ssize_t sasl_read(Sfio_t *f, Void_t *buf, size_t size, Sfdisc_t *disc)
{
int len, result;
const char *outbuf;
int outlen;
Sasldisc_t *sd = (Sasldisc_t *) disc;
len = sfrd(f, buf, size, disc);
if (len <= 0)
return len;
result = sasl_decode(sd->conn, buf, len, &outbuf, &outlen);
if (result != SASL_OK) {
/* eventually, we'll want an exception here */
return -1;
}
if (outbuf != NULL) {
memcpy(buf, outbuf, outlen);
}
return outlen;
}
size_t CyrusSecurityLayer::decode(const char* input, size_t size)
{
size_t inStart = 0;
do {
size_t inSize = std::min(size - inStart, maxInputSize);
int result = sasl_decode(conn, input + inStart, inSize, &decrypted, &decryptedSize);
if (result != SASL_OK) {
throw framing::InternalErrorException(QPID_MSG("SASL decode error: " << sasl_errdetail(conn)));
}
inStart += inSize;
size_t copied = 0;
do {
size_t count = std::min(decryptedSize - copied, decodeBuffer.size - decodeBuffer.position);
::memcpy(decodeBuffer.data + decodeBuffer.position, decrypted + copied, count);
copied += count;
decodeBuffer.position += count;
size_t decodedSize = codec->decode(decodeBuffer.data, decodeBuffer.position);
if (decodedSize < decodeBuffer.position) {
::memmove(decodeBuffer.data, decodeBuffer.data + decodedSize, decodeBuffer.position - decodedSize);
}
decodeBuffer.position -= decodedSize;
} while (copied < decryptedSize);
} while (inStart < size);
return size;
}
static int cyrussasl_decode(lua_State *l)
{
struct _sasl_ctx *ctx = NULL;
const char *msg;
size_t msg_len = 0;
unsigned out_len = 0;
const char *out_data = NULL;
int err;
int numargs = lua_gettop(l);
if (numargs != 2) {
lua_pushstring(l, "usage: cyrussasl.decode(conn, msg)");
lua_error(l);
return 0;
}
ctx = get_context(l, 1);
msg = tolstring(l, 2, &msg_len);
err = sasl_decode(ctx->conn, msg, msg_len, &out_data, &out_len);
lua_pushinteger(l, err);
if (err == SASL_OK) {
lua_pushlstring(l, out_data, out_len);
} else {
lua_pushliteral(l, "");
}
return 2;
}
bool sasl_endecode(const QByteArray &in, QByteArray *out, bool enc)
{
// no security
if(ssf == 0) {
*out = in;
return true;
}
int at = 0;
out->resize(0);
while(1) {
int size = in.size() - at;
if(size == 0)
break;
if(size > maxoutbuf)
size = maxoutbuf;
const char *outbuf;
unsigned len;
int r;
if(enc)
r = sasl_encode(con, in.data() + at, size, &outbuf, &len);
else
r = sasl_decode(con, in.data() + at, size, &outbuf, &len);
if(r != SASL_OK)
return false;
int oldsize = out->size();
out->resize(oldsize + len);
memcpy(out->data() + oldsize, outbuf, len);
at += size;
}
return true;
}
// Returns decoded size; sets remain; resizes bufp/remain if needed.
// On error, returns SASL error code (negative)
int
_sasl_decode_at_offset(sasl_conn_t *ctx, char **bufp, size_t offset, int r, int *remain)
{
const char *out;
unsigned outlen;
int s;
uint32_t sasl_len;
// this is pretty fragile. at the moment we expect to slurp exactly one
// kerb reply in a given read(). fixing it will require adding another
// buffer to the read code when the connection is sasl'd, which is more
// work for now (it's not clear that hadoop supports ssf > 0 anyway).
if (r < 4)
abort();
sasl_len = _be32dec(*bufp + offset);
if ((unsigned)r - 4 != sasl_len)
abort();
s = sasl_decode(ctx, *bufp + offset + 4, sasl_len, &out, &outlen);
if (s != SASL_OK)
return s;
if (outlen > (unsigned)*remain) {
*remain = outlen + 4*1024;
*bufp = realloc(*bufp, offset + *remain);
ASSERT(*bufp);
}
memcpy(*bufp + offset, out, outlen);
return outlen;
}
static int _sx_sasl_rio(sx_t s, sx_plugin_t p, sx_buf_t buf) {
sasl_conn_t *sasl;
sx_error_t sxe;
int *x, len;
char *out;
sasl = ((_sx_sasl_data_t) s->plugin_data[p->index])->sasl;
/* if there's no security layer, don't bother */
sasl_getprop(sasl, SASL_SSF, (const void **) &x);
if(*x == 0)
return 1;
_sx_debug(ZONE, "doing sasl decode");
/* decode the input */
if (sasl_decode(sasl, buf->data, buf->len, (const char **) &out, &len)
!= SASL_OK) {
/* Fatal error */
_sx_gen_error(sxe, SX_ERR_STREAM, "Stream error", "sasl_decode failed, closing stream");
_sx_event(s, event_ERROR, (void *) &sxe);
_sx_state(s, state_CLOSING);
return -1;
}
/* replace the buffer */
_sx_buffer_set(buf, out, len, NULL);
