1*7c478bd9Sstevel@tonic-gate /*
2*7c478bd9Sstevel@tonic-gate * Copyright 2003 Sun Microsystems, Inc. All rights reserved.
3*7c478bd9Sstevel@tonic-gate * Use is subject to license terms.
4*7c478bd9Sstevel@tonic-gate */
5*7c478bd9Sstevel@tonic-gate #pragma ident "%Z%%M% %I% %E% SMI"
6*7c478bd9Sstevel@tonic-gate
7*7c478bd9Sstevel@tonic-gate /* Plain SASL plugin
8*7c478bd9Sstevel@tonic-gate * Rob Siemborski
9*7c478bd9Sstevel@tonic-gate * Tim Martin
10*7c478bd9Sstevel@tonic-gate * $Id: plain.c,v 1.61 2003/03/26 17:18:04 rjs3 Exp $
11*7c478bd9Sstevel@tonic-gate */
12*7c478bd9Sstevel@tonic-gate
13*7c478bd9Sstevel@tonic-gate /*
14*7c478bd9Sstevel@tonic-gate * Copyright (c) 1998-2003 Carnegie Mellon University. All rights reserved.
15*7c478bd9Sstevel@tonic-gate *
16*7c478bd9Sstevel@tonic-gate * Redistribution and use in source and binary forms, with or without
17*7c478bd9Sstevel@tonic-gate * modification, are permitted provided that the following conditions
18*7c478bd9Sstevel@tonic-gate * are met:
19*7c478bd9Sstevel@tonic-gate *
20*7c478bd9Sstevel@tonic-gate * 1. Redistributions of source code must retain the above copyright
21*7c478bd9Sstevel@tonic-gate * notice, this list of conditions and the following disclaimer.
22*7c478bd9Sstevel@tonic-gate *
23*7c478bd9Sstevel@tonic-gate * 2. Redistributions in binary form must reproduce the above copyright
24*7c478bd9Sstevel@tonic-gate * notice, this list of conditions and the following disclaimer in
25*7c478bd9Sstevel@tonic-gate * the documentation and/or other materials provided with the
26*7c478bd9Sstevel@tonic-gate * distribution.
27*7c478bd9Sstevel@tonic-gate *
28*7c478bd9Sstevel@tonic-gate * 3. The name "Carnegie Mellon University" must not be used to
29*7c478bd9Sstevel@tonic-gate * endorse or promote products derived from this software without
30*7c478bd9Sstevel@tonic-gate * prior written permission. For permission or any other legal
31*7c478bd9Sstevel@tonic-gate * details, please contact
32*7c478bd9Sstevel@tonic-gate * Office of Technology Transfer
33*7c478bd9Sstevel@tonic-gate * Carnegie Mellon University
34*7c478bd9Sstevel@tonic-gate * 5000 Forbes Avenue
35*7c478bd9Sstevel@tonic-gate * Pittsburgh, PA 15213-3890
36*7c478bd9Sstevel@tonic-gate * (412) 268-4387, fax: (412) 268-7395
37*7c478bd9Sstevel@tonic-gate * tech-transfer@andrew.cmu.edu
38*7c478bd9Sstevel@tonic-gate *
39*7c478bd9Sstevel@tonic-gate * 4. Redistributions of any form whatsoever must retain the following
40*7c478bd9Sstevel@tonic-gate * acknowledgment:
41*7c478bd9Sstevel@tonic-gate * "This product includes software developed by Computing Services
42*7c478bd9Sstevel@tonic-gate * at Carnegie Mellon University (http://www.cmu.edu/computing/)."
43*7c478bd9Sstevel@tonic-gate *
44*7c478bd9Sstevel@tonic-gate * CARNEGIE MELLON UNIVERSITY DISCLAIMS ALL WARRANTIES WITH REGARD TO
45*7c478bd9Sstevel@tonic-gate * THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
46*7c478bd9Sstevel@tonic-gate * AND FITNESS, IN NO EVENT SHALL CARNEGIE MELLON UNIVERSITY BE LIABLE
47*7c478bd9Sstevel@tonic-gate * FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
48*7c478bd9Sstevel@tonic-gate * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN
49*7c478bd9Sstevel@tonic-gate * AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING
50*7c478bd9Sstevel@tonic-gate * OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
51*7c478bd9Sstevel@tonic-gate */
52*7c478bd9Sstevel@tonic-gate
53*7c478bd9Sstevel@tonic-gate #include <config.h>
54*7c478bd9Sstevel@tonic-gate #include <stdio.h>
55*7c478bd9Sstevel@tonic-gate #include <string.h>
56*7c478bd9Sstevel@tonic-gate #include <sasl.h>
57*7c478bd9Sstevel@tonic-gate #include <saslplug.h>
58*7c478bd9Sstevel@tonic-gate
59*7c478bd9Sstevel@tonic-gate #include "plugin_common.h"
