1*0Sstevel@tonic-gate /* 2*0Sstevel@tonic-gate * Copyright 2003 Sun Microsystems, Inc. All rights reserved. 3*0Sstevel@tonic-gate * Use is subject to license terms. 4*0Sstevel@tonic-gate */ 5*0Sstevel@tonic-gate #pragma ident "%Z%%M% %I% %E% SMI" 6*0Sstevel@tonic-gate 7*0Sstevel@tonic-gate /* Plain SASL plugin 8*0Sstevel@tonic-gate * Rob Siemborski 9*0Sstevel@tonic-gate * Tim Martin 10*0Sstevel@tonic-gate * $Id: plain.c,v 1.61 2003/03/26 17:18:04 rjs3 Exp $ 11*0Sstevel@tonic-gate */ 12*0Sstevel@tonic-gate 13*0Sstevel@tonic-gate /* 14*0Sstevel@tonic-gate * Copyright (c) 1998-2003 Carnegie Mellon University. All rights reserved. 15*0Sstevel@tonic-gate * 16*0Sstevel@tonic-gate * Redistribution and use in source and binary forms, with or without 17*0Sstevel@tonic-gate * modification, are permitted provided that the following conditions 18*0Sstevel@tonic-gate * are met: 19*0Sstevel@tonic-gate * 20*0Sstevel@tonic-gate * 1. Redistributions of source code must retain the above copyright 21*0Sstevel@tonic-gate * notice, this list of conditions and the following disclaimer. 22*0Sstevel@tonic-gate * 23*0Sstevel@tonic-gate * 2. Redistributions in binary form must reproduce the above copyright 24*0Sstevel@tonic-gate * notice, this list of conditions and the following disclaimer in 25*0Sstevel@tonic-gate * the documentation and/or other materials provided with the 26*0Sstevel@tonic-gate * distribution. 27*0Sstevel@tonic-gate * 28*0Sstevel@tonic-gate * 3. The name "Carnegie Mellon University" must not be used to 29*0Sstevel@tonic-gate * endorse or promote products derived from this software without 30*0Sstevel@tonic-gate * prior written permission. For permission or any other legal 31*0Sstevel@tonic-gate * details, please contact 32*0Sstevel@tonic-gate * Office of Technology Transfer 33*0Sstevel@tonic-gate * Carnegie Mellon University 34*0Sstevel@tonic-gate * 5000 Forbes Avenue 35*0Sstevel@tonic-gate * Pittsburgh, PA 15213-3890 36*0Sstevel@tonic-gate * (412) 268-4387, fax: (412) 268-7395 37*0Sstevel@tonic-gate * tech-transfer@andrew.cmu.edu 38*0Sstevel@tonic-gate * 39*0Sstevel@tonic-gate * 4. Redistributions of any form whatsoever must retain the following 40*0Sstevel@tonic-gate * acknowledgment: 41*0Sstevel@tonic-gate * "This product includes software developed by Computing Services 42*0Sstevel@tonic-gate * at Carnegie Mellon University (http://www.cmu.edu/computing/)." 43*0Sstevel@tonic-gate * 44*0Sstevel@tonic-gate * CARNEGIE MELLON UNIVERSITY DISCLAIMS ALL WARRANTIES WITH REGARD TO 45*0Sstevel@tonic-gate * THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY 46*0Sstevel@tonic-gate * AND FITNESS, IN NO EVENT SHALL CARNEGIE MELLON UNIVERSITY BE LIABLE 47*0Sstevel@tonic-gate * FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 48*0Sstevel@tonic-gate * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN 49*0Sstevel@tonic-gate * AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING 50*0Sstevel@tonic-gate * OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 51*0Sstevel@tonic-gate */ 52*0Sstevel@tonic-gate 53*0Sstevel@tonic-gate #include <config.h> 54*0Sstevel@tonic-gate #include <stdio.h> 55*0Sstevel@tonic-gate #include <string.h> 56*0Sstevel@tonic-gate #include <sasl.h> 57*0Sstevel@tonic-gate #include <saslplug.h> 58*0Sstevel@tonic-gate 59*0Sstevel@tonic-gate #include "plugin_common.h" 60*0Sstevel@tonic-gate 61*0Sstevel@tonic-gate #ifndef _SUN_SDK_ 62*0Sstevel@tonic-gate #ifdef WIN32 63*0Sstevel@tonic-gate /* This must be after sasl.h */ 64*0Sstevel@tonic-gate # include "saslPLAIN.h" 65*0Sstevel@tonic-gate #endif /* WIN32 */ 66*0Sstevel@tonic-gate #endif /* !