int php_mongo_io_authenticate_gssapi(mongo_con_manager *manager, mongo_connection *con, mongo_server_options *options, mongo_server_def *server_def, char **error_message) { int result; char *initpayload; int initpayload_len; sasl_conn_t *conn; int32_t conversation_id; result = sasl_client_new(options->gssapiServiceName, server_def->host, NULL, NULL, NULL, 0, &conn); if (result != SASL_OK) { sasl_dispose(&conn); sasl_client_done(); *error_message = strdup("Could not initialize a client exchange (SASL) to MongoDB"); return 0; } conn = php_mongo_saslstart(manager, con, options, server_def, conn, &initpayload, &initpayload_len, &conversation_id, error_message); if (!conn) { sasl_dispose(&conn); sasl_client_done(); /* error message populate by php_mongo_saslstart() */ return 0; } php_mongo_saslcontinue(manager, con, options, server_def, conn, initpayload, initpayload_len, conversation_id, error_message); free(initpayload); sasl_dispose(&conn); sasl_client_done(); return 1; }
static void free_conn(void) { if (server_conn) { sasl_dispose(&server_conn); } if (client_conn) { sasl_dispose(&client_conn); } }
virtual EModRet OnLoginAttempt(CSmartPtr<CAuthBase> Auth) { CString const user(Auth->GetUsername()); CString const pass(Auth->GetPassword()); CUser* pUser(CZNC::Get().FindUser(user)); sasl_conn_t *sasl_conn(0); if (!pUser) { // @todo Will want to do some sort of && !m_bAllowCreate in the future Auth->RefuseLogin("Invalid User - Halting SASL Authentication"); return HALT; } CString const key(CString(user + ":" + pass).MD5()); if (m_Cache.HasItem(key)) { Auth->AcceptLogin(*pUser); DEBUG("+++ Found in cache"); } else if (sasl_server_new("znc", NULL, NULL, NULL, NULL, cbs, 0, &sasl_conn) == SASL_OK && sasl_checkpass(sasl_conn, user.c_str(), user.size(), pass.c_str(), pass.size()) == SASL_OK) { Auth->AcceptLogin(*pUser); m_Cache.AddItem(key); DEBUG("+++ Successful SASL password check"); } else { Auth->RefuseLogin("SASL Authentication failed"); DEBUG("--- FAILED SASL password check"); } sasl_dispose(&sasl_conn); return HALT; }
void reds_stream_free(RedsStream *s) { if (!s) { return; } reds_stream_push_channel_event(s, SPICE_CHANNEL_EVENT_DISCONNECTED); #if HAVE_SASL if (s->priv->sasl.conn) { s->priv->sasl.runSSF = s->priv->sasl.wantSSF = 0; s->priv->sasl.len = 0; s->priv->sasl.encodedLength = s->priv->sasl.encodedOffset = 0; s->priv->sasl.encoded = NULL; free(s->priv->sasl.mechlist); free(s->priv->sasl.mechname); s->priv->sasl.mechlist = NULL; sasl_dispose(&s->priv->sasl.conn); s->priv->sasl.conn = NULL; } #endif if (s->priv->ssl) { SSL_free(s->priv->ssl); } reds_stream_remove_watch(s); spice_debug("close socket fd %d", s->socket); close(s->socket); free(s); }
/** * Close and destroy a transport handle */ void rd_kafka_transport_close (rd_kafka_transport_t *rktrans) { #if WITH_SSL if (rktrans->rktrans_ssl) { SSL_shutdown(rktrans->rktrans_ssl); SSL_free(rktrans->rktrans_ssl); } #endif #if WITH_SASL if (rktrans->rktrans_sasl.conn) sasl_dispose(&rktrans->rktrans_sasl.conn); #endif if (rktrans->rktrans_recv_buf) rd_kafka_buf_destroy(rktrans->rktrans_recv_buf); if (rktrans->rktrans_s != -1) { #ifndef _MSC_VER close(rktrans->rktrans_s); #else closesocket(rktrans->rktrans_s); #endif } rd_free(rktrans); }
