diff --git a/myproxy/source/auth_pam.c b/myproxy/source/auth_pam.c index 0acda9529..5e2d91930 100644 --- a/myproxy/source/auth_pam.c +++ b/myproxy/source/auth_pam.c @@ -73,14 +73,14 @@ /* Structure for application specific data passed through PAM * to our conv call-back routine saslauthd_pam_conv. */ typedef struct { - const char *login; /* plaintext authenticator */ - const char *password; /* plaintext password */ - pam_handle_t *pamh; /* pointer to PAM handle */ + const char *login; /* plaintext authenticator */ + const char *password; /* plaintext password */ + pam_handle_t *pamh; /* pointer to PAM handle */ } pam_appdata; # define RETURN(x) return strdup(x) - + /* FUNCTION: saslauthd_pam_conv */ /* SYNOPSIS @@ -88,82 +88,82 @@ typedef struct { * received message expects a response, pointed to by resp. * END SYNOPSIS */ -static int /* R: PAM return code */ +static int /* R: PAM return code */ saslauthd_pam_conv ( /* PARAMETERS */ - int num_msg, /* I: number of messages */ - struct pam_message **msg, /* I: pointer to array of messages */ - struct pam_response **resp, /* O: pointer to pointer of response */ - void *appdata_ptr /* I: pointer to app specific data */ + int num_msg, /* I: number of messages */ + const struct pam_message **msg, /* I: pointer to array of messages */ + struct pam_response **resp, /* O: pointer to pointer of response */ + void *appdata_ptr /* I: pointer to app specific data */ /* END PARAMETERS */ ) { /* VARIABLES */ - pam_appdata *my_appdata; /* application specific data */ - struct pam_response *my_resp; /* response created by this func */ - int i; /* loop counter */ - const char *login_prompt; /* string prompting for user-name */ - int rc; /* return code holder */ + pam_appdata *my_appdata; /* application specific data */ + struct pam_response *my_resp; /* response created by this func */ + int i; /* loop counter */ + const char *login_prompt; /* string prompting for user-name */ + int rc; /* return code holder */ /* END VARIABLES */ my_appdata = appdata_ptr; my_resp = malloc(sizeof(struct pam_response) * num_msg); if (my_resp == NULL) - return PAM_CONV_ERR; + return PAM_CONV_ERR; for (i = 0; i < num_msg; i++) - switch (msg[i]->msg_style) { - /* - * We assume PAM_PROMPT_ECHO_OFF to be a request for password. - * This assumption might be unsafe. - * - * For PAM_PROMPT_ECHO_ON we first check whether the provided - * request string matches PAM_USER_PROMPT and, only if they do - * match, assume it to be a request for the login. - */ - case PAM_PROMPT_ECHO_OFF: /* password */ - my_resp[i].resp = strdup(my_appdata->password); - if (my_resp[i].resp == NULL) { - myproxy_log("saslauthd_pam_conv: strdup failed"); - goto ret_error; - } - my_resp[i].resp_retcode = PAM_SUCCESS; - break; - - case PAM_PROMPT_ECHO_ON: /* username? */ - /* Recheck setting each time, as it might have been changed - in the mean-while. */ - rc = pam_get_item(my_appdata->pamh, PAM_USER_PROMPT, - (void *) &login_prompt); - if (rc != PAM_SUCCESS) { - myproxy_log("saslauthd_pam_conv: unable to read " - "login prompt string: %s", - pam_strerror(my_appdata->pamh, rc)); - goto ret_error; - } - - if (strcmp(msg[i]->msg, login_prompt) == 0) { - my_resp[i].resp = strdup(my_appdata->login); - my_resp[i].resp_retcode = PAM_SUCCESS; - } else { /* ignore */ - myproxy_log("saslauthd_pam_conv: unknown prompt " - "string: %s", msg[i]->msg); - my_resp[i].resp = NULL; - my_resp[i].resp_retcode = PAM_SUCCESS; - } - break; - - case PAM_ERROR_MSG: /* ignore */ - case PAM_TEXT_INFO: /* ignore */ - myproxy_log("PAM: %s", msg[i]->msg); - my_resp[i].resp = NULL; - my_resp[i].resp_retcode = PAM_SUCCESS; - break; - - default: /* error */ - goto ret_error; - } + switch (msg[i]->msg_style) { + /* + * We assume PAM_PROMPT_ECHO_OFF to be a request for password. + * This assumption might be unsafe. + * + * For PAM_PROMPT_ECHO_ON we first check whether the provided + * request string matches PAM_USER_PROMPT and, only if they do + * match, assume it to be a request for the login. + */ + case PAM_PROMPT_ECHO_OFF: /* password */ + my_resp[i].resp = strdup(my_appdata->password); + if (my_resp[i].resp == NULL) { + myproxy_log("saslauthd_pam_conv: strdup failed"); + goto ret_error; + } + my_resp[i].resp_retcode = PAM_SUCCESS; + break; + + case PAM_PROMPT_ECHO_ON: /* username? */ + /* Recheck setting each time, as it might have been changed + in the mean-while. */ + rc = pam_get_item(my_appdata->pamh, PAM_USER_PROMPT, + (void *) &login_prompt); + if (rc != PAM_SUCCESS) { + myproxy_log("saslauthd_pam_conv: unable to read " + "login prompt string: %s", + pam_strerror(my_appdata->pamh, rc)); + goto ret_error; + } + + if (strcmp(msg[i]->msg, login_prompt) == 0) { + my_resp[i].resp = strdup(my_appdata->login); + my_resp[i].resp_retcode = PAM_SUCCESS; + } else { /* ignore */ + myproxy_log("saslauthd_pam_conv: unknown prompt " + "string: %s", msg[i]->msg); + my_resp[i].resp = NULL; + my_resp[i].resp_retcode = PAM_SUCCESS; + } + break; + + case PAM_ERROR_MSG: /* ignore */ + case PAM_TEXT_INFO: /* ignore */ + myproxy_log("PAM: %s", msg[i]->msg); + my_resp[i].resp = NULL; + my_resp[i].resp_retcode = PAM_SUCCESS; + break; + + default: /* error */ + goto ret_error; + } *resp = my_resp; return PAM_SUCCESS; @@ -173,35 +173,35 @@ saslauthd_pam_conv ( * isn't initialised yet. */ { - int y; + int y; - for (y = 0; y < i; y++) - if (my_resp[y].resp != NULL) - free(my_resp[y].resp); - free(my_resp); + for (y = 0; y < i; y++) + if (my_resp[y].resp != NULL) + free(my_resp[y].resp); + free(my_resp); } return PAM_CONV_ERR; } /* END FUNCTION: saslauthd_pam_conv */ - + /* FUNCTION: auth_pam */ -char * /* R: allocated response string */ +char * /* R: allocated response string */ auth_pam ( /* PARAMETERS */ - const char *login, /* I: plaintext authenticator */ - const char *password, /* I: plaintext password */ - const char *service, /* I: service name */ + const char *login, /* I: plaintext authenticator */ + const char *password, /* I: plaintext password */ + const char *service, /* I: service name */ const char *realm /* END PARAMETERS */ ) { /* VARIABLES */ - pam_appdata my_appdata; /* application specific data */ - struct pam_conv my_conv; /* pam conversion data */ - pam_handle_t *pamh; /* pointer to PAM handle */ - int rc; /* return code holder */ + pam_appdata my_appdata; /* application specific data */ + struct pam_conv my_conv; /* pam conversion data */ + pam_handle_t *pamh; /* pointer to PAM handle */ + int rc; /* return code holder */ char result[200]; /* END VARIABLES */ @@ -250,7 +250,7 @@ auth_pam ( if (rc == PAM_AUTH_ERR) { RETURN("NO invalid password"); } - snprintf(result, sizeof(result), "NO PAM authentication failed: %s", + snprintf(result, sizeof(result), "NO PAM authentication failed: %s", pam_strerror(pamh, rc)); RETURN(result); } diff --git a/myproxy/source/configure.ac b/myproxy/source/configure.ac index 4a07c3cca..a3313d8d7 100644 --- a/myproxy/source/configure.ac +++ b/myproxy/source/configure.ac @@ -1,5 +1,5 @@ dnl Process this file with autoconf to produce a configure script. -AC_INIT([myproxy],[6.2.15]) +AC_INIT([myproxy],[6.2.16]) AC_CONFIG_AUX_DIR([build-aux]) AM_INIT_AUTOMAKE([foreign]) LT_INIT([dlopen win32-dll]) diff --git a/myproxy/source/myproxy_sasl_client.c b/myproxy/source/myproxy_sasl_client.c index 30aac9cc9..af75000ad 100644 --- a/myproxy/source/myproxy_sasl_client.c +++ b/myproxy/source/myproxy_sasl_client.c @@ -1,6 +1,6 @@ #if defined(HAVE_LIBSASL2) -#include "myproxy_common.h" /* all needed headers included here */ +#include "myproxy_common.h" /* all needed headers included here */ static sasl_conn_t *conn = NULL; static char *prompt = NULL; @@ -15,7 +15,7 @@ send_response_sasl_data(myproxy_socket_attrs_t *attrs, unsigned len; authorization_data_t* auth_data; - + result = sasl_encode64(data, data_len, buf, SASL_BUFFER_SIZE, &len); assert(len < SASL_BUFFER_SIZE); buf[len] = '\0'; @@ -41,14 +41,14 @@ send_response_sasl_data(myproxy_socket_attrs_t *attrs, verror_put_string("Internal buffer too small send_response_sasl_data"); return -1; } - + (*client_buffer) = AUTHORIZETYPE_SASL; bufferlen = auth_data->client_data_len + sizeof(int); memcpy(client_buffer + sizeof(int), auth_data->client_data, auth_data->client_data_len); - - if (myproxy_send(attrs, client_buffer, bufferlen) < 0) + + if (myproxy_send(attrs, client_buffer, bufferlen) < 0) return -1; return 0; } @@ -63,18 +63,18 @@ recv_response_sasl_data(myproxy_socket_attrs_t *attrs, int result; unsigned len; authorization_data_t* auth_data; - - if (myproxy_recv_response(attrs, server_response) < 0) + + if (myproxy_recv_response(attrs, server_response) < 0) return -1; - + auth_data = authorization_create_response( server_response->authorization_data, AUTHORIZETYPE_SASL, NULL, 0); - + response_data = auth_data->server_data; - result = sasl_decode64(response_data, strlen(response_data), + result = sasl_decode64(response_data, strlen(response_data), data, SASL_BUFFER_SIZE, &len); if (result != SASL_OK) { verror_put_string("Decoding data from base64 failed.\n"); @@ -115,12 +115,12 @@ sasl_secret_callback(sasl_conn_t *conn, if (! conn || ! psecret || id != SASL_CB_PASS) return SASL_BADPARAM; - + if (!prompt) prompt = strdup("Password: "); if (myproxy_read_passphrase(password, MAX_PASS_LEN, prompt) < 0){ return SASL_FAIL; } - + len = strlen(password); *psecret = (sasl_secret_t *) malloc(sizeof(sasl_secret_t) + len); @@ -197,11 +197,13 @@ auth_sasl_negotiate_client(myproxy_socket_attrs_t *attrs, myproxy_response_t server_response = {0}; sasl_callback_t callbacks[] = { - { SASL_CB_USER, &sasl_string_callback, client_request->username }, - { SASL_CB_AUTHNAME, &sasl_string_callback, client_request->username }, - { SASL_CB_PASS, &sasl_secret_callback, NULL }, - { SASL_CB_ECHOPROMPT, &sasl_prompt_callback, NULL }, - { SASL_CB_NOECHOPROMPT, &sasl_prompt_callback, NULL }, + { SASL_CB_USER, (int(*)(void)) (&sasl_string_callback), + client_request->username }, + { SASL_CB_AUTHNAME, (int(*)(void)) (&sasl_string_callback), + client_request->username }, + { SASL_CB_PASS, (int(*)(void)) (&sasl_secret_callback), NULL }, + { SASL_CB_ECHOPROMPT, (int(*)(void)) (&sasl_prompt_callback), NULL }, + { SASL_CB_NOECHOPROMPT, (int(*)(void)) (&sasl_prompt_callback), NULL }, { SASL_CB_LIST_END, NULL, NULL } }; @@ -219,10 +221,10 @@ auth_sasl_negotiate_client(myproxy_socket_attrs_t *attrs, myproxy_debug("$SASL_PATH is %s", getenv("SASL_PATH")); } else { myproxy_debug("$SASL_PATH isn't set. Using /usr/lib/sasl2."); - } + } fqdn = GSI_SOCKET_get_peer_hostname(attrs->gsi_socket); - + memset(server_buffer, 0, sizeof(*server_buffer)); if (prompt) free(prompt); @@ -337,7 +339,7 @@ auth_sasl_negotiate_client(myproxy_socket_attrs_t *attrs, authorization_data_free(server_response.authorization_data); server_response.authorization_data = NULL; - } + } myproxy_debug("SASL negotiation finished."); @@ -354,7 +356,7 @@ auth_sasl_negotiate_client(myproxy_socket_attrs_t *attrs, conn = NULL; } sasl_done(); - + return result; } diff --git a/myproxy/source/myproxy_sasl_server.c b/myproxy/source/myproxy_sasl_server.c index 7f5852203..4432d1b32 100644 --- a/myproxy/source/myproxy_sasl_server.c +++ b/myproxy/source/myproxy_sasl_server.c @@ -1,6 +1,6 @@ #if defined(HAVE_LIBSASL2) -#include "myproxy_common.h" /* all needed headers included here */ +#include "myproxy_common.h" /* all needed headers included here */ int myproxy_sasl_authenticated = 0; char *myproxy_sasl_mech = NULL; @@ -47,28 +47,28 @@ sasl_my_log(void *context __attribute__((unused)), static sasl_callback_t callbacks[] = { { - SASL_CB_LOG, &sasl_my_log, NULL + SASL_CB_LOG, (int(*)(void)) (&sasl_my_log), NULL }, { SASL_CB_LIST_END, NULL, NULL } }; static int -send_response_sasl_data(myproxy_socket_attrs_t *attrs, - const char *data, int data_len) +send_response_sasl_data(myproxy_socket_attrs_t *attrs, + const char *data, int data_len) { myproxy_response_t response = {0}; - authorization_data_t* auth_data; - char buf[SASL_BUFFER_SIZE]; - int result; + authorization_data_t* auth_data; + char buf[SASL_BUFFER_SIZE]; + int result; unsigned len=0; - + result = sasl_encode64(data, data_len, buf, SASL_BUFFER_SIZE, &len); buf[len] = '\0'; if (result != SASL_OK) { - verror_put_string("Encoding SASL data in base64 failed.\n"); - verror_put_errno(errno); - return -1; + verror_put_string("Encoding SASL data in base64 failed.\n"); + verror_put_errno(errno); + return -1; } myproxy_debug("S: %s", buf); @@ -84,17 +84,17 @@ send_response_sasl_data(myproxy_socket_attrs_t *attrs, auth_data->client_data = NULL; auth_data->client_data_len = 0; auth_data->method = AUTHORIZETYPE_SASL; - + len = myproxy_serialize_response(&response, buf, sizeof(buf)); if (len < 0) { - verror_put_string("error in myproxy_serialize_response()"); - return -1; + verror_put_string("error in myproxy_serialize_response()"); + return -1; } if (myproxy_send(attrs, buf, len) < 0) { verror_put_string("error in myproxy_send()\n"); - return -1; - } + return -1; + } free(response.version); authorization_data_free(response.authorization_data); @@ -106,230 +106,230 @@ send_response_sasl_data(myproxy_socket_attrs_t *attrs, static int recv_response_sasl_data(myproxy_socket_attrs_t *attrs, char *data) { - char buf[SASL_BUFFER_SIZE]; - int result; - unsigned len; - author_method_t client_auth_method; - char *b64data; + char buf[SASL_BUFFER_SIZE]; + int result; + unsigned len; + author_method_t client_auth_method; + char *b64data; - int client_data_len = 0; + int client_data_len = 0; - len = myproxy_recv(attrs, buf, sizeof(buf)); + len = myproxy_recv(attrs, buf, sizeof(buf)); - if (len <= 0) - return -1; + if (len <= 0) + return -1; - client_auth_method = (*buf); - if (client_auth_method != AUTHORIZETYPE_SASL) { - verror_put_string("SASL method not match.