lib/external.c

   1 /* SASL server API implementation
   2  * Rob Siemborski
   3  * Tim Martin
   4  * $Id: external.c,v 1.22 2004/02/20 17:23:58 rjs3 Exp $
   5  */
   6 /*
   7  * Copyright (c) 1998-2003 Carnegie Mellon University.  All rights reserved.
   8  *
   9  * Redistribution and use in source and binary forms, with or without
  10  * modification, are permitted provided that the following conditions
  11  * are met:
  12  *
  13  * 1. Redistributions of source code must retain the above copyright
  14  *    notice, this list of conditions and the following disclaimer.
  15  *
  16  * 2. Redistributions in binary form must reproduce the above copyright
  17  *    notice, this list of conditions and the following disclaimer in
  18  *    the documentation and/or other materials provided with the
  19  *    distribution.
  20  *
  21  * 3. The name "Carnegie Mellon University" must not be used to
  22  *    endorse or promote products derived from this software without
  23  *    prior written permission. For permission or any other legal
  24  *    details, please contact
  25  *      Office of Technology Transfer
  26  *      Carnegie Mellon University
  27  *      5000 Forbes Avenue
  28  *      Pittsburgh, PA  15213-3890
  29  *      (412) 268-4387, fax: (412) 268-7395
  30  *      tech-transfer@andrew.cmu.edu
  31  *
  32  * 4. Redistributions of any form whatsoever must retain the following
  33  *    acknowledgment:
  34  *    "This product includes software developed by Computing Services
  35  *     at Carnegie Mellon University (http://www.cmu.edu/computing/)."
  36  *
  37  * CARNEGIE MELLON UNIVERSITY DISCLAIMS ALL WARRANTIES WITH REGARD TO
  38  * THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
  39  * AND FITNESS, IN NO EVENT SHALL CARNEGIE MELLON UNIVERSITY BE LIABLE
  40  * FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
  41  * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN
  42  * AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING
  43  * OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
  44  */
  45
  46 #include <config.h>
  47 #include <stdio.h>
  48 #include <stdlib.h>
  49 #include <limits.h>
  50 #include <ctype.h>
  51 #include <string.h>
  52 #include <sasl.h>
  53 #include <saslplug.h>
  54 #include "saslint.h"
  55
  56 #include "../plugins/plugin_common.h"
  57
  58 /*****************************  Common Section  *****************************/
  59
  60 static const char plugin_id[] = "$Id: external.c,v 1.22 2004/02/20 17:23:58 rjs3 Exp $";
  61
  62 /*****************************  Server Section  *****************************/
  63
  64 static int
  65 external_server_mech_new(void *glob_context __attribute__((unused)),
  66                          sasl_server_params_t *sparams,
  67                          const char *challenge __attribute__((unused)),
  68                          unsigned challen __attribute__((unused)),
  69                          void **conn_context)
  70 {
  71     if (!conn_context
  72         || !sparams
  73         || !sparams->utils
  74         || !sparams->utils->conn)
  75         return SASL_BADPARAM;
  76
  77     if (!sparams->utils->conn->external.auth_id)
  78         return SASL_NOMECH;
  79
  80     *conn_context = NULL;
  81
  82     return SASL_OK;
  83 }
  84
  85 static int
  86 external_server_mech_step(void *conn_context __attribute__((unused)),
  87                           sasl_server_params_t *sparams,
  88                           const char *clientin,
  89                           unsigned clientinlen,
  90                           const char **serverout,
  91                           unsigned *serveroutlen,
  92                           sasl_out_params_t *oparams)
  93 {
  94     int result;
  95
  96     if (!sparams
  97         || !sparams->utils
  98         || !sparams->utils->conn
  99         || !sparams->utils->getcallback
 100         || !serverout
 101         || !serveroutlen
 102         || !oparams)
 103         return SASL_BADPARAM;
 104
 105     if (!sparams->utils->conn->external.auth_id)
 106         return SASL_BADPROT;
 107
 108     /* xxx arbitrary limit here */
 109     if (clientinlen > 16384) return SASL_BADPROT;
 110
 111     if ((sparams->props.security_flags & SASL_SEC_NOANONYMOUS) &&
 112         (!strcmp(sparams->utils->conn->external.auth_id, "anonymous"))) {
 113         sasl_seterror(sparams->utils->conn,0,"anonymous login not allowed");
 114         return SASL_NOAUTHZ;
 115     }
 116
 117     *serverout = NULL;
 118     *serveroutlen = 0;
 119
 120     if (!clientin) {
 121         /* No initial data; we're in a protocol which doesn't support it.
