bool sasl_endecode(const QByteArray &in, QByteArray *out, bool enc)
{
// no security
if(ssf == 0) {
*out = in;
return true;
}
int at = 0;
out->resize(0);
while(1) {
int size = in.size() - at;
if(size == 0)
break;
if(size > maxoutbuf)
size = maxoutbuf;
const char *outbuf;
unsigned len;
int r;
if(enc)
r = sasl_encode(con, in.data() + at, size, &outbuf, &len);
else
r = sasl_decode(con, in.data() + at, size, &outbuf, &len);
if(r != SASL_OK)
return false;
int oldsize = out->size();
out->resize(oldsize + len);
memcpy(out->data() + oldsize, outbuf, len);
at += size;
}
return true;
}
static int cyrussasl_encode(lua_State *l)
{
struct _sasl_ctx *ctx = NULL;
const char *msg;
size_t msg_len = 0;
unsigned out_len = 0;
const char *out_data = NULL;
int err;
int numargs = lua_gettop(l);
if (numargs != 2) {
lua_pushstring(l, "usage: cyrussasl.encode(conn, msg)");
lua_error(l);
return 0;
}
ctx = get_context(l, 1);
msg = tolstring(l, 2, &msg_len);
err = sasl_encode(ctx->conn, msg, msg_len, &out_data, &out_len);
lua_pushinteger(l, err);
if (err == SASL_OK) {
lua_pushlstring(l, out_data, out_len);
} else {
lua_pushliteral(l, "");
}
return 2;
}
uint8_t* TSasl::wrap(const uint8_t* outgoing,
const int offset, const uint32_t len, uint32_t* outLen) {
uint32_t outputlen;
uint8_t* output;
int result;
result = sasl_encode(conn, (const char*)outgoing+offset,
len, (const char**)&output, &outputlen);
if (result != SASL_OK) {
throw SaslException(sasl_errdetail(conn));
}
*outLen = outputlen;
return output;
}
long vnc_client_write_sasl(VncState *vs)
{
long ret;
VNC_DEBUG("Write SASL: Pending output %p size %zd offset %zd "
"Encoded: %p size %d offset %d\n",
vs->output.buffer, vs->output.capacity, vs->output.offset,
vs->sasl.encoded, vs->sasl.encodedLength, vs->sasl.encodedOffset);
if (!vs->sasl.encoded) {
int err;
err = sasl_encode(vs->sasl.conn,
(char *)vs->output.buffer,
vs->output.offset,
(const char **)&vs->sasl.encoded,
&vs->sasl.encodedLength);
if (err != SASL_OK)
return vnc_client_io_error(vs, -1, NULL);
vs->sasl.encodedOffset = 0;
}
ret = vnc_client_write_buf(vs,
vs->sasl.encoded + vs->sasl.encodedOffset,
vs->sasl.encodedLength - vs->sasl.encodedOffset);
if (!ret)
return 0;
vs->sasl.encodedOffset += ret;
if (vs->sasl.encodedOffset == vs->sasl.encodedLength) {
vs->output.offset = 0;
vs->sasl.encoded = NULL;
vs->sasl.encodedOffset = vs->sasl.encodedLength = 0;
}
/* Can't merge this block with one above, because
* someone might have written more unencrypted
* data in vs->output while we were processing
* SASL encoded output
*/
if (vs->output.offset == 0) {
if (vs->ioc_tag) {
g_source_remove(vs->ioc_tag);
}
vs->ioc_tag = qio_channel_add_watch(
vs->ioc, G_IO_IN, vnc_client_io, vs, NULL);
}
return ret;
}
static int mutt_sasl_conn_write (CONNECTION* conn, const char* buf,
size_t len)
{
SASL_DATA* sasldata;
int rc;
const char *pbuf;
unsigned int olen, plen;
sasldata = (SASL_DATA*) conn->sockdata;
conn->sockdata = sasldata->sockdata;
/* encode data, if necessary */
if (*sasldata->ssf)
{
/* handle data larger than MAXOUTBUF */
do
{
olen = (len > *sasldata->pbufsize) ? *sasldata->pbufsize : len;
rc = sasl_encode (sasldata->saslconn, buf, olen, &pbuf, &plen);
if (rc != SASL_OK)
{
dprint (1, (debugfile, "SASL encoding failed: %s\n",
sasl_errstring (rc, NULL, NULL)));
goto fail;
}
rc = (sasldata->msasl_write) (conn, pbuf, plen);
if (rc != plen)
goto fail;
len -= olen;
buf += olen;
}
while (len > *sasldata->pbufsize);
}
else
/* just write using the underlying socket function */
rc = (sasldata->msasl_write) (conn, buf, len);
conn->sockdata = sasldata;
return rc;
fail:
conn->sockdata = sasldata;
return -1;
}
static int _sx_sasl_wio(sx_t s, sx_plugin_t p, sx_buf_t buf) {
sasl_conn_t *sasl;
int *x, len, pos, reslen, maxbuf;
char *out, *result;
int sasl_ret;
sx_error_t sxe;
sasl = ((_sx_sasl_data_t) s->plugin_data[p->index])->sasl;
