
70 | static const char plugin_id[] = "$Id: otp.c,v 1.36 2004/06/23 18:43:37 rjs3 Exp $"; | |
70 | static const char plugin_id[] = "$Id: otp.c,v 1.41 2009/02/14 12:45:29 mel Exp $"; | |
71 | 71 | |
72 | 72 | #define OTP_SEQUENCE_MAX 9999 |
73 | 73 | #define OTP_SEQUENCE_DEFAULT 499 |
114 | 114 | * Hash the data using the given algorithm and fold it into 64 bits, |
115 | 115 | * swabbing bytes if necessary. |
116 | 116 | */ |
117 | static void otp_hash(const EVP_MD *md, char *in, int inlen, | |
117 | static void otp_hash(const EVP_MD *md, char *in, size_t inlen, | |
118 | 118 | unsigned char *out, int swab) |
119 | 119 | { |
120 | 120 | EVP_MD_CTX mdctx; |
121 | 121 | char hash[EVP_MAX_MD_SIZE]; |
122 | int i, j, hashlen; | |
122 | unsigned int i; | |
123 | int j; | |
124 | unsigned hashlen; | |
123 | 125 | |
124 | 126 | EVP_DigestInit(&mdctx, md); |
125 | 127 | EVP_DigestUpdate(&mdctx, in, inlen); |
189 | 191 | if (!is_init) { |
190 | 192 | /* check the prefix */ |
191 | 193 | if (!*c || strncmp(c, "otp-", 4)) { |
192 | SETERROR(utils, "not a OTP challenge"); | |
194 | SETERROR(utils, "not an OTP challenge"); | |
193 | 195 | return SASL_BADPROT; |
194 | 196 | } |
195 | 197 | |
402 | 404 | result = _plug_buf_alloc(params->utils, &(text->out_buf), |
403 | 405 | &(text->out_buf_len), OTP_CHALLENGE_MAX+1); |
404 | 406 | if (result != SASL_OK) return result; |
405 | ||
407 | ||
406 | 408 | /* create challenge - return sasl_continue on success */ |
407 | 409 | result = opiechallenge(&text->opie, text->authid, text->out_buf); |
408 | 410 | |
531 | 533 | | SASL_SEC_NOANONYMOUS |
532 | 534 | | SASL_SEC_FORWARD_SECRECY, |
533 | 535 | SASL_FEAT_WANT_CLIENT_FIRST |
536 | | SASL_FEAT_DONTUSE_USERPASSWD | |
534 | 537 | | SASL_FEAT_ALLOWS_PROXY, |
535 | 538 | NULL, |
536 | 539 | &otp_server_mech_new, |
582 | 585 | const char *alg, unsigned seq, char *seed, char *otp, |
583 | 586 | time_t timeout, sasl_secret_t **secret) |
584 | 587 | { |
585 | unsigned sec_len; | |
588 | size_t sec_len; | |
586 | 589 | unsigned char *data; |
587 | 590 | char buf[2*OTP_HASH_SIZE+1]; |
588 | 591 | |
600 | 603 | return SASL_NOMEM; |
601 | 604 | } |
602 | 605 | |
603 | (*secret)->len = sec_len; | |
606 | (*secret)->len = (unsigned) sec_len; | |
604 | 607 | data = (*secret)->data; |
605 | 608 | |
606 | 609 | bin2hex(otp, OTP_HASH_SIZE, buf); |
690 | 693 | char *c, *word, buf[OTP_RESPONSE_MAX+1]; |
691 | 694 | void *base; |
692 | 695 | int nmemb; |
693 | long x = 0; | |
696 | unsigned long x = 0; | |
694 | 697 | unsigned char bits[OTP_HASH_SIZE+1]; /* 1 for checksum */ |
695 | 698 | unsigned char chksum; |
696 | 699 | int bit, fbyte, lbyte; |
728 | 731 | sizeof(const char*), |
729 | 732 | strptrcasecmp); |
730 | 733 | if (str_ptr) { |
731 | x = str_ptr - otp_std_dict; | |
734 | x = (unsigned long) (str_ptr - otp_std_dict); | |
732 | 735 | } |
733 | 736 | else if (i == 0) { |
734 | 737 | /* couldn't find first word, try alternate dictionary */ |
990 | 993 | if (result < 0 || |
991 | 994 | (!auxprop_values[0].name || !auxprop_values[0].values)) { |
992 | 995 | /* We didn't find this username */ |
993 | params->utils->seterror(params->utils->conn,0, | |
994 | "no OTP secret in database"); | |
996 | SETERROR(params->utils, "no OTP secret in database"); | |
995 | 997 | result = params->transition ? SASL_TRANS : SASL_NOUSER; |
996 | 998 | return (result); |
997 | 999 | } |
1005 | 1007 | |
1006 | 1008 | if (result != SASL_OK) return result; |
1007 | 1009 | } else { |
1008 | params->utils->seterror(params->utils->conn, 0, | |
1009 | "don't have a OTP secret"); | |
1010 | SETERROR(params->utils, "don't have an OTP secret"); | |
1010 | 1011 | return SASL_FAIL; |
1011 | 1012 | } |
1012 | 1013 | |
1089 | 1090 | text->alg->name, text->seq-1, text->seed); |
1090 | 1091 | |
1091 | 1092 | *serverout = text->out_buf; |
1092 | *serveroutlen = strlen(text->out_buf); | |
1093 | *serveroutlen = (unsigned) strlen(text->out_buf); | |
1093 | 1094 | |
1094 | 1095 | text->state = 2; |
1095 | 1096 | |
1154 | 1155 | params->utils->prop_dispose(&propctx); |
1155 | 1156 | |
1156 | 1157 | if (result) { |
1157 | params->utils->seterror(params->utils->conn, 0, | |
1158 | "Error putting OTP secret"); | |
1158 | SETERROR(params->utils, "Error putting OTP secret"); | |
1159 | 1159 | } |
1160 | 1160 | |
1161 | 1161 | text->locked = 0; |
1285 | 1285 | return SASL_NOMECH; |
1286 | 1286 | } |
1287 | 1287 | |
1288 | r = _plug_parseuser(sparams->utils, &user_only, &realm, sparams->user_realm, | |
1289 | sparams->serverFQDN, userstr); | |
1288 | r = _plug_parseuser(sparams->utils, | |
1289 | &user_only, | |
1290 | &realm, | |
1291 | sparams->user_realm, | |
1292 | sparams->serverFQDN, | |
1293 | userstr); | |
1290 | 1294 | if (r) { |
1291 | sparams->utils->seterror(sparams->utils->conn, 0, | |
1292 | "OTP: Error parsing user"); | |
1295 | SETERROR(sparams->utils, "OTP: Error parsing user"); | |
1293 | 1296 | return r; |
1294 | 1297 | } |
1295 | 1298 | |
1363 | 1366 | sparams->utils->prop_dispose(&propctx); |
1364 | 1367 | |
1365 | 1368 | if (r) { |
1366 | sparams->utils->seterror(sparams->utils->conn, 0, | |
1367 | "Error putting OTP secret"); | |
1369 | SETERROR(sparams->utils, "Error putting OTP secret"); | |
1368 | 1370 | goto cleanup; |
1369 | 1371 | } |
1370 | 1372 | |
1387 | 1389 | /* Do we have a backend that can store properties? */ |
1388 | 1390 | if (!sparams->utils->auxprop_store || |
1389 | 1391 | sparams->utils->auxprop_store(NULL, NULL, NULL) != SASL_OK) { |
1390 | SETERROR(sparams->utils, "OTP: auxprop backend can't store properties"); | |
1392 | sparams->utils->log(NULL, | |
1393 | SASL_LOG_DEBUG, | |
1394 | "OTP: auxprop backend can't store properties"); | |
1391 | 1395 | return SASL_NOMECH; |
1392 | 1396 | } |
1393 | 1397 | |
1451 | 1455 | |
1452 | 1456 | char *out_buf; |
1453 | 1457 | unsigned out_buf_len; |
1458 | ||
1459 | char challenge[OTP_CHALLENGE_MAX+1]; | |
1454 | 1460 | } client_context_t; |
1455 | 1461 | |
1456 | 1462 | static int otp_client_mech_new(void *glob_context __attribute__((unused)), |
1595 | 1601 | sasl_out_params_t *oparams) |
1596 | 1602 | { |
1597 | 1603 | int echo_result = SASL_OK; |
1598 | char challenge[OTP_CHALLENGE_MAX+1]; | |
1599 | 1604 | int result; |
1600 | 1605 | |
1601 | 1606 | if (serverinlen > OTP_CHALLENGE_MAX) { |
1604 | 1609 | } |
1605 | 1610 | |
1606 | 1611 | /* we can't assume that challenge is null-terminated */ |
1607 | strncpy(challenge, serverin, serverinlen); | |
1608 | challenge[serverinlen] = '\0'; | |
1609 | ||
1610 | /* try to get the one-time password if we don't ave the secret */ | |
1612 | strncpy(text->challenge, serverin, serverinlen); | |
1613 | text->challenge[serverinlen] = '\0'; | |
1614 | ||
1615 | /* try to get the one-time password if we don't have the secret */ | |
1611 | 1616 | if ((text->password == NULL) && (text->otpassword == NULL)) { |
1612 | echo_result = _plug_challenge_prompt(params->utils, SASL_CB_ECHOPROMPT, | |
1613 | challenge, | |
1617 | echo_result = _plug_challenge_prompt(params->utils, | |
1618 | SASL_CB_ECHOPROMPT, | |
1619 | text->challenge, | |
1614 | 1620 | "Please enter your one-time password", |
1615 | &text->otpassword, prompt_need); | |
1621 | &text->otpassword, | |
1622 | prompt_need); | |
1616 | 1623 | |
1617 | 1624 | if ((echo_result != SASL_OK) && (echo_result != SASL_INTERACT)) |
1618 | 1625 | return echo_result; |
1628 | 1635 | if (echo_result == SASL_INTERACT) { |
1629 | 1636 | /* make the prompt list */ |
1630 | 1637 | result = |
1631 | _plug_make_prompts(params->utils, prompt_need, | |
1632 | NULL, NULL, | |
1633 | NULL, NULL, | |
1634 | NULL, NULL, | |
1635 | challenge, echo_result == SASL_INTERACT ? | |
1636 | "Please enter your one-time password" : NULL, | |
1638 | _plug_make_prompts(params->utils, | |
1639 | prompt_need, | |
1637 | 1640 | NULL, |
1638 | NULL, NULL, NULL); | |
1641 | NULL, | |
1642 | NULL, | |
1643 | NULL, | |
1644 | NULL, | |
1645 | NULL, | |
1646 | text->challenge, | |
1647 | "Please enter your one-time password", | |
1648 | NULL, | |
1649 | NULL, | |
1650 | NULL, | |
1651 | NULL); | |
1639 | 1652 | if (result != SASL_OK) return result; |
1640 | 1653 | |
1641 | 1654 | return SASL_INTERACT; |
1644 | 1657 | /* the application provided us with a one-time password so use it */ |
1645 | 1658 | if (text->otpassword) { |
1646 | 1659 | *clientout = text->otpassword; |
1647 | *clientoutlen = strlen(text->otpassword); | |
1648 | } | |
1649 | ||
1660 | *clientoutlen = (unsigned) strlen(text->otpassword); | |
1661 | } | |
1650 | 1662 | /* generate our own response using the user's secret pass-phrase */ |
1651 | 1663 | else { |
1652 | 1664 | algorithm_option_t *alg; |
1657 | 1669 | |
1658 | 1670 | /* parse challenge */ |
1659 | 1671 | result = parse_challenge(params->utils, |
1660 | challenge, &alg, &seq, seed, 0); | |
1672 | text->challenge, | |
1673 | &alg, | |
1674 | &seq, | |
1675 | seed, | |
1676 | 0); | |
1661 | 1677 | if (result != SASL_OK) return result; |
1662 | 1678 | |
1663 | 1679 | if (!text->password) { |
1720 | 1736 | } |
1721 | 1737 | |
1722 | 1738 | *clientout = text->out_buf; |
1723 | *clientoutlen = strlen(text->out_buf); | |
1739 | *clientoutlen = (unsigned) strlen(text->out_buf); | |
1724 | 1740 | } |
1725 | 1741 | |
1726 | 1742 | /* set oparams */ |
0 | 0 | /* PASSDSS-3DES-1 SASL plugin |
1 | 1 | * Ken Murchison |
2 | * $Id: passdss.c,v 1.4 2006/04/24 19:21:44 mel Exp $ | |
2 | * $Id: passdss.c,v 1.5 2008/10/29 17:59:41 murch Exp $ | |
3 | 3 | */ |
4 | 4 | /* |
5 | 5 | * Copyright (c) 1998-2004 Carnegie Mellon University. All rights reserved. |
82 | 82 | |
83 | 83 | /***************************** Common Section *****************************/ |
84 | 84 | |
85 | static const char plugin_id[] = "$Id: passdss.c,v 1.4 2006/04/24 19:21:44 mel Exp $"; | |
85 | static const char plugin_id[] = "$Id: passdss.c,v 1.5 2008/10/29 17:59:41 murch Exp $"; | |
86 | 86 | |
87 | 87 | const char g[] = "2"; |
88 | 88 | const char N[] = "FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD129024E088A67CC74020BBEA63B139B22514A08798E3404DDEF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7EDEE386BFB5A899FA5AE9F24117C4B1FE649286651ECE65381FFFFFFFFFFFFFFFF"; |
1169 | 1169 | | SASL_SEC_NOACTIVE |
1170 | 1170 | | SASL_SEC_NODICTIONARY |
1171 | 1171 | | SASL_SEC_FORWARD_SECRECY |
1172 | | SASL_SEC_PASS_CREDENTIALS | |
1172 | 1173 | | SASL_SEC_MUTUAL_AUTH, /* security_flags */ |
1173 | 1174 | SASL_FEAT_WANT_CLIENT_FIRST |
1174 | 1175 | | SASL_FEAT_ALLOWS_PROXY, /* features */ |
1645 | 1646 | | SASL_SEC_NOACTIVE |
1646 | 1647 | | SASL_SEC_NODICTIONARY |
1647 | 1648 | | SASL_SEC_FORWARD_SECRECY |
1649 | | SASL_SEC_PASS_CREDENTIALS | |
1648 | 1650 | | SASL_SEC_MUTUAL_AUTH, /* security_flags */ |
1649 | 1651 | SASL_FEAT_WANT_CLIENT_FIRST |
1650 | 1652 | | SASL_FEAT_ALLOWS_PROXY, /* features */ |
0 | 0 | /* Plain SASL plugin |
1 | 1 | * Rob Siemborski |
2 | 2 | * Tim Martin |
3 | * $Id: plain.c,v 1.64 2004/09/08 11:06:11 mel Exp $ | |
3 | * $Id: plain.c,v 1.67 2009/06/10 16:05:19 mel Exp $ | |
4 | 4 | */ |
5 | 5 | /* |
6 | 6 | * Copyright (c) 1998-2003 Carnegie Mellon University. All rights reserved. |
56 | 56 | |
57 | 57 | /***************************** Common Section *****************************/ |
58 | 58 | |
59 | static const char plugin_id[] = "$Id: plain.c,v 1.64 2004/09/08 11:06:11 mel Exp $"; | |
59 | static const char plugin_id[] = "$Id: plain.c,v 1.67 2009/06/10 16:05:19 mel Exp $"; | |
60 | 60 | |
61 | 61 | /***************************** Server Section *****************************/ |
62 | 62 | |
89 | 89 | const char *authen; |
90 | 90 | const char *password; |
91 | 91 | unsigned password_len; |
92 | unsigned lup=0; | |
92 | unsigned lup = 0; | |
93 | 93 | int result; |
94 | 94 | char *passcopy; |
95 | ||
95 | unsigned canon_flags = 0; | |
96 | ||
96 | 97 | *serverout = NULL; |
97 | 98 | *serveroutlen = 0; |
98 | 99 | |
145 | 146 | |
146 | 147 | /* Canonicalize userid first, so that password verification is only |
147 | 148 | * against the canonical id */ |
148 | if (!author || !*author) | |
149 | if (!author || !*author) { | |
149 | 150 | author = authen; |
150 | ||
151 | canon_flags = SASL_CU_AUTHZID; | |
152 | } else if (strcmp(author, authen) == 0) { | |
153 | /* While this isn't going to find out that <user> and <user>@<defaultdomain> | |
154 | are the same thing, this is good enough for many cases */ | |
155 | canon_flags = SASL_CU_AUTHZID; | |
156 | } | |
157 | ||
151 | 158 | result = params->canon_user(params->utils->conn, |
152 | authen, 0, SASL_CU_AUTHID, oparams); | |
159 | authen, | |
160 | 0, | |
161 | SASL_CU_AUTHID | canon_flags, | |
162 | oparams); | |
153 | 163 | if (result != SASL_OK) { |
154 | 164 | _plug_free_string(params->utils, &passcopy); |
155 | 165 | return result; |
156 | 166 | } |
157 | ||
158 | /* verify password - return sasl_ok on success*/ | |
167 | ||
168 | /* verify password (and possibly fetch both authentication and | |
169 | authorization identity related properties) - return SASL_OK | |
170 | on success */ | |
159 | 171 | result = params->utils->checkpass(params->utils->conn, |
160 | oparams->authid, oparams->alen, | |
161 | passcopy, password_len); | |
172 | oparams->authid, | |
173 | oparams->alen, | |
174 | passcopy, | |
175 | password_len); | |
162 | 176 | |
163 | 177 | _plug_free_string(params->utils, &passcopy); |
164 | 178 | |
171 | 185 | /* Canonicalize and store the authorization ID */ |
172 | 186 | /* We need to do this after calling verify_user just in case verify_user |
173 | 187 | * needed to get auxprops itself */ |
174 | result = params->canon_user(params->utils->conn, | |
175 | author, 0, SASL_CU_AUTHZID, oparams); | |
176 | if (result != SASL_OK) return result; | |
177 | ||
188 | if (canon_flags == 0) { | |
189 | const struct propval *pr; | |
190 | int i; | |
191 | ||
192 | pr = params->utils->prop_get(params->propctx); | |
193 | if (!pr) { | |
194 | return SASL_FAIL; | |
195 | } | |
196 | ||
197 | /* params->utils->checkpass() might have fetched authorization identity related properties | |
198 | for the wrong user name. Free these values. */ | |
199 | for (i = 0; pr[i].name; i++) { | |
200 | if (pr[i].name[0] == '*') { | |
201 | continue; | |
202 | } | |
203 | ||
204 | if (pr[i].values) { | |
205 | params->utils->prop_erase(params->propctx, pr[i].name); | |
206 | } | |
207 | } | |
208 | ||
209 | result = params->canon_user(params->utils->conn, | |
210 | author, | |
211 | 0, | |
212 | SASL_CU_AUTHZID, | |
213 | oparams); | |
214 | if (result != SASL_OK) { | |
215 | return result; | |
216 | } | |
217 | } | |
218 | ||
178 | 219 | /* set oparams */ |
179 | 220 | oparams->doneflag = 1; |
180 | 221 | oparams->mech_ssf = 0; |
193 | 234 | { |
194 | 235 | "PLAIN", /* mech_name */ |
195 | 236 | 0, /* max_ssf */ |
196 | SASL_SEC_NOANONYMOUS, /* security_flags */ | |
237 | SASL_SEC_NOANONYMOUS | |
238 | | SASL_SEC_PASS_CREDENTIALS, /* security_flags */ | |
197 | 239 | SASL_FEAT_WANT_CLIENT_FIRST |
198 | 240 | | SASL_FEAT_ALLOWS_PROXY, /* features */ |
199 | 241 | NULL, /* glob_context */ |
413 | 455 | { |
414 | 456 | "PLAIN", /* mech_name */ |
415 | 457 | 0, /* max_ssf */ |
416 | SASL_SEC_NOANONYMOUS, /* security_flags */ | |
458 | SASL_SEC_NOANONYMOUS | |
459 | | SASL_SEC_PASS_CREDENTIALS, /* security_flags */ | |
417 | 460 | SASL_FEAT_WANT_CLIENT_FIRST |
418 | 461 | | SASL_FEAT_ALLOWS_PROXY, /* features */ |
419 | 462 | NULL, /* required_prompts */ |
0 | 0 | /* Generic SASL plugin utility functions |
1 | 1 | * Rob Siemborski |
2 | * $Id: plugin_common.c,v 1.20 2004/06/23 18:43:37 rjs3 Exp $ | |
2 | * $Id: plugin_common.c,v 1.21 2008/10/29 13:10:38 mel Exp $ | |
3 | 3 | */ |
4 | 4 | /* |
5 | 5 | * Copyright (c) 1998-2003 Carnegie Mellon University. All rights reserved. |
289 | 289 | { |
290 | 290 | if(!utils || !secret || !(*secret)) return; |
291 | 291 | |
292 | utils->erasebuffer((*secret)->data, (*secret)->len); | |
292 | utils->erasebuffer((char *)(*secret)->data, (*secret)->len); | |
293 | 293 | utils->free(*secret); |
294 | 294 | *secret = NULL; |
295 | 295 | } |
0 | 0 | /* SASL server API implementation |
1 | 1 | * Rob Siemborski |
2 | 2 | * Tim Martin |
3 | * $Id: sasldb.c,v 1.11 2006/04/03 10:58:19 mel Exp $ | |
3 | * $Id: sasldb.c,v 1.17 2009/03/10 14:37:03 mel Exp $ | |
4 | 4 | */ |
5 | 5 | /* |
6 | 6 | * Copyright (c) 1998-2003 Carnegie Mellon University. All rights reserved. |