\n"); - verror_put_errno(errno); - return -1; - } + client_auth_method = (*buf); + if (client_auth_method != AUTHORIZETYPE_SASL) { + verror_put_string("SASL method not match.\n"); + verror_put_errno(errno); + return -1; + } - client_data_len = len - sizeof(int); + client_data_len = len - sizeof(int); - b64data = buf + sizeof(int); - myproxy_debug("C: %s", b64data); - result = sasl_decode64(b64data, strnlen(b64data, client_data_len), - data, SASL_BUFFER_SIZE, &len); - if (result != SASL_OK) { + b64data = buf + sizeof(int); + myproxy_debug("C: %s", b64data); + result = sasl_decode64(b64data, strnlen(b64data, client_data_len), + data, SASL_BUFFER_SIZE, &len); + if (result != SASL_OK) { myproxy_log("Decoding data from base64 failed in recv_response_sasl_data."); - return -1; - } - data[len] = '\0'; + return -1; + } + data[len] = '\0'; - return len; + return len; } int auth_sasl_negotiate_server(myproxy_socket_attrs_t *attrs, - myproxy_request_t *client_request) + myproxy_request_t *client_request) { - char client_buffer[SASL_BUFFER_SIZE]; - int client_data_len = 0; + char client_buffer[SASL_BUFFER_SIZE]; + int client_data_len = 0; - unsigned len; - int count; - const char *data; - sasl_security_properties_t secprops; - int result; - int rval = -1; + unsigned len; + int count; + const char *data; + sasl_security_properties_t secprops; + int result; + int rval = -1; - char *iplocal = NULL, *ipremote = NULL; - char *service = "myproxy"; + char *iplocal = NULL, *ipremote = NULL; + char *service = "myproxy"; - char *userandrealm = NULL; + char *userandrealm = NULL; - myproxy_debug("Server: begin SASL negotiation..."); - myproxy_sasl_authenticated = 0; + myproxy_debug("Server: begin SASL negotiation..."); + myproxy_sasl_authenticated = 0; if (getenv("SASL_PATH")) { - myproxy_debug("$SASL_PATH is %s", getenv("SASL_PATH")); + myproxy_debug("$SASL_PATH is %s", getenv("SASL_PATH")); } else { - myproxy_debug("$SASL_PATH isn't set. Using /usr/lib/sasl2."); - } - - result = sasl_server_init(callbacks, service); - if (result != SASL_OK) { - myproxy_log("Initializing libsasl failed."); - return -1; - } - - atexit(&sasl_done); - - result = sasl_server_new(service, - myproxy_sasl_serverFQDN, - myproxy_sasl_user_realm, - iplocal, - ipremote, - NULL, - 0, - &conn); - if (result != SASL_OK) { - myproxy_log("Allocating sasl connection state failed."); - return -1; - } - - atexit(&sasl_free_conn); + myproxy_debug("$SASL_PATH isn't set. Using /usr/lib/sasl2."); + } + + result = sasl_server_init(callbacks, service); + if (result != SASL_OK) { + myproxy_log("Initializing libsasl failed."); + return -1; + } + + atexit(&sasl_done); + + result = sasl_server_new(service, + myproxy_sasl_serverFQDN, + myproxy_sasl_user_realm, + iplocal, + ipremote, + NULL, + 0, + &conn); + if (result != SASL_OK) { + myproxy_log("Allocating sasl connection state failed."); + return -1; + } + + atexit(&sasl_free_conn); /* don't need integrity or privacy, since we're over SSL already. in fact, let's disable them to avoid the overhead. */ - memset(&secprops, 0L, sizeof(secprops)); - result = sasl_setprop(conn, SASL_SEC_PROPS, &secprops); - if (result != SASL_OK) { - myproxy_log("Setting security properties failed."); - return -1; - } - - if (myproxy_sasl_mech) { - myproxy_debug("Forcing use of SASL mechanism %s", myproxy_sasl_mech); - data = myproxy_sasl_mech; - if (! data) { - myproxy_log("Duplicate string for SASL negotiation failed"); - return -1; - } - len = strlen(data); - count = 1; - } else { - myproxy_debug("Generating SASL mechanism list..."); - result = sasl_listmech(conn, - NULL, - NULL, - " ", - NULL, - &data, - &len, - &count); - if (result != SASL_OK) { - myproxy_log("Generating SASL mechanism list failed."); - return -1; - } - if (count == 0) { - myproxy_log("No SASL mechanisms available."); - return -1; - } - } - - myproxy_debug("Sending list of %d mechanism(s): %s", count, data); - if (send_response_sasl_data(attrs, data, len) < 0) { - return -1; - } - - myproxy_debug("Waiting for client mechanism..."); - len = recv_response_sasl_data(attrs, client_buffer); - - if (myproxy_sasl_mech && strcasecmp(myproxy_sasl_mech, client_buffer)) { - myproxy_log( - "Client chose something other than the mandatory mechanism."); - return -1; - } - if (strlen(client_buffer) < len) { + memset(&secprops, 0L, sizeof(secprops)); + result = sasl_setprop(conn, SASL_SEC_PROPS, &secprops); + if (result != SASL_OK) { + myproxy_log("Setting security properties failed."); + return -1; + } + + if (myproxy_sasl_mech) { + myproxy_debug("Forcing use of SASL mechanism %s", myproxy_sasl_mech); + data = myproxy_sasl_mech; + if (! data) { + myproxy_log("Duplicate string for SASL negotiation failed"); + return -1; + } + len = strlen(data); + count = 1; + } else { + myproxy_debug("Generating SASL mechanism list..."); + result = sasl_listmech(conn, + NULL, + NULL, + " ", + NULL, + &data, + &len, + &count); + if (result != SASL_OK) { + myproxy_log("Generating SASL mechanism list failed."); + return -1; + } + if (count == 0) { + myproxy_log("No SASL mechanisms available."); + return -1; + } + } + + myproxy_debug("Sending list of %d mechanism(s): %s", count, data); + if (send_response_sasl_data(attrs, data, len) < 0) { + return -1; + } + + myproxy_debug("Waiting for client mechanism..."); + len = recv_response_sasl_data(attrs, client_buffer); + + if (myproxy_sasl_mech && strcasecmp(myproxy_sasl_mech, client_buffer)) { + myproxy_log( + "Client chose something other than the mandatory mechanism."); + return -1; + } + if (strlen(client_buffer) < len) { data = client_buffer + strlen(client_buffer) + 1; len = len - strlen(client_buffer) - 1; - } else { + } else { data = NULL; len = 0; - } - - result = sasl_server_start(conn, - client_buffer, - data, - len, - &data, - &len); - if (result != SASL_OK && result != SASL_CONTINUE) { - myproxy_log("Starting SASL negotiation