Commit 6393523f authored by Kurt Zeilenga's avatar Kurt Zeilenga
Browse files

Expose sasl flags to -lldap (so they can be quiet)

Fix interactive and automatic modes.  Quiet needs work.
parent 44b42ba9
......@@ -27,7 +27,7 @@ static char *ldaphost = NULL;
static int ldapport = 0;
static int prune = 0;
#ifdef HAVE_CYRUS_SASL
static unsigned sasl_flags = LUTIL_SASL_AUTOMATIC;
static unsigned sasl_flags = LDAP_SASL_AUTOMATIC;
static char *sasl_mech = NULL;
static char *sasl_realm = NULL;
static char *sasl_authc_id = NULL;
......@@ -142,6 +142,28 @@ main( int argc, char **argv )
}
ldaphost = strdup( optarg );
break;
case 'I':
#ifdef HAVE_CYRUS_SASL
if( version == LDAP_VERSION2 ) {
fprintf( stderr, "%s: -I incompatible with version %d\n",
prog, version );
return EXIT_FAILURE;
}
if( authmethod != -1 && authmethod != LDAP_AUTH_SASL ) {
fprintf( stderr, "%s: incompatible previous "
"authentication choice\n",
prog );
return EXIT_FAILURE;
}
authmethod = LDAP_AUTH_SASL;
version = LDAP_VERSION3;
sasl_flags = LDAP_SASL_INTERACTIVE;
break;
#else
fprintf( stderr, "%s: was not compiled with SASL support\n",
prog );
return( EXIT_FAILURE );
#endif
case 'k': /* kerberos bind */
#ifdef LDAP_API_FEATURE_X_OPENLDAP_V2_KBIND
if( version > LDAP_VERSION2 ) {
......@@ -265,7 +287,8 @@ main( int argc, char **argv )
}
authmethod = LDAP_AUTH_SASL;
version = LDAP_VERSION3;
sasl_flags = LUTIL_SASL_QUIET;
sasl_flags = LDAP_SASL_QUIET;
break;
#else
fprintf( stderr, "%s: was not compiled with SASL support\n",
prog );
......@@ -507,7 +530,7 @@ main( int argc, char **argv )
}
}
defaults = lutil_sasl_defaults( ld, sasl_flags,
defaults = lutil_sasl_defaults( ld,
sasl_mech,
sasl_realm,
sasl_authc_id,
......@@ -516,7 +539,7 @@ main( int argc, char **argv )
rc = ldap_sasl_interactive_bind_s( ld, binddn,
sasl_mech, NULL, NULL,
lutil_sasl_interact, defaults );
sasl_flags, lutil_sasl_interact, defaults );
if( rc != LDAP_SUCCESS ) {
ldap_perror( ld, "ldap_sasl_interactive_bind_s" );
......
......@@ -39,7 +39,7 @@ static struct berval passwd = { 0, NULL };
static char *ldaphost = NULL;
static int ldapport = 0;
#ifdef HAVE_CYRUS_SASL
static unsigned sasl_flags = LUTIL_SASL_AUTOMATIC;
static unsigned sasl_flags = LDAP_SASL_AUTOMATIC;
static char *sasl_realm = NULL;
static char *sasl_authc_id = NULL;
static char *sasl_authz_id = NULL;
......@@ -200,6 +200,28 @@ main( int argc, char **argv )
}
ldaphost = strdup( optarg );
break;
case 'I':
#ifdef HAVE_CYRUS_SASL
if( version == LDAP_VERSION2 ) {
fprintf( stderr, "%s: -I incompatible with version %d\n",
prog, version );
return EXIT_FAILURE;
}
if( authmethod != -1 && authmethod != LDAP_AUTH_SASL ) {
fprintf( stderr, "%s: incompatible previous "
"authentication choice\n",
prog );
return EXIT_FAILURE;
}
authmethod = LDAP_AUTH_SASL;
version = LDAP_VERSION3;
sasl_flags = LDAP_SASL_INTERACTIVE;
break;
#else
fprintf( stderr, "%s: was not compiled with SASL support\n",
prog );
return( EXIT_FAILURE );
#endif
case 'k': /* kerberos bind */
#ifdef LDAP_API_FEATURE_X_OPENLDAP_V2_KBIND
if( version > LDAP_VERSION2 ) {
......@@ -323,7 +345,8 @@ main( int argc, char **argv )
}
authmethod = LDAP_AUTH_SASL;
version = LDAP_VERSION3;
sasl_flags = LUTIL_SASL_QUIET;
sasl_flags = LDAP_SASL_QUIET;
break;
#else
fprintf( stderr, "%s: was not compiled with SASL support\n",
prog );
......@@ -571,7 +594,7 @@ main( int argc, char **argv )
}
}
defaults = lutil_sasl_defaults( ld, sasl_flags,
defaults = lutil_sasl_defaults( ld,
sasl_mech,
sasl_realm,
sasl_authc_id,
......@@ -580,7 +603,7 @@ main( int argc, char **argv )
rc = ldap_sasl_interactive_bind_s( ld, binddn,
sasl_mech, NULL, NULL,
lutil_sasl_interact, defaults );
sasl_flags, lutil_sasl_interact, defaults );
if( rc != LDAP_SUCCESS ) {
ldap_perror( ld, "ldap_sasl_interactive_bind_s" );
......
