2 * -----------------------------------------------------------------------------
4 * Author: Markus Moeller (markus_moeller at compuserve.com)
6 * Copyright (C) 2007 Markus Moeller. All rights reserved.
8 * This program is free software; you can redistribute it and/or modify
9 * it under the terms of the GNU General Public License as published by
10 * the Free Software Foundation; either version 2 of the License, or
11 * (at your option) any later version.
13 * This program is distributed in the hope that it will be useful,
14 * but WITHOUT ANY WARRANTY; without even the implied warranty of
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 * GNU General Public License for more details.
18 * You should have received a copy of the GNU General Public License
19 * along with this program; if not, write to the Free Software
20 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307, USA.
22 * -----------------------------------------------------------------------------
34 #elif defined(HAVE_SASL_SASL_H)
35 #include <sasl/sasl.h>
36 #elif defined(HAVE_SASL_DARWIN)
37 typedef struct sasl_interact
{
38 unsigned long id
; /* same as client/user callback ID */
39 const char *challenge
; /* presented to user (e.g. OTP challenge) */
40 const char *prompt
; /* presented to user (e.g. "Username: ") */
41 const char *defresult
; /* default result string */
42 const void *result
; /* set to point to result */
43 unsigned len
; /* set to length of result */
46 #define SASL_CB_USER 0x4001 /* client user identity to login as */
47 #define SASL_CB_AUTHNAME 0x4002 /* client authentication name */
48 #define SASL_CB_PASS 0x4004 /* client passphrase-based secret */
49 #define SASL_CB_ECHOPROMPT 0x4005 /* challenge and client enterred result */
50 #define SASL_CB_NOECHOPROMPT 0x4006 /* challenge and client enterred result */
51 #define SASL_CB_GETREALM 0x4008 /* realm to attempt authentication in */
52 #define SASL_CB_LIST_END 0 /* end of list */
55 #if defined(HAVE_SASL_H) || defined(HAVE_SASL_SASL_H) || defined(HAVE_SASL_DARWIN)
56 void *lutil_sasl_defaults(
64 LDAP_SASL_INTERACT_PROC lutil_sasl_interact
;
66 int lutil_sasl_interact(
72 void lutil_sasl_freedefs(
76 * SASL definitions for openldap support
79 typedef struct lutil_sasl_defaults_s
{
98 lutilSASLdefaults
*defaults
;
100 defaults
= (lutilSASLdefaults
*) xmalloc(sizeof(lutilSASLdefaults
));
102 if (defaults
== NULL
)
105 defaults
->mech
= mech
? xstrdup(mech
) : NULL
;
106 defaults
->realm
= realm
? xstrdup(realm
) : NULL
;
107 defaults
->authcid
= authcid
? xstrdup(authcid
) : NULL
;
108 defaults
->passwd
= passwd
? xstrdup(passwd
) : NULL
;
109 defaults
->authzid
= authzid
? xstrdup(authzid
) : NULL
;
111 if (defaults
->mech
== NULL
) {
112 ldap_get_option(ld
, LDAP_OPT_X_SASL_MECH
, &defaults
->mech
);
114 if (defaults
->realm
== NULL
) {
115 ldap_get_option(ld
, LDAP_OPT_X_SASL_REALM
, &defaults
->realm
);
117 if (defaults
->authcid
== NULL
) {
118 ldap_get_option(ld
, LDAP_OPT_X_SASL_AUTHCID
, &defaults
->authcid
);
120 if (defaults
->authzid
== NULL
) {
121 ldap_get_option(ld
, LDAP_OPT_X_SASL_AUTHZID
, &defaults
->authzid
);
123 defaults
->resps
= NULL
;
124 defaults
->nresps
= 0;
132 sasl_interact_t
* interact
,
133 lutilSASLdefaults
* defaults
)
135 const char *dflt
= interact
->defresult
;
138 switch (interact
->id
) {
139 case SASL_CB_GETREALM
:
141 dflt
= defaults
->realm
;
143 case SASL_CB_AUTHNAME
:
145 dflt
= defaults
->authcid
;
149 dflt
= defaults
->passwd
;
153 dflt
= defaults
->authzid
;
155 case SASL_CB_NOECHOPROMPT
:
157 case SASL_CB_ECHOPROMPT
:
164 /* input must be empty */
165 interact
->result
= (dflt
&& *dflt
) ? dflt
: "";
166 interact
->len
= (unsigned) strlen((const char *) interact
->result
);
178 sasl_interact_t
*interact
= (sasl_interact_t
*) in
;
181 return LDAP_PARAM_ERROR
;
183 while (interact
->id
!= SASL_CB_LIST_END
) {
184 int rc
= interaction(flags
, interact
, (lutilSASLdefaults
*) defaults
);
198 lutilSASLdefaults
*defs
= (lutilSASLdefaults
*) defaults
;
205 xfree(defs
->authcid
);
209 xfree(defs
->authzid
);
217 tool_sasl_bind(LDAP
* ld
, char *binddn
, char *ssl
)
220 * unsigned sasl_flags = LDAP_SASL_AUTOMATIC;
221 * unsigned sasl_flags = LDAP_SASL_QUIET;
224 * Avoid SASL messages
226 #ifdef HAVE_SUN_LDAP_SDK
227 unsigned sasl_flags
= LDAP_SASL_INTERACTIVE
;
229 unsigned sasl_flags
= LDAP_SASL_QUIET
;
231 char *sasl_realm
= NULL
;
232 char *sasl_authc_id
= NULL
;
233 char *sasl_authz_id
= NULL
;
234 #ifdef HAVE_SUN_LDAP_SDK
235 char *sasl_mech
= (char *) "GSSAPI";
237 char *sasl_mech
= NULL
;
244 * char *sasl_secprops = (char *)"maxssf=56";
245 * char *sasl_secprops = NULL;
247 struct berval passwd
= {0, NULL
};
249 int rc
= LDAP_SUCCESS
;
252 sasl_secprops
= (char *) "maxssf=0";
254 sasl_secprops
= (char *) "maxssf=56";
255 /* sasl_secprops = (char *)"maxssf=0"; */
256 /* sasl_secprops = (char *)"maxssf=56"; */
258 if (sasl_secprops
!= NULL
) {
259 rc
= ldap_set_option(ld
, LDAP_OPT_X_SASL_SECPROPS
,
260 (void *) sasl_secprops
);
261 if (rc
!= LDAP_SUCCESS
) {
262 error((char *) "%s| %s: ERROR: Could not set LDAP_OPT_X_SASL_SECPROPS: %s: %s\n", LogTime(), PROGRAM
, sasl_secprops
, ldap_err2string(rc
));
266 defaults
= lutil_sasl_defaults(ld
,
273 rc
= ldap_sasl_interactive_bind_s(ld
, binddn
,
274 sasl_mech
, NULL
, NULL
,
275 sasl_flags
, lutil_sasl_interact
, defaults
);
277 lutil_sasl_freedefs(defaults
);
278 if (rc
!= LDAP_SUCCESS
) {
279 error((char *) "%s| %s: ERROR: ldap_sasl_interactive_bind_s error: %s\n", LogTime(), PROGRAM
, ldap_err2string(rc
));
288 fprintf(stderr
, "%s| %s: ERROR: Dummy function\n", LogTime(), PROGRAM
);