_SUN_SDK_ */ 67*0Sstevel@tonic-gate 68*0Sstevel@tonic-gate #ifdef macintosh 69*0Sstevel@tonic-gate #include <sasl_plain_plugin_decl.h> 70*0Sstevel@tonic-gate #endif 71*0Sstevel@tonic-gate 72*0Sstevel@tonic-gate /***************************** Common Section *****************************/ 73*0Sstevel@tonic-gate 74*0Sstevel@tonic-gate #ifndef _SUN_SDK_ 75*0Sstevel@tonic-gate static const char plugin_id[] = "$Id: plain.c,v 1.61 2003/03/26 17:18:04 rjs3 Exp $"; 76*0Sstevel@tonic-gate #endif /* !_SUN_SDK_ */ 77*0Sstevel@tonic-gate 78*0Sstevel@tonic-gate /***************************** Server Section *****************************/ 79*0Sstevel@tonic-gate 80*0Sstevel@tonic-gate static int plain_server_mech_new(void *glob_context __attribute__((unused)), 81*0Sstevel@tonic-gate sasl_server_params_t *sparams, 82*0Sstevel@tonic-gate const char *challenge __attribute__((unused)), 83*0Sstevel@tonic-gate unsigned challen __attribute__((unused)), 84*0Sstevel@tonic-gate void **conn_context) 85*0Sstevel@tonic-gate { 86*0Sstevel@tonic-gate /* holds state are in */ 87*0Sstevel@tonic-gate if (!conn_context) { 88*0Sstevel@tonic-gate PARAMERROR( sparams->utils ); 89*0Sstevel@tonic-gate return SASL_BADPARAM; 90*0Sstevel@tonic-gate } 91*0Sstevel@tonic-gate 92*0Sstevel@tonic-gate *conn_context = NULL; 93*0Sstevel@tonic-gate 94*0Sstevel@tonic-gate return SASL_OK; 95*0Sstevel@tonic-gate } 96*0Sstevel@tonic-gate 97*0Sstevel@tonic-gate static int plain_server_mech_step(void *conn_context __attribute__((unused)), 98*0Sstevel@tonic-gate sasl_server_params_t *params, 99*0Sstevel@tonic-gate const char *clientin, 100*0Sstevel@tonic-gate unsigned clientinlen, 101*0Sstevel@tonic-gate const char **serverout, 102*0Sstevel@tonic-gate unsigned *serveroutlen, 103*0Sstevel@tonic-gate sasl_out_params_t *oparams) 104*0Sstevel@tonic-gate { 105*0Sstevel@tonic-gate const char *author; 106*0Sstevel@tonic-gate const char *authen; 107*0Sstevel@tonic-gate const char *password; 108*0Sstevel@tonic-gate size_t password_len; 109*0Sstevel@tonic-gate unsigned lup=0; 110*0Sstevel@tonic-gate int result; 111*0Sstevel@tonic-gate char *passcopy; 112*0Sstevel@tonic-gate 113*0Sstevel@tonic-gate *serverout = NULL; 114*0Sstevel@tonic-gate *serveroutlen = 0; 115*0Sstevel@tonic-gate 116*0Sstevel@tonic-gate /* should have received author-id NUL authen-id NUL password */ 117*0Sstevel@tonic-gate 118*0Sstevel@tonic-gate /* get author */ 119*0Sstevel@tonic-gate author = clientin; 120*0Sstevel@tonic-gate while ((lup < clientinlen) && (clientin[lup] != 0)) ++lup; 121*0Sstevel@tonic-gate 122*0Sstevel@tonic-gate if (lup >= clientinlen) { 123*0Sstevel@tonic-gate #ifdef _SUN_SDK_ 124*0Sstevel@tonic-gate params->utils->log(params->utils->conn, SASL_LOG_ERR, 