コード例 #1
0
ファイル: secureserver.c プロジェクト: goodwinos/pcp
static int
__pmAuthServerSetProperties(sasl_conn_t *conn, int ssf)
{
    int saslsts;
    sasl_security_properties_t props;

    /* set external security strength factor */
    saslsts = sasl_setprop(conn, SASL_SSF_EXTERNAL, &ssf);
    if (saslsts != SASL_OK && saslsts != SASL_CONTINUE) {
	pmNotifyErr(LOG_ERR, "SASL setting external SSF to %d: %s",
			ssf, sasl_errstring(saslsts, NULL, NULL));
	return __pmSecureSocketsError(saslsts);
    }

    /* set general security properties */
    memset(&props, 0, sizeof(props));
    props.maxbufsize = LIMIT_AUTH_PDU;
    props.max_ssf = UINT_MAX;
    saslsts = sasl_setprop(conn, SASL_SEC_PROPS, &props);
    if (saslsts != SASL_OK && saslsts != SASL_CONTINUE) {
	pmNotifyErr(LOG_ERR, "SASL setting security properties: %s",
			sasl_errstring(saslsts, NULL, NULL));
	return __pmSecureSocketsError(saslsts);
    }

    return 0;
}
コード例 #2
0
EXPORT_SYM const char *
hdfs_namenode_connect(struct hdfs_namenode *n, const char *host, const char *port)
{
	const char *error = NULL;

	_lock(&n->nn_lock);
	ASSERT(n->nn_sock == -1);

	if (n->nn_kerb == HDFS_TRY_KERB || n->nn_kerb == HDFS_REQUIRE_KERB) {
		int r = sasl_client_new("hdfs", host, NULL/*localip*/,
		    NULL/*remoteip*/, NULL/*CBs*/, 0/*sec flags*/, &n->nn_sasl_ctx);
		if (r != SASL_OK) {
			error = sasl_errstring(r, NULL, NULL);
			goto out;
		}
	}

	error = _connect(&n->nn_sock, host, port);
	if (error)
		goto out;

out:
	_unlock(&n->nn_lock);
	return error;
}
コード例 #3
0
static int mutt_sasl_conn_read (CONNECTION * conn, char *buf, size_t len)
{
  SASL_DATA *sasldata;
  int rc;

  unsigned int olen;

  sasldata = (SASL_DATA *) conn->sockdata;

  /* if we still have data in our read buffer, copy it into buf */
  if (sasldata->blen > sasldata->bpos) {
    olen = (sasldata->blen - sasldata->bpos > len) ? len :
      sasldata->blen - sasldata->bpos;

    memcpy (buf, sasldata->buf + sasldata->bpos, olen);
    sasldata->bpos += olen;

    return olen;
  }

  conn->sockdata = sasldata->sockdata;

  mem_free (&sasldata->buf);
  sasldata->bpos = 0;
  sasldata->blen = 0;

  /* and decode the result, if necessary */
  if (*sasldata->ssf) {
    do {
      /* call the underlying read function to fill the buffer */
      rc = (sasldata->msasl_read) (conn, buf, len);
      if (rc <= 0)
        goto out;

      rc = sasl_decode (sasldata->saslconn, buf, rc, &sasldata->buf,
                        &sasldata->blen);
      if (rc != SASL_OK) {
        debug_print (1, ("SASL decode failed: %s\n",
                    sasl_errstring (rc, NULL, NULL)));
        goto out;
      }
    }
    while (!sasldata->blen);

    olen = (sasldata->blen - sasldata->bpos > len) ? len :
      sasldata->blen - sasldata->bpos;

    memcpy (buf, sasldata->buf, olen);
    sasldata->bpos += olen;

    rc = olen;
  }
  else
    rc = (sasldata->msasl_read) (conn, buf, len);

out:
  conn->sockdata = sasldata;

  return rc;
}
コード例 #4
0
ファイル: TSasl.cpp プロジェクト: 1ack/Impala
string TSasl::getUsername() {
  const char* username;
  int result =
      sasl_getprop(conn, SASL_USERNAME, reinterpret_cast<const void **>(&username));
  if (result != SASL_OK) {
    stringstream ss;
    ss << "Error getting SASL_USERNAME property: " << sasl_errstring(result, NULL, NULL);
    throw SaslException(ss.str().c_str());
  }
  // Copy the username and return it to the caller. There is no cleanup/delete call for
  // calls to sasl_getprops, the sasl layer handles the cleanup internally.
  string ret(username);

