Attachment #559390 for bug #592528




    }

    _sasl_MD5Init(&ctx);
    _sasl_MD5Update(&ctx, (const unsigned char *) salt, 16);
    _sasl_MD5Update(&ctx, (const unsigned char *) "sasldb", 6);
    _sasl_MD5Update(&ctx, (const unsigned char *) passwd, (unsigned int) passlen);
    memcpy((*secret)->data, salt, 16);
    (*secret)->data[16] = '\0';
    _sasl_MD5Final((*secret)->data + 17, &ctx);

    }
    
    _sasl_MD5Init(&ctx);
    _sasl_MD5Update(&ctx, (const unsigned char *) challenge, strlen(challenge));
    _sasl_MD5Update(&ctx, (const unsigned char *) auxprop_values[0].values[0],
		    strlen(auxprop_values[0].values[0]));
    _sasl_MD5Final(digest, &ctx);





		size_t *len)
{
  const char *userid;
  sasl_conn_t *conn;

  if (! context || ! result) return SASL_BADPARAM;

  conn = (sasl_conn_t *)context;

  switch(id) {
  case SASL_CB_AUTHNAME:
    userid = getenv("USER");

Lines 131-137 int sasl_encode64(const char *_in, Link Here

(-)a/lib/saslutil.c (-2 lines)
131	const unsigned char in = (const unsigned char )_in;	131	const unsigned char in = (const unsigned char )_in;
132	unsigned char out = (unsigned char )_out;	132	unsigned char out = (unsigned char )_out;
133	unsigned char oval;	133	unsigned char oval;
134	char *blah;
135	unsigned olen;	134	unsigned olen;
136		135
137	/* check params */	136	/* check params */
Lines 147-153 int sasl_encode64(const char *_in, Link Here
147	}	146	}
148		147
149	/* Do the work... */	148	/* Do the work... */
150	blah = (char *) out;
151	while (inlen >= 3) {	149	while (inlen >= 3) {
152	/* user provided max buffer size; make sure we don't go over it */	150	/* user provided max buffer size; make sure we don't go over it */
153	*out++ = basis_64[in[0] >> 2];	151	*out++ = basis_64[in[0] >> 2];




	    memset(oparams, 0, sizeof(sasl_out_params_t));
	    if (text->nonce) sparams->utils->free(text->nonce);
	    if (text->realm) sparams->utils->free(text->realm);
	    text->realm = NULL;
	    text->nonce = NULL;

	    /* fall through and issue challenge */
	}

    int saw_qop = 0;
    int ciphers = 0;
    int maxbuf_count = 0;
    bool IsUTF8 = FALSE;
    int algorithm_count = 0;
    int opaque_count = 0;


		params->utils->seterror(params->utils->conn, 0,
					"Charset must be UTF-8");
		goto FreeAllocatedMem;
	    } else {
		IsUTF8 = TRUE;
	    }
	} else if (strcasecmp(name,"algorithm")==0) {
	    if (text->http_mode && strcasecmp(value, "md5") == 0) {




{
    if (len) {
	if (unicode) {
	    to_unicode(base + *offset, (const char *) str, len);
	    len *= 2;
	}
	else {

    char P14[14];
    unsigned char S8[] = { 0x4b, 0x47, 0x53, 0x21, 0x40, 0x23, 0x24, 0x25 };

    strncpy(P14, (const char *) passwd->data, sizeof(P14));
    ucase(P14, sizeof(P14));

    E(P16, (unsigned char *) P14, sizeof(P14), S8, sizeof(S8));
    *result = SASL_OK;
    return P16;
}

	*result = SASL_NOMEM;
    }
    else {
	to_unicode((unsigned char *) *buf, (const char *) passwd->data, passwd->len);
	MD4((unsigned char *) *buf, 2 * passwd->len, P16);
	*result = SASL_OK;
    }
    return P16;

	strcpy(upper, authid);
	if (target) strcat(upper, target);
	ucase(upper, len);
	to_unicode((unsigned char *) *buf, upper, len);

	HMAC(EVP_md5(), hash, MD4_DIGEST_LENGTH, (unsigned char *) *buf, 2 * len, hash, &len);

	/* V2 = HMAC-MD5(NTLMv2hash, challenge + blob) + blob */
	HMAC_Init(&ctx, hash, len, EVP_md5());

     */
    n = strcspn(in, ".");
    if (n > 16) n = 16;
    strncpy((char *) out+18, in, n);
    in = (char *) out+18;
    ucase(in, n);

    out[j++] = 0x20;

		   "NTLM: error reading NEGPROT response");
	return SASL_FAIL;
    }
    p = (unsigned char *) text->out_buf;

    /* parse the header */
    if (len < SMB_HDR_SIZE) {

	    return SASL_NOMEM;
	}
	memcpy(*domain, p, len);
	from_unicode(*domain, (unsigned char *) *domain, len);

	text->flags |= NTLM_TARGET_IS_DOMAIN;
    }

		   "NTLM: error reading SESSIONSETUP response");
	return SASL_FAIL;
    }
    p = (unsigned char *) text->out_buf;

    /* parse the header */
    if (len < SMB_HDR_SIZE) {

	return SASL_NOMEM;
    }

    base = (unsigned char *) *buf;
    memset(base, 0, *outlen);
    memcpy(base + NTLM_SIG_OFFSET, NTLM_SIGNATURE, sizeof(NTLM_SIGNATURE));
    htoil(base + NTLM_TYPE_OFFSET, NTLM_TYPE_CHALLENGE);
    load_buffer(base + NTLM_TYPE2_TARGET_OFFSET,
		(const unsigned char *) ucase(target, 0), (uint16) xstrlen(target), flags & NTLM_USE_UNICODE,
		base, &offset);
    htoil(base + NTLM_TYPE2_FLAGS_OFFSET, flags);
    memcpy(base + NTLM_TYPE2_CHALLENGE_OFFSET, nonce, NTLM_NONCE_LENGTH);

	return SASL_BADPROT;
    }

    result = unload_buffer(sparams->utils,
			   (const unsigned char *) clientin + NTLM_TYPE3_LMRESP_OFFSET,
			   (u_char **) &lm_resp, &lm_resp_len, 0,
			   (const unsigned char *) clientin, clientinlen);
    if (result != SASL_OK) goto cleanup;

    result = unload_buffer(sparams->utils,
			   (const unsigned char *) clientin + NTLM_TYPE3_NTRESP_OFFSET,
			   (u_char **) &nt_resp, &nt_resp_len, 0,
			   (const unsigned char *) clientin, clientinlen);
    if (result != SASL_OK) goto cleanup;

    result = unload_buffer(sparams->utils,
			   (const unsigned char *) clientin + NTLM_TYPE3_DOMAIN_OFFSET,
			   (u_char **) &domain, &domain_len,
			   text->flags & NTLM_USE_UNICODE,
			   (const unsigned char *) clientin, clientinlen);
    if (result != SASL_OK) goto cleanup;

    result = unload_buffer(sparams->utils,
			   (const unsigned char *) clientin + NTLM_TYPE3_USER_OFFSET,
			   (u_char **) &authid, &authid_len,
			   text->flags & NTLM_USE_UNICODE,
			   (const unsigned char *) clientin, clientinlen);
    if (result != SASL_OK) goto cleanup;

    /* require at least one response and an authid */

	}
	
	password->len = (unsigned) pass_len;
	strncpy((char *) password->data, auxprop_values[0].values[0], pass_len + 1);

	/* erase the plaintext password */
	sparams->utils->prop_erase(sparams->propctx, password_request[0]);

	return SASL_NOMEM;
    }

    base = (unsigned char *) *buf;
    memset(base, 0, *outlen);
    memcpy(base + NTLM_SIG_OFFSET, NTLM_SIGNATURE, sizeof(NTLM_SIGNATURE));
    htoil(base + NTLM_TYPE_OFFSET, NTLM_TYPE_REQUEST);
    htoil(base + NTLM_TYPE1_FLAGS_OFFSET, flags);
    load_buffer(base + NTLM_TYPE1_DOMAIN_OFFSET,
		(const unsigned char *) domain, (uint16) xstrlen(domain), 0, base, &offset);
    load_buffer(base + NTLM_TYPE1_WORKSTN_OFFSET,
		(const unsigned char *) wkstn, (uint16) xstrlen(wkstn), 0, base, &offset);

    return SASL_OK;
}

	return SASL_NOMEM;
    }

    base = (unsigned char *) *buf;
    memset(base, 0, *outlen);
    memcpy(base + NTLM_SIG_OFFSET, NTLM_SIGNATURE, sizeof(NTLM_SIGNATURE));
    htoil(base + NTLM_TYPE_OFFSET, NTLM_TYPE_RESPONSE);

    load_buffer(base + NTLM_TYPE3_NTRESP_OFFSET,
		nt_resp, nt_resp ? NTLM_RESP_LENGTH : 0, 0, base, &offset);
    load_buffer(base + NTLM_TYPE3_DOMAIN_OFFSET,
		(const unsigned char *) ucase(domain, 0), (uint16) xstrlen(domain),
		flags & NTLM_USE_UNICODE,
		base, &offset);
    load_buffer(base + NTLM_TYPE3_USER_OFFSET,
		(const unsigned char *) user, (uint16) xstrlen(user),
		flags & NTLM_USE_UNICODE, base, &offset);
    load_buffer(base + NTLM_TYPE3_WORKSTN_OFFSET,
		(const unsigned char *) ucase(wkstn, 0), (uint16) xstrlen(wkstn),
		flags & NTLM_USE_UNICODE,
		base, &offset);
    load_buffer(base + NTLM_TYPE3_SESSIONKEY_OFFSET,
		key, key ? NTLM_SESSKEY_LENGTH : 0, 0, base, &offset);


    flags &= NTLM_FLAGS_MASK; /* mask off the bits we don't support */

    result = unload_buffer(params->utils,
			   (const unsigned char *) serverin + NTLM_TYPE2_TARGET_OFFSET,
			   (u_char **) &domain, NULL,
			   flags & NTLM_USE_UNICODE,
			   (u_char *) serverin, serverinlen);

	 (sendv2[0] == 'o' && sendv2[1] == 'n') || sendv2[0] == 't')) {

	/* put the cnonce in place after the LMv2 HMAC */
	char *cnonce = (char *) resp + MD5_DIGEST_LENGTH;

	params->utils->log(NULL, SASL_LOG_DEBUG,
			   "calculating LMv2 response");

	params->utils->rand(params->utils->rpool, cnonce, NTLM_NONCE_LENGTH);

	V2(resp, password, oparams->authid, domain,
	   (const unsigned char *) serverin + NTLM_TYPE2_CHALLENGE_OFFSET,
	   (const unsigned char *) cnonce, NTLM_NONCE_LENGTH,
	   params->utils, &text->out_buf, &text->out_buf_len, &result);

	lm_resp = resp;