failed."); - verror_put_string("%s", sasl_errdetail(conn)); - return -1; - } - - while (result == SASL_CONTINUE) { - if (data) { - myproxy_debug("Sending response..."); - if (send_response_sasl_data(attrs, data, len) < 0) { - return -1; - } - } else { - myproxy_log("No SASL data to send--something's wrong"); - return -1; - } - - myproxy_debug("Waiting for client reply..."); - client_data_len = recv_response_sasl_data(attrs, client_buffer); - data = NULL; - result = sasl_server_step(conn, client_buffer, client_data_len, - &data, &len); - - if (result != SASL_OK && result != SASL_CONTINUE) { - verror_put_string("%s", sasl_errdetail(conn)); - myproxy_log("Performing SASL negotiation failed."); - return -1; - } - } - myproxy_debug("SASL negotiation complete."); - - if (sasl_getprop(conn, SASL_USERNAME, (const void **)&data) != SASL_OK) { - myproxy_log("Error: SASL username is NULL."); - return -1; - } - - if (myproxy_sasl_user_realm) { - size_t len; - len = strlen(client_request->username)+ - strlen(myproxy_sasl_user_realm)+2; - userandrealm = malloc(len); - snprintf(userandrealm, len, "%s@%s", - client_request->username, myproxy_sasl_user_realm); - } else { - userandrealm = strdup(client_request->username); - } - - if (strcmp((char *)data, userandrealm) != 0) { - myproxy_log("Authentication failure: SASL username (%s) and " - "request username (%s) differ.\n", (char *)data, - userandrealm); - goto error; - } - - if (sasl_getprop(conn, SASL_AUTHUSER, (const void **)&data) != SASL_OK) { - myproxy_log("Error: SASL username is NULL."); - goto error; - } - - if (strcmp((char *)data, userandrealm) != 0) { - myproxy_log("Authentication failure: SASL authuser (%s) and " - "request username (%s) differ.\n", (char *)data, - userandrealm); - goto error; - } - - myproxy_sasl_authenticated = 1; /* for later sanity checks */ - rval = 0; + } + + result = sasl_server_start(conn, + client_buffer, + data, + len, + &data, + &len); + if (result != SASL_OK && result != SASL_CONTINUE) { + myproxy_log("Starting SASL negotiation failed."); + verror_put_string("%s", sasl_errdetail(conn)); + return -1; + } + + while (result == SASL_CONTINUE) { + if (data) { + myproxy_debug("Sending response..."); + if (send_response_sasl_data(attrs, data, len) < 0) { + return -1; + } + } else { + myproxy_log("No SASL data to send--something's wrong"); + return -1; + } + + myproxy_debug("Waiting for client reply..."); + client_data_len = recv_response_sasl_data(attrs, client_buffer); + data = NULL; + result = sasl_server_step(conn, client_buffer, client_data_len, + &data, &len); + + if (result != SASL_OK && result != SASL_CONTINUE) { + verror_put_string("%s", sasl_errdetail(conn)); + myproxy_log("Performing SASL negotiation failed."); + return -1; + } + } + myproxy_debug("SASL negotiation complete."); + + if (sasl_getprop(conn, SASL_USERNAME, (const void **)&data) != SASL_OK) { + myproxy_log("Error: SASL username is NULL."); + return -1; + } + + if (myproxy_sasl_user_realm) { + size_t len; + len = strlen(client_request->username) + + strlen(myproxy_sasl_user_realm) + 2; + userandrealm = malloc(len); + snprintf(userandrealm, len, "%s@%s", + client_request->username, myproxy_sasl_user_realm); + } else { + userandrealm = strdup(client_request->username); + } + + if (strcmp((char *)data, userandrealm) != 0) { + myproxy_log("Authentication failure: SASL username (%s) and " + "request username (%s) differ.\n", (char *)data, + userandrealm); + goto error; + } + + if (sasl_getprop(conn, SASL_AUTHUSER, (const void **)&data) != SASL_OK) { + myproxy_log("Error: SASL username is NULL."); + goto error; + } + + if (strcmp((char *)data, userandrealm) != 0) { + myproxy_log("Authentication failure: SASL authuser (%s) and " + "request username (%s) differ.\n", (char *)data, + userandrealm); + goto error; + } + + myproxy_sasl_authenticated = 1; /* for later sanity checks */ + rval = 0; error: - if (userandrealm) free(userandrealm); + if (userandrealm) free(userandrealm); - return rval; + return rval; } #endif /* defined(HAVE_LIBSASL2) */ diff --git a/myproxy/source/plugin_common.c b/myproxy/source/plugin_common.c index f40d8064f..d744c0d46 100644 --- a/myproxy/source/plugin_common.c +++ b/myproxy/source/plugin_common.c @@ -3,7 +3,7 @@ * Rob Siemborski * $Id: plugin_common.c,v 1.20 2004/06/23 18:43:37 rjs3 Exp $ */ -/* +/* * Copyright (c) 1998-2003 Carnegie Mellon University. All rights reserved. * * Redistribution and use in source and binary forms, with or without @@ -11,7 +11,7 @@ * are met: * * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in @@ -21,7 +21,7 @@ * 3. The name "Carnegie Mellon University" must not be used to * endorse or promote products derived from this software without * prior written permission. For permission or any other legal - * details, please contact + * details, please contact * Office of Technology Transfer * Carnegie Mellon University * 5000 Forbes Avenue @@ -92,10 +92,10 @@ static void sockaddr_unmapped( int port; if (sa->sa_family != AF_INET6) - return; + return; sin6 = (struct sockaddr_in6 *)sa; if (!IN6_IS_ADDR_V4MAPPED((&sin6->sin6_addr))) - return; + return; sin4 = (struct sockaddr_in *)sa; addr = *(uint32_t *)&sin6->sin6_addr.s6_addr[12]; port = sin6->sin6_port; @@ -113,46 +113,46 @@ static void sockaddr_unmapped( } int _plug_ipfromstring(const sasl_utils_t *utils, const char *addr, - struct sockaddr *out, socklen_t outlen) + struct sockaddr *out, socklen_t outlen) { int i, j; socklen_t len; struct sockaddr_storage ss; struct addrinfo hints, *ai = NULL; char hbuf[NI_MAXHOST]; - + if(!utils || !addr || !out) { - if(utils) PARAMERROR( utils ); - return SASL_BADPARAM; + if(utils) PARAMERROR( utils ); + return SASL_BADPARAM; } /* Parse the address */ for (i = 0; addr[i] != '\0' && addr[i] != ';'; i++) { - if (i >= NI_MAXHOST) { - if(utils) PARAMERROR( utils ); - return SASL_BADPARAM; - } - hbuf[i] = addr[i]; + if (i >= NI_MAXHOST) { + if(utils) PARAMERROR( utils ); + return SASL_BADPARAM; + } + hbuf[i] = addr[i]; } hbuf[i] = '\0'; if (addr[i] == ';') - i++; + i++; /* XXX/FIXME: Do we need this check? */ for (j = i; addr[j] != '\0'; j++) - if (!isdigit((int)(addr[j]))) { - PARAMERROR( utils ); - return SASL_BADPARAM; - } + if (!isdigit((int)(addr[j]))) { + PARAMERROR( utils ); + return SASL_BADPARAM; + } memset(&hints, 0, sizeof(hints)); hints.ai_family = PF_UNSPEC; hints.ai_socktype = SOCK_STREAM; hints.ai_flags = AI_PASSIVE | AI_NUMERICHOST; - if (getaddrinfo(hbuf, &addr[i], &hints, &ai) != 0) { - PARAMERROR( utils ); - return SASL_BADPARAM; + if (getaddrinfo(hbuf, &addr[i], &hints, &ai) != 0) { + PARAMERROR( utils ); + return SASL_BADPARAM; } len = ai->ai_addrlen; @@ -160,8 +160,8 @@ int _plug_ipfromstring(const sasl_utils_t *utils, const char *addr, freeaddrinfo(ai); sockaddr_unmapped((struct sockaddr *)&ss, &len); if (outlen < len) { - PARAMERROR( utils ); - return SASL_BUFOVER; + PARAMERROR( utils ); + return SASL_BUFOVER; } memcpy(out, &ss, len); @@ -170,7 +170,7 @@ int _plug_ipfromstring(const sasl_utils_t *utils, const char *addr, } int _plug_iovec_to_buf(const sasl_utils_t *utils, const struct iovec *vec, - unsigned numiov, buffer_info_t **output) + unsigned numiov, buffer_info_t **output) { unsigned i; int ret; @@ -178,38 +178,38 @@ int _plug_iovec_to_buf(const sasl_utils_t *utils, const struct iovec *vec, char *pos; if(!utils || !vec || !output) { - if(utils) PARAMERROR( utils ); - return SASL_BADPARAM; + if(utils) PARAMERROR( utils ); + return SASL_BADPARAM; } - + if(!