2 * Copyright (C) 1996-2016 The Squid Software Foundation and contributors
4 * Squid software is distributed under GPLv2+ license and includes
5 * contributions from numerous individuals and organizations.
6 * Please see the COPYING and CONTRIBUTORS files for details.
10 * -----------------------------------------------------------------------------
12 * Author: Markus Moeller (markus_moeller at compuserve.com)
14 * Copyright (C) 2007 Markus Moeller. All rights reserved.
16 * This program is free software; you can redistribute it and/or modify
17 * it under the terms of the GNU General Public License as published by
18 * the Free Software Foundation; either version 2 of the License, or
19 * (at your option) any later version.
21 * This program is distributed in the hope that it will be useful,
22 * but WITHOUT ANY WARRANTY; without even the implied warranty of
23 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
24 * GNU General Public License for more details.
26 * You should have received a copy of the GNU General Public License
27 * along with this program; if not, write to the Free Software
28 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307, USA.
30 * -----------------------------------------------------------------------------
42 #elif HAVE_SASL_SASL_H
43 #include <sasl/sasl.h>
44 #elif HAVE_SASL_DARWIN
45 typedef struct sasl_interact
{
46 unsigned long id
; /* same as client/user callback ID */
47 const char *challenge
; /* presented to user (e.g. OTP challenge) */
48 const char *prompt
; /* presented to user (e.g. "Username: ") */
49 const char *defresult
; /* default result string */
50 const void *result
; /* set to point to result */
51 unsigned len
; /* set to length of result */
54 #define SASL_CB_USER 0x4001 /* client user identity to login as */
55 #define SASL_CB_AUTHNAME 0x4002 /* client authentication name */
56 #define SASL_CB_PASS 0x4004 /* client passphrase-based secret */
57 #define SASL_CB_ECHOPROMPT 0x4005 /* challenge and client enterred result */
58 #define SASL_CB_NOECHOPROMPT 0x4006 /* challenge and client enterred result */
59 #define SASL_CB_GETREALM 0x4008 /* realm to attempt authentication in */
60 #define SASL_CB_LIST_END 0 /* end of list */
63 #if HAVE_SASL_H || HAVE_SASL_SASL_H || HAVE_SASL_DARWIN
64 void *lutil_sasl_defaults(
72 LDAP_SASL_INTERACT_PROC lutil_sasl_interact
;
74 int lutil_sasl_interact(
80 void lutil_sasl_freedefs(
84 * SASL definitions for openldap support
87 typedef struct lutil_sasl_defaults_s
{
106 lutilSASLdefaults
*defaults
;
108 defaults
= (lutilSASLdefaults
*) xmalloc(sizeof(lutilSASLdefaults
));
110 if (defaults
== NULL
)
113 defaults
->mech
= mech
? xstrdup(mech
) : NULL
;
114 defaults
->realm
= realm
? xstrdup(realm
) : NULL
;
115 defaults
->authcid
= authcid
? xstrdup(authcid
) : NULL
;
116 defaults
->passwd
= passwd
? xstrdup(passwd
) : NULL
;
117 defaults
->authzid
= authzid
? xstrdup(authzid
) : NULL
;
119 if (defaults
->mech
== NULL
) {
120 ldap_get_option(ld
, LDAP_OPT_X_SASL_MECH
, &defaults
->mech
);
122 if (defaults
->realm
== NULL
) {
123 ldap_get_option(ld
, LDAP_OPT_X_SASL_REALM
, &defaults
->realm
);
125 if (defaults
->authcid
== NULL
) {
126 ldap_get_option(ld
, LDAP_OPT_X_SASL_AUTHCID
, &defaults
->authcid
);
128 if (defaults
->authzid
== NULL
) {
129 ldap_get_option(ld
, LDAP_OPT_X_SASL_AUTHZID
, &defaults
->authzid
);
131 defaults
->resps
= NULL
;
132 defaults
->nresps
= 0;
140 sasl_interact_t
* interact
,
141 lutilSASLdefaults
* defaults
)
143 const char *dflt
= interact
->defresult
;
145 switch (interact
->id
) {
146 case SASL_CB_GETREALM
:
148 dflt
= defaults
->realm
;
150 case SASL_CB_AUTHNAME
:
152 dflt
= defaults
->authcid
;
156 dflt
= defaults
->passwd
;
160 dflt
= defaults
->authzid
;
162 case SASL_CB_NOECHOPROMPT
:
164 case SASL_CB_ECHOPROMPT
:
171 /* input must be empty */
172 interact
->result
= (dflt
&& *dflt
) ? dflt
: "";
173 interact
->len
= (unsigned) strlen((const char *) interact
->result
);
185 sasl_interact_t
*interact
= (sasl_interact_t
*) in
;
188 return LDAP_PARAM_ERROR
;
190 while (interact
->id
!= SASL_CB_LIST_END
) {
191 int rc
= interaction(flags
, interact
, (lutilSASLdefaults
*) defaults
);
205 lutilSASLdefaults
*defs
= (lutilSASLdefaults
*) defaults
;
209 xfree(defs
->authcid
);
211 xfree(defs
->authzid
);
218 tool_sasl_bind(LDAP
* ld
, char *binddn
, char *ssl
)
221 * unsigned sasl_flags = LDAP_SASL_AUTOMATIC;
222 * unsigned sasl_flags = LDAP_SASL_QUIET;
225 * Avoid SASL messages
227 #if HAVE_SUN_LDAP_SDK
228 unsigned sasl_flags
= LDAP_SASL_INTERACTIVE
;
230 unsigned sasl_flags
= LDAP_SASL_QUIET
;
232 char *sasl_realm
= NULL
;
233 char *sasl_authc_id
= NULL
;
234 char *sasl_authz_id
= NULL
;
235 char *sasl_mech
= (char *) "GSSAPI";
241 * char *sasl_secprops = (char *)"maxssf=56";
242 * char *sasl_secprops = NULL;
244 struct berval passwd
= {0, NULL
};
246 int rc
= LDAP_SUCCESS
;
249 sasl_secprops
= (char *) "maxssf=0";
251 sasl_secprops
= (char *) "maxssf=56";
252 /* sasl_secprops = (char *)"maxssf=0"; */
253 /* sasl_secprops = (char *)"maxssf=56"; */
255 if (sasl_secprops
!= NULL
) {
256 rc
= ldap_set_option(ld
, LDAP_OPT_X_SASL_SECPROPS
,
257 (void *) sasl_secprops
);
258 if (rc
!= LDAP_SUCCESS
) {
259 error((char *) "%s| %s: ERROR: Could not set LDAP_OPT_X_SASL_SECPROPS: %s: %s\n", LogTime(), PROGRAM
, sasl_secprops
, ldap_err2string(rc
));
263 defaults
= lutil_sasl_defaults(ld
,
270 rc
= ldap_sasl_interactive_bind_s(ld
, binddn
,
271 sasl_mech
, NULL
, NULL
,
272 sasl_flags
, lutil_sasl_interact
, defaults
);
274 lutil_sasl_freedefs(defaults
);
275 if (rc
!= LDAP_SUCCESS
) {
276 error((char *) "%s| %s: ERROR: ldap_sasl_interactive_bind_s error: %s\n", LogTime(), PROGRAM
, ldap_err2string(rc
));
285 fprintf(stderr
, "%s| %s: ERROR: Dummy function\n", LogTime(), PROGRAM
);