Lines 248-254 static int sasldb_auxprop_store(void *glob_context __attribute__((unused)), Link Here

(-)a/plugins/sasldb.c (-1 / +1 lines)
248		248
249	ret = SASL_OK;	249	ret = SASL_OK;
250	for (cur = to_store; cur->name; cur++) {	250	for (cur = to_store; cur->name; cur++) {
251	char * value = (cur->values && cur->values[0]) ? cur->values[0] : NULL;	251	char * value = (char *) (cur->values && cur->values[0]) ? cur->values[0] : NULL;
252		252
253	if (cur->name[0] == '*') {	253	if (cur->name[0] == '*') {
254	continue;	254	continue;




    return buffer;
}

#ifdef SCRAM_DEBUG
/* Useful for debugging interop issues */
static void
print_hash (const char * func, const char * hash)

    }
    printf ("\n");
}
#endif


/* The result variable need to point to a buffer big enough for the [SHA-1] hash */

    if (HMAC(EVP_sha1(),
	     (const unsigned char *) str,
	     (int)str_len,
	     (const unsigned char *) initial_key,
	     (int)salt_len + 4,
             (unsigned char *)result,
	     &hash_len) == NULL) {

	if (HMAC(EVP_sha1(),
		 (const unsigned char *) str,
		 (int)str_len,
		 (const unsigned char *) temp_result,
		 SCRAM_HASH_SIZE,
		 (unsigned char *)temp_result,
		 &hash_len) == NULL) {

		       size_t * p_salt_len)
{
    char * result = utils->malloc(SCRAM_HASH_SIZE);
    Hi(utils, username, strlen(username), (const char *) g_salt_key, SALT_SIZE,
        20 /* iterations */, result);
    *p_salt_len = SCRAM_HASH_SIZE;
    return (unsigned char *) result;
}

static int


    /* SaltedPassword  := Hi(password, salt) */
    Hi (utils,
	(const char *) sec->data,
	sec->len,
	salt,
	salt_len,

    if (HMAC(EVP_sha1(),
	     (const unsigned char *) SaltedPassword,
	     SCRAM_HASH_SIZE,
	     (const unsigned char *) CLIENT_KEY_CONSTANT,
	     CLIENT_KEY_CONSTANT_LEN,
	     (unsigned char *)ClientKey,
	     &hash_len) == NULL) {

    }

    /* StoredKey       := H(ClientKey) */
    if (SHA1((const unsigned char *) ClientKey, SCRAM_HASH_SIZE,
        (unsigned char *) StoredKey) == NULL) {
	*error_text = "SHA1 call failed";
	result = SASL_SCRAM_INTERNAL;
	goto cleanup;

    if (HMAC(EVP_sha1(),
	     (const unsigned char *) SaltedPassword,
	     SCRAM_HASH_SIZE,
	     (const unsigned char *) SERVER_KEY_CONSTANT,
	     SERVER_KEY_CONSTANT_LEN,
	     (unsigned char *)ServerKey,
	     &hash_len) == NULL) {

				       NULL };
    int canon_flags;
    struct propval auxprop_values[3];
    unsigned int hash_len = 0;
    int result;

    if (clientinlen == 0) {

	char * s_iteration_count;
	char * end;

	text->salt = (char *) scram_server_user_salt(sparams->utils, text->authentication_id, &text->salt_len);

	sparams->utils->getopt(sparams->utils->getopt_context,
			       /* Different SCRAM hashes can have different strengh */
			       SCRAM_SASL_MECH,
			       "scram_iteration_counter",
			       (const char **) &s_iteration_count,
			       NULL);

	if (s_iteration_count != NULL) {

					 (unsigned int)base64_salt_len,
					 text->salt,
					 (unsigned int)base64_salt_len,
					 (unsigned int *) &text->salt_len) != SASL_OK) {
		SETERROR(sparams->utils, "Invalid base64 encoding of the salt in " SCRAM_SASL_MECH " stored value");
		continue;
	    }

    if (HMAC(EVP_sha1(),
	     (const unsigned char *) text->StoredKey,
	     SCRAM_HASH_SIZE,
	     (const unsigned char *)text->auth_message,
	     (int)text->auth_message_len,
	     (unsigned char *)ClientSignature,
	     &hash_len) == NULL) {

    }

    /* StoredKey       := H(ClientKey) */
    if (SHA1((const unsigned char *) ReceivedClientKey, SCRAM_HASH_SIZE,
        (unsigned char *) CalculatedStoredKey) == NULL) {
	sparams->utils->seterror(sparams->utils->conn,0,
				 "SHA1 call failed");
	result = SASL_SCRAM_INTERNAL;

    if (HMAC(EVP_sha1(),
	     (const unsigned char *) text->ServerKey,
	     SCRAM_HASH_SIZE,
	     (unsigned char *) text->auth_message,
	     (int)text->auth_message_len,
	     (unsigned char *)ServerSignature,
	     &hash_len) == NULL) {

			       /* Different SCRAM hashes can have different strengh */
			       SCRAM_SASL_MECH,
			       "scram_iteration_counter",
			       (const char **) &s_iteration_count,
			       NULL);

	if (s_iteration_count != NULL) {

	    goto cleanup;
	}
    	
	sprintf((char *) sec->data,
		"%s$%u:%s$%s:%s",
		SCRAM_SASL_MECH,
		iteration_count,
		base64_salt,
		base64_StoredKey,
		base64_ServerKey);
	sec->len = (unsigned int) strlen((const char *) sec->data);
    }
    
    /* do the store */

    if (!r) {
	r = sparams->utils->prop_set(propctx,
				     "authPassword",
				     (const char *) (sec ? sec->data : NULL),
				     (sec ? sec->len : 0));
    }
    if (!r) {


    if (userid != NULL && *userid != '\0') {
	result = encode_saslname (oparams->user,
				  (const char **) &encoded_authorization_id,
				  &freeme2);

	if (result != SASL_OK) {

    }

    result = encode_saslname (oparams->authid,
			      (const char **) &encoded_authcid,
			      &freeme);
    if (result != SASL_OK) {
	MEMERROR( params->utils );

	    goto cleanup;
	}

	channel_binding_data = (const char *) params->cbinding->data;
	channel_binding_data_len = params->cbinding->len;
    }



    /* SaltedPassword  := Hi(password, salt) */
    Hi (params->utils,
	(const char *) text->password->data,
	text->password->len,
	text->salt,
	text->salt_len,

    if (HMAC(EVP_sha1(),
	     (const unsigned char *) text->SaltedPassword,
	     SCRAM_HASH_SIZE,
	     (const unsigned char *) CLIENT_KEY_CONSTANT,
	     CLIENT_KEY_CONSTANT_LEN,
	     (unsigned char *)ClientKey,
	     &hash_len) == NULL) {

    PRINT_HASH ("ClientKey", ClientKey);

    /* StoredKey       := H(ClientKey) */
    if (SHA1((const unsigned char *) ClientKey, SCRAM_HASH_SIZE,
        (unsigned char *) StoredKey) == NULL) {
	params->utils->seterror(params->utils->conn,0,
				"SHA1 call failed");
	result = SASL_SCRAM_INTERNAL;

    if (HMAC(EVP_sha1(),
	     (const unsigned char *)StoredKey,
	     SCRAM_HASH_SIZE,
	     (const unsigned char *) text->auth_message,
	     (int)text->auth_message_len,
	     (unsigned char *)ClientSignature,
	     &hash_len) == NULL) {

    if (HMAC(EVP_sha1(),
	     (const unsigned char *)text->SaltedPassword,
	     SCRAM_HASH_SIZE,
	     (const unsigned char *) SERVER_KEY_CONSTANT,
	     SERVER_KEY_CONSTANT_LEN,
	     (unsigned char *)ServerKey,
	     &hash_len) == NULL) {

    if (HMAC(EVP_sha1(),
	     (const unsigned char *)ServerKey,
	     SCRAM_HASH_SIZE,
	     (const unsigned char *) text->auth_message,
	     (int)text->auth_message_len,
	     (unsigned char *)ServerSignature,
	     &hash_len) == NULL) {




    }

    x->len = len;
    strcpy((char *)x->data, password);
    memset(password, 0, len);
    
    *psecret = x;

	mech = buf;
    }

    r = sasl_client_start(conn, mech, NULL, &data, (unsigned int *) &len, &chosenmech);
    if (r != SASL_OK && r != SASL_CONTINUE) {
	saslerr(r, "starting SASL negotiation");
	printf("\n%s\n", sasl_errdetail(conn));

	}
	len = recv_string(in, buf, sizeof buf);

	r = sasl_client_step(conn, buf, len, NULL, &data, (unsigned int *) &len);
	if (r != SASL_OK && r != SASL_CONTINUE) {
	    saslerr(r, "performing SASL negotiation");
	    printf("\n%s\n", sasl_errdetail(conn));


    /* set ip addresses */
    salen = sizeof(local_ip);
    if (getsockname(fd, (struct sockaddr *)&local_ip, (unsigned int*) &salen) < 0) {
	perror("getsockname");
    }


    snprintf(localaddr, sizeof(localaddr), "%s;%s", hbuf, pbuf);

    salen = sizeof(remote_ip);
    if (getpeername(fd, (struct sockaddr *)&remote_ip, (unsigned int *) &salen) < 0) {
	perror("getpeername");
    }


    if (cb_flag) {
        cb.name = "sasl-sample";
        cb.critical = cb_flag > 1;
        cb.data = (unsigned char *) "this is a test of channel binding";
        cb.len = (unsigned int) strlen((const char *) cb.data);

        sasl_setprop(conn, SASL_CHANNEL_BINDING, &cb);
    }





	dprintf(1, "generating client mechanism list... ");
	r = sasl_listmech(conn, NULL, NULL, " ", NULL,
			  &data, (unsigned int *) &len, &count);
	if (r != SASL_OK) saslfail(r, "generating mechanism list");
	dprintf(1, "%d mechanisms\n", count);
    }


        /* start libsasl negotiation */
        r = sasl_server_start(conn, chosenmech, buf, len,
			      &data, (unsigned int *) &len);
    } else {
	r = sasl_server_start(conn, chosenmech, NULL, 0,
			      &data, (unsigned int *) &len);
    }
    
    if (r != SASL_OK && r != SASL_CONTINUE) {

	    return -1;
	}

	r = sasl_server_step(conn, buf, len, &data, (unsigned int *) &len);
	if (r != SASL_OK && r != SASL_CONTINUE) {
	    saslerr(r, "performing SASL negotiation");
	    fputc('N', out); /* send NO to client */


