int php_mongo_io_authenticate_gssapi(mongo_con_manager *manager, mongo_connection *con, mongo_server_options *options, mongo_server_def *server_def, char **error_message)
{
int result;
char *initpayload;
int initpayload_len;
sasl_conn_t *conn;
int32_t conversation_id;
result = sasl_client_new(options->gssapiServiceName, server_def->host, NULL, NULL, NULL, 0, &conn);
if (result != SASL_OK) {
sasl_dispose(&conn);
sasl_client_done();
*error_message = strdup("Could not initialize a client exchange (SASL) to MongoDB");
return 0;
}
conn = php_mongo_saslstart(manager, con, options, server_def, conn, &initpayload, &initpayload_len, &conversation_id, error_message);
if (!conn) {
sasl_dispose(&conn);
sasl_client_done();
/* error message populate by php_mongo_saslstart() */
return 0;
}
php_mongo_saslcontinue(manager, con, options, server_def, conn, initpayload, initpayload_len, conversation_id, error_message);
free(initpayload);
sasl_dispose(&conn);
sasl_client_done();
return 1;
}
static void
free_conn(void)
{
if (server_conn) {
sasl_dispose(&server_conn);
}
if (client_conn) {
sasl_dispose(&client_conn);
}
}
virtual EModRet OnLoginAttempt(CSmartPtr<CAuthBase> Auth) {
CString const user(Auth->GetUsername());
CString const pass(Auth->GetPassword());
CUser* pUser(CZNC::Get().FindUser(user));
sasl_conn_t *sasl_conn(0);
if (!pUser) { // @todo Will want to do some sort of && !m_bAllowCreate in the future
Auth->RefuseLogin("Invalid User - Halting SASL Authentication");
return HALT;
}
CString const key(CString(user + ":" + pass).MD5());
if (m_Cache.HasItem(key)) {
Auth->AcceptLogin(*pUser);
DEBUG("+++ Found in cache");
}
else if (sasl_server_new("znc", NULL, NULL, NULL, NULL, cbs, 0, &sasl_conn) == SASL_OK &&
sasl_checkpass(sasl_conn, user.c_str(), user.size(), pass.c_str(), pass.size()) == SASL_OK) {
Auth->AcceptLogin(*pUser);
m_Cache.AddItem(key);
DEBUG("+++ Successful SASL password check");
}
else {
Auth->RefuseLogin("SASL Authentication failed");
DEBUG("--- FAILED SASL password check");
}
sasl_dispose(&sasl_conn);
return HALT;
}
void reds_stream_free(RedsStream *s)
{
if (!s) {
return;
}
reds_stream_push_channel_event(s, SPICE_CHANNEL_EVENT_DISCONNECTED);
#if HAVE_SASL
if (s->priv->sasl.conn) {
s->priv->sasl.runSSF = s->priv->sasl.wantSSF = 0;
s->priv->sasl.len = 0;
s->priv->sasl.encodedLength = s->priv->sasl.encodedOffset = 0;
s->priv->sasl.encoded = NULL;
free(s->priv->sasl.mechlist);
free(s->priv->sasl.mechname);
s->priv->sasl.mechlist = NULL;
sasl_dispose(&s->priv->sasl.conn);
s->priv->sasl.conn = NULL;
}
#endif
if (s->priv->ssl) {
SSL_free(s->priv->ssl);
}
reds_stream_remove_watch(s);
spice_debug("close socket fd %d", s->socket);
close(s->socket);
free(s);
}
/**
* Close and destroy a transport handle
*/
void rd_kafka_transport_close (rd_kafka_transport_t *rktrans) {
#if WITH_SSL
if (rktrans->rktrans_ssl) {
SSL_shutdown(rktrans->rktrans_ssl);
SSL_free(rktrans->rktrans_ssl);
}
#endif
#if WITH_SASL
if (rktrans->rktrans_sasl.conn)
sasl_dispose(&rktrans->rktrans_sasl.conn);
#endif
if (rktrans->rktrans_recv_buf)
rd_kafka_buf_destroy(rktrans->rktrans_recv_buf);
if (rktrans->rktrans_s != -1) {
#ifndef _MSC_VER
close(rktrans->rktrans_s);
#else
closesocket(rktrans->rktrans_s);
#endif
}
rd_free(rktrans);
}
/*
* Free SASL related resources.