 122          * So we let the server app know that we need some... */
 123         return SASL_CONTINUE;
 124     }
 125
 126     if (clientinlen) {          /* if we have a non-zero authorization id */
 127         /* The user's trying to authorize as someone they didn't
 128          * authenticate as */
 129         result = sparams->canon_user(sparams->utils->conn,
 130                                      clientin, 0,
 131                                      SASL_CU_AUTHZID, oparams);
 132         if(result != SASL_OK) return result;
 133
 134         result = sparams->canon_user(sparams->utils->conn,
 135                                      sparams->utils->conn->external.auth_id, 0,
 136                                      SASL_CU_AUTHID, oparams);
 137     } else {
 138         result = sparams->canon_user(sparams->utils->conn,
 139                                      sparams->utils->conn->external.auth_id, 0,
 140                                      SASL_CU_AUTHID | SASL_CU_AUTHZID, oparams);
 141     }
 142
 143     if (result != SASL_OK) return result;
 144
 145     /* set oparams */
 146     oparams->doneflag = 1;
 147     oparams->mech_ssf = 0;
 148     oparams->maxoutbuf = 0;
 149     oparams->encode_context = NULL;
 150     oparams->encode = NULL;
 151     oparams->decode_context = NULL;
 152     oparams->decode = NULL;
 153     oparams->param_version = 0;
 154
 155     return SASL_OK;
 156 }
 157
 158 static int
 159 external_server_mech_avail(void *glob_context __attribute__((unused)),
 160                            sasl_server_params_t *sparams,
 161                            void **conn_context __attribute__((unused)))
 162 {
 163     if (!sparams->utils->conn->external.auth_id) {
 164         /* Return Temporary Failure */
 165         return SASL_NOTDONE;
 166     }
 167
 168     return SASL_OK;
 169 }
 170
 171 static sasl_server_plug_t external_server_plugins[] =
 172 {
 173     {
 174         "EXTERNAL",                     /* mech_name */
 175         0,                              /* max_ssf */
 176         SASL_SEC_NOPLAINTEXT
 177         | SASL_SEC_NOANONYMOUS
 178         | SASL_SEC_NODICTIONARY,        /* security_flags */
 179         SASL_FEAT_WANT_CLIENT_FIRST
 180         | SASL_FEAT_ALLOWS_PROXY,       /* features */
 181         NULL,                           /* glob_context */
 182         &external_server_mech_new,      /* mech_new */
 183         &external_server_mech_step,     /* mech_step */
 184         NULL,                           /* mech_dispose */
 185         NULL,                           /* mech_free */
 186         NULL,                           /* setpass */
 187         NULL,                           /* user_query */
 188         NULL,                           /* idle */
 189         &external_server_mech_avail,    /* mech_avail */
 190         NULL                            /* spare */
 191     }
 192 };
 193
 194 int external_server_plug_init(const sasl_utils_t *utils,
 195                               int max_version,
 196                               int *out_version,
 197                               sasl_server_plug_t **pluglist,
 198                               int *plugcount)
 199 {
 200     if (!out_version || !pluglist || !plugcount)
 201         return SASL_BADPARAM;
 202
 203     if (max_version != SASL_SERVER_PLUG_VERSION) {
 204         SETERROR( utils, "EXTERNAL version mismatch" );
 205         return SASL_BADVERS;
 206     }
 207
 208     *out_version = SASL_SERVER_PLUG_VERSION;
 209     *pluglist = external_server_plugins;
 210     *plugcount = 1;
 211     return SASL_OK;
 212 }
 213
 214 /*****************************  Client Section  *****************************/
 215
 216 typedef struct client_context
 217 {
 218     char *out_buf;
 219     size_t out_buf_len;
 220 } client_context_t;
 221
 222 static int external_client_mech_new(void *glob_context __attribute__((unused)),
 223                                     sasl_client_params_t *params,
 224                                     void **conn_context)
 225 {
 226     client_context_t *text;
 227
 228     if (!params
 229         || !params->utils
 230         || !params->utils->conn
 231         || !conn_context)
 232         return SASL_BADPARAM;
 233
 234     if (!params->utils->conn->external.auth_id)
 235         return SASL_NOMECH;
 236
 237     text = sasl_ALLOC(sizeof(client_context_t));
 238     if(!text) return SASL_NOMEM;
 239
 240     memset(text, 0, sizeof(client_context_t));
 241
 242     *conn_context = text;
 243
 244     return SASL_OK;
 245 }
 246
 247 static int
 248 external_client_mech_step(void *conn_context,
 249                           sasl_client_params_t *params,
 250                           const char *serverin __attribute__((unused)),
 251                           unsigned serverinlen,
 252                           sasl_interact_t **prompt_need,
 253                           const char **clientout,
 254                           unsigned *clientoutlen,
 255                           sasl_out_params_t *oparams)
 256 {
 257     client_context_t *text = (client_context_t *)conn_context;
 258     const char *user = NULL;
 259     int user_result = SASL_OK;
 260     int result;
 261
 262     if (!params
 263         || !params->utils
 264         || !params->utils->conn
 265         || !params->utils->getcallback
 266         || !clientout
 267         || !clientoutlen
 268         || !oparams)
 269         return SASL_BADPARAM;
 270
 271     if (!params->utils->conn->external.auth_id)
 272         return SASL_BADPROT;
 273
 274     if (serverinlen != 0)
 275         return SASL_BADPROT;
 276
 277     *clientout = NULL;
 278     *clientoutlen = 0;
 279
 280     /* try to get the userid */
 281     if (user == NULL) {
 282         user_result = _plug_get_userid(params->utils, &user, prompt_need);
 283
 284         if ((user_result != SASL_OK) && (user_result != SASL_INTERACT))
 285             return user_result;
 286     }
 287
 288     /* free prompts we got */
 289     if (prompt_need && *prompt_need) {
 290         params->utils->free(*prompt_need);
 291         *prompt_need = NULL;
 292     }
 293
 294     /* if there are prompts not filled in */
 295     if (user_result == SASL_INTERACT) {
 296         /* make the prompt list */
 297         int result =
 298             _plug_make_prompts(params->utils, prompt_need,
 299                                user_result == SASL_INTERACT ?