  // Temporary fix to auth_to_local-style lowercase mapping from
  // USER_NAME/[email protected] -> user_name/[email protected]
  //
  // TODO: The right fix is probably to use UserGroupInformation in the frontend which
  // will use auth_to_local rules to do this.
  if (FLAGS_force_lowercase_usernames) {
    vector<string> components;
    split(components, ret, is_any_of("@"));
    if (components.size() > 0 ) {
      to_lower(components[0]);
      ret = join(components, "@");
    }
  }
  return ret;
}
コード例 #5
0
ファイル: mn-sasl.c プロジェクト: danc86/mail-notification
gboolean
mn_sasl_init (GError **err)
{
  /*
   * Bad things may happen if we call sasl_client_init() again after
   * having called sasl_done(), so we just keep SASL initialized for
   * the whole application lifetime.
   */

  G_LOCK(init);
  if (! attempted)
    {
      int status;

      status = sasl_client_init(NULL);
      if (status == SASL_OK)
	initialized = TRUE;
      else
	init_error = g_strdup(sasl_errstring(status, NULL, NULL));

      attempted = TRUE;
    }

  if (! initialized)
    {
      g_assert(init_error != NULL);
      g_set_error(err, 0, 0, "%s", init_error);
    }
  G_UNLOCK(init);

  return initialized;
}
コード例 #6
0
ファイル: virnetsaslcontext.c プロジェクト: miurahr/libvirt
const char *virNetSASLSessionGetIdentity(virNetSASLSessionPtr sasl)
{
    const void *val = NULL;
    int err;
    virObjectLock(sasl);

    err = sasl_getprop(sasl->conn, SASL_USERNAME, &val);
    if (err != SASL_OK) {
        virReportError(VIR_ERR_AUTH_FAILED,
                       _("cannot query SASL username on connection %d (%s)"),
                       err, sasl_errstring(err, NULL, NULL));
        val = NULL;
        goto cleanup;
    }
    if (val == NULL) {
        virReportError(VIR_ERR_AUTH_FAILED, "%s",
                       _("no client username was found"));
        goto cleanup;
    }
    VIR_DEBUG("SASL client username %s", (const char *)val);

cleanup:
    virObjectUnlock(sasl);
    return (const char*)val;
}
コード例 #7
0
ファイル: virnetsaslcontext.c プロジェクト: miurahr/libvirt
virNetSASLSessionPtr virNetSASLSessionNewServer(virNetSASLContextPtr ctxt ATTRIBUTE_UNUSED,
                                                const char *service,
                                                const char *localAddr,
                                                const char *remoteAddr)
{
    virNetSASLSessionPtr sasl = NULL;
    int err;

    if (!(sasl = virObjectLockableNew(virNetSASLSessionClass)))
        return NULL;

    /* Arbitrary size for amount of data we can encode in a single block */
    sasl->maxbufsize = 1 << 16;

    err = sasl_server_new(service,
                          NULL,
                          NULL,
                          localAddr,
                          remoteAddr,
                          NULL,
                          SASL_SUCCESS_DATA,
                          &sasl->conn);
    if (err != SASL_OK) {
        virReportError(VIR_ERR_AUTH_FAILED,
                       _("Failed to create SASL client context: %d (%s)"),
                       err, sasl_errstring(err, NULL, NULL));
        goto cleanup;
    }

    return sasl;

cleanup:
    virObjectUnref(sasl);
    return NULL;
}
コード例 #8
0
virNetSASLContextPtr virNetSASLContextNewServer(const char *const*usernameWhitelist)
{
    virNetSASLContextPtr ctxt;
    int err;

    err = sasl_server_init(NULL, "libvirt");
    if (err != SASL_OK) {
        virNetError(VIR_ERR_AUTH_FAILED,
                    _("failed to initialize SASL library: %d (%s)"),
                    err, sasl_errstring(err, NULL, NULL));
        return NULL;
    }