*/
VOID
VmDirSASLSessionClose(
PVDIR_SASL_BIND_INFO pSaslBindInfo
)
{
if (pSaslBindInfo)
{
if (pSaslBindInfo->pSaslCtx)
{
if (pSaslBindInfo->saslSSF > 0)
{
VmDirSASLSockbufRemove(pSaslBindInfo->pSockbuf);
}
sasl_dispose(&pSaslBindInfo->pSaslCtx);
pSaslBindInfo->pSaslCtx = NULL;
}
VMDIR_SAFE_FREE_MEMORY(pSaslBindInfo->pSessionCB);
VMDIR_SAFE_FREE_MEMORY(pSaslBindInfo->pszBindUserName);
VmDirFreeBervalContent(&pSaslBindInfo->bvMechnism);
}
return;
}
void backend_disconnect(struct backend *s)
{
char buf[1024];
if (!s || s->sock == -1) return;
if (!prot_error(s->in)) {
if (s->prot->logout_cmd.cmd) {
prot_printf(s->out, "%s\r\n", s->prot->logout_cmd.cmd);
prot_flush(s->out);
for (;;) {
if (!prot_fgets(buf, sizeof(buf), s->in)) {
/* connection closed? */
break;
} else if (s->prot->logout_cmd.unsol &&
!strncmp(s->prot->logout_cmd.unsol, buf,
strlen(s->prot->logout_cmd.unsol))) {
/* unsolicited response */
continue;
} else {
/* success/fail response -- don't care either way */
break;
}
}
}
}
/* Flush the incoming buffer */
prot_NONBLOCK(s->in);
prot_fill(s->in);
#ifdef HAVE_SSL
/* Free tlsconn */
if (s->tlsconn) {
tls_reset_servertls(&s->tlsconn);
s->tlsconn = NULL;
}
#endif /* HAVE_SSL */
/* close/free socket & prot layer */
cyrus_close_sock(s->sock);
s->sock = -1;
prot_free(s->in);
prot_free(s->out);
s->in = s->out = NULL;
/* Free saslconn */
if(s->saslconn) {
sasl_dispose(&(s->saslconn));
s->saslconn = NULL;
}
/* free last_result buffer */
buf_free(&s->last_result);
forget_capabilities(s);
}
void virNetSASLSessionDispose(void *obj)
{
virNetSASLSessionPtr sasl = obj;
if (sasl->conn)
sasl_dispose(&sasl->conn);
}
void virNetSASLSessionDispose(void *obj)
{
virNetSASLSessionPtr sasl = obj;
if (sasl->conn)
sasl_dispose(&sasl->conn);
VIR_FREE(sasl->callbacks);
}
static JabberSaslState
jabber_cyrus_handle_failure(JabberStream *js, xmlnode *packet,
xmlnode **reply, char **error)
{
if (js->auth_fail_count++ < 5) {
if (js->current_mech && *js->current_mech) {
char *pos;
if ((pos = strstr(js->sasl_mechs->str, js->current_mech))) {
g_string_erase(js->sasl_mechs, pos-js->sasl_mechs->str, strlen(js->current_mech));
}
/* Remove space which separated this mech from the next */
if ((js->sasl_mechs->str)[0] == ' ') {
g_string_erase(js->sasl_mechs, 0, 1);
}
}
if (*js->sasl_mechs->str) {
/* If we have remaining mechs to try, do so */
sasl_dispose(&js->sasl);
return jabber_auth_start_cyrus(js, reply, error);
} else if ((js->auth_fail_count == 1) &&
(js->current_mech && g_str_equal(js->current_mech, "GSSAPI"))) {
/* If we tried GSSAPI first, it failed, and it was the only method we had to try, try jabber:iq:auth
* for compatibility with iChat 10.5 Server and other jabberd based servers.
*
* iChat Server 10.5 and certain other corporate servers offer SASL GSSAPI by default, which is often
* not configured on the client side, and expects a fallback to jabber:iq:auth when it (predictably) fails.
*
* Note: xep-0078 points out that using jabber:iq:auth after a sasl failure is wrong. However,
* I believe this refers to actual authentication failure, not a simple lack of concordant mechanisms.