_sx_debug(ZONE, "%d bytes decoded from sasl channel", len);
return 1;
}
static int mutt_sasl_conn_read (CONNECTION * conn, char *buf, size_t len)
{
SASL_DATA *sasldata;
int rc;
unsigned int olen;
sasldata = (SASL_DATA *) conn->sockdata;
/* if we still have data in our read buffer, copy it into buf */
if (sasldata->blen > sasldata->bpos) {
olen = (sasldata->blen - sasldata->bpos > len) ? len :
sasldata->blen - sasldata->bpos;
memcpy (buf, sasldata->buf + sasldata->bpos, olen);
sasldata->bpos += olen;
return olen;
}
conn->sockdata = sasldata->sockdata;
mem_free (&sasldata->buf);
sasldata->bpos = 0;
sasldata->blen = 0;
/* and decode the result, if necessary */
if (*sasldata->ssf) {
do {
/* call the underlying read function to fill the buffer */
rc = (sasldata->msasl_read) (conn, buf, len);
if (rc <= 0)
goto out;
rc = sasl_decode (sasldata->saslconn, buf, rc, &sasldata->buf,
&sasldata->blen);
if (rc != SASL_OK) {
debug_print (1, ("SASL decode failed: %s\n",
sasl_errstring (rc, NULL, NULL)));
goto out;
}
}
while (!sasldata->blen);
olen = (sasldata->blen - sasldata->bpos > len) ? len :
sasldata->blen - sasldata->bpos;
memcpy (buf, sasldata->buf, olen);
sasldata->bpos += olen;
rc = olen;
}
else
rc = (sasldata->msasl_read) (conn, buf, len);
out:
conn->sockdata = sasldata;
return rc;
}
uint8_t* TSasl::unwrap(const uint8_t* incoming,
const int offset, const uint32_t len, uint32_t* outLen) {
uint32_t outputlen;
uint8_t* output;
int result;
result = sasl_decode(conn,
(const char*)incoming, len, (const char**)&output, &outputlen);
if (result != SASL_OK) {
throw SaslException(sasl_errdetail(conn));
}
*outLen = outputlen;
return output;
}
ssize_t pni_sasl_impl_decode(pn_transport_t *transport, pn_bytes_t in, pn_bytes_t *out)
{
if ( in.size==0 ) return 0;
sasl_conn_t *cyrus_conn = (sasl_conn_t*)transport->sasl->impl_context;
const char *output;
unsigned int outlen;
int r = sasl_decode(cyrus_conn, in.start, in.size, &output, &outlen);
if (outlen==0) return 0;
if ( r==SASL_OK ) {
*out = pn_bytes(outlen, output);
return outlen;
}
if (transport->trace & PN_TRACE_DRV)
pn_transport_logf(transport, "SASL decode error: %s", sasl_errdetail(cyrus_conn));
return PN_ERR;
}
static ssize_t reds_stream_sasl_read(RedsStream *s, uint8_t *buf, size_t nbyte)
{
uint8_t encoded[4096];
const char *decoded;
unsigned int decodedlen;
int err;
int n;
n = spice_buffer_copy(&s->priv->sasl.inbuffer, buf, nbyte);
if (n > 0) {
spice_buffer_remove(&s->priv->sasl.inbuffer, n);
if (n == nbyte)
return n;
nbyte -= n;
buf += n;
}
n = s->priv->read(s, encoded, sizeof(encoded));
if (n <= 0) {
return n;
}
err = sasl_decode(s->priv->sasl.conn,
(char *)encoded, n,
&decoded, &decodedlen);
if (err != SASL_OK) {
spice_warning("sasl_decode error: %d", err);
return -1;
}
if (decodedlen == 0) {
errno = EAGAIN;
return -1;
}
n = MIN(nbyte, decodedlen);
memcpy(buf, decoded, n);
spice_buffer_append(&s->priv->sasl.inbuffer, decoded + n, decodedlen - n);
return n;
}
ssize_t virNetSASLSessionDecode(virNetSASLSessionPtr sasl,
const char *input,
size_t inputLen,
const char **output,
size_t *outputlen)
{
unsigned inlen = inputLen;
unsigned outlen = 0;
int err;
ssize_t ret = -1;
virObjectLock(sasl);
if (inputLen > sasl->maxbufsize) {
virReportSystemError(EINVAL,
_("SASL data length %zu too long, max %zu"),
inputLen, sasl->maxbufsize);
goto cleanup;
}
err = sasl_decode(sasl->conn,
input,
inlen,
output,
&outlen);
*outputlen = outlen;
if (err != SASL_OK) {
virReportError(VIR_ERR_INTERNAL_ERROR,
_("failed to decode SASL data: %d (%s)"),
err, sasl_errstring(err, NULL, NULL));
goto cleanup;
}
ret = 0;
cleanup:
virObjectUnlock(sasl);
return ret;
}
long vnc_client_read_sasl(VncState *vs)
{
long ret;
uint8_t encoded[4096];
const char *decoded;
unsigned int decodedLen;
int err;
ret = vnc_client_read_buf(vs, encoded, sizeof(encoded));
if (!ret)
return 0;
err = sasl_decode(vs->sasl.conn,
(char *)encoded, ret,
&decoded, &decodedLen);
if (err != SASL_OK)
return vnc_client_io_error(vs, -1, NULL);
VNC_DEBUG("Read SASL Encoded %p size %ld Decoded %p size %d\n",
encoded, ret, decoded, decodedLen);
buffer_reserve(&vs->input, decodedLen);
buffer_append(&vs->input, decoded, decodedLen);
return decodedLen;
}