    if (VIR_ALLOC(ctxt) < 0) {
        virReportOOMError();
        return NULL;
    }

    if (virMutexInit(&ctxt->lock) < 0) {
        virNetError(VIR_ERR_INTERNAL_ERROR, "%s",
                    _("Failed to initialized mutex"));
        VIR_FREE(ctxt);
        return NULL;
    }

    ctxt->usernameWhitelist = usernameWhitelist;
    ctxt->refs = 1;

    return ctxt;
}
コード例 #9
0
ファイル: virnetsaslcontext.c プロジェクト: miurahr/libvirt
int virNetSASLSessionSecProps(virNetSASLSessionPtr sasl,
                              int minSSF,
                              int maxSSF,
                              bool allowAnonymous)
{
    sasl_security_properties_t secprops;
    int err;
    int ret = -1;

    VIR_DEBUG("minSSF=%d maxSSF=%d allowAnonymous=%d maxbufsize=%zu",
              minSSF, maxSSF, allowAnonymous, sasl->maxbufsize);

    virObjectLock(sasl);
    memset(&secprops, 0, sizeof(secprops));

    secprops.min_ssf = minSSF;
    secprops.max_ssf = maxSSF;
    secprops.maxbufsize = sasl->maxbufsize;
    secprops.security_flags = allowAnonymous ? 0 :
        SASL_SEC_NOANONYMOUS | SASL_SEC_NOPLAINTEXT;

    err = sasl_setprop(sasl->conn, SASL_SEC_PROPS, &secprops);
    if (err != SASL_OK) {
        virReportError(VIR_ERR_INTERNAL_ERROR,
                       _("cannot set security props %d (%s)"),
                       err, sasl_errstring(err, NULL, NULL));
        goto cleanup;
    }

    ret = 0;

cleanup:
    virObjectUnlock(sasl);
    return ret;
}
コード例 #10
0
virNetSASLContextPtr virNetSASLContextNewClient(void)
{
    virNetSASLContextPtr ctxt;
    int err;

    err = sasl_client_init(NULL);
    if (err != SASL_OK) {
        virNetError(VIR_ERR_AUTH_FAILED,
                    _("failed to initialize SASL library: %d (%s)"),
                    err, sasl_errstring(err, NULL, NULL));
        return NULL;
    }

    if (VIR_ALLOC(ctxt) < 0) {
        virReportOOMError();
        return NULL;
    }

    if (virMutexInit(&ctxt->lock) < 0) {
        virNetError(VIR_ERR_INTERNAL_ERROR, "%s",
                    _("Failed to initialized mutex"));
        VIR_FREE(ctxt);
        return NULL;
    }

    ctxt->refs = 1;

    return ctxt;
}
コード例 #11
0
ファイル: TSasl.cpp プロジェクト: vthacker/impala-port
TSaslClient::TSaslClient(const string& mechanisms, const string& authenticationId,
                         const string& protocol, const string& serverName, const map<string,string>& props,
                         sasl_callback_t* callbacks) {
    conn = NULL;
    if (!props.empty()) {
        throw SaslServerImplException("Properties not yet supported");
    }
    int result = sasl_client_new(protocol.c_str(), serverName.c_str(),
                                 NULL, NULL, callbacks, 0, &conn);
    if (result != SASL_OK) {
        if (conn) {
            throw SaslServerImplException(sasl_errdetail(conn));
        } else {
            throw SaslServerImplException(sasl_errstring(result, NULL, NULL));
        }
    }

    if (!authenticationId.empty()) {
        /* TODO: setup security property */
        /*
        sasl_security_properties_t secprops;
        // populate  secprops
        result = sasl_setprop(conn, SASL_AUTH_EXTERNAL, authenticationId.c_str());
        */
    }

    chosenMech = mechList = mechanisms;
    authComplete = false;
    clientStarted = false;
}
コード例 #12
0
ファイル: virnetsaslcontext.c プロジェクト: mohankku/libvirt
virNetSASLContextPtr virNetSASLContextNewClient(void)
{
    virNetSASLContextPtr ctxt;
    int err;

    if (virNetSASLContextInitialize() < 0)
        return NULL;