* Doing otherwise means that simply compiling with SASL support renders the client unable to connect to servers
* which would connect without issue otherwise. -evands
*/
sasl_dispose(&js->sasl);
js->sasl = NULL;
js->auth_mech = NULL;
jabber_auth_start_old(js);
return JABBER_SASL_STATE_CONTINUE;
}
}
/* Nothing to send */
return JABBER_SASL_STATE_FAIL;
}
void virNetSASLSessionDispose(void *obj)
{
virNetSASLSessionPtr sasl = obj;
if (sasl->conn)
sasl_dispose(&sasl->conn);
virMutexDestroy(&sasl->lock);
}
void pni_sasl_impl_free(pn_transport_t *transport)
{
sasl_conn_t *cyrus_conn = (sasl_conn_t*)transport->sasl->impl_context;
sasl_dispose(&cyrus_conn);
transport->sasl->impl_context = cyrus_conn;
if (transport->sasl->client) {
sasl_client_done();
} else {
sasl_server_done();
}
}
void Pop3SaslWrapper::SaslDispose()
{
if(secret)
{
free(secret);
secret = NULL;
}
sasl_dispose(&conn);
sasl_done();
}
/* we need this separate from the free() call so that we can reuse
* the same memory for referrals */
static void sieve_dispose(isieve_t *obj)
{
if(!obj) return;
sasl_dispose(&obj->conn);
free(obj->serverFQDN);
free(obj->refer_authinfo);
free(obj->refer_callbacks);
prot_free(obj->pin);
prot_free(obj->pout);
}
static void xsasl_cyrus_server_free(XSASL_SERVER *xp)
{
XSASL_CYRUS_SERVER *server = (XSASL_CYRUS_SERVER *) xp;
sasl_dispose(&server->sasl_conn);
vstring_free(server->decoded);
if (server->username)
myfree(server->username);
if (server->mechanism_list)
myfree(server->mechanism_list);
myfree((void *) server);
}
void vnc_sasl_client_cleanup(VncState *vs)
{
if (vs->sasl.conn) {
vs->sasl.runSSF = vs->sasl.waitWriteSSF = vs->sasl.wantSSF = 0;
vs->sasl.encodedLength = vs->sasl.encodedOffset = 0;
vs->sasl.encoded = NULL;
free(vs->sasl.username);
free(vs->sasl.mechlist);
vs->sasl.username = vs->sasl.mechlist = NULL;
sasl_dispose(&vs->sasl.conn);
vs->sasl.conn = NULL;
}
}
void xsasl_cyrus_client_free(XSASL_CLIENT *xp)
{
XSASL_CYRUS_CLIENT *client = (XSASL_CYRUS_CLIENT *) xp;
if (client->username)
myfree(client->username);
if (client->password)
myfree(client->password);
if (client->sasl_conn)
sasl_dispose(&client->sasl_conn);
myfree((void *) client->callbacks);
vstring_free(client->decoded);
myfree((void *) client);
}
int php_mongo_io_authenticate_gssapi(mongo_con_manager *manager, mongo_connection *con, mongo_server_options *options, mongo_server_def *server_def, char **error_message)
{
int result;
char *initpayload;
int initpayload_len;
sasl_conn_t *conn;
int32_t conversation_id;
sasl_callback_t client_interact [] = {
{ SASL_CB_AUTHNAME, sasl_interact, server_def },
{ SASL_CB_USER, sasl_interact, server_def },
{ SASL_CB_PASS, sasl_interact, server_def },
{ SASL_CB_LIST_END, NULL, NULL }
};
result = sasl_client_new(options->gssapiServiceName, server_def->host, NULL, NULL, client_interact, 0, &conn);
if (result != SASL_OK) {
sasl_dispose(&conn);
*error_message = strdup("Could not initialize a client exchange (SASL) to MongoDB");
return 0;
}
conn = php_mongo_saslstart(manager, con, options, server_def, conn, &initpayload, &initpayload_len, &conversation_id, error_message);
if (!conn) {
/* error message populate by php_mongo_saslstart() */
return 0;
}
if (!php_mongo_saslcontinue(manager, con, options, server_def, conn, initpayload, initpayload_len, conversation_id, error_message)) {
return 0;