60*7c478bd9Sstevel@tonic-gate
61*7c478bd9Sstevel@tonic-gate #ifndef _SUN_SDK_
62*7c478bd9Sstevel@tonic-gate #ifdef WIN32
63*7c478bd9Sstevel@tonic-gate /* This must be after sasl.h */
64*7c478bd9Sstevel@tonic-gate # include "saslPLAIN.h"
65*7c478bd9Sstevel@tonic-gate #endif /* WIN32 */
66*7c478bd9Sstevel@tonic-gate #endif /* !_SUN_SDK_ */
67*7c478bd9Sstevel@tonic-gate
68*7c478bd9Sstevel@tonic-gate #ifdef macintosh
69*7c478bd9Sstevel@tonic-gate #include <sasl_plain_plugin_decl.h>
70*7c478bd9Sstevel@tonic-gate #endif
71*7c478bd9Sstevel@tonic-gate
72*7c478bd9Sstevel@tonic-gate /***************************** Common Section *****************************/
73*7c478bd9Sstevel@tonic-gate
74*7c478bd9Sstevel@tonic-gate #ifndef _SUN_SDK_
75*7c478bd9Sstevel@tonic-gate static const char plugin_id[] = "$Id: plain.c,v 1.61 2003/03/26 17:18:04 rjs3 Exp $";
76*7c478bd9Sstevel@tonic-gate #endif /* !_SUN_SDK_ */
77*7c478bd9Sstevel@tonic-gate
78*7c478bd9Sstevel@tonic-gate /***************************** Server Section *****************************/
79*7c478bd9Sstevel@tonic-gate
plain_server_mech_new(void * glob_context,sasl_server_params_t * sparams,const char * challenge,unsigned challen,void ** conn_context)80*7c478bd9Sstevel@tonic-gate static int plain_server_mech_new(void *glob_context __attribute__((unused)),
81*7c478bd9Sstevel@tonic-gate sasl_server_params_t *sparams,
82*7c478bd9Sstevel@tonic-gate const char *challenge __attribute__((unused)),
83*7c478bd9Sstevel@tonic-gate unsigned challen __attribute__((unused)),
84*7c478bd9Sstevel@tonic-gate void **conn_context)
85*7c478bd9Sstevel@tonic-gate {
86*7c478bd9Sstevel@tonic-gate /* holds state are in */
87*7c478bd9Sstevel@tonic-gate if (!conn_context) {
88*7c478bd9Sstevel@tonic-gate PARAMERROR( sparams->utils );
89*7c478bd9Sstevel@tonic-gate return SASL_BADPARAM;
90*7c478bd9Sstevel@tonic-gate }
91*7c478bd9Sstevel@tonic-gate
92*7c478bd9Sstevel@tonic-gate *conn_context = NULL;
93*7c478bd9Sstevel@tonic-gate
94*7c478bd9Sstevel@tonic-gate return SASL_OK;
95*7c478bd9Sstevel@tonic-gate }
96*7c478bd9Sstevel@tonic-gate
plain_server_mech_step(void * conn_context,sasl_server_params_t * params,const char * clientin,unsigned clientinlen,const char ** serverout,unsigned * serveroutlen,sasl_out_params_t * oparams)97*7c478bd9Sstevel@tonic-gate static int plain_server_mech_step(void *conn_context __attribute__((unused)),
98*7c478bd9Sstevel@tonic-gate sasl_server_params_t *params,
99*7c478bd9Sstevel@tonic-gate const char *clientin,
100*7c478bd9Sstevel@tonic-gate unsigned clientinlen,
101*7c478bd9Sstevel@tonic-gate const char **serverout,
102*7c478bd9Sstevel@tonic-gate unsigned *serveroutlen,
103*7c478bd9Sstevel@tonic-gate sasl_out_params_t *oparams)
104*7c478bd9Sstevel@tonic-gate {
105*7c478bd9Sstevel@tonic-gate const char *author;
106*7c478bd9Sstevel@tonic-gate const char *authen;
107*7c478bd9Sstevel@tonic-gate const char *password;
108*7c478bd9Sstevel@tonic-gate size_t password_len;
109*7c478bd9Sstevel@tonic-gate unsigned lup=0;
110*7c478bd9Sstevel@tonic-gate int result;
111*7c478bd9Sstevel@tonic-gate char *passcopy;
112*7c478bd9Sstevel@tonic-gate
113*7c478bd9Sstevel@tonic-gate *serverout = NULL;
114*7c478bd9Sstevel@tonic-gate *serveroutlen = 0;
115*7c478bd9Sstevel@tonic-gate
116*7c478bd9Sstevel@tonic-gate /* should have received author-id NUL authen-id NUL password */
117*7c478bd9Sstevel@tonic-gate
118*7c478bd9Sstevel@tonic-gate /* get author */
119*7c478bd9Sstevel@tonic-gate author = clientin;
120*7c478bd9Sstevel@tonic-gate while ((lup < clientinlen) && (clientin[lup] != 0)) ++lup;
121*7c478bd9Sstevel@tonic-gate
122*7c478bd9Sstevel@tonic-gate if (lup >= clientinlen) {
123*7c478bd9Sstevel@tonic-gate #ifdef _SUN_SDK_
124*7c478bd9Sstevel@tonic-gate params->utils->log(params->utils->conn, SASL_LOG_ERR,