......@@ -37,7 +37,7 @@ static struct berval passwd = { 0, NULL };
static char *ldaphost = NULL;
static int ldapport = 0;
#ifdef HAVE_CYRUS_SASL
static unsigned sasl_flags = LUTIL_SASL_AUTOMATIC;
static unsigned sasl_flags = LDAP_SASL_AUTOMATIC;
static char *sasl_realm = NULL;
static char *sasl_authc_id = NULL;
static char *sasl_authz_id = NULL;
......@@ -161,6 +161,28 @@ main(int argc, char **argv)
}
ldaphost = strdup( optarg );
break;
case 'I':
#ifdef HAVE_CYRUS_SASL
if( version == LDAP_VERSION2 ) {
fprintf( stderr, "%s: -I incompatible with version %d\n",
prog, version );
return EXIT_FAILURE;
}
if( authmethod != -1 && authmethod != LDAP_AUTH_SASL ) {
fprintf( stderr, "%s: incompatible previous "
"authentication choice\n",
prog );
return EXIT_FAILURE;
}
authmethod = LDAP_AUTH_SASL;
version = LDAP_VERSION3;
sasl_flags = LDAP_SASL_INTERACTIVE;
break;
#else
fprintf( stderr, "%s: was not compiled with SASL support\n",
prog );
return( EXIT_FAILURE );
#endif
case 'k': /* kerberos bind */
#ifdef LDAP_API_FEATURE_X_OPENLDAP_V2_KBIND
if( version > LDAP_VERSION2 ) {
......@@ -284,7 +306,8 @@ main(int argc, char **argv)
}
authmethod = LDAP_AUTH_SASL;
version = LDAP_VERSION3;
sasl_flags = LUTIL_SASL_QUIET;
sasl_flags = LDAP_SASL_QUIET;
break;
#else
fprintf( stderr, "%s: was not compiled with SASL support\n",
prog );
......@@ -541,7 +564,7 @@ main(int argc, char **argv)
}
}
defaults = lutil_sasl_defaults( ld, sasl_flags,
defaults = lutil_sasl_defaults( ld,
sasl_mech,
sasl_realm,
sasl_authc_id,
......@@ -550,7 +573,7 @@ main(int argc, char **argv)
rc = ldap_sasl_interactive_bind_s( ld, binddn,
sasl_mech, NULL, NULL,
lutil_sasl_interact, defaults );
sasl_flags, lutil_sasl_interact, defaults );
if( rc != LDAP_SUCCESS ) {
ldap_perror( ld, "ldap_sasl_interactive_bind_s" );
......