	/* set ip addresses */
	salen = sizeof(local_ip);
	if (getsockname(fd, (struct sockaddr *)&local_ip, (unsigned int *) &salen) < 0) {
	    perror("getsockname");
	}
	niflags = (NI_NUMERICHOST | NI_NUMERICSERV);

        snprintf(localaddr, sizeof(localaddr), "%s;%s", hbuf, pbuf);

	salen = sizeof(remote_ip);
	if (getpeername(fd, (struct sockaddr *)&remote_ip, (unsigned int *) &salen) < 0) {
	    perror("getpeername");
	}



	cb.name = "sasl-sample";
	cb.critical = cb_flag > 1;
	cb.data = (const unsigned char *) "this is a test of channel binding";
	cb.len = (unsigned int) strlen((const char *) cb.data);

	if (cb_flag) {
	    sasl_setprop(conn, SASL_CHANNEL_BINDING, &cb);

        maj_stat = gss_display_status(&min_stat, code,
                                      type, GSS_C_NULL_OID,
                                      &msg_ctx, &msg);
        fprintf(stderr, "%s (%u): %s\n", m, maj_stat, (char *)msg.value);
        (void) gss_release_buffer(&min_stat, &msg);

        if (!msg_ctx)

Lines 42-47 Link Here

(-)a/saslauthd/auth_getpwent.c (+1 lines)
42	#include <pwd.h>	42	#include <pwd.h>
43	#include <errno.h>	43	#include <errno.h>
44	#include <syslog.h>	44	#include <syslog.h>
		45	#include <stdio.h>
45		46
46	#ifdef HAVE_CRYPT_H	47	#ifdef HAVE_CRYPT_H
47	#include <crypt.h>	48	#include <crypt.h>

Lines 505-511 auth_httpform ( Link Here

(-)a/saslauthd/auth_httpform.c (-1 lines)
505	int s=-1; /* socket to remote auth host */	505	int s=-1; /* socket to remote auth host */
506	struct addrinfo r; / remote socket address info */	506	struct addrinfo r; / remote socket address info */
507	char req; / request, with user and pw */	507	char req; / request, with user and pw */
508	char c; / scratch pointer */
509	int rc; /* return code scratch area */	508	int rc; /* return code scratch area */
510	char postbuf[RESP_LEN]; /* request buffer */	509	char postbuf[RESP_LEN]; /* request buffer */
511	int postlen; /* length of post request */	510	int postlen; /* length of post request */

Lines 79-85 auth_krb5_init ( Link Here

(-)a/saslauthd/auth_krb5.c (-2 / +1 lines)
79	)	79	)
80	{	80	{
81	#ifdef AUTH_KRB5	81	#ifdef AUTH_KRB5
82	int rc;
83	char *configname = 0;	82	char *configname = 0;
84		83
85	if (krbtf_init() == -1) {	84	if (krbtf_init() == -1) {
Lines 102-108 auth_krb5_init ( Link Here
102	}	101	}
103		102
104	if (config) {	103	if (config) {
105	keytabname = cfile_getstring(config, "krb5_keytab", keytabname);	104	keytabname = (char *) cfile_getstring(config, "krb5_keytab", keytabname);
106	verify_principal = cfile_getstring(config, "krb5_verify_principal", verify_principal);	105	verify_principal = cfile_getstring(config, "krb5_verify_principal", verify_principal);
107	}	106	}
108		107




  /* END PARAMETERS */
  )
{
    /* VARIABLES */
    struct addrinfo hints;
    int err;
    char *c;				/* scratch pointer               */
    /* END VARIABLES */

    if (mech_option != NULL) {
	SASLAUTHD_CONF_FILE = mech_option;
    }

Lines 35-40 Link Here

(-)a/saslauthd/auth_shadow.c (-1 / +2 lines)
35		35
36	/* PUBLIC DEPENDENCIES */	36	/* PUBLIC DEPENDENCIES */
37	#include "mechanisms.h"	37	#include "mechanisms.h"
		38	#include <stdio.h>
38		39
39	#ifdef AUTH_SHADOW	40	#ifdef AUTH_SHADOW
40		41
Lines 239-245 auth_shadow ( Link Here
239		240
240	if ((sp->sp_expire != -1) && (today > sp->sp_expire)) {	241	if ((sp->sp_expire != -1) && (today > sp->sp_expire)) {
241	if (flags & VERBOSE) {	242	if (flags & VERBOSE) {
242	syslog(LOG_DEBUG, "DEBUG: auth_shadow: account expired: %dl > %dl",	243	syslog(LOG_DEBUG, "DEBUG: auth_shadow: account expired: %ld > %ld",
243	today, sp->sp_expire);	244	today, sp->sp_expire);
244	}	245	}
245	RETURN("NO Account expired");	246	RETURN("NO Account expired");

Lines 76-82 cfile cfile_read(const char filename, char complaint, int complaint_len) Link Here

(-)a/saslauthd/cfile.c (-1 lines)
76	int alloced = 0;	76	int alloced = 0;
77	char buf[BIG_ENOUGH];	77	char buf[BIG_ENOUGH];
78	char p, key;	78	char p, key;
79	int result;
80	struct cfile *cf;	79	struct cfile *cf;
81		80
82	if (complaint)	81	if (complaint)

Lines 232-238 void ipc_loop() { Link Here

(-)a/saslauthd/ipc_unix.c (-1 / +1 lines)
232	continue;	232	continue;
233	}	233	}
234		234
235	conn_fd = accept(sock_fd, (struct sockaddr *)&client, &len);	235	conn_fd = accept(sock_fd, (struct sockaddr )&client, (unsigned int ) &len);
236	rc = errno;	236	rc = errno;
237		237
238	rel_accept_lock();	238	rel_accept_lock();





	rc = ldap_set_option(lak->ld, LDAP_OPT_NETWORK_TIMEOUT, &(lak->conf->timeout));
	if (rc != LDAP_OPT_SUCCESS) {
		syslog(LOG_WARNING|LOG_AUTH, "Unable to set LDAP_OPT_NETWORK_TIMEOUT %ld.%ld.", lak->conf->timeout.tv_sec, lak->conf->timeout.tv_usec);
	}

	rc = ldap_set_option(lak->ld, LDAP_OPT_TIMEOUT, &(lak->conf->timeout));
	if (rc != LDAP_OPT_SUCCESS) {
		syslog(LOG_WARNING|LOG_AUTH, "Unable to set LDAP_OPT_TIMEOUT %ld.%ld.", lak->conf->timeout.tv_sec, lak->conf->timeout.tv_usec);
	}

	rc = ldap_set_option(lak->ld, LDAP_OPT_TIMELIMIT, &(lak->conf->time_limit));

		return LAK_NOMEM;

	EVP_DecodeInit(&EVP_ctx);
	rc = EVP_DecodeUpdate(&EVP_ctx, (unsigned char *) text, &i, (const unsigned char *)src, strlen(src));
	if (rc < 0) {
		free(text);
		return LAK_FAIL;
	}
	tlen += i;
	EVP_DecodeFinal(&EVP_ctx, (unsigned char *) text, &i);

	*ret = text;
	if (rlen != NULL)

Lines 631-637 void detach_tty() { Link Here

(-)a/saslauthd/saslauthd-main.c (-2 lines)
631	int null_fd;	631	int null_fd;
632	int exit_result;	632	int exit_result;
633	pid_t pid;	633	pid_t pid;
634	char pid_buf[100];
635	struct flock lockinfo;	634	struct flock lockinfo;
636		635
637	/**************************************************************	636	/**************************************************************
Lines 893-899 void handle_sigchld() { Link Here
893	* Do some final cleanup here.	892	* Do some final cleanup here.
894	**************************************************************/	893	**************************************************************/
895	void server_exit() {	894	void server_exit() {
896	struct flock lock_st;
897		895
898	/*********************************************************	896	/*********************************************************
899	* If we're not the master process, don't do anything	897	* If we're not the master process, don't do anything




    struct sockaddr_un srvaddr;
    int r;
    unsigned short count;
    void *context;
    char pwpath[sizeof(srvaddr.sun_path)];
    const char *p = NULL;
#ifdef USE_DOORS
    door_arg_t arg;
#endif

     */
    {
 	unsigned short u_len, p_len, s_len, r_len;
 	struct iovec iov[8];
 
 	u_len = htons(strlen(userid));
 	p_len = htons(strlen(passwd));

  const char *realm = NULL, *service = NULL, *path = NULL;
  int c;
  int flag_error = 0;
  int result = 0;
  const char *errstr = NULL;
  int result;
  char *user_domain = NULL;
  int repeat = 0;

  while ((c = getopt(argc, argv, "p:u:r:s:f:R:")) != EOF)

Lines 376-382 int good_getopt(void *context __attribute__((unused)), Link Here

(-)a/utils/dbconverter-2.c (-1 / +1 lines)
376	}	376	}
377		377
378	static struct sasl_callback goodsasl_cb[] = {	378	static struct sasl_callback goodsasl_cb[] = {
379	{ SASL_CB_GETOPT, &good_getopt, NULL },	379	{ SASL_CB_GETOPT, (int (*)(void))&good_getopt, NULL },
380	{ SASL_CB_LIST_END, NULL, NULL }	380	{ SASL_CB_LIST_END, NULL, NULL }
381	};	381	};
382		382




        case 'b':
            options = optarg;
            while (*options != '\0') {
	        switch(getsubopt(&options, (char * const *)bit_subopts, &value)) {
	        case OPT_MIN:
                    if (! value) {
	                errflag = 1;

        case 'e':
            options = optarg;
            while (*options != '\0') {
	        switch(getsubopt(&options, (char * const *)ext_subopts, &value)) {
	        case OPT_EXT_SSF:
                    if (! value) {
	                errflag = 1;

        case 'f':
            options = optarg;
            while (*options != '\0') {
	        switch(getsubopt(&options, (char * const *)flag_subopts, &value)) {
	        case OPT_NOPLAIN:
	            secprops.security_flags |= SASL_SEC_NOPLAINTEXT;
	            break;
- 