125*7c478bd9Sstevel@tonic-gate "Can only find author (no password)");
126*7c478bd9Sstevel@tonic-gate #else
127*7c478bd9Sstevel@tonic-gate SETERROR(params->utils, "Can only find author (no password)");
128*7c478bd9Sstevel@tonic-gate #endif /* _SUN_SDK_ */
129*7c478bd9Sstevel@tonic-gate return SASL_BADPROT;
130*7c478bd9Sstevel@tonic-gate }
131*7c478bd9Sstevel@tonic-gate
132*7c478bd9Sstevel@tonic-gate /* get authen */
133*7c478bd9Sstevel@tonic-gate ++lup;
134*7c478bd9Sstevel@tonic-gate authen = clientin + lup;
135*7c478bd9Sstevel@tonic-gate while ((lup < clientinlen) && (clientin[lup] != 0)) ++lup;
136*7c478bd9Sstevel@tonic-gate
137*7c478bd9Sstevel@tonic-gate if (lup >= clientinlen) {
138*7c478bd9Sstevel@tonic-gate #ifdef _SUN_SDK_
139*7c478bd9Sstevel@tonic-gate params->utils->log(params->utils->conn, SASL_LOG_ERR,
140*7c478bd9Sstevel@tonic-gate "Can only find author/en (no password)");
141*7c478bd9Sstevel@tonic-gate #else
142*7c478bd9Sstevel@tonic-gate params->utils->seterror(params->utils->conn, 0,
143*7c478bd9Sstevel@tonic-gate "Can only find author/en (no password)");
144*7c478bd9Sstevel@tonic-gate #endif /* _SUN_SDK_ */
145*7c478bd9Sstevel@tonic-gate return SASL_BADPROT;
146*7c478bd9Sstevel@tonic-gate }
147*7c478bd9Sstevel@tonic-gate
148*7c478bd9Sstevel@tonic-gate /* get password */
149*7c478bd9Sstevel@tonic-gate lup++;
150*7c478bd9Sstevel@tonic-gate password = clientin + lup;
151*7c478bd9Sstevel@tonic-gate while ((lup < clientinlen) && (clientin[lup] != 0)) ++lup;
152*7c478bd9Sstevel@tonic-gate
153*7c478bd9Sstevel@tonic-gate password_len = clientin + lup - password;
154*7c478bd9Sstevel@tonic-gate
155*7c478bd9Sstevel@tonic-gate if (lup != clientinlen) {
156*7c478bd9Sstevel@tonic-gate #ifdef _SUN_SDK_
157*7c478bd9Sstevel@tonic-gate params->utils->log(params->utils->conn, SASL_LOG_ERR,
158*7c478bd9Sstevel@tonic-gate "Got more data than we were expecting in the PLAIN plugin");
159*7c478bd9Sstevel@tonic-gate #else
160*7c478bd9Sstevel@tonic-gate SETERROR(params->utils,
161*7c478bd9Sstevel@tonic-gate "Got more data than we were expecting in the PLAIN plugin\n");
162*7c478bd9Sstevel@tonic-gate #endif /* _SUN_SDK_ */
163*7c478bd9Sstevel@tonic-gate return SASL_BADPROT;
164*7c478bd9Sstevel@tonic-gate }
165*7c478bd9Sstevel@tonic-gate
166*7c478bd9Sstevel@tonic-gate /* this kinda sucks. we need password to be null terminated
167*7c478bd9Sstevel@tonic-gate but we can't assume there is an allocated byte at the end
168*7c478bd9Sstevel@tonic-gate of password so we have to copy it */
169*7c478bd9Sstevel@tonic-gate passcopy = params->utils->malloc(password_len + 1);
170*7c478bd9Sstevel@tonic-gate if (passcopy == NULL) {
171*7c478bd9Sstevel@tonic-gate MEMERROR(params->utils);
172*7c478bd9Sstevel@tonic-gate return SASL_NOMEM;
173*7c478bd9Sstevel@tonic-gate }
174*7c478bd9Sstevel@tonic-gate
175*7c478bd9Sstevel@tonic-gate strncpy(passcopy, password, password_len);
176*7c478bd9Sstevel@tonic-gate passcopy[password_len] = '\0';
177*7c478bd9Sstevel@tonic-gate
178*7c478bd9Sstevel@tonic-gate /* Canonicalize userid first, so that password verification is only
179*7c478bd9Sstevel@tonic-gate * against the canonical id */
180*7c478bd9Sstevel@tonic-gate if (!author || !*author)
181*7c478bd9Sstevel@tonic-gate author = authen;
182*7c478bd9Sstevel@tonic-gate
183*7c478bd9Sstevel@tonic-gate result = params->canon_user(params->utils->conn,
184*7c478bd9Sstevel@tonic-gate authen, 0, SASL_CU_AUTHID, oparams);
185*7c478bd9Sstevel@tonic-gate if (result != SASL_OK) {
186*7c478bd9Sstevel@tonic-gate _plug_free_string(params->utils, &passcopy);
187*7c478bd9Sstevel@tonic-gate return result;
188*7c478bd9Sstevel@tonic-gate }
189*7c478bd9Sstevel@tonic-gate
190*7c478bd9Sstevel@tonic-gate /* verify password - return sasl_ok on success*/