125*0Sstevel@tonic-gate "Can only find author (no password)"); 126*0Sstevel@tonic-gate #else 127*0Sstevel@tonic-gate SETERROR(params->utils, "Can only find author (no password)"); 128*0Sstevel@tonic-gate #endif /* _SUN_SDK_ */ 129*0Sstevel@tonic-gate return SASL_BADPROT; 130*0Sstevel@tonic-gate } 131*0Sstevel@tonic-gate 132*0Sstevel@tonic-gate /* get authen */ 133*0Sstevel@tonic-gate ++lup; 134*0Sstevel@tonic-gate authen = clientin + lup; 135*0Sstevel@tonic-gate while ((lup < clientinlen) && (clientin[lup] != 0)) ++lup; 136*0Sstevel@tonic-gate 137*0Sstevel@tonic-gate if (lup >= clientinlen) { 138*0Sstevel@tonic-gate #ifdef _SUN_SDK_ 139*0Sstevel@tonic-gate params->utils->log(params->utils->conn, SASL_LOG_ERR, 140*0Sstevel@tonic-gate "Can only find author/en (no password)"); 141*0Sstevel@tonic-gate #else 142*0Sstevel@tonic-gate params->utils->seterror(params->utils->conn, 0, 143*0Sstevel@tonic-gate "Can only find author/en (no password)"); 144*0Sstevel@tonic-gate #endif /* _SUN_SDK_ */ 145*0Sstevel@tonic-gate return SASL_BADPROT; 146*0Sstevel@tonic-gate } 147*0Sstevel@tonic-gate 148*0Sstevel@tonic-gate /* get password */ 149*0Sstevel@tonic-gate lup++; 150*0Sstevel@tonic-gate password = clientin + lup; 151*0Sstevel@tonic-gate while ((lup < clientinlen) && (clientin[lup] != 0)) ++lup; 152*0Sstevel@tonic-gate 153*0Sstevel@tonic-gate password_len = clientin + lup - password; 154*0Sstevel@tonic-gate 155*0Sstevel@tonic-gate if (lup != clientinlen) { 156*0Sstevel@tonic-gate #ifdef _SUN_SDK_ 157*0Sstevel@tonic-gate params->utils->log(params->utils->conn, SASL_LOG_ERR, 158*0Sstevel@tonic-gate "Got more data than we were expecting in the PLAIN plugin"); 159*0Sstevel@tonic-gate #else 160*0Sstevel@tonic-gate SETERROR(params->utils, 161*0Sstevel@tonic-gate "Got more data than we were expecting in the PLAIN plugin\n"); 162*0Sstevel@tonic-gate #endif /* _SUN_SDK_ */ 163*0Sstevel@tonic-gate return SASL_BADPROT; 164*0Sstevel@tonic-gate } 165*0Sstevel@tonic-gate 166*0Sstevel@tonic-gate /* this kinda sucks. we need password to be null terminated 167*0Sstevel@tonic-gate but we can't assume there is an allocated byte at the end 168*0Sstevel@tonic-gate of password so we have to copy it */ 169*0Sstevel@tonic-gate passcopy = params->utils->malloc(password_len + 1); 170*0Sstevel@tonic-gate if (passcopy == NULL) { 171*0Sstevel@tonic-gate MEMERROR(params->utils); 172*0Sstevel@tonic-gate return SASL_NOMEM; 173*0Sstevel@tonic-gate } 174*0Sstevel@tonic-gate 175*0Sstevel@tonic-gate strncpy(passcopy, password, password_len); 176*0Sstevel@tonic-gate passcopy[password_len] = '\0'; 177*0Sstevel@tonic-gate 178*0Sstevel@tonic-gate /* Canonicalize userid first, so that password verification is only 179*0Sstevel@tonic-gate * against the canonical id */ 180*0Sstevel@tonic-gate if (!author || !