xref: /illumos-gate/usr/src/lib/libsasl/lib/server.c (revision 7c478bd95313f5f23a4c958a745db2134aa03244)

/*
 * Copyright 2004 Sun Microsystems, Inc.  All rights reserved.
 * Use is subject to license terms.
 */
#pragma ident	"%Z%%M%	%I%	%E% SMI"

/* SASL server API implementation
 * Rob Siemborski
 * Tim Martin
 * $Id: server.c,v 1.123 2003/04/16 19:36:01 rjs3 Exp $
 */
/*
 * Copyright (c) 1998-2003 Carnegie Mellon University.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 *
 * 1. Redistributions of source code must retain the above copyright
 *    notice, this list of conditions and the following disclaimer.
 *
 * 2. Redistributions in binary form must reproduce the above copyright
 *    notice, this list of conditions and the following disclaimer in
 *    the documentation and/or other materials provided with the
 *    distribution.
 *
 * 3. The name "Carnegie Mellon University" must not be used to
 *    endorse or promote products derived from this software without
 *    prior written permission. For permission or any other legal
 *    details, please contact
 *      Office of Technology Transfer
 *      Carnegie Mellon University
 *      5000 Forbes Avenue
 *      Pittsburgh, PA  15213-3890
 *      (412) 268-4387, fax: (412) 268-7395
 *      tech-transfer@andrew.cmu.edu
 *
 * 4. Redistributions of any form whatsoever must retain the following
 *    acknowledgment:
 *    "This product includes software developed by Computing Services
 *     at Carnegie Mellon University (http://www.cmu.edu/computing/)."
 *
 * CARNEGIE MELLON UNIVERSITY DISCLAIMS ALL WARRANTIES WITH REGARD TO
 * THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
 * AND FITNESS, IN NO EVENT SHALL CARNEGIE MELLON UNIVERSITY BE LIABLE
 * FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN
 * AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING
 * OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 */

/* local functions/structs don't start with sasl
 */
#include <config.h>
#include <errno.h>
#include <stdio.h>
#include <stdlib.h>
#include <limits.h>
#ifndef macintosh
#include <sys/types.h>
#include <sys/stat.h>
#endif
#include <fcntl.h>
#include <string.h>
#include <ctype.h>

#include "sasl.h"
#include "saslint.h"
#include "saslplug.h"
#include "saslutil.h"

#ifndef _SUN_SDK_
#ifdef sun
/* gotta define gethostname ourselves on suns */
extern int gethostname(char *, int);
#endif
#endif /* !_SUN_SDK_ */

#define DEFAULT_CHECKPASS_MECH "auxprop"

/* Contains functions:
 *
 * sasl_server_init
 * sasl_server_new
 * sasl_listmech
 * sasl_server_start
 * sasl_server_step
 * sasl_checkpass
 * sasl_checkapop
 * sasl_user_exists
 * sasl_setpass
 */

#ifdef _SUN_SDK_
int _is_sasl_server_active(_sasl_global_context_t *gctx)
{
    return gctx->sasl_server_active;
}

DEFINE_STATIC_MUTEX(init_server_mutex);
DEFINE_STATIC_MUTEX(server_active_mutex);
/*
 * server_plug_mutex ensures only one server plugin is init'ed at a time
 * If a plugin is loaded more than once, the glob_context may be overwritten
 * which may lead to a memory leak. We keep glob_context with each mech
 * to avoid this problem.
 */
DEFINE_STATIC_MUTEX(server_plug_mutex);
#else
/* if we've initialized the server sucessfully */
static int _sasl_server_active = 0;

/* For access by other modules */
int _is_sasl_server_active(void) { return _sasl_server_active; }
#endif /* _SUN_SDK_ */

static int _sasl_checkpass(sasl_conn_t *conn,
			   const char *user, unsigned userlen,
			   const char *pass, unsigned passlen);

#ifndef _SUN_SDK_
static mech_list_t *mechlist = NULL; /* global var which holds the list */

static sasl_global_callbacks_t global_callbacks;
#endif /* !_SUN_SDK_ */

/* set the password for a user
 *  conn        -- SASL connection
 *  user        -- user name
 *  pass        -- plaintext password, may be NULL to remove user
 *  passlen     -- length of password, 0 = strlen(pass)
 *  oldpass     -- NULL will sometimes work
 *  oldpasslen  -- length of password, 0 = strlen(oldpass)
 *  flags       -- see flags below
 *
 * returns:
 *  SASL_NOCHANGE  -- proper entry already exists
 *  SASL_NOMECH    -- no authdb supports password setting as configured
 *  SASL_NOVERIFY  -- user exists, but no settable password present
 *  SASL_DISABLED  -- account disabled
 *  SASL_PWLOCK    -- password locked
 *  SASL_WEAKPASS  -- password too weak for security policy
 *  SASL_NOUSERPASS -- user-supplied passwords not permitted
 *  SASL_FAIL      -- OS error
 *  SASL_BADPARAM  -- password too long
 *  SASL_OK        -- successful
 */

int sasl_setpass(sasl_conn_t *conn,
		 const char *user,
		 const char *pass, unsigned passlen,
		 const char *oldpass,
		 unsigned oldpasslen,
		 unsigned flags)
{
    int result=SASL_OK, tmpresult;
    sasl_server_conn_t *s_conn = (sasl_server_conn_t *) conn;
    sasl_server_userdb_setpass_t *setpass_cb = NULL;
    void *context = NULL;
    mechanism_t *m;

#ifdef _SUN_SDK_
    _sasl_global_context_t *gctx =
		 (conn == NULL) ? _sasl_gbl_ctx() : conn->gctx;
    mech_list_t *mechlist = gctx == NULL ? NULL : gctx->mechlist;

    if (!gctx->sasl_server_active || !mechlist) return SASL_NOTINIT;
#else
    if (!_sasl_server_active || !mechlist) return SASL_NOTINIT;
#endif /* _SUN_SDK_ */

    /* check params */
    if (!conn) return SASL_BADPARAM;
    if (conn->type != SASL_CONN_SERVER) PARAMERROR(conn);

    if ((!(flags & SASL_SET_DISABLE) && passlen == 0)
        || ((flags & SASL_SET_CREATE) && (flags & SASL_SET_DISABLE)))
	PARAMERROR(conn);

    /* call userdb callback function */
    result = _sasl_getcallback(conn, SASL_CB_SERVER_USERDB_SETPASS,
			       &setpass_cb, &context);
    if(result == SASL_OK && setpass_cb) {
	tmpresult = setpass_cb(conn, context, user, pass, passlen,
			    s_conn->sparams->propctx, flags);
	if(tmpresult != SASL_OK) {
	    _sasl_log(conn, SASL_LOG_ERR,
		      "setpass callback failed for %s: %z",
		      user, tmpresult);
	} else {
	    _sasl_log(conn, SASL_LOG_NOTE,
		      "setpass callback succeeded for %s", user);
	}
    } else {
	result = SASL_OK;
    }

    /* now we let the mechanisms set their secrets */
    for (m = mechlist->mech_list; m; m = m->next) {
	if (!m->plug->setpass) {
	    /* can't set pass for this mech */
	    continue;
	}
#ifdef _SUN_SDK_
	tmpresult = m->plug->setpass(m->glob_context,
#else
	tmpresult = m->plug->setpass(m->plug->glob_context,
#endif /* _SUN_SDK_ */
				     ((sasl_server_conn_t *)conn)->sparams,
				     user,
				     pass,
				     passlen,
				     oldpass, oldpasslen,
				     flags);
	if (tmpresult == SASL_OK) {
	    _sasl_log(conn, SASL_LOG_NOTE,
		      "%s: set secret for %s", m->plug->mech_name, user);

	    m->condition = SASL_OK; /* if we previously thought the
				       mechanism didn't have any user secrets
				       we now think it does */

	} else if (tmpresult == SASL_NOCHANGE) {
	    _sasl_log(conn, SASL_LOG_NOTE,
		      "%s: secret not changed for %s", m->plug->mech_name, user);
	} else {
	    result = tmpresult;
	    _sasl_log(conn, SASL_LOG_ERR,
		      "%s: failed to set secret for %s: %z (%m)",
		      m->plug->mech_name, user, tmpresult,
#ifndef WIN32
		      errno
#else
		      GetLastError()
#endif
		      );
	}
    }

    RETURN(conn, result);
}

#ifdef _SUN_SDK_
static void
server_dispose_mech_contexts(sasl_conn_t *pconn)
{
  sasl_server_conn_t *s_conn=  (sasl_server_conn_t *) pconn;
  context_list_t *cur, *cur_next;
  _sasl_global_context_t *gctx = pconn->gctx;

  for(cur = s_conn->mech_contexts; cur; cur=cur_next) {
      cur_next = cur->next;
      if(cur->context)
	  cur->mech->plug->mech_dispose(cur->context, s_conn->sparams->utils);
      sasl_FREE(cur);
  }
  s_conn->mech_contexts = NULL;
}
#endif /* _SUN_SDK_ */

/* local mechanism which disposes of server */
static void server_dispose(sasl_conn_t *pconn)
{
  sasl_server_conn_t *s_conn=  (sasl_server_conn_t *) pconn;
#ifdef _SUN_SDK_
  _sasl_global_context_t *gctx = pconn->gctx;
#else
  context_list_t *cur, *cur_next;
#endif /* _SUN_SDK_ */

  if (s_conn->mech
      && s_conn->mech->plug->mech_dispose) {
    s_conn->mech->plug->mech_dispose(pconn->context,
				     s_conn->sparams->utils);
  }
  pconn->context = NULL;

#ifdef _SUN_SDK_
  server_dispose_mech_contexts(pconn);
#else
  for(cur = s_conn->mech_contexts; cur; cur=cur_next) {
      cur_next = cur->next;
      if(cur->context)
	  cur->mech->plug->mech_dispose(cur->context, s_conn->sparams->utils);
      sasl_FREE(cur);
  }
  s_conn->mech_contexts = NULL;
#endif /* _SUN_SDK_ */

  _sasl_free_utils(&s_conn->sparams->utils);

  if (s_conn->sparams->propctx)
      prop_dispose(&s_conn->sparams->propctx);

  if (s_conn->user_realm)
      sasl_FREE(s_conn->user_realm);

  if (s_conn->sparams)
      sasl_FREE(s_conn->sparams);

  _sasl_conn_dispose(pconn);
}

#ifdef _SUN_SDK_
static int init_mechlist(_sasl_global_context_t *gctx)
{
    mech_list_t *mechlist = gctx->mechlist;
#else
static int init_mechlist(void)
{
#endif /* _SUN_SDK_ */
    sasl_utils_t *newutils = NULL;

    mechlist->mutex = sasl_MUTEX_ALLOC();
    if(!mechlist->mutex) return SASL_FAIL;

