/*
* ldap_sasl_interactive_bind_s - interactive SASL authentication
*
* This routine uses interactive callbacks.
*
* LDAP_SUCCESS is returned upon success, the ldap error code
* otherwise.
*/
int
ldap_sasl_interactive_bind_s(
LDAP *ld,
LDAP_CONST char *dn, /* usually NULL */
LDAP_CONST char *mechs,
LDAPControl **serverControls,
LDAPControl **clientControls,
unsigned flags,
LDAP_SASL_INTERACT_PROC *interact,
void *defaults )
{
int rc;
#if defined( LDAP_R_COMPILE ) && defined( HAVE_CYRUS_SASL )
ldap_pvt_thread_mutex_lock( &ldap_int_sasl_mutex );
#endif
#ifdef LDAP_CONNECTIONLESS
if( LDAP_IS_UDP(ld) ) {
/* Just force it to simple bind, silly to make the user
* ask all the time. No, we don't ever actually bind, but I'll
* let the final bind handler take care of saving the cdn.
*/
rc = ldap_simple_bind(ld, dn, NULL);
return rc < 0 ? rc : 0;
} else
#endif
if( mechs == NULL || *mechs == '\0' ) {
char *smechs;
rc = ldap_pvt_sasl_getmechs( ld, &smechs );
if( rc != LDAP_SUCCESS ) {
goto done;
}
#ifdef NEW_LOGGING
LDAP_LOG ( TRANSPORT, DETAIL1,
"ldap_interactive_sasl_bind_s: server supports: %s\n",
smechs, 0, 0 );
#else
Debug( LDAP_DEBUG_TRACE,
"ldap_interactive_sasl_bind_s: server supports: %s\n",
smechs, 0, 0 );
#endif
mechs = smechs;
} else {
#ifdef NEW_LOGGING
LDAP_LOG ( TRANSPORT, DETAIL1,
"ldap_interactive_sasl_bind_s: user selected: %s\n", mechs, 0, 0 );
#else
Debug( LDAP_DEBUG_TRACE,
"ldap_interactive_sasl_bind_s: user selected: %s\n",
mechs, 0, 0 );
#endif
}
rc = ldap_int_sasl_bind( ld, dn, mechs,
serverControls, clientControls,
flags, interact, defaults );
done:
#if defined( LDAP_R_COMPILE ) && defined( HAVE_CYRUS_SASL )
ldap_pvt_thread_mutex_unlock( &ldap_int_sasl_mutex );
#endif
return rc;
}
/*
* ldap_sasl_interactive_bind - interactive SASL authentication
*
* This routine uses interactive callbacks.
*
* LDAP_SUCCESS is returned upon success, the ldap error code
* otherwise. LDAP_SASL_BIND_IN_PROGRESS is returned if further
* calls are needed.
*/
int
ldap_sasl_interactive_bind(
LDAP *ld,
LDAP_CONST char *dn, /* usually NULL */
LDAP_CONST char *mechs,
LDAPControl **serverControls,
LDAPControl **clientControls,
unsigned flags,
LDAP_SASL_INTERACT_PROC *interact,
void *defaults,
LDAPMessage *result,
const char **rmech,
int *msgid )
{
char *smechs = NULL;
int rc;
#if defined( HAVE_CYRUS_SASL )
LDAP_MUTEX_LOCK( &ldap_int_sasl_mutex );
#endif
#ifdef LDAP_CONNECTIONLESS
if( LDAP_IS_UDP(ld) ) {
/* Just force it to simple bind, silly to make the user
* ask all the time. No, we don't ever actually bind, but I'll
* let the final bind handler take care of saving the cdn.
*/
rc = ldap_simple_bind( ld, dn, NULL );
rc = rc < 0 ? rc : 0;
goto done;
} else
#endif
/* First time */
if ( !result ) {
#ifdef HAVE_CYRUS_SASL
if( mechs == NULL || *mechs == '\0' ) {
mechs = ld->ld_options.ldo_def_sasl_mech;
}
#endif
if( mechs == NULL || *mechs == '\0' ) {
/* FIXME: this needs to be asynchronous too;
* perhaps NULL should be disallowed for async usage?
*/
rc = ldap_pvt_sasl_getmechs( ld, &smechs );
if( rc != LDAP_SUCCESS ) {
goto done;
}
Debug( LDAP_DEBUG_TRACE,
"ldap_sasl_interactive_bind: server supports: %s\n",
smechs, 0, 0 );
mechs = smechs;
} else {
Debug( LDAP_DEBUG_TRACE,
"ldap_sasl_interactive_bind: user selected: %s\n",
mechs, 0, 0 );
}
}
rc = ldap_int_sasl_bind( ld, dn, mechs,
serverControls, clientControls,
flags, interact, defaults, result, rmech, msgid );
done:
#if defined( HAVE_CYRUS_SASL )
LDAP_MUTEX_UNLOCK( &ldap_int_sasl_mutex );
#endif
if ( smechs ) LDAP_FREE( smechs );
return rc;
}