    err = sasl_client_init(NULL);
    if (err != SASL_OK) {
        virReportError(VIR_ERR_AUTH_FAILED,
                       _("failed to initialize SASL library: %d (%s)"),
                       err, sasl_errstring(err, NULL, NULL));
        return NULL;
    }

    if (!(ctxt = virObjectNew(virNetSASLContextClass)))
        return NULL;

    if (virMutexInit(&ctxt->lock) < 0) {
        virReportError(VIR_ERR_INTERNAL_ERROR, "%s",
                       _("Failed to initialized mutex"));
        VIR_FREE(ctxt);
        return NULL;
    }

    return ctxt;
}
コード例 #13
0
ファイル: auxprop.c プロジェクト: 1ack/Impala
/* add an auxiliary property plugin */
int sasl_auxprop_add_plugin(const char *plugname,
			    sasl_auxprop_init_t *auxpropfunc)
{
    int result, out_version;
    auxprop_plug_list_t *new_item;
    sasl_auxprop_plug_t *plug;
    
    result = auxpropfunc(sasl_global_utils, SASL_AUXPROP_PLUG_VERSION,
			 &out_version, &plug, plugname);

    if(result != SASL_OK) {
	_sasl_log(NULL, SASL_LOG_ERR, "auxpropfunc error %s\n",
		  sasl_errstring(result, NULL, NULL));
	return result;
    }

    /* We require that this function is implemented */
    if(!plug->auxprop_lookup) return SASL_BADPROT;

    new_item = sasl_ALLOC(sizeof(auxprop_plug_list_t));
    if(!new_item) return SASL_NOMEM;    

    /* These will load from least-important to most important */
    new_item->plug = plug;
    new_item->next = auxprop_head;
    auxprop_head = new_item;

    return SASL_OK;
}
コード例 #14
0
ファイル: vnc-auth-sasl.c プロジェクト: JMR-b/qemu
static int vnc_auth_sasl_check_access(VncState *vs)
{
    const void *val;
    int err;
    int allow;

    err = sasl_getprop(vs->sasl.conn, SASL_USERNAME, &val);
    if (err != SASL_OK) {
        VNC_DEBUG("cannot query SASL username on connection %d (%s), denying access\n",
                  err, sasl_errstring(err, NULL, NULL));
        return -1;
    }
    if (val == NULL) {
        VNC_DEBUG("no client username was found, denying access\n");
        return -1;
    }
    VNC_DEBUG("SASL client username %s\n", (const char *)val);

    vs->sasl.username = g_strdup((const char*)val);

    if (vs->vd->sasl.acl == NULL) {
        VNC_DEBUG("no ACL activated, allowing access\n");
        return 0;
    }

    allow = qemu_acl_party_is_allowed(vs->vd->sasl.acl, vs->sasl.username);

    VNC_DEBUG("SASL client %s %s by ACL\n", vs->sasl.username,
              allow ? "allowed" : "denied");
    return allow ? 0 : -1;
}
コード例 #15
0
ファイル: cyrus_sasl.c プロジェクト: alisheikh/qpid-proton
static bool pni_check_sasl_result(sasl_conn_t *conn, int r, pn_transport_t *logger)
{
    if (r!=SASL_OK) {
        if (logger->trace & PN_TRACE_DRV)
          pn_transport_logf(logger, "sasl error: %s", conn ? sasl_errdetail(conn) : sasl_errstring(r, NULL, NULL));
        return false;
    }
    return true;
}
コード例 #16
0
ファイル: mongoc-cyrus.c プロジェクト: cran/mongolite
static bool
_mongoc_cyrus_is_failure (int status, bson_error_t *error)
{
   bool ret = (status < 0);