......@@ -87,7 +87,7 @@ main( int argc, char *argv[] )
int authmethod = -1;
int manageDSAit = 0;
#ifdef HAVE_CYRUS_SASL
unsigned sasl_flags = LUTIL_SASL_AUTOMATIC;
unsigned sasl_flags = LDAP_SASL_AUTOMATIC;
char *sasl_realm = NULL;
char *sasl_authc_id = NULL;
char *sasl_authz_id = NULL;
......@@ -167,6 +167,28 @@ main( int argc, char *argv[] )
}
ldaphost = strdup( optarg );
break;
case 'I':
#ifdef HAVE_CYRUS_SASL
if( version == LDAP_VERSION2 ) {
fprintf( stderr, "%s: -I incompatible with version %d\n",
prog, version );
return EXIT_FAILURE;
}
if( authmethod != -1 && authmethod != LDAP_AUTH_SASL ) {
fprintf( stderr, "%s: incompatible previous "
"authentication choice\n",
prog );
return EXIT_FAILURE;
}
authmethod = LDAP_AUTH_SASL;
version = LDAP_VERSION3;
sasl_flags = LDAP_SASL_INTERACTIVE;
break;
#else
fprintf( stderr, "%s: was not compiled with SASL support\n",
prog );
return( EXIT_FAILURE );
#endif
case 'k': /* kerberos bind */
#ifdef LDAP_API_FEATURE_X_OPENLDAP_V2_KBIND
if( version > LDAP_VERSION2 ) {
......@@ -290,7 +312,8 @@ main( int argc, char *argv[] )
}
authmethod = LDAP_AUTH_SASL;
version = LDAP_VERSION3;
sasl_flags = LUTIL_SASL_QUIET;
sasl_flags = LDAP_SASL_QUIET;
break;
#else
fprintf( stderr, "%s: was not compiled with SASL support\n",
prog );
......@@ -566,7 +589,7 @@ main( int argc, char *argv[] )
}
}
defaults = lutil_sasl_defaults( ld, sasl_flags,
defaults = lutil_sasl_defaults( ld,
sasl_mech,
sasl_realm,
sasl_authc_id,
......@@ -575,7 +598,7 @@ main( int argc, char *argv[] )
rc = ldap_sasl_interactive_bind_s( ld, binddn,
sasl_mech, NULL, NULL,
lutil_sasl_interact, defaults );
sasl_flags, lutil_sasl_interact, defaults );
if( rc != LDAP_SUCCESS ) {
ldap_perror( ld, "ldap_sasl_interactive_bind_s" );
......
......@@ -47,7 +47,7 @@ usage( const char *s )
"\t\t+ -- all operational attributes\n"
"Search options:\n"
"\t-a deref\tdereference aliases: never (default), always, search, or find\n"
"\t-a deref\tone of never (default), always, search, or find\n"
"\t-A\t\tretrieve attribute names only (no values)\n"
"\t-b basedn\tbase dn for search\n"
"\t-l limit\ttime limit (in seconds) for search\n"
......@@ -146,7 +146,7 @@ static char *base = NULL;
static char *ldaphost = NULL;
static int ldapport = 0;
#ifdef HAVE_CYRUS_SASL
static unsigned sasl_flags = LUTIL_SASL_AUTOMATIC;
static unsigned sasl_flags = LDAP_SASL_AUTOMATIC;
static char *sasl_realm = NULL;
static char *sasl_authc_id = NULL;
static char *sasl_authz_id = NULL;
......@@ -270,6 +270,28 @@ main( int argc, char **argv )
}
ldaphost = strdup( optarg );
break;
case 'I':
#ifdef HAVE_CYRUS_SASL
if( version == LDAP_VERSION2 ) {
fprintf( stderr, "%s: -I incompatible with version %d\n",
prog, version );
return EXIT_FAILURE;
}
if( authmethod != -1 && authmethod != LDAP_AUTH_SASL ) {
fprintf( stderr, "%s: incompatible previous "
"authentication choice\n",
prog );
return EXIT_FAILURE;
}
authmethod = LDAP_AUTH_SASL;
version = LDAP_VERSION3;
sasl_flags = LDAP_SASL_INTERACTIVE;
break;
#else
fprintf( stderr, "%s: was not compiled with SASL support\n",
prog );
return( EXIT_FAILURE );
#endif
case 'k': /* kerberos bind */
#ifdef LDAP_API_FEATURE_X_OPENLDAP_V2_KBIND
if( version > LDAP_VERSION2 ) {
......@@ -393,7 +415,8 @@ main( int argc, char **argv )
}
authmethod = LDAP_AUTH_SASL;
version = LDAP_VERSION3;
sasl_flags = LUTIL_SASL_QUIET;
sasl_flags = LDAP_SASL_QUIET;
break;
#else
fprintf( stderr, "%s: was not compiled with SASL support\n",
prog );
......@@ -698,7 +721,7 @@ main( int argc, char **argv )
}
}
defaults = lutil_sasl_defaults( ld, sasl_flags,
defaults = lutil_sasl_defaults( ld,
sasl_mech,
sasl_realm,
sasl_authc_id,
......@@ -707,7 +730,7 @@ main( int argc, char **argv )
rc = ldap_sasl_interactive_bind_s( ld, binddn,
sasl_mech, NULL, NULL,
lutil_sasl_interact, defaults );
sasl_flags, lutil_sasl_interact, defaults );
if( rc != LDAP_SUCCESS ) {
ldap_perror( ld, "ldap_sasl_interactive_bind_s" );
......