/* * Free SASL related resources. */ VOID VmDirSASLSessionClose( PVDIR_SASL_BIND_INFO pSaslBindInfo ) { if (pSaslBindInfo) { if (pSaslBindInfo->pSaslCtx) { if (pSaslBindInfo->saslSSF > 0) { VmDirSASLSockbufRemove(pSaslBindInfo->pSockbuf); } sasl_dispose(&pSaslBindInfo->pSaslCtx); pSaslBindInfo->pSaslCtx = NULL; } VMDIR_SAFE_FREE_MEMORY(pSaslBindInfo->pSessionCB); VMDIR_SAFE_FREE_MEMORY(pSaslBindInfo->pszBindUserName); VmDirFreeBervalContent(&pSaslBindInfo->bvMechnism); } return; }
void backend_disconnect(struct backend *s) { char buf[1024]; if (!s || s->sock == -1) return; if (!prot_error(s->in)) { if (s->prot->logout_cmd.cmd) { prot_printf(s->out, "%s\r\n", s->prot->logout_cmd.cmd); prot_flush(s->out); for (;;) { if (!prot_fgets(buf, sizeof(buf), s->in)) { /* connection closed? */ break; } else if (s->prot->logout_cmd.unsol && !strncmp(s->prot->logout_cmd.unsol, buf, strlen(s->prot->logout_cmd.unsol))) { /* unsolicited response */ continue; } else { /* success/fail response -- don't care either way */ break; } } } } /* Flush the incoming buffer */ prot_NONBLOCK(s->in); prot_fill(s->in); #ifdef HAVE_SSL /* Free tlsconn */ if (s->tlsconn) { tls_reset_servertls(&s->tlsconn); s->tlsconn = NULL; } #endif /* HAVE_SSL */ /* close/free socket & prot layer */ cyrus_close_sock(s->sock); s->sock = -1; prot_free(s->in); prot_free(s->out); s->in = s->out = NULL; /* Free saslconn */ if(s->saslconn) { sasl_dispose(&(s->saslconn)); s->saslconn = NULL; } /* free last_result buffer */ buf_free(&s->last_result); forget_capabilities(s); }
void virNetSASLSessionDispose(void *obj) { virNetSASLSessionPtr sasl = obj; if (sasl->conn) sasl_dispose(&sasl->conn); }
void virNetSASLSessionDispose(void *obj) { virNetSASLSessionPtr sasl = obj; if (sasl->conn) sasl_dispose(&sasl->conn); VIR_FREE(sasl->callbacks); }
static JabberSaslState jabber_cyrus_handle_failure(JabberStream *js, xmlnode *packet, xmlnode **reply, char **error) { if (js->auth_fail_count++ < 5) { if (js->current_mech && *js->current_mech) { char *pos; if ((pos = strstr(js->sasl_mechs->str, js->current_mech))) { g_string_erase(js->sasl_mechs, pos-js->sasl_mechs->str, strlen(js->current_mech)); } /* Remove space which separated this mech from the next */ if ((js->sasl_mechs->str)[0] == ' ') { g_string_erase(js->sasl_mechs, 0, 1); } } if (*js->sasl_mechs->str) { /* If we have remaining mechs to try, do so */ sasl_dispose(&js->sasl); return jabber_auth_start_cyrus(js, reply, error); } else if ((js->auth_fail_count == 1) && (js->current_mech && g_str_equal(js->current_mech, "GSSAPI"))) { /* If we tried GSSAPI first, it failed, and it was the only method we had to try, try jabber:iq:auth * for compatibility with iChat 10.5 Server and other jabberd based servers. * * iChat Server 10.5 and certain other corporate servers offer SASL GSSAPI by default, which is often * not configured on the client side, and expects a fallback to jabber:iq:auth when it (predictably) fails. * * Note: xep-0078 points out that using jabber:iq:auth after a sasl failure is wrong. However, * I believe this refers to actual authentication failure, not a simple lack of concordant mechanisms. * Doing otherwise means that simply compiling with SASL support renders the client unable to connect to servers * which would connect without issue otherwise. -evands */ sasl_dispose(&js->sasl); js->sasl = NULL; js->auth_mech = NULL; jabber_auth_start_old(js); return JABBER_SASL_STATE_CONTINUE; } } /* Nothing to send */ return JABBER_SASL_STATE_FAIL; }