55 | 55 | |
56 | 56 | #include "plugin_common.h" |
57 | 57 | |
58 | static void sasldb_auxprop_lookup(void *glob_context __attribute__((unused)), | |
58 | static int sasldb_auxprop_lookup(void *glob_context __attribute__((unused)), | |
59 | 59 | sasl_server_params_t *sparams, |
60 | 60 | unsigned flags, |
61 | 61 | const char *user, |
69 | 69 | char value[8192]; |
70 | 70 | size_t value_len; |
71 | 71 | char *user_buf; |
72 | ||
73 | if(!sparams || !user) return; | |
72 | int verify_against_hashed_password; | |
73 | int saw_user_password = 0; | |
74 | ||
75 | if (!sparams || !user) return SASL_BADPARAM; | |
74 | 76 | |
75 | 77 | user_buf = sparams->utils->malloc(ulen + 1); |
76 | 78 | if(!user_buf) { |
79 | ret = SASL_NOMEM; | |
77 | 80 | goto done; |
78 | 81 | } |
79 | 82 | |
91 | 94 | if(ret != SASL_OK) goto done; |
92 | 95 | |
93 | 96 | to_fetch = sparams->utils->prop_get(sparams->propctx); |
94 | if(!to_fetch) goto done; | |
95 | ||
97 | if (!to_fetch) { | |
98 | ret = SASL_NOMEM; | |
99 | goto done; | |
100 | } | |
101 | ||
102 | verify_against_hashed_password = flags & SASL_AUXPROP_VERIFY_AGAINST_HASH; | |
103 | ||
104 | /* Use a fake value to signal that we have no property to lookup */ | |
105 | ret = SASL_CONTINUE; | |
96 | 106 | for(cur = to_fetch; cur->name; cur++) { |
107 | int cur_ret; | |
97 | 108 | const char *realname = cur->name; |
98 | 109 | |
99 | 110 | /* Only look up properties that apply to this lookup! */ |
104 | 115 | } |
105 | 116 | |
106 | 117 | /* If it's there already, we want to see if it needs to be |
107 | * overridden */ | |
108 | if(cur->values && !(flags & SASL_AUXPROP_OVERRIDE)) | |
118 | * overridden. userPassword is a special case, because it's value | |
119 | is always present if SASL_AUXPROP_VERIFY_AGAINST_HASH is specified. | |
120 | When SASL_AUXPROP_VERIFY_AGAINST_HASH is set, we just clear userPassword. */ | |
121 | if (cur->values && !(flags & SASL_AUXPROP_OVERRIDE) && | |
122 | (verify_against_hashed_password == 0 || | |
123 | strcasecmp(realname, SASL_AUX_PASSWORD_PROP) != 0)) { | |
109 | 124 | continue; |
110 | else if(cur->values) | |
125 | } else if (cur->values) { | |
111 | 126 | sparams->utils->prop_erase(sparams->propctx, cur->name); |
112 | ||
113 | ret = _sasldb_getdata(sparams->utils, | |
127 | } | |
128 | ||
129 | if (strcasecmp(realname, SASL_AUX_PASSWORD_PROP) == 0) { | |
130 | saw_user_password = 1; | |
131 | } | |
132 | ||
133 | cur_ret = _sasldb_getdata(sparams->utils, | |
114 | 134 | sparams->utils->conn, userid, realm, |
115 | 135 | realname, value, sizeof(value), &value_len); |
116 | if(ret != SASL_OK) { | |
136 | ||
137 | /* Assumption: cur_ret is never SASL_CONTINUE */ | |
138 | ||
139 | /* If this is the first property we've tried to fetch ==> | |
140 | always set the global error code. | |
141 | If we had SASL_NOUSER ==> any other error code overrides it | |
142 | (including SASL_NOUSER). */ | |
143 | if (ret == SASL_CONTINUE || ret == SASL_NOUSER) { | |
144 | ret = cur_ret; | |
145 | } else if (ret == SASL_OK) { | |
146 | /* Any error code other than SASL_NOUSER overrides SASL_OK. | |
147 | (And SASL_OK overrides SASL_OK as well) */ | |
148 | if (cur_ret != SASL_NOUSER) { | |
149 | ret = cur_ret; | |
150 | } | |
151 | } | |
152 | /* Any other global error code is left as is */ | |
153 | ||
154 | if (cur_ret != SASL_OK) { | |
155 | if (cur_ret != SASL_NOUSER) { | |
156 | /* No point in continuing if we hit any serious error */ | |
157 | break; | |
158 | } | |
117 | 159 | /* We didn't find it, leave it as not found */ |
118 | 160 | continue; |
119 | 161 | } |
120 | 162 | |
121 | 163 | sparams->utils->prop_set(sparams->propctx, cur->name, |
122 | 164 | value, (unsigned) value_len); |
165 | } | |
166 | ||
167 | /* [Keep in sync with LDAPDB, SQL] | |
168 | If ret is SASL_CONTINUE, it means that no properties were requested | |
169 | (or maybe some were requested, but they already have values and | |
170 | SASL_AUXPROP_OVERRIDE flag is not set). | |
171 | Always return SASL_OK in this case. */ | |
172 | if (ret == SASL_CONTINUE) { | |
173 | ret = SASL_OK; | |
174 | } | |
175 | ||
176 | if (flags & SASL_AUXPROP_AUTHZID) { | |
177 | /* This is a lie, but the caller can't handle | |
178 | when we return SASL_NOUSER for authorization identity lookup. */ | |
179 | if (ret == SASL_NOUSER) { | |
180 | ret = SASL_OK; | |
181 | } | |
182 | } else { | |
183 | if (ret == SASL_NOUSER && saw_user_password == 0) { | |
184 | /* Verify user existence by checking presence of | |
185 | the userPassword attribute */ | |
186 | ret = _sasldb_getdata(sparams->utils, | |
187 | sparams->utils->conn, | |
188 | userid, | |
189 | realm, | |
190 | SASL_AUX_PASSWORD_PROP, | |
191 | value, | |
192 | sizeof(value), | |
193 | &value_len); | |
194 | } | |
123 | 195 | } |
124 | 196 | |
125 | 197 | done: |
126 | 198 | if (userid) sparams->utils->free(userid); |
127 | 199 | if (realm) sparams->utils->free(realm); |
128 | 200 | if (user_buf) sparams->utils->free(user_buf); |
201 | ||
202 | return ret; | |
129 | 203 | } |
130 | 204 | |
131 | 205 | static int sasldb_auxprop_store(void *glob_context __attribute__((unused)), |
138 | 212 | char *realm = NULL; |
139 | 213 | const char *user_realm = NULL; |
140 | 214 | int ret = SASL_FAIL; |
141 | int tmp_res; | |
142 | 215 | const struct propval *to_store, *cur; |
143 | 216 | char *user_buf; |
144 | 217 | |
172 | 245 | goto done; |
173 | 246 | } |
174 | 247 | |
175 | /* All iterations return SASL_NOUSER ==> ret = SASL_NOUSER | |
176 | Some iterations return SASL_OK and some SASL_NOUSER ==> ret = SASL_OK | |
177 | At least one iteration returns any other error ==> ret = the error */ | |
178 | ret = SASL_NOUSER; | |
179 | for(cur = to_store; cur->name; cur++) { | |
180 | /* We only support one value at a time right now. */ | |
181 | tmp_res = _sasldb_putdata(sparams->utils, sparams->utils->conn, | |
182 | userid, realm, cur->name, | |
183 | cur->values && cur->values[0] ? | |
184 | cur->values[0] : NULL, | |
185 | cur->values && cur->values[0] ? | |
186 | strlen(cur->values[0]) : 0); | |
187 | /* SASL_NOUSER is returned when _sasldb_putdata fails to delete | |
188 | a non-existent entry, which should not be treated as an error */ | |
189 | if ((tmp_res != SASL_NOUSER) && | |
190 | (ret == SASL_NOUSER || ret == SASL_OK)) { | |
191 | ret = tmp_res; | |
192 | } | |
193 | ||
194 | /* Abort the loop if an error has occurred */ | |
195 | if (ret != SASL_NOUSER && ret != SASL_OK) { | |
196 | break; | |
197 | } | |
248 | ret = SASL_OK; | |
249 | for (cur = to_store; cur->name; cur++) { | |
250 | char * value = (cur->values && cur->values[0]) ? cur->values[0] : NULL; | |
251 | ||
252 | if (cur->name[0] == '*') { | |
253 | continue; | |
254 | } | |
255 | ||
256 | /* WARN: We only support one value right now. */ | |
257 | ret = _sasldb_putdata(sparams->utils, | |
258 | sparams->utils->conn, | |
259 | userid, | |
260 | realm, | |
261 | cur->name, | |
262 | value, | |
263 | value ? strlen(value) : 0); | |
264 | ||
265 | if (value == NULL && ret == SASL_NOUSER) { | |
266 | /* Deleting something which is not there is not an error */ | |
267 | ret = SASL_OK; | |
268 | } | |
269 | ||
270 | if (ret != SASL_OK) { | |
271 | /* We've already failed, no point in continuing */ | |
272 | break; | |
273 | } | |
198 | 274 | } |
199 | 275 | |
200 | 276 | done: |
229 | 305 | if(_sasl_check_db(utils, NULL) != SASL_OK) |
230 | 306 | return SASL_NOMECH; |
231 | 307 | |
308 | /* Check if libsasl API is older than ours. If it is, fail */ | |
232 | 309 | if(max_version < SASL_AUXPROP_PLUG_VERSION) return SASL_BADVERS; |
233 | 310 | |
234 | 311 | *out_version = SASL_AUXPROP_PLUG_VERSION; |
6 | 6 | ** Simon Loader -- original mysql plugin |
7 | 7 | ** Patrick Welche -- original pgsql plugin |
8 | 8 | ** |
9 | ** $Id: sql.c,v 1.29 2006/04/07 13:42:16 jeaton Exp $ | |
9 | ** $Id: sql.c,v 1.38 2009/04/11 10:48:07 mel Exp $ | |
10 | 10 | ** |
11 | 11 | */ |
12 | 12 | |
466 | 466 | sqlite_close((sqlite*)db); |
467 | 467 | } |
468 | 468 | #endif /* HAVE_SQLITE */ |
469 | ||
470 | #ifdef HAVE_SQLITE3 | |
471 | #include <sqlite3.h> | |
472 | ||
473 | static void *_sqlite3_open(char *host __attribute__((unused)), | |
474 | char *port __attribute__((unused)), | |
475 | int usessl __attribute__((unused)), | |
476 | const char *user __attribute__((unused)), | |
477 | const char *password __attribute__((unused)), | |
478 | const char *database, const sasl_utils_t *utils) | |
479 | { | |
480 | int rc; | |
481 | sqlite3 *db; | |
482 | char *zErrMsg = NULL; | |
483 | ||
484 | rc = sqlite3_open(database, &db); | |
485 | if (SQLITE_OK != rc) { | |
486 | if (db) | |
487 | utils->log(NULL, SASL_LOG_ERR, "sql plugin: %s", sqlite3_errmsg(db)); | |
488 | else | |
489 | utils->log(NULL, SASL_LOG_ERR, "sql plugin: %d", rc); | |
490 | sqlite3_close(db); | |
491 | return NULL; | |
492 | } | |
493 | ||
494 | rc = sqlite3_exec(db, "PRAGMA empty_result_callbacks = ON", NULL, NULL, &zErrMsg); | |
495 | if (rc != SQLITE_OK) { | |
496 | if (zErrMsg) { | |
497 | utils->log(NULL, SASL_LOG_ERR, "sql plugin: %s", zErrMsg); | |
498 | sqlite3_free(zErrMsg); | |
499 | } else | |
500 | utils->log(NULL, SASL_LOG_DEBUG, "sql plugin: %d", rc); | |
501 | sqlite3_close(db); | |
502 | return NULL; | |
503 | } | |
504 | ||
505 | return (void*)db; | |
506 | } | |
507 | ||
508 | static int _sqlite3_escape_str(char *to, const char *from) | |
509 | { | |
510 | char s; | |
511 | ||
512 | while ( (s = *from++) != '\0' ) { | |
513 | if (s == '\'' || s == '\\') { | |
514 | *to++ = '\\'; | |
515 | } | |
516 | *to++ = s; | |
517 | } | |
518 | *to = '\0'; | |
519 | ||
520 | return 0; | |
521 | } | |
522 | ||
523 | static int sqlite3_my_callback(void *pArg, int argc __attribute__((unused)), | |
524 | char **argv, | |
525 | char **columnNames __attribute__((unused))) | |
526 | { | |
527 | char **result = (char**)pArg; | |
528 | ||
529 | if (argv == NULL) { | |
530 | *result = NULL; /* no record */ | |
531 | } else if (argv[0] == NULL) { | |
532 | *result = strdup(SQL_NULL_VALUE); /* NULL IS SQL_NULL_VALUE */ | |
533 | } else { | |
534 | *result = strdup(argv[0]); | |
535 | } | |
536 | ||
537 | return 0; | |
538 | } | |
539 | ||
540 | static int _sqlite3_exec(void *db, | |
541 | const char *cmd, | |
542 | char *value, | |
543 | size_t size, | |
544 | size_t *value_len, | |
545 | const sasl_utils_t *utils) | |
546 | { | |
547 | int rc; | |
548 | char *result = NULL; | |
549 | char *zErrMsg = NULL; | |
550 | ||
551 | rc = sqlite3_exec((sqlite3*)db, cmd, sqlite3_my_callback, (void*)&result, &zErrMsg); | |
552 | if (rc != SQLITE_OK) { | |
553 | if (zErrMsg) { | |
554 | utils->log(NULL, SASL_LOG_DEBUG, "sql plugin: %s", zErrMsg); | |
555 | sqlite3_free(zErrMsg); | |
556 | } else { | |
557 | utils->log(NULL, SASL_LOG_DEBUG, "sql plugin: %d", rc); | |
558 | } | |
559 | return -1; | |
560 | } | |
561 | ||
562 | if (value == NULL && rc == SQLITE_OK) { | |
563 | /* no results (BEGIN, COMMIT, DELETE, INSERT, UPDATE) */ | |
564 | return 0; | |
565 | } | |
566 | ||
567 | if (result == NULL) { | |
568 | /* umm nothing found */ | |
569 | utils->log(NULL, SASL_LOG_NOTE, "sql plugin: no result found"); | |
570 | return -1; | |
571 | } | |
572 | ||
573 | /* XXX: Duplication cannot be found by this method. */ | |
574 | ||
575 | /* now get the result set value and value_len */ | |
576 | /* we only fetch one because we don't care about the rest */ | |
577 | if (value) { | |
578 | strncpy(value, result, size - 2); | |
579 | value[size - 1] = '\0'; | |
580 | if (value_len) { | |
581 | *value_len = strlen(value); | |
582 | } | |
583 | } | |
584 | ||
585 | free(result); | |
586 | return 0; | |
587 | } | |
588 | ||
589 | static int _sqlite3_begin_txn(void *db, const sasl_utils_t *utils) | |
590 | { | |
591 | return _sqlite3_exec(db, "BEGIN TRANSACTION;", NULL, 0, NULL, utils); | |
592 | } | |
593 | ||
594 | static int _sqlite3_commit_txn(void *db, const sasl_utils_t *utils) | |
595 | { | |
596 | return _sqlite3_exec(db, "COMMIT TRANSACTION;", NULL, 0, NULL, utils); | |
597 | } | |
598 | ||
599 | static int _sqlite3_rollback_txn(void *db, const sasl_utils_t *utils) | |
600 | { | |
601 | return _sqlite3_exec(db, "ROLLBACK TRANSACTION;", NULL, 0, NULL, utils); | |
602 | } | |
603 | ||
604 | static void _sqlite3_close(void *db) | |
605 | { | |
606 | sqlite3_close((sqlite3*)db); | |
607 | } | |
608 | #endif /* HAVE_SQLITE3 */ | |
469 | 609 | |
470 | 610 | static const sql_engine_t sql_engines[] = { |
471 | 611 | #ifdef HAVE_MYSQL |
483 | 623 | &_sqlite_begin_txn, &_sqlite_commit_txn, &_sqlite_rollback_txn, |
484 | 624 | &_sqlite_exec, &_sqlite_close }, |
485 | 625 | #endif |
626 | #ifdef HAVE_SQLITE3 | |
627 | { "sqlite3", &_sqlite3_open, &_sqlite3_escape_str, | |
628 | &_sqlite3_begin_txn, &_sqlite3_commit_txn, &_sqlite3_rollback_txn, | |
629 | &_sqlite3_exec, &_sqlite3_close }, | |
630 | #endif | |
486 | 631 | { NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL } |
487 | 632 | }; |
488 | 633 | |
496 | 641 | ** %p = prop |
497 | 642 | ** %r = realm |
498 | 643 | ** %v = value of prop |
499 | ** e.g select %p from auth where user = %p and domain = %r; | |
644 | ** e.g select %p from auth where user = %u and domain = %r; | |
500 | 645 | ** Note: calling function must free memory. |
501 | 646 | ** |
502 | 647 | */ |
515 | 660 | size_t i; |
516 | 661 | |
517 | 662 | /* calculate memory needed for creating the complete query string. */ |
518 | ulen = strlen(user); | |
519 | rlen = strlen(realm); | |
520 | plen = strlen(prop); | |
521 | vlen = sql_len(value); | |
663 | ulen = (int)strlen(user); | |
664 | rlen = (int)strlen(realm); | |
665 | plen = (int)strlen(prop); | |
666 | vlen = (int)sql_len(value); | |
522 | 667 | |
523 | 668 | /* what if we have multiple %foo occurrences in the input query? */ |
524 | 669 | for (i = 0; i < strlen(statement); i++) { |
531 | 676 | biggest = sql_max(sql_max(ulen, rlen), sql_max(plen, vlen)); |
532 | 677 | |
533 | 678 | /* plus one for the semicolon...and don't forget the trailing 0x0 */ |
534 | filtersize = strlen(statement) + 1 + (numpercents*biggest)+1; | |
679 | filtersize = (int)strlen(statement) + 1 + (numpercents*biggest)+1; | |
535 | 680 | |
536 | 681 | /* ok, now try to allocate a chunk of that size */ |
537 | 682 | buf = (char *) utils->malloc(filtersize); |
742 | 887 | return conn; |
743 | 888 | } |
744 | 889 | |
745 | static void sql_auxprop_lookup(void *glob_context, | |
890 | static int sql_auxprop_lookup(void *glob_context, | |
746 | 891 | sasl_server_params_t *sparams, |
747 | 892 | unsigned flags, |
748 | 893 | const char *user, |
755 | 900 | const struct propval *to_fetch, *cur; |
756 | 901 | char value[8192]; |
757 | 902 | size_t value_len; |
758 | ||
759 | 903 | char *user_buf; |
760 | 904 | char *query = NULL; |
761 | 905 | char *escap_userid = NULL; |
762 | 906 | char *escap_realm = NULL; |
763 | 907 | sql_settings_t *settings; |
908 | int verify_against_hashed_password; | |
909 | int saw_user_password = 0; | |
764 | 910 | void *conn = NULL; |
765 | 911 | int do_txn = 0; |
766 | ||
767 | if (!glob_context || !sparams || !user) return; | |
912 | int ret; | |
913 | ||
914 | if (!glob_context || !sparams || !user) return SASL_BADPARAM; | |
768 | 915 | |
769 | 916 | /* setup the settings */ |
770 | 917 | settings = (sql_settings_t *) glob_context; |
773 | 920 | "sql plugin Parse the username %s\n", user); |
774 | 921 | |
775 | 922 | user_buf = sparams->utils->malloc(ulen + 1); |
776 | if (!user_buf) goto done; | |
923 | if (!user_buf) { | |
924 | ret = SASL_NOMEM; | |
925 | goto done; | |
926 | } | |
777 | 927 | |
778 | 928 | memcpy(user_buf, user, ulen); |
779 | 929 | user_buf[ulen] = '\0'; |
784 | 934 | user_realm = sparams->serverFQDN; |
785 | 935 | } |
786 | 936 | |
787 | if (_plug_parseuser(sparams->utils, &userid, &realm, user_realm, | |
788 | sparams->serverFQDN, user_buf) != SASL_OK ) | |
937 | if ((ret = _plug_parseuser(sparams->utils, | |
938 | &userid, | |
939 | &realm, | |
940 | user_realm, | |
941 | sparams->serverFQDN, | |
942 | user_buf)) != SASL_OK ) { | |
789 | 943 | goto done; |
944 | } | |
790 | 945 | |
791 | 946 | /* just need to escape userid and realm now */ |
792 | 947 | /* allocate some memory */ |
794 | 949 | escap_realm = (char *)sparams->utils->malloc(strlen(realm)*2+1); |
795 | 950 | |
