1 /*
2  * Copyright 2003 Sun Microsystems, Inc.  All rights reserved.
3  * Use is subject to license terms.
4  */
5 
6 /* canonusr.c - user canonicalization support
7  * Rob Siemborski
8  * $Id: canonusr.c,v 1.12 2003/02/13 19:55:53 rjs3 Exp $
9  */
10 /*
11  * Copyright (c) 1998-2003 Carnegie Mellon University.  All rights reserved.
12  *
13  * Redistribution and use in source and binary forms, with or without
14  * modification, are permitted provided that the following conditions
15  * are met:
16  *
17  * 1. Redistributions of source code must retain the above copyright
18  *    notice, this list of conditions and the following disclaimer.
19  *
20  * 2. Redistributions in binary form must reproduce the above copyright
21  *    notice, this list of conditions and the following disclaimer in
22  *    the documentation and/or other materials provided with the
23  *    distribution.
24  *
25  * 3. The name "Carnegie Mellon University" must not be used to
26  *    endorse or promote products derived from this software without
27  *    prior written permission. For permission or any other legal
28  *    details, please contact
29  *      Office of Technology Transfer
30  *      Carnegie Mellon University
31  *      5000 Forbes Avenue
32  *      Pittsburgh, PA  15213-3890
33  *      (412) 268-4387, fax: (412) 268-7395
34  *      tech-transfer@andrew.cmu.edu
35  *
36  * 4. Redistributions of any form whatsoever must retain the following
37  *    acknowledgment:
38  *    "This product includes software developed by Computing Services
39  *     at Carnegie Mellon University (http://www.cmu.edu/computing/)."
40  *
41  * CARNEGIE MELLON UNIVERSITY DISCLAIMS ALL WARRANTIES WITH REGARD TO
42  * THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
43  * AND FITNESS, IN NO EVENT SHALL CARNEGIE MELLON UNIVERSITY BE LIABLE
44  * FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
45  * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN
46  * AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING
47  * OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
48  */
49 
50 #include <config.h>
51 #include <sasl.h>
52 #include <string.h>
53 #include <ctype.h>
54 #include <prop.h>
55 #include <stdio.h>
56 
57 #include "saslint.h"
58 
59 typedef struct canonuser_plug_list
60 {
61     struct canonuser_plug_list *next;
62 #ifdef _SUN_SDK_
63     char *name;
64 #else
65     char name[PATH_MAX];
66 #endif /* _SUN_SDK_ */
67     const sasl_canonuser_plug_t *plug;
68 } canonuser_plug_list_t;
69 
70 #ifndef _SUN_SDK_
71 static canonuser_plug_list_t *canonuser_head = NULL;
72 #endif /* !_SUN_SDK_ */
73 
74 /* default behavior:
75  *                   eliminate leading & trailing whitespace,
76  *                   null-terminate, and get into the outparams
77  *
78  *                   (handled by INTERNAL plugin) */
79 /* Also does auxprop lookups once username is canonoicalized */
80 /* a zero ulen or alen indicates that it is strlen(value) */
_sasl_canon_user(sasl_conn_t * conn,const char * user,unsigned ulen,unsigned flags,sasl_out_params_t * oparams)81 int _sasl_canon_user(sasl_conn_t *conn,
82                      const char *user, unsigned ulen,
83                      unsigned flags,
84                      sasl_out_params_t *oparams)
85 {
86     canonuser_plug_list_t *ptr;
87     sasl_server_conn_t *sconn = NULL;
88     sasl_client_conn_t *cconn = NULL;
89     sasl_canon_user_t *cuser_cb;
90     sasl_getopt_t *getopt;
91     void *context;
92     int result;
93     const char *plugin_name = NULL;
94     char *user_buf;
95     unsigned *lenp;
96 
97     if(!conn) return SASL_BADPARAM;
98     if(!user || !oparams) return SASL_BADPARAM;
99 
100     if(flags & SASL_CU_AUTHID) {
101 	user_buf = conn->authid_buf;
102 	lenp = &(oparams->alen);
103     } else if (flags & SASL_CU_AUTHZID) {
104 	user_buf = conn->user_buf;
105 	lenp = &(oparams->ulen);
106     } else {
107 	return SASL_BADPARAM;
108     }
109 
110     if(conn->type == SASL_CONN_SERVER) sconn = (sasl_server_conn_t *)conn;
111     else if(conn->type == SASL_CONN_CLIENT) cconn = (sasl_client_conn_t *)conn;
112     else return SASL_FAIL;
113 
114     if(!ulen) ulen = (unsigned int)strlen(user);
115 
116     /* check to see if we have a callback to make*/
117     result = _sasl_getcallback(conn, SASL_CB_CANON_USER,
118 			       &cuser_cb, &context);
119     if(result == SASL_OK && cuser_cb) {
120 	result = cuser_cb(conn, context,
121 			user, ulen,
122 			flags, (conn->type == SASL_CONN_SERVER ?