void virNetSASLSessionDispose(void *obj) { virNetSASLSessionPtr sasl = obj; if (sasl->conn) sasl_dispose(&sasl->conn); virMutexDestroy(&sasl->lock); }
void pni_sasl_impl_free(pn_transport_t *transport) { sasl_conn_t *cyrus_conn = (sasl_conn_t*)transport->sasl->impl_context; sasl_dispose(&cyrus_conn); transport->sasl->impl_context = cyrus_conn; if (transport->sasl->client) { sasl_client_done(); } else { sasl_server_done(); } }
void Pop3SaslWrapper::SaslDispose() { if(secret) { free(secret); secret = NULL; } sasl_dispose(&conn); sasl_done(); }
/* we need this separate from the free() call so that we can reuse * the same memory for referrals */ static void sieve_dispose(isieve_t *obj) { if(!obj) return; sasl_dispose(&obj->conn); free(obj->serverFQDN); free(obj->refer_authinfo); free(obj->refer_callbacks); prot_free(obj->pin); prot_free(obj->pout); }
static void xsasl_cyrus_server_free(XSASL_SERVER *xp) { XSASL_CYRUS_SERVER *server = (XSASL_CYRUS_SERVER *) xp; sasl_dispose(&server->sasl_conn); vstring_free(server->decoded); if (server->username) myfree(server->username); if (server->mechanism_list) myfree(server->mechanism_list); myfree((void *) server); }
void vnc_sasl_client_cleanup(VncState *vs) { if (vs->sasl.conn) { vs->sasl.runSSF = vs->sasl.waitWriteSSF = vs->sasl.wantSSF = 0; vs->sasl.encodedLength = vs->sasl.encodedOffset = 0; vs->sasl.encoded = NULL; free(vs->sasl.username); free(vs->sasl.mechlist); vs->sasl.username = vs->sasl.mechlist = NULL; sasl_dispose(&vs->sasl.conn); vs->sasl.conn = NULL; } }
void xsasl_cyrus_client_free(XSASL_CLIENT *xp) { XSASL_CYRUS_CLIENT *client = (XSASL_CYRUS_CLIENT *) xp; if (client->username) myfree(client->username); if (client->password) myfree(client->password); if (client->sasl_conn) sasl_dispose(&client->sasl_conn); myfree((void *) client->callbacks); vstring_free(client->decoded); myfree((void *) client); }
int php_mongo_io_authenticate_gssapi(mongo_con_manager *manager, mongo_connection *con, mongo_server_options *options, mongo_server_def *server_def, char **error_message) { int result; char *initpayload; int initpayload_len; sasl_conn_t *conn; int32_t conversation_id; sasl_callback_t client_interact [] = { { SASL_CB_AUTHNAME, sasl_interact, server_def }, { SASL_CB_USER, sasl_interact, server_def }, { SASL_CB_PASS, sasl_interact, server_def }, { SASL_CB_LIST_END, NULL, NULL } }; result = sasl_client_new(options->gssapiServiceName, server_def->host, NULL, NULL, client_interact, 0, &conn); if (result != SASL_OK) { sasl_dispose(&conn); *error_message = strdup("Could not initialize a client exchange (SASL) to MongoDB"); return 0; } conn = php_mongo_saslstart(manager, con, options, server_def, conn, &initpayload, &initpayload_len, &conversation_id, error_message); if (!conn) { /* error message populate by php_mongo_saslstart() */ return 0; } if (!php_mongo_saslcontinue(manager, con, options, server_def, conn, initpayload, initpayload_len, conversation_id, error_message)) { return 0; } free(initpayload); sasl_dispose(&conn); return 1; }