796 | 951 | if (!escap_userid || !escap_realm) { |
797 | MEMERROR(sparams->utils); | |
952 | ret = SASL_NOMEM; | |
798 | 953 | goto done; |
799 | 954 | } |
800 | 955 | |
803 | 958 | /* find out what we need to get */ |
804 | 959 | /* this corrupts const char *user */ |
805 | 960 | to_fetch = sparams->utils->prop_get(sparams->propctx); |
806 | if (!to_fetch) goto done; | |
961 | if (!to_fetch) { | |
962 | ret = SASL_NOMEM; | |
963 | goto done; | |
964 | } | |
807 | 965 | |
808 | 966 | conn = sql_connect(settings, sparams->utils); |
809 | 967 | if (!conn) { |
810 | 968 | sparams->utils->log(NULL, SASL_LOG_ERR, |
811 | 969 | "sql plugin couldn't connect to any host\n"); |
812 | ||
970 | /* TODO: in the future we might want to extend the internal | |
971 | SQL driver API to return a more detailed error */ | |
972 | ret = SASL_FAIL; | |
813 | 973 | goto done; |
814 | 974 | } |
815 | 975 | |
816 | 976 | /* escape out */ |
817 | 977 | settings->sql_engine->sql_escape_str(escap_userid, userid); |
818 | 978 | settings->sql_engine->sql_escape_str(escap_realm, realm); |
819 | ||
979 | ||
980 | verify_against_hashed_password = flags & SASL_AUXPROP_VERIFY_AGAINST_HASH; | |
981 | ||
982 | /* Assume that nothing is found */ | |
983 | ret = SASL_NOUSER; | |
820 | 984 | for (cur = to_fetch; cur->name; cur++) { |
821 | 985 | char *realname = (char *) cur->name; |
822 | 986 | |
832 | 996 | } |
833 | 997 | |
834 | 998 | /* If it's there already, we want to see if it needs to be |
835 | * overridden */ | |
836 | if (cur->values && !(flags & SASL_AUXPROP_OVERRIDE)) | |
999 | * overridden. userPassword is a special case, because it's value | |
1000 | is always present if SASL_AUXPROP_VERIFY_AGAINST_HASH is specified. | |
1001 | When SASL_AUXPROP_VERIFY_AGAINST_HASH is set, we just clear userPassword. */ | |
1002 | if (cur->values && !(flags & SASL_AUXPROP_OVERRIDE) && | |
1003 | (verify_against_hashed_password == 0 || | |
1004 | strcasecmp(realname, SASL_AUX_PASSWORD_PROP) != 0)) { | |
837 | 1005 | continue; |
838 | else if (cur->values) | |
1006 | } else if (cur->values) { | |
839 | 1007 | sparams->utils->prop_erase(sparams->propctx, cur->name); |
1008 | } | |
1009 | ||
1010 | if (strcasecmp(realname, SASL_AUX_PASSWORD_PROP) == 0) { | |
1011 | saw_user_password = 1; | |
1012 | } | |
840 | 1013 | |
841 | 1014 | if (!do_txn) { |
842 | 1015 | do_txn = 1; |
856 | 1029 | realname,escap_userid, |
857 | 1030 | escap_realm, NULL, |
858 | 1031 | sparams->utils); |
1032 | if (query == NULL) { | |
1033 | ret = SASL_NOMEM; | |
1034 | break; | |
1035 | } | |
859 | 1036 | |
860 | 1037 | sparams->utils->log(NULL, SASL_LOG_DEBUG, |
861 | 1038 | "sql plugin doing query %s\n", query); |
862 | 1039 | |
1040 | value[0] = '\0'; | |
1041 | value_len = 0; | |
863 | 1042 | /* run the query */ |
864 | 1043 | if (!settings->sql_engine->sql_exec(conn, query, value, sizeof(value), |
865 | 1044 | &value_len, sparams->utils)) { |
866 | sparams->utils->prop_set(sparams->propctx, cur->name, | |
867 | value, value_len); | |
1045 | sparams->utils->prop_set(sparams->propctx, | |
1046 | cur->name, | |
1047 | value, | |
1048 | (int)value_len); | |
1049 | ret = SASL_OK; | |
868 | 1050 | } |
869 | 1051 | |
870 | 1052 | sparams->utils->free(query); |
871 | 1053 | } |
1054 | ||
1055 | if (flags & SASL_AUXPROP_AUTHZID) { | |
1056 | /* This is a lie, but the caller can't handle | |
1057 | when we return SASL_NOUSER for authorization identity lookup. */ | |
1058 | if (ret == SASL_NOUSER) { | |
1059 | ret = SASL_OK; | |
1060 | } | |
1061 | } else { | |
1062 | if (ret == SASL_NOUSER && saw_user_password == 0) { | |
1063 | /* Verify user existence by checking presence of | |
1064 | the userPassword attribute */ | |
1065 | if (!do_txn) { | |
1066 | do_txn = 1; | |
1067 | sparams->utils->log(NULL, SASL_LOG_DEBUG, "begin transaction"); | |
1068 | if (settings->sql_engine->sql_begin_txn(conn, sparams->utils)) { | |
1069 | sparams->utils->log(NULL, SASL_LOG_ERR, | |
1070 | "Unable to begin transaction\n"); | |
1071 | } | |
1072 | } | |
1073 | ||
1074 | sparams->utils->log(NULL, SASL_LOG_DEBUG, | |
1075 | "sql plugin create statement from %s %s %s\n", | |
1076 | SASL_AUX_PASSWORD_PROP, | |
1077 | escap_userid, | |
1078 | escap_realm); | |
1079 | ||
1080 | /* create a statement that we will use */ | |
1081 | query = sql_create_statement(settings->sql_select, | |
1082 | SASL_AUX_PASSWORD_PROP, | |
1083 | escap_userid, | |
1084 | escap_realm, | |
1085 | NULL, | |
1086 | sparams->utils); | |
1087 | if (query == NULL) { | |
1088 | ret = SASL_NOMEM; | |
1089 | } else { | |
1090 | sparams->utils->log(NULL, SASL_LOG_DEBUG, | |
1091 | "sql plugin doing query %s\n", query); | |
1092 | ||
1093 | value[0] = '\0'; | |
1094 | value_len = 0; | |
1095 | /* run the query */ | |
1096 | if (!settings->sql_engine->sql_exec(conn, | |
1097 | query, | |
1098 | value, | |
1099 | sizeof(value), | |
1100 | &value_len, | |
1101 | sparams->utils)) { | |
1102 | ret = SASL_OK; | |
1103 | } | |
1104 | ||
1105 | sparams->utils->free(query); | |
1106 | } | |
1107 | } | |
1108 | } | |
1109 | ||
872 | 1110 | |
873 | 1111 | if (do_txn) { |
874 | 1112 | sparams->utils->log(NULL, SASL_LOG_DEBUG, "commit transaction"); |
875 | 1113 | if (settings->sql_engine->sql_commit_txn(conn, sparams->utils)) { |
876 | 1114 | sparams->utils->log(NULL, SASL_LOG_ERR, |
877 | 1115 | "Unable to commit transaction\n"); |
1116 | /* Failure of the commit is non fatal when reading values */ | |
878 | 1117 | } |
879 | 1118 | } |
880 | 1119 | |
885 | 1124 | if (userid) sparams->utils->free(userid); |
886 | 1125 | if (realm) sparams->utils->free(realm); |
887 | 1126 | if (user_buf) sparams->utils->free(user_buf); |
1127 | ||
1128 | return (ret); | |
888 | 1129 | } |
889 | 1130 | |
890 | 1131 | static int sql_auxprop_store(void *glob_context, |
974 | 1215 | "Unable to begin transaction\n"); |
975 | 1216 | } |
976 | 1217 | for (cur = to_store; ret == SASL_OK && cur->name; cur++) { |
1218 | ||
1219 | if (cur->name[0] == '*') { | |
1220 | continue; | |
1221 | } | |
1222 | ||
977 | 1223 | /* determine which command we need */ |
978 | 1224 | /* see if we already have a row for this user */ |
979 | 1225 | statement = sql_create_statement(settings->sql_select, |
112 | 112 | LIB_PGSQL = @LIB_PGSQL@ |
113 | 113 | LIB_SOCKET = @LIB_SOCKET@ |
114 | 114 | LIB_SQLITE = @LIB_SQLITE@ |
115 | LIB_SQLITE3 = @LIB_SQLITE3@ | |
115 | 116 | LN_S = @LN_S@ |
116 | 117 | LTGETADDRINFOOBJS = @LTGETADDRINFOOBJS@ |
117 | 118 | LTGETNAMEINFOOBJS = @LTGETNAMEINFOOBJS@ |
132 | 132 | LIB_PGSQL = @LIB_PGSQL@ |
133 | 133 | LIB_SOCKET = @LIB_SOCKET@ |
134 | 134 | LIB_SQLITE = @LIB_SQLITE@ |
135 | LIB_SQLITE3 = @LIB_SQLITE3@ | |
135 | 136 | LN_S = @LN_S@ |
136 | 137 | LTGETADDRINFOOBJS = @LTGETADDRINFOOBJS@ |
137 | 138 | LTGETNAMEINFOOBJS = @LTGETNAMEINFOOBJS@ |
59 | 59 | server.exe: $(server_objs) $(common_objs) |
60 | 60 | $(LINK32EXE) @<< $(LINK32EXE_FLAGS) /pdb:"server.pdb" /out:"server.exe" $(server_objs) $(common_objs) |
61 | 61 | << |
62 | IF EXIST $@.manifest mt -manifest $@.manifest -outputresource:$@;1 | |
62 | 63 | |
63 | 64 | client.exe: $(client_objs) $(common_objs) |
64 | 65 | $(LINK32EXE) @<< $(LINK32EXE_FLAGS) /pdb:"client.pdb" /out:"client.exe" $(client_objs) $(common_objs) |
65 | 66 | << |
67 | IF EXIST $@.manifest mt -manifest $@.manifest -outputresource:$@;1 | |
66 | 68 | |
67 | 69 | sample-server.exe: $(sample_server_objs) |
68 | 70 | $(LINK32EXE) @<< $(LINK32EXE_FLAGS) /pdb:"sample-server.pdb" /out:"sample-server.exe" $(sample_server_objs) |
69 | 71 | << |
72 | IF EXIST $@.manifest mt -manifest $@.manifest -outputresource:$@;1 | |
70 | 73 | |
71 | 74 | sample-client.exe: $(sample_client_objs) |
72 | 75 | $(LINK32EXE) @<< $(LINK32EXE_FLAGS) /pdb:"sample-client.pdb" /out:"sample-client.exe" $(sample_client_objs) |
73 | 76 | << |
77 | IF EXIST $@.manifest mt -manifest $@.manifest -outputresource:$@;1 | |
74 | 78 | |
75 | 79 | getaddrinfo.c: ..\lib\getaddrinfo.c |
76 | 80 | copy ..\lib\getaddrinfo.c . |
83 | 87 | -@erase "*.idb" |
84 | 88 | -@erase "*.pch" |
85 | 89 | -@erase "*.pdb" |
90 | -@erase "*.manifest" | |
86 | 91 | -@erase $(all_out) |
87 | 92 | -@erase getaddrinfo.c |
88 | 93 |
0 | 0 | /* sample-client.c -- sample SASL client |
1 | 1 | * Rob Earhart |
2 | * $Id: sample-client.c,v 1.31 2004/10/26 11:14:33 mel Exp $ | |
2 | * $Id: sample-client.c,v 1.32 2009/05/04 21:35:51 mel Exp $ | |
3 | 3 | */ |
4 | 4 | /* |
5 | 5 | * Copyright (c) 1998-2003 Carnegie Mellon University. All rights reserved. |
394 | 394 | unsigned len; |
395 | 395 | int result; |
396 | 396 | |
397 | if (! fgets(buf, SAMPLE_SEC_BUF_SIZE, stdin) | |
398 | || strncmp(buf, "S: ", 3)) | |
397 | if (! fgets(buf, SAMPLE_SEC_BUF_SIZE, stdin)) { | |
399 | 398 | fail("Unable to parse input"); |
399 | } | |
400 | ||
401 | if (strncmp(buf, "S: ", 3) != 0) { | |
402 | fail("Line must start with 'S: '"); | |
403 | } | |
404 | ||
405 | len = strlen(buf); | |
406 | if (len > 0 && buf[len-1] == '\n') { | |
407 | buf[len-1] = '\0'; | |
408 | } | |
409 | ||
400 | 410 | result = sasl_decode64(buf + 3, (unsigned) strlen(buf + 3), buf, |
401 | 411 | SAMPLE_SEC_BUF_SIZE, &len); |
402 | 412 | if (result != SASL_OK) |
0 | 0 | /* sample-server.c -- sample SASL server |
1 | 1 | * Rob Earhart |
2 | * $Id: sample-server.c,v 1.31 2004/10/26 11:14:34 mel Exp $ | |
2 | * $Id: sample-server.c,v 1.33 2009/05/04 21:35:51 mel Exp $ | |
3 | 3 | */ |
4 | 4 | /* |
5 | 5 | * Copyright (c) 1998-2003 Carnegie Mellon University. All rights reserved. |
253 | 253 | unsigned len; |
254 | 254 | int result; |
255 | 255 | |
256 | if (! fgets(buf, SAMPLE_SEC_BUF_SIZE, stdin)) | |
256 | if (! fgets(buf, SAMPLE_SEC_BUF_SIZE, stdin)) { | |
257 | 257 | fail("Unable to parse input"); |
258 | ||
259 | if (strncmp(buf, "C: ", 3)!=0) | |
258 | } | |
259 | ||
260 | if (strncmp(buf, "C: ", 3) != 0) { | |
260 | 261 | fail("Line must start with 'C: '"); |
262 | } | |
261 | 263 | |
264 | len = strlen(buf); | |
265 | if (len > 0 && buf[len-1] == '\n') { | |
266 | buf[len-1] = '\0'; | |
267 | } | |
268 | ||
262 | 269 | result = sasl_decode64(buf + 3, (unsigned) strlen(buf + 3), buf, |
263 | 270 | SAMPLE_SEC_BUF_SIZE, &len); |
264 | 271 | if (result != SASL_OK) |
548 | 555 | if (strlen(buf) < len) { |
549 | 556 | /* Hmm, there's an initial response here */ |
550 | 557 | data = buf + strlen(buf) + 1; |
551 | len = len - strlen(buf) - 1; | |
558 | len = len - (unsigned) strlen(buf) - 1; | |
552 | 559 | } else { |
553 | 560 | data = NULL; |
554 | 561 | len = 0; |
842 | 842 | ]) |
843 | 843 | |
844 | 844 | dnl |
845 | dnl $Id: c-attribute.m4,v 1.3 2003/10/08 20:35:24 rjs3 Exp $ | |
845 | dnl $Id: c-attribute.m4,v 1.4 2007/08/30 16:57:55 murch Exp $ | |
846 | 846 | dnl |
847 | 847 | |
848 | 848 | dnl |
854 | 854 | AC_CACHE_VAL(ac_cv___attribute__, [ |
855 | 855 | AC_TRY_COMPILE([ |
856 | 856 | #include <stdlib.h> |
857 | ], | |
858 | [ | |
859 | 857 | static void foo(void) __attribute__ ((noreturn)); |
860 | 858 | |
861 | 859 | static void |
864 | 862 | exit(1); |
865 | 863 | } |
866 | 864 | ], |
865 | [ | |
866 | ], | |
867 | 867 | ac_cv___attribute__=yes, |
868 | 868 | ac_cv___attribute__=no)]) |
869 | 869 | if test "$ac_cv___attribute__" = "yes"; then |
875 | 875 | |
876 | 876 | dnl |
877 | 877 | dnl Additional macros for configure.in packaged up for easier theft. |
878 | dnl $Id: cyrus.m4,v 1.4 2003/10/08 20:35:24 rjs3 Exp $ | |
878 | dnl $Id: cyrus.m4,v 1.5 2009/03/31 04:09:47 brong Exp $ | |
879 | 879 | dnl tjs@andrew.cmu.edu 6-may-1998 |
880 | 880 | dnl |
881 | 881 | |
886 | 886 | dnl (so the runpath for shared libraries is set). |
887 | 887 | AC_DEFUN([CMU_ADD_LIBPATH], [ |
888 | 888 | # this is CMU ADD LIBPATH |
889 | if test "$andrew_runpath_switch" = "none" ; then | |
889 | if test "$andrew_cv_runpath_switch" = "none" ; then | |
890 | 890 | LDFLAGS="-L$1 ${LDFLAGS}" |
891 | 891 | else |
892 | LDFLAGS="-L$1 $andrew_runpath_switch$1 ${LDFLAGS}" | |
892 | LDFLAGS="-L$1 $andrew_cv_runpath_switch$1 ${LDFLAGS}" | |
893 | 893 | fi |
894 | 894 | ]) |
895 | 895 | |
897 | 897 | dnl (so the runpath for shared libraries is set). |
898 | 898 | AC_DEFUN([CMU_ADD_LIBPATH_TO], [ |
899 | 899 | # this is CMU ADD LIBPATH TO |
900 | if test "$andrew_runpath_switch" = "none" ; then | |
900 | if test "$andrew_cv_runpath_switch" = "none" ; then | |
901 | 901 | $2="-L$1 ${$2}" |
902 | 902 | else |
903 | $2="-L$1 ${$2} $andrew_runpath_switch$1" | |
903 | $2="-L$1 ${$2} $andrew_cv_runpath_switch$1" | |
904 | 904 | fi |
905 | 905 | ]) |
906 | 906 | |
907 | 907 | dnl runpath initialization |
908 | 908 | AC_DEFUN([CMU_GUESS_RUNPATH_SWITCH], [ |
909 | 909 | # CMU GUESS RUNPATH SWITCH |
910 | AC_CACHE_CHECK(for runpath switch, andrew_runpath_switch, [ | |
910 | AC_CACHE_CHECK(for runpath switch, andrew_cv_runpath_switch, [ | |
911 | 911 | # first, try -R |
912 | 912 | SAVE_LDFLAGS="${LDFLAGS}" |
913 | 913 | LDFLAGS="-R /usr/lib" |
914 | AC_TRY_LINK([],[],[andrew_runpath_switch="-R"], [ | |
914 | AC_TRY_LINK([],[],[andrew_cv_runpath_switch="-R"], [ | |
915 | 915 | LDFLAGS="-Wl,-rpath,/usr/lib" |
916 | AC_TRY_LINK([],[],[andrew_runpath_switch="-Wl,-rpath,"], | |
917 | [andrew_runpath_switch="none"]) | |
916 | AC_TRY_LINK([],[],[andrew_cv_runpath_switch="-Wl,-rpath,"], | |
917 | [andrew_cv_runpath_switch="none"]) | |
918 | 918 | ]) |
919 | 919 | LDFLAGS="${SAVE_LDFLAGS}" |
920 | 920 | ])]) |
1211 | 1211 | if test "$krb4" != no; then |
1212 | 1212 | AC_MSG_RESULT(enabled) |
1213 | 1213 | SASL_MECHS="$SASL_MECHS libkerberos4.la" |
1214 | SASL_STATIC_SRCS="$SASL_STATIC_SRCS ../plugins/kerberos4.c" | |
1214 | SASL_STATIC_SRCS="$SASL_STATIC_SRCS \$(top_srcdir)/plugins/kerberos4.c" | |
1215 | 1215 | SASL_STATIC_OBJS="$SASL_STATIC_OBJS kerberos4.o" |
1216 | 1216 | AC_DEFINE(STATIC_KERBEROS4,[],[User KERBEROS_V4 Staticly]) |
1217 | 1217 | AC_DEFINE(HAVE_KRB,[],[Do we have Kerberos 4 Support?]) |
1225 | 1225 | |
1226 | 1226 | # sasl2.m4--sasl2 libraries and includes |
1227 | 1227 | # Rob Siemborski |
1228 | # $Id: sasl2.m4,v 1.52 2006/05/18 19:25:00 murch Exp $ | |
1228 | # $Id: sasl2.m4,v 1.54 2009/05/20 12:24:48 murch Exp $ | |
1229 | 1229 | |
1230 | 1230 | # SASL2_CRYPT_CHK |
1231 | 1231 | # --------------- |
1287 | 1287 | fi |
1288 | 1288 | fi |
1289 | 1289 | fi |
1290 | AC_CHECK_HEADER([gssapi.h], | |
1291 | [AC_DEFINE(HAVE_GSSAPI_H,, | |
1292 | [Define if you have the gssapi.h header file])], | |
1290 | AC_CHECK_HEADER([gssapi.h],, | |
1293 | 1291 | [AC_CHECK_HEADER([gssapi/gssapi.h],, |
1294 | 1292 | [AC_WARN([Disabling GSSAPI - no include files found]); gssapi=no])]) |
1295 | 1293 | |
1298 | 1296 | fi |
1299 | 1297 | |
1300 | 1298 | if test "$gssapi" != no; then |
1299 | if test "$ac_cv_header_gssapi_h" = "yes" -o "$ac_cv_header_gssapi_gssapi_h" = "yes"; then | |
1300 | AC_DEFINE(HAVE_GSSAPI_H,,[Define if you have the gssapi.h header file]) | |
1301 | fi | |
1302 | ||
1301 | 1303 | # We need to find out which gssapi implementation we are |
1302 | 1304 | # using. Supported alternatives are: MIT Kerberos 5, |
1303 | 1305 | # Heimdal Kerberos 5 (http://www.pdc.kth.se/heimdal), |
1475 | 1477 | AC_CHECK_LIB(resolv,res_search,GSSAPIBASE_LIBS="$GSSAPIBASE_LIBS -lresolv") |
1476 | 1478 | SASL_MECHS="$SASL_MECHS libgssapiv2.la" |
1477 | 1479 | SASL_STATIC_OBJS="$SASL_STATIC_OBJS gssapi.o" |
1478 | SASL_STATIC_SRCS="$SASL_STATIC_SRCS ../plugins/gssapi.c" | |
1480 | SASL_STATIC_SRCS="$SASL_STATIC_SRCS \$(top_srcdir)/plugins/gssapi.c" | |
1479 | 1481 | |
1480 | 1482 | cmu_save_LIBS="$LIBS" |
1481 | 1483 | LIBS="$LIBS $GSSAPIBASE_LIBS" |
1792 | 1794 | |
1793 | 1795 | SASL_DB_BACKEND="db_${dblib}.lo" |
1794 | 1796 | SASL_DB_BACKEND_STATIC="db_${dblib}.o allockey.o" |
1795 | SASL_DB_BACKEND_STATIC_SRCS="../sasldb/db_${dblib}.c ../sasldb/allockey.c" | |
1797 | SASL_DB_BACKEND_STATIC_SRCS="\$(top_srcdir)/sasldb/db_${dblib}.c \$(top_srcdir)/sasldb/allockey.c" | |
1796 | 1798 | SASL_DB_UTILS="saslpasswd2 sasldblistusers2" |
1797 | 1799 | SASL_DB_MANS="saslpasswd2.8 sasldblistusers2.8" |
1798 | 1800 | |
1815 | 1817 | dnl will just fail to load anyway. |
1816 | 1818 | SASL_DB_BACKEND="db_none.lo" |
1817 | 1819 | SASL_DB_BACKEND_STATIC="db_none.o" |
1818 | SASL_DB_BACKEND_STATIC_SRCS="../sasldb/db_none.c" | |
1820 | SASL_DB_BACKEND_STATIC_SRCS="\$(top_srcdir)/sasldb/db_none.c" | |
1819 | 1821 | SASL_DB_UTILS="" |
1820 | 1822 | SASL_DB_MANS="" |