......@@ -695,10 +695,22 @@ ldap_sasl_bind LDAP_P((
LDAPControl **clientctrls,
int *msgidp ));
/* V3 SASL Interaction Function Callback Prototype */
/* when using Cyrus SASL, interact is pointer to sasl_interact_t */
/* Interaction flags (should be passed about in a control)
* Automatic (default): use defaults, prompt otherwise
* Interactive: prompt always
* Quiet: never prompt
*/
#define LDAP_SASL_AUTOMATIC 0U
#define LDAP_SASL_INTERACTIVE 1U
#define LDAP_SASL_QUIET 2U
/*
* V3 SASL Interaction Function Callback Prototype
* when using Cyrus SASL, interact is pointer to sasl_interact_t
* should likely passed in a control (and provided controls)
*/
typedef int (LDAP_SASL_INTERACT_PROC) LDAP_P((
LDAP *ld, void* defaults, void *interact ));
LDAP *ld, unsigned flags, void* defaults, void *interact ));
LDAP_F( int )
ldap_sasl_interactive_bind_s LDAP_P((
......@@ -707,6 +719,9 @@ ldap_sasl_interactive_bind_s LDAP_P((
LDAP_CONST char *saslMechanism,
LDAPControl **serverControls,
LDAPControl **clientControls,
/* should be client controls */
unsigned flags,
LDAP_SASL_INTERACT_PROC *proc,
void *defaults ));
......
......@@ -21,19 +21,9 @@
LDAP_BEGIN_DECL
/*
* Automatic (default): use defaults, prompt otherwise
* Interactive: prompt always
* Quiet: never prompt
*/
#define LUTIL_SASL_AUTOMATIC 0U
#define LUTIL_SASL_INTERACTIVE 1U
#define LUTIL_SASL_QUIET 2U
LDAP_LUTIL_F( void * )
lutil_sasl_defaults LDAP_P((
LDAP *ld,
unsigned flags,
char *mech,
char *realm,
char *authcid,
......@@ -42,7 +32,7 @@ lutil_sasl_defaults LDAP_P((
LDAP_LUTIL_F( int )
lutil_sasl_interact LDAP_P((
LDAP *ld, void *defaults, void *p ));
LDAP *ld, unsigned flags, void *defaults, void *p ));
LDAP_END_DECL
......
......@@ -455,6 +455,7 @@ ldap_int_sasl_bind(
const char *mechs,
LDAPControl **sctrls,
LDAPControl **cctrls,
unsigned flags,
LDAP_SASL_INTERACT_PROC *interact,
void * defaults )
{
......@@ -519,14 +520,16 @@ ldap_int_sasl_bind(
if( pmech == NULL && mech != NULL ) {
pmech = mech;
fprintf(stderr,
"SASL/%s authentication started\n",
pmech );
if( flags != LDAP_SASL_QUIET ) {
fprintf(stderr,
"SASL/%s authentication started\n",
pmech );
}
}
if( saslrc == SASL_INTERACT ) {
if( !interact ) break;
rc = (interact)( ld, defaults, prompts );
rc = (interact)( ld, flags, defaults, prompts );
if( rc != LDAP_SUCCESS ) {
break;
}
......@@ -575,7 +578,7 @@ ldap_int_sasl_bind(
if( saslrc == SASL_INTERACT ) {
int res;
if( !interact ) break;
res = (interact)( ld, defaults, prompts );
rc = (interact)( ld, flags, defaults, prompts );
if( res != LDAP_SUCCESS ) {
break;
}
......@@ -595,24 +598,30 @@ ldap_int_sasl_bind(
/* likely should add a quiet option */
saslrc = sasl_getprop( ctx, SASL_USERNAME, (void **) &data );
if( saslrc == SASL_OK ) {
fprintf( stderr, "SASL username: %s\n", data );
}
if( flags != LDAP_SASL_QUIET ) {
saslrc = sasl_getprop( ctx, SASL_USERNAME, (void **) &data );
if( saslrc == SASL_OK ) {
fprintf( stderr, "SASL username: %s\n", data );
}
