Expose sasl flags to -lldap (so they can be quiet)

Fix interactive and automatic modes. Quiet needs work.

Expose sasl flags to -lldap (so they can be quiet)
Fix interactive and automatic modes. Quiet needs work.
6393523f · Kurt Zeilenga · 44b42ba9 · 6393523f · 6393523f · 6393523f
Commit 6393523f authored Jul 17, 2000 by Kurt Zeilenga
--- a/clients/tools/ldapdelete.c
+++ b/clients/tools/ldapdelete.c
@@ -27,7 +27,7 @@ static char	*ldaphost = NULL;
 static int	ldapport = 0;
 static int	prune = 0;
 #ifdef HAVE_CYRUS_SASL
-static unsigned sasl_flags = LUTIL_SASL_AUTOMATIC;
+static unsigned sasl_flags = LDAP_SASL_AUTOMATIC;
 static char	*sasl_mech = NULL;
 static char *sasl_realm = NULL;
 static char	*sasl_authc_id = NULL;
@@ -142,6 +142,28 @@ main( int argc, char **argv )
 		}
 	    ldaphost = strdup( optarg );
 	    break;
+	case 'I':
+#ifdef HAVE_CYRUS_SASL
+		if( version == LDAP_VERSION2 ) {
+			fprintf( stderr, "%s: -I incompatible with version %d\n",
+				prog, version );
+			return EXIT_FAILURE;
+		}
+		if( authmethod != -1 && authmethod != LDAP_AUTH_SASL ) {
+			fprintf( stderr, "%s: incompatible previous "
+				"authentication choice\n",
+				prog );
+			return EXIT_FAILURE;
+		}
+		authmethod = LDAP_AUTH_SASL;
+		version = LDAP_VERSION3;
+		sasl_flags = LDAP_SASL_INTERACTIVE;
+		break;
+#else
+		fprintf( stderr, "%s: was not compiled with SASL support\n",
+			prog );
+		return( EXIT_FAILURE );
+#endif
 	case 'k':	/* kerberos bind */
 #ifdef LDAP_API_FEATURE_X_OPENLDAP_V2_KBIND
 		if( version > LDAP_VERSION2 ) {
@@ -265,7 +287,8 @@ main( int argc, char **argv )
 		}
 		authmethod = LDAP_AUTH_SASL;
 		version = LDAP_VERSION3;
-		sasl_flags = LUTIL_SASL_QUIET;
+		sasl_flags = LDAP_SASL_QUIET;
+		break;
 #else
 		fprintf( stderr, "%s: was not compiled with SASL support\n",
 			prog );
@@ -507,7 +530,7 @@ main( int argc, char **argv )
 			}
 		}
 		
-		defaults = lutil_sasl_defaults( ld, sasl_flags,
+		defaults = lutil_sasl_defaults( ld,
 			sasl_mech,
 			sasl_realm,
 			sasl_authc_id,
@@ -516,7 +539,7 @@ main( int argc, char **argv )

 		rc = ldap_sasl_interactive_bind_s( ld, binddn,
 			sasl_mech, NULL, NULL,
-			lutil_sasl_interact, defaults );
+			sasl_flags, lutil_sasl_interact, defaults );

 		if( rc != LDAP_SUCCESS ) {
 			ldap_perror( ld, "ldap_sasl_interactive_bind_s" );

--- a/clients/tools/ldapmodify.c
+++ b/clients/tools/ldapmodify.c
@@ -39,7 +39,7 @@ static struct berval passwd = { 0, NULL };
 static char	*ldaphost = NULL;
 static int	ldapport = 0;
 #ifdef HAVE_CYRUS_SASL
-static unsigned sasl_flags = LUTIL_SASL_AUTOMATIC;
+static unsigned sasl_flags = LDAP_SASL_AUTOMATIC;
 static char *sasl_realm = NULL;
 static char	*sasl_authc_id = NULL;
 static char	*sasl_authz_id = NULL;
@@ -200,6 +200,28 @@ main( int argc, char **argv )
 		}
 	    ldaphost = strdup( optarg );
 	    break;
+	case 'I':
+#ifdef HAVE_CYRUS_SASL
+		if( version == LDAP_VERSION2 ) {
+			fprintf( stderr, "%s: -I incompatible with version %d\n",
+				prog, version );
+			return EXIT_FAILURE;
+		}
+		if( authmethod != -1 && authmethod != LDAP_AUTH_SASL ) {
+			fprintf( stderr, "%s: incompatible previous "
+				"authentication choice\n",
+				prog );
+			return EXIT_FAILURE;
+		}
+		authmethod = LDAP_AUTH_SASL;
+		version = LDAP_VERSION3;
+		sasl_flags = LDAP_SASL_INTERACTIVE;
+		break;
+#else
+		fprintf( stderr, "%s: was not compiled with SASL support\n",
+			prog );
+		return( EXIT_FAILURE );
+#endif
 	case 'k':	/* kerberos bind */
 #ifdef LDAP_API_FEATURE_X_OPENLDAP_V2_KBIND
 		if( version > LDAP_VERSION2 ) {
@@ -323,7 +345,8 @@ main( int argc, char **argv )
 		}
 		authmethod = LDAP_AUTH_SASL;
 		version = LDAP_VERSION3;
-		sasl_flags = LUTIL_SASL_QUIET;
+		sasl_flags = LDAP_SASL_QUIET;
+		break;
 #else
 		fprintf( stderr, "%s: was not compiled with SASL support\n",
 			prog );
@@ -571,7 +594,7 @@ main( int argc, char **argv )
 			}
 		}
 		
-		defaults = lutil_sasl_defaults( ld, sasl_flags,
+		defaults = lutil_sasl_defaults( ld,
 			sasl_mech,
 			sasl_realm,
 			sasl_authc_id,
@@ -580,7 +603,7 @@ main( int argc, char **argv )

 		rc = ldap_sasl_interactive_bind_s( ld, binddn,
 			sasl_mech, NULL, NULL,
-			lutil_sasl_interact, defaults );
+			sasl_flags, lutil_sasl_interact, defaults );

 		if( rc != LDAP_SUCCESS ) {
 			ldap_perror( ld, "ldap_sasl_interactive_bind_s" );

--- a/clients/tools/ldapmodrdn.c
+++ b/clients/tools/ldapmodrdn.c
@@ -37,7 +37,7 @@ static struct berval passwd = { 0, NULL };
 static char	*ldaphost = NULL;
 static int	ldapport = 0;
 #ifdef HAVE_CYRUS_SASL
-static unsigned sasl_flags = LUTIL_SASL_AUTOMATIC;
+static unsigned sasl_flags = LDAP_SASL_AUTOMATIC;
 static char *sasl_realm = NULL;
 static char	*sasl_authc_id = NULL;
 static char	*sasl_authz_id = NULL;
@@ -161,6 +161,28 @@ main(int argc, char **argv)
 		}
 	    ldaphost = strdup( optarg );
 	    break;
+	case 'I':
+#ifdef HAVE_CYRUS_SASL
+		if( version == LDAP_VERSION2 ) {
+			fprintf( stderr, "%s: -I incompatible with version %d\n",
+				prog, version );
+			return EXIT_FAILURE;
+		}
+		if( authmethod != -1 && authmethod != LDAP_AUTH_SASL ) {
+			fprintf( stderr, "%s: incompatible previous "
+				"authentication choice\n",
+				prog );
+			return EXIT_FAILURE;
+		}
+		authmethod = LDAP_AUTH_SASL;
+		version = LDAP_VERSION3;
+		sasl_flags = LDAP_SASL_INTERACTIVE;
+		break;
+#else
+		fprintf( stderr, "%s: was not compiled with SASL support\n",
+			prog );
+		return( EXIT_FAILURE );
+#endif
 	case 'k':	/* kerberos bind */
 #ifdef LDAP_API_FEATURE_X_OPENLDAP_V2_KBIND
 		if( version > LDAP_VERSION2 ) {
@@ -284,7 +306,8 @@ main(int argc, char **argv)
 		}
 		authmethod = LDAP_AUTH_SASL;
 		version = LDAP_VERSION3;
-		sasl_flags = LUTIL_SASL_QUIET;
+		sasl_flags = LDAP_SASL_QUIET;
+		break;
 #else
 		fprintf( stderr, "%s: was not compiled with SASL support\n",
 			prog );
@@ -541,7 +564,7 @@ main(int argc, char **argv)
 			}
 		}
 		
-		defaults = lutil_sasl_defaults( ld, sasl_flags,
+		defaults = lutil_sasl_defaults( ld,
 			sasl_mech,
 			sasl_realm,
 			sasl_authc_id,
@@ -550,7 +573,7 @@ main(int argc, char **argv)

 		rc = ldap_sasl_interactive_bind_s( ld, binddn,
 			sasl_mech, NULL, NULL,
-			lutil_sasl_interact, defaults );
+			sasl_flags, lutil_sasl_interact, defaults );

 		if( rc != LDAP_SUCCESS ) {
 			ldap_perror( ld, "ldap_sasl_interactive_bind_s" );

--- a/clients/tools/ldappasswd.c
+++ b/clients/tools/ldappasswd.c
@@ -87,7 +87,7 @@ main( int argc, char *argv[] )
 	int		authmethod = -1;
 	int		manageDSAit = 0;
 #ifdef HAVE_CYRUS_SASL
-	unsigned	sasl_flags = LUTIL_SASL_AUTOMATIC;
+	unsigned	sasl_flags = LDAP_SASL_AUTOMATIC;
 	char		*sasl_realm = NULL;
 	char		*sasl_authc_id = NULL;
 	char		*sasl_authz_id = NULL;
@@ -167,6 +167,28 @@ main( int argc, char *argv[] )
 		}
 	    ldaphost = strdup( optarg );
 	    break;
+	case 'I':
+#ifdef HAVE_CYRUS_SASL
+		if( version == LDAP_VERSION2 ) {
+			fprintf( stderr, "%s: -I incompatible with version %d\n",
+				prog, version );
+			return EXIT_FAILURE;
+		}
+		if( authmethod != -1 && authmethod != LDAP_AUTH_SASL ) {
+			fprintf( stderr, "%s: incompatible previous "
+				"authentication choice\n",
+				prog );
+			return EXIT_FAILURE;
+		}
+		authmethod = LDAP_AUTH_SASL;
+		version = LDAP_VERSION3;
+		sasl_flags = LDAP_SASL_INTERACTIVE;
+		break;
+#else
+		fprintf( stderr, "%s: was not compiled with SASL support\n",
+			prog );
+		return( EXIT_FAILURE );
+#endif
 	case 'k':	/* kerberos bind */
 #ifdef LDAP_API_FEATURE_X_OPENLDAP_V2_KBIND
 		if( version > LDAP_VERSION2 ) {
@@ -290,7 +312,8 @@ main( int argc, char *argv[] )
 		}
 		authmethod = LDAP_AUTH_SASL;
 		version = LDAP_VERSION3;
-		sasl_flags = LUTIL_SASL_QUIET;
+		sasl_flags = LDAP_SASL_QUIET;
+		break;
 #else
 		fprintf( stderr, "%s: was not compiled with SASL support\n",
 			prog );
@@ -566,7 +589,7 @@ main( int argc, char *argv[] )
 			}
 		}
 		
-		defaults = lutil_sasl_defaults( ld, sasl_flags,
+		defaults = lutil_sasl_defaults( ld,
 			sasl_mech,
 			sasl_realm,
 			sasl_authc_id,
@@ -575,7 +598,7 @@ main( int argc, char *argv[] )

 		rc = ldap_sasl_interactive_bind_s( ld, binddn,
 			sasl_mech, NULL, NULL,
-			lutil_sasl_interact, defaults );
+			sasl_flags, lutil_sasl_interact, defaults );

 		if( rc != LDAP_SUCCESS ) {
 			ldap_perror( ld, "ldap_sasl_interactive_bind_s" );

--- a/clients/tools/ldapsearch.c
+++ b/clients/tools/ldapsearch.c
@@ -47,7 +47,7 @@ usage( const char *s )
 "\t\t+   -- all operational attributes\n"

 "Search options:\n"
-"\t-a deref\tdereference aliases: never (default), always, search, or find\n"
+"\t-a deref\tone of never (default), always, search, or find\n"
 "\t-A\t\tretrieve attribute names only (no values)\n"
 "\t-b basedn\tbase dn for search\n"
 "\t-l limit\ttime limit (in seconds) for search\n"
@@ -146,7 +146,7 @@ static char	*base = NULL;
 static char	*ldaphost = NULL;
 static int	ldapport = 0;
 #ifdef HAVE_CYRUS_SASL
-static unsigned sasl_flags = LUTIL_SASL_AUTOMATIC;
+static unsigned sasl_flags = LDAP_SASL_AUTOMATIC;
 static char	*sasl_realm = NULL;
 static char	*sasl_authc_id = NULL;
 static char	*sasl_authz_id = NULL;
@@ -270,6 +270,28 @@ main( int argc, char **argv )
 		}
 	    ldaphost = strdup( optarg );
 	    break;
+	case 'I':
+#ifdef HAVE_CYRUS_SASL
+		if( version == LDAP_VERSION2 ) {
+			fprintf( stderr, "%s: -I incompatible with version %d\n",
+				prog, version );
+			return EXIT_FAILURE;
+		}
+		if( authmethod != -1 && authmethod != LDAP_AUTH_SASL ) {
+			fprintf( stderr, "%s: incompatible previous "
+				"authentication choice\n",
+				prog );
+			return EXIT_FAILURE;
+		}
+		authmethod = LDAP_AUTH_SASL;
+		version = LDAP_VERSION3;
+		sasl_flags = LDAP_SASL_INTERACTIVE;
+		break;
+#else
+		fprintf( stderr, "%s: was not compiled with SASL support\n",
+			prog );
+		return( EXIT_FAILURE );
+#endif
 	case 'k':	/* kerberos bind */
 #ifdef LDAP_API_FEATURE_X_OPENLDAP_V2_KBIND
 		if( version > LDAP_VERSION2 ) {
@@ -393,7 +415,8 @@ main( int argc, char **argv )
 		}
 		authmethod = LDAP_AUTH_SASL;
 		version = LDAP_VERSION3;
-		sasl_flags = LUTIL_SASL_QUIET;
+		sasl_flags = LDAP_SASL_QUIET;
+		break;
 #else
 		fprintf( stderr, "%s: was not compiled with SASL support\n",
 			prog );
@@ -698,7 +721,7 @@ main( int argc, char **argv )
 			}
 		}
 		
-		defaults = lutil_sasl_defaults( ld, sasl_flags,
+		defaults = lutil_sasl_defaults( ld,
 			sasl_mech,
 			sasl_realm,
 			sasl_authc_id,
@@ -707,7 +730,7 @@ main( int argc, char **argv )

 		rc = ldap_sasl_interactive_bind_s( ld, binddn,
 			sasl_mech, NULL, NULL,
-			lutil_sasl_interact, defaults );
+			sasl_flags, lutil_sasl_interact, defaults );

 		if( rc != LDAP_SUCCESS ) {
 			ldap_perror( ld, "ldap_sasl_interactive_bind_s" );

--- a/include/ldap.h
+++ b/include/ldap.h
@@ -695,10 +695,22 @@ ldap_sasl_bind LDAP_P((
 	LDAPControl		**clientctrls,
 	int				*msgidp ));

-/* V3 SASL Interaction Function Callback Prototype */
-/*	when using Cyrus SASL, interact is pointer to sasl_interact_t */
+/* Interaction flags (should be passed about in a control)
+ *  Automatic (default): use defaults, prompt otherwise
+ *  Interactive: prompt always
+ *  Quiet: never prompt
+ */
+#define LDAP_SASL_AUTOMATIC		0U
+#define LDAP_SASL_INTERACTIVE	1U
+#define LDAP_SASL_QUIET			2U
+
+/*
+ * V3 SASL Interaction Function Callback Prototype
+ *	when using Cyrus SASL, interact is pointer to sasl_interact_t
+ *  should likely passed in a control (and provided controls)
+ */
 typedef int (LDAP_SASL_INTERACT_PROC) LDAP_P((
-	LDAP *ld, void* defaults, void *interact ));
+	LDAP *ld, unsigned flags, void* defaults, void *interact ));

 LDAP_F( int )
 ldap_sasl_interactive_bind_s LDAP_P((
@@ -707,6 +719,9 @@ ldap_sasl_interactive_bind_s LDAP_P((
 	LDAP_CONST char *saslMechanism,
 	LDAPControl **serverControls,
 	LDAPControl **clientControls,
+
+	/* should be client controls */
+	unsigned flags,
 	LDAP_SASL_INTERACT_PROC *proc,
 	void *defaults ));


--- a/include/lutil_ldap.h
+++ b/include/lutil_ldap.h
@@ -21,19 +21,9 @@

 LDAP_BEGIN_DECL

-/*
- * Automatic (default): use defaults, prompt otherwise
- * Interactive: prompt always
- * Quiet: never prompt
- */
-#define LUTIL_SASL_AUTOMATIC	0U
-#define LUTIL_SASL_INTERACTIVE	1U
-#define LUTIL_SASL_QUIET		2U
-
 LDAP_LUTIL_F( void * )
 lutil_sasl_defaults LDAP_P((
 	LDAP *ld,
-	unsigned flags,
 	char *mech,
 	char *realm,
 	char *authcid,
@@ -42,7 +32,7 @@ lutil_sasl_defaults LDAP_P((

 LDAP_LUTIL_F( int )
 lutil_sasl_interact LDAP_P((
-	LDAP *ld, void *defaults, void *p ));
+	LDAP *ld, unsigned flags, void *defaults, void *p ));

 LDAP_END_DECL


--- a/libraries/libldap/cyrus.c
+++ b/libraries/libldap/cyrus.c
@@ -455,6 +455,7 @@ ldap_int_sasl_bind(
 	const char		*mechs,
 	LDAPControl		**sctrls,
 	LDAPControl		**cctrls,
+	unsigned		flags,
 	LDAP_SASL_INTERACT_PROC *interact,
 	void * defaults )
 {
@@ -519,14 +520,16 @@ ldap_int_sasl_bind(
 		if( pmech == NULL && mech != NULL ) {
 			pmech = mech;

-			fprintf(stderr,
-				"SASL/%s authentication started\n",
-				pmech );
+			if( flags != LDAP_SASL_QUIET ) {
+				fprintf(stderr,
+					"SASL/%s authentication started\n",
+					pmech );
+			}
 		}

 		if( saslrc == SASL_INTERACT ) {
 			if( !interact ) break;
-			rc = (interact)( ld, defaults, prompts );
+			rc = (interact)( ld, flags, defaults, prompts );
 			if( rc != LDAP_SUCCESS ) {
 				break;
 			}
@@ -575,7 +578,7 @@ ldap_int_sasl_bind(
 			if( saslrc == SASL_INTERACT ) {
 				int res;
 				if( !interact ) break;
-				res = (interact)( ld, defaults, prompts );
+				rc = (interact)( ld, flags, defaults, prompts );
 				if( res != LDAP_SUCCESS ) {
 					break;
 				}
@@ -595,24 +598,30 @@ ldap_int_sasl_bind(

 	/* likely should add a quiet option */

-	saslrc = sasl_getprop( ctx, SASL_USERNAME, (void **) &data );
-	if( saslrc == SASL_OK ) {
-		fprintf( stderr, "SASL username: %s\n", data );
-	}
+	if( flags != LDAP_SASL_QUIET ) {
+		saslrc = sasl_getprop( ctx, SASL_USERNAME, (void **) &data );
+		if( saslrc == SASL_OK ) {
+			fprintf( stderr, "SASL username: %s\n", data );
+		}

-	saslrc = sasl_getprop( ctx, SASL_REALM, (void **) &data );
-	if( saslrc == SASL_OK ) {
-		fprintf( stderr, "SASL realm: %s\n", data );
+		saslrc = sasl_getprop( ctx, SASL_REALM, (void **) &data );
+		if( saslrc == SASL_OK ) {
+			fprintf( stderr, "SASL realm: %s\n", data );
+		}
 	}

 	saslrc = sasl_getprop( ctx, SASL_SSF, (void **) &ssf );
 	if( saslrc == SASL_OK ) {
-		fprintf( stderr, "SASL SSF: %lu\n",
-			(unsigned long) *ssf );
+		if( flags != LDAP_SASL_QUIET ) {
+			fprintf( stderr, "SASL SSF: %lu\n",
+				(unsigned long) *ssf );
+		}