1821 | 1823 | SASL_DB_LIB="" |
1824 | 1826 | |
1825 | 1827 | if test "$enable_static" = yes; then |
1826 | 1828 | if test "$dblib" != "none"; then |
1827 | SASL_STATIC_SRCS="$SASL_STATIC_SRCS ../plugins/sasldb.c $SASL_DB_BACKEND_STATIC_SRCS" | |
1829 | SASL_STATIC_SRCS="$SASL_STATIC_SRCS \$(top_srcdir)/plugins/sasldb.c $SASL_DB_BACKEND_STATIC_SRCS" | |
1828 | 1830 | SASL_STATIC_OBJS="$SASL_STATIC_OBJS sasldb.o $SASL_DB_BACKEND_STATIC" |
1829 | 1831 | AC_DEFINE(STATIC_SASLDB,[],[Link SASLdb Staticly]) |
1830 | 1832 | else |
1850 | 1852 | AC_MSG_RESULT($dbpath) |
1851 | 1853 | AC_DEFINE_UNQUOTED(SASL_DB_PATH, "$dbpath", [Path to default SASLdb database])]) |
1852 | 1854 | |
1853 | dnl $Id: berkdb.m4,v 1.20 2005/04/26 19:14:07 shadow Exp $ | |
1855 | dnl $Id: berkdb.m4,v 1.22 2007/08/15 17:18:01 murch Exp $ | |
1854 | 1856 | |
1855 | 1857 | AC_DEFUN([CMU_DB_INC_WHERE1], [ |
1856 | 1858 | saved_CPPFLAGS=$CPPFLAGS |
2065 | 2067 | fi |
2066 | 2068 | |
2067 | 2069 | saved_LIBS=$LIBS |
2068 | for dbname in db-4.4 db4.4 db44 db-4.3 db4.3 db43 db-4.2 db4.2 db42 db-4.1 db4.1 db41 db-4.0 db4.0 db-4 db40 db4 db-3.3 db3.3 db33 db-3.2 db3.2 db32 db-3.1 db3.1 db31 db-3 db30 db3 db | |
2070 | for dbname in ${with_bdb} db-4.6 db4.6 db46 db-4.5 db4.5 db45 db-4.4 db4.4 db44 db-4.3 db4.3 db43 db-4.2 db4.2 db42 db-4.1 db4.1 db41 db-4.0 db4.0 db-4 db40 db4 db-3.3 db3.3 db33 db-3.2 db3.2 db32 db-3.1 db3.1 db31 db-3 db30 db3 db | |
2069 | 2071 | do |
2070 | 2072 | LIBS="$saved_LIBS -l$dbname" |
2071 | AC_TRY_LINK([#include <db.h>], | |
2073 | AC_TRY_LINK([#include <stdio.h> | |
2074 | #include <db.h>], | |
2072 | 2075 | [db_create(NULL, NULL, 0);], |
2073 | 2076 | BDB_LIBADD="$BDB_LIBADD -l$dbname"; dblib="berkeley"; dbname=db, |
2074 | 2077 | dblib="no") |
2076 | 2079 | done |
2077 | 2080 | if test "$dblib" = "no"; then |
2078 | 2081 | LIBS="$saved_LIBS -ldb" |
2079 | AC_TRY_LINK([#include <db.h>], | |
2082 | AC_TRY_LINK([#include <stdio.h> | |
2083 | #include <db.h>], | |
2080 | 2084 | [db_open(NULL, 0, 0, 0, NULL, NULL, NULL);], |
2081 | 2085 | BDB_LIBADD="$BDB_LIBADD -ldb"; dblib="berkeley"; dbname=db, |
2082 | 2086 | dblib="no") |
31 | 31 | * END SYNOPSIS */ |
32 | 32 | |
33 | 33 | #ifdef __GNUC__ |
34 | #ident "$Id: auth_getpwent.c,v 1.7 2005/01/27 04:39:52 shadow Exp $" | |
34 | #ident "$Id: auth_getpwent.c,v 1.9 2009/02/13 14:23:26 mel Exp $" | |
35 | 35 | #endif |
36 | 36 | |
37 | 37 | /* PUBLIC DEPENDENCIES */ |
40 | 40 | #include <string.h> |
41 | 41 | #include <pwd.h> |
42 | 42 | |
43 | #ifdef HAVE_CRYPT_H | |
44 | #include <crypt.h> | |
45 | #endif | |
46 | ||
43 | 47 | # ifdef WITH_DES |
44 | 48 | # ifdef WITH_SSL_DES |
49 | # ifndef OPENSSL_DISABLE_OLD_DES_SUPPORT | |
50 | # define OPENSSL_DISABLE_OLD_DES_SUPPORT | |
51 | # endif | |
45 | 52 | # include <openssl/des.h> |
46 | 53 | # else |
47 | 54 | # include <des.h> |
48 | 55 | # endif /* WITH_SSL_DES */ |
49 | 56 | # endif /* WITH_DES */ |
50 | ||
51 | #ifdef HAVE_CRYPT_H | |
52 | #include <crypt.h> | |
53 | #endif | |
54 | 57 | /* END PUBLIC DEPENDENCIES */ |
55 | 58 | |
56 | 59 | #define RETURN(x) return strdup(x) |
27 | 27 | * END COPYRIGHT */ |
28 | 28 | |
29 | 29 | #ifdef __GNUC__ |
30 | #ident "$Id: auth_krb5.c,v 1.17 2005/02/14 05:50:49 shadow Exp $" | |
30 | #ident "$Id: auth_krb5.c,v 1.18 2008/01/23 15:39:34 murch Exp $" | |
31 | 31 | #endif |
32 | 32 | |
33 | 33 | /* ok, this is wrong but the most convenient way of doing |
253 | 253 | |
254 | 254 | #else /* !KRB5_HEIMDAL */ |
255 | 255 | |
256 | static void k5support_log_err(krb5_context context, | |
257 | krb5_error_code code, | |
258 | char const *msg) | |
259 | { | |
260 | const char *k5_msg = krb5_get_error_message(context, code); | |
261 | ||
262 | syslog(LOG_DEBUG, "auth_krb5: %s: %s (%d)\n", msg, k5_msg, code); | |
263 | krb5_free_error_message(context, k5_msg); | |
264 | } | |
265 | ||
256 | 266 | /* returns 0 for failure, 1 for success */ |
257 | 267 | static int k5support_verify_tgt(krb5_context context, |
258 | 268 | krb5_ccache ccache) |
268 | 278 | |
269 | 279 | memset(&packet, 0, sizeof(packet)); |
270 | 280 | |
271 | if (krb5_sname_to_principal(context, NULL, verify_principal, | |
272 | KRB5_NT_SRV_HST, &server)) { | |
281 | if ((k5_retcode = krb5_sname_to_principal(context, NULL, verify_principal, | |
282 | KRB5_NT_SRV_HST, &server))) { | |
283 | k5support_log_err(context, k5_retcode, "krb5_sname_to_principal()"); | |
273 | 284 | return 0; |
274 | 285 | } |
275 | 286 | |
276 | 287 | if (keytabname) { |
277 | if (krb5_kt_resolve(context, keytabname, &kt)) { | |
288 | if ((k5_retcode = krb5_kt_resolve(context, keytabname, &kt))) { | |
289 | k5support_log_err(context, k5_retcode, "krb5_kt_resolve()"); | |
278 | 290 | goto fini; |
279 | 291 | } |
280 | 292 | } |
281 | 293 | |
282 | if (krb5_kt_read_service_key(context, kt, server, 0, | |
283 | 0, &keyblock)) { | |
294 | if ((k5_retcode = krb5_kt_read_service_key(context, kt, server, 0, | |
295 | 0, &keyblock))) { | |
296 | k5support_log_err(context, k5_retcode, "krb5_kt_read_service_key()"); | |
284 | 297 | goto fini; |
285 | 298 | } |
286 | 299 | |
296 | 309 | } |
297 | 310 | thishost[BUFSIZ-1] = '\0'; |
298 | 311 | |
299 | k5_retcode = krb5_mk_req(context, &auth_context, 0, verify_principal, | |
300 | thishost, NULL, ccache, &packet); | |
312 | if ((k5_retcode = krb5_mk_req(context, &auth_context, 0, verify_principal, | |
313 | thishost, NULL, ccache, &packet))) { | |
314 | k5support_log_err(context, k5_retcode, "krb5_mk_req()"); | |
315 | } | |
301 | 316 | |
302 | 317 | if (auth_context) { |
303 | 318 | krb5_auth_con_free(context, auth_context); |
308 | 323 | goto fini; |
309 | 324 | } |
310 | 325 | |
311 | if (krb5_rd_req(context, &auth_context, &packet, | |
312 | server, NULL, NULL, NULL)) { | |
326 | if ((k5_retcode = krb5_rd_req(context, &auth_context, &packet, | |
327 | server, NULL, NULL, NULL))) { | |
328 | k5support_log_err(context, k5_retcode, "krb5_rd_req()"); | |
313 | 329 | goto fini; |
314 | 330 | } |
315 | 331 |
52 | 52 | * END SYNOPSIS */ |
53 | 53 | |
54 | 54 | #ifdef __GNUC__ |
55 | #ident "$Id: auth_rimap.c,v 1.12 2006/04/06 20:19:54 jeaton Exp $" | |
55 | #ident "$Id: auth_rimap.c,v 1.13 2008/01/23 19:54:54 murch Exp $" | |
56 | 56 | #endif |
57 | 57 | |
58 | 58 | /* PUBLIC DEPENDENCIES */ |
161 | 161 | num_quotes = 0; |
162 | 162 | p1 = s; |
163 | 163 | while ((p1 = strchr(p1, '"')) != NULL) { |
164 | p1++; | |
164 | 165 | num_quotes++; |
165 | 166 | } |
166 | 167 | |
437 | 438 | syslog(LOG_WARNING, "auth_rimap: writev: %m"); |
438 | 439 | memset(qlogin, 0, strlen(qlogin)); |
439 | 440 | free(qlogin); |
440 | memset(qpass, 0, strlen(qlogin)); | |
441 | memset(qpass, 0, strlen(qpass)); | |
441 | 442 | free(qpass); |
442 | 443 | (void)close(s); |
443 | 444 | return strdup(RESP_IERROR); |
446 | 447 | /* don't need these any longer */ |
447 | 448 | memset(qlogin, 0, strlen(qlogin)); |
448 | 449 | free(qlogin); |
449 | memset(qpass, 0, strlen(qlogin)); | |
450 | memset(qpass, 0, strlen(qpass)); | |
450 | 451 | free(qpass); |
451 | 452 | |
452 | 453 | /* read and parse the LOGIN response */ |
31 | 31 | * END SYNOPSIS */ |
32 | 32 | |
33 | 33 | #ifdef __GNUC__ |
34 | #ident "$Id: auth_sasldb.c,v 1.5 2002/07/27 18:44:46 rjs3 Exp $" | |
34 | #ident "$Id: auth_sasldb.c,v 1.6 2009/02/20 22:08:56 mel Exp $" | |
35 | 35 | #endif |
36 | 36 | |
37 | 37 | /* PUBLIC DEPENDENCIES */ |
40 | 40 | #include <string.h> |
41 | 41 | #include <stdlib.h> |
42 | 42 | #include <pwd.h> |
43 | #include <config.h> | |
43 | 44 | /* END PUBLIC DEPENDENCIES */ |
44 | 45 | |
45 | 46 | #define RETURN(x) return strdup(x) |
0 | #define PWBUFSZ 256 /***SWB***/ | |
1 | ||
2 | 0 | /* MODULE: auth_shadow */ |
3 | 1 | |
4 | 2 | /* COPYRIGHT |
29 | 27 | * END COPYRIGHT */ |
30 | 28 | |
31 | 29 | #ifdef __GNUC__ |
32 | #ident "$Id: auth_shadow.c,v 1.8 2006/04/19 19:36:25 murch Exp $" | |
30 | #ident "$Id: auth_shadow.c,v 1.12 2009/08/14 14:58:38 mel Exp $" | |
33 | 31 | #endif |
34 | 32 | |
35 | 33 | /* PUBLIC DEPENDENCIES */ |
36 | 34 | #include "mechanisms.h" |
37 | 35 | |
38 | 36 | #ifdef AUTH_SHADOW |
37 | ||
38 | #define PWBUFSZ 256 /***SWB***/ | |
39 | 39 | |
40 | 40 | # include <unistd.h> |
41 | 41 | # include <stdlib.h> |
44 | 44 | # include <time.h> |
45 | 45 | # include <pwd.h> |
46 | 46 | # include <syslog.h> |
47 | ||
48 | #ifdef HAVE_CRYPT_H | |
49 | #include <crypt.h> | |
50 | #endif | |
51 | ||
47 | 52 | # ifndef HAVE_GETSPNAM |
48 | 53 | |
49 | 54 | # ifdef WITH_DES |
1650 | 1650 | |
1651 | 1651 | # Define the identity of the package. |
1652 | 1652 | PACKAGE=saslauthd |
1653 | VERSION=2.1.23 | |
1653 | VERSION=2.1.24 | |
1654 | 1654 | |
1655 | 1655 | |
1656 | 1656 | cat >>confdefs.h <<_ACEOF |
3225 | 3225 | /* end confdefs.h. */ |
3226 | 3226 | |
3227 | 3227 | #include <stdlib.h> |
3228 | ||
3229 | int | |
3230 | main () | |
3231 | { | |
3232 | ||
3233 | 3228 | static void foo(void) __attribute__ ((noreturn)); |
3234 | 3229 | |
3235 | 3230 | static void |
3238 | 3233 | exit(1); |
3239 | 3234 | } |
3240 | 3235 | |
3236 | int | |
3237 | main () | |
3238 | { | |
3239 | ||
3240 | ||
3241 | 3241 | ; |
3242 | 3242 | return 0; |
3243 | 3243 | } |
3278 | 3278 | # CMU GUESS RUNPATH SWITCH |
3279 | 3279 | echo "$as_me:$LINENO: checking for runpath switch" >&5 |
3280 | 3280 | echo $ECHO_N "checking for runpath switch... $ECHO_C" >&6 |
3281 | if test "${andrew_runpath_switch+set}" = set; then | |
3281 | if test "${andrew_cv_runpath_switch+set}" = set; then | |
3282 | 3282 | echo $ECHO_N "(cached) $ECHO_C" >&6 |
3283 | 3283 | else |
3284 | 3284 | |
3313 | 3313 | ac_status=$? |
3314 | 3314 | echo "$as_me:$LINENO: \$? = $ac_status" >&5 |
3315 | 3315 | (exit $ac_status); }; }; then |
3316 | andrew_runpath_switch="-R" | |
3316 | andrew_cv_runpath_switch="-R" | |
3317 | 3317 | else |
3318 | 3318 | echo "$as_me: failed program was:" >&5 |
3319 | 3319 | sed 's/^/| /' conftest.$ac_ext >&5 |
3348 | 3348 | ac_status=$? |
3349 | 3349 | echo "$as_me:$LINENO: \$? = $ac_status" >&5 |
3350 | 3350 | (exit $ac_status); }; }; then |
3351 | andrew_runpath_switch="-Wl,-rpath," | |
3351 | andrew_cv_runpath_switch="-Wl,-rpath," | |
3352 | 3352 | else |
3353 | 3353 | echo "$as_me: failed program was:" >&5 |
3354 | 3354 | sed 's/^/| /' conftest.$ac_ext >&5 |
3355 | 3355 | |
3356 | andrew_runpath_switch="none" | |
3356 | andrew_cv_runpath_switch="none" | |
3357 | 3357 | fi |
3358 | 3358 | rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext |
3359 | 3359 | |
3362 | 3362 | LDFLAGS="${SAVE_LDFLAGS}" |
3363 | 3363 | |
3364 | 3364 | fi |
3365 | echo "$as_me:$LINENO: result: $andrew_runpath_switch" >&5 | |
3366 | echo "${ECHO_T}$andrew_runpath_switch" >&6 | |
3365 | echo "$as_me:$LINENO: result: $andrew_cv_runpath_switch" >&5 | |
3366 | echo "${ECHO_T}$andrew_cv_runpath_switch" >&6 | |
3367 | 3367 | |
3368 | 3368 | |
3369 | 3369 | save_LIBS="$LIBS" |
4427 | 4427 | CPPFLAGS="${CPPFLAGS} -I${with_openssl}/include" |
4428 | 4428 | |
4429 | 4429 | # this is CMU ADD LIBPATH |
4430 | if test "$andrew_runpath_switch" = "none" ; then | |
4430 | if test "$andrew_cv_runpath_switch" = "none" ; then | |
4431 | 4431 | LDFLAGS="-L${with_openssl}/$CMU_LIB_SUBDIR ${LDFLAGS}" |
4432 | 4432 | else |
4433 | LDFLAGS="-L${with_openssl}/$CMU_LIB_SUBDIR $andrew_runpath_switch${with_openssl}/$CMU_LIB_SUBDIR ${LDFLAGS}" | |
4433 | LDFLAGS="-L${with_openssl}/$CMU_LIB_SUBDIR $andrew_cv_runpath_switch${with_openssl}/$CMU_LIB_SUBDIR ${LDFLAGS}" | |
4434 | 4434 | fi |
4435 | 4435 | |
4436 | 4436 | fi |
6264 | 6264 | echo "$as_me:$LINENO: result: enabled" >&5 |
6265 | 6265 | echo "${ECHO_T}enabled" >&6 |
6266 | 6266 | SASL_MECHS="$SASL_MECHS libkerberos4.la" |
6267 | SASL_STATIC_SRCS="$SASL_STATIC_SRCS ../plugins/kerberos4.c" | |
6267 | SASL_STATIC_SRCS="$SASL_STATIC_SRCS \$(top_srcdir)/plugins/kerberos4.c" | |
6268 | 6268 | SASL_STATIC_OBJS="$SASL_STATIC_OBJS kerberos4.o" |
6269 | 6269 | |
6270 | 6270 | cat >>confdefs.h <<\_ACEOF |
6617 | 6617 | |
6618 | 6618 | fi |
6619 | 6619 | if test $ac_cv_header_gssapi_h = yes; then |
6620 | ||
6621 | cat >>confdefs.h <<\_ACEOF | |
6622 | #define HAVE_GSSAPI_H | |
6623 | _ACEOF | |
6624 | ||
6620 | : | |
6625 | 6621 | else |
6626 | 6622 | if test "${ac_cv_header_gssapi_gssapi_h+set}" = set; then |
6627 | 6623 | echo "$as_me:$LINENO: checking for gssapi/gssapi.h" >&5 |
6769 | 6765 | fi |
6770 | 6766 | |
6771 | 6767 | if test "$gssapi" != no; then |
6768 | if test "$ac_cv_header_gssapi_h" = "yes" -o "$ac_cv_header_gssapi_gssapi_h" = "yes"; then | |
6769 | ||
6770 | cat >>confdefs.h <<\_ACEOF | |
6771 | #define HAVE_GSSAPI_H | |
6772 | _ACEOF | |
6773 | ||
6774 | fi | |
6775 | ||
6772 | 6776 | # We need to find out which gssapi implementation we are |
6773 | 6777 | # using. Supported alternatives are: MIT Kerberos 5, |
6774 | 6778 | # Heimdal Kerberos 5 (http://www.pdc.kth.se/heimdal), |
7519 | 7523 | |
7520 | 7524 | SASL_MECHS="$SASL_MECHS libgssapiv2.la" |
7521 | 7525 | SASL_STATIC_OBJS="$SASL_STATIC_OBJS gssapi.o" |
7522 | SASL_STATIC_SRCS="$SASL_STATIC_SRCS ../plugins/gssapi.c" | |
7526 | SASL_STATIC_SRCS="$SASL_STATIC_SRCS \$(top_srcdir)/plugins/gssapi.c" | |
7523 | 7527 | |
7524 | 7528 | cmu_save_LIBS="$LIBS" |
7525 | 7529 | LIBS="$LIBS $GSSAPIBASE_LIBS" |
8012 | 8016 | if test -d $with_bdb_lib; then |
8013 | 8017 | |
8014 | 8018 | # this is CMU ADD LIBPATH TO |
8015 | if test "$andrew_runpath_switch" = "none" ; then | |
8019 | if test "$andrew_cv_runpath_switch" = "none" ; then | |
8016 | 8020 | LDFLAGS="-L$with_bdb_lib ${LDFLAGS}" |
8017 | 8021 | else |
8018 | LDFLAGS="-L$with_bdb_lib ${LDFLAGS} $andrew_runpath_switch$with_bdb_lib" | |
8022 | LDFLAGS="-L$with_bdb_lib ${LDFLAGS} $andrew_cv_runpath_switch$with_bdb_lib" | |
8019 | 8023 | fi |
8020 | 8024 | |
8021 | 8025 | |
8022 | 8026 | # this is CMU ADD LIBPATH TO |
8023 | if test "$andrew_runpath_switch" = "none" ; then | |
8027 | if test "$andrew_cv_runpath_switch" = "none" ; then | |
8024 | 8028 | BDB_LIBADD="-L$with_bdb_lib ${BDB_LIBADD}" |
8025 | 8029 | else |
8026 | BDB_LIBADD="-L$with_bdb_lib ${BDB_LIBADD} $andrew_runpath_switch$with_bdb_lib" | |
8030 | BDB_LIBADD="-L$with_bdb_lib ${BDB_LIBADD} $andrew_cv_runpath_switch$with_bdb_lib" | |
8027 | 8031 | fi |
8028 | 8032 | |
8029 | 8033 | else |
8031 | 8035 | fi |
8032 | 8036 | |
8033 | 8037 | saved_LIBS=$LIBS |
8034 | for dbname in db-4.4 db4.4 db44 db-4.3 db4.3 db43 db-4.2 db4.2 db42 db-4.1 db4.1 db41 db-4.0 db4.0 db-4 db40 db4 db-3.3 db3.3 db33 db-3.2 db3.2 db32 db-3.1 db3.1 db31 db-3 db30 db3 db | |
8038 | for dbname in ${with_bdb} db-4.6 db4.6 db46 db-4.5 db4.5 db45 db-4.4 db4.4 db44 db-4.3 db4.3 db43 db-4.2 db4.2 db42 db-4.1 db4.1 db41 db-4.0 db4.0 db-4 db40 db4 db-3.3 db3.3 db33 db-3.2 db3.2 db32 db-3.1 db3.1 db31 db-3 db30 db3 db | |
8035 | 8039 | do |
8036 | 8040 | LIBS="$saved_LIBS -l$dbname" |
8037 | 8041 | cat >conftest.$ac_ext <<_ACEOF |
8041 | 8045 | cat confdefs.h >>conftest.$ac_ext |
8042 | 8046 | cat >>conftest.$ac_ext <<_ACEOF |
8043 | 8047 | /* end confdefs.h. */ |
8048 | #include <stdio.h> | |
8044 | 8049 | #include <db.h> |
8045 | 8050 | int |
8046 | 8051 | main () |
8081 | 8086 | cat confdefs.h >>conftest.$ac_ext |
8082 | 8087 | cat >>conftest.$ac_ext <<_ACEOF |
8083 | 8088 | /* end confdefs.h. */ |
8089 | #include <stdio.h> | |
8084 | 8090 | #include <db.h> |
8085 | 8091 | int |
8086 | 8092 | main () |
8769 | 8775 | if test -d $with_bdb_lib; then |
8770 | 8776 | |
8771 | 8777 | # this is CMU ADD LIBPATH TO |
8772 | if test "$andrew_runpath_switch" = "none" ; then | |
8778 | if test "$andrew_cv_runpath_switch" = "none" ; then | |
8773 | 8779 | LDFLAGS="-L$with_bdb_lib ${LDFLAGS}" |
8774 | 8780 | else |
8775 | LDFLAGS="-L$with_bdb_lib ${LDFLAGS} $andrew_runpath_switch$with_bdb_lib" | |
8781 | LDFLAGS="-L$with_bdb_lib ${LDFLAGS} $andrew_cv_runpath_switch$with_bdb_lib" | |
8776 | 8782 | fi |
8777 | 8783 | |
8778 | 8784 | |
8779 | 8785 | # this is CMU ADD LIBPATH TO |
8780 | if test "$andrew_runpath_switch" = "none" ; then | |
8786 | if test "$andrew_cv_runpath_switch" = "none" ; then | |
8781 | 8787 | BDB_LIBADD="-L$with_bdb_lib ${BDB_LIBADD}" |
8782 | 8788 | else |
8783 | BDB_LIBADD="-L$with_bdb_lib ${BDB_LIBADD} $andrew_runpath_switch$with_bdb_lib" | |
8789 | BDB_LIBADD="-L$with_bdb_lib ${BDB_LIBADD} $andrew_cv_runpath_switch$with_bdb_lib" | |
8784 | 8790 | fi |
8785 | 8791 | |