   TRACE ("Got status: %d ok is %d, continue=%d interact=%d\n",
          status,
          SASL_OK,
          SASL_CONTINUE,
          SASL_INTERACT);
   if (ret) {
      switch (status) {
      case SASL_NOMEM:
         bson_set_error (error,
                         MONGOC_ERROR_SASL,
                         status,
                         "SASL Failure: insufficient memory.");
         break;
      case SASL_NOMECH: {
         bson_string_t *str = bson_string_new ("available mechanisms: ");
         const char **mechs = sasl_global_listmech ();
         int i = 0;

         for (i = 0; mechs[i]; i++) {
            bson_string_append (str, mechs[i]);
            if (mechs[i + 1]) {
               bson_string_append (str, ",");
            }
         }
         bson_set_error (error,
                         MONGOC_ERROR_SASL,
                         status,
                         "SASL Failure: failure to negotiate mechanism (%s)",
                         str->str);
         bson_string_free (str, 0);
      } break;
      case SASL_BADPARAM:
         bson_set_error (error,
                         MONGOC_ERROR_SASL,
                         status,
                         "Bad parameter supplied. Please file a bug "
                         "with mongo-c-driver.");
         break;
      default:
         bson_set_error (error,
                         MONGOC_ERROR_SASL,
                         status,
                         "SASL Failure: (%d): %s",
                         status,
                         sasl_errstring (status, NULL, NULL));
         break;
      }
   }

   return ret;
}
コード例 #17
0
int is_sasl_failure(sasl_conn_t *conn, int result, char **error_message)
{
	if (result < 0) {
		*error_message = malloc(256);
		snprintf(*error_message, 256, "Authentication error: %s", sasl_errstring(result, NULL, NULL));
		return 1;
	}

	return 0;
}
コード例 #18
0
/* add an auxiliary property plugin */
int sasl_auxprop_add_plugin(const char *plugname,
			    sasl_auxprop_init_t *auxpropfunc)
{
	int result = sasl_auxprop_add_plugin_nolog(plugname, auxpropfunc);
	if(result != SASL_OK) {
		_sasl_log(NULL, SASL_LOG_ERR, "auxpropfunc error %s\n",
			sasl_errstring(result, NULL, NULL));
    }
	
	return result;
}
コード例 #19
0
ファイル: rdkafka_sasl.c プロジェクト: BDeus/librdkafka
/**
 * Global SASL init, called once per runtime.
 */
int rd_kafka_sasl_global_init (void) {
	int r;

	mtx_init(&rd_kafka_sasl_kinit_lock, mtx_plain);

	r = sasl_client_init(NULL);
	if (r != SASL_OK) {
		fprintf(stderr, "librdkafka: sasl_client_init() failed: %s\n",
			sasl_errstring(r, NULL, NULL));
		return -1;
	}

	return 0;
}
コード例 #20
0
static int mutt_sasl_conn_write (CONNECTION* conn, const char* buf,
  size_t len)
{
  SASL_DATA* sasldata;
  int rc;

  const char *pbuf;
  unsigned int olen, plen;

  sasldata = (SASL_DATA*) conn->sockdata;
  conn->sockdata = sasldata->sockdata;

  /* encode data, if necessary */
  if (*sasldata->ssf)
  {
    /* handle data larger than MAXOUTBUF */
    do
    {
      olen = (len > *sasldata->pbufsize) ? *sasldata->pbufsize : len;

      rc = sasl_encode (sasldata->saslconn, buf, olen, &pbuf, &plen);
      if (rc != SASL_OK)
      {
	dprint (1, (debugfile, "SASL encoding failed: %s\n",
          sasl_errstring (rc, NULL, NULL)));
	goto fail;
      }

      rc = (sasldata->msasl_write) (conn, pbuf, plen);
      if (rc != plen)
	goto fail;

      len -= olen;
      buf += olen;
    }
    while (len > *sasldata->pbufsize);
  }
  else
  /* just write using the underlying socket function */
    rc = (sasldata->msasl_write) (conn, buf, len);
  
  conn->sockdata = sasldata;

  return rc;

 fail:
  conn->sockdata = sasldata;
  return -1;
}
コード例 #21
0
ファイル: cyrus_auth.c プロジェクト: dtrebbien/subversion
static svn_error_t *initialize(void *baton, apr_pool_t *pool)
{
  int result;
  SVN_ERR(svn_ra_svn__sasl_common_init(pool));