123 				((sasl_server_conn_t *)conn)->user_realm :
124 				NULL),
125 			user_buf, CANON_BUF_SIZE, lenp);
126 
127 
128 	if (result != SASL_OK) return result;
129 
130 	/* Point the input copy at the stored buffer */
131 	user = user_buf;
132 	ulen = *lenp;
133     }
134 
135     /* which plugin are we supposed to use? */
136     result = _sasl_getcallback(conn, SASL_CB_GETOPT,
137 			       &getopt, &context);
138     if(result == SASL_OK && getopt) {
139 	getopt(context, NULL, "canon_user_plugin", &plugin_name, NULL);
140     }
141 
142     if(!plugin_name) {
143 	/* Use Defualt */
144 	plugin_name = "INTERNAL";
145     }
146 
147 #ifdef _SUN_SDK_
148     for(ptr = conn->gctx->canonuser_head; ptr; ptr = ptr->next) {
149 #else
150     for(ptr = canonuser_head; ptr; ptr = ptr->next) {
151 #endif /* _SUN_SDK_ */
152 	/* A match is if we match the internal name of the plugin, or if
153 	 * we match the filename (old-style) */
154 	if((ptr->plug->name && !strcmp(plugin_name, ptr->plug->name))
155 	   || !strcmp(plugin_name, ptr->name)) break;
156     }
157 
158     /* We clearly don't have this one! */
159     if(!ptr) {
160 #ifdef _INTEGRATED_SOLARIS_
161 	if (conn->type == SASL_CONN_CLIENT)
162 		sasl_seterror(conn, 0,
163 		      gettext("desired canon_user plugin %s not found"),
164 		      plugin_name);
165 	else
166 		_sasl_log(conn, SASL_LOG_ERR,
167 		      "desired canon_user plugin %s not found",
168 		      plugin_name);
169 #else
170 	sasl_seterror(conn, 0, "desired canon_user plugin %s not found",
171 		      plugin_name);
172 #endif /* _INTEGRATED_SOLARIS_ */
173 	return SASL_NOMECH;
174     }
175 
176     if(sconn) {
177 	/* we're a server */
178 	result = ptr->plug->canon_user_server(ptr->plug->glob_context,
179 					      sconn->sparams,
180 					      user, ulen,
181 					      flags,
182 					      user_buf,
183 					      CANON_BUF_SIZE, lenp);
184     } else {
185 	/* we're a client */
186 	result = ptr->plug->canon_user_client(ptr->plug->glob_context,
187 					      cconn->cparams,
188 					      user, ulen,
189 					      flags,
190 					      user_buf,
191 					      CANON_BUF_SIZE, lenp);
192     }
193 
194     if(result != SASL_OK) return result;
195 
196     if((flags & SASL_CU_AUTHID) && (flags & SASL_CU_AUTHZID)) {
197 	/* We did both, so we need to copy the result into
198 	 * the buffer for the authzid from the buffer for the authid */
199 	memcpy(conn->user_buf, conn->authid_buf, CANON_BUF_SIZE);
200 	oparams->ulen = oparams->alen;
201     }
202 
203     /* Set the appropriate oparams (lengths have already been set by lenp) */
204     if(flags & SASL_CU_AUTHID) {
205 	oparams->authid = conn->authid_buf;
206     }
207 
208     if (flags & SASL_CU_AUTHZID) {
209 	oparams->user = conn->user_buf;
210     }
211 
212 #ifndef macintosh
213     /* do auxprop lookups (server only) */
214     if(sconn) {
215 	if(flags & SASL_CU_AUTHID) {
216 	    _sasl_auxprop_lookup(sconn->sparams, 0,
217 				 oparams->authid, oparams->alen);