    /* set util functions - need to do rest */
#ifdef _SUN_SDK_
    newutils = _sasl_alloc_utils(gctx, NULL, &gctx->server_global_callbacks);
#else
    newutils = _sasl_alloc_utils(NULL, &global_callbacks);
#endif /* _SUN_SDK_ */
    if (newutils == NULL)
	return SASL_NOMEM;

    newutils->checkpass = &_sasl_checkpass;

    mechlist->utils = newutils;
    mechlist->mech_list=NULL;
    mechlist->mech_length=0;

    return SASL_OK;
}

#ifdef _SUN_SDK_
static int load_mech(_sasl_global_context_t *gctx, const char *mechname)
{
    sasl_getopt_t *getopt;
    void *context;
    const char *mlist = NULL;
    const char *cp;
    size_t len;

    /* No sasl_conn_t was given to getcallback, so we provide the
     * global callbacks structure */
    if (_sasl_getcallback(NULL, SASL_CB_GETOPT, &getopt, &context) == SASL_OK)
	(void)getopt(&gctx->server_global_callbacks, NULL,
		"server_load_mech_list", &mlist, NULL);

    if (mlist == NULL)
	return (1);

    len = strlen(mechname);
    while (*mlist && isspace((int) *mlist)) mlist++;

    while (*mlist) {
	for (cp = mlist; *cp && !isspace((int) *cp); cp++);
	if (((size_t) (cp - mlist) == len) &&
		!strncasecmp(mlist, mechname, len))
	    break;
	mlist = cp;
	while (*mlist && isspace((int) *mlist)) mlist++;
    }
    return (*mlist != '\0');
}
#endif /* _SUN_SDK_ */

/*
 * parameters:
 *  p - entry point
 */
int sasl_server_add_plugin(const char *plugname,
			   sasl_server_plug_init_t *p)
#ifdef _SUN_SDK_
{
    return (_sasl_server_add_plugin(_sasl_gbl_ctx(), plugname, p));
}

int _sasl_server_add_plugin(void *ctx,
			    const char *plugname,
			    sasl_server_plug_init_t *p)
{
    int nplug = 0;
    int i;
    mechanism_t *m;
    _sasl_global_context_t *gctx = ctx == NULL ? _sasl_gbl_ctx() : ctx;
    mech_list_t *mechlist = gctx->mechlist;

    /* EXPORT DELETE START */
    /* CRYPT DELETE START */
#ifdef _INTEGRATED_SOLARIS_
    int sun_reg;
#endif /* _INTEGRATED_SOLARIS_ */
    /* CRYPT DELETE END */
    /* EXPORT DELETE END */
#else
{
#endif /* _SUN_SDK_ */
    int plugcount;
    sasl_server_plug_t *pluglist;
    mechanism_t *mech;
    sasl_server_plug_init_t *entry_point;
    int result;
    int version;
    int lupe;

    if(!plugname || !p) return SASL_BADPARAM;

#ifdef _SUN_SDK_
    if (mechlist == NULL) return SASL_BADPARAM;

    /* Check to see if this plugin has already been registered */
    m = mechlist->mech_list;
    for (i = 0; i < mechlist->mech_length; i++) {
	if (strcmp(plugname, m->plugname) == 0)
		return SASL_OK;
	m = m->next;
    }

    result = LOCK_MUTEX(&server_plug_mutex);
    if (result != SASL_OK)
	return result;

#endif /* _SUN_SDK_ */
    entry_point = (sasl_server_plug_init_t *)p;

    /* call into the shared library asking for information about it */
    /* version is filled in with the version of the plugin */
    result = entry_point(mechlist->utils, SASL_SERVER_PLUG_VERSION, &version,
			 &pluglist, &plugcount);

    /* EXPORT DELETE START */
    /* CRYPT DELETE START */
#ifdef _INTEGRATED_SOLARIS_
    sun_reg = _is_sun_reg(pluglist);
#endif /* _INTEGRATED_SOLARIS_ */
    /* CRYPT DELETE END */
    /* EXPORT DELETE END */

#ifdef _SUN_SDK_
    if (result != SASL_OK) {
	UNLOCK_MUTEX(&server_plug_mutex);
	__sasl_log(gctx, gctx->server_global_callbacks.callbacks,
		   SASL_LOG_DEBUG,
		   "server add_plugin entry_point error %z", result);
#else
    if ((result != SASL_OK) && (result != SASL_NOUSER)) {
	_sasl_log(NULL, SASL_LOG_DEBUG,
		  "server add_plugin entry_point error %z\n", result);
#endif /* _SUN_SDK_ */
	return result;
    }

    /* Make sure plugin is using the same SASL version as us */
    if (version != SASL_SERVER_PLUG_VERSION)
    {
#ifdef _SUN_SDK_
	UNLOCK_MUTEX(&server_plug_mutex);
	__sasl_log(gctx, gctx->server_global_callbacks.callbacks,
		   SASL_LOG_ERR, "version mismatch on plugin");
#else
	_sasl_log(NULL, SASL_LOG_ERR,
		  "version mismatch on plugin");
#endif /* _SUN_SDK_ */
	return SASL_BADVERS;
    }
#ifdef _SUN_SDK_
    /* Check plugins to make sure mech_name is non-NULL */
    for (lupe=0;lupe < plugcount ;lupe++) {
	if (pluglist[lupe].mech_name == NULL)
	     break;
    }
    if (lupe < plugcount) {
#ifdef _SUN_SDK_
	UNLOCK_MUTEX(&server_plug_mutex);
	__sasl_log(gctx, gctx->server_global_callbacks.callbacks,
		   SASL_LOG_ERR, "invalid server plugin %s", plugname);
#else
	_sasl_log(NULL, SASL_LOG_ERR, "invalid server plugin %s", plugname);
#endif /* _SUN_SDK_ */
	return SASL_BADPROT;
    }
#endif /* _SUN_SDK_ */

    for (lupe=0;lupe < plugcount ;lupe++)
    {
#ifdef _SUN_SDK_
	if (!load_mech(gctx, pluglist->mech_name)) {
	     pluglist++;
	     continue;
	}
	nplug++;
#endif /* _SUN_SDK_ */
	mech = sasl_ALLOC(sizeof(mechanism_t));
#ifdef _SUN_SDK_
	if (! mech) {
	    UNLOCK_MUTEX(&server_plug_mutex);
	    return SASL_NOMEM;
	}

	mech->glob_context = pluglist->glob_context;
#else
	if (! mech) return SASL_NOMEM;
#endif /* _SUN_SDK_ */

	mech->plug=pluglist++;
	if(_sasl_strdup(plugname, &mech->plugname, NULL) != SASL_OK) {
#ifdef _SUN_SDK_
	    UNLOCK_MUTEX(&server_plug_mutex);
#endif /* _SUN_SDK_ */
	    sasl_FREE(mech);
	    return SASL_NOMEM;
	}
	mech->version = version;
#ifdef _SUN_SDK_
	/* EXPORT DELETE START */
	/* CRYPT DELETE START */
#ifdef _INTEGRATED_SOLARIS_
	mech->sun_reg = sun_reg;
#endif /* _INTEGRATED_SOLARIS_ */
	/* CRYPT DELETE END */
	/* EXPORT DELETE END */

	/* whether this mech actually has any users in it's db */
	mech->condition = SASL_OK;
#else
	/* whether this mech actually has any users in it's db */
	mech->condition = result; /* SASL_OK or SASL_NOUSER */
#endif /* _SUN_SDK_ */

	mech->next = mechlist->mech_list;
	mechlist->mech_list = mech;
	mechlist->mech_length++;
    }

#ifdef _SUN_SDK_
    UNLOCK_MUTEX(&server_plug_mutex);
    return (nplug == 0) ? SASL_NOMECH : SASL_OK;
#else
    return SASL_OK;
#endif /* _SUN_SDK_ */
}

#ifdef _SUN_SDK_
static int server_done(_sasl_global_context_t *gctx) {
  mech_list_t *mechlist = gctx->mechlist;
  _sasl_path_info_t *path_info, *p;
#else
static int server_done(void) {
#endif /* _SUN_SDK_ */
  mechanism_t *m;
  mechanism_t *prevm;

#ifdef _SUN_SDK_
  if(!gctx->sasl_server_active)
      return SASL_NOTINIT;

  if (LOCK_MUTEX(&server_active_mutex) < 0) {
	return (SASL_FAIL);
  }
  gctx->sasl_server_active--;

  if(gctx->sasl_server_active) {
      /* Don't de-init yet! Our refcount is nonzero. */
      UNLOCK_MUTEX(&server_active_mutex);
      return SASL_CONTINUE;
  }
#else
  if(!_sasl_server_active)
      return SASL_NOTINIT;
  else
      _sasl_server_active--;

  if(_sasl_server_active) {
      /* Don't de-init yet! Our refcount is nonzero. */
      return SASL_CONTINUE;
  }
#endif /* _SUN_SDK_ */

  if (mechlist != NULL)
  {
      m=mechlist->mech_list; /* m point to beginning of the list */

      while (m!=NULL)
      {
	  prevm=m;
	  m=m->next;

	  if (prevm->plug->mech_free) {
#ifdef _SUN_SDK_
	      prevm->plug->mech_free(prevm->glob_context,
#else
	      prevm->plug->mech_free(prevm->plug->glob_context,
#endif /* _SUN_SDK_ */
				     mechlist->utils);
	  }

	  sasl_FREE(prevm->plugname);
	  sasl_FREE(prevm);
      }
      _sasl_free_utils(&mechlist->utils);
      sasl_MUTEX_FREE(mechlist->mutex);
      sasl_FREE(mechlist);
#ifdef _SUN_SDK_
      gctx->mechlist = NULL;
#else
      mechlist = NULL;
#endif /* _SUN_SDK_ */
  }