}
free(initpayload);
sasl_dispose(&conn);
return 1;
}
static void irc_close(PurpleConnection *gc)
{
struct irc_conn *irc = gc->proto_data;
if (irc == NULL)
return;
if (irc->gsc || (irc->fd >= 0))
irc_cmd_quit(irc, "quit", NULL, NULL);
if (gc->inpa)
purple_input_remove(gc->inpa);
g_free(irc->inbuf);
if (irc->gsc) {
purple_ssl_close(irc->gsc);
} else if (irc->fd >= 0) {
close(irc->fd);
}
if (irc->timer)
purple_timeout_remove(irc->timer);
g_hash_table_destroy(irc->cmds);
g_hash_table_destroy(irc->msgs);
g_hash_table_destroy(irc->buddies);
if (irc->motd)
g_string_free(irc->motd, TRUE);
g_free(irc->server);
if (irc->writeh)
purple_input_remove(irc->writeh);
purple_circ_buffer_destroy(irc->outbuf);
g_free(irc->mode_chars);
g_free(irc->reqnick);
#ifdef HAVE_CYRUS_SASL
if (irc->sasl_conn) {
sasl_dispose(&irc->sasl_conn);
irc->sasl_conn = NULL;
}
g_free(irc->sasl_cb);
if(irc->sasl_mechs)
g_string_free(irc->sasl_mechs, TRUE);
#endif
g_free(irc);
}
static void sync_reset(void)
{
proc_cleanup();
if (sync_in) {
prot_NONBLOCK(sync_in);
prot_fill(sync_in);
prot_free(sync_in);
}
if (sync_out) {
prot_flush(sync_out);
prot_free(sync_out);
}
sync_in = sync_out = NULL;
#ifdef HAVE_SSL
if (tls_conn) {
tls_reset_servertls(&tls_conn);
tls_conn = NULL;
}
#endif
cyrus_reset_stdio();
sync_clienthost = "[local]";
if (sync_logfd != -1) {
close(sync_logfd);
sync_logfd = -1;
}
if (sync_userid != NULL) {
free(sync_userid);
sync_userid = NULL;
}
if (sync_authstate) {
auth_freestate(sync_authstate);
sync_authstate = NULL;
}
if (sync_saslconn) {
sasl_dispose(&sync_saslconn);
sync_saslconn = NULL;
}
sync_starttls_done = 0;
sync_compress_done = 0;
saslprops_reset(&saslprops);
}
static void sasl_auth_response_handler(libcouchbase_server_t *server,
protocol_binary_response_header *res)
{
uint16_t ret = ntohs(res->response.status);
if (ret == PROTOCOL_BINARY_RESPONSE_SUCCESS) {
sasl_dispose(&server->sasl_conn);
server->sasl_conn = NULL;
libcouchbase_server_connected(server);
} else if (ret == PROTOCOL_BINARY_RESPONSE_AUTH_CONTINUE) {
// I don't know how to step yet ;-)
abort();
} else {
abort();
}
}
void
_mongoc_cyrus_destroy (mongoc_cyrus_t *sasl)
{
BSON_ASSERT (sasl);
if (sasl->conn) {
sasl_dispose (&sasl->conn);
}
bson_free (sasl->credentials.user);
bson_free (sasl->credentials.pass);
bson_free (sasl->credentials.mechanism);
bson_free (sasl->credentials.service_name);
bson_free (sasl->credentials.service_host);
}
void
_mongoc_sasl_destroy (mongoc_sasl_t *sasl)
{
BSON_ASSERT (sasl);
if (sasl->conn) {
sasl_dispose (&sasl->conn);
}
bson_free (sasl->user);
bson_free (sasl->pass);
bson_free (sasl->mechanism);
bson_free (sasl->service_name);
bson_free (sasl->service_host);
}
void mailsmtp_free(mailsmtp * session)
{
#ifdef USE_SASL
if (session->smtp_sasl.sasl_conn != NULL) {
sasl_dispose((sasl_conn_t **) &session->smtp_sasl.sasl_conn);
mailsasl_unref();
}
#endif
if (session->stream)
mailsmtp_quit(session);
mmap_string_free(session->line_buffer);
mmap_string_free(session->response_buffer);
free(session);
}
/*
* per SASL session initialization.
* We keep session data in Connection layer.
*/
DWORD
VmDirSASLSessionInit(
PVDIR_SASL_BIND_INFO pSaslBindInfo
)
{
DWORD dwError = 0;
sasl_conn_t* pLocalSaslCtx = NULL;
// start new sasl context
dwError = sasl_server_new( "ldap", // service protocol
NULL, // need realm here?