8786 | 8792 | else |
8788 | 8794 | fi |
8789 | 8795 | |
8790 | 8796 | saved_LIBS=$LIBS |
8791 | for dbname in db-4.4 db4.4 db44 db-4.3 db4.3 db43 db-4.2 db4.2 db42 db-4.1 db4.1 db41 db-4.0 db4.0 db-4 db40 db4 db-3.3 db3.3 db33 db-3.2 db3.2 db32 db-3.1 db3.1 db31 db-3 db30 db3 db | |
8797 | for dbname in ${with_bdb} db-4.6 db4.6 db46 db-4.5 db4.5 db45 db-4.4 db4.4 db44 db-4.3 db4.3 db43 db-4.2 db4.2 db42 db-4.1 db4.1 db41 db-4.0 db4.0 db-4 db40 db4 db-3.3 db3.3 db33 db-3.2 db3.2 db32 db-3.1 db3.1 db31 db-3 db30 db3 db | |
8792 | 8798 | do |
8793 | 8799 | LIBS="$saved_LIBS -l$dbname" |
8794 | 8800 | cat >conftest.$ac_ext <<_ACEOF |
8798 | 8804 | cat confdefs.h >>conftest.$ac_ext |
8799 | 8805 | cat >>conftest.$ac_ext <<_ACEOF |
8800 | 8806 | /* end confdefs.h. */ |
8807 | #include <stdio.h> | |
8801 | 8808 | #include <db.h> |
8802 | 8809 | int |
8803 | 8810 | main () |
8838 | 8845 | cat confdefs.h >>conftest.$ac_ext |
8839 | 8846 | cat >>conftest.$ac_ext <<_ACEOF |
8840 | 8847 | /* end confdefs.h. */ |
8848 | #include <stdio.h> | |
8841 | 8849 | #include <db.h> |
8842 | 8850 | int |
8843 | 8851 | main () |
9385 | 9393 | |
9386 | 9394 | SASL_DB_BACKEND="db_${dblib}.lo" |
9387 | 9395 | SASL_DB_BACKEND_STATIC="db_${dblib}.o allockey.o" |
9388 | SASL_DB_BACKEND_STATIC_SRCS="../sasldb/db_${dblib}.c ../sasldb/allockey.c" | |
9396 | SASL_DB_BACKEND_STATIC_SRCS="\$(top_srcdir)/sasldb/db_${dblib}.c \$(top_srcdir)/sasldb/allockey.c" | |
9389 | 9397 | SASL_DB_UTILS="saslpasswd2 sasldblistusers2" |
9390 | 9398 | SASL_DB_MANS="saslpasswd2.8 sasldblistusers2.8" |
9391 | 9399 | |
9419 | 9427 | echo "$as_me: WARNING: Disabling SASL authentication database support" >&2;} |
9420 | 9428 | SASL_DB_BACKEND="db_none.lo" |
9421 | 9429 | SASL_DB_BACKEND_STATIC="db_none.o" |
9422 | SASL_DB_BACKEND_STATIC_SRCS="../sasldb/db_none.c" | |
9430 | SASL_DB_BACKEND_STATIC_SRCS="\$(top_srcdir)/sasldb/db_none.c" | |
9423 | 9431 | SASL_DB_UTILS="" |
9424 | 9432 | SASL_DB_MANS="" |
9425 | 9433 | SASL_DB_LIB="" |
9428 | 9436 | |
9429 | 9437 | if test "$enable_static" = yes; then |
9430 | 9438 | if test "$dblib" != "none"; then |
9431 | SASL_STATIC_SRCS="$SASL_STATIC_SRCS ../plugins/sasldb.c $SASL_DB_BACKEND_STATIC_SRCS" | |
9439 | SASL_STATIC_SRCS="$SASL_STATIC_SRCS \$(top_srcdir)/plugins/sasldb.c $SASL_DB_BACKEND_STATIC_SRCS" | |
9432 | 9440 | SASL_STATIC_OBJS="$SASL_STATIC_OBJS sasldb.o $SASL_DB_BACKEND_STATIC" |
9433 | 9441 | |
9434 | 9442 | cat >>confdefs.h <<\_ACEOF |
9800 | 9808 | CPPFLAGS="$CPPFLAGS -I${with_ldap}/include" |
9801 | 9809 | |
9802 | 9810 | # this is CMU ADD LIBPATH |
9803 | if test "$andrew_runpath_switch" = "none" ; then | |
9811 | if test "$andrew_cv_runpath_switch" = "none" ; then | |
9804 | 9812 | LDFLAGS="-L${with_ldap}/lib ${LDFLAGS}" |
9805 | 9813 | else |
9806 | LDFLAGS="-L${with_ldap}/lib $andrew_runpath_switch${with_ldap}/lib ${LDFLAGS}" | |
9814 | LDFLAGS="-L${with_ldap}/lib $andrew_cv_runpath_switch${with_ldap}/lib ${LDFLAGS}" | |
9807 | 9815 | fi |
9808 | 9816 | |
9809 | 9817 | fi |
14 | 14 | AC_DEFINE_UNQUOTED(PATH_SASLAUTHD_RUNDIR, "$with_saslauthd",[Location of saslauthd socket]) |
15 | 15 | AM_CONDITIONAL(SASLAUTHD, test "$with_saslauthd" != no) |
16 | 16 | |
17 | AM_INIT_AUTOMAKE(saslauthd,2.1.23) | |
17 | AM_INIT_AUTOMAKE(saslauthd,2.1.24) | |
18 | 18 | CMU_INIT_AUTOMAKE |
19 | 19 | |
20 | 20 | dnl Checks for programs. |
54 | 54 | #include <openssl/des.h> |
55 | 55 | #endif |
56 | 56 | |
57 | #define LDAP_DEPRECATED 1 | |
57 | 58 | #include <ldap.h> |
58 | 59 | #include <lber.h> |
59 | 60 | #include <sasl.h> |
158 | 159 | if (buf[strlen(buf)-1] == '\n') |
159 | 160 | buf[strlen(buf)-1] = '\0'; |
160 | 161 | for (p = buf; *p && isspace((int) *p); p++); |
161 | if (!*p || *p == '#') | |
162 | continue; | |
162 | if (!*p || *p == '#') | |
163 | continue; | |
163 | 164 | |
164 | 165 | key = p; |
165 | 166 | while (*p && (isalnum((int) *p) || *p == '-' || *p == '_')) { |
154 | 154 | char *auth_mech_name = NULL; |
155 | 155 | size_t pid_file_size; |
156 | 156 | |
157 | /* XXX force openlog() before any of our mechs try syslog() */ | |
158 | logger(L_INFO, L_FUNC, "starting %s", argv[0]); | |
159 | ||
157 | 160 | SET_AUTH_PARAMETERS(argc, argv); |
158 | 161 | |
159 | 162 | g_argc = argc; |
247 | 250 | exit(1); |
248 | 251 | } |
249 | 252 | |
253 | /* Create our working directory */ | |
254 | if (mkdir(run_path, 0755) == -1 && errno != EEXIST) { | |
255 | logger(L_ERR, L_FUNC, "can not mkdir: %s", run_path); | |
256 | logger(L_ERR, L_FUNC, "Check to make sure the parent directory exists and is"); | |
257 | logger(L_ERR, L_FUNC, "writeable by the user this process runs as."); | |
258 | exit(1); | |
259 | } | |
260 | ||
250 | 261 | set_auth_mech(auth_mech_name); |
251 | 262 | |
252 | 263 | if (flags & VERBOSE) { |
275 | 286 | exit(1); |
276 | 287 | } |
277 | 288 | |
278 | umask(077); | |
289 | umask(0077); | |
279 | 290 | |
280 | 291 | pid_file_size = strlen(run_path) + sizeof(PID_FILE_LOCK) + 1; |
281 | 292 | if ((pid_file_lock = malloc(pid_file_size)) == NULL) { |
286 | 297 | strlcpy(pid_file_lock, run_path, pid_file_size); |
287 | 298 | strlcat(pid_file_lock, PID_FILE_LOCK, pid_file_size); |
288 | 299 | |
289 | if ((pid_file_lock_fd = open(pid_file_lock, O_CREAT|O_TRUNC|O_RDWR, 644)) < 0) { | |
300 | if ((pid_file_lock_fd = open(pid_file_lock, O_CREAT|O_TRUNC|O_RDWR, 0644)) < 0) { | |
290 | 301 | rc = errno; |
291 | 302 | logger(L_ERR, L_FUNC, "could not open pid lock file: %s", pid_file_lock); |
292 | 303 | logger(L_ERR, L_FUNC, "open: %s", strerror(rc)); |
36 | 36 | |
37 | 37 | --HH _h_o_s_t_n_a_m_e |
38 | 38 | The remote host to be contacted by the rimap authentication mech- |
39 | anism. (Depricated, use -O instead) | |
39 | anism. (Deprecated, use -O instead) | |
40 | 40 | |
41 | 41 | --mm _p_a_t_h |
42 | 42 | Use _p_a_t_h as the pathname to the named socket to listen on for |
50 | 50 | Use _t_h_r_e_a_d_s processes for responding to authentication queries. |
51 | 51 | (default: 5) A value of zero will indicate that saslauthd should |
52 | 52 | fork an individual process for each connection. This can solve |
53 | leaks that occur in some deployments.. | |
53 | leaks that occur in some deployments. | |
54 | 54 | |
55 | 55 | --ss _s_i_z_e |
56 | 56 | Use _s_i_z_e as the table size of the hash table (in kilobytes) |
63 | 63 | |
64 | 64 | --hh Show usage information |
65 | 65 | |
66 | --cc Enable cacheing of authentication credentials | |
66 | --cc Enable caching of authentication credentials | |
67 | 67 | |
68 | 68 | --ll Disable the use of a lock file for controlling access to |
69 | 69 | accept(). |
71 | 71 | --rr Combine the realm with the login (with an ’@’ sign in between). |
72 | 72 | e.g. login: "foo" realm: "bar" will get passed as login: |
73 | 73 | "foo@bar". Note that the realm will still be passed, which may |
74 | lead to unexpected behavior. | |
74 | lead to unexpected behaviour. | |
75 | 75 | |
76 | 76 | --vv Print the version number and available authentication mechanisms |
77 | 77 | on standard error, then exit. |
79 | 79 | --dd Debugging mode. |
80 | 80 | |
81 | 81 | LLooggggiinngg |
82 | ssaassllaauutthhdd logs it’s activities via ssyyssllooggdd using the LOG_AUTH facility. | |
82 | ssaassllaauutthhdd logs its activities via ssyyssllooggdd using the LOG_AUTH facility. | |
83 | 83 | |
84 | 84 | AAUUTTHHEENNTTIICCAATTIIOONN MMEECCHHAANNIISSMMSS |
85 | 85 | ssaassllaauutthhdd supports one or more "authentication mechanisms", dependent |
95 | 95 | |
96 | 96 | Authenticate using the ggeettppwweenntt() library function. Typically |
97 | 97 | this authenticates against the local password file. See your |
98 | systems getpwent(3) man page for details. | |
98 | system’s getpwent(3) man page for details. | |
99 | 99 | |
100 | 100 | kerberos4 _(_A_l_l _p_l_a_t_f_o_r_m_s_) |
101 | 101 | |
144 | 144 | sasldb _(_A_l_l _p_l_a_t_f_o_r_m_s_) |
145 | 145 | |
146 | 146 | Authenticate against the SASL authentication database. Note |
147 | that this is probabally not what you want to be using, and is | |
148 | even disabled at compile-time by default. If you want to use | |
147 | that this is probably not what you want to use, and is even | |
148 | disabled at compile-time by default. If you want to use | |
149 | 149 | sasldb with the SASL library, you probably want to use the |
150 | 150 | pwcheck_method of "auxprop" along with the sasldb auxprop plu- |
151 | 151 | gin instead. |
0 | .\" $Id: saslauthd.mdoc,v 1.18 2004/03/25 18:24:26 rjs3 Exp $ | |
0 | .\" $Id: saslauthd.mdoc,v 1.19 2009/04/11 20:08:48 mel Exp $ | |
1 | 1 | .\" Copyright 1997-2001 Messaging Direct Ltd. All rights reserved. |
2 | 2 | .\" |
3 | 3 | .\" This manpage uses the BSD mdoc manpage macros. Please don't |
63 | 63 | .It Fl H Ar hostname |
64 | 64 | The remote host to be contacted by the |
65 | 65 | .Li rimap |
66 | authentication mechanism. (Depricated, use -O instead) | |
66 | authentication mechanism. (Deprecated, use -O instead) | |
67 | 67 | .It Fl m Ar path |
68 | 68 | Use |
69 | 69 | .Ar path |
78 | 78 | processes for responding to authentication queries. (default: 5) A |
79 | 79 | value of zero will indicate that saslauthd should fork an individual |
80 | 80 | process for each connection. This can solve leaks that occur in some |
81 | deployments.. | |
81 | deployments. | |
82 | 82 | .It Fl s Ar size |
83 | 83 | Use |
84 | 84 | .Ar size |
92 | 92 | .It Fl h |
93 | 93 | Show usage information |
94 | 94 | .It Fl c |
95 | Enable cacheing of authentication credentials | |
95 | Enable caching of authentication credentials | |
96 | 96 | .It Fl l |
97 | 97 | Disable the use of a lock file for controlling access to accept(). |
98 | 98 | .It Fl r |
99 | 99 | Combine the realm with the login (with an '@' sign in between). e.g. |
100 | 100 | login: "foo" realm: "bar" will get passed as login: "foo@bar". Note that |
101 | the realm will still be passed, which may lead to unexpected behavior. | |
101 | the realm will still be passed, which may lead to unexpected behaviour. | |
102 | 102 | .It Fl v |
103 | 103 | Print the version number and available authentication |
104 | 104 | mechanisms on standard error, then exit. |
107 | 107 | .El |
108 | 108 | .Ss Logging |
109 | 109 | .Nm |
110 | logs it's activities via | |
110 | logs its activities via | |
111 | 111 | .Nm syslogd |
112 | 112 | using the |
113 | 113 | .Dv LOG_AUTH |
131 | 131 | Authenticate using the |
132 | 132 | .Fn getpwent |
133 | 133 | library function. Typically this authenticates against the |
134 | local password file. See your systems | |
134 | local password file. See your system's | |
135 | 135 | .Xr getpwent 3 |
136 | 136 | man page for details. |
137 | 137 | .It Li kerberos4 |
206 | 206 | .Em (All platforms) |
207 | 207 | .Pp |
208 | 208 | Authenticate against the |
209 | SASL authentication database. Note that this is probabally not what you | |
210 | want to be using, and is even disabled at compile-time by default. | |
209 | SASL authentication database. Note that this is probably not what you | |
210 | want to use, and is even disabled at compile-time by default. | |
211 | 211 | If you want to use sasldb with the SASL library, you probably want to |
212 | 212 | use the pwcheck_method of "auxprop" along with the sasldb auxprop plugin |
213 | 213 | instead. |
0 | 0 | # Makefile.am for the SASLdb library |
1 | 1 | # Rob Siemborski |
2 | # $Id: Makefile.am,v 1.31.2.1 2009/04/27 17:58:26 murch Exp $ | |
2 | # $Id: Makefile.am,v 1.32 2009/05/07 13:49:31 murch Exp $ | |
3 | 3 | # Copyright (c) 2000 Carnegie Mellon University. All rights reserved. |
4 | 4 | # |
5 | 5 | # Redistribution and use in source and binary forms, with or without |
41 | 41 | |
42 | 42 | # Library version info - here at the top, for sanity |
43 | 43 | # Note that this doesn't necessaraly follow the libsasl2 verison info |
44 | sasl_version = 1:23:0 | |
44 | sasl_version = 1:24:0 | |
45 | 45 | |
46 | 46 | INCLUDES=-I$(top_srcdir)/include -I$(top_builddir)/include @SASL_DB_INC@ |
47 | 47 |
15 | 15 | |
16 | 16 | # Makefile.am for the SASLdb library |
17 | 17 | # Rob Siemborski |
18 | # $Id: Makefile.am,v 1.31.2.1 2009/04/27 17:58:26 murch Exp $ | |
18 | # $Id: Makefile.am,v 1.32 2009/05/07 13:49:31 murch Exp $ | |
19 | 19 | # Copyright (c) 2000 Carnegie Mellon University. All rights reserved. |
20 | 20 | # |
21 | 21 | # Redistribution and use in source and binary forms, with or without |
130 | 130 | LIB_PGSQL = @LIB_PGSQL@ |
131 | 131 | LIB_SOCKET = @LIB_SOCKET@ |
132 | 132 | LIB_SQLITE = @LIB_SQLITE@ |
133 | LIB_SQLITE3 = @LIB_SQLITE3@ | |
133 | 134 | LN_S = @LN_S@ |
134 | 135 | LTGETADDRINFOOBJS = @LTGETADDRINFOOBJS@ |
135 | 136 | LTGETNAMEINFOOBJS = @LTGETNAMEINFOOBJS@ |
231 | 232 | |
232 | 233 | # Library version info - here at the top, for sanity |
233 | 234 | # Note that this doesn't necessaraly follow the libsasl2 verison info |
234 | sasl_version = 1:23:0 | |
235 | sasl_version = 1:24:0 | |
235 | 236 | |
236 | 237 | INCLUDES = -I$(top_srcdir)/include -I$(top_builddir)/include @SASL_DB_INC@ |
237 | 238 |
0 | 0 | /* db_berkeley.c--SASL berkeley db interface |
1 | 1 | * Rob Siemborski |
2 | 2 | * Tim Martin |
3 | * $Id: allockey.c,v 1.8 2006/04/10 13:26:51 mel Exp $ | |
3 | * $Id: allockey.c,v 1.9 2008/10/30 14:17:08 mel Exp $ | |
4 | 4 | */ |
5 | 5 | /* |
6 | 6 | * Copyright (c) 1998-2003 Carnegie Mellon University. All rights reserved. |
186 | 186 | const char *param = SASL_AUX_PASSWORD; |
187 | 187 | param++; /* skip leading * */ |
188 | 188 | return _sasldb_putdata(utils, context, authid, realm, param, |
189 | (secret ? secret->data : NULL), | |
189 | (const char *) (secret ? secret->data : NULL), | |
190 | 190 | (secret ? secret->len : 0)); |
191 | 191 | } |
192 | 192 |
0 | 0 | /* db_berkeley.c--SASL berkeley db interface |
1 | 1 | * Rob Siemborski |
2 | 2 | * Tim Martin |
3 | * $Id: db_berkeley.c,v 1.8 2006/04/03 10:58:19 mel Exp $ | |
3 | * $Id: db_berkeley.c,v 1.9 2008/10/23 19:24:46 mel Exp $ | |
4 | 4 | */ |
5 | 5 | /* |
6 | 6 | * Copyright (c) 1998-2003 Carnegie Mellon University. All rights reserved. |
49 | 49 | #include <sys/stat.h> |
50 | 50 | #include <stdlib.h> |
51 | 51 | #include <assert.h> |
52 | #include <errno.h> | |
52 | 53 | #include "sasldb.h" |
53 | 54 | |
54 | 55 | static int db_ok = 0; |
113 | 114 | #endif /* DB_VERSION_MAJOR < 3 */ |
114 | 115 | |
115 | 116 | if (ret != 0) { |
117 | if (rdwr == 0 && ret == ENOENT) { | |
118 | /* File not found and we are only reading the data. | |
119 | Treat as SASL_NOUSER. */ | |
120 | return SASL_NOUSER; | |
121 | } | |
116 | 122 | utils->log(conn, SASL_LOG_ERR, |
117 | 123 | "unable to open Berkeley db %s: %s", |
118 | 124 | path, db_strerror(ret)); |
132 | 132 | LIB_PGSQL = @LIB_PGSQL@ |
133 | 133 | LIB_SOCKET = @LIB_SOCKET@ |
134 | 134 | LIB_SQLITE = @LIB_SQLITE@ |
135 | LIB_SQLITE3 = @LIB_SQLITE3@ | |
135 | 136 | LN_S = @LN_S@ |
136 | 137 | LTGETADDRINFOOBJS = @LTGETADDRINFOOBJS@ |
137 | 138 | LTGETNAMEINFOOBJS = @LTGETNAMEINFOOBJS@ |
46 | 46 | saslpasswd2.exe: $(saslpwd_objs) |
47 | 47 | $(LINK32EXE) @<< $(LINK32EXE_FLAGS) /pdb:"saslpasswd2.pdb" /out:"saslpasswd2.exe" $(saslpwd_objs) |
48 | 48 | << |
49 | IF EXIST $@.manifest mt -manifest $@.manifest -outputresource:$@;1 | |
49 | 50 | |
50 | 51 | sasldblistusers2.exe: $(sasldblistusers_objs) |
51 | 52 | $(LINK32EXE) @<< $(LINK32EXE_FLAGS) $(SASL_DB_LIB) /pdb:"sasldblistusers2.pdb" /out:"sasldblistusers2.exe" $(sasldblistusers_objs) |
52 | 53 | << |
54 | IF EXIST $@.manifest mt -manifest $@.manifest -outputresource:$@;1 | |
53 | 55 | |
54 | 56 | testsuite.exe: $(testsuite_objs) |
55 | 57 | $(LINK32EXE) @<< $(LINK32EXE_FLAGS) /pdb:"testsuite.pdb" /out:"testsuite.exe" $(testsuite_objs) |
56 | 58 | << |
59 | IF EXIST $@.manifest mt -manifest $@.manifest -outputresource:$@;1 | |
57 | 60 | |
58 | 61 | pluginviewer.exe: $(pluginviewer_objs) |
59 | 62 | $(LINK32EXE) @<< $(LINK32EXE_FLAGS) /pdb:"pluginviewer.pdb" /out:"pluginviewer.exe" $(pluginviewer_objs) |
60 | 63 | << |
64 | IF EXIST $@.manifest mt -manifest $@.manifest -outputresource:$@;1 | |
61 | 65 | |
62 | 66 | CLEAN : |
63 | 67 | -@erase $(all_objs) |
64 | 68 | -@erase "*.idb" |
65 | 69 | -@erase "*.pch" |
66 | 70 | -@erase "*.pdb" |
71 | -@erase "*.manifest" | |
67 | 72 | -@erase $(all_out) |
68 | 73 | |
69 | 74 | .c.obj:: |
100 | 100 | Specifies a colon-separated search path for plugins. |
