diff options
Diffstat (limited to 'trunk/qpid/extras/sasl/src/cyrus/saslwrapper.cpp')
-rw-r--r-- | trunk/qpid/extras/sasl/src/cyrus/saslwrapper.cpp | 372 |
1 files changed, 0 insertions, 372 deletions
diff --git a/trunk/qpid/extras/sasl/src/cyrus/saslwrapper.cpp b/trunk/qpid/extras/sasl/src/cyrus/saslwrapper.cpp deleted file mode 100644 index 0243eaa168..0000000000 --- a/trunk/qpid/extras/sasl/src/cyrus/saslwrapper.cpp +++ /dev/null @@ -1,372 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. -*/ - -#include "saslwrapper.h" -#include <sasl/sasl.h> -#include <sstream> -#include <malloc.h> -#include <string.h> -#include <unistd.h> -#include <iostream> - -using namespace std; -using namespace saslwrapper; - -namespace saslwrapper { - - class ClientImpl { - friend class Client; - ClientImpl() : conn(0), cbIndex(0), maxBufSize(65535), minSsf(0), maxSsf(65535), externalSsf(0), secret(0) {} - ~ClientImpl() { if (conn) sasl_dispose(&conn); conn = 0; } - bool setAttr(const string& key, const string& value); - bool setAttr(const string& key, uint32_t value); - bool init(); - bool start(const string& mechList, output_string& chosen, output_string& initialResponse); - bool step(const string& challenge, output_string& response); - bool encode(const string& clearText, output_string& cipherText); - bool decode(const string& cipherText, output_string& clearText); - bool getUserId(output_string& userId); - void getError(output_string& error); - - void addCallback(unsigned long id, void* proc); - void lastCallback() { addCallback(SASL_CB_LIST_END, 0); } - void setError(const string& context, int code, const string& text = "", const string& text2 = ""); - void interact(sasl_interact_t* prompt); - - static int cbName(void *context, int id, const char **result, unsigned *len); - static int cbPassword(sasl_conn_t *conn, void *context, int id, sasl_secret_t **psecret); - - static bool initialized; - sasl_conn_t* conn; - sasl_callback_t callbacks[8]; - int cbIndex; - string error; - string serviceName; - string userName; - string authName; - string password; - string hostName; - string externalUserName; - uint32_t maxBufSize; - uint32_t minSsf; - uint32_t maxSsf; - uint32_t externalSsf; - sasl_secret_t* secret; - }; -} - -bool ClientImpl::initialized = false; - -bool ClientImpl::init() -{ - int result; - - if (!initialized) { - initialized = true; - result = sasl_client_init(0); - if (result != SASL_OK) { - setError("sasl_client_init", result, sasl_errstring(result, 0, 0)); - return false; - } - } - - int cbIndex = 0; - - addCallback(SASL_CB_GETREALM, 0); - if (!userName.empty()) { - addCallback(SASL_CB_USER, (void*) cbName); - addCallback(SASL_CB_AUTHNAME, (void*) cbName); - - if (!password.empty()) - addCallback(SASL_CB_PASS, (void*) cbPassword); - else - addCallback(SASL_CB_PASS, 0); - } - lastCallback(); - - unsigned flags; - - flags = 0; - if (!authName.empty() && authName != userName) - flags |= SASL_NEED_PROXY; - - result = sasl_client_new(serviceName.c_str(), hostName.c_str(), 0, 0, callbacks, flags, &conn); - if (result != SASL_OK) { - setError("sasl_client_new", result, sasl_errstring(result, 0, 0)); - return false; - } - - sasl_security_properties_t secprops; - - secprops.min_ssf = minSsf; - secprops.max_ssf = maxSsf; - secprops.maxbufsize = maxBufSize; - secprops.property_names = 0; - secprops.property_values = 0; - secprops.security_flags = 0; - - result = sasl_setprop(conn, SASL_SEC_PROPS, &secprops); - if (result != SASL_OK) { - setError("sasl_setprop(SASL_SEC_PROPS)", result); - sasl_dispose(&conn); - conn = 0; - return false; - } - - if (!externalUserName.empty()) { - result = sasl_setprop(conn, SASL_AUTH_EXTERNAL, externalUserName.c_str()); - if (result != SASL_OK) { - setError("sasl_setprop(SASL_AUTH_EXTERNAL)", result); - sasl_dispose(&conn); - conn = 0; - return false; - } - - result = sasl_setprop(conn, SASL_SSF_EXTERNAL, &externalSsf); - if (result != SASL_OK) { - setError("sasl_setprop(SASL_SSF_EXTERNAL)", result); - sasl_dispose(&conn); - conn = 0; - return false; - } - } - - return true; -} - -bool ClientImpl::setAttr(const string& key, const string& value) -{ - if (key == "service") - serviceName = value; - else if (key == "username") - userName = value; - else if (key == "authname") - authName = value; - else if (key == "password") { - password = value; - free(secret); - secret = (sasl_secret_t*) malloc(sizeof(sasl_secret_t) + password.length()); - } - else if (key == "host") - hostName = value; - else if (key == "externaluser") - externalUserName = value; - else { - setError("setAttr", -1, "Unknown string attribute name", key); - return false; - } - - return true; -} - -bool ClientImpl::setAttr(const string& key, uint32_t value) -{ - if (key == "minssf") - minSsf = value; - else if (key == "maxssf") - maxSsf = value; - else if (key == "externalssf") - externalSsf = value; - else if (key == "maxbufsize") - maxBufSize = value; - else { - setError("setAttr", -1, "Unknown integer attribute name", key); - return false; - } - - return true; -} - -bool ClientImpl::start(const