(*output)) { - *output = utils->malloc(sizeof(buffer_info_t)); - if(!*output) { - MEMERROR(utils); - return SASL_NOMEM; - } - memset(*output,0,sizeof(buffer_info_t)); + *output = utils->malloc(sizeof(buffer_info_t)); + if(!*output) { + MEMERROR(utils); + return SASL_NOMEM; + } + memset(*output,0,sizeof(buffer_info_t)); } out = *output; - + out->curlen = 0; for(i=0; icurlen += vec[i].iov_len; + out->curlen += vec[i].iov_len; ret = _plug_buf_alloc(utils, &out->data, &out->reallen, out->curlen); if(ret != SASL_OK) { - MEMERROR(utils); - return SASL_NOMEM; + MEMERROR(utils); + return SASL_NOMEM; } - + memset(out->data, 0, out->reallen); pos = out->data; - + for(i=0; imalloc(newlen); - if (*rwbuf == NULL) { - *curlen = 0; - MEMERROR(utils); - return SASL_NOMEM; - } - *curlen = newlen; + *rwbuf = utils->malloc(newlen); + if (*rwbuf == NULL) { + *curlen = 0; + MEMERROR(utils); + return SASL_NOMEM; + } + *curlen = newlen; } else if(*rwbuf && *curlen < newlen) { - size_t needed = 2*(*curlen); + size_t needed = 2*(*curlen); - while(needed < newlen) - needed *= 2; + while(needed < newlen) + needed *= 2; - *rwbuf = utils->realloc(*rwbuf, needed); - if (*rwbuf == NULL) { - *curlen = 0; - MEMERROR(utils); - return SASL_NOMEM; - } - *curlen = needed; - } + *rwbuf = utils->realloc(*rwbuf, needed); + if (*rwbuf == NULL) { + *curlen = 0; + MEMERROR(utils); + return SASL_NOMEM; + } + *curlen = needed; + } return SASL_OK; } /* copy a string */ int _plug_strdup(const sasl_utils_t * utils, const char *in, - char **out, int *outlen) + char **out, int *outlen) { size_t len = strlen(in); @@ -289,7 +289,7 @@ void _plug_free_string(const sasl_utils_t *utils, char **str) *str=NULL; } -void _plug_free_secret(const sasl_utils_t *utils, sasl_secret_t **secret) +void _plug_free_secret(const sasl_utils_t *utils, sasl_secret_t **secret) { if(!utils || !secret || !(*secret)) return; @@ -298,20 +298,20 @@ void _plug_free_secret(const sasl_utils_t *utils, sasl_secret_t **secret) *secret = NULL; } -/* +/* * Trys to find the prompt with the lookingfor id in the prompt list * Returns it if found. NULL otherwise */ sasl_interact_t *_plug_find_prompt(sasl_interact_t **promptlist, - unsigned int lookingfor) + unsigned int lookingfor) { sasl_interact_t *prompt; if (promptlist && *promptlist) { - for (prompt = *promptlist; prompt->id != SASL_CB_LIST_END; ++prompt) { - if (prompt->id==lookingfor) - return prompt; - } + for (prompt = *promptlist; prompt->id != SASL_CB_LIST_END; ++prompt) { + if (prompt->id==lookingfor) + return prompt; + } } return NULL; @@ -321,7 +321,7 @@ sasl_interact_t *_plug_find_prompt(sasl_interact_t **promptlist, * Retrieve the simple string given by the callback id. */ int _plug_get_simple(const sasl_utils_t *utils, unsigned int id, int required, - const char **result, sasl_interact_t **prompt_need) + const char **result, sasl_interact_t **prompt_need) { int ret = SASL_FAIL; @@ -334,34 +334,35 @@ int _plug_get_simple(const sasl_utils_t *utils, unsigned int id, int required, /* see if we were given the result in the prompt */ prompt = _plug_find_prompt(prompt_need, id); if (prompt != NULL) { - /* We prompted, and got.*/ - - if (required && !prompt->result) { - SETERROR(utils, "Unexpectedly missing a prompt result"); - return SASL_BADPARAM; - } + /* We prompted, and got.*/ + + if (required && !prompt->result) { + SETERROR(utils, "Unexpectedly missing a prompt result"); + return SASL_BADPARAM; + } - *result = prompt->result; - return SASL_OK; + *result = prompt->result; + return SASL_OK; } - + /* Try to get the callback... */ - ret = utils->getcallback(utils->conn, id, &simple_cb, &simple_context); + ret = utils->getcallback(utils->conn, id, + (int (**)(void)) (&simple_cb), &simple_context); if (ret == SASL_FAIL && !required) - return SASL_OK; + return SASL_OK; if (ret == SASL_OK && simple_cb) { - ret = simple_cb(simple_context, id, result, NULL); - if (ret != SASL_OK) - return ret; + ret = simple_cb(simple_context, id, result, NULL); + if (ret != SASL_OK) + return ret; - if (required && !*result) { - PARAMERROR(utils); - return SASL_BADPARAM; - } + if (required && !*result) { + PARAMERROR(utils); + return SASL_BADPARAM; + } } - + return ret; } @@ -369,7 +370,7 @@ int _plug_get_simple(const sasl_utils_t *utils, unsigned int id, int required, * Retrieve the user password. */ int _plug_get_password(const sasl_utils_t *utils, sasl_secret_t **password, - unsigned int *iscopy, sasl_interact_t **prompt_need) + unsigned int *iscopy, sasl_interact_t **prompt_need) { int ret = SASL_FAIL; sasl_getsecret_t *pass_cb; @@ -382,43 +383,43 @@ int _plug_get_password(const sasl_utils_t *utils, sasl_secret_t **password, /* see if we were given the password in the prompt */ prompt = _plug_find_prompt(prompt_need, SASL_CB_PASS); if (prompt != NULL) { - /* We prompted, and got.*/ - - if (!prompt->result) { - SETERROR(utils, "Unexpectedly missing a prompt result"); - return SASL_BADPARAM; - } - - /* copy what we got into a secret_t */ - *password = (sasl_secret_t *) utils->malloc(sizeof(sasl_secret_t) + - prompt->len + 1); - if (!*password) { - MEMERROR(utils); - return SASL_NOMEM; - } - - (*password)->len=prompt->len; - memcpy((*password)->data, prompt->result, prompt->len); - (*password)->data[(*password)->len]=0; - - *iscopy = 1; - - return SASL_OK; + /* We prompted, and got.*/ + + if (!prompt->result) { + SETERROR(utils, "Unexpectedly missing a prompt result"); + return SASL_BADPARAM; + } + + /* copy what we got into a secret_t */ + *password = (sasl_secret_t *) utils->malloc(sizeof(sasl_secret_t) + + prompt->len + 1); + if (!