101 | 101 | .SH SEE ALSO |
102 | 102 | .TP |
103 | rfc2222 \- Simple Authentication and Security Layer (SASL) | |
103 | rfc4422 \- Simple Authentication and Security Layer (SASL) |
0 | 0 | /* pluginviewer.c -- Plugin Viewer for CMU SASL |
1 | 1 | * Alexey Melnikov, Isode Ltd. |
2 | 2 | * |
3 | * $Id: pluginviewer.c,v 1.4 2006/04/26 15:34:34 mel Exp $ | |
3 | * $Id: pluginviewer.c,v 1.7 2009/02/14 14:42:46 mel Exp $ | |
4 | 4 | */ |
5 | 5 | /* |
6 | 6 | * Copyright (c) 2004 Carnegie Mellon University. All rights reserved. |
92 | 92 | |
93 | 93 | static const char *progname = NULL; |
94 | 94 | /* SASL authentication methods (client or server side). NULL means all. */ |
95 | static char *mech = NULL; | |
95 | static char *sasl_mech = NULL; | |
96 | 96 | /* auxprop methods. NULL means all. */ |
97 | 97 | static char *auxprop_mech = NULL; |
98 | 98 | |
228 | 228 | Used to restrict the mechanisms to a subset of the installed plugins. |
229 | 229 | Default: NULL (i.e. all available) */ |
230 | 230 | if (result != NULL) { |
231 | *result = mech; | |
231 | *result = sasl_mech; | |
232 | 232 | } |
233 | 233 | |
234 | 234 | if (len != NULL) { |
235 | 235 | /* This might be NULL, which means "all mechanisms" */ |
236 | *len = mech ? strlen(mech) : 0; | |
236 | *len = sasl_mech ? strlen(sasl_mech) : 0; | |
237 | 237 | } |
238 | 238 | return (SASL_OK); |
239 | 239 | } |
484 | 484 | break; |
485 | 485 | |
486 | 486 | case 'm': |
487 | mech = optarg; | |
487 | sasl_mech = optarg; | |
488 | 488 | break; |
489 | 489 | |
490 | 490 | case 'f': |
535 | 535 | fprintf(stderr, "%s: Usage: %s [-a] [-s] [-c] [-b min=N,max=N] [-e ssf=N,id=ID] [-m MECHS] [-x AUXPROP_MECH] [-f FLAGS] [-i local=IP,remote=IP] [-p PATH]\n" |
536 | 536 | "\t-a\tlist auxprop plugins\n" |
537 | 537 | "\t-s\tlist server authentication (SASL) plugins\n" |
538 | "\t-s\tlist client authentication (SASL) plugins\n" | |
538 | "\t-c\tlist client authentication (SASL) plugins\n" | |
539 | 539 | "\t-b ...\t#bits to use for encryption\n" |
540 | 540 | "\t\tmin=N\tminumum #bits to use (1 => integrity)\n" |
541 | 541 | "\t\tmax=N\tmaximum #bits to use\n" |
554 | 554 | #ifdef WIN32 |
555 | 555 | "\t-p PATH\tsemicolon-separated search path for mechanisms\n", |
556 | 556 | #else |
557 | "\t-p PATH\tcolon-seperated search path for mechanisms\n", | |
557 | "\t-p PATH\tcolon-separated search path for mechanisms\n", | |
558 | 558 | #endif |
559 | 559 | progname, progname); |
560 | 560 | exit(EXIT_FAILURE); |
578 | 578 | } |
579 | 579 | |
580 | 580 | /* getopt */ |
581 | /* NOTE: this will return "sasl_mech" option, however this HAS NO EFFECT | |
582 | on client side SASL plugins, which just never query this option */ | |
581 | 583 | callback->id = SASL_CB_GETOPT; |
582 | 584 | callback->proc = &sasl_getopt; |
583 | 585 | callback->context = NULL; |
619 | 621 | saslfail(result, "Initializing server side of libsasl", NULL); |
620 | 622 | } |
621 | 623 | |
624 | if (list_all_plugins || list_auxprop_plugins) { | |
625 | list_of_auxprop_mechs = NULL; | |
626 | ||
627 | auxprop_plugin_info (NULL, /* list all auxprop mechanisms */ | |
628 | &list_installed_auxprop_mechanisms, | |
629 | (void *) &list_of_auxprop_mechs); | |
630 | ||
631 | printf ("Installed and properly configured auxprop mechanisms are:\n%s\n", | |
632 | (list_of_auxprop_mechs == NULL) ? "<none>" : list_of_auxprop_mechs); | |
633 | ||
634 | free (list_of_auxprop_mechs); | |
635 | ||
636 | ||
637 | auxprop_plugin_info (auxprop_mech, NULL, NULL); | |
638 | } | |
639 | ||
640 | /* TODO: add listing of canonicalization plugins, if needed. */ | |
641 | ||
622 | 642 | if (list_all_plugins || list_server_auth_plugins) { |
623 | ||
624 | 643 | /* SASL server plugins */ |
644 | /* List all loaded plugins first */ | |
645 | list_of_server_mechs = NULL; | |
646 | ||
647 | sasl_server_plugin_info (NULL, /* list all SASL mechanisms */ | |
648 | &list_installed_server_mechanisms, | |
649 | (void *) &list_of_server_mechs); | |
650 | ||
651 | printf ("Installed and properly configured SASL (server side) mechanisms are:\n %s\n", list_of_server_mechs); | |
652 | ||
653 | free (list_of_server_mechs); | |
654 | ||
655 | /* Now list plugins matching the criteria */ | |
625 | 656 | result = sasl_server_new(service, |
626 | 657 | /* Has to be any non NULL value */ |
627 | 658 | "test.example.com", /* localdomain */ |
635 | 666 | saslfail(result, "Allocating sasl connection state (server side)", NULL); |
636 | 667 | } |
637 | 668 | |
638 | /* The following two options are required for SSF */ | |
669 | /* The following two options are required for SASL EXTERNAL */ | |
639 | 670 | if (extssf) { |
640 | 671 | result = sasl_setprop(server_conn, |
641 | 672 | SASL_SSF_EXTERNAL, |
664 | 695 | saslfail(result, "Setting security properties", NULL); |
665 | 696 | } |
666 | 697 | |
667 | /* This will use getopt callback, which is using the "mech" global variable */ | |
698 | /* NOTE - available_mechs must not be freed */ | |
668 | 699 | result = sasl_listmech(server_conn, |
669 | 700 | ext_authid, |
670 | 701 | NULL, |
677 | 708 | saslfail(result, "Setting security properties", NULL); |
678 | 709 | } |
679 | 710 | |
711 | /* NOTE: available_mechs contains subset of sasl_mech */ | |
712 | ||
680 | 713 | if (count > 0) { |
681 | list_of_server_mechs = NULL; | |
682 | ||
683 | sasl_server_plugin_info (NULL, /* list all SASL mechanisms */ | |
684 | &list_installed_server_mechanisms, | |
685 | (void *) &list_of_server_mechs); | |
686 | ||
687 | printf ("Installed SASL (server side) mechanisms are:\n%s\n", list_of_server_mechs); | |
688 | ||
689 | free (list_of_server_mechs); | |
714 | printf ("Available SASL (server side) mechanisms matching your criteria are:\n %s\n", available_mechs); | |
690 | 715 | |
691 | 716 | /* Dump information about the requested SASL mechanism */ |
692 | /* NOTE - available_mechs must not be freed */ | |
693 | 717 | sasl_server_plugin_info (available_mechs, NULL, NULL); |
694 | 718 | } else { |
695 | printf ("No server side SASL mechanisms installed\n"); | |
696 | } | |
697 | } | |
698 | ||
699 | if (list_all_plugins || list_auxprop_plugins) { | |
700 | list_of_auxprop_mechs = NULL; | |
701 | ||
702 | auxprop_plugin_info (NULL, /* list all auxprop mechanisms */ | |
703 | &list_installed_auxprop_mechanisms, | |
704 | (void *) &list_of_auxprop_mechs); | |
705 | ||
706 | printf ("Installed auxprop mechanisms are:\n%s\n", list_of_auxprop_mechs); | |
707 | ||
708 | free (list_of_auxprop_mechs); | |
709 | ||
710 | ||
711 | auxprop_plugin_info (auxprop_mech, NULL, NULL); | |
712 | } | |
713 | ||
714 | /* TODO: add listing of canonicalization plugins, if needed. */ | |
719 | printf ("No server side SASL mechanisms matching your criteria found\n"); | |
720 | } | |
721 | } | |
715 | 722 | |
716 | 723 | if (list_all_plugins || list_client_auth_plugins) { |
717 | 724 | /* SASL client plugins */ |
725 | /* List all loaded plugins first */ | |
726 | list_of_client_mechs = NULL; | |
727 | ||
728 | sasl_client_plugin_info (NULL, /* list all SASL mechanisms */ | |
729 | &list_installed_client_mechanisms, | |
730 | (void *) &list_of_client_mechs); | |
731 | ||
732 | printf ("Installed and properly configured SASL (client side) mechanisms are:\n %s\n", | |
733 | (list_of_client_mechs != NULL) ? list_of_client_mechs : "<none>"); | |
734 | ||
735 | free (list_of_client_mechs); | |
736 | ||
737 | /* Now list plugins matching the criteria */ | |
718 | 738 | result = sasl_client_new(service, |
719 | 739 | /* Has to be any non NULL value */ |
720 | 740 | "test.example.com", /* fqdn */ |
757 | 777 | saslfail(result, "Setting security properties", NULL); |
758 | 778 | } |
759 | 779 | |
760 | /* This will use getopt callback, which is using the "mech" global variable */ | |
780 | /* NOTE - available_mechs must not be freed */ | |
761 | 781 | result = sasl_listmech(client_conn, |
762 | ext_authid, | |
763 | NULL, | |
764 | " ", | |
765 | NULL, | |
766 | &available_mechs, | |
767 | &len, | |
768 | &count); | |
782 | ext_authid, | |
783 | NULL, | |
784 | " ", | |
785 | NULL, | |
786 | &available_mechs, | |
787 | &len, | |
788 | &count); | |
769 | 789 | if (result != SASL_OK) { |
770 | 790 | saslfail(result, "Setting security properties", NULL); |
771 | 791 | } |
772 | 792 | |
773 | 793 | if (count > 0) { |
774 | list_of_client_mechs = NULL; | |
775 | ||
776 | sasl_client_plugin_info (NULL, /* list all SASL mechanisms */ | |
777 | &list_installed_client_mechanisms, | |
778 | (void *) &list_of_client_mechs); | |
779 | ||
780 | printf ("Installed SASL (client side) mechanisms are:\n%s\n", list_of_client_mechs); | |
781 | ||
782 | free (list_of_client_mechs); | |
783 | ||
794 | printf ("Available SASL (client side) mechanisms matching your criteria are:\n %s\n", available_mechs); | |
784 | 795 | |
785 | 796 | /* Dump information about the requested SASL mechanism */ |
786 | /* NOTE - available_mechs must not be freed */ | |
787 | sasl_client_plugin_info (available_mechs, NULL, NULL); | |
797 | sasl_client_plugin_info (sasl_mech, NULL, NULL); | |
788 | 798 | } else { |
789 | printf ("No client side SASL mechanisms installed\n"); | |
799 | printf ("No client side SASL mechanisms matching your criteria found\n"); | |
790 | 800 | } |
791 | 801 | } |
792 | 802 |
0 | 0 | /* sasldblistusers.c -- list users in sasldb |
1 | * $Id: sasldblistusers.c,v 1.22 2003/10/03 20:30:14 rjs3 Exp $ | |
1 | * $Id: sasldblistusers.c,v 1.23 2009/01/25 13:03:07 mel Exp $ | |
2 | 2 | * Rob Siemborski |
3 | 3 | * Tim Martin |
4 | 4 | */ |
75 | 75 | if (sasldb_path && !strcmp(option, "sasldb_path")) { |
76 | 76 | *result = sasldb_path; |
77 | 77 | if (len) |
78 | *len = strlen(sasldb_path); | |
78 | *len = (unsigned) strlen(sasldb_path); | |
79 | 79 | return SASL_OK; |
80 | 80 | } |
81 | 81 |
64 | 64 | .SH SEE ALSO |
65 | 65 | saslpasswd2(8) |
66 | 66 | .TP |
67 | rfc2222 \- Simple Authentication and Security Layer (SASL) | |
67 | rfc4422 \- Simple Authentication and Security Layer (SASL) |
194 | 194 | fflush(stdout); |
195 | 195 | } |
196 | 196 | #else |
197 | SetConsoleMode(hStdin, fdwOldMode); | |
197 | SetConsoleMode(hStdin, fdwOldMode); | |
198 | 198 | putchar('\n'); |
199 | 199 | fflush(stdout); |
200 | 200 | #endif /*WIN32*/ |
242 | 242 | if (sasldb_path && !strcmp(option, "sasldb_path")) { |
243 | 243 | *result = sasldb_path; |
244 | 244 | if (len) |
245 | *len = strlen(sasldb_path); | |
245 | *len = (unsigned) strlen(sasldb_path); | |
246 | 246 | return SASL_OK; |
247 | 247 | } |
248 | 248 | |
260 | 260 | int flag_pipe = 0, flag_create = 0, flag_disable = 0, flag_error = 0; |
261 | 261 | int flag_nouserpass = 0; |
262 | 262 | int c; |
263 | char *userid, *password, *verify; | |
264 | unsigned passlen, verifylen; | |
263 | char *userid; | |
264 | char *password = NULL; | |
265 | char *verify; | |
266 | unsigned passlen = 0; | |
267 | unsigned verifylen; | |
265 | 268 | const char *errstr = NULL; |
266 | 269 | int result; |
267 | 270 | sasl_conn_t *conn; |
101 | 101 | .SH SEE ALSO |
102 | 102 | sasldblistusers2(8) |
103 | 103 | .TP |
104 | rfc2222 \- Simple Authentication and Security Layer (SASL) | |
104 | rfc4422 \- Simple Authentication and Security Layer (SASL) |
209 | 209 | char in[4096]; |
210 | 210 | const char *out; |
211 | 211 | unsigned int inlen, outlen; |
212 | unsigned len; | |
212 | 213 | char out64[4096]; |
213 | 214 | int c; |
214 | 215 | |
466 | 467 | } else if (code != 334) { |
467 | 468 | /* unexpected response */ |
468 | 469 | break; |
470 | } | |
471 | len = strlen(buf); | |
472 | if (len > 0 && buf[len-1] == '\n') { | |
473 | buf[len-1] = '\0'; | |
469 | 474 | } |
470 | 475 | r = sasl_decode64(buf + 4, strlen(buf) - 6, in, 4096, &inlen); |
471 | 476 | if (r != SASL_OK) break; |
0 | 0 | /* testsuite.c -- Stress the library a little |
1 | 1 | * Rob Siemborski |
2 | 2 | * Tim Martin |
3 | * $Id: testsuite.c,v 1.46 2006/04/25 14:39:04 mel Exp $ | |
3 | * $Id: testsuite.c,v 1.47 2008/10/30 14:16:51 mel Exp $ | |
4 | 4 | */ |
5 | 5 | /* |
6 | 6 | * Copyright (c) 1998-2003 Carnegie Mellon University. All rights reserved. |
246 | 246 | out = malloc(size); |
247 | 247 | |
248 | 248 | if(DETAILED_MEMORY_DEBUGGING) |
249 | fprintf(stderr, " %X = malloc(%u)\n", (unsigned)out, (unsigned) size); | |
249 | fprintf(stderr, " %p = malloc(%u)\n", out, (unsigned) size); | |
250 | 250 | |
251 | 251 | if(out) { |
252 | 252 | new_data = malloc(sizeof(mem_info_t)); |
269 | 269 | out = realloc(ptr, size); |
270 | 270 | |
271 | 271 | if(DETAILED_MEMORY_DEBUGGING) |
272 | fprintf(stderr, " %X = realloc(%X,%d)\n", | |
273 | (unsigned)out, (unsigned)ptr, size); | |
272 | fprintf(stderr, " %p = realloc(%p,%d)\n", | |
273 | out, ptr, size); | |
274 | 274 | |
275 | 275 | prev = &head; cur = head; |
276 | 276 | |
309 | 309 | out = calloc(nmemb, size); |
310 | 310 | |
311 | 311 | if(DETAILED_MEMORY_DEBUGGING) |
312 | fprintf(stderr, " %X = calloc(%d, %d)\n", | |
313 | (unsigned)out, nmemb, size); | |
312 | fprintf(stderr, " %p = calloc(%d, %d)\n", | |
313 | out, nmemb, size); | |
314 | 314 | |
315 | 315 | if(out) { |
316 | 316 | new_data = malloc(sizeof(mem_info_t)); |
331 | 331 | mem_info_t **prev, *cur; |
332 | 332 | |
333 | 333 | if(DETAILED_MEMORY_DEBUGGING) |
334 | fprintf(stderr, " free(%X)\n", | |
335 | (unsigned)ptr); | |
334 | fprintf(stderr, " free(%p)\n", | |
335 | ptr); | |
336 | 336 | |
337 | 337 | prev = &head; cur = head; |
338 | 338 | |
371 | 371 | |
372 | 372 | fprintf(stderr, " Currently Still Allocated:\n"); |
373 | 373 | for(cur = head; cur; cur = cur->next) { |
374 | fprintf(stderr, " %X (%5d)\t", (unsigned)cur->addr, cur->size); | |
374 | fprintf(stderr, " %p (%5d)\t", cur->addr, cur->size); | |
375 | 375 | for(data = (unsigned char *) cur->addr, |
376 | 376 | n = 0; n < (cur->size > 12 ? 12 : cur->size); n++) { |
377 | 377 | if (isprint((int) data[n])) |
704 | 704 | sasl_conn_t *saslconn, *cconn; |
705 | 705 | int result; |
706 | 706 | const char *str = NULL; |
707 | unsigned int plen; | |
708 | unsigned lup, flag, pcount; | |
707 | unsigned plen; | |
708 | unsigned lup, flag; | |
709 | int pcount; | |
709 | 710 | const char **list; |
710 | 711 | |
711 | 712 | /* test without initializing library */ |
927 | 928 | |
928 | 929 | for (lup=0;lup<(int) sizeof(buf);lup++) |
929 | 930 | { |
930 | buf[lup] = (rand() % 256); | |
931 | buf[lup] = (char) (rand() % 256); | |
931 | 932 | } |
932 | 933 | sasl_randseed(rpool, buf, sizeof(buf)); |
933 | 934 | sasl_churn(rpool, buf, sizeof(buf)); |
0 | #Can this be autogenerated? | |
1 | #Keep in sync with include/sasl.h and win32/include/config.h | |
2 | SASL_VERSION_MAJOR=2 | |
3 | SASL_VERSION_MINOR=1 | |
4 | SASL_VERSION_STEP=25 | |
5 | ||
6 | !IF "$(STATIC)" == "" | |
7 | STATIC=yes | |
8 | !ENDIF | |
9 | ||
10 | # Uncomment the following line, if you want to use Visual Studio 6 | |
11 | #VCVER=6 | |
12 | ||
13 | # Use in Visual Studio 6 & 7: | |
14 | #EXCEPTHANDLING=/GX | |
15 | ||
16 | # Use in Visual Studio 8: | |
17 | EXCEPTHANDLING=/EHsc | |
18 | ||
19 | # Define compiler/linker/etc. | |
20 | ||
21 | CPP=cl.exe /nologo | |
22 | LINK32=link.exe /nologo | |
23 | LINK32DLL=$(LINK32) /dll | |
24 | LINK32EXE=$(LINK32) | |
25 | # It seems that -lib must be the first parameter | |
26 | LINK32LIB=link.exe /lib /nologo | |
27 | ||
28 | SYS_LIBS=ws2_32.lib kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib | |
29 | ||
30 | !IF "$(BITS)" == "64" | |
31 | SYS_LIBS=$(SYS_LIBS) bufferoverflowU.lib | |
32 | !ENDIF | |
33 | ||
34 | # Define the minimal Windows OS you want to run on:40 (NT), 50 (W2K), 51 (XP) | |
35 | # Default is no restrictions. Currently we only check for 51 or later. | |
36 | #TARGET_WIN_SYSTEM=51 | |
37 | ||
38 | !IF "$(TARGET_WIN_SYSTEM)" == "" | |
39 | !IF "$(VERBOSE)" != "0" | |
40 | !MESSAGE Applications and libraries should run on any Win32 system. | |
41 | !ENDIF | |
42 | TARGET_WIN_SYSTEM=0 | |
43 | !ENDIF | |
44 | ||
45 | # prefix variable is currently only being used by install target | |
46 | !IF "$(prefix)" == "" | |
47 | prefix=C:\CMU | |
48 | !IF "$(VERBOSE)" != "0" | |
49 | !MESSAGE Default installation directory is $(prefix). | |
50 | !ENDIF | |
51 | !ENDIF | |
52 | ||
53 | !IF "$(CFG)" == "" | |
54 | CFG=Release | |
55 | !IF "$(VERBOSE)" != "0" | |
56 | !MESSAGE No configuration specified. Defaulting to $(CFG). | |
57 | !ENDIF | |