  /* The second parameter tells SASL to look for a configuration file
     named subversion.conf. */
  result = sasl_server_init(callbacks, SVN_RA_SVN_SASL_NAME);
  if (result != SASL_OK)
    {
      svn_error_t *err = svn_error_create(SVN_ERR_RA_NOT_AUTHORIZED, NULL,
                                          sasl_errstring(result, NULL, NULL));
      return svn_error_quick_wrap(err,
                                  _("Could not initialize the SASL library"));
    }
  return SVN_NO_ERROR;
}
コード例 #22
0
virNetSASLSessionPtr virNetSASLSessionNewClient(virNetSASLContextPtr ctxt ATTRIBUTE_UNUSED,
                                                const char *service,
                                                const char *hostname,
                                                const char *localAddr,
                                                const char *remoteAddr,
                                                const sasl_callback_t *cbs)
{
    virNetSASLSessionPtr sasl = NULL;
    int err;

    if (VIR_ALLOC(sasl) < 0) {
        virReportOOMError();
        goto cleanup;
    }

    if (virMutexInit(&sasl->lock) < 0) {
        virNetError(VIR_ERR_INTERNAL_ERROR, "%s",
                    _("Failed to initialized mutex"));
        VIR_FREE(sasl);
        return NULL;
    }

    sasl->refs = 1;
    /* Arbitrary size for amount of data we can encode in a single block */
    sasl->maxbufsize = 1 << 16;

    err = sasl_client_new(service,
                          hostname,
                          localAddr,
                          remoteAddr,
                          cbs,
                          SASL_SUCCESS_DATA,
                          &sasl->conn);
    if (err != SASL_OK) {
        virNetError(VIR_ERR_AUTH_FAILED,
                    _("Failed to create SASL client context: %d (%s)"),
                    err, sasl_errstring(err, NULL, NULL));
        goto cleanup;
    }

    return sasl;

cleanup:
    virNetSASLSessionFree(sasl);
    return NULL;
}
コード例 #23
0
ファイル: TSasl.cpp プロジェクト: vthacker/impala-port
TSaslServer::TSaslServer(const string& service, const string& serverFQDN,
                         const string& userRealm,
                         unsigned flags, sasl_callback_t* callbacks) {
    conn = NULL;
    int result = sasl_server_new(service.c_str(),
                                 serverFQDN.size() == 0 ? NULL : serverFQDN.c_str(),
                                 userRealm.size() == 0 ? NULL :userRealm.c_str(),
                                 NULL, NULL, callbacks, flags, &conn);
    if (result != SASL_OK) {
        if (conn) {
            throw SaslServerImplException(sasl_errdetail(conn));
        } else {
            throw SaslServerImplException(sasl_errstring(result, NULL, NULL));
        }
    }

    authComplete = false;
    serverStarted = false;
}
コード例 #24
0
ファイル: virnetsaslcontext.c プロジェクト: miurahr/libvirt
virNetSASLContextPtr virNetSASLContextNewClient(void)
{
    virNetSASLContextPtr ctxt;
    int err;

    if (virNetSASLContextInitialize() < 0)
        return NULL;

    err = sasl_client_init(NULL);
    if (err != SASL_OK) {
        virReportError(VIR_ERR_AUTH_FAILED,
                       _("failed to initialize SASL library: %d (%s)"),
                       err, sasl_errstring(err, NULL, NULL));
        return NULL;
    }

    if (!(ctxt = virObjectLockableNew(virNetSASLContextClass)))
        return NULL;

    return ctxt;
}
コード例 #25
0
ファイル: virnetsaslcontext.c プロジェクト: miurahr/libvirt
static int virNetSASLSessionUpdateBufSize(virNetSASLSessionPtr sasl)
{
    union {
        unsigned *maxbufsize;
        const void *ptr;
    } u;
    int err;

    err = sasl_getprop(sasl->conn, SASL_MAXOUTBUF, &u.ptr);
    if (err != SASL_OK) {
        virReportError(VIR_ERR_INTERNAL_ERROR,
                       _("cannot get security props %d (%s)"),
                       err, sasl_errstring(err, NULL, NULL));
        return -1;
    }