static void irc_close(PurpleConnection *gc) { struct irc_conn *irc = gc->proto_data; if (irc == NULL) return; if (irc->gsc || (irc->fd >= 0)) irc_cmd_quit(irc, "quit", NULL, NULL); if (gc->inpa) purple_input_remove(gc->inpa); g_free(irc->inbuf); if (irc->gsc) { purple_ssl_close(irc->gsc); } else if (irc->fd >= 0) { close(irc->fd); } if (irc->timer) purple_timeout_remove(irc->timer); g_hash_table_destroy(irc->cmds); g_hash_table_destroy(irc->msgs); g_hash_table_destroy(irc->buddies); if (irc->motd) g_string_free(irc->motd, TRUE); g_free(irc->server); if (irc->writeh) purple_input_remove(irc->writeh); purple_circ_buffer_destroy(irc->outbuf); g_free(irc->mode_chars); g_free(irc->reqnick); #ifdef HAVE_CYRUS_SASL if (irc->sasl_conn) { sasl_dispose(&irc->sasl_conn); irc->sasl_conn = NULL; } g_free(irc->sasl_cb); if(irc->sasl_mechs) g_string_free(irc->sasl_mechs, TRUE); #endif g_free(irc); }
static void sync_reset(void) { proc_cleanup(); if (sync_in) { prot_NONBLOCK(sync_in); prot_fill(sync_in); prot_free(sync_in); } if (sync_out) { prot_flush(sync_out); prot_free(sync_out); } sync_in = sync_out = NULL; #ifdef HAVE_SSL if (tls_conn) { tls_reset_servertls(&tls_conn); tls_conn = NULL; } #endif cyrus_reset_stdio(); sync_clienthost = "[local]"; if (sync_logfd != -1) { close(sync_logfd); sync_logfd = -1; } if (sync_userid != NULL) { free(sync_userid); sync_userid = NULL; } if (sync_authstate) { auth_freestate(sync_authstate); sync_authstate = NULL; } if (sync_saslconn) { sasl_dispose(&sync_saslconn); sync_saslconn = NULL; } sync_starttls_done = 0; sync_compress_done = 0; saslprops_reset(&saslprops); }
static void sasl_auth_response_handler(libcouchbase_server_t *server, protocol_binary_response_header *res) { uint16_t ret = ntohs(res->response.status); if (ret == PROTOCOL_BINARY_RESPONSE_SUCCESS) { sasl_dispose(&server->sasl_conn); server->sasl_conn = NULL; libcouchbase_server_connected(server); } else if (ret == PROTOCOL_BINARY_RESPONSE_AUTH_CONTINUE) { // I don't know how to step yet ;-) abort(); } else { abort(); } }
void _mongoc_cyrus_destroy (mongoc_cyrus_t *sasl) { BSON_ASSERT (sasl); if (sasl->conn) { sasl_dispose (&sasl->conn); } bson_free (sasl->credentials.user); bson_free (sasl->credentials.pass); bson_free (sasl->credentials.mechanism); bson_free (sasl->credentials.service_name); bson_free (sasl->credentials.service_host); }
void _mongoc_sasl_destroy (mongoc_sasl_t *sasl) { BSON_ASSERT (sasl); if (sasl->conn) { sasl_dispose (&sasl->conn); } bson_free (sasl->user); bson_free (sasl->pass); bson_free (sasl->mechanism); bson_free (sasl->service_name); bson_free (sasl->service_host); }
void mailsmtp_free(mailsmtp * session) { #ifdef USE_SASL if (session->smtp_sasl.sasl_conn != NULL) { sasl_dispose((sasl_conn_t **) &session->smtp_sasl.sasl_conn); mailsasl_unref(); } #endif if (session->stream) mailsmtp_quit(session); mmap_string_free(session->line_buffer); mmap_string_free(session->response_buffer); free(session); }