Return to bug 592528

Lines 116-124 static int _sasl_make_plain_secret(const char *salt, Link Here

(-)a/lib/checkpw.c (-5 / +5 lines)
116	}	116	}
117		117
118	_sasl_MD5Init(&ctx);	118	_sasl_MD5Init(&ctx);
119	_sasl_MD5Update(&ctx, salt, 16);	119	_sasl_MD5Update(&ctx, (const unsigned char *) salt, 16);
120	_sasl_MD5Update(&ctx, "sasldb", 6);	120	_sasl_MD5Update(&ctx, (const unsigned char *) "sasldb", 6);
121	_sasl_MD5Update(&ctx, passwd, (unsigned int) passlen);	121	_sasl_MD5Update(&ctx, (const unsigned char *) passwd, (unsigned int) passlen);
122	memcpy((*secret)->data, salt, 16);	122	memcpy((*secret)->data, salt, 16);
123	(*secret)->data[16] = '\0';	123	(*secret)->data[16] = '\0';
124	_sasl_MD5Final((*secret)->data + 17, &ctx);	124	_sasl_MD5Final((*secret)->data + 17, &ctx);
Lines 368-375 int _sasl_auxprop_verify_apop(sasl_conn_t *conn, Link Here
368	}	368	}
369		369
370	_sasl_MD5Init(&ctx);	370	_sasl_MD5Init(&ctx);
371	_sasl_MD5Update(&ctx, challenge, strlen(challenge));	371	_sasl_MD5Update(&ctx, (const unsigned char *) challenge, strlen(challenge));
372	_sasl_MD5Update(&ctx, auxprop_values[0].values[0],	372	_sasl_MD5Update(&ctx, (const unsigned char *) auxprop_values[0].values[0],
373	strlen(auxprop_values[0].values[0]));	373	strlen(auxprop_values[0].values[0]));
374	_sasl_MD5Final(digest, &ctx);	374	_sasl_MD5Final(digest, &ctx);
375		375

Lines 1526-1537 _sasl_getsimple(void *context, Link Here

(-)a/lib/common.c (-3 lines)
1526	size_t *len)	1526	size_t *len)
1527	{	1527	{
1528	const char *userid;	1528	const char *userid;
1529	sasl_conn_t *conn;
1530		1529
1531	if (! context \|\| ! result) return SASL_BADPARAM;	1530	if (! context \|\| ! result) return SASL_BADPARAM;
1532		1531
1533	conn = (sasl_conn_t *)context;
1534
1535	switch(id) {	1532	switch(id) {
1536	case SASL_CB_AUTHNAME:	1533	case SASL_CB_AUTHNAME:
1537	userid = getenv("USER");	1534	userid = getenv("USER");

Lines 3048-3054 static int digestmd5_server_mech_step(void *conn_context, Link Here

(-)a/plugins/digestmd5.c (-4 / +2 lines)
3048	memset(oparams, 0, sizeof(sasl_out_params_t));	3048	memset(oparams, 0, sizeof(sasl_out_params_t));
3049	if (text->nonce) sparams->utils->free(text->nonce);	3049	if (text->nonce) sparams->utils->free(text->nonce);
3050	if (text->realm) sparams->utils->free(text->realm);	3050	if (text->realm) sparams->utils->free(text->realm);
3051	text->nonce = text->realm = NULL;	3051	text->realm = NULL;
		3052	text->nonce = NULL;
3052		3053
3053	/* fall through and issue challenge */	3054	/* fall through and issue challenge */
3054	}	3055	}
Lines 3650-3656 static int parse_server_challenge(client_context_t *ctext, Link Here
3650	int saw_qop = 0;	3651	int saw_qop = 0;
3651	int ciphers = 0;	3652	int ciphers = 0;
3652	int maxbuf_count = 0;	3653	int maxbuf_count = 0;
3653	bool IsUTF8 = FALSE;
3654	int algorithm_count = 0;	3654	int algorithm_count = 0;
3655	int opaque_count = 0;	3655	int opaque_count = 0;
3656		3656
Lines 3867-3874 SKIP_SPACES_IN_CIPHER: Link Here
3867	params->utils->seterror(params->utils->conn, 0,	3867	params->utils->seterror(params->utils->conn, 0,
3868	"Charset must be UTF-8");	3868	"Charset must be UTF-8");
3869	goto FreeAllocatedMem;	3869	goto FreeAllocatedMem;
3870	} else {
3871	IsUTF8 = TRUE;
3872	}	3870	}
3873	} else if (strcasecmp(name,"algorithm")==0) {	3871	} else if (strcasecmp(name,"algorithm")==0) {
3874	if (text->http_mode && strcasecmp(value, "md5") == 0) {	3872	if (text->http_mode && strcasecmp(value, "md5") == 0) {

Lines 275-281 static void load_buffer(u_char buf, const u_char str, uint16 len, Link Here