*author) 181*0Sstevel@tonic-gate author = authen; 182*0Sstevel@tonic-gate 183*0Sstevel@tonic-gate result = params->canon_user(params->utils->conn, 184*0Sstevel@tonic-gate authen, 0, SASL_CU_AUTHID, oparams); 185*0Sstevel@tonic-gate if (result != SASL_OK) { 186*0Sstevel@tonic-gate _plug_free_string(params->utils, &passcopy); 187*0Sstevel@tonic-gate return result; 188*0Sstevel@tonic-gate } 189*0Sstevel@tonic-gate 190*0Sstevel@tonic-gate /* verify password - return sasl_ok on success*/ 191*0Sstevel@tonic-gate result = params->utils->checkpass(params->utils->conn, 192*0Sstevel@tonic-gate oparams->authid, oparams->alen, 193*0Sstevel@tonic-gate passcopy, password_len); 194*0Sstevel@tonic-gate 195*0Sstevel@tonic-gate _plug_free_string(params->utils, &passcopy); 196*0Sstevel@tonic-gate 197*0Sstevel@tonic-gate if (result != SASL_OK) { 198*0Sstevel@tonic-gate #ifdef _INTEGRATED_SOLARIS_ 199*0Sstevel@tonic-gate params->utils->seterror(params->utils->conn, 0, 200*0Sstevel@tonic-gate gettext("Password verification failed")); 201*0Sstevel@tonic-gate #else 202*0Sstevel@tonic-gate params->utils->seterror(params->utils->conn, 0, 203*0Sstevel@tonic-gate "Password verification failed"); 204*0Sstevel@tonic-gate #endif /* _INTEGRATED_SOLARIS_ */ 205*0Sstevel@tonic-gate return result; 206*0Sstevel@tonic-gate } 207*0Sstevel@tonic-gate 208*0Sstevel@tonic-gate /* Canonicalize and store the authorization ID */ 209*0Sstevel@tonic-gate /* We need to do this after calling verify_user just in case verify_user 210*0Sstevel@tonic-gate * needed to get auxprops itself */ 211*0Sstevel@tonic-gate result = params->canon_user(params->utils->conn, 212*0Sstevel@tonic-gate author, 0, SASL_CU_AUTHZID, oparams); 213*0Sstevel@tonic-gate if (result != SASL_OK) return result; 214*0Sstevel@tonic-gate 215*0Sstevel@tonic-gate /* Transition? */ 216*0Sstevel@tonic-gate if (params->transition) { 217*0Sstevel@tonic-gate params->transition(params->utils->conn, password, password_len); 218*0Sstevel@tonic-gate } 219*0Sstevel@tonic-gate 220*0Sstevel@tonic-gate /* set oparams */ 221*0Sstevel@tonic-gate oparams->doneflag = 1; 222*0Sstevel@tonic-gate oparams->mech_ssf = 0; 223*0Sstevel@tonic-gate oparams->maxoutbuf = 0; 224*0Sstevel@tonic-gate oparams->encode_context = NULL; 225*0Sstevel@tonic-gate oparams->encode = NULL; 226*0Sstevel@tonic-gate oparams->decode_context = NULL; 227*0Sstevel@tonic-gate oparams->decode = NULL; 228*0Sstevel@tonic-gate oparams->param_version = 0; 229*0Sstevel@tonic-gate 230*0Sstevel@tonic-gate return SASL_OK; 231*0Sstevel@tonic-gate } 232*0Sstevel@tonic-gate 233*0Sstevel@tonic-gate static sasl_server_plug_t plain_server_plugins[] = 234*0Sstevel@tonic-gate { 235*0Sstevel@tonic-gate { 236*0Sstevel@tonic-gate "PLAIN", /* mech_name */ 237*0Sstevel@tonic-gate 0, /* max_ssf */ 238*0Sstevel@tonic-gate SASL_SEC_NOANONYMOUS, /* security_flags */ 239*0Sstevel@tonic-gate SASL_FEAT_WANT_CLIENT_FIRST 240*0Sstevel@tonic-gate | SASL_FEAT_ALLOWS_PROXY, /* features */ 241*0Sstevel@tonic-gate NULL, /* glob_context */ 242*0Sstevel@tonic-gate &plain_server_mech_new, /* mech_new */ 243*0Sstevel@tonic-gate &plain_server_mech_step, /* mech_step */ 244*0Sstevel@tonic-gate NULL, /* mech_dispose */ 245*0Sstevel@tonic-gate NULL, /* mech_free */ 246*0Sstevel@tonic-gate NULL, /* setpass */ 247*0Sstevel@tonic-gate NULL, /* user_query */ 248*0Sstevel@tonic-gate NULL, /* idle */ 249*0Sstevel@tonic-gate NULL, /* mech_avail */ 250*0Sstevel@tonic-gate NULL /* spare */ 251*0Sstevel@tonic-gate } 252*0Sstevel@tonic-gate }; 253*0Sstevel@tonic-gate 