191*7c478bd9Sstevel@tonic-gate result = params->utils->checkpass(params->utils->conn,
192*7c478bd9Sstevel@tonic-gate oparams->authid, oparams->alen,
193*7c478bd9Sstevel@tonic-gate passcopy, password_len);
194*7c478bd9Sstevel@tonic-gate
195*7c478bd9Sstevel@tonic-gate _plug_free_string(params->utils, &passcopy);
196*7c478bd9Sstevel@tonic-gate
197*7c478bd9Sstevel@tonic-gate if (result != SASL_OK) {
198*7c478bd9Sstevel@tonic-gate #ifdef _INTEGRATED_SOLARIS_
199*7c478bd9Sstevel@tonic-gate params->utils->seterror(params->utils->conn, 0,
200*7c478bd9Sstevel@tonic-gate gettext("Password verification failed"));
201*7c478bd9Sstevel@tonic-gate #else
202*7c478bd9Sstevel@tonic-gate params->utils->seterror(params->utils->conn, 0,
203*7c478bd9Sstevel@tonic-gate "Password verification failed");
204*7c478bd9Sstevel@tonic-gate #endif /* _INTEGRATED_SOLARIS_ */
205*7c478bd9Sstevel@tonic-gate return result;
206*7c478bd9Sstevel@tonic-gate }
207*7c478bd9Sstevel@tonic-gate
208*7c478bd9Sstevel@tonic-gate /* Canonicalize and store the authorization ID */
209*7c478bd9Sstevel@tonic-gate /* We need to do this after calling verify_user just in case verify_user
210*7c478bd9Sstevel@tonic-gate * needed to get auxprops itself */
211*7c478bd9Sstevel@tonic-gate result = params->canon_user(params->utils->conn,
212*7c478bd9Sstevel@tonic-gate author, 0, SASL_CU_AUTHZID, oparams);
213*7c478bd9Sstevel@tonic-gate if (result != SASL_OK) return result;
214*7c478bd9Sstevel@tonic-gate
215*7c478bd9Sstevel@tonic-gate /* Transition? */
216*7c478bd9Sstevel@tonic-gate if (params->transition) {
217*7c478bd9Sstevel@tonic-gate params->transition(params->utils->conn, password, password_len);
218*7c478bd9Sstevel@tonic-gate }
219*7c478bd9Sstevel@tonic-gate
220*7c478bd9Sstevel@tonic-gate /* set oparams */
221*7c478bd9Sstevel@tonic-gate oparams->doneflag = 1;
222*7c478bd9Sstevel@tonic-gate oparams->mech_ssf = 0;
223*7c478bd9Sstevel@tonic-gate oparams->maxoutbuf = 0;
224*7c478bd9Sstevel@tonic-gate oparams->encode_context = NULL;
225*7c478bd9Sstevel@tonic-gate oparams->encode = NULL;
226*7c478bd9Sstevel@tonic-gate oparams->decode_context = NULL;
227*7c478bd9Sstevel@tonic-gate oparams->decode = NULL;
228*7c478bd9Sstevel@tonic-gate oparams->param_version = 0;
229*7c478bd9Sstevel@tonic-gate
230*7c478bd9Sstevel@tonic-gate return SASL_OK;
231*7c478bd9Sstevel@tonic-gate }
232*7c478bd9Sstevel@tonic-gate
233*7c478bd9Sstevel@tonic-gate static sasl_server_plug_t plain_server_plugins[] =
234*7c478bd9Sstevel@tonic-gate {
235*7c478bd9Sstevel@tonic-gate {
236*7c478bd9Sstevel@tonic-gate "PLAIN", /* mech_name */
237*7c478bd9Sstevel@tonic-gate 0, /* max_ssf */
238*7c478bd9Sstevel@tonic-gate SASL_SEC_NOANONYMOUS, /* security_flags */
239*7c478bd9Sstevel@tonic-gate SASL_FEAT_WANT_CLIENT_FIRST
240*7c478bd9Sstevel@tonic-gate | SASL_FEAT_ALLOWS_PROXY, /* features */
241*7c478bd9Sstevel@tonic-gate NULL, /* glob_context */
242*7c478bd9Sstevel@tonic-gate &plain_server_mech_new, /* mech_new */
243*7c478bd9Sstevel@tonic-gate &plain_server_mech_step, /* mech_step */
244*7c478bd9Sstevel@tonic-gate NULL, /* mech_dispose */
245*7c478bd9Sstevel@tonic-gate NULL, /* mech_free */
246*7c478bd9Sstevel@tonic-gate NULL, /* setpass */
247*7c478bd9Sstevel@tonic-gate NULL, /* user_query */
248*7c478bd9Sstevel@tonic-gate NULL, /* idle */
249*7c478bd9Sstevel@tonic-gate NULL, /* mech_avail */
250*7c478bd9Sstevel@tonic-gate NULL /* spare */
251*7c478bd9Sstevel@tonic-gate }
252*7c478bd9Sstevel@tonic-gate };
253*7c478bd9Sstevel@tonic-gate
plain_server_plug_init(const sasl_utils_t * utils,int maxversion,int * out_version,sasl_server_plug_t ** pluglist,int * plugcount)254*7c478bd9Sstevel@tonic-gate int plain_server_plug_init(const sasl_utils_t *utils,
255*7c478bd9Sstevel@tonic-gate int maxversion,