  /* Free the auxprop plugins */
#ifdef _SUN_SDK_
  _sasl_auxprop_free(gctx);

  gctx->server_global_callbacks.callbacks = NULL;
  gctx->server_global_callbacks.appname = NULL;

  p = gctx->splug_path_info;
  while((path_info = p) != NULL) {
    sasl_FREE(path_info->path);
    p = path_info->next;
    sasl_FREE(path_info);
  }
  gctx->splug_path_info = NULL;
  UNLOCK_MUTEX(&server_active_mutex);
#else
  _sasl_auxprop_free();

  global_callbacks.callbacks = NULL;
  global_callbacks.appname = NULL;
#endif /* _SUN_SDK_ */

  return SASL_OK;
}

static int server_idle(sasl_conn_t *conn)
{
    mechanism_t *m;
#ifdef _SUN_SDK_
    _sasl_global_context_t *gctx;
    mech_list_t *mechlist;

    if (conn == NULL)
        gctx = _sasl_gbl_ctx();
    else
        gctx = conn->gctx;
  mechlist = gctx->mechlist;
#endif /* _SUN_SDK_ */
    if (! mechlist)
	return 0;

    for (m = mechlist->mech_list;
	 m!=NULL;
	 m = m->next)
	if (m->plug->idle
#ifdef _SUN_SDK_
	    &&  m->plug->idle(m->glob_context,
#else
	    &&  m->plug->idle(m->plug->glob_context,
#endif /* _SUN_SDK_ */
			      conn,
			      conn ? ((sasl_server_conn_t *)conn)->sparams : NULL))
	    return 1;

    return 0;
}

#ifdef _SUN_SDK_
static int load_config(_sasl_global_context_t *gctx,
		       const sasl_callback_t *verifyfile_cb)
{
  int result;
  const char *conf_to_config = NULL;
  const char *conf_file = NULL;
  int conf_len;
  sasl_global_callbacks_t global_callbacks = gctx->server_global_callbacks;
  char *alloc_file_name=NULL;
  int len;
  const sasl_callback_t *getconf_cb=NULL;
  struct stat buf;
  int full_file = 0;
  int file_exists = 0;

  /* get the path to the plugins; for now the config file will reside there */
  getconf_cb = _sasl_find_getconf_callback(global_callbacks.callbacks);
  if (getconf_cb==NULL) return SASL_BADPARAM;

  result = ((sasl_getpath_t *)(getconf_cb->proc))(getconf_cb->context,
						  &conf_to_config);
  if (result!=SASL_OK) goto done;
  if (conf_to_config == NULL) conf_to_config = "";
  else {
	if (stat(conf_to_config, &buf))
		goto process_file;
	full_file = !S_ISDIR(buf.st_mode);
  }

  if (!full_file) {
    conf_len = strlen(conf_to_config);
    len = strlen(conf_to_config)+2+ strlen(global_callbacks.appname)+5+1;

    if (len > PATH_MAX ) {
      result = SASL_FAIL;
      goto done;
    }

    /* construct the filename for the config file */
    alloc_file_name = sasl_ALLOC(len);
    if (! alloc_file_name) {
        result = SASL_NOMEM;
        goto done;
    }

    snprintf(alloc_file_name, len, "%.*s/%s.conf", conf_len, conf_to_config,
	   global_callbacks.appname);

  }
  conf_file = full_file ? conf_to_config : alloc_file_name;

  if (full_file || stat(conf_file, &buf) == 0)
	file_exists = S_ISREG(buf.st_mode);

process_file:
  /* Check to see if anything has changed */
  if (file_exists && gctx->config_path != NULL &&
	strcmp(conf_file, gctx->config_path) == 0 &&
	gctx->config_last_read == buf.st_mtime) {
    /* File has not changed */
    goto done;
  } else if (gctx->config_path == NULL) {
    /* No new file, nothing has changed  */
    if (!file_exists)
	goto done;
  } else {
    sasl_config_free(gctx);
    if (!file_exists) {
	gctx->config_path = NULL;
	goto done;
    }
  }
  gctx->config_last_read = buf.st_mtime;

  /* Ask the application if it's safe to use this file */
  result = ((sasl_verifyfile_t *)(verifyfile_cb->proc))(verifyfile_cb->context,
		conf_file, SASL_VRFY_CONF);

  /* returns continue if this file is to be skipped */

  /* returns SASL_CONTINUE if doesn't exist
   * if doesn't exist we can continue using default behavior
   */
  if (result==SASL_OK)
    result=sasl_config_init(gctx, conf_file);

 done:
  if (alloc_file_name) sasl_FREE(alloc_file_name);

  return result;
}
#else
static int load_config(const sasl_callback_t *verifyfile_cb)
{
  int result;
  const char *path_to_config=NULL;
  const char *c;
  unsigned path_len;

  char *config_filename=NULL;
  int len;
  const sasl_callback_t *getpath_cb=NULL;

  /* get the path to the plugins; for now the config file will reside there */
  getpath_cb=_sasl_find_getpath_callback( global_callbacks.callbacks );
  if (getpath_cb==NULL) return SASL_BADPARAM;

  /* getpath_cb->proc MUST be a sasl_getpath_t; if only c had a type
     system */
  result = ((sasl_getpath_t *)(getpath_cb->proc))(getpath_cb->context,
						  &path_to_config);
  if (result!=SASL_OK) goto done;
  if (path_to_config == NULL) path_to_config = "";

  c = strchr(path_to_config, PATHS_DELIMITER);

  /* length = length of path + '/' + length of appname + ".conf" + 1
     for '\0' */

  if(c != NULL)
    path_len = c - path_to_config;
  else
    path_len = strlen(path_to_config);

  len = path_len + 2 + strlen(global_callbacks.appname) + 5 + 1;

  if (len > PATH_MAX ) {
      result = SASL_FAIL;
      goto done;
  }

  /* construct the filename for the config file */
  config_filename = sasl_ALLOC(len);
  if (! config_filename) {
      result = SASL_NOMEM;
      goto done;
  }

  snprintf(config_filename, len, "%.*s/%s.conf", path_len, path_to_config,
	   global_callbacks.appname);

  /* Ask the application if it's safe to use this file */
  result = ((sasl_verifyfile_t *)(verifyfile_cb->proc))(verifyfile_cb->context,
					config_filename, SASL_VRFY_CONF);

  /* returns continue if this file is to be skipped */

  /* returns SASL_CONTINUE if doesn't exist
   * if doesn't exist we can continue using default behavior
   */
  if (result==SASL_OK)
    result=sasl_config_init(config_filename);

 done:
  if (config_filename) sasl_FREE(config_filename);

  return result;
}
#endif /* _SUN_SDK_ */

/*
 * Verify that all the callbacks are valid
 */
static int verify_server_callbacks(const sasl_callback_t *callbacks)
{
    if (callbacks == NULL) return SASL_OK;

    while (callbacks->id != SASL_CB_LIST_END) {
	if (callbacks->proc==NULL) return SASL_FAIL;

	callbacks++;
    }

    return SASL_OK;
}

#ifndef _SUN_SDK_
static char *grab_field(char *line, char **eofield)
{
    int d = 0;
    char *field;

    while (isspace((int) *line)) line++;

    /* find end of field */
    while (line[d] && !isspace(((int) line[d]))) d++;
    field = sasl_ALLOC(d + 1);
    if (!field) { return NULL; }
    memcpy(field, line, d);
    field[d] = '\0';
    *eofield = line + d;

    return field;
}

struct secflag_map_s {
    char *name;
    int value;
};

struct secflag_map_s secflag_map[] = {
    { "noplaintext", SASL_SEC_NOPLAINTEXT },
    { "noactive", SASL_SEC_NOACTIVE },
    { "nodictionary", SASL_SEC_NODICTIONARY },
    { "forward_secrecy", SASL_SEC_FORWARD_SECRECY },
    { "noanonymous", SASL_SEC_NOANONYMOUS },
    { "pass_credentials", SASL_SEC_PASS_CREDENTIALS },
    { "mutual_auth", SASL_SEC_MUTUAL_AUTH },
    { NULL, 0x0 }
};

static int parse_mechlist_file(const char *mechlistfile)
{
    FILE *f;
    char buf[1024];
    char *t, *ptr;
    int r = 0;

    f = fopen(mechlistfile, "r");
    if (!f) return SASL_FAIL;

    r = SASL_OK;
    while (fgets(buf, sizeof(buf), f) != NULL) {
	mechanism_t *n = sasl_ALLOC(sizeof(mechanism_t));
	sasl_server_plug_t *nplug;

	if (n == NULL) { r = SASL_NOMEM; break; }
	n->version = SASL_SERVER_PLUG_VERSION;
	n->condition = SASL_CONTINUE;
	nplug = sasl_ALLOC(sizeof(sasl_server_plug_t));
	if (nplug == NULL) { r = SASL_NOMEM; break; }
	memset(nplug, 0, sizeof(sasl_server_plug_t));

	/* each line is:
	   plugin-file WS mech_name WS max_ssf *(WS security_flag) RET
	*/

	/* grab file */
	n->f = grab_field(buf, &ptr);

	/* grab mech_name */
	nplug->mech_name = grab_field(ptr, &ptr);

	/* grab max_ssf */
	nplug->max_ssf = strtol(ptr, &ptr, 10);

	/* grab security flags */
	while (*ptr != '\n') {
	    struct secflag_map_s *map;

	    /* read security flag */
	    t = grab_field(ptr, &ptr);
	    map = secflag_map;
	    while (map->name) {
		if (!strcasecmp(t, map->name)) {
		    nplug->security_flags |= map->value;
		    break;
		}
		map++;
	    }
	    if (!map->name) {
		_sasl_log(NULL, SASL_LOG_ERR,
			  "%s: couldn't identify flag '%s'",
			  nplug->mech_name, t);
	    }
	    free(t);
	}

	/* insert mechanism into mechlist */
	n->plug = nplug;
	n->next = mechlist->mech_list;
	mechlist->mech_list = n;
	mechlist->mech_length++;
    }

    fclose(f);
    return r;
}
#endif /* !_SUN_SDK_ */

#ifdef _SUN_SDK_
static int _load_server_plugins(_sasl_global_context_t *gctx)
{
    int ret;
    const add_plugin_list_t _ep_list[] = {
	{ "sasl_server_plug_init", (add_plugin_t *)_sasl_server_add_plugin },
	{ "sasl_auxprop_plug_init", (add_plugin_t *)_sasl_auxprop_add_plugin },
	{ "sasl_canonuser_init", (add_plugin_t *)_sasl_canonuser_add_plugin },
	{ NULL, NULL }
    };
    const sasl_callback_t *callbacks = gctx->server_global_callbacks.callbacks;

    ret = _sasl_load_plugins(gctx, 1, _ep_list,
			     _sasl_find_getpath_callback(callbacks),
			     _sasl_find_verifyfile_callback(callbacks));
    return (ret);
}
#endif /* _SUN_SDK_ */