/* if there's no security layer, don't bother */
sasl_getprop(sasl, SASL_SSF, (const void **) &x);
if(*x == 0)
return 1;
_sx_debug(ZONE, "doing sasl encode");
/* can only encode x bytes at a time */
sasl_getprop(sasl, SASL_MAXOUTBUF, (const void **) &x);
maxbuf = *x;
/* encode the output */
pos = 0;
result = NULL; reslen = 0;
while(pos < buf->len) {
if((buf->len - pos) < maxbuf)
maxbuf = buf->len - pos;
sasl_ret = sasl_encode(sasl, &buf->data[pos], maxbuf, (const char **) &out, &len);
if (sasl_ret != SASL_OK) {
_sx_gen_error(sxe, SX_ERR_STREAM, "Stream error", "sasl_encode failed, closing stream");
_sx_event(s, event_ERROR, (void *) &sxe);
_sx_state(s, state_CLOSING);
return 1;
}
result = (char *) realloc(result, sizeof(char) * (reslen + len));
memcpy(&result[reslen], out, len);
reslen += len;
pos += maxbuf;
}
/* replace the buffer */
_sx_buffer_set(buf, result, reslen, result);
_sx_debug(ZONE, "%d bytes encoded for sasl channel", buf->len);
return 1;
}
ssize_t pni_sasl_impl_encode(pn_transport_t *transport, pn_bytes_t in, pn_bytes_t *out)
{
if ( in.size==0 ) return 0;
sasl_conn_t *cyrus_conn = (sasl_conn_t*)transport->sasl->impl_context;
const char *output;
unsigned int outlen;
int r = sasl_encode(cyrus_conn, in.start, in.size, &output, &outlen);
if (outlen==0) return 0;
if ( r==SASL_OK ) {
*out = pn_bytes(outlen, output);
return outlen;
}
if (transport->trace & PN_TRACE_DRV)
pn_transport_logf(transport, "SASL encode error: %s", sasl_errdetail(cyrus_conn));
return PN_ERR;
}
long vnc_client_write_sasl(VncState *vs)
{
long ret;
VNC_DEBUG("Write SASL: Pending output %p size %d offset %d Encoded: %p size %d offset %d\n",
vs->output.buffer, vs->output.capacity, vs->output.offset,
vs->sasl.encoded, vs->sasl.encodedLength, vs->sasl.encodedOffset);
if (!vs->sasl.encoded) {
int err;
err = sasl_encode(vs->sasl.conn,
(char *)vs->output.buffer,
vs->output.offset,
(const char **)&vs->sasl.encoded,
&vs->sasl.encodedLength);
if (err != SASL_OK)
return vnc_client_io_error(vs, -1, EIO);
vs->sasl.encodedOffset = 0;
}
ret = vnc_client_write_buf(vs,
vs->sasl.encoded + vs->sasl.encodedOffset,
vs->sasl.encodedLength - vs->sasl.encodedOffset);
if (!ret)
return 0;
vs->sasl.encodedOffset += ret;
if (vs->sasl.encodedOffset == vs->sasl.encodedLength) {
vs->output.offset = 0;
vs->sasl.encoded = NULL;
vs->sasl.encodedOffset = vs->sasl.encodedLength = 0;
}
/* Can't merge this block with one above, because
* someone might have written more unencrypted
* data in vs->output while we were processing
* SASL encoded output
*/
if (vs->output.offset == 0) {
qemu_set_fd_handler2(vs->csock, NULL, vnc_client_read, NULL, vs);
}
return ret;
}
static ssize_t reds_stream_sasl_write(RedsStream *s, const void *buf, size_t nbyte)
{
ssize_t ret;
if (!s->priv->sasl.encoded) {
int err;
err = sasl_encode(s->priv->sasl.conn, (char *)buf, nbyte,
(const char **)&s->priv->sasl.encoded,
&s->priv->sasl.encodedLength);
if (err != SASL_OK) {
spice_warning("sasl_encode error: %d", err);
return -1;
}
if (s->priv->sasl.encodedLength == 0) {
return 0;
}
if (!s->priv->sasl.encoded) {
spice_warning("sasl_encode didn't return a buffer!");
return 0;
}
s->priv->sasl.encodedOffset = 0;
}
ret = s->priv->write(s, s->priv->sasl.encoded + s->priv->sasl.encodedOffset,
s->priv->sasl.encodedLength - s->priv->sasl.encodedOffset);
if (ret <= 0) {
return ret;
}
s->priv->sasl.encodedOffset += ret;
if (s->priv->sasl.encodedOffset == s->priv->sasl.encodedLength) {
s->priv->sasl.encoded = NULL;
s->priv->sasl.encodedOffset = s->priv->sasl.encodedLength = 0;
return nbyte;
}
/* we didn't flush the encoded buffer */
errno = EAGAIN;
return -1;
}
ssize_t sasl_write(Sfio_t *f, const Void_t *buf, size_t size, Sfdisc_t *disc)
{
int result;
const char *outbuf;
int outlen;
Sasldisc_t *sd = (Sasldisc_t *) disc;