218 	}
219 	if(flags & SASL_CU_AUTHZID) {
220 	    _sasl_auxprop_lookup(sconn->sparams, SASL_AUXPROP_AUTHZID,
221 				 oparams->user, oparams->ulen);
222 	}
223     }
224 #endif
225 
226 
227 #ifdef _SUN_SDK_
228     return (SASL_OK);
229 #else
230     RETURN(conn, SASL_OK);
231 #endif /* _SUN_SDK_ */
232 }
233 
234 #ifdef _SUN_SDK_
235 void _sasl_canonuser_free(_sasl_global_context_t *gctx)
236 {
237     canonuser_plug_list_t *ptr, *ptr_next;
238     const sasl_utils_t *sasl_global_utils = gctx->sasl_canonusr_global_utils;
239 
240     for(ptr = (canonuser_plug_list_t *)gctx->canonuser_head;
241 		ptr; ptr = ptr_next) {
242 	ptr_next = ptr->next;
243 	if(ptr->plug->canon_user_free)
244 	    ptr->plug->canon_user_free(ptr->plug->glob_context,
245 				       sasl_global_utils);
246 	sasl_FREE(ptr->name);
247 	sasl_FREE(ptr);
248     }
249 
250     gctx->canonuser_head = NULL;
251 }
252 #else
253 void _sasl_canonuser_free()
254 {
255     canonuser_plug_list_t *ptr, *ptr_next;
256 
257     for(ptr = canonuser_head; ptr; ptr = ptr_next) {
258 	ptr_next = ptr->next;
259 	if(ptr->plug->canon_user_free)
260 	    ptr->plug->canon_user_free(ptr->plug->glob_context,
261 				       sasl_global_utils);
262 	sasl_FREE(ptr);
263     }
264 
265     canonuser_head = NULL;
266 }
267 #endif /* _SUN_SDK_ */
268 
269 #ifdef _SUN_SDK_
270 int sasl_canonuser_add_plugin(const char *plugname,
271                               sasl_canonuser_init_t *canonuserfunc)
272 {
273     return (_sasl_canonuser_add_plugin(_sasl_gbl_ctx(), plugname,
274         canonuserfunc));
275 }
276 
277 int _sasl_canonuser_add_plugin(void *ctx,
278                                const char *plugname,
279                                sasl_canonuser_init_t *canonuserfunc)
280 #else
281 int sasl_canonuser_add_plugin(const char *plugname,
282 			      sasl_canonuser_init_t *canonuserfunc)
283 #endif /* _SUN_SDK_ */
284 {
285     int result, out_version;
286     canonuser_plug_list_t *new_item;
287     sasl_canonuser_plug_t *plug;
288 #ifdef _SUN_SDK_
289     _sasl_global_context_t *gctx = ctx == NULL ? _sasl_gbl_ctx() : ctx;
290     const sasl_utils_t *sasl_global_utils;
291     canonuser_plug_list_t *l;
292 
293   /* Check to see if this plugin has already been registered */
294     for (l = gctx->canonuser_head; l != NULL; l = l->next) {
295 	if (strcmp(plugname, l->name) == 0) {
296 	    return SASL_OK;
297 	}
298     }
299     sasl_global_utils = gctx->sasl_canonusr_global_utils;
300 #endif /* _SUN_SDK_ */
301 
302     if(!plugname || strlen(plugname) > (PATH_MAX - 1)) {
303 	sasl_seterror(NULL, 0,
304 		      "bad plugname passed to sasl_canonuser_add_plugin\n");
305 	return SASL_BADPARAM;
306     }
307 
308     result = canonuserfunc(sasl_global_utils, SASL_CANONUSER_PLUG_VERSION,
309 			   &out_version, &plug, plugname);
310 
311     if(result != SASL_OK) {
312 #ifdef _SUN_SDK_
313 	__sasl_log(gctx, gctx->server_global_callbacks.callbacks == NULL ?