/* initialize server drivers, done once per process
#ifdef _SUN_SDK_
 *  callbacks      -- callbacks for all server connections
 *  appname        -- name of calling application (for config)
#else
 *  callbacks      -- callbacks for all server connections; must include
 *                    getopt callback
 *  appname        -- name of calling application (for lower level logging)
 * results:
 *  state          -- server state
#endif
 * returns:
 *  SASL_OK        -- success
 *  SASL_BADPARAM  -- error in config file
 *  SASL_NOMEM     -- memory failure
#ifndef _SUN_SDK_
 *  SASL_BADVERS   -- Mechanism version mismatch
#endif
 */

int sasl_server_init(const sasl_callback_t *callbacks,
		     const char *appname)
#ifdef _SUN_SDK_
{
	return _sasl_server_init(NULL, callbacks, appname);
}

int _sasl_server_init(void *ctx, const sasl_callback_t *callbacks,
		     const char *appname)
#endif /* _SUN_SDK_ */
{
    int ret;
    const sasl_callback_t *vf;
#ifdef _SUN_SDK_
    _sasl_global_context_t *gctx = ctx == NULL ? _sasl_gbl_ctx() : ctx;
#else
    const char *pluginfile = NULL;
#ifdef PIC
    sasl_getopt_t *getopt;
    void *context;
#endif

    const add_plugin_list_t ep_list[] = {
	{ "sasl_server_plug_init", (add_plugin_t *)sasl_server_add_plugin },
	{ "sasl_auxprop_plug_init", (add_plugin_t *)sasl_auxprop_add_plugin },
	{ "sasl_canonuser_init", (add_plugin_t *)sasl_canonuser_add_plugin },
	{ NULL, NULL }
    };
#endif /* _SUN_SDK_ */

    /* we require the appname to be non-null and short enough to be a path */
    if (!appname || strlen(appname) >= PATH_MAX)
	return SASL_BADPARAM;

#ifdef _SUN_SDK_
    /* Process only one _sasl_server_init() at a time */
    if (LOCK_MUTEX(&init_server_mutex) < 0)
	return (SASL_FAIL);
    if (LOCK_MUTEX(&server_active_mutex) < 0)
	return (SASL_FAIL);

    if (gctx->sasl_server_active) {
	/* We're already active, just increase our refcount */
	/* xxx do something with the callback structure? */
	gctx->sasl_server_active++;
	UNLOCK_MUTEX(&server_active_mutex);
  	UNLOCK_MUTEX(&init_server_mutex);
	return SASL_OK;
    }

    ret = _sasl_common_init(gctx, &gctx->server_global_callbacks, 1);
    if (ret != SASL_OK) {
	UNLOCK_MUTEX(&server_active_mutex);
  	UNLOCK_MUTEX(&init_server_mutex);
	return ret;
    }
#else
    if (_sasl_server_active) {
	/* We're already active, just increase our refcount */
	/* xxx do something with the callback structure? */
	_sasl_server_active++;
	return SASL_OK;
    }

    ret = _sasl_common_init(&global_callbacks);
    if (ret != SASL_OK)
	return ret;
#endif /* _SUN_SDK_ */

    /* verify that the callbacks look ok */
    ret = verify_server_callbacks(callbacks);
#ifdef _SUN_SDK_
    if (ret != SASL_OK) {
	UNLOCK_MUTEX(&server_active_mutex);
  	UNLOCK_MUTEX(&init_server_mutex);
	return ret;
    }

    gctx->server_global_callbacks.callbacks = callbacks;
    gctx->server_global_callbacks.appname = appname;

    /* If we fail now, we have to call server_done */
    gctx->sasl_server_active = 1;
    UNLOCK_MUTEX(&server_active_mutex);

    /* allocate mechlist and set it to empty */
    gctx->mechlist = sasl_ALLOC(sizeof(mech_list_t));
    if (gctx->mechlist == NULL) {
	server_done(gctx);
  	UNLOCK_MUTEX(&init_server_mutex);
	return SASL_NOMEM;
    }

    ret = init_mechlist(gctx);

    if (ret != SASL_OK) {
	server_done(gctx);
  	UNLOCK_MUTEX(&init_server_mutex);
	return ret;
    }
#else
    if (ret != SASL_OK)
	return ret;

    global_callbacks.callbacks = callbacks;
    global_callbacks.appname = appname;

    /* If we fail now, we have to call server_done */
    _sasl_server_active = 1;

    /* allocate mechlist and set it to empty */
    mechlist = sasl_ALLOC(sizeof(mech_list_t));
    if (mechlist == NULL) {
	server_done();
	return SASL_NOMEM;
    }

    ret = init_mechlist();
    if (ret != SASL_OK) {
	server_done();
	return ret;
    }
#endif /* _SUN_SDK_ */

    vf = _sasl_find_verifyfile_callback(callbacks);

    /* load config file if applicable */
#ifdef _SUN_SDK_
    ret = load_config(gctx, vf);
    if ((ret != SASL_OK) && (ret != SASL_CONTINUE)) {
	server_done(gctx);
  	UNLOCK_MUTEX(&init_server_mutex);
#else
    ret = load_config(vf);
    if ((ret != SASL_OK) && (ret != SASL_CONTINUE)) {
	server_done();
#endif /* _SUN_SDK_ */
	return ret;
    }

    /* load internal plugins */
#ifdef _SUN_SDK_
    _sasl_server_add_plugin(gctx, "EXTERNAL", &external_server_plug_init);

/* NOTE: plugin_list option not supported in SUN SDK */
    {
#else
    sasl_server_add_plugin("EXTERNAL", &external_server_plug_init);

#ifdef PIC
    /* delayed loading of plugins? (DSO only, as it doesn't
     * make much [any] sense to delay in the static library case) */
    if (_sasl_getcallback(NULL, SASL_CB_GETOPT, &getopt, &context)
	   == SASL_OK) {
	/* No sasl_conn_t was given to getcallback, so we provide the
	 * global callbacks structure */
	ret = getopt(&global_callbacks, NULL, "plugin_list", &pluginfile, NULL);
    }
#endif

    if (pluginfile != NULL) {
	/* this file should contain a list of plugins available.
	   we'll load on demand. */

	/* Ask the application if it's safe to use this file */
	ret = ((sasl_verifyfile_t *)(vf->proc))(vf->context,
						pluginfile,
						SASL_VRFY_CONF);
	if (ret != SASL_OK) {
	    _sasl_log(NULL, SASL_LOG_ERR,
		      "unable to load plugin list %s: %z", pluginfile, ret);
	}

	if (ret == SASL_OK) {
	    ret = parse_mechlist_file(pluginfile);
	}
    } else {
#endif /* _SUN_SDK_ */
	/* load all plugins now */
#ifdef _SUN_SDK_
	ret = _load_server_plugins(gctx);
#else
	ret = _sasl_load_plugins(ep_list,
				 _sasl_find_getpath_callback(callbacks),
				 _sasl_find_verifyfile_callback(callbacks));
#endif /* _SUN_SDK_ */
    }

#ifdef _SUN_SDK_
    if (ret == SASL_OK)
	ret = _sasl_build_mechlist(gctx);
    if (ret == SASL_OK) {
	gctx->sasl_server_cleanup_hook = &server_done;
	gctx->sasl_server_idle_hook = &server_idle;
    } else {
	server_done(gctx);
    }
    UNLOCK_MUTEX(&init_server_mutex);
#else
    if (ret == SASL_OK) {
	_sasl_server_cleanup_hook = &server_done;
	_sasl_server_idle_hook = &server_idle;

	ret = _sasl_build_mechlist();
    } else {
	server_done();
    }
#endif /* _SUN_SDK_ */

    return ret;
}

/*
 * Once we have the users plaintext password we
 * may want to transition them. That is put entries
 * for them in the passwd database for other
 * stronger mechanism
 *
 * for example PLAIN -> CRAM-MD5
 */
static int
_sasl_transition(sasl_conn_t * conn,
		 const char * pass,
		 unsigned passlen)
{
    const char *dotrans = "n";
    sasl_getopt_t *getopt;
    int result = SASL_OK;
    void *context;

    if (! conn)
	return SASL_BADPARAM;

    if (! conn->oparams.authid)
	PARAMERROR(conn);

    /* check if this is enabled: default to false */
    if (_sasl_getcallback(conn, SASL_CB_GETOPT, &getopt, &context) == SASL_OK)
    {
	getopt(context, NULL, "auto_transition", &dotrans, NULL);
	if (dotrans == NULL) dotrans = "n";
    }

    if (*dotrans == '1' || *dotrans == 'y' ||
	(*dotrans == 'o' && dotrans[1] == 'n') || *dotrans == 't') {
	/* ok, it's on! */
	result = sasl_setpass(conn,
			      conn->oparams.authid,
			      pass,
			      passlen,
			      NULL, 0, 0);
    }

    RETURN(conn,result);
}


/* create context for a single SASL connection
 *  service        -- registered name of the service using SASL (e.g. "imap")
 *  serverFQDN     -- Fully qualified domain name of server.  NULL means use
 *                    gethostname() or equivalent.
 *                    Useful for multi-homed servers.
 *  user_realm     -- permits multiple user realms on server, NULL = default
 *  iplocalport    -- server IPv4/IPv6 domain literal string with port
 *                    (if NULL, then mechanisms requiring IPaddr are disabled)
 *  ipremoteport   -- client IPv4/IPv6 domain literal string with port
 *                    (if NULL, then mechanisms requiring IPaddr are disabled)
 *  callbacks      -- callbacks (e.g., authorization, lang, new getopt context)
 *  flags          -- usage flags (see above)
 * returns:
 *  pconn          -- new connection context
 *
 * returns:
 *  SASL_OK        -- success
 *  SASL_NOMEM     -- not enough memory
 */

int sasl_server_new(const char *service,
		    const char *serverFQDN,
		    const char *user_realm,
		    const char *iplocalport,
		    const char *ipremoteport,
		    const sasl_callback_t *callbacks,
		    unsigned flags,
		    sasl_conn_t **pconn)
#ifdef _SUN_SDK_
{
    return _sasl_server_new(NULL, service, serverFQDN, user_realm, iplocalport,
			   ipremoteport, callbacks, flags, pconn);
}

int _sasl_server_new(void *ctx,
		    const char *service,
		    const char *serverFQDN,
		    const char *user_realm,
		    const char *iplocalport,
		    const char *ipremoteport,
		    const sasl_callback_t *callbacks,
		    unsigned flags,
		    sasl_conn_t **pconn)
#endif /* _SUN_SDK_ */
{
  int result;
  sasl_server_conn_t *serverconn;
  sasl_utils_t *utils;
  sasl_getopt_t *getopt;
  void *context;
  const char *log_level;

#ifdef _SUN_SDK_
  _sasl_global_context_t *gctx = (ctx == NULL) ? _sasl_gbl_ctx() : ctx;

  if (gctx->sasl_server_active==0) return SASL_NOTINIT;
#else
  if (_sasl_server_active==0) return SASL_NOTINIT;
#endif /* _SUN_SDK_ */
  if (! pconn) return SASL_FAIL;
  if (! service) return SASL_FAIL;

  *pconn=sasl_ALLOC(sizeof(sasl_server_conn_t));
  if (*pconn==NULL) return SASL_NOMEM;

  memset(*pconn, 0, sizeof(sasl_server_conn_t));

#ifdef _SUN_SDK_
  (*pconn)->gctx = gctx;
#endif /* _SUN_SDK_ */

  serverconn = (sasl_server_conn_t *)*pconn;

  /* make sparams */
  serverconn->sparams=sasl_ALLOC(sizeof(sasl_server_params_t));
  if (serverconn->sparams==NULL)
      MEMERROR(*pconn);

  memset(serverconn->sparams, 0, sizeof(sasl_server_params_t));

  (*pconn)->destroy_conn = &server_dispose;
  result = _sasl_conn_init(*pconn, service, flags, SASL_CONN_SERVER,
			   &server_idle, serverFQDN,
			   iplocalport, ipremoteport,
#ifdef _SUN_SDK_
			   callbacks, &gctx->server_global_callbacks);
#else
			   callbacks, &global_callbacks);
#endif /* _SUN_SDK_ */
  if (result != SASL_OK)
      goto done_error;


  /* set util functions - need to do rest */
#ifdef _SUN_SDK_
  utils=_sasl_alloc_utils(gctx, *pconn, &gctx->server_global_callbacks);
#else
  utils=_sasl_alloc_utils(*pconn, &global_callbacks);
#endif /* _SUN_SDK_ */
  if (!utils) {
      result = SASL_NOMEM;
      goto done_error;
  }

#ifdef _SUN_SDK_
  utils->checkpass = &_sasl_checkpass;
#else /* _SUN_SDK_ */
  utils->checkpass = &sasl_checkpass;
#endif /* _SUN_SDK_ */

  /* Setup the propctx -> We'll assume the default size */
  serverconn->sparams->propctx=prop_new(0);
  if(!serverconn->sparams->propctx) {
      result = SASL_NOMEM;
      goto done_error;
  }

  serverconn->sparams->service = (*pconn)->service;
  serverconn->sparams->servicelen = strlen((*pconn)->service);

#ifdef _SUN_SDK_
  serverconn->sparams->appname = gctx->server_global_callbacks.appname;
  serverconn->sparams->applen = strlen(gctx->server_global_callbacks.appname);
#else
  serverconn->sparams->appname = global_callbacks.appname;
  serverconn->sparams->applen = strlen(global_callbacks.appname);
#endif /* _SUN_SDK_ */

  serverconn->sparams->serverFQDN = (*pconn)->serverFQDN;
  serverconn->sparams->slen = strlen((*pconn)->serverFQDN);

  if (user_realm) {
      result = _sasl_strdup(user_realm, &serverconn->user_realm, NULL);
      serverconn->sparams->urlen = strlen(user_realm);
      serverconn->sparams->user_realm = serverconn->user_realm;
  } else {
      serverconn->user_realm = NULL;
      /* the sparams is already zeroed */
  }

#ifdef _SUN_SDK_
  serverconn->sparams->iplocalport = (*pconn)->iplocalport;
  serverconn->sparams->iploclen = strlen((*pconn)->iplocalport);
  serverconn->sparams->ipremoteport = (*pconn)->ipremoteport;
  serverconn->sparams->ipremlen = strlen((*pconn)->ipremoteport);

  serverconn->sparams->callbacks = callbacks;
#endif /* _SUN_SDK_ */

  log_level = NULL;
  if(_sasl_getcallback(*pconn, SASL_CB_GETOPT, &getopt, &context) == SASL_OK) {
    getopt(context, NULL, "log_level", &log_level, NULL);
  }
  serverconn->sparams->log_level = log_level ? atoi(log_level) : SASL_LOG_ERR;

  serverconn->sparams->utils = utils;
  serverconn->sparams->transition = &_sasl_transition;
  serverconn->sparams->canon_user = &_sasl_canon_user;
  serverconn->sparams->props = serverconn->base.props;
  serverconn->sparams->flags = flags;

  if(result == SASL_OK) return SASL_OK;

 done_error:
  _sasl_conn_dispose(*pconn);
  sasl_FREE(*pconn);
  *pconn = NULL;
  return result;
}

/*
 * The rule is:
 * IF mech strength + external strength < min ssf THEN FAIL
 * We also have to look at the security properties and make sure
 * that this mechanism has everything we want
 */
static int mech_permitted(sasl_conn_t *conn,
			  mechanism_t *mech)
{
    sasl_server_conn_t *s_conn = (sasl_server_conn_t *)conn;
    const sasl_server_plug_t *plug;
    int myflags;
    context_list_t *cur;
    sasl_getopt_t *getopt;
    void *context;
    sasl_ssf_t minssf = 0;
#ifdef _SUN_SDK_
    _sasl_global_context_t *gctx;
#endif /* _SUN_SDK_ */

    if(!conn) return 0;

#ifdef _SUN_SDK_
    gctx = conn->gctx;
#endif /* _SUN_SDK_ */

    if(! mech || ! mech->plug) {
#ifdef _SUN_SDK_
	if(conn) _sasl_log(conn, SASL_LOG_WARN, "Parameter error");
#else
	PARAMERROR(conn);
#endif /* _SUN_SDK_ */
	return 0;
    }

    plug = mech->plug;

    /* get the list of allowed mechanisms (default = all) */
    if (_sasl_getcallback(conn, SASL_CB_GETOPT, &getopt, &context)
            == SASL_OK) {
	const char *mlist = NULL;

	getopt(context, NULL, "mech_list", &mlist, NULL);

	/* if we have a list, check the plugin against it */
	if (mlist) {
	    const char *cp;

	    while (*mlist) {
		for (cp = mlist; *cp && !isspace((int) *cp); cp++);
		if (((size_t) (cp - mlist) == strlen(plug->mech_name)) &&
		    !strncasecmp(mlist, plug->mech_name,
				 strlen(plug->mech_name))) {
		    break;
		}
		mlist = cp;
		while (*mlist && isspace((int) *mlist)) mlist++;
	    }

	    if (!*mlist) return 0;  /* reached EOS -> not in our list */
	}
    }

    /* setup parameters for the call to mech_avail */
    s_conn->sparams->serverFQDN=conn->serverFQDN;
    s_conn->sparams->service=conn->service;
    s_conn->sparams->user_realm=s_conn->user_realm;
    s_conn->sparams->props=conn->props;
    s_conn->sparams->external_ssf=conn->external.ssf;

    /* Check if we have banished this one already */
    for(cur = s_conn->mech_contexts; cur; cur=cur->next) {
	if(cur->mech == mech) {
	    /* If it's not mech_avail'd, then stop now */
	    if(!cur->context) return 0;
	    break;
	}
    }

    /* EXPORT DELETE START */
    /* CRYPT DELETE START */
#ifdef _INTEGRATED_SOLARIS_
    if (!mech->sun_reg) {
	s_conn->sparams->props.min_ssf = 0;
	s_conn->sparams->props.max_ssf = 0;
    }
    s_conn->base.sun_reg = mech->sun_reg;
#endif /* _INTEGRATED_SOLARIS_ */
    /* CRYPT DELETE END */
    /* EXPORT DELETE END */
    if (conn->props.min_ssf < conn->external.ssf) {
	minssf = 0;
    } else {
	minssf = conn->props.min_ssf - conn->external.ssf;
    }

    /* Generic mechanism */
    /* EXPORT DELETE START */
    /* CRYPT DELETE START */
#ifdef _INTEGRATED_SOLARIS_
    /* If not SUN supplied mech, it has no strength */
    if (plug->max_ssf < minssf || (minssf > 0 && !mech->sun_reg)) {
#else
    /* CRYPT DELETE END */
    /* EXPORT DELETE END */
    if (plug->max_ssf < minssf) {
    /* EXPORT DELETE START */
    /* CRYPT DELETE START */
#endif /* _INTEGRATED_SOLARIS_ */
    /* CRYPT DELETE END */
    /* EXPORT DELETE END */
#ifdef _INTEGRATED_SOLARIS_
	sasl_seterror(conn, SASL_NOLOG,
		      gettext("mech %s is too weak"), plug->mech_name);
#else
	sasl_seterror(conn, SASL_NOLOG,
		      "mech %s is too weak", plug->mech_name);
#endif /* _INTEGRATED_SOLARIS_ */
	return 0; /* too weak */
    }

    context = NULL;
    if(plug->mech_avail
#ifdef _SUN_SDK_
       && plug->mech_avail(mech->glob_context,
#else
       && plug->mech_avail(plug->glob_context,
#endif /* _SUN_SDK_ */
			   s_conn->sparams, (void **)&context) != SASL_OK ) {
	/* Mark this mech as no good for this connection */
	cur = sasl_ALLOC(sizeof(context_list_t));
	if(!cur) {
#ifdef _SUN_SDK_
	    if(conn) _sasl_log(conn, SASL_LOG_WARN, "Out of Memory");
#else
	    MEMERROR(conn);
#endif /* _SUN_SDK_ */
	    return 0;
	}
	cur->context = NULL;
	cur->mech = mech;
	cur->next = s_conn->mech_contexts;
	s_conn->mech_contexts = cur;

	/* Error should be set by mech_avail call */
	return 0;
    } else if(context) {
	/* Save this context */
	cur = sasl_ALLOC(sizeof(context_list_t));
	if(!cur) {
#ifdef _SUN_SDK_
	    if(conn) _sasl_log(conn, SASL_LOG_WARN, "Out of Memory");
#else
	    MEMERROR(conn);
#endif /* _SUN_SDK_ */
	    return 0;
	}
	cur->context = context;
	cur->mech = mech;
	cur->next = s_conn->mech_contexts;
	s_conn->mech_contexts = cur;
    }

    /* Generic mechanism */
    /* EXPORT DELETE START */
    /* CRYPT DELETE START */
#ifdef _INTEGRATED_SOLARIS_
    /* If not SUN supplied mech, it has no strength */
    if (plug->max_ssf < minssf || (minssf > 0 && !mech->sun_reg)) {
#else
    /* CRYPT DELETE END */
    /* EXPORT DELETE END */
    if (plug->max_ssf < minssf) {
    /* EXPORT DELETE START */
    /* CRYPT DELETE START */
#endif /* _INTEGRATED_SOLARIS_ */
    /* CRYPT DELETE END */
    /* EXPORT DELETE END */
#ifdef _INTEGRATED_SOLARIS_
	sasl_seterror(conn, SASL_NOLOG, gettext("too weak"));
#else
	sasl_seterror(conn, SASL_NOLOG, "too weak");
#endif /* _INTEGRATED_SOLARIS_ */
	return 0; /* too weak */
    }

#ifndef _SUN_SDK_
    /* if there are no users in the secrets database we can't use this
       mechanism */
    if (mech->condition == SASL_NOUSER) {
	sasl_seterror(conn, 0, "no users in secrets db");
	return 0;
    }
#endif /* !_SUN_SDK_ */

    /* Can it meet our features? */
    if ((conn->flags & SASL_NEED_PROXY) &&
	!(plug->features & SASL_FEAT_ALLOWS_PROXY)) {
	return 0;
    }

    /* security properties---if there are any flags that differ and are
       in what the connection are requesting, then fail */

    /* special case plaintext */
    myflags = conn->props.security_flags;

    /* if there's an external layer this is no longer plaintext */
    if ((conn->props.min_ssf <= conn->external.ssf) &&
	(conn->external.ssf > 1)) {
	myflags &= ~SASL_SEC_NOPLAINTEXT;
    }

    /* do we want to special case SASL_SEC_PASS_CREDENTIALS? nah.. */
    if (((myflags ^ plug->security_flags) & myflags) != 0) {
#ifdef _INTEGRATED_SOLARIS_
	sasl_seterror(conn, SASL_NOLOG,
		      gettext("security flags do not match required"));
#else
	sasl_seterror(conn, SASL_NOLOG,
		      "security flags do not match required");
#endif /* _INTEGRATED_SOLARIS_ */
	return 0;
    }

    /* Check Features */
    if(plug->features & SASL_FEAT_GETSECRET) {
	/* We no longer support sasl_server_{get,put}secret */
#ifdef _SUN_SDK_
	_sasl_log(conn, SASL_LOG_ERR,
		  "mech %s requires unprovided secret facility",
		  plug->mech_name);
#else
	sasl_seterror(conn, 0,
		      "mech %s requires unprovided secret facility",
		      plug->mech_name);
#endif /* _SUN_SDK_ */
	return 0;
    }

    return 1;
}

/*
 * make the authorization
 *
 */

static int do_authorization(sasl_server_conn_t *s_conn)
{
    int ret;
    sasl_authorize_t *authproc;
    void *auth_context;

    /* now let's see if authname is allowed to proxy for username! */

    /* check the proxy callback */
    if (_sasl_getcallback(&s_conn->base, SASL_CB_PROXY_POLICY,
			  &authproc, &auth_context) != SASL_OK) {
	INTERROR(&s_conn->base, SASL_NOAUTHZ);
    }

    ret = authproc(&(s_conn->base), auth_context,
		   s_conn->base.oparams.user, s_conn->base.oparams.ulen,
		   s_conn->base.oparams.authid, s_conn->base.oparams.alen,
		   s_conn->user_realm,
		   (s_conn->user_realm ? strlen(s_conn->user_realm) : 0),
		   s_conn->sparams->propctx);

    RETURN(&s_conn->base, ret);
}


/* start a mechanism exchange within a connection context
 *  mech           -- the mechanism name client requested
 *  clientin       -- client initial response (NUL terminated), NULL if empty
 *  clientinlen    -- length of initial response
 *  serverout      -- initial server challenge, NULL if done
 *                    (library handles freeing this string)
 *  serveroutlen   -- length of initial server challenge
#ifdef _SUN_SDK_
 * conn            -- the sasl connection
#else
 * output:
 *  pconn          -- the connection negotiation state on success
#endif
 *
 * Same returns as sasl_server_step() or
 * SASL_NOMECH if mechanism not available.
 */
int sasl_server_start(sasl_conn_t *conn,
		      const char *mech,
		      const char *clientin,
		      unsigned clientinlen,
		      const char **serverout,
		      unsigned *serveroutlen)
{
    sasl_server_conn_t *s_conn=(sasl_server_conn_t *) conn;
    int result;
    context_list_t *cur, **prev;
    mechanism_t *m;

#ifdef _SUN_SDK_
    _sasl_global_context_t *gctx =
		 (conn == NULL) ? _sasl_gbl_ctx() : conn->gctx;
    mech_list_t *mechlist;

    if (gctx->sasl_server_active==0) return SASL_NOTINIT;
    if (! conn)
	return SASL_BADPARAM;

    (void)_load_server_plugins(gctx);
    mechlist = gctx->mechlist;
    m=mechlist->mech_list;
    result = load_config(gctx, _sasl_find_verifyfile_callback(
	gctx->server_global_callbacks.callbacks));
    if (result != SASL_OK)
	return (result);
#else
    if (_sasl_server_active==0) return SASL_NOTINIT;

    /* make sure mech is valid mechanism
       if not return appropriate error */
    m=mechlist->mech_list;

    /* check parameters */
    if(!conn) return SASL_BADPARAM;
#endif /* _SUN_SDK_ */

    if (!mech || ((clientin==NULL) && (clientinlen>0)))
	PARAMERROR(conn);

    if(serverout) *serverout = NULL;
    if(serveroutlen) *serveroutlen = 0;

    while (m!=NULL)
    {
	if ( strcasecmp(mech,m->plug->mech_name)==0)
	{
	    break;
	}
	m=m->next;
    }

    if (m==NULL) {
#ifdef _INTEGRATED_SOLARIS_
	sasl_seterror(conn, 0, gettext("Couldn't find mech %s"), mech);
#else
	sasl_seterror(conn, 0, "Couldn't find mech %s", mech);
#endif /* _INTEGRATED_SOLARIS_ */
	result = SASL_NOMECH;
	goto done;
    }

#ifdef _SUN_SDK_
    server_dispose_mech_contexts(conn);
#endif /*_SUN_SDK_ */

    /* Make sure that we're willing to use this mech */
    if (! mech_permitted(conn, m)) {
	result = SASL_NOMECH;
	goto done;
    }

#ifdef _SUN_SDK_
    if(conn->context) {
	s_conn->mech->plug->mech_dispose(conn->context, s_conn->sparams->utils);
	conn->context = NULL;
    }
    memset(&conn->oparams, 0, sizeof(sasl_out_params_t));
#else
    if (m->condition == SASL_CONTINUE) {
	sasl_server_plug_init_t *entry_point;
	void *library = NULL;
	sasl_server_plug_t *pluglist;
	int version, plugcount;
	int l = 0;

	/* need to load this plugin */
	result = _sasl_get_plugin(m->f,
		    _sasl_find_verifyfile_callback(global_callbacks.callbacks),
				  &library);

	if (result == SASL_OK) {
	    result = _sasl_locate_entry(library, "sasl_server_plug_init",
					(void **)&entry_point);
	}

	if (result == SASL_OK) {
	    result = entry_point(mechlist->utils, SASL_SERVER_PLUG_VERSION,
				 &version, &pluglist, &plugcount);
	}

	if (result == SASL_OK) {
	    /* find the correct mechanism in this plugin */
	    for (l = 0; l < plugcount; l++) {
		if (!strcasecmp(pluglist[l].mech_name,
				m->plug->mech_name)) break;
	    }
	    if (l == plugcount) {
		result = SASL_NOMECH;
	    }
	}
	if (result == SASL_OK) {
	    /* check that the parameters are the same */
	    if ((pluglist[l].max_ssf != m->plug->max_ssf) ||
		(pluglist[l].security_flags != m->plug->security_flags)) {
		_sasl_log(conn, SASL_LOG_ERR,
			  "%s: security parameters don't match mechlist file",
			  pluglist[l].mech_name);
		result = SASL_NOMECH;
	    }
	}
	if (result == SASL_OK) {
	    /* copy mechlist over */
	    sasl_FREE((sasl_server_plug_t *) m->plug);
	    m->plug = &pluglist[l];
	    m->condition = SASL_OK;
	}

	if (result != SASL_OK) {
	    /* The library will eventually be freed, don't sweat it */
	    RETURN(conn, result);
	}
    }
#endif /* !_SUN_SDK_ */

    /* We used to setup sparams HERE, but now it's done
       inside of mech_permitted (which is called above) */
    prev = &s_conn->mech_contexts;
    for(cur = *prev; cur; prev=&cur->next,cur=cur->next) {
	if(cur->mech == m) {
	    if(!cur->context) {
#ifdef _SUN_SDK_
		_sasl_log(conn, SASL_LOG_ERR,
			  "Got past mech_permitted with a disallowed mech!");
#else
		sasl_seterror(conn, 0,
			      "Got past mech_permitted with a disallowed mech!");
#endif /* _SUN_SDK_ */
		return SASL_NOMECH;
	    }
	    /* If we find it, we need to pull cur out of the
	       list so it won't be freed later! */
	    (*prev)->next = cur->next;
	    conn->context = cur->context;
	    sasl_FREE(cur);
	}
    }

    s_conn->mech = m;

    if(!conn->context) {
	/* Note that we don't hand over a new challenge */
#ifdef _SUN_SDK_
	result = s_conn->mech->plug->mech_new(s_conn->mech->glob_context,
#else
	result = s_conn->mech->plug->mech_new(s_conn->mech->plug->glob_context,
#endif /* _SUN_SDK_ */
					      s_conn->sparams,
					      NULL,
					      0,
					      &(conn->context));
    } else {
	/* the work was already done by mech_avail! */
	result = SASL_OK;
    }

    if (result == SASL_OK) {
         if(clientin) {
            if(s_conn->mech->plug->features & SASL_FEAT_SERVER_FIRST) {
                /* Remote sent first, but mechanism does not support it.
                 * RFC 2222 says we fail at this point. */
#ifdef _SUN_SDK_
		_sasl_log(conn, SASL_LOG_ERR,
                          "Remote sent first but mech does not allow it.");
#else
                sasl_seterror(conn, 0,
                              "Remote sent first but mech does not allow it.");
#endif /* _SUN_SDK_ */
                result = SASL_BADPROT;
            } else {
                /* Mech wants client-first, so let them have it */
                result = sasl_server_step(conn,
                                          clientin, clientinlen,
                                          serverout, serveroutlen);
            }
        } else {
            if(s_conn->mech->plug->features & SASL_FEAT_WANT_CLIENT_FIRST) {
                /* Mech wants client first anyway, so we should do that */
                *serverout = "";
                *serveroutlen = 0;
                result = SASL_CONTINUE;
            } else {
                /* Mech wants server-first, so let them have it */
                result = sasl_server_step(conn,
                                          clientin, clientinlen,
                                          serverout, serveroutlen);
            }
	}
    }

 done:
    if(   result != SASL_OK
       && result != SASL_CONTINUE
       && result != SASL_INTERACT) {
	if(conn->context) {
	    s_conn->mech->plug->mech_dispose(conn->context,
					     s_conn->sparams->utils);
	    conn->context = NULL;
	}
    }