/* * per SASL session initialization. * We keep session data in Connection layer. */ DWORD VmDirSASLSessionInit( PVDIR_SASL_BIND_INFO pSaslBindInfo ) { DWORD dwError = 0; sasl_conn_t* pLocalSaslCtx = NULL; // start new sasl context dwError = sasl_server_new( "ldap", // service protocol NULL, // need realm here? NULL, NULL, NULL, NULL, // per session CB 0, // default security flag &pLocalSaslCtx); BAIL_ON_SASL_ERROR(dwError) // default security properties dwError = sasl_setprop( pLocalSaslCtx, SASL_SEC_PROPS, &gSASLSecurityProps ); BAIL_ON_SASL_ERROR(dwError); pSaslBindInfo->pSaslCtx = pLocalSaslCtx; cleanup: return dwError; sasl_error: if (pLocalSaslCtx) { sasl_dispose(&pLocalSaslCtx); } memset(pSaslBindInfo, 0, sizeof(*pSaslBindInfo)); VMDIR_LOG_ERROR( VMDIR_LOG_MASK_ALL, "SASLSessionInit: sasl error (%d)", dwError ); dwError = _VmDirSASLToLDAPError(dwError); goto cleanup; }
void mailpop3_free(mailpop3 * f) { #ifdef USE_SASL if (f->pop3_sasl.sasl_conn != NULL) { sasl_dispose((sasl_conn_t **) &f->pop3_sasl.sasl_conn); mailsasl_unref(); } #endif if (f->pop3_stream) mailpop3_quit(f); mmap_string_free(f->pop3_response_buffer); mmap_string_free(f->pop3_stream_buffer); free(f); }
static void _namenode_decref(struct hdfs_namenode *n) { bool lastref = false; int rc; _lock(&n->nn_lock); ASSERT(n->nn_refs >= 1); n->nn_refs--; if (n->nn_refs == 0) lastref = true; _unlock(&n->nn_lock); if (lastref) { hdfs_namenode_destroy_cb dcb = NULL; ASSERT(n->nn_dead); if (n->nn_recver_started) { rc = write(n->nn_recv_sigpipe[1], "a", 1); ASSERT(rc == 1); rc = pthread_join(n->nn_recv_thr, NULL); ASSERT(rc == 0); close(n->nn_recv_sigpipe[1]); close(n->nn_recv_sigpipe[0]); } if (n->nn_sock != -1) close(n->nn_sock); if (n->nn_pending) free(n->nn_pending); if (n->nn_recvbuf) free(n->nn_recvbuf); if (n->nn_objbuf) free(n->nn_objbuf); if (n->nn_destroy_cb) dcb = n->nn_destroy_cb; if (n->nn_sasl_ctx) sasl_dispose(&n->nn_sasl_ctx); memset(n, 0, sizeof *n); if (dcb) dcb(n); } }
void virNetSASLSessionFree(virNetSASLSessionPtr sasl) { if (!sasl) return; virMutexLock(&sasl->lock); sasl->refs--; if (sasl->refs > 0) { virMutexUnlock(&sasl->lock); return; } if (sasl->conn) sasl_dispose(&sasl->conn); virMutexUnlock(&sasl->lock); virMutexDestroy(&sasl->lock); VIR_FREE(sasl); }
void resetState() { if(con) { sasl_dispose(&con); con = 0; } need = 0; if(callbacks) { delete callbacks; callbacks = 0; } localAddr = ""; remoteAddr = ""; mechlist.clear(); ssf = 0; maxoutbuf = 0; sc_username = ""; sc_authzid = ""; err = -1; }
// Releases and cleans resources associated with the namenode 'n'. Callers // *must not* use the namenode object after this, aside from free() or // hdfs_namenode_init(). EXPORT_SYM void hdfs_namenode_destroy(struct hdfs_namenode *n) { int rc; bool thread_started; _lock(&n->nn_lock); ASSERT(!n->nn_dead); n->nn_dead = true; thread_started = n->nn_recver_started; if (n->nn_recver_started) { rc = write(n->nn_recv_sigpipe[1], "a", 1); ASSERT(rc == 1); } _unlock(&n->nn_lock); if (thread_started) { rc = pthread_join(n->nn_recv_thr, NULL); ASSERT(rc == 0); } ASSERT(!n->nn_recver_started); if (n->nn_sock != -1) close(n->nn_sock); if (n->nn_pending) free(n->nn_pending); if (n->nn_recvbuf) free(n->nn_recvbuf); if (n->nn_objbuf) free(n->nn_objbuf); if (n->nn_sasl_ctx) sasl_dispose(&n->nn_sasl_ctx); _mtx_destroy(&n->nn_lock); _mtx_destroy(&n->nn_sendlock); memset(n, 0, sizeof *n); }