58 | !ENDIF | |
59 | ||
60 | !IF "$(DB_LIB)" == "" | |
61 | DB_LIB=libdb41s.lib | |
62 | !IF "$(VERBOSE)" != "0" | |
63 | !MESSAGE Defaulting SleepyCat library name to $(DB_LIB). | |
64 | !ENDIF | |
65 | !ENDIF | |
66 | ||
67 | !IF "$(DB_INCLUDE)" == "" | |
68 | DB_INCLUDE=c:\work\isode\db\build_win32 | |
69 | !IF "$(VERBOSE)" != "0" | |
70 | !MESSAGE Defaulting SleepyCat include path to $(DB_INCLUDE). | |
71 | !ENDIF | |
72 | !ENDIF | |
73 | ||
74 | !IF "$(DB_LIBPATH)" == "" | |
75 | DB_LIBPATH=c:\work\isode\db\build_win32\Release_static | |
76 | !IF "$(VERBOSE)" != "0" | |
77 | !MESSAGE Defaulting SleepyCat library path to $(DB_LIBPATH). | |
78 | !ENDIF | |
79 | !ENDIF | |
80 | ||
81 | !IF "$(OPENSSL_INCLUDE)" == "" | |
82 | OPENSSL_INCLUDE="D:\openssl\engine-0.9.6g-md3\include" | |
83 | !IF "$(VERBOSE)" != "0" | |
84 | !MESSAGE Defaulting OpenSSL Include path to $(OPENSSL_INCLUDE). | |
85 | !ENDIF | |
86 | !ENDIF | |
87 | ||
88 | !IF "$(OPENSSL_LIBPATH)" == "" | |
89 | OPENSSL_LIBPATH="D:\openssl\engine-0.9.6g-md3\lib" | |
90 | !IF "$(VERBOSE)" != "0" | |
91 | !MESSAGE Defaulting OpenSSL library path to $(OPENSSL_LIBPATH). | |
92 | !ENDIF | |
93 | !ENDIF | |
94 | ||
95 | !IF "$(GSSAPI_INCLUDE)" == "" | |
96 | GSSAPI_INCLUDE="C:\Program Files\CyberSafe\Developer Pack\ApplicationSecuritySDK\include" | |
97 | !IF "$(VERBOSE)" != "0" | |
98 | !MESSAGE Defaulting GSSAPI Include path to $(GSSAPI_INCLUDE). | |
99 | !ENDIF | |
100 | !ENDIF | |
101 | ||
102 | !IF "$(GSSAPI_LIBPATH)" == "" | |
103 | GSSAPI_LIBPATH="C:\Program Files\CyberSafe\Developer Pack\ApplicationSecuritySDK\lib" | |
104 | !IF "$(VERBOSE)" != "0" | |
105 | !MESSAGE Defaulting GSSAPI library path to $(GSSAPI_LIBPATH). | |
106 | !ENDIF | |
107 | !ENDIF | |
108 | ||
109 | !IF "$(SQLITE_INCLUDE)" == "" | |
110 | SQLITE_INCLUDES=/I"C:\work\open_source\sqllite\sqlite\src" /I"C:\work\open_source\sqllite\sqlite\win32" | |
111 | !IF "$(VERBOSE)" != "0" | |
112 | !MESSAGE Defaulting SQLITE_INCLUDES includes to $(SQLITE_INCLUDES). | |
113 | !ENDIF | |
114 | !ENDIF | |
115 | ||
116 | !IF "$(SQLITE_LIBPATH)" == "" | |
117 | SQLITE_LIBPATH="C:\work\open_source\sqllite\sqlite\objs" | |
118 | !IF "$(VERBOSE)" != "0" | |
119 | !MESSAGE Defaulting SQLITE library path to $(SQLITE_LIBPATH). | |
120 | !ENDIF | |
121 | !ENDIF | |
122 | ||
123 | !IF "$(SQLITE_INCLUDE3)" == "" | |
124 | SQLITE_INCLUDES3=/I"c:\work\sqlite\generated" | |
125 | !IF "$(VERBOSE)" != "0" | |
126 | !MESSAGE Defaulting SQLITE_INCLUDES3 includes to $(SQLITE_INCLUDES3). | |
127 | !ENDIF | |
128 | !ENDIF | |
129 | ||
130 | !IF "$(SQLITE_LIBPATH3)" == "" | |
131 | SQLITE_LIBPATH3="c:\work\sqlite\objs.NT" | |
132 | !IF "$(VERBOSE)" != "0" | |
133 | !MESSAGE Defaulting SQLITE library path to $(SQLITE_LIBPATH3). | |
134 | !ENDIF | |
135 | !ENDIF | |
136 | ||
137 | !IF "$(LDAP_LIB_BASE)" == "" | |
138 | LDAP_LIB_BASE = c:\work\open_source\openldap\openldap-head\ldap\Debug | |
139 | !IF "$(VERBOSE)" != "0" | |
140 | !MESSAGE Defaulting LDAP library path to $(LDAP_LIB_BASE). | |
141 | !ENDIF | |
142 | !ENDIF | |
143 | ||
144 | !IF "$(LDAP_INCLUDE)" == "" | |
145 | LDAP_INCLUDE = c:\work\open_source\openldap\openldap-head\ldap\include | |
146 | !IF "$(VERBOSE)" != "0" | |
147 | !MESSAGE Defaulting LDAP include path to $(LDAP_INCLUDE). | |
148 | !ENDIF | |
149 | !ENDIF | |
150 | ||
151 | !IF "$(OS)" == "Windows_NT" | |
152 | NULL= | |
153 | !ELSE | |
154 | NULL=nul | |
155 | !ENDIF | |
156 | ||
157 | ||
158 | !IF "$(CFG)" == "Release" | |
159 | ||
160 | !IF "$(CODEGEN)" == "" | |
161 | !IF "$(STATIC)" == "yes" | |
162 | CODEGEN=/MT | |
163 | !ELSE | |
164 | CODEGEN=/MD | |
165 | !ENDIF | |
166 | !IF "$(VERBOSE)" != "0" | |
167 | !MESSAGE Codegeneration defaulting to $(CODEGEN). | |
168 | !ENDIF | |
169 | !ENDIF | |
170 | ||
171 | !IF "$(VCVER)" != "6" | |
172 | ENABLE_WIN64_WARNINGS=/Wp64 | |
173 | !ENDIF | |
174 | ||
175 | CPP_PROJ= $(CODEGEN) /W3 $(EXCEPTHANDLING) /O2 $(ENABLE_WIN64_WARNINGS) /Zi /D "NDEBUG" $(CPPFLAGS) /FD /c | |
176 | ||
177 | incremental=no | |
178 | ||
179 | # This use to contain /machine:I386. This breaks cross compiling to Windows 64. | |
180 | # It doesn't seem that the /machine option is needed anyway. | |
181 | LINK32_FLAGS=/debug | |
182 | ||
183 | !ELSEIF "$(CFG)" == "Debug" | |
184 | ||
185 | !IF "$(CODEGEN)" == "" | |
186 | !IF "$(STATIC)" == "yes" | |
187 | CODEGEN=/MTd | |
188 | !ELSE | |
189 | CODEGEN=/MDd | |
190 | !ENDIF | |
191 | !IF "$(VERBOSE)" != "0" | |
192 | !MESSAGE Codegeneration defaulting to $(CODEGEN). | |
193 | !ENDIF | |
194 | !ENDIF | |
195 | ||
196 | CPP_PROJ=$(CODEGEN) /W3 /Gm $(EXCEPTHANDLING) /ZI /Od /D "_DEBUG" $(CPPFLAGS) /FD /GZ /c | |
197 | ||
198 | incremental=yes | |
199 | ||
200 | # This use to contain /machine:I386. This breaks cross compiling to Windows 64. | |
201 | # It doesn't seem that the /machine option is needed anyway. | |
202 | LINK32_FLAGS=/debug /pdbtype:sept | |
203 | ||
204 | !ENDIF | |
205 | ||
206 | LINK32DLL_FLAGS=/incremental:$(incremental) $(LINK32_FLAGS) $(SYS_LIBS) $(EXTRA_LIBS) | |
207 | ||
208 | # Assume we are only building console applications | |
209 | LINK32EXE_FLAGS=/subsystem:console /incremental:$(incremental) $(LINK32_FLAGS) $(SYS_LIBS) $(EXTRA_LIBS) | |
210 | ||
211 | # Assume we are only building console applications | |
212 | LINK32EXE_FLAGS=/subsystem:console /incremental:$(incremental) $(LINK32_FLAGS) $(SYS_LIBS) $(EXTRA_LIBS) | |
213 | ||
214 | LINK32LIB_FLAGS=$(LINK32_FLAGS) |
1 | 1 | #Keep in sync with include/sasl.h and win32/include/config.h |
2 | 2 | SASL_VERSION_MAJOR=2 |
3 | 3 | SASL_VERSION_MINOR=1 |
4 | SASL_VERSION_STEP=23 | |
4 | SASL_VERSION_STEP=24 | |
5 | ||
6 | !IF "$(STATIC)" == "" | |
7 | STATIC=yes | |
8 | !ENDIF | |
5 | 9 | |
6 | 10 | # Uncomment the following line, if you want to use Visual Studio 6 |
7 | 11 | #VCVER=6 |
12 | ||
13 | # Use in Visual Studio 6 & 7: | |
14 | #EXCEPTHANDLING=/GX | |
15 | ||
16 | # Use in Visual Studio 8: | |
17 | EXCEPTHANDLING=/EHsc | |
8 | 18 | |
9 | 19 | # Define compiler/linker/etc. |
10 | 20 | |
12 | 22 | LINK32=link.exe /nologo |
13 | 23 | LINK32DLL=$(LINK32) /dll |
14 | 24 | LINK32EXE=$(LINK32) |
25 | # It seems that -lib must be the first parameter | |
26 | LINK32LIB=link.exe /lib /nologo | |
15 | 27 | |
16 | 28 | SYS_LIBS=ws2_32.lib kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib |
29 | ||
30 | !IF "$(BITS)" == "64" | |
31 | SYS_LIBS=$(SYS_LIBS) bufferoverflowU.lib | |
32 | !ENDIF | |
17 | 33 | |
18 | 34 | # Define the minimal Windows OS you want to run on:40 (NT), 50 (W2K), 51 (XP) |
19 | 35 | # Default is no restrictions. Currently we only check for 51 or later. |
101 | 117 | SQLITE_LIBPATH="C:\work\open_source\sqllite\sqlite\objs" |
102 | 118 | !IF "$(VERBOSE)" != "0" |
103 | 119 | !MESSAGE Defaulting SQLITE library path to $(SQLITE_LIBPATH). |
120 | !ENDIF | |
121 | !ENDIF | |
122 | ||
123 | !IF "$(SQLITE_INCLUDE3)" == "" | |
124 | SQLITE_INCLUDES3=/I"c:\work\sqlite\generated" | |
125 | !IF "$(VERBOSE)" != "0" | |
126 | !MESSAGE Defaulting SQLITE_INCLUDES3 includes to $(SQLITE_INCLUDES3). | |
127 | !ENDIF | |
128 | !ENDIF | |
129 | ||
130 | !IF "$(SQLITE_LIBPATH3)" == "" | |
131 | SQLITE_LIBPATH3="c:\work\sqlite\objs.NT" | |
132 | !IF "$(VERBOSE)" != "0" | |
133 | !MESSAGE Defaulting SQLITE library path to $(SQLITE_LIBPATH3). | |
104 | 134 | !ENDIF |
105 | 135 | !ENDIF |
106 | 136 | |
142 | 172 | ENABLE_WIN64_WARNINGS=/Wp64 |
143 | 173 | !ENDIF |
144 | 174 | |
145 | CPP_PROJ= $(CODEGEN) /W3 /GX /O2 $(ENABLE_WIN64_WARNINGS) /Zi /D "NDEBUG" $(CPPFLAGS) /FD /c | |
146 | ||
147 | LINK32_FLAGS=/incremental:no /debug /machine:I386 | |
175 | CPP_PROJ= $(CODEGEN) /W3 $(EXCEPTHANDLING) /O2 $(ENABLE_WIN64_WARNINGS) /Zi /D "NDEBUG" $(CPPFLAGS) /FD /c | |
176 | ||
177 | incremental=no | |
178 | ||
179 | # This use to contain /machine:I386. This breaks cross compiling to Windows 64. | |
180 | # It doesn't seem that the /machine option is needed anyway. | |
181 | LINK32_FLAGS=/debug | |
148 | 182 | |
149 | 183 | !ELSEIF "$(CFG)" == "Debug" |
150 | 184 | |
159 | 193 | !ENDIF |
160 | 194 | !ENDIF |
161 | 195 | |
162 | CPP_PROJ=$(CODEGEN) /W3 /Gm /GX /ZI /Od /D "_DEBUG" $(CPPFLAGS) /FD /GZ /c | |
163 | ||
164 | LINK32_FLAGS=/incremental:yes /debug /machine:I386 /pdbtype:sept | |
165 | ||
166 | !ENDIF | |
167 | ||
168 | LINK32DLL_FLAGS=$(LINK32_FLAGS) $(SYS_LIBS) $(EXTRA_LIBS) | |
196 | CPP_PROJ=$(CODEGEN) /W3 /Gm $(EXCEPTHANDLING) /ZI /Od /D "_DEBUG" $(CPPFLAGS) /FD /GZ /c | |
197 | ||
198 | incremental=yes | |
199 | ||
200 | # This use to contain /machine:I386. This breaks cross compiling to Windows 64. | |
201 | # It doesn't seem that the /machine option is needed anyway. | |
202 | LINK32_FLAGS=/debug /pdbtype:sept | |
203 | ||
204 | !ENDIF | |
205 | ||
206 | LINK32DLL_FLAGS=/incremental:$(incremental) $(LINK32_FLAGS) $(SYS_LIBS) $(EXTRA_LIBS) | |
169 | 207 | |
170 | 208 | # Assume we are only building console applications |
171 | LINK32EXE_FLAGS=/subsystem:console $(LINK32_FLAGS) $(SYS_LIBS) $(EXTRA_LIBS) | |
172 | ||
209 | LINK32EXE_FLAGS=/subsystem:console /incremental:$(incremental) $(LINK32_FLAGS) $(SYS_LIBS) $(EXTRA_LIBS) | |
210 | ||
211 | # Assume we are only building console applications | |
212 | LINK32EXE_FLAGS=/subsystem:console /incremental:$(incremental) $(LINK32_FLAGS) $(SYS_LIBS) $(EXTRA_LIBS) | |
213 | ||
214 | LINK32LIB_FLAGS=$(LINK32_FLAGS) |
0 | #Can this be autogenerated? | |
1 | #Keep in sync with include/sasl.h and win32/include/config.h | |
2 | SASL_VERSION_MAJOR=2 | |
3 | SASL_VERSION_MINOR=1 | |
4 | SASL_VERSION_STEP=24 | |
5 | ||
6 | !IF "$(STATIC)" == "" | |
7 | STATIC=yes | |
8 | !ENDIF | |
9 | ||
10 | # Uncomment the following line, if you want to use Visual Studio 6 | |
11 | #VCVER=6 | |
12 | ||
13 | # Use in Visual Studio 6 & 7: | |
14 | #EXCEPTHANDLING=/GX | |
15 | ||
16 | # Use in Visual Studio 8: | |
17 | EXCEPTHANDLING=/EHsc | |
18 | ||
19 | # Define compiler/linker/etc. | |
20 | ||
21 | CPP=cl.exe /nologo | |
22 | LINK32=link.exe /nologo | |
23 | LINK32DLL=$(LINK32) /dll | |
24 | LINK32EXE=$(LINK32) | |
25 | # It seems that -lib must be the first parameter | |
26 | LINK32LIB=link.exe /lib /nologo | |
27 | ||
28 | SYS_LIBS=ws2_32.lib kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib | |
29 | ||
30 | !IF "$(BITS)" == "64" | |
31 | SYS_LIBS=$(SYS_LIBS) bufferoverflowU.lib | |
32 | !ENDIF | |
33 | ||
34 | # Define the minimal Windows OS you want to run on:40 (NT), 50 (W2K), 51 (XP) | |
35 | # Default is no restrictions. Currently we only check for 51 or later. | |
36 | #TARGET_WIN_SYSTEM=51 | |
37 | ||
38 | !IF "$(TARGET_WIN_SYSTEM)" == "" | |
39 | !IF "$(VERBOSE)" != "0" | |
40 | !MESSAGE Applications and libraries should run on any Win32 system. | |
41 | !ENDIF | |
42 | TARGET_WIN_SYSTEM=0 | |
43 | !ENDIF | |
44 | ||
45 | # prefix variable is currently only being used by install target | |
46 | !IF "$(prefix)" == "" | |
47 | prefix=C:\CMU | |
48 | !IF "$(VERBOSE)" != "0" | |
49 | !MESSAGE Default installation directory is $(prefix). | |
50 | !ENDIF | |
51 | !ENDIF | |
52 | ||
53 | !IF "$(CFG)" == "" | |
54 | CFG=Release | |
55 | !IF "$(VERBOSE)" != "0" | |
56 | !MESSAGE No configuration specified. Defaulting to $(CFG). | |
57 | !ENDIF | |
58 | !ENDIF | |
59 | ||
60 | !IF "$(DB_LIB)" == "" | |
61 | DB_LIB=libdb41s.lib | |
62 | !IF "$(VERBOSE)" != "0" | |
63 | !MESSAGE Defaulting SleepyCat library name to $(DB_LIB). | |
64 | !ENDIF | |
65 | !ENDIF | |
66 | ||
67 | !IF "$(DB_INCLUDE)" == "" | |
68 | DB_INCLUDE=c:\work\isode\db\build_win32 | |
69 | !IF "$(VERBOSE)" != "0" | |
70 | !MESSAGE Defaulting SleepyCat include path to $(DB_INCLUDE). | |
71 | !ENDIF | |
72 | !ENDIF | |
73 | ||
74 | !IF "$(DB_LIBPATH)" == "" | |
75 | DB_LIBPATH=c:\work\isode\db\build_win32\Release_static | |
76 | !IF "$(VERBOSE)" != "0" | |
77 | !MESSAGE Defaulting SleepyCat library path to $(DB_LIBPATH). | |
78 | !ENDIF | |
79 | !ENDIF | |
80 | ||
81 | !IF "$(OPENSSL_INCLUDE)" == "" | |
82 | OPENSSL_INCLUDE="D:\openssl\engine-0.9.6g-md3\include" | |
83 | !IF "$(VERBOSE)" != "0" | |
84 | !MESSAGE Defaulting OpenSSL Include path to $(OPENSSL_INCLUDE). | |
85 | !ENDIF | |
86 | !ENDIF | |
87 | ||
88 | !IF "$(OPENSSL_LIBPATH)" == "" | |
89 | OPENSSL_LIBPATH="D:\openssl\engine-0.9.6g-md3\lib" | |
90 | !IF "$(VERBOSE)" != "0" | |
91 | !MESSAGE Defaulting OpenSSL library path to $(OPENSSL_LIBPATH). | |
92 | !ENDIF | |
93 | !ENDIF | |
94 | ||
95 | !IF "$(GSSAPI_INCLUDE)" == "" | |
96 | GSSAPI_INCLUDE="C:\Program Files\CyberSafe\Developer Pack\ApplicationSecuritySDK\include" | |
97 | !IF "$(VERBOSE)" != "0" | |
98 | !MESSAGE Defaulting GSSAPI Include path to $(GSSAPI_INCLUDE). | |
99 | !ENDIF | |
100 | !ENDIF | |
101 | ||
102 | !IF "$(GSSAPI_LIBPATH)" == "" | |
103 | GSSAPI_LIBPATH="C:\Program Files\CyberSafe\Developer Pack\ApplicationSecuritySDK\lib" | |
104 | !IF "$(VERBOSE)" != "0" | |
105 | !MESSAGE Defaulting GSSAPI library path to $(GSSAPI_LIBPATH). | |
106 | !ENDIF | |
107 | !ENDIF | |
108 | ||
109 | !IF "$(SQLITE_INCLUDE)" == "" | |
110 | SQLITE_INCLUDES=/I"C:\work\open_source\sqllite\sqlite\src" /I"C:\work\open_source\sqllite\sqlite\win32" | |
111 | !IF "$(VERBOSE)" != "0" | |
112 | !MESSAGE Defaulting SQLITE_INCLUDES includes to $(SQLITE_INCLUDES). | |
113 | !ENDIF | |
114 | !ENDIF | |
115 | ||
116 | !IF "$(SQLITE_LIBPATH)" == "" | |
117 | SQLITE_LIBPATH="C:\work\open_source\sqllite\sqlite\objs" | |
118 | !IF "$(VERBOSE)" != "0" | |
119 | !MESSAGE Defaulting SQLITE library path to $(SQLITE_LIBPATH). | |
120 | !ENDIF | |
121 | !ENDIF | |
122 | ||
123 | !IF "$(SQLITE_INCLUDE3)" == "" | |
124 | SQLITE_INCLUDES3=/I"c:\work\sqlite\generated" | |
125 | !IF "$(VERBOSE)" != "0" | |
126 | !MESSAGE Defaulting SQLITE_INCLUDES3 includes to $(SQLITE_INCLUDES3). | |
127 | !ENDIF | |
128 | !ENDIF | |
129 | ||
130 | !IF "$(SQLITE_LIBPATH3)" == "" | |
131 | SQLITE_LIBPATH3="c:\work\sqlite\objs.NT" | |
132 | !IF "$(VERBOSE)" != "0" | |
133 | !MESSAGE Defaulting SQLITE library path to $(SQLITE_LIBPATH3). | |
134 | !ENDIF | |
135 | !ENDIF | |
136 | ||
137 | !IF "$(LDAP_LIB_BASE)" == "" | |
138 | LDAP_LIB_BASE = c:\work\open_source\openldap\openldap-head\ldap\Debug | |
139 | !IF "$(VERBOSE)" != "0" | |
140 | !MESSAGE Defaulting LDAP library path to $(LDAP_LIB_BASE). | |
141 | !ENDIF | |
142 | !ENDIF | |
143 | ||
144 | !IF "$(LDAP_INCLUDE)" == "" | |
145 | LDAP_INCLUDE = c:\work\open_source\openldap\openldap-head\ldap\include | |
146 | !IF "$(VERBOSE)" != "0" | |
147 | !MESSAGE Defaulting LDAP include path to $(LDAP_INCLUDE). | |
148 | !ENDIF | |
149 | !ENDIF | |
150 | ||
151 | !IF "$(OS)" == "Windows_NT" | |
152 | NULL= | |
153 | !ELSE | |
154 | NULL=nul | |
155 | !ENDIF | |
156 | ||
157 | ||
158 | !IF "$(CFG)" == "Release" | |
159 | ||
160 | !IF "$(CODEGEN)" == "" | |
161 | !IF "$(STATIC)" == "yes" | |
162 | CODEGEN=/MT | |
163 | !ELSE | |
164 | CODEGEN=/MD | |
165 | !ENDIF | |
166 | !IF "$(VERBOSE)" != "0" | |
167 | !MESSAGE Codegeneration defaulting to $(CODEGEN). | |
168 | !ENDIF | |
169 | !ENDIF | |
170 | ||
171 | !IF "$(VCVER)" != "6" | |
172 | ENABLE_WIN64_WARNINGS=/Wp64 | |
173 | !ENDIF | |
174 | ||
175 | CPP_PROJ= $(CODEGEN) /W3 $(EXCEPTHANDLING) /O2 $(ENABLE_WIN64_WARNINGS) /Zi /D "NDEBUG" $(CPPFLAGS) /FD /c | |
176 | ||
177 | incremental=no | |
178 | ||
179 | # This use to contain /machine:I386. This breaks cross compiling to Windows 64. | |
180 | # It doesn't seem that the /machine option is needed anyway. | |
181 | LINK32_FLAGS=/debug | |
182 | ||
183 | !ELSEIF "$(CFG)" == "Debug" | |
184 | ||
185 | !IF "$(CODEGEN)" == "" | |
186 | !IF "$(STATIC)" == "yes" | |
187 | CODEGEN=/MTd | |
188 | !ELSE | |
189 | CODEGEN=/MDd | |
190 | !ENDIF | |
191 | !IF "$(VERBOSE)" != "0" | |
192 | !MESSAGE Codegeneration defaulting to $(CODEGEN). | |
193 | !ENDIF | |
194 | !ENDIF | |
195 | ||
196 | CPP_PROJ=$(CODEGEN) /W3 /Gm $(EXCEPTHANDLING) /ZI /Od /D "_DEBUG" $(CPPFLAGS) /FD /GZ /c | |
197 | ||
198 | incremental=yes | |
199 | ||
200 | # This use to contain /machine:I386. This breaks cross compiling to Windows 64. | |
201 | # It doesn't seem that the /machine option is needed anyway. | |
202 | LINK32_FLAGS=/debug /pdbtype:sept | |
203 | ||
204 | !ENDIF | |
205 | ||
206 | LINK32DLL_FLAGS=/incremental:$(incremental) $(LINK32_FLAGS) $(SYS_LIBS) $(EXTRA_LIBS) | |
207 | ||
208 | # Assume we are only building console applications | |