    VIR_DEBUG("Negotiated bufsize is %u vs requested size %zu",
              *u.maxbufsize, sasl->maxbufsize);
    sasl->maxbufsize = *u.maxbufsize;
    return 0;
}
コード例 #26
0
ファイル: virnetsaslcontext.c プロジェクト: miurahr/libvirt
int virNetSASLSessionGetKeySize(virNetSASLSessionPtr sasl)
{
    int err;
    int ssf;
    const void *val;

    virObjectLock(sasl);
    err = sasl_getprop(sasl->conn, SASL_SSF, &val);
    if (err != SASL_OK) {
        virReportError(VIR_ERR_AUTH_FAILED,
                       _("cannot query SASL ssf on connection %d (%s)"),
                       err, sasl_errstring(err, NULL, NULL));
        ssf = -1;
        goto cleanup;
    }
    ssf = *(const int *)val;

cleanup:
    virObjectUnlock(sasl);
    return ssf;
}
コード例 #27
0
ファイル: virnetsaslcontext.c プロジェクト: miurahr/libvirt
int virNetSASLSessionExtKeySize(virNetSASLSessionPtr sasl,
                                int ssf)
{
    int err;
    int ret = -1;
    virObjectLock(sasl);

    err = sasl_setprop(sasl->conn, SASL_SSF_EXTERNAL, &ssf);
    if (err != SASL_OK) {
        virReportError(VIR_ERR_INTERNAL_ERROR,
                       _("cannot set external SSF %d (%s)"),
                       err, sasl_errstring(err, NULL, NULL));
        goto cleanup;
    }

    ret = 0;

cleanup:
    virObjectUnlock(sasl);
    return ret;
}
コード例 #28
0
static bool
_mongoc_sasl_is_failure (int           status,
                         bson_error_t *error)
{
   bool ret = (status < 0);

   if (ret) {
      switch (status) {
      case SASL_NOMEM:
         bson_set_error (error,
                         MONGOC_ERROR_SASL,
                         status,
                         "SASL Failrue: insufficient memory.");
         break;
      case SASL_NOMECH:
         bson_set_error (error,
                         MONGOC_ERROR_SASL,
                         status,
                         "SASL Failure: failure to negotiate mechanism");
         break;
      case SASL_BADPARAM:
         bson_set_error (error,
                         MONGOC_ERROR_SASL,
                         status,
                         "Bad parameter supplied. Please file a bug "
                         "with mongo-c-driver.");
         break;
      default:
         bson_set_error (error,
                         MONGOC_ERROR_SASL,
                         status,
                         "SASL Failure: (%d): %s",
                         status,
                         sasl_errstring (status, NULL, NULL));
         break;
      }
   }

   return ret;
}
コード例 #29
0
ファイル: virnetsaslcontext.c プロジェクト: miurahr/libvirt
ssize_t virNetSASLSessionEncode(virNetSASLSessionPtr sasl,
                                const char *input,
                                size_t inputLen,
                                const char **output,
                                size_t *outputlen)
{
    unsigned inlen = inputLen;
    unsigned outlen = 0;
    int err;
    ssize_t ret = -1;

    virObjectLock(sasl);
    if (inputLen > sasl->maxbufsize) {
        virReportSystemError(EINVAL,
                             _("SASL data length %zu too long, max %zu"),
                             inputLen, sasl->maxbufsize);
        goto cleanup;
    }

    err = sasl_encode(sasl->conn,
                      input,
                      inlen,
                      output,
                      &outlen);
    *outputlen = outlen;

    if (err != SASL_OK) {
        virReportError(VIR_ERR_INTERNAL_ERROR,
                       _("failed to encode SASL data: %d (%s)"),
                       err, sasl_errstring(err, NULL, NULL));
        goto cleanup;
    }
    ret = 0;

cleanup:
    virObjectUnlock(sasl);
    return ret;
}
コード例 #30
0
ファイル: virnetsaslcontext.c プロジェクト: miurahr/libvirt
virNetSASLContextPtr virNetSASLContextNewServer(const char *const*usernameWhitelist)
{
    virNetSASLContextPtr ctxt;
    int err;

    if (virNetSASLContextInitialize() < 0)
        return NULL;

    err = sasl_server_init(NULL, "libvirt");
    if (err != SASL_OK) {
        virReportError(VIR_ERR_AUTH_FAILED,
                       _("failed to initialize SASL library: %d (%s)"),
                       err, sasl_errstring(err, NULL, NULL));
        return NULL;
    }

    if (!(ctxt = virObjectLockableNew(virNetSASLContextClass)))
        return NULL;

    ctxt->usernameWhitelist = usernameWhitelist;

    return ctxt;
}