(-)a/plugins/ntlm.c (-33 / +42 lines)
275	{	275	{
276	if (len) {	276	if (len) {
277	if (unicode) {	277	if (unicode) {
278	to_unicode(base + *offset, str, len);	278	to_unicode(base + offset, (const char ) str, len);
279	len *= 2;	279	len *= 2;
280	}	280	}
281	else {	281	else {
Lines 373-382 static unsigned char P16_lm(unsigned char P16, sasl_secret_t *passwd, Link Here
373	char P14[14];	373	char P14[14];
374	unsigned char S8[] = { 0x4b, 0x47, 0x53, 0x21, 0x40, 0x23, 0x24, 0x25 };	374	unsigned char S8[] = { 0x4b, 0x47, 0x53, 0x21, 0x40, 0x23, 0x24, 0x25 };
375		375
376	strncpy(P14, passwd->data, sizeof(P14));	376	strncpy(P14, (const char *) passwd->data, sizeof(P14));
377	ucase(P14, sizeof(P14));	377	ucase(P14, sizeof(P14));
378		378
379	E(P16, P14, sizeof(P14), S8, sizeof(S8));	379	E(P16, (unsigned char *) P14, sizeof(P14), S8, sizeof(S8));
380	*result = SASL_OK;	380	*result = SASL_OK;
381	return P16;	381	return P16;
382	}	382	}
Lines 390-397 static unsigned char P16_nt(unsigned char P16, sasl_secret_t *passwd, Link Here
390	*result = SASL_NOMEM;	390	*result = SASL_NOMEM;
391	}	391	}
392	else {	392	else {
393	to_unicode(*buf, passwd->data, passwd->len);	393	to_unicode((unsigned char ) buf, (const char *) passwd->data, passwd->len);
394	MD4(buf, 2 passwd->len, P16);	394	MD4((unsigned char ) buf, 2 * passwd->len, P16);
395	*result = SASL_OK;	395	*result = SASL_OK;
396	}	396	}
397	return P16;	397	return P16;
Lines 444-452 static unsigned char V2(unsigned char V2, sasl_secret_t *passwd, Link Here
444	strcpy(upper, authid);	444	strcpy(upper, authid);
445	if (target) strcat(upper, target);	445	if (target) strcat(upper, target);
446	ucase(upper, len);	446	ucase(upper, len);
447	to_unicode(*buf, upper, len);	447	to_unicode((unsigned char ) buf, upper, len);
448		448
449	HMAC(EVP_md5(), hash, MD4_DIGEST_LENGTH, buf, 2 len, hash, &len);	449	HMAC(EVP_md5(), hash, MD4_DIGEST_LENGTH, (unsigned char ) buf, 2 * len, hash, &len);
450		450
451	/* V2 = HMAC-MD5(NTLMv2hash, challenge + blob) + blob */	451	/* V2 = HMAC-MD5(NTLMv2hash, challenge + blob) + blob */
452	HMAC_Init(&ctx, hash, len, EVP_md5());	452	HMAC_Init(&ctx, hash, len, EVP_md5());
Lines 768-775 static void make_netbios_name(const char *in, unsigned char out[]) Link Here
768	*/	768	*/
769	n = strcspn(in, ".");	769	n = strcspn(in, ".");
770	if (n > 16) n = 16;	770	if (n > 16) n = 16;
771	strncpy(out+18, in, n);	771	strncpy((char *) out+18, in, n);
772	in = out+18;	772	in = (char *) out+18;
773	ucase(in, n);	773	ucase(in, n);
774		774
775	out[j++] = 0x20;	775	out[j++] = 0x20;
Lines 1033-1039 static int smb_negotiate_protocol(const sasl_utils_t *utils, Link Here
1033	"NTLM: error reading NEGPROT response");	1033	"NTLM: error reading NEGPROT response");
1034	return SASL_FAIL;	1034	return SASL_FAIL;
1035	}	1035	}
1036	p = text->out_buf;	1036	p = (unsigned char *) text->out_buf;
1037		1037
1038	/* parse the header */	1038	/* parse the header */
1039	if (len < SMB_HDR_SIZE) {	1039	if (len < SMB_HDR_SIZE) {
Lines 1115-1121 static int smb_negotiate_protocol(const sasl_utils_t *utils, Link Here
1115	return SASL_NOMEM;	1115	return SASL_NOMEM;
1116	}	1116	}
1117	memcpy(*domain, p, len);	1117	memcpy(*domain, p, len);
1118	from_unicode(domain, domain, len);	1118	from_unicode(domain, (unsigned char ) *domain, len);
1119		1119
1120	text->flags \|= NTLM_TARGET_IS_DOMAIN;	1120	text->flags \|= NTLM_TARGET_IS_DOMAIN;
1121	}	1121	}
Lines 1256-1262 static int smb_session_setup(const sasl_utils_t utils, server_context_t text, Link Here
1256	"NTLM: error reading SESSIONSETUP response");	1256	"NTLM: error reading SESSIONSETUP response");
1257	return SASL_FAIL;	1257	return SASL_FAIL;
1258	}	1258	}
1259	p = text->out_buf;	1259	p = (unsigned char *) text->out_buf;
1260		1260
1261	/* parse the header */	1261	/* parse the header */
1262	if (len < SMB_HDR_SIZE) {	1262	if (len < SMB_HDR_SIZE) {
Lines 1343-1354 static int create_challenge(const sasl_utils_t *utils, Link Here
1343	return SASL_NOMEM;	1343	return SASL_NOMEM;
1344	}	1344	}
1345		1345
1346	base = *buf;	1346	base = (unsigned char ) buf;
1347	memset(base, 0, *outlen);	1347	memset(base, 0, *outlen);
1348	memcpy(base + NTLM_SIG_OFFSET, NTLM_SIGNATURE, sizeof(NTLM_SIGNATURE));	1348	memcpy(base + NTLM_SIG_OFFSET, NTLM_SIGNATURE, sizeof(NTLM_SIGNATURE));
1349	htoil(base + NTLM_TYPE_OFFSET, NTLM_TYPE_CHALLENGE);	1349	htoil(base + NTLM_TYPE_OFFSET, NTLM_TYPE_CHALLENGE);
1350	load_buffer(base + NTLM_TYPE2_TARGET_OFFSET,	1350	load_buffer(base + NTLM_TYPE2_TARGET_OFFSET,
1351	ucase(target, 0), (uint16) xstrlen(target), flags & NTLM_USE_UNICODE,	1351	(const unsigned char *) ucase(target, 0), (uint16) xstrlen(target), flags & NTLM_USE_UNICODE,
1352	base, &offset);	1352	base, &offset);
1353	htoil(base + NTLM_TYPE2_FLAGS_OFFSET, flags);	1353	htoil(base + NTLM_TYPE2_FLAGS_OFFSET, flags);
1354	memcpy(base + NTLM_TYPE2_CHALLENGE_OFFSET, nonce, NTLM_NONCE_LENGTH);	1354	memcpy(base + NTLM_TYPE2_CHALLENGE_OFFSET, nonce, NTLM_NONCE_LENGTH);
Lines 1500-1525 static int ntlm_server_mech_step2(server_context_t *text, Link Here
1500	return SASL_BADPROT;	1500	return SASL_BADPROT;
1501	}	1501	}
1502		1502
1503	result = unload_buffer(sparams->utils, clientin + NTLM_TYPE3_LMRESP_OFFSET,	1503	result = unload_buffer(sparams->utils,
		1504	(const unsigned char *) clientin + NTLM_TYPE3_LMRESP_OFFSET,
1504	(u_char **) &lm_resp, &lm_resp_len, 0,	1505	(u_char **) &lm_resp, &lm_resp_len, 0,
1505	clientin, clientinlen);	1506	(const unsigned char *) clientin, clientinlen);
1506	if (result != SASL_OK) goto cleanup;	1507	if (result != SASL_OK) goto cleanup;
1507		1508
1508	result = unload_buffer(sparams->utils, clientin + NTLM_TYPE3_NTRESP_OFFSET,	1509	result = unload_buffer(sparams->utils,
		1510	(const unsigned char *) clientin + NTLM_TYPE3_NTRESP_OFFSET,
1509	(u_char **) &nt_resp, &nt_resp_len, 0,	1511	(u_char **) &nt_resp, &nt_resp_len, 0,
1510	clientin, clientinlen);	1512	(const unsigned char *) clientin, clientinlen);
1511	if (result != SASL_OK) goto cleanup;	1513	if (result != SASL_OK) goto cleanup;
1512		1514
1513	result = unload_buffer(sparams->utils, clientin + NTLM_TYPE3_DOMAIN_OFFSET,	1515	result = unload_buffer(sparams->utils,
		1516	(const unsigned char *) clientin + NTLM_TYPE3_DOMAIN_OFFSET,
1514	(u_char **) &domain, &domain_len,	1517	(u_char **) &domain, &domain_len,
1515	text->flags & NTLM_USE_UNICODE,	1518	text->flags & NTLM_USE_UNICODE,
1516	clientin, clientinlen);	1519	(const unsigned char *) clientin, clientinlen);
1517	if (result != SASL_OK) goto cleanup;	1520	if (result != SASL_OK) goto cleanup;
1518		1521
1519	result = unload_buffer(sparams->utils, clientin + NTLM_TYPE3_USER_OFFSET,	1522	result = unload_buffer(sparams->utils,
		1523	(const unsigned char *) clientin + NTLM_TYPE3_USER_OFFSET,
1520	(u_char **) &authid, &authid_len,	1524	(u_char **) &authid, &authid_len,
1521	text->flags & NTLM_USE_UNICODE,	1525	text->flags & NTLM_USE_UNICODE,
1522	clientin, clientinlen);	1526	(const unsigned char *) clientin, clientinlen);
1523	if (result != SASL_OK) goto cleanup;	1527	if (result != SASL_OK) goto cleanup;
1524		1528
1525	/* require at least one response and an authid */	1529	/* require at least one response and an authid */
Lines 1582-1588 static int ntlm_server_mech_step2(server_context_t *text, Link Here
1582	}	1586	}
1583		1587
1584	password->len = (unsigned) pass_len;	1588	password->len = (unsigned) pass_len;
1585	strncpy(password->data, auxprop_values[0].values[0], pass_len + 1);	1589	strncpy((char *) password->data, auxprop_values[0].values[0], pass_len + 1);
1586		1590
1587	/* erase the plaintext password */	1591	/* erase the plaintext password */
1588	sparams->utils->prop_erase(sparams->propctx, password_request[0]);	1592	sparams->utils->prop_erase(sparams->propctx, password_request[0]);
Lines 1805-1819 static int create_request(const sasl_utils_t *utils, Link Here
1805	return SASL_NOMEM;	1809	return SASL_NOMEM;
1806	}	1810	}
1807		1811
1808	base = *buf;	1812	base = (unsigned char ) buf;
1809	memset(base, 0, *outlen);	1813	memset(base, 0, *outlen);
1810	memcpy(base + NTLM_SIG_OFFSET, NTLM_SIGNATURE, sizeof(NTLM_SIGNATURE));	1814	memcpy(base + NTLM_SIG_OFFSET, NTLM_SIGNATURE, sizeof(NTLM_SIGNATURE));
1811	htoil(base + NTLM_TYPE_OFFSET, NTLM_TYPE_REQUEST);	1815	htoil(base + NTLM_TYPE_OFFSET, NTLM_TYPE_REQUEST);
1812	htoil(base + NTLM_TYPE1_FLAGS_OFFSET, flags);	1816	htoil(base + NTLM_TYPE1_FLAGS_OFFSET, flags);
1813	load_buffer(base + NTLM_TYPE1_DOMAIN_OFFSET,	1817	load_buffer(base + NTLM_TYPE1_DOMAIN_OFFSET,
1814	domain, (uint16) xstrlen(domain), 0, base, &offset);	1818	(const unsigned char *) domain, (uint16) xstrlen(domain), 0, base, &offset);
1815	load_buffer(base + NTLM_TYPE1_WORKSTN_OFFSET,	1819	load_buffer(base + NTLM_TYPE1_WORKSTN_OFFSET,
1816	wkstn, (uint16) xstrlen(wkstn), 0, base, &offset);	1820	(const unsigned char *) wkstn, (uint16) xstrlen(wkstn), 0, base, &offset);
1817		1821
1818	return SASL_OK;	1822	return SASL_OK;
1819	}	1823	}
Lines 1858-1864 static int create_response(const sasl_utils_t *utils, Link Here
1858	return SASL_NOMEM;	1862	return SASL_NOMEM;
1859	}	1863	}
1860		1864
1861	base = *buf;	1865	base = (unsigned char ) buf;
1862	memset(base, 0, *outlen);	1866	memset(base, 0, *outlen);
1863	memcpy(base + NTLM_SIG_OFFSET, NTLM_SIGNATURE, sizeof(NTLM_SIGNATURE));	1867	memcpy(base + NTLM_SIG_OFFSET, NTLM_SIGNATURE, sizeof(NTLM_SIGNATURE));
1864	htoil(base + NTLM_TYPE_OFFSET, NTLM_TYPE_RESPONSE);	1868	htoil(base + NTLM_TYPE_OFFSET, NTLM_TYPE_RESPONSE);
Lines 1867-1878 static int create_response(const sasl_utils_t *utils, Link Here
1867	load_buffer(base + NTLM_TYPE3_NTRESP_OFFSET,	1871	load_buffer(base + NTLM_TYPE3_NTRESP_OFFSET,
1868	nt_resp, nt_resp ? NTLM_RESP_LENGTH : 0, 0, base, &offset);	1872	nt_resp, nt_resp ? NTLM_RESP_LENGTH : 0, 0, base, &offset);
1869	load_buffer(base + NTLM_TYPE3_DOMAIN_OFFSET,	1873	load_buffer(base + NTLM_TYPE3_DOMAIN_OFFSET,
1870	ucase(domain, 0), (uint16) xstrlen(domain), flags & NTLM_USE_UNICODE,	1874	(const unsigned char *) ucase(domain, 0), (uint16) xstrlen(domain),
		1875	flags & NTLM_USE_UNICODE,
1871	base, &offset);	1876	base, &offset);
1872	load_buffer(base + NTLM_TYPE3_USER_OFFSET,	1877	load_buffer(base + NTLM_TYPE3_USER_OFFSET,
1873	user, (uint16) xstrlen(user), flags & NTLM_USE_UNICODE, base, &offset);	1878	(const unsigned char *) user, (uint16) xstrlen(user),
		1879	flags & NTLM_USE_UNICODE, base, &offset);
1874	load_buffer(base + NTLM_TYPE3_WORKSTN_OFFSET,	1880	load_buffer(base + NTLM_TYPE3_WORKSTN_OFFSET,
1875	ucase(wkstn, 0), (uint16) xstrlen(wkstn), flags & NTLM_USE_UNICODE,	1881	(const unsigned char *) ucase(wkstn, 0), (uint16) xstrlen(wkstn),
		1882	flags & NTLM_USE_UNICODE,
1876	base, &offset);	1883	base, &offset);
1877	load_buffer(base + NTLM_TYPE3_SESSIONKEY_OFFSET,	1884	load_buffer(base + NTLM_TYPE3_SESSIONKEY_OFFSET,
1878	key, key ? NTLM_SESSKEY_LENGTH : 0, 0, base, &offset);	1885	key, key ? NTLM_SESSKEY_LENGTH : 0, 0, base, &offset);
Lines 2011-2017 static int ntlm_client_mech_step2(client_context_t *text, Link Here
2011		2018
2012	flags &= NTLM_FLAGS_MASK; /* mask off the bits we don't support */	2019	flags &= NTLM_FLAGS_MASK; /* mask off the bits we don't support */
2013		2020
2014	result = unload_buffer(params->utils, serverin + NTLM_TYPE2_TARGET_OFFSET,	2021	result = unload_buffer(params->utils,
		2022	(const unsigned char *) serverin + NTLM_TYPE2_TARGET_OFFSET,
2015	(u_char **) &domain, NULL,	2023	(u_char **) &domain, NULL,
2016	flags & NTLM_USE_UNICODE,	2024	flags & NTLM_USE_UNICODE,
2017	(u_char *) serverin, serverinlen);	2025	(u_char *) serverin, serverinlen);
Lines 2027-2033 static int ntlm_client_mech_step2(client_context_t *text, Link Here
2027	(sendv2[0] == 'o' && sendv2[1] == 'n') \|\| sendv2[0] == 't')) {	2035	(sendv2[0] == 'o' && sendv2[1] == 'n') \|\| sendv2[0] == 't')) {
2028		2036
2029	/* put the cnonce in place after the LMv2 HMAC */	2037	/* put the cnonce in place after the LMv2 HMAC */
2030	char *cnonce = resp + MD5_DIGEST_LENGTH;	2038	char cnonce = (char ) resp + MD5_DIGEST_LENGTH;
2031		2039
2032	params->utils->log(NULL, SASL_LOG_DEBUG,	2040	params->utils->log(NULL, SASL_LOG_DEBUG,
2033	"calculating LMv2 response");	2041	"calculating LMv2 response");
Lines 2035-2041 static int ntlm_client_mech_step2(client_context_t *text, Link Here
2035	params->utils->rand(params->utils->rpool, cnonce, NTLM_NONCE_LENGTH);	2043	params->utils->rand(params->utils->rpool, cnonce, NTLM_NONCE_LENGTH);
2036		2044
2037	V2(resp, password, oparams->authid, domain,	2045	V2(resp, password, oparams->authid, domain,
2038	serverin + NTLM_TYPE2_CHALLENGE_OFFSET, cnonce, NTLM_NONCE_LENGTH,	2046	(const unsigned char *) serverin + NTLM_TYPE2_CHALLENGE_OFFSET,
		2047	(const unsigned char *) cnonce, NTLM_NONCE_LENGTH,
2039	params->utils, &text->out_buf, &text->out_buf_len, &result);	2048	params->utils, &text->out_buf, &text->out_buf_len, &result);
2040		2049
2041	lm_resp = resp;	2050	lm_resp = resp;