209 | LINK32EXE_FLAGS=/subsystem:console /incremental:$(incremental) $(LINK32_FLAGS) $(SYS_LIBS) $(EXTRA_LIBS) | |
210 | ||
211 | # Assume we are only building console applications | |
212 | LINK32EXE_FLAGS=/subsystem:console /incremental:$(incremental) $(LINK32_FLAGS) $(SYS_LIBS) $(EXTRA_LIBS) | |
213 | ||
214 | LINK32LIB_FLAGS=$(LINK32_FLAGS) |
0 | /* config.h--SASL configuration for win32 | |
1 | * Ryan Troll | |
2 | */ | |
3 | /* | |
4 | * Copyright (c) 1998-2004 Carnegie Mellon University. All rights reserved. | |
5 | * | |
6 | * Redistribution and use in source and binary forms, with or without | |
7 | * modification, are permitted provided that the following conditions | |
8 | * are met: | |
9 | * | |
10 | * 1. Redistributions of source code must retain the above copyright | |
11 | * notice, this list of conditions and the following disclaimer. | |
12 | * | |
13 | * 2. Redistributions in binary form must reproduce the above copyright | |
14 | * notice, this list of conditions and the following disclaimer in | |
15 | * the documentation and/or other materials provided with the | |
16 | * distribution. | |
17 | * | |
18 | * 3. The name "Carnegie Mellon University" must not be used to | |
19 | * endorse or promote products derived from this software without | |
20 | * prior written permission. For permission or any other legal | |
21 | * details, please contact | |
22 | * Office of Technology Transfer | |
23 | * Carnegie Mellon University | |
24 | * 5000 Forbes Avenue | |
25 | * Pittsburgh, PA 15213-3890 | |
26 | * (412) 268-4387, fax: (412) 268-7395 | |
27 | * tech-transfer@andrew.cmu.edu | |
28 | * | |
29 | * 4. Redistributions of any form whatsoever must retain the following | |
30 | * acknowledgment: | |
31 | * "This product includes software developed by Computing Services | |
32 | * at Carnegie Mellon University (http://www.cmu.edu/computing/)." | |
33 | * | |
34 | * CARNEGIE MELLON UNIVERSITY DISCLAIMS ALL WARRANTIES WITH REGARD TO | |
35 | * THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY | |
36 | * AND FITNESS, IN NO EVENT SHALL CARNEGIE MELLON UNIVERSITY BE LIABLE | |
37 | * FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES | |
38 | * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN | |
39 | * AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING | |
40 | * OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. | |
41 | */ | |
42 | ||
43 | #ifndef CONFIG_H | |
44 | #define CONFIG_H | |
45 | ||
46 | #include <stddef.h> | |
47 | ||
48 | /* winsock2 includes windows.h. | |
49 | Note that we can't include both winsock.h and winsock2.h as | |
50 | they conflict */ | |
51 | #include <winsock2.h> | |
52 | ||
53 | /* Our package */ | |
54 | #define PACKAGE "cyrus-sasl" | |
55 | ||
56 | /* Our version */ | |
57 | #define VERSION "2.1.25" | |
58 | ||
59 | /* Visual Studio supports prototypes */ | |
60 | #define PROTOTYPES 1 | |
61 | ||
62 | #ifndef HAVE_CADDR_T | |
63 | #ifndef caddr_t | |
64 | typedef unsigned char *caddr_t; | |
65 | #define HAVE_CADDR_T 1 | |
66 | #endif | |
67 | #endif | |
68 | ||
69 | #ifndef _INTPTR_T_DEFINED | |
70 | ||
71 | #ifdef _WIN64 | |
72 | typedef __int64 intptr_t; | |
73 | #else | |
74 | typedef int intptr_t; | |
75 | #endif | |
76 | ||
77 | #endif | |
78 | ||
79 | /* Registry key that contains the locations of the plugins */ | |
80 | #define SASL_ROOT_KEY "SOFTWARE\\Carnegie Mellon\\Project Cyrus\\SASL Library" | |
81 | #define SASL_PLUGIN_PATH_ATTR "SearchPath" | |
82 | #define SASL_CONF_PATH_ATTR "ConfFile" | |
83 | ||
84 | /* : This should probably be replaced with a call to a function | |
85 | : that gets the proper value from Registry */ | |
86 | #define SASL_DB_PATH "c:\\CMU\\sasldb2" | |
87 | ||
88 | /* what db package are we using? */ | |
89 | /* #undef SASL_GDBM */ | |
90 | /* #undef SASL_NDBM */ | |
91 | #define SASL_BERKELEYDB 1 | |
92 | ||
93 | /* which mechs can we link staticly? */ | |
94 | #define STATIC_ANONYMOUS 1 | |
95 | #define STATIC_CRAMMD5 1 | |
96 | #define STATIC_DIGESTMD5 1 | |
97 | #define STATIC_GSSAPIV2 1 | |
98 | /* #undef STATIC_KERBEROS4 */ | |
99 | #define STATIC_LOGIN 1 | |
100 | /* #undef STATIC_MYSQL */ | |
101 | #define STATIC_OTP 1 | |
102 | #define STATIC_PLAIN 1 | |
103 | #define STATIC_SASLDB 1 | |
104 | #define STATIC_SRP 1 | |
105 | ||
106 | /* ------------------------------------------------------------ */ | |
107 | ||
108 | /* Things that are fetched via autoconf under Unix | |
109 | */ | |
110 | #define HAVE_MEMCPY 1 | |
111 | ||
112 | #define PLUGINDIR "C:\\CMU\\bin\\sasl2" | |
113 | #define CONFIGDIR "C:\\CMU\\bin\\sasl2" | |
114 | ||
115 | /* Windows calls these functions something else | |
116 | */ | |
117 | #define strcasecmp stricmp | |
118 | #define snprintf _snprintf | |
119 | #define strncasecmp strnicmp | |
120 | ||
121 | #define MAXHOSTNAMELEN 1024 | |
122 | ||
123 | /* ------------------------------------------------------------ */ | |
124 | ||
125 | #define WITHOUT_NANA | |
126 | #define L_DEFAULT_GUARD (0) | |
127 | #define I_DEFAULT_GUARD (0) | |
128 | #define I(foo) | |
129 | #define VL(foo) printf foo; | |
130 | #define VLP(foo,bar) | |
131 | ||
132 | /* we're not gcc */ | |
133 | #define __attribute__(foo) | |
134 | ||
135 | /* : Same as in tpipv6.h */ | |
136 | #ifndef HAVE_SOCKLEN_T | |
137 | typedef int socklen_t; | |
138 | #endif /* HAVE_SOCKLEN_T */ | |
139 | ||
140 | /* If we expect to run on XP and later, we have IPv6 support natively */ | |
141 | #if TARGET_WIN_SYSTEM >= 51 | |
142 | #if !defined(_WIN32_WINNT) | |
143 | /* This forces the inclusion of OS supported functions, with no fallback */ | |
144 | #define _WIN32_WINNT 0x0510 | |
145 | #endif | |
146 | #endif | |
147 | ||
148 | #if defined(_MSC_VER) && (_MSC_VER >= 1300) | |
149 | /* The following two defines will prevent our own definitions below */ | |
150 | #define HAVE_GETADDRINFO | |
151 | #define HAVE_GETNAMEINFO | |
152 | #define HAVE_STRUCT_SOCKADDR_STORAGE | |
153 | /* Unless _WIN32_WINNT > 0x0500, Ws2tcpip.h will try to find OS provided | |
154 | getaddrinfo at runtime. It will fallback to Microsoft emulation, | |
155 | if not found */ | |
156 | #include <Ws2tcpip.h> | |
157 | #endif | |
158 | ||
159 | #if !defined(HAVE_STRUCT_SOCKADDR_STORAGE) && !defined(_SS_MAXSIZE) | |
160 | #define _SS_MAXSIZE 128 /* Implementation specific max size */ | |
161 | #define _SS_PADSIZE (_SS_MAXSIZE - sizeof (struct sockaddr)) | |
162 | ||
163 | struct sockaddr_storage { | |
164 | struct sockaddr ss_sa; | |
165 | char __ss_pad2[_SS_PADSIZE]; | |
166 | }; | |
167 | # define ss_family ss_sa.sa_family | |
168 | #endif /* !HAVE_STRUCT_SOCKADDR_STORAGE */ | |
169 | ||
170 | #ifndef AF_INET6 | |
171 | /* Define it to something that should never appear */ | |
172 | #define AF_INET6 AF_MAX | |
173 | #endif | |
174 | ||
175 | #ifndef HAVE_GETADDRINFO | |
176 | #define getaddrinfo sasl_getaddrinfo | |
177 | #define freeaddrinfo sasl_freeaddrinfo | |
178 | #define gai_strerror sasl_gai_strerror | |
179 | #endif | |
180 | ||
181 | #ifndef HAVE_GETNAMEINFO | |
182 | #define getnameinfo sasl_getnameinfo | |
183 | #endif | |
184 | ||
185 | #if !defined(HAVE_GETNAMEINFO) || !defined(HAVE_GETADDRINFO) | |
186 | #include "gai.h" | |
187 | #endif | |
188 | ||
189 | #ifndef AI_NUMERICHOST /* support glibc 2.0.x */ | |
190 | #define AI_NUMERICHOST 4 | |
191 | #define NI_NUMERICHOST 2 | |
192 | #define NI_NAMEREQD 4 | |
193 | #define NI_NUMERICSERV 8 | |
194 | #endif | |
195 | ||
196 | #include <time.h> | |
197 | ||
198 | /* Keep in sync with SleepyCat definitions */ | |
199 | typedef int int32_t; | |
200 | typedef __int64 int64_t; | |
201 | #ifdef _WIN64 | |
202 | typedef int64_t ssize_t; | |
203 | #else | |
204 | typedef int32_t ssize_t; | |
205 | #endif | |
206 | ||
207 | #define HIER_DELIMITER '\\' | |
208 | ||
209 | #ifndef sleep | |
210 | #define sleep(seconds) plug_sleep(seconds) | |
211 | unsigned int plug_sleep(unsigned int seconds); | |
212 | #endif | |
213 | ||
214 | #endif /* CONFIG_H */ |
54 | 54 | #define PACKAGE "cyrus-sasl" |
55 | 55 | |
56 | 56 | /* Our version */ |
57 | #define VERSION "2.1.23" | |
57 | #define VERSION "2.1.24" | |
58 | 58 | |
59 | 59 | /* Visual Studio supports prototypes */ |
60 | 60 | #define PROTOTYPES 1 |
195 | 195 | |
196 | 196 | #include <time.h> |
197 | 197 | |
198 | typedef int ssize_t; | |
198 | /* Keep in sync with SleepyCat definitions */ | |
199 | typedef int int32_t; | |
200 | typedef __int64 int64_t; | |
201 | #ifdef _WIN64 | |
202 | typedef int64_t ssize_t; | |
203 | #else | |
204 | typedef int32_t ssize_t; | |
205 | #endif | |
199 | 206 | |
200 | 207 | #define HIER_DELIMITER '\\' |
201 | 208 |
0 | /* config.h--SASL configuration for win32 | |
1 | * Ryan Troll | |
2 | */ | |
3 | /* | |
4 | * Copyright (c) 1998-2004 Carnegie Mellon University. All rights reserved. | |
5 | * | |
6 | * Redistribution and use in source and binary forms, with or without | |
7 | * modification, are permitted provided that the following conditions | |
8 | * are met: | |
9 | * | |
10 | * 1. Redistributions of source code must retain the above copyright | |
11 | * notice, this list of conditions and the following disclaimer. | |
12 | * | |
13 | * 2. Redistributions in binary form must reproduce the above copyright | |
14 | * notice, this list of conditions and the following disclaimer in | |
15 | * the documentation and/or other materials provided with the | |
16 | * distribution. | |
17 | * | |
18 | * 3. The name "Carnegie Mellon University" must not be used to | |
19 | * endorse or promote products derived from this software without | |
20 | * prior written permission. For permission or any other legal | |
21 | * details, please contact | |
22 | * Office of Technology Transfer | |
23 | * Carnegie Mellon University | |
24 | * 5000 Forbes Avenue | |
25 | * Pittsburgh, PA 15213-3890 | |
26 | * (412) 268-4387, fax: (412) 268-7395 | |
27 | * tech-transfer@andrew.cmu.edu | |
28 | * | |
29 | * 4. Redistributions of any form whatsoever must retain the following | |
30 | * acknowledgment: | |
31 | * "This product includes software developed by Computing Services | |
32 | * at Carnegie Mellon University (http://www.cmu.edu/computing/)." | |
33 | * | |
34 | * CARNEGIE MELLON UNIVERSITY DISCLAIMS ALL WARRANTIES WITH REGARD TO | |
35 | * THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY | |
36 | * AND FITNESS, IN NO EVENT SHALL CARNEGIE MELLON UNIVERSITY BE LIABLE | |
37 | * FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES | |
38 | * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN | |
39 | * AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING | |
40 | * OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. | |
41 | */ | |
42 | ||
43 | #ifndef CONFIG_H | |
44 | #define CONFIG_H | |
45 | ||
46 | #include <stddef.h> | |
47 | ||
48 | /* winsock2 includes windows.h. | |
49 | Note that we can't include both winsock.h and winsock2.h as | |
50 | they conflict */ | |
51 | #include <winsock2.h> | |
52 | ||
53 | /* Our package */ | |
54 | #define PACKAGE "cyrus-sasl" | |
55 | ||
56 | /* Our version */ | |
57 | #define VERSION "2.1.24" | |
58 | ||
59 | /* Visual Studio supports prototypes */ | |
60 | #define PROTOTYPES 1 | |
61 | ||
62 | #ifndef HAVE_CADDR_T | |
63 | #ifndef caddr_t | |
64 | typedef unsigned char *caddr_t; | |
65 | #define HAVE_CADDR_T 1 | |
66 | #endif | |
67 | #endif | |
68 | ||
69 | #ifndef _INTPTR_T_DEFINED | |
70 | ||
71 | #ifdef _WIN64 | |
72 | typedef __int64 intptr_t; | |
73 | #else | |
74 | typedef int intptr_t; | |
75 | #endif | |
76 | ||
77 | #endif | |
78 | ||
79 | /* Registry key that contains the locations of the plugins */ | |
80 | #define SASL_ROOT_KEY "SOFTWARE\\Carnegie Mellon\\Project Cyrus\\SASL Library" | |
81 | #define SASL_PLUGIN_PATH_ATTR "SearchPath" | |
82 | #define SASL_CONF_PATH_ATTR "ConfFile" | |
83 | ||
84 | /* : This should probably be replaced with a call to a function | |
85 | : that gets the proper value from Registry */ | |
86 | #define SASL_DB_PATH "c:\\CMU\\sasldb2" | |
87 | ||
88 | /* what db package are we using? */ | |
89 | /* #undef SASL_GDBM */ | |
90 | /* #undef SASL_NDBM */ | |
91 | #define SASL_BERKELEYDB 1 | |
92 | ||
93 | /* which mechs can we link staticly? */ | |
94 | #define STATIC_ANONYMOUS 1 | |
95 | #define STATIC_CRAMMD5 1 | |
96 | #define STATIC_DIGESTMD5 1 | |
97 | #define STATIC_GSSAPIV2 1 | |
98 | /* #undef STATIC_KERBEROS4 */ | |
99 | #define STATIC_LOGIN 1 | |
100 | /* #undef STATIC_MYSQL */ | |
101 | #define STATIC_OTP 1 | |
102 | #define STATIC_PLAIN 1 | |
103 | #define STATIC_SASLDB 1 | |
104 | #define STATIC_SRP 1 | |
105 | ||
106 | /* ------------------------------------------------------------ */ | |
107 | ||
108 | /* Things that are fetched via autoconf under Unix | |
109 | */ | |
110 | #define HAVE_MEMCPY 1 | |
111 | ||
112 | #define PLUGINDIR "C:\\CMU\\bin\\sasl2" | |
113 | #define CONFIGDIR "C:\\CMU\\bin\\sasl2" | |
114 | ||
115 | /* Windows calls these functions something else | |
116 | */ | |
117 | #define strcasecmp stricmp | |
118 | #define snprintf _snprintf | |
119 | #define strncasecmp strnicmp | |
120 | ||
121 | #define MAXHOSTNAMELEN 1024 | |
122 | ||
123 | /* ------------------------------------------------------------ */ | |
124 | ||
125 | #define WITHOUT_NANA | |
126 | #define L_DEFAULT_GUARD (0) | |
127 | #define I_DEFAULT_GUARD (0) | |
128 | #define I(foo) | |
129 | #define VL(foo) printf foo; | |
130 | #define VLP(foo,bar) | |
131 | ||
132 | /* we're not gcc */ | |
133 | #define __attribute__(foo) | |
134 | ||
135 | /* : Same as in tpipv6.h */ | |
136 | #ifndef HAVE_SOCKLEN_T | |
137 | typedef int socklen_t; | |
138 | #endif /* HAVE_SOCKLEN_T */ | |
139 | ||
140 | /* If we expect to run on XP and later, we have IPv6 support natively */ | |
141 | #if TARGET_WIN_SYSTEM >= 51 | |
142 | #if !defined(_WIN32_WINNT) | |
143 | /* This forces the inclusion of OS supported functions, with no fallback */ | |
144 | #define _WIN32_WINNT 0x0510 | |
145 | #endif | |
146 | #endif | |
147 | ||
148 | #if defined(_MSC_VER) && (_MSC_VER >= 1300) | |
149 | /* The following two defines will prevent our own definitions below */ | |
150 | #define HAVE_GETADDRINFO | |
151 | #define HAVE_GETNAMEINFO | |
152 | #define HAVE_STRUCT_SOCKADDR_STORAGE | |
153 | /* Unless _WIN32_WINNT > 0x0500, Ws2tcpip.h will try to find OS provided | |
154 | getaddrinfo at runtime. It will fallback to Microsoft emulation, | |
155 | if not found */ | |
156 | #include <Ws2tcpip.h> | |
157 | #endif | |
158 | ||
159 | #if !defined(HAVE_STRUCT_SOCKADDR_STORAGE) && !defined(_SS_MAXSIZE) | |
160 | #define _SS_MAXSIZE 128 /* Implementation specific max size */ | |
161 | #define _SS_PADSIZE (_SS_MAXSIZE - sizeof (struct sockaddr)) | |
162 | ||
163 | struct sockaddr_storage { | |
164 | struct sockaddr ss_sa; | |
165 | char __ss_pad2[_SS_PADSIZE]; | |
166 | }; | |
167 | # define ss_family ss_sa.sa_family | |
168 | #endif /* !HAVE_STRUCT_SOCKADDR_STORAGE */ | |
169 | ||
170 | #ifndef AF_INET6 | |
171 | /* Define it to something that should never appear */ | |
172 | #define AF_INET6 AF_MAX | |
173 | #endif | |
174 | ||
175 | #ifndef HAVE_GETADDRINFO | |
176 | #define getaddrinfo sasl_getaddrinfo | |
177 | #define freeaddrinfo sasl_freeaddrinfo | |
178 | #define gai_strerror sasl_gai_strerror | |
179 | #endif | |
180 | ||
181 | #ifndef HAVE_GETNAMEINFO | |
182 | #define getnameinfo sasl_getnameinfo | |
183 | #endif | |
184 | ||
185 | #if !defined(HAVE_GETNAMEINFO) || !defined(HAVE_GETADDRINFO) | |
186 | #include "gai.h" | |
187 | #endif | |
188 | ||
189 | #ifndef AI_NUMERICHOST /* support glibc 2.0.x */ | |
190 | #define AI_NUMERICHOST 4 | |
191 | #define NI_NUMERICHOST 2 | |
192 | #define NI_NAMEREQD 4 | |
193 | #define NI_NUMERICSERV 8 | |
194 | #endif | |
195 | ||
196 | #include <time.h> | |
197 | ||
198 | /* Keep in sync with SleepyCat definitions */ | |
199 | typedef int int32_t; | |
200 | typedef __int64 int64_t; | |
201 | #ifdef _WIN64 | |
202 | typedef int64_t ssize_t; | |
203 | #else | |
204 | typedef int32_t ssize_t; | |
205 | #endif | |
206 | ||
207 | #define HIER_DELIMITER '\\' | |
208 | ||
209 | #ifndef sleep | |
210 | #define sleep(seconds) plug_sleep(seconds) | |
211 | unsigned int plug_sleep(unsigned int seconds); | |
212 | #endif | |
213 | ||
214 | #endif /* CONFIG_H */ |