314 	    	   gctx->client_global_callbacks.callbacks :
315 	    	   gctx->server_global_callbacks.callbacks,
316 		   SASL_LOG_ERR, "canonuserfunc error %i\n",result);
317 #else
318 	_sasl_log(NULL, SASL_LOG_ERR, "canonuserfunc error %i\n",result);
319 #endif /* _SUN_SDK_ */
320 	return result;
321     }
322 
323     if(!plug->canon_user_server && !plug->canon_user_client) {
324 	/* We need atleast one of these implemented */
325 #ifdef _SUN_SDK_
326 	__sasl_log(gctx, gctx->server_global_callbacks.callbacks == NULL ?
327 	    	   gctx->client_global_callbacks.callbacks :
328 	    	   gctx->server_global_callbacks.callbacks, SASL_LOG_ERR,
329 		   "canonuser plugin without either client or server side");
330 #else
331 	_sasl_log(NULL, SASL_LOG_ERR,
332 		  "canonuser plugin without either client or server side");
333 #endif /* _SUN_SDK_ */
334 	return SASL_BADPROT;
335     }
336 
337 #ifdef _SUN_SDK_
338     /* Check plugin to make sure name is non-NULL */
339     if (plug->name == NULL) {
340 	__sasl_log(gctx, gctx->server_global_callbacks.callbacks == NULL ?
341 	    	   gctx->client_global_callbacks.callbacks :
342 	    	   gctx->server_global_callbacks.callbacks,
343 		   SASL_LOG_ERR, "invalid canonusr plugin %s", plugname);
344 	return SASL_BADPROT;
345     }
346 #endif /* _SUN_SDK_ */
347 
348     new_item = sasl_ALLOC(sizeof(canonuser_plug_list_t));
349     if(!new_item) return SASL_NOMEM;
350 
351 #ifdef _SUN_SDK_
352     if(_sasl_strdup(plugname, &new_item->name, NULL) != SASL_OK) {
353 	sasl_FREE(new_item);
354 	return SASL_NOMEM;
355     }
356 #else
357     strncpy(new_item->name, plugname, PATH_MAX);
358 #endif /* _SUN_SDK_ */
359 
360     new_item->plug = plug;
361 #ifdef _SUN_SDK_
362     new_item->next = gctx->canonuser_head;
363     gctx->canonuser_head = new_item;
364 #else
365     new_item->next = canonuser_head;
366     canonuser_head = new_item;
367 #endif /* _SUN_SDK_ */
368 
369     return SASL_OK;
370 }
371 
372 #ifdef MIN
373 #undef MIN
374 #endif
375 #define MIN(a,b) (((a) < (b))? (a):(b))
376 
377 static int _canonuser_internal(const sasl_utils_t *utils,
378 			       const char *user, unsigned ulen,
379 			       unsigned flags __attribute__((unused)),
380 			       char *out_user,
381 			       unsigned out_umax, unsigned *out_ulen)
382 {
383     unsigned i;
384     char *in_buf, *userin;
385     const char *begin_u;
386     unsigned u_apprealm = 0;
387     sasl_server_conn_t *sconn = NULL;
388 
389     if(!utils || !user) return SASL_BADPARAM;
390 
391 #ifdef _SUN_SDK_
392     in_buf = utils->malloc((ulen + 2) * sizeof(char));
393 #else
394     in_buf = sasl_ALLOC((ulen + 2) * sizeof(char));
395 #endif /* _SUN_SDK_ */
396     if(!in_buf) return SASL_NOMEM;
397 
398     userin = in_buf;
399 
400     memcpy(userin, user, ulen);
401     userin[ulen] = '\0';
402 
403     /* Strip User ID */
404     for(i=0;isspace((int)userin[i]) && i<ulen;i++);
405     begin_u = &(userin[i]);
406     if(i>0) ulen -= i;
407 
408     for(;ulen > 0 && isspace((int)begin_u[ulen-1]); ulen--);
409     if(begin_u == &(userin[ulen])) {
