1 /* $NetBSD: mech_plain.c,v 1.4 2011/02/12 23:21:32 christos Exp $ */ 2 3 /* Copyright (c) 2010 The NetBSD Foundation, Inc. 4 * All rights reserved. 5 * 6 * This code is derived from software contributed to The NetBSD Foundation 7 * by Mateusz Kocielski. 8 * 9 * Redistribution and use in source and binary forms, with or without 10 * modification, are permitted provided that the following conditions 11 * are met: 12 * 1. Redistributions of source code must retain the above copyright 13 * notice, this list of conditions and the following disclaimer. 14 * 2. Redistributions in binary form must reproduce the above copyright 15 * notice, this list of conditions and the following disclaimer in the 16 * documentation and/or other materials provided with the distribution. 17 * 3. All advertising materials mentioning features or use of this software 18 * must display the following acknowledgement: 19 * This product includes software developed by the NetBSD 20 * Foundation, Inc. and its contributors. 21 * 4. Neither the name of The NetBSD Foundation nor the names of its 22 * contributors may be used to endorse or promote products derived 23 * from this software without specific prior written permission. 24 * 25 * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS 26 * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED 27 * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 28 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS 29 * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 30 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF 31 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 32 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 33 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 34 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 35 * POSSIBILITY OF SUCH DAMAGE. 36 */ 37 #include <sys/cdefs.h> 38 __RCSID("$NetBSD: mech_plain.c,v 1.4 2011/02/12 23:21:32 christos Exp $"); 39 40 #include <saslc.h> 41 #include <stdio.h> 42 #include <string.h> 43 44 #include "error.h" 45 #include "mech.h" 46 #include "msg.h" 47 #include "saslc_private.h" 48 49 50 /* See RFC 2595. */ 51 52 /* properties */ 53 #define SASLC_PLAIN_AUTHCID SASLC_PROP_AUTHCID /* username key */ 54 #define SASLC_PLAIN_AUTHZID SASLC_PROP_AUTHZID /* authorization id */ 55 #define SASLC_PLAIN_PASSWD SASLC_PROP_PASSWD /* password key */ 56 57 #define NUL_DELIM '\x00' 58 #define CRED_MAX_LEN 255 59 60 /** 61 * @brief doing one step of the sasl authentication 62 * @param sess sasl session 63 * @param in input data 64 * @param inlen input data length 65 * @param out place to store output data 66 * @param outlen output data length 67 * @return MECH_OK - success, 68 * MECH_STEP - more steps are needed, 69 * MECH_ERROR - error 70 */ 71 /*ARGSUSED*/ 72 static int 73 saslc__mech_plain_cont(saslc_sess_t *sess, const void *in __unused, 74 size_t inlen __unused, void **out, size_t *outlen) 75 { 76 const char *authzid, *authcid, *passwd; 77 char *outstr; 78 int len; 79 80 authzid = saslc_sess_getprop(sess, SASLC_PLAIN_AUTHZID); 81 if (authzid != NULL && strlen(authzid) > CRED_MAX_LEN) { 82 saslc__error_set(ERR(sess), ERROR_MECH, 83 "authzid should be shorter than 256 characters"); 84 return MECH_ERROR; 85 } 86 87 if ((authcid = saslc_sess_getprop(sess, SASLC_PLAIN_AUTHCID)) 88 == NULL) { 89 saslc__error_set(ERR(sess), ERROR_MECH, 90 "authcid is required for an authentication"); 91 return MECH_ERROR; 92 } 93 if (strlen(authcid) > CRED_MAX_LEN) { 94 saslc__error_set(ERR(sess), ERROR_MECH, 95 "authcid should be shorter than 256 characters"); 96 return MECH_ERROR; 97 } 98 99 if ((passwd = saslc_sess_getprop(sess, SASLC_PLAIN_PASSWD)) 100 == NULL) { 101 saslc__error_set(ERR(sess), ERROR_MECH, 102 "passwd is required for an authentication"); 103 return MECH_ERROR; 104 } 105 if (strlen(passwd) > CRED_MAX_LEN) { 106 saslc__error_set(ERR(sess), ERROR_MECH, 107 "passwd should be shorter than 256 characters"); 108 return MECH_ERROR; 109 } 110 111 len = asprintf(&outstr, "%s%c%s%c%s", authzid != NULL ? authzid : "", 112 NUL_DELIM, authcid, NUL_DELIM, passwd); 113 if (len == -1) { 114 saslc__error_set_errno(ERR(sess), ERROR_NOMEM); 115 return MECH_ERROR; 116 } 117 *out = outstr; 118 *outlen = len; 119 120 saslc__msg_dbg("saslc__mech_plain_cont: " 121 "authzid='%s' authcid='%s' passwd='%s'\n", 122 authzid != NULL ? authzid : "", authcid, passwd); 123 124 return MECH_OK; 125 } 126 127 /* mechanism definition */ 128 const saslc__mech_t saslc__mech_plain = { 129 .name = "PLAIN", 130 .flags = FLAG_PLAINTEXT, 131 .create = saslc__mech_generic_create, 132 .cont = saslc__mech_plain_cont, 133 .encode = NULL, 134 .decode = NULL, 135 .destroy = saslc__mech_generic_destroy 136 }; 137