Lines 174-180 getsecret(sasl_conn_t *conn, Link Here

(-)a/sample/client.c (-7 / +7 lines)
174	}	174	}
175		175
176	x->len = len;	176	x->len = len;
177	strcpy(x->data, password);	177	strcpy((char *)x->data, password);
178	memset(password, 0, len);	178	memset(password, 0, len);
179		179
180	*psecret = x;	180	*psecret = x;
Lines 255-261 int mysasl_negotiate(FILE in, FILE out, sasl_conn_t *conn) Link Here
255	mech = buf;	255	mech = buf;
256	}	256	}
257		257
258	r = sasl_client_start(conn, mech, NULL, &data, &len, &chosenmech);	258	r = sasl_client_start(conn, mech, NULL, &data, (unsigned int *) &len, &chosenmech);
259	if (r != SASL_OK && r != SASL_CONTINUE) {	259	if (r != SASL_OK && r != SASL_CONTINUE) {
260	saslerr(r, "starting SASL negotiation");	260	saslerr(r, "starting SASL negotiation");
261	printf("\n%s\n", sasl_errdetail(conn));	261	printf("\n%s\n", sasl_errdetail(conn));
Lines 295-301 int mysasl_negotiate(FILE in, FILE out, sasl_conn_t *conn) Link Here
295	}	295	}
296	len = recv_string(in, buf, sizeof buf);	296	len = recv_string(in, buf, sizeof buf);
297		297
298	r = sasl_client_step(conn, buf, len, NULL, &data, &len);	298	r = sasl_client_step(conn, buf, len, NULL, &data, (unsigned int *) &len);
299	if (r != SASL_OK && r != SASL_CONTINUE) {	299	if (r != SASL_OK && r != SASL_CONTINUE) {
300	saslerr(r, "performing SASL negotiation");	300	saslerr(r, "performing SASL negotiation");
301	printf("\n%s\n", sasl_errdetail(conn));	301	printf("\n%s\n", sasl_errdetail(conn));
Lines 389-395 int main(int argc, char *argv[]) Link Here
389		389
390	/* set ip addresses */	390	/* set ip addresses */
391	salen = sizeof(local_ip);	391	salen = sizeof(local_ip);
392	if (getsockname(fd, (struct sockaddr *)&local_ip, &salen) < 0) {	392	if (getsockname(fd, (struct sockaddr )&local_ip, (unsigned int) &salen) < 0) {
393	perror("getsockname");	393	perror("getsockname");
394	}	394	}
395		395
Lines 408-414 int main(int argc, char *argv[]) Link Here
408	snprintf(localaddr, sizeof(localaddr), "%s;%s", hbuf, pbuf);	408	snprintf(localaddr, sizeof(localaddr), "%s;%s", hbuf, pbuf);
409		409
410	salen = sizeof(remote_ip);	410	salen = sizeof(remote_ip);
411	if (getpeername(fd, (struct sockaddr *)&remote_ip, &salen) < 0) {	411	if (getpeername(fd, (struct sockaddr )&remote_ip, (unsigned int ) &salen) < 0) {
412	perror("getpeername");	412	perror("getpeername");
413	}	413	}
414		414
Lines 433-440 int main(int argc, char *argv[]) Link Here
433	if (cb_flag) {	433	if (cb_flag) {
434	cb.name = "sasl-sample";	434	cb.name = "sasl-sample";
435	cb.critical = cb_flag > 1;	435	cb.critical = cb_flag > 1;
436	cb.data = "this is a test of channel binding";	436	cb.data = (unsigned char *) "this is a test of channel binding";
437	cb.len = strlen(cb.data);	437	cb.len = (unsigned int) strlen((const char *) cb.data);
438		438
439	sasl_setprop(conn, SASL_CHANNEL_BINDING, &cb);	439	sasl_setprop(conn, SASL_CHANNEL_BINDING, &cb);
440	}	440	}

Lines 255-260 create_nonce(const sasl_utils_t * utils, Link Here

(-)a/plugins/scram.c (-28 / +33 lines)
255	return buffer;	255	return buffer;
256	}	256	}
257		257
		258	#ifdef SCRAM_DEBUG
258	/* Useful for debugging interop issues */	259	/* Useful for debugging interop issues */
259	static void	260	static void
260	print_hash (const char * func, const char * hash)	261	print_hash (const char * func, const char * hash)
Lines 267-272 print_hash (const char * func, const char * hash) Link Here
267	}	268	}
268	printf ("\n");	269	printf ("\n");
269	}	270	}
		271	#endif
270		272
271		273
272	/* The result variable need to point to a buffer big enough for the [SHA-1] hash */	274	/* The result variable need to point to a buffer big enough for the [SHA-1] hash */
Lines 299-305 Hi (const sasl_utils_t * utils, Link Here
299	if (HMAC(EVP_sha1(),	301	if (HMAC(EVP_sha1(),
300	(const unsigned char *) str,	302	(const unsigned char *) str,
301	(int)str_len,	303	(int)str_len,
302	initial_key,	304	(const unsigned char *) initial_key,
303	(int)salt_len + 4,	305	(int)salt_len + 4,
304	(unsigned char *)result,	306	(unsigned char *)result,
305	&hash_len) == NULL) {	307	&hash_len) == NULL) {
Lines 315-321 Hi (const sasl_utils_t * utils, Link Here
315	if (HMAC(EVP_sha1(),	317	if (HMAC(EVP_sha1(),
316	(const unsigned char *) str,	318	(const unsigned char *) str,
317	(int)str_len,	319	(int)str_len,
318	temp_result,	320	(const unsigned char *) temp_result,
319	SCRAM_HASH_SIZE,	321	SCRAM_HASH_SIZE,
320	(unsigned char *)temp_result,	322	(unsigned char *)temp_result,
321	&hash_len) == NULL) {	323	&hash_len) == NULL) {
Lines 345-353 scram_server_user_salt(const sasl_utils_t * utils, Link Here
345	size_t * p_salt_len)	347	size_t * p_salt_len)
346	{	348	{
347	char * result = utils->malloc(SCRAM_HASH_SIZE);	349	char * result = utils->malloc(SCRAM_HASH_SIZE);
348	Hi(utils, username, strlen(username), g_salt_key, SALT_SIZE, 20 /* iterations */, result);	350	Hi(utils, username, strlen(username), (const char *) g_salt_key, SALT_SIZE,
		351	20 /* iterations */, result);
349	*p_salt_len = SCRAM_HASH_SIZE;	352	*p_salt_len = SCRAM_HASH_SIZE;
350	return result;	353	return (unsigned char *) result;
351	}	354	}
352		355
353	static int	356	static int
Lines 386-392 GenerateScramSecrets (const sasl_utils_t * utils, Link Here
386		389
387	/* SaltedPassword := Hi(password, salt) */	390	/* SaltedPassword := Hi(password, salt) */
388	Hi (utils,	391	Hi (utils,
389	sec->data,	392	(const char *) sec->data,
390	sec->len,	393	sec->len,
391	salt,	394	salt,
392	salt_len,	395	salt_len,
Lines 397-403 GenerateScramSecrets (const sasl_utils_t * utils, Link Here
397	if (HMAC(EVP_sha1(),	400	if (HMAC(EVP_sha1(),
398	(const unsigned char *) SaltedPassword,	401	(const unsigned char *) SaltedPassword,
399	SCRAM_HASH_SIZE,	402	SCRAM_HASH_SIZE,
400	CLIENT_KEY_CONSTANT,	403	(const unsigned char *) CLIENT_KEY_CONSTANT,
401	CLIENT_KEY_CONSTANT_LEN,	404	CLIENT_KEY_CONSTANT_LEN,
402	(unsigned char *)ClientKey,	405	(unsigned char *)ClientKey,
403	&hash_len) == NULL) {	406	&hash_len) == NULL) {
Lines 407-413 GenerateScramSecrets (const sasl_utils_t * utils, Link Here
407	}	410	}
408		411
409	/* StoredKey := H(ClientKey) */	412	/* StoredKey := H(ClientKey) */
410	if (SHA1(ClientKey, SCRAM_HASH_SIZE, StoredKey) == NULL) {	413	if (SHA1((const unsigned char *) ClientKey, SCRAM_HASH_SIZE,
		414	(unsigned char *) StoredKey) == NULL) {
411	*error_text = "SHA1 call failed";	415	*error_text = "SHA1 call failed";
412	result = SASL_SCRAM_INTERNAL;	416	result = SASL_SCRAM_INTERNAL;
413	goto cleanup;	417	goto cleanup;
Lines 418-424 GenerateScramSecrets (const sasl_utils_t * utils, Link Here
418	if (HMAC(EVP_sha1(),	422	if (HMAC(EVP_sha1(),
419	(const unsigned char *) SaltedPassword,	423	(const unsigned char *) SaltedPassword,
420	SCRAM_HASH_SIZE,	424	SCRAM_HASH_SIZE,
421	SERVER_KEY_CONSTANT,	425	(const unsigned char *) SERVER_KEY_CONSTANT,
422	SERVER_KEY_CONSTANT_LEN,	426	SERVER_KEY_CONSTANT_LEN,
423	(unsigned char *)ServerKey,	427	(unsigned char *)ServerKey,
424	&hash_len) == NULL) {	428	&hash_len) == NULL) {
Lines 509-515 scram_server_mech_step1(server_context_t *text, Link Here
509	NULL };	513	NULL };
510	int canon_flags;	514	int canon_flags;
511	struct propval auxprop_values[3];	515	struct propval auxprop_values[3];
512	unsigned int hash_len = 0;
513	int result;	516	int result;
514		517
515	if (clientinlen == 0) {	518	if (clientinlen == 0) {
Lines 783-795 scram_server_mech_step1(server_context_t *text, Link Here
783	char * s_iteration_count;	786	char * s_iteration_count;
784	char * end;	787	char * end;
785		788
786	text->salt = scram_server_user_salt(sparams->utils, text->authentication_id, &text->salt_len);	789	text->salt = (char *) scram_server_user_salt(sparams->utils, text->authentication_id, &text->salt_len);
787		790
788	sparams->utils->getopt(sparams->utils->getopt_context,	791	sparams->utils->getopt(sparams->utils->getopt_context,
789	/* Different SCRAM hashes can have different strengh */	792	/* Different SCRAM hashes can have different strengh */
790	SCRAM_SASL_MECH,	793	SCRAM_SASL_MECH,
791	"scram_iteration_counter",	794	"scram_iteration_counter",
792	&s_iteration_count,	795	(const char **) &s_iteration_count,
793	NULL);	796	NULL);
794		797
795	if (s_iteration_count != NULL) {	798	if (s_iteration_count != NULL) {
Lines 899-905 scram_server_mech_step1(server_context_t *text, Link Here
899	(unsigned int)base64_salt_len,	902	(unsigned int)base64_salt_len,
900	text->salt,	903	text->salt,
901	(unsigned int)base64_salt_len,	904	(unsigned int)base64_salt_len,
902	&text->salt_len) != SASL_OK) {	905	(unsigned int *) &text->salt_len) != SASL_OK) {
903	SETERROR(sparams->utils, "Invalid base64 encoding of the salt in " SCRAM_SASL_MECH " stored value");	906	SETERROR(sparams->utils, "Invalid base64 encoding of the salt in " SCRAM_SASL_MECH " stored value");
904	continue;	907	continue;
905	}	908	}
Lines 1304-1310 scram_server_mech_step2(server_context_t *text, Link Here
1304	if (HMAC(EVP_sha1(),	1307	if (HMAC(EVP_sha1(),
1305	(const unsigned char *) text->StoredKey,	1308	(const unsigned char *) text->StoredKey,
1306	SCRAM_HASH_SIZE,	1309	SCRAM_HASH_SIZE,
1307	text->auth_message,	1310	(const unsigned char *)text->auth_message,
1308	(int)text->auth_message_len,	1311	(int)text->auth_message_len,
1309	(unsigned char *)ClientSignature,	1312	(unsigned char *)ClientSignature,
1310	&hash_len) == NULL) {	1313	&hash_len) == NULL) {
Lines 1336-1342 scram_server_mech_step2(server_context_t *text, Link Here
1336	}	1339	}
1337		1340
1338	/* StoredKey := H(ClientKey) */	1341	/* StoredKey := H(ClientKey) */
1339	if (SHA1(ReceivedClientKey, SCRAM_HASH_SIZE, CalculatedStoredKey) == NULL) {	1342	if (SHA1((const unsigned char *) ReceivedClientKey, SCRAM_HASH_SIZE,
		1343	(unsigned char *) CalculatedStoredKey) == NULL) {
1340	sparams->utils->seterror(sparams->utils->conn,0,	1344	sparams->utils->seterror(sparams->utils->conn,0,
1341	"SHA1 call failed");	1345	"SHA1 call failed");
1342	result = SASL_SCRAM_INTERNAL;	1346	result = SASL_SCRAM_INTERNAL;
Lines 1355-1361 scram_server_mech_step2(server_context_t *text, Link Here
1355	if (HMAC(EVP_sha1(),	1359	if (HMAC(EVP_sha1(),
1356	(const unsigned char *) text->ServerKey,	1360	(const unsigned char *) text->ServerKey,
1357	SCRAM_HASH_SIZE,	1361	SCRAM_HASH_SIZE,
1358	text->auth_message,	1362	(unsigned char *) text->auth_message,
1359	(int)text->auth_message_len,	1363	(int)text->auth_message_len,
1360	(unsigned char *)ServerSignature,	1364	(unsigned char *)ServerSignature,
1361	&hash_len) == NULL) {	1365	&hash_len) == NULL) {
Lines 1572-1578 static int scram_setpass(void *glob_context __attribute__((unused)), Link Here
1572	/* Different SCRAM hashes can have different strengh */	1576	/* Different SCRAM hashes can have different strengh */
1573	SCRAM_SASL_MECH,	1577	SCRAM_SASL_MECH,
1574	"scram_iteration_counter",	1578	"scram_iteration_counter",
1575	&s_iteration_count,	1579	(const char **) &s_iteration_count,
1576	NULL);	1580	NULL);
1577		1581
1578	if (s_iteration_count != NULL) {	1582	if (s_iteration_count != NULL) {
Lines 1663-1676 static int scram_setpass(void *glob_context __attribute__((unused)), Link Here
1663	goto cleanup;	1667	goto cleanup;
1664	}	1668	}
1665		1669
1666	sprintf(sec->data,	1670	sprintf((char *) sec->data,
1667	"%s$%u:%s$%s:%s",	1671	"%s$%u:%s$%s:%s",
1668	SCRAM_SASL_MECH,	1672	SCRAM_SASL_MECH,
1669	iteration_count,	1673	iteration_count,
1670	base64_salt,	1674	base64_salt,
1671	base64_StoredKey,	1675	base64_StoredKey,
1672	base64_ServerKey);	1676	base64_ServerKey);
1673	sec->len = (unsigned int) strlen(sec->data);	1677	sec->len = (unsigned int) strlen((const char *) sec->data);
1674	}	1678	}
1675		1679
1676	/* do the store */	1680	/* do the store */
Lines 1684-1690 static int scram_setpass(void *glob_context __attribute__((unused)), Link Here
1684	if (!r) {	1688	if (!r) {
1685	r = sparams->utils->prop_set(propctx,	1689	r = sparams->utils->prop_set(propctx,
1686	"authPassword",	1690	"authPassword",
1687	(sec ? sec->data : NULL),	1691	(const char *) (sec ? sec->data : NULL),
1688	(sec ? sec->len : 0));	1692	(sec ? sec->len : 0));
1689	}	1693	}
1690	if (!r) {	1694	if (!r) {
Lines 1989-1995 scram_client_mech_step1(client_context_t *text, Link Here
1989		1993
1990	if (userid != NULL && *userid != '\0') {	1994	if (userid != NULL && *userid != '\0') {
1991	result = encode_saslname (oparams->user,	1995	result = encode_saslname (oparams->user,
1992	&encoded_authorization_id,	1996	(const char **) &encoded_authorization_id,
1993	&freeme2);	1997	&freeme2);
1994		1998
1995	if (result != SASL_OK) {	1999	if (result != SASL_OK) {
Lines 2000-2006 scram_client_mech_step1(client_context_t *text, Link Here
2000	}	2004	}
2001		2005
2002	result = encode_saslname (oparams->authid,	2006	result = encode_saslname (oparams->authid,
2003	&encoded_authcid,	2007	(const char **) &encoded_authcid,
2004	&freeme);	2008	&freeme);
2005	if (result != SASL_OK) {	2009	if (result != SASL_OK) {
2006	MEMERROR( params->utils );	2010	MEMERROR( params->utils );
Lines 2277-2283 scram_client_mech_step2(client_context_t *text, Link Here
2277	goto cleanup;	2281	goto cleanup;
2278	}	2282	}
2279		2283
2280	channel_binding_data = params->cbinding->data;	2284	channel_binding_data = (const char *) params->cbinding->data;
2281	channel_binding_data_len = params->cbinding->len;	2285	channel_binding_data_len = params->cbinding->len;
2282	}	2286	}
2283		2287
Lines 2368-2374 scram_client_mech_step2(client_context_t *text, Link Here
2368		2372
2369	/* SaltedPassword := Hi(password, salt) */	2373	/* SaltedPassword := Hi(password, salt) */
2370	Hi (params->utils,	2374	Hi (params->utils,
2371	text->password->data,	2375	(const char *) text->password->data,
2372	text->password->len,	2376	text->password->len,
2373	text->salt,	2377	text->salt,
2374	text->salt_len,	2378	text->salt_len,
Lines 2381-2387 scram_client_mech_step2(client_context_t *text, Link Here
2381	if (HMAC(EVP_sha1(),	2385	if (HMAC(EVP_sha1(),
2382	(const unsigned char *) text->SaltedPassword,	2386	(const unsigned char *) text->SaltedPassword,
2383	SCRAM_HASH_SIZE,	2387	SCRAM_HASH_SIZE,
2384	CLIENT_KEY_CONSTANT,	2388	(const unsigned char *) CLIENT_KEY_CONSTANT,
2385	CLIENT_KEY_CONSTANT_LEN,	2389	CLIENT_KEY_CONSTANT_LEN,
2386	(unsigned char *)ClientKey,	2390	(unsigned char *)ClientKey,
2387	&hash_len) == NULL) {	2391	&hash_len) == NULL) {
Lines 2394-2400 scram_client_mech_step2(client_context_t *text, Link Here
2394	PRINT_HASH ("ClientKey", ClientKey);	2398	PRINT_HASH ("ClientKey", ClientKey);
2395		2399
2396	/* StoredKey := H(ClientKey) */	2400	/* StoredKey := H(ClientKey) */
2397	if (SHA1(ClientKey, SCRAM_HASH_SIZE, StoredKey) == NULL) {	2401	if (SHA1((const unsigned char *) ClientKey, SCRAM_HASH_SIZE,
		2402	(unsigned char *) StoredKey) == NULL) {
2398	params->utils->seterror(params->utils->conn,0,	2403	params->utils->seterror(params->utils->conn,0,
2399	"SHA1 call failed");	2404	"SHA1 call failed");
2400	result = SASL_SCRAM_INTERNAL;	2405	result = SASL_SCRAM_INTERNAL;
Lines 2407-2413 scram_client_mech_step2(client_context_t *text, Link Here
2407	if (HMAC(EVP_sha1(),	2412	if (HMAC(EVP_sha1(),
2408	(const unsigned char *)StoredKey,	2413	(const unsigned char *)StoredKey,
2409	SCRAM_HASH_SIZE,	2414	SCRAM_HASH_SIZE,
2410	text->auth_message,	2415	(const unsigned char *) text->auth_message,
2411	(int)text->auth_message_len,	2416	(int)text->auth_message_len,
2412	(unsigned char *)ClientSignature,	2417	(unsigned char *)ClientSignature,
2413	&hash_len) == NULL) {	2418	&hash_len) == NULL) {
Lines 2535-2541 scram_client_mech_step3(client_context_t *text, Link Here
2535	if (HMAC(EVP_sha1(),	2540	if (HMAC(EVP_sha1(),
2536	(const unsigned char *)text->SaltedPassword,	2541	(const unsigned char *)text->SaltedPassword,
2537	SCRAM_HASH_SIZE,	2542	SCRAM_HASH_SIZE,
2538	SERVER_KEY_CONSTANT,	2543	(const unsigned char *) SERVER_KEY_CONSTANT,
2539	SERVER_KEY_CONSTANT_LEN,	2544	SERVER_KEY_CONSTANT_LEN,
2540	(unsigned char *)ServerKey,	2545	(unsigned char *)ServerKey,
2541	&hash_len) == NULL) {	2546	&hash_len) == NULL) {
Lines 2549-2555 scram_client_mech_step3(client_context_t *text, Link Here
2549	if (HMAC(EVP_sha1(),	2554	if (HMAC(EVP_sha1(),
2550	(const unsigned char *)ServerKey,	2555	(const unsigned char *)ServerKey,
2551	SCRAM_HASH_SIZE,	2556	SCRAM_HASH_SIZE,
2552	text->auth_message,	2557	(const unsigned char *) text->auth_message,
2553	(int)text->auth_message_len,	2558	(int)text->auth_message_len,
2554	(unsigned char *)ServerSignature,	2559	(unsigned char *)ServerSignature,
2555	&hash_len) == NULL) {	2560	&hash_len) == NULL) {

