Add a little SASL framework and remove old X-DIGEST-MD5 hardcode.

This code is not called (yet).
2025-12-20 22:59:34 -05:00 · 1999-08-03 02:37:42 +00:00 · 1999-08-03 02:37:42 +00:00 · f90ed5aef8
commit f90ed5aef8
parent 79fb44b129
8 changed files with 106 additions and 14 deletions
--- a/2
+++ b/2
@ -10492,7 +10492,7 @@ fi
 		if test $have_cyrus_sasl != no ; then
 			LUTIL_LIBS="$LUTIL_LIBS -lsasl"
 			cat >> confdefs.h <<\EOF
-#define HAVE_CRYUS_SASL 1
+#define HAVE_CYRUS_SASL 1
 EOF

 			ol_link_sasl=yes
--- a/configure.in
+++ b/configure.in
@ -1653,7 +1653,7 @@ if test $ol_with_cyrus_sasl != no ; then

 		if test $have_cyrus_sasl != no ; then
 			LUTIL_LIBS="$LUTIL_LIBS -lsasl"
-			AC_DEFINE(HAVE_CRYUS_SASL,1,[define if you have Cyrus SASL])
+			AC_DEFINE(HAVE_CYRUS_SASL,1,[define if you have Cyrus SASL])
 			ol_link_sasl=yes
 		fi
 	fi
--- a/include/portable.h.in
+++ b/include/portable.h.in
@ -700,7 +700,7 @@
 #undef NO_TERMCAP

 /* define if you have Cyrus SASL */
-#undef HAVE_CRYUS_SASL
+#undef HAVE_CYRUS_SASL

 /* define if you actually have FreeBSD fetch(3) */
 #undef HAVE_FETCH
--- a/servers/slapd/Makefile.in
+++ b/servers/slapd/Makefile.in
@ -11,7 +11,7 @@ SRCS	= main.c daemon.c connection.c search.c filter.c add.c charray.c \
 		phonetic.c acl.c str2filter.c aclparse.c init.c user.c \
 		repl.c lock.c controls.c extended.c \
 		schema.c schemaparse.c monitor.c configinfo.c \
-		root_dse.c module.c suffixalias.c
+		root_dse.c sasl.c module.c suffixalias.c
 OBJS	= main.o daemon.o connection.o search.o filter.o add.o charray.o \
 		attr.o entry.o config.o backend.o result.o operation.o \
 		dn.o compare.o modify.o delete.o modrdn.o ch_malloc.o \
@ -19,7 +19,7 @@ OBJS	= main.o daemon.o connection.o search.o filter.o add.o charray.o \
 		phonetic.o acl.o str2filter.o aclparse.o init.o user.o \
 		repl.o lock.o controls.o extended.o \
 		schema.o schemaparse.o monitor.o configinfo.o \
-		root_dse.o module.o suffixalias.o
+		root_dse.o sasl.o module.o suffixalias.o

 LDAP_INCDIR= ../../include
 LDAP_LIBDIR= ../../libraries
--- a/servers/slapd/bind.c
+++ b/servers/slapd/bind.c
@ -21,10 +21,7 @@

 #include "slap.h"

-char *supportedSASLMechanisms[] = {
-	"X-DIGEST-MD5",
-	NULL
-};
+char **supportedSASLMechanisms = NULL;

 int
 do_bind(
--- a/servers/slapd/proto-slap.h
+++ b/servers/slapd/proto-slap.h
@ -243,7 +243,7 @@ int load_module LDAP_P(( const char* file_name, int argc, char *argv[] ));
 */
 extern char *supportedExtensions[];
 extern char *supportedControls[];
-extern char *supportedSASLMechanisms[];
+extern char **supportedSASLMechanisms;

 void monitor_info LDAP_P((
 	Connection *conn,
--- a/servers/slapd/root_dse.c
+++ b/servers/slapd/root_dse.c
@ -88,10 +88,12 @@ root_dse_info( Connection *conn, Operation *op, char **attrs, int attrsonly )
 	}

 	/* supportedSASLMechanism */
-	for ( i=0; supportedSASLMechanisms[i] != NULL; i++ ) {
-		val.bv_val = supportedSASLMechanisms[i];
-		val.bv_len = strlen( val.bv_val );
-		attr_merge( e, "supportedSASLMechanisms", vals );
+	if( supportedSASLMechanisms != NULL ) {
+		for ( i=0; supportedSASLMechanisms[i] != NULL; i++ ) {
+			val.bv_val = supportedSASLMechanisms[i];
+			val.bv_len = strlen( val.bv_val );
+			attr_merge( e, "supportedSASLMechanisms", vals );
+		}
 	}

 	if ( default_referral != NULL ) {
--- a/servers/slapd/sasl.c
+++ b/servers/slapd/sasl.c
@ -0,0 +1,93 @@
+#include "portable.h"
+
+#ifdef HAVE_CYRUS_SASL
+
+#include <stdio.h>
+
+#include "slap.h"
+#include "proto-slap.h"
+
+#include <lber.h>
+#include <ldap_log.h>
+
+#ifdef MAIN
+#undef Debug
+#define Debug(x,s,a,b,c) fprintf(stderr, s, a, b, c)
+#endif
+
+#include <sasl.h>
+
+/* sasl server context */
+static sasl_conn_t *server = NULL;
+
+int sasl_init( void )
+{
+	int rc;
+	char *data;
+	unsigned len, count;
+	sasl_security_properties_t secprops;
+
+	rc = sasl_server_init( NULL, "slapd" );
+
+	if( rc != SASL_OK ) {
+		Debug( LDAP_DEBUG_ANY, "sasl_server_init failed\n",
+			0, 0, 0 );
+		exit(-1);
+	}
+
+	rc = sasl_server_new( "ldap", NULL, NULL, NULL,
+		SASL_SECURITY_LAYER, 
+		&server );
+
+	if( rc != SASL_OK ) {
+		Debug( LDAP_DEBUG_ANY, "sasl_server_new failed\n",
+			0, 0, 0 );
+		exit(-1);
+	}
+
+	memset(&secprops, 0, sizeof(secprops));
+	secprops.security_flags = SASL_SEC_NOPLAINTEXT | SASL_SEC_NOANONYMOUS;
+	secprops.property_names = NULL;
+	secprops.property_values = NULL;
+	
+	rc = sasl_setprop( server, SASL_SEC_PROPS, &secprops );
+
+	if( rc != SASL_OK ) {
+		Debug( LDAP_DEBUG_ANY, "sasl_setprop failed\n",
+			0, 0, 0 );
+		exit(-1);
+	}
+
+	rc = sasl_listmech( server, NULL, NULL, ",", NULL,
+		&data, &len, &count);
+
+	if( rc != SASL_OK ) {
+		Debug( LDAP_DEBUG_ANY, "sasl_listmech failed: %d\n",
+			rc, 0, 0 );
+		exit(-1);
+	}
+
+	Debug( LDAP_DEBUG_TRACE, "SASL mechanisms: %s\n",
+		data, 0, 0 );
+
+	return 0;
+}
+
+int sasl_destory( void )
+{
+	if( server != NULL ) {
+		sasl_dispose( &server );
+	}
+}
+
+#ifdef MAIN
+int main( int argc, char* argv[] )
+{
+	int rc = sasl_init();
+
+	sasl_destory();
+
+	exit(rc);
+}
+#endif
+#endif