saslrc = sasl_getprop( ctx, SASL_REALM, (void **) &data );
if( saslrc == SASL_OK ) {
fprintf( stderr, "SASL realm: %s\n", data );
saslrc = sasl_getprop( ctx, SASL_REALM, (void **) &data );
if( saslrc == SASL_OK ) {
fprintf( stderr, "SASL realm: %s\n", data );
}
}
saslrc = sasl_getprop( ctx, SASL_SSF, (void **) &ssf );
if( saslrc == SASL_OK ) {
fprintf( stderr, "SASL SSF: %lu\n",
(unsigned long) *ssf );
if( flags != LDAP_SASL_QUIET ) {
fprintf( stderr, "SASL SSF: %lu\n",
(unsigned long) *ssf );
}
#ifdef LDAP_SASL_SECURITY_LAYER
if( ssf && *ssf ) {
fprintf( stderr, "SASL installing layers\n" );
if( flags != LDAP_SASL_QUIET ) {
fprintf( stderr, "SASL installing layers\n" );
}
ldap_pvt_sasl_install( ld->ld_sb, ctx );
}
#endif
......
......@@ -556,8 +556,11 @@ LDAP_F (int) ldap_int_sasl_bind LDAP_P((
const char *,
const char *,
LDAPControl **, LDAPControl **,
/* should be passed in client controls */
unsigned flags,
LDAP_SASL_INTERACT_PROC *interact,
void *defaults));
void *defaults ));
/*
* in tls.c
......
......@@ -410,6 +410,7 @@ ldap_sasl_interactive_bind_s(
LDAP_CONST char *mechs,
LDAPControl **serverControls,
LDAPControl **clientControls,
unsigned flags,
LDAP_SASL_INTERACT_PROC *interact,
void *defaults )
{
......@@ -438,7 +439,7 @@ ldap_sasl_interactive_bind_s(
rc = ldap_int_sasl_bind( ld, dn, mechs,
serverControls, clientControls,
interact, defaults );
flags, interact, defaults );
return rc;
}
......@@ -20,7 +20,6 @@
typedef struct lutil_sasl_defaults_s {
unsigned flags;
char *mech;
char *realm;
char *authcid;
......@@ -32,7 +31,6 @@ typedef struct lutil_sasl_defaults_s {
void *
lutil_sasl_defaults(
LDAP *ld,
unsigned flags,
char *mech,
char *realm,
char *authcid,
......@@ -45,7 +43,6 @@ lutil_sasl_defaults(
if( defaults == NULL ) return NULL;
defaults->flags = flags;
defaults->mech = mech;
defaults->realm = realm;
defaults->authcid = authcid;
......@@ -69,9 +66,10 @@ lutil_sasl_defaults(
}
static int interaction(
sasl_interact_t *interact, lutilSASLdefaults *defaults )
unsigned flags,
sasl_interact_t *interact,
lutilSASLdefaults *defaults )
{
unsigned flags = defaults ? defaults->flags : 0;
const char *dflt = interact->defresult;
char input[1024];
......@@ -103,11 +101,11 @@ static int interaction(
if( dflt && !*dflt ) dflt = NULL;
if( flags != LUTIL_SASL_INTERACTIVE && dflt ) {
if( flags != LDAP_SASL_INTERACTIVE && dflt ) {
goto use_default;
}
if( flags == LUTIL_SASL_QUIET ) {
if( flags == LDAP_SASL_QUIET ) {
/* don't prompt */
return LDAP_OTHER;
}
......@@ -180,15 +178,18 @@ use_default:
int lutil_sasl_interact(
LDAP *ld,
unsigned flags,
void *defaults,
void *in )
{
sasl_interact_t *interact = in;
fputs( "SASL Interaction\n", stderr );
if( flags != LDAP_SASL_QUIET ) {
fputs( "SASL Interaction\n", stderr );
}
while( interact->id != SASL_CB_LIST_END ) {
int rc = interaction( interact, defaults );
int rc = interaction( flags, interact, defaults );
if( rc ) return rc;
interact++;
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment