diff options
Diffstat (limited to 'qpid/extras/sasl/src/cyrus/saslwrapper.cpp')
-rw-r--r-- | qpid/extras/sasl/src/cyrus/saslwrapper.cpp | 383 |
1 files changed, 383 insertions, 0 deletions
diff --git a/qpid/extras/sasl/src/cyrus/saslwrapper.cpp b/qpid/extras/sasl/src/cyrus/saslwrapper.cpp new file mode 100644 index 0000000000..f8b08acfa6 --- /dev/null +++ b/qpid/extras/sasl/src/cyrus/saslwrapper.cpp @@ -0,0 +1,383 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. +*/ + +#include "saslwrapper.h" +#include <sasl/sasl.h> +#include <sstream> +#include <malloc.h> +#include <string.h> +#include <unistd.h> +#include <iostream> + +using namespace std; +using namespace saslwrapper; + +namespace saslwrapper { + + class ClientImpl { + friend class Client; + ClientImpl() : conn(0), cbIndex(0), maxBufSize(65535), minSsf(0), maxSsf(65535), externalSsf(0), secret(0) {} + ~ClientImpl() { if (conn) sasl_dispose(&conn); conn = 0; } + bool setAttr(const string& key, const string& value); + bool setAttr(const string& key, uint32_t value); + bool init(); + bool start(const string& mechList, output_string& chosen, output_string& initialResponse); + bool step(const string& challenge, output_string& response); + bool encode(const string& clearText, output_string& cipherText); + bool decode(const string& cipherText, output_string& clearText); + bool getUserId(output_string& userId); + void getError(output_string& error); + + void addCallback(unsigned long id, void* proc); + void lastCallback() { addCallback(SASL_CB_LIST_END, 0); } + void setError(const string& context, int code, const string& text = "", const string& text2 = ""); + void interact(sasl_interact_t* prompt); + + static int cbName(void *context, int id, const char **result, unsigned *len); + static int cbPassword(sasl_conn_t *conn, void *context, int id, sasl_secret_t **psecret); + + static bool initialized; + sasl_conn_t* conn; + sasl_callback_t callbacks[8]; + int cbIndex; + string error; + string serviceName; + string userName; + string authName; + string password; + string hostName; + string externalUserName; + uint32_t maxBufSize; + uint32_t minSsf; + uint32_t maxSsf; + uint32_t externalSsf; + sasl_secret_t* secret; + }; +} + +bool ClientImpl::initialized = false; + +bool ClientImpl::init() +{ + int result; + + if (!initialized) { + initialized = true; + result = sasl_client_init(0); + if (result != SASL_OK) { + setError("sasl_client_init", result, sasl_errstring(result, 0, 0)); + return false; + } + } + + int cbIndex = 0; + + addCallback(SASL_CB_GETREALM, 0); + if (!userName.empty()) { + addCallback(SASL_CB_USER, (void*) cbName); + addCallback(SASL_CB_AUTHNAME, (void*) cbName); + + if (!password.empty()) + addCallback(SASL_CB_PASS, (void*) cbPassword); + else + addCallback(SASL_CB_PASS, 0); + } + lastCallback(); + + unsigned flags; + + flags = 0; + if (!authName.empty() && authName != userName) + flags |= SASL_NEED_PROXY; + + result = sasl_client_new(serviceName.c_str(), hostName.c_str(), 0, 0, callbacks, flags, &conn); + if (result != SASL_OK) { + setError("sasl_client_new", result, sasl_errstring(result, 0, 0)); + return false; + } + + sasl_security_properties_t secprops; + + secprops.min_ssf = minSsf; + secprops.max_ssf = maxSsf; + secprops.maxbufsize = maxBufSize; + secprops.property_names = 0; + secprops.property_values = 0; + secprops.security_flags = 0; + + result = sasl_setprop(conn, SASL_SEC_PROPS, &secprops); + if (result != SASL_OK) { + setError("sasl_setprop(SASL_SEC_PROPS)", result); + sasl_dispose(&conn); + conn = 0; + return false; + } + + if (!externalUserName.empty()) { + result = sasl_setprop(conn, SASL_AUTH_EXTERNAL, externalUserName.c_str()); + if (result != SASL_OK) { + setError("sasl_setprop(SASL_AUTH_EXTERNAL)", result); + sasl_dispose(&conn); + conn = 0; + return false; + } + + result = sasl_setprop(conn, SASL_SSF_EXTERNAL, &externalSsf); + if (result != SASL_OK) { + setError("sasl_setprop(SASL_SSF_EXTERNAL)", result); + sasl_dispose(&conn); + conn = 0; + return false; + } + } + + return true; +} + +bool ClientImpl::setAttr(const string& key, const string& value) +{ + if (key == "service") + serviceName = value; + else if (key == "username") + userName = value; + else if (key == "authname") + authName = value; + else if (key == "password") { + password = value; + free(secret); + secret = (sasl_secret_t*) malloc(sizeof(sasl_secret_t) + password.length()); + } + else if (key == "host") + hostName = value; + else if (key == "externaluser") + externalUserName = value; + else { + setError("setAttr", -1, "Unknown string attribute name", key); + return false; + } + + return true; +} + +bool ClientImpl::setAttr(const string& key, uint32_t value) +{ + if (key == "minssf") + minSsf = value; + else if (key == "maxssf") + maxSsf = value; + else if (key == "externalssf") + externalSsf = value; + else if (key == "maxbufsize") + maxBufSize = value; + else { + setError("setAttr", -1, "Unknown integer attribute name", key); + return false; + } + + return true; +} + +bool ClientImpl::start(const string& mechList, output_string& chosen, output_string& initialResponse) +{ + int result; + sasl_interact_t* prompt = 0; + const char* resp; + const char* mech; + unsigned int len; + + do { + result = sasl_client_start(conn, mechList.c_str(), &prompt, &resp, &len, &mech); + if (result == SASL_INTERACT) + interact(prompt); + } while (result == SASL_INTERACT); + if (result != SASL_OK && result != SASL_CONTINUE) { + setError("sasl_client_start", result); + return false; + } + + chosen = string(mech); + initialResponse = string(resp, len); + return true; +} + +bool ClientImpl::step(const string& challenge, output_string& response) +{ + int result; + sasl_interact_t* prompt = 0; + const char* resp; + unsigned int len; + + do { + result = sasl_client_step(conn, challenge.c_str(), challenge.size(), &prompt, &resp, &len); + if (result == SASL_INTERACT) + interact(prompt); + } while (result == SASL_INTERACT); + if (result != SASL_OK && result != SASL_CONTINUE) { + setError("sasl_client_step", result); + return false; + } + + response = string(resp, len); + return true; +} + +bool ClientImpl::encode(const string& clearText, output_string& cipherText) +{ + const char* output; + unsigned int outlen; + int result = sasl_encode(conn, clearText.c_str(), clearText.size(), &output, &outlen); + if (result != SASL_OK) { + setError("sasl_encode", result); + return false; + } + cipherText = string(output, outlen); + return true; +} + +bool ClientImpl::decode(const string& cipherText, output_string& clearText) +{ + const char* input = cipherText.c_str(); + unsigned int inLen = cipherText.size(); + unsigned int remaining = inLen; + const char* cursor = input; + const char* output; + unsigned int outlen; + + clearText = string(); + while (remaining > 0) { + unsigned int segmentLen = (remaining < maxBufSize) ? remaining : maxBufSize; + int result = sasl_decode(conn, cursor, segmentLen, &output, &outlen); + if (result != SASL_OK) { + setError("sasl_decode", result); + return false; + } + clearText = clearText + string(output, outlen); + cursor += segmentLen; + remaining -= segmentLen; + } + return true; +} + +bool ClientImpl::getUserId(output_string& userId) +{ + int result; + const char* operName; + + result = sasl_getprop(conn, SASL_USERNAME, (const void**) &operName); + if (result != SASL_OK) { + setError("sasl_getprop(SASL_USERNAME)", result); + return false; + } + + userId = string(operName); + return true; +} + +void ClientImpl::getError(output_string& _error) +{ + _error = error; + error.clear(); +} + +void ClientImpl::addCallback(unsigned long id, void* proc) +{ + callbacks[cbIndex].id = id; + callbacks[cbIndex].proc = (int (*)()) proc; + callbacks[cbIndex].context = this; + cbIndex++; +} + +void ClientImpl::setError(const string& context, int code, const string& text, const string& text2) +{ + stringstream err; + string etext(text.empty() ? sasl_errdetail(conn) : text); + err << "Error in " << context << " (" << code << ") " << etext; + if (!text2.empty()) + err << " - " << text2; + error = err.str(); +} + +void ClientImpl::interact(sasl_interact_t* prompt) +{ + string output; + char* input; + + if (prompt->id == SASL_CB_PASS) { + string ppt(prompt->prompt); + ppt += ": "; + char* pass = getpass(ppt.c_str()); + output = string(pass); + } else { + cout << prompt->prompt; + if (prompt->defresult) + cout << " [" << prompt->defresult << "]"; + cout << ": "; + cin >> output; + } + prompt->result = output.c_str(); + prompt->len = output.length(); +} + +int ClientImpl::cbName(void *context, int id, const char **result, unsigned *len) +{ + ClientImpl* impl = (ClientImpl*) context; + + if (id == SASL_CB_USER || (id == SASL_CB_AUTHNAME && impl->authName.empty())) { + *result = impl->userName.c_str(); + //*len = impl->userName.length(); + } else if (id == SASL_CB_AUTHNAME) { + *result = impl->authName.c_str(); + //*len = impl->authName.length(); + } + + return SASL_OK; +} + +int ClientImpl::cbPassword(sasl_conn_t *conn, void *context, int id, sasl_secret_t **psecret) +{ + ClientImpl* impl = (ClientImpl*) context; + size_t length = impl->password.length(); + + if (id == SASL_CB_PASS) { + impl->secret->len = length; + ::memcpy(impl->secret->data, impl->password.c_str(), length); + } else + impl->secret->len = 0; + + *psecret = impl->secret; + return SASL_OK; +} + + +//========================================================== +// WRAPPERS +//========================================================== + +Client::Client() : impl(new ClientImpl()) {} +Client::~Client() { delete impl; } +bool Client::setAttr(const string& key, const string& value) { return impl->setAttr(key, value); } +bool Client::setAttr(const string& key, uint32_t value) { return impl->setAttr(key, value); } +bool Client::init() { return impl->init(); } +bool Client::start(const string& mechList, output_string& chosen, output_string& initialResponse) { return impl->start(mechList, chosen, initialResponse); } +bool Client::step(const string& challenge, output_string& response) { return impl->step(challenge, response); } +bool Client::encode(const string& clearText, output_string& cipherText) { return impl->encode(clearText, cipherText); } +bool Client::decode(const string& cipherText, output_string& clearText) { return impl->decode(cipherText, clearText); } +bool Client::getUserId(output_string& userId) { return impl->getUserId(userId); } +void Client::getError(output_string& error) { impl->getError(error); } + |