/* initialize the SASL client drivers
* callbacks -- base callbacks for all client connections
* returns:
- * SASL_OK -- Success
+ * SASL_OK -- Success
* SASL_NOMEM -- Not enough memory
* SASL_BADVERS -- Mechanism version mismatch
* SASL_BADPARAM -- error in config file
* service -- registered name of the service using SASL (e.g. "imap")
* serverFQDN -- the fully qualified domain name of the server
* iplocalport -- client IPv4/IPv6 domain literal string with port
- * (if NULL, then mechanisms requiring IPaddr are disabled)
+ * (if NULL, then mechanisms requiring IPaddr are disabled)
* ipremoteport -- server IPv4/IPv6 domain literal string with port
- * (if NULL, then mechanisms requiring IPaddr are disabled)
+ * (if NULL, then mechanisms requiring IPaddr are disabled)
* prompt_supp -- list of client interactions supported
- * may also include sasl_getopt_t context & call
- * NULL prompt_supp = user/pass via SASL_INTERACT only
- * NULL proc = interaction supported via SASL_INTERACT
+ * may also include sasl_getopt_t context & call
+ * NULL prompt_supp = user/pass via SASL_INTERACT only
+ * NULL proc = interaction supported via SASL_INTERACT
* secflags -- security flags (see above)
* in/out:
- * pconn -- connection negotiation structure
- * pointer to NULL => allocate new
- * non-NULL => recycle storage and go for next available mech
+ * pconn -- connection negotiation structure
+ * pointer to NULL => allocate new
+ * non-NULL => recycle storage and go for next available mech
*
* Returns:
* SASL_OK -- success
/* select a mechanism for a connection
* mechlist -- mechanisms server has available (punctuation ignored)
- * secret -- optional secret from previous session
+ * secret -- optional secret from previous session
* output:
* prompt_need -- on SASL_INTERACT, list of prompts needed to continue
* clientout -- the initial client response to send to the server
- * mech -- set to mechanism name
+ * mech -- set to mechanism name
*
* Returns:
* SASL_OK -- success
size_t i, list_len;
sasl_ssf_t bestssf = 0, minssf = 0;
int result, server_can_cb = 0;
+ unsigned int cbindingdisp;
if(_sasl_client_active==0) return SASL_NOTINIT;
&list_len,
&server_can_cb);
if (result != 0)
- return result;
+ goto done;
- /* If we have CB and the server supports it, we should use it */
- if (SASL_CB_PRESENT(c_conn->cparams) && server_can_cb)
- c_conn->cparams->chanbindingflag = SASL_CB_FLAG_WANT;
- else
- c_conn->cparams->chanbindingflag = SASL_CB_FLAG_NONE;
+ if (SASL_CB_PRESENT(c_conn->cparams)) {
+ if (server_can_cb == 0 && SASL_CB_CRITICAL(c_conn->cparams)) {
+ result = SASL_NOMECH;
+ goto done;
+ } else {
+ cbindingdisp = SASL_CB_DISP_WANT;
+ }
+ } else {
+ cbindingdisp = SASL_CB_DISP_NONE;
+ }
for (i = 0, name = ordered_mechs; i < list_len; i++) {
/* foreach in client list */
}
/* Prefer server advertised CB mechanisms */
- if (SASL_CB_PRESENT(c_conn->cparams) && plus)
- c_conn->cparams->chanbindingflag = SASL_CB_FLAG_USED;
+ if (SASL_CB_PRESENT(c_conn->cparams) && plus) {
+ cbindingdisp = SASL_CB_DISP_USED;
+ }
if (mech) {
*mech = m->m.plug->mech_name;
c_conn->cparams->external_ssf = conn->external.ssf;
c_conn->cparams->props = conn->props;
+ c_conn->cparams->cbindingdisp = cbindingdisp;
c_conn->mech = bestm;
/* init that plugin */
/* do a step -- but only if we can do a client-send-first */
dostep:
if(clientout) {
- if(c_conn->mech->m.plug->features & SASL_FEAT_SERVER_FIRST) {
- *clientout = NULL;
- *clientoutlen = 0;
- result = SASL_CONTINUE;
- } else {
- result = sasl_client_step(conn, NULL, 0, prompt_need,
- clientout, clientoutlen);
- }
+ if(c_conn->mech->m.plug->features & SASL_FEAT_SERVER_FIRST) {
+ *clientout = NULL;
+ *clientoutlen = 0;
+ result = SASL_CONTINUE;
+ } else {
+ result = sasl_client_step(conn, NULL, 0, prompt_need,
+ clientout, clientoutlen);
+ }
}
else
result = SASL_CONTINUE;
/* do a single authentication step.
* serverin -- the server message received by the client, MUST have a NUL
- * sentinel, not counted by serverinlen
+ * sentinel, not counted by serverinlen
* output:
* prompt_need -- on SASL_INTERACT, list of prompts needed to continue
* clientout -- the client response to send to the server
*
* returns:
- * SASL_OK -- success
+ * SASL_OK -- success
* SASL_INTERACT -- user interaction needed to fill in prompt_need list
* SASL_BADPROT -- server protocol incorrect/cancelled
* SASL_BADSERV -- server failed mutual auth
m = m->next;
}
} else {
- mech_list = strdup (c_mech_list);
+ mech_list = strdup (c_mech_list);
cur_mech = mech_list;
cur_mech = p;
}
- free (mech_list);
+ free (mech_list);
}
info_cb (NULL, SASL_INFO_LIST_END, info_cb_rock);