1 /* SASL server API implementation
4 * $Id: external.c,v 1.22 2004/02/20 17:23:58 rjs3 Exp $
7 * Copyright (c) 1998-2003 Carnegie Mellon University. All rights reserved.
9 * Redistribution and use in source and binary forms, with or without
10 * modification, are permitted provided that the following conditions
13 * 1. Redistributions of source code must retain the above copyright
14 * notice, this list of conditions and the following disclaimer.
16 * 2. Redistributions in binary form must reproduce the above copyright
17 * notice, this list of conditions and the following disclaimer in
18 * the documentation and/or other materials provided with the
21 * 3. The name "Carnegie Mellon University" must not be used to
22 * endorse or promote products derived from this software without
23 * prior written permission. For permission or any other legal
24 * details, please contact
25 * Office of Technology Transfer
26 * Carnegie Mellon University
28 * Pittsburgh, PA 15213-3890
29 * (412) 268-4387, fax: (412) 268-7395
30 * tech-transfer@andrew.cmu.edu
32 * 4. Redistributions of any form whatsoever must retain the following
34 * "This product includes software developed by Computing Services
35 * at Carnegie Mellon University (http://www.cmu.edu/computing/)."
37 * CARNEGIE MELLON UNIVERSITY DISCLAIMS ALL WARRANTIES WITH REGARD TO
38 * THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
39 * AND FITNESS, IN NO EVENT SHALL CARNEGIE MELLON UNIVERSITY BE LIABLE
40 * FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
41 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN
42 * AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING
43 * OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
56 #include "../plugins/plugin_common.h"
58 /***************************** Common Section *****************************/
60 static const char plugin_id[] = "$Id: external.c,v 1.22 2004/02/20 17:23:58 rjs3 Exp $";
62 /***************************** Server Section *****************************/
65 external_server_mech_new(void *glob_context __attribute__((unused)),
66 sasl_server_params_t *sparams,
67 const char *challenge __attribute__((unused)),
68 unsigned challen __attribute__((unused)),
74 || !sparams->utils->conn)
77 if (!sparams->utils->conn->external.auth_id)
86 external_server_mech_step(void *conn_context __attribute__((unused)),
87 sasl_server_params_t *sparams,
90 const char **serverout,
91 unsigned *serveroutlen,
92 sasl_out_params_t *oparams)
98 || !sparams->utils->conn
99 || !sparams->utils->getcallback
103 return SASL_BADPARAM;
105 if (!sparams->utils->conn->external.auth_id)
108 /* xxx arbitrary limit here */
109 if (clientinlen > 16384) return SASL_BADPROT;
111 if ((sparams->props.security_flags & SASL_SEC_NOANONYMOUS) &&
112 (!strcmp(sparams->utils->conn->external.auth_id, "anonymous"))) {
113 sasl_seterror(sparams->utils->conn,0,"anonymous login not allowed");
121 /* No initial data; we're in a protocol which doesn't support it.
122 * So we let the server app know that we need some... */
123 return SASL_CONTINUE;
126 if (clientinlen) { /* if we have a non-zero authorization id */
127 /* The user's trying to authorize as someone they didn't
129 result = sparams->canon_user(sparams->utils->conn,
131 SASL_CU_AUTHZID, oparams);
132 if(result != SASL_OK) return result;
134 result = sparams->canon_user(sparams->utils->conn,
135 sparams->utils->conn->external.auth_id, 0,
136 SASL_CU_AUTHID, oparams);
138 result = sparams->canon_user(sparams->utils->conn,
139 sparams->utils->conn->external.auth_id, 0,
140 SASL_CU_AUTHID | SASL_CU_AUTHZID, oparams);
143 if (result != SASL_OK) return result;
146 oparams->doneflag = 1;
147 oparams->mech_ssf = 0;
148 oparams->maxoutbuf = 0;
149 oparams->encode_context = NULL;
150 oparams->encode = NULL;
151 oparams->decode_context = NULL;
152 oparams->decode = NULL;
153 oparams->param_version = 0;
159 external_server_mech_avail(void *glob_context __attribute__((unused)),
160 sasl_server_params_t *sparams,
161 void **conn_context __attribute__((unused)))
163 if (!sparams->utils->conn->external.auth_id) {
164 /* Return Temporary Failure */
171 static sasl_server_plug_t external_server_plugins[] =
174 "EXTERNAL", /* mech_name */
177 | SASL_SEC_NOANONYMOUS
178 | SASL_SEC_NODICTIONARY, /* security_flags */
179 SASL_FEAT_WANT_CLIENT_FIRST
180 | SASL_FEAT_ALLOWS_PROXY, /* features */
181 NULL, /* glob_context */