*password) { + MEMERROR(utils); + return SASL_NOMEM; + } + + (*password)->len=prompt->len; + memcpy((*password)->data, prompt->result, prompt->len); + (*password)->data[(*password)->len]=0; + + *iscopy = 1; + + return SASL_OK; } /* Try to get the callback... */ ret = utils->getcallback(utils->conn, SASL_CB_PASS, - &pass_cb, &pass_context); + (int (**)(void)) (&pass_cb), &pass_context); if (ret == SASL_OK && pass_cb) { - ret = pass_cb(utils->conn, pass_context, SASL_CB_PASS, password); - if (ret != SASL_OK) - return ret; + ret = pass_cb(utils->conn, pass_context, SASL_CB_PASS, password); + if (ret != SASL_OK) + return ret; - if (!*password) { - PARAMERROR(utils); - return SASL_BADPARAM; - } + if (!*password) { + PARAMERROR(utils); + return SASL_BADPARAM; + } } return ret; @@ -428,8 +429,8 @@ int _plug_get_password(const sasl_utils_t *utils, sasl_secret_t **password, * Retrieve the string given by the challenge prompt id. */ int _plug_challenge_prompt(const sasl_utils_t *utils, unsigned int id, - const char *challenge, const char *promptstr, - const char **result, sasl_interact_t **prompt_need) + const char *challenge, const char *promptstr, + const char **result, sasl_interact_t **prompt_need) { int ret = SASL_FAIL; sasl_chalprompt_t *chalprompt_cb; @@ -441,31 +442,31 @@ int _plug_challenge_prompt(const sasl_utils_t *utils, unsigned int id, /* see if we were given the password in the prompt */ prompt = _plug_find_prompt(prompt_need, id); if (prompt != NULL) { - /* We prompted, and got.*/ - - if (!prompt->result) { - SETERROR(utils, "Unexpectedly missing a prompt result"); - return SASL_BADPARAM; - } - - *result = prompt->result; - return SASL_OK; + /* We prompted, and got.*/ + + if (!prompt->result) { + SETERROR(utils, "Unexpectedly missing a prompt result"); + return SASL_BADPARAM; + } + + *result = prompt->result; + return SASL_OK; } /* Try to get the callback... */ ret = utils->getcallback(utils->conn, id, - &chalprompt_cb, &chalprompt_context); + (int (**)(void)) (&chalprompt_cb), &chalprompt_context); if (ret == SASL_OK && chalprompt_cb) { - ret = chalprompt_cb(chalprompt_context, id, - challenge, promptstr, NULL, result, NULL); - if (ret != SASL_OK) - return ret; + ret = chalprompt_cb(chalprompt_context, id, + challenge, promptstr, NULL, result, NULL); + if (ret != SASL_OK) + return ret; - if (!*result) { - PARAMERROR(utils); - return SASL_BADPARAM; - } + if (!*result) { + PARAMERROR(utils); + return SASL_BADPARAM; + } } return ret; @@ -475,7 +476,7 @@ int _plug_challenge_prompt(const sasl_utils_t *utils, unsigned int id, * Retrieve the client realm. */ int _plug_get_realm(const sasl_utils_t *utils, const char **availrealms, - const char **realm, sasl_interact_t **prompt_need) + const char **realm, sasl_interact_t **prompt_need) { int ret = SASL_FAIL; sasl_getrealm_t *realm_cb; @@ -487,32 +488,32 @@ int _plug_get_realm(const sasl_utils_t *utils, const char **availrealms, /* see if we were given the result in the prompt */ prompt = _plug_find_prompt(prompt_need, SASL_CB_GETREALM); if (prompt != NULL) { - /* We prompted, and got.*/ - - if (!prompt->result) { - SETERROR(utils, "Unexpectedly missing a prompt result"); - return SASL_BADPARAM; - } + /* We prompted, and got.*/ - *realm = prompt->result; - return SASL_OK; + if (!prompt->result) { + SETERROR(utils, "Unexpectedly missing a prompt result"); + return SASL_BADPARAM; + } + + *realm = prompt->result; + return SASL_OK; } /* Try to get the callback... */ ret = utils->getcallback(utils->conn, SASL_CB_GETREALM, - &realm_cb, &realm_context); + (int (**)(void)) (&realm_cb), &realm_context); if (ret == SASL_OK && realm_cb) { - ret = realm_cb(realm_context, SASL_CB_GETREALM, availrealms, realm); - if (ret != SASL_OK) - return ret; + ret = realm_cb(realm_context, SASL_CB_GETREALM, availrealms, realm); + if (ret != SASL_OK) + return ret; - if (!*realm) { - PARAMERROR(utils); - return SASL_BADPARAM; - } + if (!*realm) { + PARAMERROR(utils); + return SASL_BADPARAM; + } } - + return ret; } @@ -520,14 +521,14 @@ int _plug_get_realm(const sasl_utils_t *utils, const char **availrealms, * Make the requested prompts. (prompt==NULL means we don't want it) */ int _plug_make_prompts(const sasl_utils_t *utils, - sasl_interact_t **prompts_res, - const char *user_prompt, const char *user_def, - const char *auth_prompt, const char *auth_def, - const char *pass_prompt, const char *pass_def, - const char *echo_chal, - const char *echo_prompt, const char *echo_def, - const char *realm_chal, - const char *realm_prompt, const char *realm_def) + sasl_interact_t **prompts_res, + const char *user_prompt, const char *user_def, + const char *auth_prompt, const char *auth_def, + const char *pass_prompt, const char *pass_def, + const char *echo_chal, + const char *echo_prompt, const char *echo_def, + const char *realm_chal, + const char *realm_prompt, const char *realm_def) { int num = 1; int alloc_size; @@ -540,63 +541,63 @@ int _plug_make_prompts(const sasl_utils_t *utils, if (realm_prompt) num++; if (num == 1) { - SETERROR( utils, "make_prompts() called with no actual prompts" ); - return SASL_FAIL; + SETERROR( utils, "make_prompts() called with no actual prompts" ); + return SASL_FAIL; } alloc_size = sizeof(sasl_interact_t)*num; prompts = utils->malloc(alloc_size); if (!prompts) { - MEMERROR( utils ); - return SASL_NOMEM; + MEMERROR( utils ); + return SASL_NOMEM; } memset(prompts, 0, alloc_size); - + *prompts_res = prompts; if (user_prompt) { - (prompts)->id = SASL_CB_USER; - (prompts)->challenge = "Authorization Name"; - (prompts)->prompt = user_prompt; - (prompts)->defresult = user_def; + (prompts)->id = SASL_CB_USER; + (prompts)->challenge = "Authorization Name"; + (prompts)->prompt = user_prompt; + (prompts)->defresult = user_def; - prompts++; + prompts++; } if (auth_prompt) { - (prompts)->id = SASL_CB_AUTHNAME; - (prompts)->challenge = "Authentication Name"; - (prompts)->prompt = auth_prompt; - (prompts)->defresult = auth_def; + (prompts)->id = SASL_CB_AUTHNAME; + (prompts)->challenge = "Authentication Name"; + (prompts)->prompt = auth_prompt; + (prompts)->defresult = auth_def; - prompts++; + prompts++; } if (pass_prompt) { - (prompts)->id = SASL_CB_PASS; - (prompts)->challenge = "Password"; - (prompts)->prompt = pass_prompt; - (prompts)->defresult = pass_def; + (prompts)->id = SASL_CB_PASS; + (prompts)->challenge = "Password"; + (prompts)->prompt = pass_prompt; + (prompts)->defresult = pass_def; - prompts++; + prompts++; } if (echo_prompt) { - (prompts)->id = SASL_CB_ECHOPROMPT; - (prompts)->challenge = echo_chal; - (prompts)->prompt = echo_prompt; - (prompts)->defresult = echo_def; + (prompts)->id = SASL_CB_ECHOPROMPT; + (prompts)->challenge = echo_chal; + (prompts)->prompt = echo_prompt; + (prompts)->defresult = echo_def; - prompts++; + prompts++; } if (realm_prompt) { - (prompts)->id = SASL_CB_GETREALM; - (prompts)->challenge = realm_chal; - (prompts)->prompt = realm_prompt; - (prompts)->defresult = realm_def; + (prompts)->id = SASL_CB_GETREALM; + (prompts)->challenge = realm_chal; + (prompts)->prompt = realm_prompt; + (prompts)->defresult = realm_def; - prompts++; + prompts++; } /* add the ending one */ @@ -609,7 +610,7 @@ int _plug_make_prompts(const sasl_utils_t *utils, } void _plug_decode_init(decode_context_t *text, - const sasl_utils_t *utils, unsigned int in_maxbuf) + const sasl_utils_t *utils, unsigned int in_maxbuf) { memset(text, 0, sizeof(decode_context_t)); @@ -623,93 +624,93 @@ void _plug_decode_init(decode_context_t *text, * using decode_pkt() to decode individual packets. */ int _plug_decode(decode_context_t *text, - const char *input, unsigned inputlen, - char **output, /* output buffer */ - unsigned *outputsize, /* current size of output buffer */ - unsigned *outputlen, /* length of data in output buffer */ - int (*decode_pkt)(void *rock, - const char *input, unsigned inputlen, - char **output, unsigned *outputlen), - void *rock) + const char *input, unsigned inputlen, + char **output, /* output buffer */ + unsigned *outputsize, /* current size of output buffer */ + unsigned *outputlen, /* length of data in output buffer */ + int (*decode_pkt)(void *rock, + const char *input, unsigned inputlen, + char **output, unsigned *outputlen), + void *rock) { unsigned int tocopy; unsigned diff; char *tmp; unsigned tmplen; int ret; - + *outputlen = 0; while (inputlen) { /* more input */ - if (text->needsize) { /* need to get the rest of the 4-byte size */ - - /* copy as many bytes (up to 4) as we have into size buffer */ - tocopy = (inputlen > text->needsize) ? text->needsize : inputlen; - memcpy(text->sizebuf + 4 - text->needsize, input, tocopy); - text->needsize -= tocopy; - - input += tocopy; - inputlen -= tocopy; - - if (!text->needsize) { /* we have the entire 4-byte size */ - memcpy(&(text->size), text->sizebuf, 4); - text->size = ntohl(text->size); - - if (!text->size) /* should never happen */ - return SASL_FAIL; - - if (text->size > text->in_maxbuf) { - text->utils->log(NULL, SASL_LOG_ERR, - "encoded packet size too big (%d > %d)", - text->size, text->in_maxbuf); - return SASL_FAIL; - } - - if (!text->buffer) - text->buffer = text->utils->malloc(text->in_maxbuf); - if (text->buffer == NULL) return SASL_NOMEM; - - text->cursize = 0; - } else { - /* We do NOT have the entire 4-byte size... - * wait for more data */ - return SASL_OK; - } - } - - diff = text->size - text->cursize; /* bytes needed for full packet */ - - if (inputlen < diff) { /* not a complete packet, need more input */ - memcpy(text->buffer + text->cursize, input, inputlen); - text->cursize += inputlen; - return SASL_OK; - } - - /* copy the rest of the packet */ - memcpy(text->buffer + text->cursize, input, diff); - input += diff; - inputlen -= diff; - - /* decode the packet (no need to free tmp) */ - ret = decode_pkt(rock, text->buffer, text->size, &tmp, &tmplen); - if (ret != SASL_OK) return ret; - - /* append the decoded packet to the output */ - ret = _plug_buf_alloc(text->utils, output, outputsize, - *outputlen + tmplen + 1); /* +1 for NUL */ - if (ret != SASL_OK) return ret; - - memcpy(*output + *outputlen, tmp, tmplen); - *outputlen += tmplen; - - /* protect stupid clients */ - *(*output + *outputlen) = '\0'; - - /* reset for the next packet */ - text->needsize = 4; - } - - return SASL_OK; + if (text->needsize) { /* need to get the rest of the 4-byte size */ + + /* copy as many bytes (up to 4) as we have into size buffer */ + tocopy = (inputlen > text->needsize) ? text->needsize : inputlen; + memcpy(text->sizebuf + 4 - text->needsize, input, tocopy); + text->needsize -= tocopy; + + input += tocopy; + inputlen -= tocopy; + + if (!text->needsize) { /* we have the entire 4-byte size */ + memcpy(&(text->size), text->sizebuf, 4); + text->size = ntohl(text->size); + + if (!text->size) /* should never happen */ + return SASL_FAIL; + + if (text->size > text->in_maxbuf) { + text->utils->log(NULL, SASL_LOG_ERR, + "encoded packet size too big (%d > %d)", + text->size, text->in_maxbuf); + return SASL_FAIL; + } + + if (!text->buffer) + text->buffer = text->utils->malloc(text->in_maxbuf); + if (text->buffer == NULL) return SASL_NOMEM; + + text->cursize = 0; + } else { + /* We do NOT have the entire 4-byte size... + * wait for more data */ + return SASL_OK; + } + } + + diff = text->size - text->cursize; /* bytes needed for full packet */ + + if (inputlen < diff) { /* not a complete packet, need more input */ + memcpy(text->buffer + text->cursize, input, inputlen); + text->cursize += inputlen; + return SASL_OK; + } + + /* copy the rest of the packet */ + memcpy(text->buffer + text->cursize, input, diff); + input += diff; + inputlen -= diff; + + /* decode the packet (no need to free tmp) */ + ret = decode_pkt(rock, text->buffer, text->size, &tmp, &tmplen); + if (ret != SASL_OK) return ret; + + /* append the decoded packet to the output */ + ret = _plug_buf_alloc(text->utils, output, outputsize, + *outputlen + tmplen + 1); /* +1 for NUL */ + if (ret != SASL_OK) return ret; + + memcpy(*output + *outputlen, tmp, tmplen); + *outputlen += tmplen; + + /* protect stupid clients */ + *(*output + *outputlen) = '\0'; + + /* reset for the next packet */ + text->needsize = 4; + } + + return SASL_OK; } void _plug_decode_free(decode_context_t *text) @@ -719,61 +720,61 @@ void _plug_decode_free(decode_context_t *text) /* returns the realm we should pretend to be in */ int _plug_parseuser(const sasl_utils_t *utils, - char **user, char **realm, const char *user_realm, - const char *serverFQDN, const char *input) + char **user, char **realm, const char *user_realm, + const char *serverFQDN, const char *input) { int ret; char *r; if(!user || !serverFQDN) { - PARAMERROR( utils ); - return SASL_BADPARAM; + PARAMERROR( utils ); + return SASL_BADPARAM; } r = strchr(input, '@'); if (!r) { - /* hmmm, the user didn't specify a realm */ - if(user_realm && user_realm[0]) { - ret = _plug_strdup(utils, user_realm, realm, NULL); - } else { - /* Default to serverFQDN */ - ret = _plug_strdup(utils, serverFQDN, realm, NULL); - } - - if (ret == SASL_OK) { - ret = _plug_strdup(utils, input, user, NULL); - } + /* hmmm, the