 #ifdef LDAP_SASL_SECURITY_LAYER
 		if( ssf && *ssf ) {
-			fprintf( stderr, "SASL installing layers\n" );
+			if( flags != LDAP_SASL_QUIET ) {
+				fprintf( stderr, "SASL installing layers\n" );
+			}
 			ldap_pvt_sasl_install( ld->ld_sb, ctx );
 		}
 #endif

--- a/libraries/libldap/ldap-int.h
+++ b/libraries/libldap/ldap-int.h
@@ -556,8 +556,11 @@ LDAP_F (int) ldap_int_sasl_bind LDAP_P((
 	const char *,
 	const char *,
 	LDAPControl **, LDAPControl **,
+
+	/* should be passed in client controls */
+	unsigned flags,
 	LDAP_SASL_INTERACT_PROC *interact,
-	void *defaults));
+	void *defaults ));

 /*
 * in tls.c

--- a/libraries/libldap/sasl.c
+++ b/libraries/libldap/sasl.c
@@ -410,6 +410,7 @@ ldap_sasl_interactive_bind_s(
 	LDAP_CONST char *mechs,
 	LDAPControl **serverControls,
 	LDAPControl **clientControls,
+	unsigned flags,
 	LDAP_SASL_INTERACT_PROC *interact,
 	void *defaults )
 {
@@ -438,7 +439,7 @@ ldap_sasl_interactive_bind_s(

 	rc = ldap_int_sasl_bind( ld, dn, mechs,
 		serverControls, clientControls,
-		interact, defaults );
+		flags, interact, defaults );

 	return rc;
 }
--- a/libraries/liblutil/sasl.c
+++ b/libraries/liblutil/sasl.c
@@ -20,7 +20,6 @@


 typedef struct lutil_sasl_defaults_s {
-	unsigned flags;
 	char *mech;
 	char *realm;
 	char *authcid;
@@ -32,7 +31,6 @@ typedef struct lutil_sasl_defaults_s {
 void *
 lutil_sasl_defaults(
 	LDAP *ld,
-	unsigned flags,
 	char *mech,
 	char *realm,
 	char *authcid,
@@ -45,7 +43,6 @@ lutil_sasl_defaults(

 	if( defaults == NULL ) return NULL;

-	defaults->flags = flags;
 	defaults->mech = mech;
 	defaults->realm = realm;
 	defaults->authcid = authcid;
@@ -69,9 +66,10 @@ lutil_sasl_defaults(
 }

 static int interaction(
-	sasl_interact_t *interact, lutilSASLdefaults *defaults )
+	unsigned flags,
+	sasl_interact_t *interact,
+	lutilSASLdefaults *defaults )
 {
-	unsigned flags = defaults ? defaults->flags : 0;
 	const char *dflt = interact->defresult;
 	char input[1024];

@@ -103,11 +101,11 @@ static int interaction(

 	if( dflt && !*dflt ) dflt = NULL;

-	if( flags != LUTIL_SASL_INTERACTIVE && dflt ) {
+	if( flags != LDAP_SASL_INTERACTIVE && dflt ) {
 		goto use_default;
 	}

-	if( flags == LUTIL_SASL_QUIET ) {
+	if( flags == LDAP_SASL_QUIET ) {
 		/* don't prompt */
 		return LDAP_OTHER;
 	}
@@ -180,15 +178,18 @@ use_default:

 int lutil_sasl_interact(
 	LDAP *ld,
+	unsigned flags,
 	void *defaults,
 	void *in )
 {
 	sasl_interact_t *interact = in;

-	fputs( "SASL Interaction\n", stderr );
+	if( flags != LDAP_SASL_QUIET ) {
+		fputs( "SASL Interaction\n", stderr );
+	}

 	while( interact->id != SASL_CB_LIST_END ) {
-		int rc = interaction( interact, defaults );
+		int rc = interaction( flags, interact, defaults );

 		if( rc )  return rc;
 		interact++;