256*7c478bd9Sstevel@tonic-gate int *out_version,
257*7c478bd9Sstevel@tonic-gate sasl_server_plug_t **pluglist,
258*7c478bd9Sstevel@tonic-gate int *plugcount)
259*7c478bd9Sstevel@tonic-gate {
260*7c478bd9Sstevel@tonic-gate if (maxversion < SASL_SERVER_PLUG_VERSION) {
261*7c478bd9Sstevel@tonic-gate SETERROR(utils, "PLAIN version mismatch");
262*7c478bd9Sstevel@tonic-gate return SASL_BADVERS;
263*7c478bd9Sstevel@tonic-gate }
264*7c478bd9Sstevel@tonic-gate
265*7c478bd9Sstevel@tonic-gate *out_version = SASL_SERVER_PLUG_VERSION;
266*7c478bd9Sstevel@tonic-gate *pluglist = plain_server_plugins;
267*7c478bd9Sstevel@tonic-gate *plugcount = 1;
268*7c478bd9Sstevel@tonic-gate
269*7c478bd9Sstevel@tonic-gate return SASL_OK;
270*7c478bd9Sstevel@tonic-gate }
271*7c478bd9Sstevel@tonic-gate
272*7c478bd9Sstevel@tonic-gate /***************************** Client Section *****************************/
273*7c478bd9Sstevel@tonic-gate
274*7c478bd9Sstevel@tonic-gate typedef struct client_context {
275*7c478bd9Sstevel@tonic-gate char *out_buf;
276*7c478bd9Sstevel@tonic-gate unsigned out_buf_len;
277*7c478bd9Sstevel@tonic-gate #ifdef _INTEGRATED_SOLARIS_
278*7c478bd9Sstevel@tonic-gate void *h;
279*7c478bd9Sstevel@tonic-gate #endif /* _INTEGRATED_SOLARIS_ */
280*7c478bd9Sstevel@tonic-gate } client_context_t;
281*7c478bd9Sstevel@tonic-gate
plain_client_mech_new(void * glob_context,sasl_client_params_t * params,void ** conn_context)282*7c478bd9Sstevel@tonic-gate static int plain_client_mech_new(void *glob_context __attribute__((unused)),
283*7c478bd9Sstevel@tonic-gate sasl_client_params_t *params,
284*7c478bd9Sstevel@tonic-gate void **conn_context)
285*7c478bd9Sstevel@tonic-gate {
286*7c478bd9Sstevel@tonic-gate client_context_t *text;
287*7c478bd9Sstevel@tonic-gate
288*7c478bd9Sstevel@tonic-gate /* holds state are in */
289*7c478bd9Sstevel@tonic-gate text = params->utils->malloc(sizeof(client_context_t));
290*7c478bd9Sstevel@tonic-gate if (text == NULL) {
291*7c478bd9Sstevel@tonic-gate MEMERROR( params->utils );
292*7c478bd9Sstevel@tonic-gate return SASL_NOMEM;
293*7c478bd9Sstevel@tonic-gate }
294*7c478bd9Sstevel@tonic-gate
295*7c478bd9Sstevel@tonic-gate memset(text, 0, sizeof(client_context_t));
296*7c478bd9Sstevel@tonic-gate
297*7c478bd9Sstevel@tonic-gate *conn_context = text;
298*7c478bd9Sstevel@tonic-gate
299*7c478bd9Sstevel@tonic-gate return SASL_OK;
300*7c478bd9Sstevel@tonic-gate }
301*7c478bd9Sstevel@tonic-gate
plain_client_mech_step(void * conn_context,sasl_client_params_t * params,const char * serverin,unsigned serverinlen,sasl_interact_t ** prompt_need,const char ** clientout,unsigned * clientoutlen,sasl_out_params_t * oparams)302*7c478bd9Sstevel@tonic-gate static int plain_client_mech_step(void *conn_context,
303*7c478bd9Sstevel@tonic-gate sasl_client_params_t *params,
304*7c478bd9Sstevel@tonic-gate const char *serverin __attribute__((unused)),
305*7c478bd9Sstevel@tonic-gate unsigned serverinlen __attribute__((unused)),
306*7c478bd9Sstevel@tonic-gate sasl_interact_t **prompt_need,
307*7c478bd9Sstevel@tonic-gate const char **clientout,
308*7c478bd9Sstevel@tonic-gate unsigned *clientoutlen,
309*7c478bd9Sstevel@tonic-gate sasl_out_params_t *oparams)
310*7c478bd9Sstevel@tonic-gate {
311*7c478bd9Sstevel@tonic-gate client_context_t *text = (client_context_t *) conn_context;
312*7c478bd9Sstevel@tonic-gate const char *user = NULL, *authid = NULL;
313*7c478bd9Sstevel@tonic-gate sasl_secret_t *password = NULL;
314*7c478bd9Sstevel@tonic-gate unsigned int free_password = 0; /* set if we need to free password */
315*7c478bd9Sstevel@tonic-gate int user_result = SASL_OK;
316*7c478bd9Sstevel@tonic-gate int auth_result = SASL_OK;
317*7c478bd9Sstevel@tonic-gate int pass_result = SASL_OK;
318*7c478bd9Sstevel@tonic-gate int result;
319*7c478bd9Sstevel@tonic-gate
320*7c478bd9Sstevel@tonic-gate *clientout = NULL;
321*7c478bd9Sstevel@tonic-gate *clientoutlen = 0;
322*7c478bd9Sstevel@tonic-gate
323*7c478bd9Sstevel@tonic-gate /* doesn't really matter how the server responds */
324*7c478bd9Sstevel@tonic-gate
325*7c478bd9Sstevel@tonic-gate /* check if sec layer strong enough */
326*7c478bd9Sstevel@tonic-gate if (params->props.min_ssf > params->external_ssf) {
327*7c478bd9Sstevel@tonic-gate #ifdef _INTEGRATED_SOLARIS_
328*7c478bd9Sstevel@tonic-gate SETERROR( params->utils, gettext("SSF requested of PLAIN plugin"));
329*7c478bd9Sstevel@tonic-gate #else
330*7c478bd9Sstevel@tonic-gate SETERROR( params->utils, "SSF requested of PLAIN plugin");
331*7c478bd9Sstevel@tonic-gate #endif /* _INTEGRATED_SOLARIS_ */
332*7c478bd9Sstevel@tonic-gate return SASL_TOOWEAK;
333*7c478bd9Sstevel@tonic-gate }
334*7c478bd9Sstevel@tonic-gate
335*7c478bd9Sstevel@tonic-gate /* try to get the authid */
336*7c478bd9Sstevel@tonic-gate if (oparams->authid == NULL) {
337*7c478bd9Sstevel@tonic-gate auth_result = _plug_get_authid(params->utils, &authid, prompt_need);
338*7c478bd9Sstevel@tonic-gate
339*7c478bd9Sstevel@tonic-gate if ((auth_result != SASL_OK) && (auth_result != SASL_INTERACT))
340*7c478bd9Sstevel@tonic-gate return auth_result;
341*7c478bd9Sstevel@tonic-gate }
342*7c478bd9Sstevel@tonic-gate
343*7c478bd9Sstevel@tonic-gate /* try to get the userid */
344*7c478bd9Sstevel@tonic-gate if (oparams->user == NULL) {
345*7c478bd9Sstevel@tonic-gate user_result = _plug_get_userid(params->utils, &user, prompt_need);
346*7c478bd9Sstevel@tonic-gate
347*7c478bd9Sstevel@tonic-gate if ((user_result != SASL_OK) && (user_result != SASL_INTERACT))
348*7c478bd9Sstevel@tonic-gate return user_result;
349*7c478bd9Sstevel@tonic-gate }
350*7c478bd9Sstevel@tonic-gate
351*7c478bd9Sstevel@tonic-gate /* try to get the password */
352*7c478bd9Sstevel@tonic-gate if (password == NULL) {
353*7c478bd9Sstevel@tonic-gate pass_result = _plug_get_password(params->utils, &password,
354*7c478bd9Sstevel@tonic-gate &free_password, prompt_need);
355*7c478bd9Sstevel@tonic-gate
356*7c478bd9Sstevel@tonic-gate if ((pass_result != SASL_OK) && (pass_result != SASL_INTERACT))
357*7c478bd9Sstevel@tonic-gate return pass_result;
358*7c478bd9Sstevel@tonic-gate }
359*7c478bd9Sstevel@tonic-gate
360*7c478bd9Sstevel@tonic-gate /* free prompts we got */
361*7c478bd9Sstevel@tonic-gate if (prompt_need && *prompt_need) {
362*7c478bd9Sstevel@tonic-gate params->utils->free(*prompt_need);
363*7c478bd9Sstevel@tonic-gate *prompt_need = NULL;
364*7c478bd9Sstevel@tonic-gate }
365*7c478bd9Sstevel@tonic-gate
366*7c478bd9Sstevel@tonic-gate /* if there are prompts not filled in */
367*7c478bd9Sstevel@tonic-gate if ((user_result == SASL_INTERACT) || (auth_result == SASL_INTERACT) ||
368*7c478bd9Sstevel@tonic-gate (pass_result == SASL_INTERACT)) {
369*7c478bd9Sstevel@tonic-gate /* make the prompt list */
370*7c478bd9Sstevel@tonic-gate result =
371*7c478bd9Sstevel@tonic-gate #ifdef _INTEGRATED_SOLARIS_
372*7c478bd9Sstevel@tonic-gate _plug_make_prompts(params->utils, &text->h, prompt_need,
373*7c478bd9Sstevel@tonic-gate user_result == SASL_INTERACT ?
374*7c478bd9Sstevel@tonic-gate convert_prompt(params->utils, &text->h,
375*7c478bd9Sstevel@tonic-gate gettext("Please enter your authorization name"))
376*7c478bd9Sstevel@tonic-gate : NULL,
377*7c478bd9Sstevel@tonic-gate NULL,
378*7c478bd9Sstevel@tonic-gate auth_result == SASL_INTERACT ?
379*7c478bd9Sstevel@tonic-gate convert_prompt(params->utils, &text->h,
380*7c478bd9Sstevel@tonic-gate gettext("Please enter your authentication name"))
381*7c478bd9Sstevel@tonic-gate : NULL,
382*7c478bd9Sstevel@tonic-gate NULL,
383*7c478bd9Sstevel@tonic-gate pass_result == SASL_INTERACT ?
384*7c478bd9Sstevel@tonic-gate convert_prompt(params->utils, &text->h,
385*7c478bd9Sstevel@tonic-gate gettext("Please enter your password")) : NULL,
386*7c478bd9Sstevel@tonic-gate NULL,
387*7c478bd9Sstevel@tonic-gate NULL, NULL, NULL,
388*7c478bd9Sstevel@tonic-gate NULL, NULL, NULL);
389*7c478bd9Sstevel@tonic-gate #else
390*7c478bd9Sstevel@tonic-gate _plug_make_prompts(params->utils, prompt_need,
391*7c478bd9Sstevel@tonic-gate user_result == SASL_INTERACT ?
392*7c478bd9Sstevel@tonic-gate "Please enter your authorization name" : NULL,
393*7c478bd9Sstevel@tonic-gate NULL,
394*7c478bd9Sstevel@tonic-gate auth_result == SASL_INTERACT ?
395*7c478bd9Sstevel@tonic-gate "Please enter your authentication name" : NULL,
396*7c478bd9Sstevel@tonic-gate NULL,
397*7c478bd9Sstevel@tonic-gate pass_result == SASL_INTERACT ?
398*7c478bd9Sstevel@tonic-gate "Please enter your password" : NULL, NULL,
399*7c478bd9Sstevel@tonic-gate NULL, NULL, NULL,
400*7c478bd9Sstevel@tonic-gate NULL, NULL, NULL);
401*7c478bd9Sstevel@tonic-gate #endif /* _INTEGRATED_SOLARIS_ */
402*7c478bd9Sstevel@tonic-gate if (result != SASL_OK) goto cleanup;
403*7c478bd9Sstevel@tonic-gate
404*7c478bd9Sstevel@tonic-gate return SASL_INTERACT;
405*7c478bd9Sstevel@tonic-gate }
406*7c478bd9Sstevel@tonic-gate
407*7c478bd9Sstevel@tonic-gate if (!password) {
408*7c478bd9Sstevel@tonic-gate PARAMERROR(params->utils);
409*7c478bd9Sstevel@tonic-gate return SASL_BADPARAM;
410*7c478bd9Sstevel@tonic-gate }
411*7c478bd9Sstevel@tonic-gate
412*7c478bd9Sstevel@tonic-gate if (!user || !*user) {
413*7c478bd9Sstevel@tonic-gate result = params->canon_user(params->utils->conn, authid, 0,
414*7c478bd9Sstevel@tonic-gate SASL_CU_AUTHID | SASL_CU_AUTHZID, oparams);
415*7c478bd9Sstevel@tonic-gate }
416*7c478bd9Sstevel@tonic-gate else {
417*7c478bd9Sstevel@tonic-gate result = params->canon_user(params->utils->conn, user, 0,
418*7c478bd9Sstevel@tonic-gate SASL_CU_AUTHZID, oparams);
419*7c478bd9Sstevel@tonic-gate if (result != SASL_OK) goto cleanup;
420*7c478bd9Sstevel@tonic-gate
421*7c478bd9Sstevel@tonic-gate result = params->canon_user(params->utils->conn, authid, 0,
422*7c478bd9Sstevel@tonic-gate SASL_CU_AUTHID, oparams);
423*7c478bd9Sstevel@tonic-gate }
424*7c478bd9Sstevel@tonic-gate if (result != SASL_OK) goto cleanup;
425*7c478bd9Sstevel@tonic-gate
426*7c478bd9Sstevel@tonic-gate /* send authorized id NUL authentication id NUL password */
427*7c478bd9Sstevel@tonic-gate *clientoutlen = (oparams->ulen + 1
428*7c478bd9Sstevel@tonic-gate + oparams->alen + 1
429*7c478bd9Sstevel@tonic-gate + password->len);
430*7c478bd9Sstevel@tonic-gate
431*7c478bd9Sstevel@tonic-gate /* remember the extra NUL on the end for stupid clients */
432*7c478bd9Sstevel@tonic-gate result = _plug_buf_alloc(params->utils, &(text->out_buf),
433*7c478bd9Sstevel@tonic-gate &(text->out_buf_len), *clientoutlen + 1);
434*7c478bd9Sstevel@tonic-gate if (result != SASL_OK) goto cleanup;
435*7c478bd9Sstevel@tonic-gate
436*7c478bd9Sstevel@tonic-gate memset(text->out_buf, 0, *clientoutlen + 1);
437*7c478bd9Sstevel@tonic-gate memcpy(text->out_buf, oparams->user, oparams->ulen);
438*7c478bd9Sstevel@tonic-gate memcpy(text->out_buf + oparams->ulen + 1, oparams->authid, oparams->alen);
439*7c478bd9Sstevel@tonic-gate memcpy(text->out_buf + oparams->ulen + oparams->alen + 2,
440*7c478bd9Sstevel@tonic-gate password->data, password->len);
441*7c478bd9Sstevel@tonic-gate
442*7c478bd9Sstevel@tonic-gate *clientout = text->out_buf;
443*7c478bd9Sstevel@tonic-gate
444*7c478bd9Sstevel@tonic-gate /* set oparams */
445*7c478bd9Sstevel@tonic-gate oparams->doneflag = 1;
446*7c478bd9Sstevel@tonic-gate oparams->mech_ssf = 0;
447*7c478bd9Sstevel@tonic-gate oparams->maxoutbuf = 0;