254*0Sstevel@tonic-gate int plain_server_plug_init(const sasl_utils_t *utils, 255*0Sstevel@tonic-gate int maxversion, 256*0Sstevel@tonic-gate int *out_version, 257*0Sstevel@tonic-gate sasl_server_plug_t **pluglist, 258*0Sstevel@tonic-gate int *plugcount) 259*0Sstevel@tonic-gate { 260*0Sstevel@tonic-gate if (maxversion < SASL_SERVER_PLUG_VERSION) { 261*0Sstevel@tonic-gate SETERROR(utils, "PLAIN version mismatch"); 262*0Sstevel@tonic-gate return SASL_BADVERS; 263*0Sstevel@tonic-gate } 264*0Sstevel@tonic-gate 265*0Sstevel@tonic-gate *out_version = SASL_SERVER_PLUG_VERSION; 266*0Sstevel@tonic-gate *pluglist = plain_server_plugins; 267*0Sstevel@tonic-gate *plugcount = 1; 268*0Sstevel@tonic-gate 269*0Sstevel@tonic-gate return SASL_OK; 270*0Sstevel@tonic-gate } 271*0Sstevel@tonic-gate 272*0Sstevel@tonic-gate /***************************** Client Section *****************************/ 273*0Sstevel@tonic-gate 274*0Sstevel@tonic-gate typedef struct client_context { 275*0Sstevel@tonic-gate char *out_buf; 276*0Sstevel@tonic-gate unsigned out_buf_len; 277*0Sstevel@tonic-gate #ifdef _INTEGRATED_SOLARIS_ 278*0Sstevel@tonic-gate void *h; 279*0Sstevel@tonic-gate #endif /* _INTEGRATED_SOLARIS_ */ 280*0Sstevel@tonic-gate } client_context_t; 281*0Sstevel@tonic-gate 282*0Sstevel@tonic-gate static int plain_client_mech_new(void *glob_context __attribute__((unused)), 283*0Sstevel@tonic-gate sasl_client_params_t *params, 284*0Sstevel@tonic-gate void **conn_context) 285*0Sstevel@tonic-gate { 286*0Sstevel@tonic-gate client_context_t *text; 287*0Sstevel@tonic-gate 288*0Sstevel@tonic-gate /* holds state are in */ 289*0Sstevel@tonic-gate text = params->utils->malloc(sizeof(client_context_t)); 290*0Sstevel@tonic-gate if (text == NULL) { 291*0Sstevel@tonic-gate MEMERROR( params->utils ); 292*0Sstevel@tonic-gate return SASL_NOMEM; 293*0Sstevel@tonic-gate } 294*0Sstevel@tonic-gate 295*0Sstevel@tonic-gate memset(text, 0, sizeof(client_context_t)); 296*0Sstevel@tonic-gate 297*0Sstevel@tonic-gate *conn_context = text; 298*0Sstevel@tonic-gate 299*0Sstevel@tonic-gate return SASL_OK; 300*0Sstevel@tonic-gate } 301*0Sstevel@tonic-gate 302*0Sstevel@tonic-gate static int plain_client_mech_step(void *conn_context, 303*0Sstevel@tonic-gate sasl_client_params_t *params, 304*0Sstevel@tonic-gate const char *serverin __attribute__((unused)), 305*0Sstevel@tonic-gate unsigned serverinlen __attribute__((unused)), 306*0Sstevel@tonic-gate sasl_interact_t **prompt_need, 307*0Sstevel@tonic-gate const char **clientout, 308*0Sstevel@tonic-gate unsigned *clientoutlen, 309*0Sstevel@tonic-gate sasl_out_params_t *oparams) 310*0Sstevel@tonic-gate { 311*0Sstevel@tonic-gate client_context_t *text = (client_context_t *) conn_context; 312*0Sstevel@tonic-gate const char *user = NULL, *authid = NULL; 313*0Sstevel@tonic-gate sasl_secret_t *password = NULL; 314*0Sstevel@tonic-gate unsigned int free_password = 0; /* set if we need to free password */ 315*0Sstevel@tonic-gate int user_result = SASL_OK; 316*0Sstevel@tonic-gate int auth_result = SASL_OK; 317*0Sstevel@tonic-gate int pass_result = SASL_OK; 318*0Sstevel@tonic-gate int result; 319*0Sstevel@tonic-gate 320*0Sstevel@tonic-gate *clientout = NULL; 321*0Sstevel@tonic-gate *clientoutlen = 0; 322*0Sstevel@tonic-gate 323*0Sstevel@tonic-gate /* doesn't really matter how the server responds */ 324*0Sstevel@tonic-gate 325*0Sstevel@tonic-gate /* check if sec layer strong enough */ 326*0Sstevel@tonic-gate if (params->props.min_ssf > params->external_ssf) { 327*0Sstevel@tonic-gate #ifdef _INTEGRATED_SOLARIS_ 328*0Sstevel@tonic-gate SETERROR( params->utils, gettext("SSF requested of PLAIN plugin")); 329*0Sstevel@tonic-gate #else 330*0Sstevel@tonic-gate SETERROR( params->utils, "SSF requested of PLAIN plugin"); 331*0Sstevel@tonic-gate #endif /* _INTEGRATED_SOLARIS_ */ 332*0Sstevel@tonic-gate return SASL_TOOWEAK; 333*0Sstevel@tonic-gate } 334*0Sstevel@tonic-gate 335*0Sstevel@tonic-gate /* try to get the authid */ 336*0Sstevel@tonic-gate if (oparams->authid == NULL) { 337*0Sstevel@tonic-gate auth_result = _plug_get_authid(params->utils, &authid, prompt_need); 338*0Sstevel@tonic-gate 339*0Sstevel@tonic-gate if ((auth_result != SASL_OK) && (auth_result != SASL_INTERACT)) 340*0Sstevel@tonic-gate return auth_result; 341*0Sstevel@tonic-gate } 342*0Sstevel@tonic-gate 343*0Sstevel@tonic-gate /* try to get the userid */ 344*0Sstevel@tonic-gate if (oparams->user == NULL) { 345*0Sstevel@tonic-gate user_result = _plug_get_userid(params->utils, &user, prompt_need); 346*0Sstevel@tonic-gate 347*0Sstevel@tonic-gate if ((user_result != SASL_OK) && (user_result != SASL_INTERACT)) 348*0Sstevel@tonic-gate return user_result; 349*0Sstevel@tonic-gate } 350*0Sstevel@tonic-gate 351*0Sstevel@tonic-gate /* try to get the password */ 352*0Sstevel@tonic-gate if (password == NULL) { 353*0Sstevel@tonic-gate pass_result = _plug_get_password(params->utils, &password, 354*0Sstevel@tonic-gate &free_password, prompt_need); 355*0Sstevel@tonic-gate 356*0Sstevel@tonic-gate if ((pass_result != SASL_OK) && (pass_result != SASL_INTERACT)) 357*0Sstevel@tonic-gate return pass_result; 358*0Sstevel@tonic-gate } 359*0Sstevel@tonic-gate 360*0Sstevel@tonic-gate /* free prompts we got */ 361*0Sstevel@tonic-gate if (prompt_need && *prompt_need) { 362*0Sstevel@tonic-gate params->utils->free(*prompt_need); 363*0Sstevel@tonic-gate *prompt_need = NULL; 364*0Sstevel@tonic-gate } 365*0Sstevel@tonic-gate 366*0Sstevel@tonic-gate /* if there are prompts not filled in */ 367*0Sstevel@tonic-gate if ((user_result == SASL_INTERACT) || (auth_result == SASL_INTERACT) || 368*0Sstevel@tonic-gate (pass_result == SASL_INTERACT)) { 369*0Sstevel@tonic-gate /* make the prompt list */ 370*0Sstevel@tonic-gate result = 371*0Sstevel@tonic-gate #ifdef _INTEGRATED_SOLARIS_ 372*0Sstevel@tonic-gate _plug_make_prompts(params->utils, &text->h, prompt_need, 373*0Sstevel@tonic-gate user_result == SASL_INTERACT ? 374*0Sstevel@tonic-gate convert_prompt(params->utils, &text->h, 375*0Sstevel@tonic-gate gettext("Please enter your authorization name")) 376*0Sstevel@tonic-gate : NULL, 377*0Sstevel@tonic-gate NULL, 378*0Sstevel@tonic-gate auth_result == SASL_INTERACT ? 379*0Sstevel@tonic-gate convert_prompt(params->utils, &text->h, 380*0Sstevel@tonic-gate gettext("Please enter your authentication name")) 381*0Sstevel@tonic-gate : NULL, 382*0Sstevel@tonic-gate NULL, 383*0Sstevel@tonic-gate pass_result == SASL_INTERACT ? 