user didn't specify a realm */ + if(user_realm && user_realm[0]) { + ret = _plug_strdup(utils, user_realm, realm, NULL); + } else { + /* Default to serverFQDN */ + ret = _plug_strdup(utils, serverFQDN, realm, NULL); + } + + if (ret == SASL_OK) { + ret = _plug_strdup(utils, input, user, NULL); + } } else { - r++; - ret = _plug_strdup(utils, r, realm, NULL); - *--r = '\0'; - *user = utils->malloc(r - input + 1); - if (*user) { - strncpy(*user, input, r - input +1); - } else { - MEMERROR( utils ); - ret = SASL_NOMEM; - } - *r = '@'; + r++; + ret = _plug_strdup(utils, r, realm, NULL); + *--r = '\0'; + *user = utils->malloc(r - input + 1); + if (*user) { + strncpy(*user, input, r - input +1); + } else { + MEMERROR( utils ); + ret = SASL_NOMEM; + } + *r = '@'; } return ret; } int _plug_make_fulluser(const sasl_utils_t *utils, - char **fulluser, - const char * useronly, - const char *realm) + char **fulluser, + const char * useronly, + const char *realm) { if(!fulluser || !useronly || !realm) { - PARAMERROR( utils ); - return (SASL_BADPARAM); + PARAMERROR( utils ); + return (SASL_BADPARAM); } *fulluser = utils->malloc (strlen(useronly) + strlen(realm) + 2); if (*fulluser == NULL) { - MEMERROR( utils ); - return (SASL_NOMEM); + MEMERROR( utils ); + return (SASL_NOMEM); } strcpy (*fulluser, useronly); @@ -785,36 +786,36 @@ int _plug_make_fulluser(const sasl_utils_t *utils, char * _plug_get_error_message (const sasl_utils_t *utils, #ifdef WIN32 - DWORD error + DWORD error #else - int error + int error #endif - ) + ) { char * return_value; #ifdef WIN32 LPVOID lpMsgBuf; - FormatMessage( - FORMAT_MESSAGE_ALLOCATE_BUFFER | - FORMAT_MESSAGE_FROM_SYSTEM | - FORMAT_MESSAGE_IGNORE_INSERTS, - NULL, - error, - MAKELANGID(LANG_NEUTRAL, SUBLANG_DEFAULT), /* Default language */ - (LPTSTR) &lpMsgBuf, - 0, - NULL + FormatMessage( + FORMAT_MESSAGE_ALLOCATE_BUFFER | + FORMAT_MESSAGE_FROM_SYSTEM | + FORMAT_MESSAGE_IGNORE_INSERTS, + NULL, + error, + MAKELANGID(LANG_NEUTRAL, SUBLANG_DEFAULT), /* Default language */ + (LPTSTR) &lpMsgBuf, + 0, + NULL ); if (_plug_strdup (utils, lpMsgBuf, &return_value, NULL) != SASL_OK) { - return_value = NULL; + return_value = NULL; } LocalFree( lpMsgBuf ); #else /* !WIN32 */ if (_plug_strdup (utils, strerror(error), &return_value, NULL) != SASL_OK) { - return_value = NULL; + return_value = NULL; } #endif /* WIN32 */ return (return_value); @@ -827,10 +828,10 @@ void _plug_snprintf_os_info (char * osbuf, int osbuf_len) char *sysname; /* : - DWORD dwOSVersionInfoSize; - DWORD dwMajorVersion; - DWORD dwMinorVersion; - DWORD dwBuildNumber; + DWORD dwOSVersionInfoSize; + DWORD dwMajorVersion; + DWORD dwMinorVersion; + DWORD dwBuildNumber; TCHAR szCSDVersion[ 128 ]; //Only NT SP 6 and later WORD wServicePackMajor; @@ -843,68 +844,68 @@ void _plug_snprintf_os_info (char * osbuf, int osbuf_len) sysname = "Unknown Windows"; if (GetVersionEx ((OSVERSIONINFO *) &versioninfo) == FALSE) { - snprintf(osbuf, osbuf_len, "%s", sysname); - goto SKIP_OS_INFO; + snprintf(osbuf, osbuf_len, "%s", sysname); + goto SKIP_OS_INFO; } switch (versioninfo.dwPlatformId) { - case VER_PLATFORM_WIN32s: /* Win32s on Windows 3.1 */ - sysname = "Win32s on Windows 3.1"; + case VER_PLATFORM_WIN32s: /* Win32s on Windows 3.1 */ + sysname = "Win32s on Windows 3.1"; /* I can't test if dwBuildNumber has any meaning on Win32s */ - break; - - case VER_PLATFORM_WIN32_WINDOWS: /* 95/98/ME */ - switch (versioninfo.dwMinorVersion) { - case 0: - sysname = "Windows 95"; - break; - case 10: - sysname = "Windows 98"; - break; - case 90: - sysname = "Windows Me"; - break; - default: - sysname = "Unknown Windows 9X/ME series"; - break; - } + break; + + case VER_PLATFORM_WIN32_WINDOWS: /* 95/98/ME */ + switch (versioninfo.dwMinorVersion) { + case 0: + sysname = "Windows 95"; + break; + case 10: + sysname = "Windows 98"; + break; + case 90: + sysname = "Windows Me"; + break; + default: + sysname = "Unknown Windows 9X/ME series"; + break; + } /* Clear the high order word, as it contains major/minor version */ - versioninfo.dwBuildNumber &= 0xFFFF; - break; - - case VER_PLATFORM_WIN32_NT: /* NT/2000/XP/.NET */ - if (versioninfo.dwMinorVersion > 99) { - } else { - switch (versioninfo.dwMajorVersion * 100 + versioninfo.dwMinorVersion) { - case 351: - sysname = "Windows NT 3.51"; - break; - case 400: - sysname = "Windows NT 4.0"; - break; - case 500: - sysname = "Windows 2000"; - break; - case 501: - sysname = "Windows XP/.NET"; /* or Windows .NET Server */ - break; - default: - sysname = "Unknown Windows NT series"; - break; - } - } - break; - - default: - break; + versioninfo.dwBuildNumber &= 0xFFFF; + break; + + case VER_PLATFORM_WIN32_NT: /* NT/2000/XP/.NET */ + if (versioninfo.dwMinorVersion > 99) { + } else { + switch (versioninfo.dwMajorVersion * 100 + versioninfo.dwMinorVersion) { + case 351: + sysname = "Windows NT 3.51"; + break; + case 400: + sysname = "Windows NT 4.0"; + break; + case 500: + sysname = "Windows 2000"; + break; + case 501: + sysname = "Windows XP/.NET"; /* or Windows .NET Server */ + break; + default: + sysname = "Unknown Windows NT series"; + break; + } + } + break; + + default: + break; } snprintf(osbuf, osbuf_len, - "%s %s (Build %u)", - sysname, - versioninfo.szCSDVersion, - versioninfo.dwBuildNumber - ); + "%s %s (Build %u)", + sysname, + versioninfo.szCSDVersion, + versioninfo.dwBuildNumber + ); SKIP_OS_INFO: ; diff --git a/packaging/debian/myproxy/debian/changelog.in b/packaging/debian/myproxy/debian/changelog.in index dd88a7b92..b66400bf7 100644 --- a/packaging/debian/myproxy/debian/changelog.in +++ b/packaging/debian/myproxy/debian/changelog.in @@ -1,3 +1,9 @@ +myproxy (6.2.16-1+gct.@distro@) @distro@; urgency=medium + + * Fix compilation errors from stricter type checking + + -- Mattias Ellert Thu, 18 Jan 2024 01:00:43 +0100 + myproxy (6.2.15-1+gct.@distro@) @distro@; urgency=medium * Avoid calling the undeclared exit function in configure diff --git a/packaging/fedora/myproxy.spec b/packaging/fedora/myproxy.spec index 5a3df9ed4..43fc5ddfd 100644 --- a/packaging/fedora/myproxy.spec +++ b/packaging/fedora/myproxy.spec @@ -2,7 +2,7 @@ Name: myproxy %global soname 6 -Version: 6.2.15 +Version: 6.2.16 Release: 1%{?dist} Summary: Manage X.509 Public Key Infrastructure (PKI) security credentials @@ -387,6 +387,9 @@ fi %doc %{_pkgdocdir}/LICENSE* %changelog +* Wed Jan 17 2024 Mattias Ellert - 6.2.16-1 +- Fix compilation errors from stricter type checking + * Sun Feb 12 2023 Mattias Ellert - 6.2.15-1 - Avoid calling the undeclared exit function in configure