182 &external_server_mech_new, /* mech_new */
183 &external_server_mech_step, /* mech_step */
184 NULL, /* mech_dispose */
185 NULL, /* mech_free */
187 NULL, /* user_query */
189 &external_server_mech_avail, /* mech_avail */
194 int external_server_plug_init(const sasl_utils_t *utils,
197 sasl_server_plug_t **pluglist,
200 if (!out_version || !pluglist || !plugcount)
201 return SASL_BADPARAM;
203 if (max_version != SASL_SERVER_PLUG_VERSION) {
204 SETERROR( utils, "EXTERNAL version mismatch" );
208 *out_version = SASL_SERVER_PLUG_VERSION;
209 *pluglist = external_server_plugins;
214 /***************************** Client Section *****************************/
216 typedef struct client_context
222 static int external_client_mech_new(void *glob_context __attribute__((unused)),
223 sasl_client_params_t *params,
226 client_context_t *text;
230 || !params->utils->conn
232 return SASL_BADPARAM;
234 if (!params->utils->conn->external.auth_id)
237 text = sasl_ALLOC(sizeof(client_context_t));
238 if(!text) return SASL_NOMEM;
240 memset(text, 0, sizeof(client_context_t));
242 *conn_context = text;
248 external_client_mech_step(void *conn_context,
249 sasl_client_params_t *params,
250 const char *serverin __attribute__((unused)),
251 unsigned serverinlen,
252 sasl_interact_t **prompt_need,
253 const char **clientout,
254 unsigned *clientoutlen,
255 sasl_out_params_t *oparams)
257 client_context_t *text = (client_context_t *)conn_context;
258 const char *user = NULL;
259 int user_result = SASL_OK;
264 || !params->utils->conn
265 || !params->utils->getcallback
269 return SASL_BADPARAM;
271 if (!params->utils->conn->external.auth_id)
274 if (serverinlen != 0)
280 /* try to get the userid */
282 user_result = _plug_get_userid(params->utils, &user, prompt_need);
284 if ((user_result != SASL_OK) && (user_result != SASL_INTERACT))
288 /* free prompts we got */
289 if (prompt_need && *prompt_need) {
290 params->utils->free(*prompt_need);
294 /* if there are prompts not filled in */
295 if (user_result == SASL_INTERACT) {
296 /* make the prompt list */
298 _plug_make_prompts(params->utils, prompt_need,
299 user_result == SASL_INTERACT ?
300 "Please enter your authorization name" : NULL,
306 if (result != SASL_OK) return result;
308 return SASL_INTERACT;
311 *clientoutlen = user ? (unsigned) strlen(user) : 0;
313 result = _buf_alloc(&text->out_buf, &text->out_buf_len, *clientoutlen + 1);
315 if (result != SASL_OK) return result;
318 result = params->canon_user(params->utils->conn,
319 user, 0, SASL_CU_AUTHZID, oparams);
320 if (result != SASL_OK) return result;
322 result = params->canon_user(params->utils->conn,
323 params->utils->conn->external.auth_id, 0,
324 SASL_CU_AUTHID, oparams);
325 if (result != SASL_OK) return result;
327 memcpy(text->out_buf, user, *clientoutlen);
329 result = params->canon_user(params->utils->conn,
330 params->utils->conn->external.auth_id, 0,
331 SASL_CU_AUTHID | SASL_CU_AUTHZID, oparams);
332 if (result != SASL_OK) return result;
335 text->out_buf[*clientoutlen] = '\0';
337 *clientout = text->out_buf;
340 oparams->doneflag = 1;
341 oparams->mech_ssf = 0;
342 oparams->maxoutbuf = 0;
343 oparams->encode_context = NULL;
344 oparams->encode = NULL;
345 oparams->decode_context = NULL;
346 oparams->decode = NULL;
347 oparams->param_version = 0;
353 external_client_mech_dispose(void *conn_context,
354 const sasl_utils_t *utils __attribute__((unused)))
356 client_context_t *text = (client_context_t *) conn_context;
360 if(text->out_buf) sasl_FREE(text->out_buf);
365 static const long external_required_prompts[] = {
369 static sasl_client_plug_t external_client_plugins[] =
372 "EXTERNAL", /* mech_name */
375 | SASL_SEC_NOANONYMOUS
376 | SASL_SEC_NODICTIONARY, /* security_flags */
377 SASL_FEAT_WANT_CLIENT_FIRST
378 | SASL_FEAT_ALLOWS_PROXY, /* features */
379 external_required_prompts, /* required_prompts */
380 NULL, /* glob_context */
381 &external_client_mech_new, /* mech_new */
382 &external_client_mech_step, /* mech_step */
383 &external_client_mech_dispose, /* mech_dispose */
384 NULL, /* mech_free */
391 int external_client_plug_init(const sasl_utils_t *utils,
394 sasl_client_plug_t **pluglist,
397 if (!utils || !out_version || !pluglist || !plugcount)
398 return SASL_BADPARAM;
400 if (max_version != SASL_CLIENT_PLUG_VERSION) {
401 SETERROR( utils, "EXTERNAL version mismatch" );
405 *out_version = SASL_CLIENT_PLUG_VERSION;
406 *pluglist = external_client_plugins;