384*0Sstevel@tonic-gate convert_prompt(params->utils, &text->h, 385*0Sstevel@tonic-gate gettext("Please enter your password")) : NULL, 386*0Sstevel@tonic-gate NULL, 387*0Sstevel@tonic-gate NULL, NULL, NULL, 388*0Sstevel@tonic-gate NULL, NULL, NULL); 389*0Sstevel@tonic-gate #else 390*0Sstevel@tonic-gate _plug_make_prompts(params->utils, prompt_need, 391*0Sstevel@tonic-gate user_result == SASL_INTERACT ? 392*0Sstevel@tonic-gate "Please enter your authorization name" : NULL, 393*0Sstevel@tonic-gate NULL, 394*0Sstevel@tonic-gate auth_result == SASL_INTERACT ? 395*0Sstevel@tonic-gate "Please enter your authentication name" : NULL, 396*0Sstevel@tonic-gate NULL, 397*0Sstevel@tonic-gate pass_result == SASL_INTERACT ? 398*0Sstevel@tonic-gate "Please enter your password" : NULL, NULL, 399*0Sstevel@tonic-gate NULL, NULL, NULL, 400*0Sstevel@tonic-gate NULL, NULL, NULL); 401*0Sstevel@tonic-gate #endif /* _INTEGRATED_SOLARIS_ */ 402*0Sstevel@tonic-gate if (result != SASL_OK) goto cleanup; 403*0Sstevel@tonic-gate 404*0Sstevel@tonic-gate return SASL_INTERACT; 405*0Sstevel@tonic-gate } 406*0Sstevel@tonic-gate 407*0Sstevel@tonic-gate if (!password) { 408*0Sstevel@tonic-gate PARAMERROR(params->utils); 409*0Sstevel@tonic-gate return SASL_BADPARAM; 410*0Sstevel@tonic-gate } 411*0Sstevel@tonic-gate 412*0Sstevel@tonic-gate if (!user || !*user) { 413*0Sstevel@tonic-gate result = params->canon_user(params->utils->conn, authid, 0, 414*0Sstevel@tonic-gate SASL_CU_AUTHID | SASL_CU_AUTHZID, oparams); 415*0Sstevel@tonic-gate } 416*0Sstevel@tonic-gate else { 417*0Sstevel@tonic-gate result = params->canon_user(params->utils->conn, user, 0, 418*0Sstevel@tonic-gate SASL_CU_AUTHZID, oparams); 419*0Sstevel@tonic-gate if (result != SASL_OK) goto cleanup; 420*0Sstevel@tonic-gate 421*0Sstevel@tonic-gate result = params->canon_user(params->utils->conn, authid, 0, 422*0Sstevel@tonic-gate SASL_CU_AUTHID, oparams); 423*0Sstevel@tonic-gate } 424*0Sstevel@tonic-gate if (result != SASL_OK) goto cleanup; 425*0Sstevel@tonic-gate 426*0Sstevel@tonic-gate /* send authorized id NUL authentication id NUL password */ 427*0Sstevel@tonic-gate *clientoutlen = (oparams->ulen + 1 428*0Sstevel@tonic-gate + oparams->alen + 1 429*0Sstevel@tonic-gate + password->len); 430*0Sstevel@tonic-gate 431*0Sstevel@tonic-gate /* remember the extra NUL on the end for stupid clients */ 432*0Sstevel@tonic-gate result = _plug_buf_alloc(params->utils, &(text->out_buf), 433*0Sstevel@tonic-gate &(text->out_buf_len), *clientoutlen + 1); 434*0Sstevel@tonic-gate if (result != SASL_OK) goto cleanup; 435*0Sstevel@tonic-gate 436*0Sstevel@tonic-gate memset(text->out_buf, 0, *clientoutlen + 1); 437*0Sstevel@tonic-gate memcpy(text->out_buf, oparams->user, oparams->ulen); 438*0Sstevel@tonic-gate memcpy(text->out_buf + oparams->ulen + 1, oparams->authid, oparams->alen); 439*0Sstevel@tonic-gate memcpy(text->out_buf + oparams->ulen + oparams->alen + 2, 440*0Sstevel@tonic-gate password->data, password->len); 441*0Sstevel@tonic-gate 442*0Sstevel@tonic-gate *clientout = text->out_buf; 443*0Sstevel@tonic-gate 444*0Sstevel@tonic-gate /* set oparams */ 