string& mechList, output_string& chosen, output_string& initialResponse) -{ - int result; - sasl_interact_t* prompt = 0; - const char* resp; - const char* mech; - unsigned int len; - - do { - result = sasl_client_start(conn, mechList.c_str(), &prompt, &resp, &len, &mech); - if (result == SASL_INTERACT) - interact(prompt); - } while (result == SASL_INTERACT); - if (result != SASL_OK && result != SASL_CONTINUE) { - setError("sasl_client_start", result); - return false; - } - - chosen = string(mech); - initialResponse = string(resp, len); - return true; -} - -bool ClientImpl::step(const string& challenge, output_string& response) -{ - int result; - sasl_interact_t* prompt = 0; - const char* resp; - unsigned int len; - - do { - result = sasl_client_step(conn, challenge.c_str(), challenge.size(), &prompt, &resp, &len); - if (result == SASL_INTERACT) - interact(prompt); - } while (result == SASL_INTERACT); - if (result != SASL_OK && result != SASL_CONTINUE) { - setError("sasl_client_step", result); - return false; - } - - response = string(resp, len); - return true; -} - -bool ClientImpl::encode(const string& clearText, output_string& cipherText) -{ - const char* output; - unsigned int outlen; - int result = sasl_encode(conn, clearText.c_str(), clearText.size(), &output, &outlen); - if (result != SASL_OK) { - setError("sasl_encode", result); - return false; - } - cipherText = string(output, outlen); - return true; -} - -bool ClientImpl::decode(const string& cipherText, output_string& clearText) -{ - const char* output; - unsigned int outlen; - int result = sasl_decode(conn, cipherText.c_str(), cipherText.size(), &output, &outlen); - if (result != SASL_OK) { - setError("sasl_decode", result); - return false; - } - clearText = string(output, outlen); - return true; -} - -bool ClientImpl::getUserId(output_string& userId) -{ - int result; - const char* operName; - - result = sasl_getprop(conn, SASL_USERNAME, (const void**) &operName); - if (result != SASL_OK) { - setError("sasl_getprop(SASL_USERNAME)", result); - return false; - } - - userId = string(operName); - return true; -} - -void ClientImpl::getError(output_string& _error) -{ - _error = error; - error.clear(); -} - -void ClientImpl::addCallback(unsigned long id, void* proc) -{ - callbacks[cbIndex].id = id; - callbacks[cbIndex].proc = (int (*)()) proc; - callbacks[cbIndex].context = this; - cbIndex++; -} - -void ClientImpl::setError(const string& context, int code, const string& text, const string& text2) -{ - stringstream err; - string etext(text.empty() ? sasl_errdetail(conn) : text); - err << "Error in " << context << " (" << code << ") " << etext; - if (!text2.empty()) - err << " - " << text2; - error = err.str(); -} - -void ClientImpl::interact(sasl_interact_t* prompt) -{ - string output; - char* input; - - if (prompt->id == SASL_CB_PASS) { - string ppt(prompt->prompt); - ppt += ": "; - char* pass = getpass(ppt.c_str()); - output = string(pass); - } else { - cout << prompt->prompt; - if (prompt->defresult) - cout << " [" << prompt->defresult << "]"; - cout << ": "; - cin >> output; - } - prompt->result = output.c_str(); - prompt->len = output.length(); -} - -int ClientImpl::cbName(void *context, int id, const char **result, unsigned *len) -{ - ClientImpl* impl = (ClientImpl*) context; - - if (id == SASL_CB_USER || (id == SASL_CB_AUTHNAME && impl->authName.empty())) { - *result = impl->userName.c_str(); - //*len = impl->userName.length(); - } else if (id == SASL_CB_AUTHNAME) { - *result = impl->authName.c_str(); - //*len = impl->authName.length(); - } - - return SASL_OK; -} - -int ClientImpl::cbPassword(sasl_conn_t *conn, void *context, int id, sasl_secret_t **psecret) -{ - ClientImpl* impl = (ClientImpl*) context; - size_t length = impl->password.length(); - - if (id == SASL_CB_PASS) { - impl->secret->len = length; - ::memcpy(impl->secret->data, impl->password.c_str(), length); - } else - impl->secret->len = 0; - - *psecret = impl->secret; - return SASL_OK; -} - - -//========================================================== -// WRAPPERS -//========================================================== - -Client::Client() : impl(new ClientImpl()) {} -Client::~Client() { delete impl; } -bool Client::setAttr(const string& key, const string& value) { return impl->setAttr(key, value); } -bool Client::setAttr(const string& key, uint32_t value) { return impl->setAttr(key, value); } -bool Client::init() { return impl->init(); } -bool Client::start(const string& mechList, output_string& chosen, output_string& initialResponse) { return impl->start(mechList, chosen, initialResponse); } -bool Client::step(const string& challenge, output_string& response) { return impl->step(challenge, response); } -bool Client::encode(const string& clearText, output_string& cipherText) { return impl->encode(clearText, cipherText); } -bool Client::decode(const string& cipherText, output_string& clearText) { return impl->decode(cipherText, clearText); } -bool Client::getUserId(output_string& userId) { return impl->getUserId(userId); } -void Client::getError(output_string& error) { impl->getError(error); } - |