NULL,
NULL,
NULL,
NULL, // per session CB
0, // default security flag
&pLocalSaslCtx);
BAIL_ON_SASL_ERROR(dwError)
// default security properties
dwError = sasl_setprop( pLocalSaslCtx,
SASL_SEC_PROPS,
&gSASLSecurityProps );
BAIL_ON_SASL_ERROR(dwError);
pSaslBindInfo->pSaslCtx = pLocalSaslCtx;
cleanup:
return dwError;
sasl_error:
if (pLocalSaslCtx)
{
sasl_dispose(&pLocalSaslCtx);
}
memset(pSaslBindInfo, 0, sizeof(*pSaslBindInfo));
VMDIR_LOG_ERROR( VMDIR_LOG_MASK_ALL, "SASLSessionInit: sasl error (%d)", dwError );
dwError = _VmDirSASLToLDAPError(dwError);
goto cleanup;
}
void mailpop3_free(mailpop3 * f)
{
#ifdef USE_SASL
if (f->pop3_sasl.sasl_conn != NULL) {
sasl_dispose((sasl_conn_t **) &f->pop3_sasl.sasl_conn);
mailsasl_unref();
}
#endif
if (f->pop3_stream)
mailpop3_quit(f);
mmap_string_free(f->pop3_response_buffer);
mmap_string_free(f->pop3_stream_buffer);
free(f);
}
static void
_namenode_decref(struct hdfs_namenode *n)
{
bool lastref = false;
int rc;
_lock(&n->nn_lock);
ASSERT(n->nn_refs >= 1);
n->nn_refs--;
if (n->nn_refs == 0)
lastref = true;
_unlock(&n->nn_lock);
if (lastref) {
hdfs_namenode_destroy_cb dcb = NULL;
ASSERT(n->nn_dead);
if (n->nn_recver_started) {
rc = write(n->nn_recv_sigpipe[1], "a", 1);
ASSERT(rc == 1);
rc = pthread_join(n->nn_recv_thr, NULL);
ASSERT(rc == 0);
close(n->nn_recv_sigpipe[1]);
close(n->nn_recv_sigpipe[0]);
}
if (n->nn_sock != -1)
close(n->nn_sock);
if (n->nn_pending)
free(n->nn_pending);
if (n->nn_recvbuf)
free(n->nn_recvbuf);
if (n->nn_objbuf)
free(n->nn_objbuf);
if (n->nn_destroy_cb)
dcb = n->nn_destroy_cb;
if (n->nn_sasl_ctx)
sasl_dispose(&n->nn_sasl_ctx);
memset(n, 0, sizeof *n);
if (dcb)
dcb(n);
}
}
void virNetSASLSessionFree(virNetSASLSessionPtr sasl)
{
if (!sasl)
return;
virMutexLock(&sasl->lock);
sasl->refs--;
if (sasl->refs > 0) {
virMutexUnlock(&sasl->lock);
return;
}
if (sasl->conn)
sasl_dispose(&sasl->conn);
virMutexUnlock(&sasl->lock);
virMutexDestroy(&sasl->lock);
VIR_FREE(sasl);
}
void resetState()
{
if(con) {
sasl_dispose(&con);
con = 0;
}
need = 0;
if(callbacks) {
delete callbacks;
callbacks = 0;
}
localAddr = "";
remoteAddr = "";
mechlist.clear();
ssf = 0;
maxoutbuf = 0;
sc_username = "";
sc_authzid = "";
err = -1;
}
// Releases and cleans resources associated with the namenode 'n'. Callers
// *must not* use the namenode object after this, aside from free() or
// hdfs_namenode_init().
EXPORT_SYM void
hdfs_namenode_destroy(struct hdfs_namenode *n)
{
int rc;
bool thread_started;
_lock(&n->nn_lock);
ASSERT(!n->nn_dead);
n->nn_dead = true;
thread_started = n->nn_recver_started;
if (n->nn_recver_started) {
rc = write(n->nn_recv_sigpipe[1], "a", 1);
ASSERT(rc == 1);
}
_unlock(&n->nn_lock);
if (thread_started) {
rc = pthread_join(n->nn_recv_thr, NULL);
ASSERT(rc == 0);
}
ASSERT(!n->nn_recver_started);
if (n->nn_sock != -1)
close(n->nn_sock);
if (n->nn_pending)
free(n->nn_pending);
if (n->nn_recvbuf)
free(n->nn_recvbuf);
if (n->nn_objbuf)
free(n->nn_objbuf);
if (n->nn_sasl_ctx)
sasl_dispose(&n->nn_sasl_ctx);
_mtx_destroy(&n->nn_lock);
_mtx_destroy(&n->nn_sendlock);
memset(n, 0, sizeof *n);
}