448*7c478bd9Sstevel@tonic-gate oparams->encode_context = NULL;
449*7c478bd9Sstevel@tonic-gate oparams->encode = NULL;
450*7c478bd9Sstevel@tonic-gate oparams->decode_context = NULL;
451*7c478bd9Sstevel@tonic-gate oparams->decode = NULL;
452*7c478bd9Sstevel@tonic-gate oparams->param_version = 0;
453*7c478bd9Sstevel@tonic-gate
454*7c478bd9Sstevel@tonic-gate result = SASL_OK;
455*7c478bd9Sstevel@tonic-gate
456*7c478bd9Sstevel@tonic-gate cleanup:
457*7c478bd9Sstevel@tonic-gate /* free sensitive info */
458*7c478bd9Sstevel@tonic-gate if (free_password) _plug_free_secret(params->utils, &password);
459*7c478bd9Sstevel@tonic-gate
460*7c478bd9Sstevel@tonic-gate return result;
461*7c478bd9Sstevel@tonic-gate }
462*7c478bd9Sstevel@tonic-gate
plain_client_mech_dispose(void * conn_context,const sasl_utils_t * utils)463*7c478bd9Sstevel@tonic-gate static void plain_client_mech_dispose(void *conn_context,
464*7c478bd9Sstevel@tonic-gate const sasl_utils_t *utils)
465*7c478bd9Sstevel@tonic-gate {
466*7c478bd9Sstevel@tonic-gate client_context_t *text = (client_context_t *) conn_context;
467*7c478bd9Sstevel@tonic-gate
468*7c478bd9Sstevel@tonic-gate if (!text) return;
469*7c478bd9Sstevel@tonic-gate
470*7c478bd9Sstevel@tonic-gate if (text->out_buf) utils->free(text->out_buf);
471*7c478bd9Sstevel@tonic-gate #ifdef _INTEGRATED_SOLARIS_
472*7c478bd9Sstevel@tonic-gate convert_prompt(utils, &text->h, NULL);
473*7c478bd9Sstevel@tonic-gate #endif /* _INTEGRATED_SOLARIS_ */
474*7c478bd9Sstevel@tonic-gate
475*7c478bd9Sstevel@tonic-gate utils->free(text);
476*7c478bd9Sstevel@tonic-gate }
477*7c478bd9Sstevel@tonic-gate
478*7c478bd9Sstevel@tonic-gate static sasl_client_plug_t plain_client_plugins[] =
479*7c478bd9Sstevel@tonic-gate {
480*7c478bd9Sstevel@tonic-gate {
481*7c478bd9Sstevel@tonic-gate "PLAIN", /* mech_name */
482*7c478bd9Sstevel@tonic-gate 0, /* max_ssf */
483*7c478bd9Sstevel@tonic-gate SASL_SEC_NOANONYMOUS, /* security_flags */
484*7c478bd9Sstevel@tonic-gate SASL_FEAT_WANT_CLIENT_FIRST
485*7c478bd9Sstevel@tonic-gate | SASL_FEAT_ALLOWS_PROXY, /* features */
486*7c478bd9Sstevel@tonic-gate NULL, /* required_prompts */
487*7c478bd9Sstevel@tonic-gate NULL, /* glob_context */
488*7c478bd9Sstevel@tonic-gate &plain_client_mech_new, /* mech_new */
489*7c478bd9Sstevel@tonic-gate &plain_client_mech_step, /* mech_step */
490*7c478bd9Sstevel@tonic-gate &plain_client_mech_dispose, /* mech_dispose */
491*7c478bd9Sstevel@tonic-gate NULL, /* mech_free */
492*7c478bd9Sstevel@tonic-gate NULL, /* idle */
493*7c478bd9Sstevel@tonic-gate NULL, /* spare */
494*7c478bd9Sstevel@tonic-gate NULL /* spare */
495*7c478bd9Sstevel@tonic-gate }
496*7c478bd9Sstevel@tonic-gate };
497*7c478bd9Sstevel@tonic-gate
plain_client_plug_init(sasl_utils_t * utils,int maxversion,int * out_version,sasl_client_plug_t ** pluglist,int * plugcount)498*7c478bd9Sstevel@tonic-gate int plain_client_plug_init(sasl_utils_t *utils,
499*7c478bd9Sstevel@tonic-gate int maxversion,
500*7c478bd9Sstevel@tonic-gate int *out_version,
501*7c478bd9Sstevel@tonic-gate sasl_client_plug_t **pluglist,
502*7c478bd9Sstevel@tonic-gate int *plugcount)
503*7c478bd9Sstevel@tonic-gate {
504*7c478bd9Sstevel@tonic-gate if (maxversion < SASL_CLIENT_PLUG_VERSION) {
505*7c478bd9Sstevel@tonic-gate SETERROR(utils, "PLAIN version mismatch");
506*7c478bd9Sstevel@tonic-gate return SASL_BADVERS;
507*7c478bd9Sstevel@tonic-gate }
508*7c478bd9Sstevel@tonic-gate
509*7c478bd9Sstevel@tonic-gate *out_version = SASL_CLIENT_PLUG_VERSION;
510*7c478bd9Sstevel@tonic-gate *pluglist = plain_client_plugins;
511*7c478bd9Sstevel@tonic-gate *plugcount = 1;
512*7c478bd9Sstevel@tonic-gate
513*7c478bd9Sstevel@tonic-gate return SASL_OK;
514*7c478bd9Sstevel@tonic-gate }
515