410 #ifdef _SUN_SDK_
411 	utils->free(in_buf);
412 #else
413 	sasl_FREE(in_buf);
414 #endif /* _SUN_SDK_ */
415 #ifdef _INTEGRATED_SOLARIS_
416 	utils->seterror(utils->conn, 0, gettext("All-whitespace username."));
417 #else
418 	utils->seterror(utils->conn, 0, "All-whitespace username.");
419 #endif /* _INTEGRATED_SOLARIS_ */
420 	return SASL_FAIL;
421     }
422 
423     if(utils->conn && utils->conn->type == SASL_CONN_SERVER)
424 	sconn = (sasl_server_conn_t *)utils->conn;
425 
426     /* Need to append realm if necessary (see sasl.h) */
427     if(sconn && sconn->user_realm && !strchr(user, '@')) {
428 	u_apprealm = strlen(sconn->user_realm) + 1;
429     }
430 
431     /* Now Copy */
432     memcpy(out_user, begin_u, MIN(ulen, out_umax));
433     if(sconn && u_apprealm) {
434 	if(ulen >= out_umax) return SASL_BUFOVER;
435 	out_user[ulen] = '@';
436 	memcpy(&(out_user[ulen+1]), sconn->user_realm,
437 	       MIN(u_apprealm-1, out_umax-ulen-1));
438     }
439     out_user[MIN(ulen + u_apprealm,out_umax)] = '\0';
440 
441     if(ulen + u_apprealm > out_umax) return SASL_BUFOVER;
442 
443     if(out_ulen) *out_ulen = MIN(ulen + u_apprealm,out_umax);
444 
445 #ifdef _SUN_SDK_
446     utils->free(in_buf);
447 #else
448     sasl_FREE(in_buf);
449 #endif /* _SUN_SDK_ */
450     return SASL_OK;
451 }
452 
453 static int _cu_internal_server(void *glob_context __attribute__((unused)),
454 			       sasl_server_params_t *sparams,
455 			       const char *user, unsigned ulen,
456 			       unsigned flags,
457 			       char *out_user,
458 			       unsigned out_umax, unsigned *out_ulen)
459 {
460     return _canonuser_internal(sparams->utils,
461 			       user, ulen,
462 			       flags, out_user, out_umax, out_ulen);
463 }
464 
465 static int _cu_internal_client(void *glob_context __attribute__((unused)),
466 			       sasl_client_params_t *cparams,
467 			       const char *user, unsigned ulen,
468 			       unsigned flags,
469 			       char *out_user,
470 			       unsigned out_umax, unsigned *out_ulen)
471 {
472     return _canonuser_internal(cparams->utils,
473 			       user, ulen,
474 			       flags, out_user, out_umax, out_ulen);
475 }
476 
477 static sasl_canonuser_plug_t canonuser_internal_plugin = {
478         0, /* features */
479 	0, /* spare */
480 	NULL, /* glob_context */
481 	"INTERNAL", /* name */
482 	NULL, /* canon_user_free */
483 	_cu_internal_server,
484 	_cu_internal_client,
485 	NULL,
486 	NULL,
487 	NULL
488 };
489 
490 int internal_canonuser_init(const sasl_utils_t *utils __attribute__((unused)),
491                             int max_version,
492                             int *out_version,
493                             sasl_canonuser_plug_t **plug,
494                             const char *plugname __attribute__((unused)))
495 {
496     if(!out_version || !plug) return SASL_BADPARAM;
497 
498     if(max_version < SASL_CANONUSER_PLUG_VERSION) return SASL_BADVERS;
499 
500     *out_version = SASL_CANONUSER_PLUG_VERSION;
501 
502     *plug = &canonuser_internal_plugin;
503 
504     return SASL_OK;
505 }
506