    RETURN(conn,result);
}


/* perform one step of the SASL exchange
 *  inputlen & input -- client data
 *                      NULL on first step if no optional client step
 *  outputlen & output -- set to the server data to transmit
 *                        to the client in the next step
 *                        (library handles freeing this)
 *
 * returns:
 *  SASL_OK        -- exchange is complete.
 *  SASL_CONTINUE  -- indicates another step is necessary.
 *  SASL_TRANS     -- entry for user exists, but not for mechanism
 *                    and transition is possible
 *  SASL_BADPARAM  -- service name needed
 *  SASL_BADPROT   -- invalid input from client
 *  ...
 */

int sasl_server_step(sasl_conn_t *conn,
		     const char *clientin,
		     unsigned clientinlen,
		     const char **serverout,
		     unsigned *serveroutlen)
{
    int ret;
    sasl_server_conn_t *s_conn = (sasl_server_conn_t *) conn;  /* cast */

#ifdef _SUN_SDK_
    _sasl_global_context_t *gctx =
		 (conn == NULL) ? _sasl_gbl_ctx() : conn->gctx;

    /* check parameters */
    if (gctx->sasl_server_active==0) return SASL_NOTINIT;
#else
    /* check parameters */
    if (_sasl_server_active==0) return SASL_NOTINIT;
#endif /* _SUN_SDK_ */
    if (!conn) return SASL_BADPARAM;
    if ((clientin==NULL) && (clientinlen>0))
	PARAMERROR(conn);

    /* If we've already done the last send, return! */
    if(s_conn->sent_last == 1) {
	return SASL_OK;
    }

    /* Don't do another step if the plugin told us that we're done */
    if (conn->oparams.doneflag) {
	_sasl_log(conn, SASL_LOG_ERR, "attempting server step after doneflag");
	return SASL_FAIL;
    }

    if(serverout) *serverout = NULL;
    if(serveroutlen) *serveroutlen = 0;

    ret = s_conn->mech->plug->mech_step(conn->context,
					s_conn->sparams,
					clientin,
					clientinlen,
					serverout,
					serveroutlen,
					&conn->oparams);

    if (ret == SASL_OK) {
	ret = do_authorization(s_conn);
    }

    if (ret == SASL_OK) {
	/* if we're done, we need to watch out for the following:
	 * 1. the mech does server-send-last
	 * 2. the protocol does not
	 *
	 * in this case, return SASL_CONTINUE and remember we are done.
	 */
	if(*serverout && !(conn->flags & SASL_SUCCESS_DATA)) {
	    s_conn->sent_last = 1;
	    ret = SASL_CONTINUE;
	}
	if(!conn->oparams.maxoutbuf) {
	    conn->oparams.maxoutbuf = conn->props.maxbufsize;
	}

	if(conn->oparams.user == NULL || conn->oparams.authid == NULL) {
#ifdef _SUN_SDK_
	    _sasl_log(conn, SASL_LOG_ERR,
		      "mech did not call canon_user for both authzid "
		      "and authid");
#else
	    sasl_seterror(conn, 0,
			  "mech did not call canon_user for both authzid " \
			  "and authid");
#endif /* _SUN_SDK_ */
	    ret = SASL_BADPROT;
	}
    }

    if(   ret != SASL_OK
       && ret != SASL_CONTINUE
       && ret != SASL_INTERACT) {
	if(conn->context) {
	    s_conn->mech->plug->mech_dispose(conn->context,
					     s_conn->sparams->utils);
	    conn->context = NULL;
	}
    }

    RETURN(conn, ret);
}

/* returns the length of all the mechanisms
 * added up
 */

#ifdef _SUN_SDK_
static unsigned mech_names_len(_sasl_global_context_t *gctx)
{
  mech_list_t *mechlist = gctx->mechlist;
#else
static unsigned mech_names_len()
{
#endif /* _SUN_SDK_ */
  mechanism_t *listptr;
  unsigned result = 0;

  for (listptr = mechlist->mech_list;
       listptr;
       listptr = listptr->next)
    result += strlen(listptr->plug->mech_name);

  return result;
}

/* This returns a list of mechanisms in a NUL-terminated string
 *
 * The default behavior is to seperate with spaces if sep==NULL
 */
int _sasl_server_listmech(sasl_conn_t *conn,
			  const char *user __attribute__((unused)),
			  const char *prefix,
			  const char *sep,
			  const char *suffix,
			  const char **result,
			  unsigned *plen,
			  int *pcount)
{
  int lup;
  mechanism_t *listptr;
  int ret;
  int resultlen;
  int flag;
  const char *mysep;

#ifdef _SUN_SDK_
  _sasl_global_context_t *gctx;
   mech_list_t *mechlist;

  if (!conn) return SASL_BADPARAM;
   /* if there hasn't been a sasl_sever_init() fail */
  gctx = conn->gctx;
  if (gctx->sasl_server_active==0) return SASL_NOTINIT;

  (void)_load_server_plugins(gctx);
  mechlist = gctx->mechlist;
#else
  /* if there hasn't been a sasl_sever_init() fail */
  if (_sasl_server_active==0) return SASL_NOTINIT;
  if (!conn) return SASL_BADPARAM;
#endif /* _SUN_SDK_ */
  if (conn->type != SASL_CONN_SERVER) PARAMERROR(conn);

  if (! result)
      PARAMERROR(conn);

  if (plen != NULL)
      *plen = 0;
  if (pcount != NULL)
      *pcount = 0;

  if (sep) {
      mysep = sep;
  } else {
      mysep = " ";
  }

  if (! mechlist || mechlist->mech_length <= 0)
      INTERROR(conn, SASL_NOMECH);

  resultlen = (prefix ? strlen(prefix) : 0)
            + (strlen(mysep) * (mechlist->mech_length - 1))
#ifdef _SUN_SDK_
	    + mech_names_len(gctx)
#else
	    + mech_names_len()
#endif /* _SUN_SDK_ */
            + (suffix ? strlen(suffix) : 0)
	    + 1;
  ret = _buf_alloc(&conn->mechlist_buf,
		   &conn->mechlist_buf_len, resultlen);
  if(ret != SASL_OK) MEMERROR(conn);

  if (prefix)
    strcpy (conn->mechlist_buf,prefix);
  else
    *(conn->mechlist_buf) = '\0';

  listptr = mechlist->mech_list;

  flag = 0;
  /* make list */
  for (lup = 0; lup < mechlist->mech_length; lup++) {
      /* currently, we don't use the "user" parameter for anything */
      if (mech_permitted(conn, listptr)) {
	  if (pcount != NULL)
	      (*pcount)++;

	  /* print seperator */
	  if (flag) {
	      strcat(conn->mechlist_buf, mysep);
	  } else {
	      flag = 1;
	  }

	  /* now print the mechanism name */
	  strcat(conn->mechlist_buf, listptr->plug->mech_name);
      }

      listptr = listptr->next;
  }

  if (suffix)
      strcat(conn->mechlist_buf,suffix);

  if (plen!=NULL)
      *plen=strlen(conn->mechlist_buf);

  *result = conn->mechlist_buf;

  return SASL_OK;
}

#ifdef _SUN_SDK_
sasl_string_list_t *_sasl_server_mechs(_sasl_global_context_t *gctx)
#else
sasl_string_list_t *_sasl_server_mechs(void)
#endif /* _SUN_SDK_ */
{
  mechanism_t *listptr;
  sasl_string_list_t *retval = NULL, *next=NULL;
#ifdef _SUN_SDK_
  mech_list_t *mechlist = gctx->mechlist;

  if(!gctx->sasl_server_active) return NULL;
#else
  if(!_sasl_server_active) return NULL;
#endif /* _SUN_SDK_ */

  /* make list */
  for (listptr = mechlist->mech_list; listptr; listptr = listptr->next) {
      next = sasl_ALLOC(sizeof(sasl_string_list_t));

      if(!next && !retval) return NULL;
      else if(!next) {
	  next = retval->next;
	  do {
	      sasl_FREE(retval);
	      retval = next;
	      next = retval->next;
	  } while(next);
	  return NULL;
      }

      next->d = listptr->plug->mech_name;

      if(!retval) {
	  next->next = NULL;
	  retval = next;
      } else {
	  next->next = retval;
	  retval = next;
      }
  }

  return retval;
}

#define EOSTR(s,n) (((s)[n] == '\0') || ((s)[n] == ' ') || ((s)[n] == '\t'))
static int is_mech(const char *t, const char *m)
{
    int sl = strlen(m);
    return ((!strncasecmp(m, t, sl)) && EOSTR(t, sl));
}

/* returns OK if it's valid */
static int _sasl_checkpass(sasl_conn_t *conn,
			   const char *user,
			   unsigned userlen __attribute__((unused)),
			   const char *pass,
			   unsigned passlen __attribute__((unused)))
{
    sasl_server_conn_t *s_conn = (sasl_server_conn_t *) conn;
    int result;
    sasl_getopt_t *getopt;
    sasl_server_userdb_checkpass_t *checkpass_cb;
    void *context;
    const char *mlist = NULL, *mech = NULL;
    struct sasl_verify_password_s *v;
    const char *service = conn->service;

    /* call userdb callback function, if available */
    result = _sasl_getcallback(conn, SASL_CB_SERVER_USERDB_CHECKPASS,
			       &checkpass_cb, &context);
    if(result == SASL_OK && checkpass_cb) {
	result = checkpass_cb(conn, context, user, pass, strlen(pass),
			      s_conn->sparams->propctx);
	if(result == SASL_OK)
	    return SASL_OK;
    }

    /* figure out how to check (i.e. auxprop or saslauthd or pwcheck) */
    if (_sasl_getcallback(conn, SASL_CB_GETOPT, &getopt, &context)
            == SASL_OK) {
        getopt(context, NULL, "pwcheck_method", &mlist, NULL);
    }

    if(!mlist) mlist = DEFAULT_CHECKPASS_MECH;

    result = SASL_NOMECH;

    mech = mlist;
    while (*mech && result != SASL_OK) {
	for (v = _sasl_verify_password; v->name; v++) {
	    if(is_mech(mech, v->name)) {
		result = v->verify(conn, user, pass, service,
				   s_conn->user_realm);
		break;
	    }
	}
	if (result != SASL_OK) {
	    /* skip to next mech in list */
	    while (*mech && !isspace((int) *mech)) mech++;
	    while (*mech && isspace((int) *mech)) mech++;
	}
    }

    if (result == SASL_NOMECH) {
	/* no mechanism available ?!? */
	_sasl_log(conn, SASL_LOG_ERR, "unknown password verifier %s", mech);
    }

    if (result != SASL_OK)
#ifdef _INTEGRATED_SOLARIS_
	sasl_seterror(conn, SASL_NOLOG, gettext("checkpass failed"));
#else
	sasl_seterror(conn, SASL_NOLOG, "checkpass failed");
#endif /* _INTEGRATED_SOLARIS_ */