 300                                "Please enter your authorization name" : NULL,
 301                                "",
 302                                NULL, NULL,
 303                                NULL, NULL,
 304                                NULL, NULL, NULL,
 305                                NULL, NULL, NULL);
 306         if (result != SASL_OK) return result;
 307
 308         return SASL_INTERACT;
 309     }
 310
 311     *clientoutlen = user ? (unsigned) strlen(user) : 0;
 312
 313     result = _buf_alloc(&text->out_buf, &text->out_buf_len, *clientoutlen + 1);
 314
 315     if (result != SASL_OK) return result;
 316
 317     if (user && *user) {
 318         result = params->canon_user(params->utils->conn,
 319                                     user, 0, SASL_CU_AUTHZID, oparams);
 320         if (result != SASL_OK) return result;
 321
 322         result = params->canon_user(params->utils->conn,
 323                                     params->utils->conn->external.auth_id, 0,
 324                                     SASL_CU_AUTHID, oparams);
 325         if (result != SASL_OK) return result;
 326
 327         memcpy(text->out_buf, user, *clientoutlen);
 328     } else {
 329         result = params->canon_user(params->utils->conn,
 330                                     params->utils->conn->external.auth_id, 0,
 331                                     SASL_CU_AUTHID | SASL_CU_AUTHZID, oparams);
 332         if (result != SASL_OK) return result;
 333     }
 334
 335     text->out_buf[*clientoutlen] = '\0';
 336
 337     *clientout = text->out_buf;
 338
 339     /* set oparams */
 340     oparams->doneflag = 1;
 341     oparams->mech_ssf = 0;
 342     oparams->maxoutbuf = 0;
 343     oparams->encode_context = NULL;
 344     oparams->encode = NULL;
 345     oparams->decode_context = NULL;
 346     oparams->decode = NULL;
 347     oparams->param_version = 0;
 348
 349     return SASL_OK;
 350 }
 351
 352 static void
 353 external_client_mech_dispose(void *conn_context,
 354                              const sasl_utils_t *utils __attribute__((unused)))
 355 {
 356     client_context_t *text = (client_context_t *) conn_context;
 357
 358     if (!text) return;
 359
 360     if(text->out_buf) sasl_FREE(text->out_buf);
 361
 362     sasl_FREE(text);
 363 }
 364
 365 static const long external_required_prompts[] = {
 366     SASL_CB_LIST_END
 367 };
 368
 369 static sasl_client_plug_t external_client_plugins[] =
 370 {
 371     {
 372         "EXTERNAL",                     /* mech_name */
 373         0,                              /* max_ssf */
 374         SASL_SEC_NOPLAINTEXT
 375         | SASL_SEC_NOANONYMOUS
 376         | SASL_SEC_NODICTIONARY,        /* security_flags */
 377         SASL_FEAT_WANT_CLIENT_FIRST
 378         | SASL_FEAT_ALLOWS_PROXY,       /* features */
 379         external_required_prompts,      /* required_prompts */
 380         NULL,                           /* glob_context */
 381         &external_client_mech_new,      /* mech_new */
 382         &external_client_mech_step,     /* mech_step */
 383         &external_client_mech_dispose,  /* mech_dispose */
 384         NULL,                           /* mech_free */
 385         NULL,                           /* idle */
 386         NULL,                           /* spare */
 387         NULL                            /* spare */
 388     }
 389 };
 390
 391 int external_client_plug_init(const sasl_utils_t *utils,
 392                               int max_version,
 393                               int *out_version,
 394                               sasl_client_plug_t **pluglist,
 395                               int *plugcount)
 396 {
 397     if (!utils || !out_version || !pluglist || !plugcount)
 398         return SASL_BADPARAM;
 399
 400     if (max_version != SASL_CLIENT_PLUG_VERSION) {
 401         SETERROR( utils, "EXTERNAL version mismatch" );
 402         return SASL_BADVERS;
 403     }
 404
 405     *out_version = SASL_CLIENT_PLUG_VERSION;
 406     *pluglist = external_client_plugins;
 407     *plugcount = 1;
 408
 409     return SASL_OK;
 410 }