result = sasl_encode(sd->conn, buf, size, &outbuf, &outlen);
if (result != SASL_OK) {
return -1;
}
if (outbuf != NULL) {
sfwr(f, outbuf, outlen, disc);
}
return size;
}
ssize_t virNetSASLSessionEncode(virNetSASLSessionPtr sasl,
const char *input,
size_t inputLen,
const char **output,
size_t *outputlen)
{
unsigned inlen = inputLen;
unsigned outlen = 0;
int err;
ssize_t ret = -1;
virObjectLock(sasl);
if (inputLen > sasl->maxbufsize) {
virReportSystemError(EINVAL,
_("SASL data length %zu too long, max %zu"),
inputLen, sasl->maxbufsize);
goto cleanup;
}
err = sasl_encode(sasl->conn,
input,
inlen,
output,
&outlen);
*outputlen = outlen;
if (err != SASL_OK) {
virReportError(VIR_ERR_INTERNAL_ERROR,
_("failed to encode SASL data: %d (%s)"),
err, sasl_errstring(err, NULL, NULL));
goto cleanup;
}
ret = 0;
cleanup:
virObjectUnlock(sasl);
return ret;
}
void
_sasl_encode_inplace(sasl_conn_t *ctx, struct hdfs_heap_buf *b)
{
const char *out;
unsigned outlen;
int r;
r = sasl_encode(ctx, b->buf, b->used, &out, &outlen);
if (r != SASL_OK) {
fprintf(stderr, "sasl_encode: %s\n",
sasl_errstring(r, NULL, NULL));
abort();
}
free(b->buf);
b->buf = malloc(4 + outlen);
ASSERT(b->buf);
// copy in length-prefixed encoded bits
_be32enc(b->buf, outlen);
memcpy(b->buf + 4, out, outlen);
b->used = b->size = 4 + outlen;
}
size_t CyrusSecurityLayer::encode(const char* buffer, size_t size)
{
size_t processed = 0;//records how many bytes have been written to buffer
do {
if (!encrypted) {
if (!encoded) {
encodeBuffer.position = 0;
encoded = codec->encode(encodeBuffer.data, encodeBuffer.size);
if (!encoded) break;//nothing more to do
}
size_t encryptable = std::min(encoded, maxInputSize);
int result = sasl_encode(conn, encodeBuffer.data + encodeBuffer.position, encryptable, &encrypted, &encryptedSize);
if (result != SASL_OK) {
throw framing::InternalErrorException(QPID_MSG("SASL encode error: " << sasl_errdetail(conn)));
}
encodeBuffer.position += encryptable;
encoded -= encryptable;
}
size_t remaining = size - processed;
if (remaining < encryptedSize) {
//can't fit all encrypted data in the buffer we've
//been given, copy in what we can and hold on to the
//rest until the next call
::memcpy(const_cast<char*>(buffer + processed), encrypted, remaining);
processed += remaining;
encrypted += remaining;
encryptedSize -= remaining;
} else {
::memcpy(const_cast<char*>(buffer + processed), encrypted, encryptedSize);
processed += encryptedSize;
encrypted = 0;
encryptedSize = 0;
}
} while (processed < size);
return processed;
}
rfbBool
WriteToRFBServer(rfbClient* client, char *buf, int n)
{
fd_set fds;
int i = 0;
int j;
const char *obuf = buf;
#ifdef LIBVNCSERVER_HAVE_SASL
const char *output;
unsigned int outputlen;
int err;
#endif /* LIBVNCSERVER_HAVE_SASL */
if (client->serverPort==-1)
return TRUE; /* vncrec playing */
if (client->tlsSession) {
/* WriteToTLS() will guarantee either everything is written, or error/eof returns */
i = WriteToTLS(client, buf, n);
if (i <= 0) return FALSE;
return TRUE;
}
#ifdef LIBVNCSERVER_HAVE_SASL
if (client->saslconn) {
err = sasl_encode(client->saslconn,
buf, n,
&output, &outputlen);
if (err != SASL_OK) {
rfbClientLog("Failed to encode SASL data %s",
sasl_errstring(err, NULL, NULL));
return FALSE;
}
obuf = output;
n = outputlen;
}
#endif /* LIBVNCSERVER_HAVE_SASL */
while (i < n) {
j = write(client->sock, obuf + i, (n - i));
if (j <= 0) {
if (j < 0) {
#ifdef WIN32
errno=WSAGetLastError();
#endif
if (errno == EWOULDBLOCK ||
#ifdef LIBVNCSERVER_ENOENT_WORKAROUND
errno == ENOENT ||
#endif
errno == EAGAIN) {
FD_ZERO(&fds);
FD_SET(client->sock,&fds);
if (select(client->sock+1, NULL, &fds, NULL, NULL) <= 0) {
rfbClientErr("select\n");
return FALSE;
}
j = 0;
} else {
rfbClientErr("write\n");
return FALSE;
}
} else {
rfbClientLog("write failed\n");
return FALSE;
}
}
i += j;
}
return TRUE;
}