445*0Sstevel@tonic-gate oparams->doneflag = 1; 446*0Sstevel@tonic-gate oparams->mech_ssf = 0; 447*0Sstevel@tonic-gate oparams->maxoutbuf = 0; 448*0Sstevel@tonic-gate oparams->encode_context = NULL; 449*0Sstevel@tonic-gate oparams->encode = NULL; 450*0Sstevel@tonic-gate oparams->decode_context = NULL; 451*0Sstevel@tonic-gate oparams->decode = NULL; 452*0Sstevel@tonic-gate oparams->param_version = 0; 453*0Sstevel@tonic-gate 454*0Sstevel@tonic-gate result = SASL_OK; 455*0Sstevel@tonic-gate 456*0Sstevel@tonic-gate cleanup: 457*0Sstevel@tonic-gate /* free sensitive info */ 458*0Sstevel@tonic-gate if (free_password) _plug_free_secret(params->utils, &password); 459*0Sstevel@tonic-gate 460*0Sstevel@tonic-gate return result; 461*0Sstevel@tonic-gate } 462*0Sstevel@tonic-gate 463*0Sstevel@tonic-gate static void plain_client_mech_dispose(void *conn_context, 464*0Sstevel@tonic-gate const sasl_utils_t *utils) 465*0Sstevel@tonic-gate { 466*0Sstevel@tonic-gate client_context_t *text = (client_context_t *) conn_context; 467*0Sstevel@tonic-gate 468*0Sstevel@tonic-gate if (!text) return; 469*0Sstevel@tonic-gate 470*0Sstevel@tonic-gate if (text->out_buf) utils->free(text->out_buf); 471*0Sstevel@tonic-gate #ifdef _INTEGRATED_SOLARIS_ 472*0Sstevel@tonic-gate convert_prompt(utils, &text->h, NULL); 473*0Sstevel@tonic-gate #endif /* _INTEGRATED_SOLARIS_ */ 474*0Sstevel@tonic-gate 475*0Sstevel@tonic-gate utils->free(text); 476*0Sstevel@tonic-gate } 477*0Sstevel@tonic-gate 478*0Sstevel@tonic-gate static sasl_client_plug_t plain_client_plugins[] = 479*0Sstevel@tonic-gate { 480*0Sstevel@tonic-gate { 481*0Sstevel@tonic-gate "PLAIN", /* mech_name */ 482*0Sstevel@tonic-gate 0, /* max_ssf */ 483*0Sstevel@tonic-gate SASL_SEC_NOANONYMOUS, /* security_flags */ 484*0Sstevel@tonic-gate SASL_FEAT_WANT_CLIENT_FIRST 485*0Sstevel@tonic-gate | SASL_FEAT_ALLOWS_PROXY, /* features */ 486*0Sstevel@tonic-gate NULL, /* required_prompts */ 487*0Sstevel@tonic-gate NULL, /* glob_context */ 488*0Sstevel@tonic-gate &plain_client_mech_new, /* mech_new */ 489*0Sstevel@tonic-gate &plain_client_mech_step, /* mech_step */ 490*0Sstevel@tonic-gate &plain_client_mech_dispose, /* mech_dispose */ 491*0Sstevel@tonic-gate NULL, /* mech_free */ 492*0Sstevel@tonic-gate NULL, /* idle */ 493*0Sstevel@tonic-gate NULL, /* spare */ 494*0Sstevel@tonic-gate NULL /* spare */ 495*0Sstevel@tonic-gate } 496*0Sstevel@tonic-gate }; 497*0Sstevel@tonic-gate 498*0Sstevel@tonic-gate int plain_client_plug_init(sasl_utils_t *utils, 499*0Sstevel@tonic-gate int maxversion, 500*0Sstevel@tonic-gate int *out_version, 501*0Sstevel@tonic-gate sasl_client_plug_t **pluglist, 502*0Sstevel@tonic-gate int *plugcount) 503*0Sstevel@tonic-gate { 504*0Sstevel@tonic-gate if (maxversion < SASL_CLIENT_PLUG_VERSION) { 505*0Sstevel@tonic-gate SETERROR(utils, "PLAIN version mismatch"); 506*0Sstevel@tonic-gate return SASL_BADVERS; 507*0Sstevel@tonic-gate } 508*0Sstevel@tonic-gate 509*0Sstevel@tonic-gate *out_version = SASL_CLIENT_PLUG_VERSION; 510*0Sstevel@tonic-gate *pluglist = plain_client_plugins; 511*0Sstevel@tonic-gate *plugcount = 1; 512*0Sstevel@tonic-gate 513*0Sstevel@tonic-gate return SASL_OK; 514*0Sstevel@tonic-gate } 515