    RETURN(conn, result);
}

/* check if a plaintext password is valid
 *   if user is NULL, check if plaintext passwords are enabled
 * inputs:
 *  user          -- user to query in current user_domain
 *  userlen       -- length of username, 0 = strlen(user)
 *  pass          -- plaintext password to check
 *  passlen       -- length of password, 0 = strlen(pass)
 * returns
 *  SASL_OK       -- success
 *  SASL_NOMECH   -- mechanism not supported
 *  SASL_NOVERIFY -- user found, but no verifier
 *  SASL_NOUSER   -- user not found
 */
int sasl_checkpass(sasl_conn_t *conn,
		   const char *user,
#ifdef _SUN_SDK_
		   unsigned userlen,
#else /* _SUN_SDK_ */
		   unsigned userlen __attribute__((unused)),
#endif /* _SUN_SDK_ */
		   const char *pass,
		   unsigned passlen)
{
    int result;

#ifdef _SUN_SDK_
    _sasl_global_context_t *gctx =
		 (conn == NULL) ? _sasl_gbl_ctx() : conn->gctx;

    if (gctx->sasl_server_active==0) return SASL_NOTINIT;

    /* A NULL user means the caller is checking if plaintext authentication
     * is enabled.  But if no connection context is supplied, we have no
     * appropriate policy to check against.  So for consistant global
     * behavior we always say plaintext is enabled in this case.
     */
    if (!user && !conn) return SASL_OK;

    if (!conn) return SASL_BADPARAM;

    /* Check connection security policy to see if plaintext password
     * authentication is permitted.
     *
     * XXX TODO FIXME:
     * This should call mech_permitted with the PLAIN mechanism,
     * since all plaintext mechanisms should fall under the same
     * security policy guidelines.  But to keep code changes and
     * risk to a minimum at this juncture, we do the minimal
     * security strength and plaintext policy checks which are
     * most likely to be deployed and useful in the field.
     */
    if (conn->props.min_ssf > conn->external.ssf)
      RETURN(conn, SASL_TOOWEAK);
    if ((conn->props.security_flags & SASL_SEC_NOPLAINTEXT) != 0
      && conn->external.ssf == 0)
      RETURN(conn, SASL_ENCRYPT);

    if (!user)
      return SASL_OK;
#else
    if (_sasl_server_active==0) return SASL_NOTINIT;

    /* check if it's just a query if we are enabled */
    if (!user)
	return SASL_OK;

    if (!conn) return SASL_BADPARAM;
#endif /* _SUN_SDK_ */

    /* check params */
    if (pass == NULL)
	PARAMERROR(conn);

    /* canonicalize the username */
    result = _sasl_canon_user(conn, user, 0,
			      SASL_CU_AUTHID | SASL_CU_AUTHZID,
			      &(conn->oparams));
    if(result != SASL_OK) RETURN(conn, result);
    user = conn->oparams.user;

    /* Check the password */
    result = _sasl_checkpass(conn, user, strlen(user), pass, strlen(pass));

#ifdef _SUN_SDK_
    if (result == SASL_OK) {
      result = do_authorization((sasl_server_conn_t *) conn);
    }
#endif /* _SUN_SDK_ */

    if (result == SASL_OK)
	result = _sasl_transition(conn, pass, passlen);

    RETURN(conn,result);
}

/* check if a user exists on server
 *  conn          -- connection context (may be NULL, used to hold last error)
 *  service       -- registered name of the service using SASL (e.g. "imap")
 *  user_realm    -- permits multiple user realms on server, NULL = default
 *  user          -- NUL terminated user name
 *
 * returns:
 *  SASL_OK       -- success
 *  SASL_DISABLED -- account disabled [FIXME: currently not detected]
 *  SASL_NOUSER   -- user not found
 *  SASL_NOVERIFY -- user found, but no usable mechanism [FIXME: not supported]
 *  SASL_NOMECH   -- no mechanisms enabled
 */
int sasl_user_exists(sasl_conn_t *conn,
		     const char *service,
		     const char *user_realm,
		     const char *user)
{
    int result=SASL_NOMECH;
    const char *mlist = NULL, *mech = NULL;
    void *context;
    sasl_getopt_t *getopt;
    struct sasl_verify_password_s *v;

#ifdef _SUN_SDK_
    _sasl_global_context_t *gctx =
		 (conn == NULL) ? _sasl_gbl_ctx() : conn->gctx;

    /* check params */
    if (gctx->sasl_server_active==0) return SASL_NOTINIT;
#else
    /* check params */
    if (_sasl_server_active==0) return SASL_NOTINIT;
#endif /* _SUN_SDK_ */
    if (!conn) return SASL_BADPARAM;
    if (!user || conn->type != SASL_CONN_SERVER)
	PARAMERROR(conn);

    if(!service) service = conn->service;

    /* figure out how to check (i.e. auxprop or saslauthd or pwcheck) */
    if (_sasl_getcallback(conn, SASL_CB_GETOPT, &getopt, &context)
            == SASL_OK) {
        getopt(context, NULL, "pwcheck_method", &mlist, NULL);
    }

    if(!mlist) mlist = DEFAULT_CHECKPASS_MECH;

    result = SASL_NOMECH;

    mech = mlist;
    while (*mech && result != SASL_OK) {
	for (v = _sasl_verify_password; v->name; v++) {
	    if(is_mech(mech, v->name)) {
		result = v->verify(conn, user, NULL, service, user_realm);
		break;
	    }
	}
	if (result != SASL_OK) {
	    /* skip to next mech in list */
	    while (*mech && !isspace((int) *mech)) mech++;
	    while (*mech && isspace((int) *mech)) mech++;
	}
    }

    /* Screen out the SASL_BADPARAM response
     * we'll get from not giving a password */
    if(result == SASL_BADPARAM) {
	result = SASL_OK;
    }

    if (result == SASL_NOMECH) {
	/* no mechanism available ?!? */
	_sasl_log(conn, SASL_LOG_ERR, "no plaintext password verifier?");
#ifndef _SUN_SDK_
	sasl_seterror(conn, SASL_NOLOG, "no plaintext password verifier?");
#endif /* !_SUN_SDK_ */
    }

    RETURN(conn, result);
}

/* check if an apop exchange is valid
 *  (note this is an optional part of the SASL API)
 *  if challenge is NULL, just check if APOP is enabled
 * inputs:
 *  challenge     -- challenge which was sent to client
 *  challen       -- length of challenge, 0 = strlen(challenge)
 *  response      -- client response, "<user> <digest>" (RFC 1939)
 *  resplen       -- length of response, 0 = strlen(response)
 * returns
 *  SASL_OK       -- success
 *  SASL_BADAUTH  -- authentication failed
 *  SASL_BADPARAM -- missing challenge
 *  SASL_BADPROT  -- protocol error (e.g., response in wrong format)
 *  SASL_NOVERIFY -- user found, but no verifier
 *  SASL_NOMECH   -- mechanism not supported
 *  SASL_NOUSER   -- user not found
 */
int sasl_checkapop(sasl_conn_t *conn,
#ifdef DO_SASL_CHECKAPOP
 		   const char *challenge,
 		   unsigned challen __attribute__((unused)),
 		   const char *response,
 		   unsigned resplen __attribute__((unused)))
#else
 		   const char *challenge __attribute__((unused)),
 		   unsigned challen __attribute__((unused)),
 		   const char *response __attribute__((unused)),
 		   unsigned resplen __attribute__((unused)))
#endif
{
#ifdef DO_SASL_CHECKAPOP
    sasl_server_conn_t *s_conn = (sasl_server_conn_t *) conn;
    char *user, *user_end;
    const char *password_request[] = { SASL_AUX_PASSWORD, NULL };
    size_t user_len;
    int result;
#ifdef _SUN_SDK_
    _sasl_global_context_t *gctx =
		 (conn == NULL) ? _sasl_gbl_ctx() : conn->gctx;

    if (gctx->sasl_server_active==0)
        return SASL_NOTINIT;
#else
    if (_sasl_server_active==0)
	return SASL_NOTINIT;
#endif /* _SUN_SDK_ */

    /* check if it's just a query if we are enabled */
    if(!challenge)
	return SASL_OK;

    /* check params */
    if (!conn) return SASL_BADPARAM;
    if (!response)
	PARAMERROR(conn);

    /* Parse out username and digest.
     *
     * Per RFC 1939, response must be "<user> <digest>", where
     * <digest> is a 16-octet value which is sent in hexadecimal
     * format, using lower-case ASCII characters.
     */
    user_end = strrchr(response, ' ');
    if (!user_end || strspn(user_end + 1, "0123456789abcdef") != 32)
    {
#ifdef _INTEGRATED_SOLARIS_
        sasl_seterror(conn, 0, gettext("Bad Digest"));
#else
        sasl_seterror(conn, 0, "Bad Digest");
#endif /* _INTEGRATED_SOLARIS_ */
        RETURN(conn,SASL_BADPROT);
    }

    user_len = (size_t)(user_end - response);
    user = sasl_ALLOC(user_len + 1);
    memcpy(user, response, user_len);
    user[user_len] = '\0';

    result = prop_request(s_conn->sparams->propctx, password_request);
    if(result != SASL_OK)
    {
        sasl_FREE(user);
        RETURN(conn, result);
    }

    /* Cannonify it */
    result = _sasl_canon_user(conn, user, user_len,
	                      SASL_CU_AUTHID | SASL_CU_AUTHZID,
	                      &(conn->oparams));
    sasl_FREE(user);

    if(result != SASL_OK) RETURN(conn, result);

    /* Do APOP verification */
    result = _sasl_auxprop_verify_apop(conn, conn->oparams.authid,
	challenge, user_end + 1, s_conn->user_realm);

    /* If verification failed, we don't want to encourage getprop to work */
    if(result != SASL_OK) {
	conn->oparams.user = NULL;
	conn->oparams.authid = NULL;
    }

    RETURN(conn, result);
#else /* sasl_checkapop was disabled at compile time */
    sasl_seterror(conn, SASL_NOLOG,
	"sasl_checkapop called, but was disabled at compile time");
    RETURN(conn, SASL_NOMECH);
#endif /* DO_SASL_CHECKAPOP */
}