Lines 220-226 int mysasl_negotiate(FILE in, FILE out, sasl_conn_t *conn) Link Here

(-)a/sample/server.c (-9 / +9 lines)
220		220
221	dprintf(1, "generating client mechanism list... ");	221	dprintf(1, "generating client mechanism list... ");
222	r = sasl_listmech(conn, NULL, NULL, " ", NULL,	222	r = sasl_listmech(conn, NULL, NULL, " ", NULL,
223	&data, &len, &count);	223	&data, (unsigned int *) &len, &count);
224	if (r != SASL_OK) saslfail(r, "generating mechanism list");	224	if (r != SASL_OK) saslfail(r, "generating mechanism list");
225	dprintf(1, "%d mechanisms\n", count);	225	dprintf(1, "%d mechanisms\n", count);
226	}	226	}
Lines 260-269 int mysasl_negotiate(FILE in, FILE out, sasl_conn_t *conn) Link Here
260		260
261	/* start libsasl negotiation */	261	/* start libsasl negotiation */
262	r = sasl_server_start(conn, chosenmech, buf, len,	262	r = sasl_server_start(conn, chosenmech, buf, len,
263	&data, &len);	263	&data, (unsigned int *) &len);
264	} else {	264	} else {
265	r = sasl_server_start(conn, chosenmech, NULL, 0,	265	r = sasl_server_start(conn, chosenmech, NULL, 0,
266	&data, &len);	266	&data, (unsigned int *) &len);
267	}	267	}
268		268
269	if (r != SASL_OK && r != SASL_CONTINUE) {	269	if (r != SASL_OK && r != SASL_CONTINUE) {
Lines 291-297 int mysasl_negotiate(FILE in, FILE out, sasl_conn_t *conn) Link Here
291	return -1;	291	return -1;
292	}	292	}
293		293
294	r = sasl_server_step(conn, buf, len, &data, &len);	294	r = sasl_server_step(conn, buf, len, &data, (unsigned int *) &len);
295	if (r != SASL_OK && r != SASL_CONTINUE) {	295	if (r != SASL_OK && r != SASL_CONTINUE) {
296	saslerr(r, "performing SASL negotiation");	296	saslerr(r, "performing SASL negotiation");
297	fputc('N', out); /* send NO to client */	297	fputc('N', out); /* send NO to client */
Lines 422-428 int main(int argc, char *argv[]) Link Here
422		422
423	/* set ip addresses */	423	/* set ip addresses */
424	salen = sizeof(local_ip);	424	salen = sizeof(local_ip);
425	if (getsockname(fd, (struct sockaddr *)&local_ip, &salen) < 0) {	425	if (getsockname(fd, (struct sockaddr )&local_ip, (unsigned int ) &salen) < 0) {
426	perror("getsockname");	426	perror("getsockname");
427	}	427	}
428	niflags = (NI_NUMERICHOST \| NI_NUMERICSERV);	428	niflags = (NI_NUMERICHOST \| NI_NUMERICSERV);
Lines 440-446 int main(int argc, char *argv[]) Link Here
440	snprintf(localaddr, sizeof(localaddr), "%s;%s", hbuf, pbuf);	440	snprintf(localaddr, sizeof(localaddr), "%s;%s", hbuf, pbuf);
441		441
442	salen = sizeof(remote_ip);	442	salen = sizeof(remote_ip);
443	if (getpeername(fd, (struct sockaddr *)&remote_ip, &salen) < 0) {	443	if (getpeername(fd, (struct sockaddr )&remote_ip, (unsigned int ) &salen) < 0) {
444	perror("getpeername");	444	perror("getpeername");
445	}	445	}
446		446
Lines 470-477 int main(int argc, char *argv[]) Link Here
470		470
471	cb.name = "sasl-sample";	471	cb.name = "sasl-sample";
472	cb.critical = cb_flag > 1;	472	cb.critical = cb_flag > 1;
473	cb.data = "this is a test of channel binding";	473	cb.data = (const unsigned char *) "this is a test of channel binding";
474	cb.len = strlen(cb.data);	474	cb.len = (unsigned int) strlen((const char *) cb.data);
475		475
476	if (cb_flag) {	476	if (cb_flag) {
477	sasl_setprop(conn, SASL_CHANNEL_BINDING, &cb);	477	sasl_setprop(conn, SASL_CHANNEL_BINDING, &cb);
Lines 518-524 static void displayStatus_1(m, code, type) Link Here
518	maj_stat = gss_display_status(&min_stat, code,	518	maj_stat = gss_display_status(&min_stat, code,
519	type, GSS_C_NULL_OID,	519	type, GSS_C_NULL_OID,
520	&msg_ctx, &msg);	520	&msg_ctx, &msg);
521	fprintf(stderr, "%s: %s\n", m, (char *)msg.value);	521	fprintf(stderr, "%s (%u): %s\n", m, maj_stat, (char *)msg.value);
522	(void) gss_release_buffer(&min_stat, &msg);	522	(void) gss_release_buffer(&min_stat, &msg);
523		523
524	if (!msg_ctx)	524	if (!msg_ctx)

Lines 96-107 auth_ldap_init ( Link Here

(-)a/saslauthd/auth_ldap.c (-6 lines)
96	/* END PARAMETERS */	96	/* END PARAMETERS */
97	)	97	)
98	{	98	{
99	/* VARIABLES */
100	struct addrinfo hints;
101	int err;
102	char c; / scratch pointer */
103	/* END VARIABLES */
104
105	if (mech_option != NULL) {	99	if (mech_option != NULL) {
106	SASLAUTHD_CONF_FILE = mech_option;	100	SASLAUTHD_CONF_FILE = mech_option;
107	}	101	}

Lines 835-846 static int lak_connect( Link Here

(-)a/saslauthd/lak.c (-4 / +4 lines)
835		835
836	rc = ldap_set_option(lak->ld, LDAP_OPT_NETWORK_TIMEOUT, &(lak->conf->timeout));	836	rc = ldap_set_option(lak->ld, LDAP_OPT_NETWORK_TIMEOUT, &(lak->conf->timeout));
837	if (rc != LDAP_OPT_SUCCESS) {	837	if (rc != LDAP_OPT_SUCCESS) {
838	syslog(LOG_WARNING\|LOG_AUTH, "Unable to set LDAP_OPT_NETWORK_TIMEOUT %d.%d.", lak->conf->timeout.tv_sec, lak->conf->timeout.tv_usec);	838	syslog(LOG_WARNING\|LOG_AUTH, "Unable to set LDAP_OPT_NETWORK_TIMEOUT %ld.%ld.", lak->conf->timeout.tv_sec, lak->conf->timeout.tv_usec);
839	}	839	}
840		840
841	rc = ldap_set_option(lak->ld, LDAP_OPT_TIMEOUT, &(lak->conf->timeout));	841	rc = ldap_set_option(lak->ld, LDAP_OPT_TIMEOUT, &(lak->conf->timeout));
842	if (rc != LDAP_OPT_SUCCESS) {	842	if (rc != LDAP_OPT_SUCCESS) {
843	syslog(LOG_WARNING\|LOG_AUTH, "Unable to set LDAP_OPT_TIMEOUT %d.%d.", lak->conf->timeout.tv_sec, lak->conf->timeout.tv_usec);	843	syslog(LOG_WARNING\|LOG_AUTH, "Unable to set LDAP_OPT_TIMEOUT %ld.%ld.", lak->conf->timeout.tv_sec, lak->conf->timeout.tv_usec);
844	}	844	}
845		845
846	rc = ldap_set_option(lak->ld, LDAP_OPT_TIMELIMIT, &(lak->conf->time_limit));	846	rc = ldap_set_option(lak->ld, LDAP_OPT_TIMELIMIT, &(lak->conf->time_limit));
Lines 1727-1739 static int lak_base64_decode( Link Here
1727	return LAK_NOMEM;	1727	return LAK_NOMEM;
1728		1728
1729	EVP_DecodeInit(&EVP_ctx);	1729	EVP_DecodeInit(&EVP_ctx);
1730	rc = EVP_DecodeUpdate(&EVP_ctx, text, &i, (char *)src, strlen(src));	1730	rc = EVP_DecodeUpdate(&EVP_ctx, (unsigned char ) text, &i, (const unsigned char )src, strlen(src));
1731	if (rc < 0) {	1731	if (rc < 0) {
1732	free(text);	1732	free(text);
1733	return LAK_FAIL;	1733	return LAK_FAIL;
1734	}	1734	}
1735	tlen += i;	1735	tlen += i;
1736	EVP_DecodeFinal(&EVP_ctx, text, &i);	1736	EVP_DecodeFinal(&EVP_ctx, (unsigned char *) text, &i);
1737		1737
1738	*ret = text;	1738	*ret = text;
1739	if (rlen != NULL)	1739	if (rlen != NULL)

Lines 105-113 static int saslauthd_verify_password(const char *saslauthd_path, Link Here

(-)a/saslauthd/testsaslauthd.c (-7 / +1 lines)
105	struct sockaddr_un srvaddr;	105	struct sockaddr_un srvaddr;
106	int r;	106	int r;
107	unsigned short count;	107	unsigned short count;
108	void *context;
109	char pwpath[sizeof(srvaddr.sun_path)];	108	char pwpath[sizeof(srvaddr.sun_path)];
110	const char *p = NULL;
111	#ifdef USE_DOORS	109	#ifdef USE_DOORS
112	door_arg_t arg;	110	door_arg_t arg;
113	#endif	111	#endif
Lines 133-139 static int saslauthd_verify_password(const char *saslauthd_path, Link Here
133	*/	131	*/
134	{	132	{
135	unsigned short u_len, p_len, s_len, r_len;	133	unsigned short u_len, p_len, s_len, r_len;
136	struct iovec iov[8];
137		134
138	u_len = htons(strlen(userid));	135	u_len = htons(strlen(userid));
139	p_len = htons(strlen(passwd));	136	p_len = htons(strlen(passwd));
Lines 253-262 main(int argc, char *argv[]) Link Here
253	const char realm = NULL, service = NULL, *path = NULL;	250	const char realm = NULL, service = NULL, *path = NULL;
254	int c;	251	int c;
255	int flag_error = 0;	252	int flag_error = 0;
256	unsigned passlen, verifylen;	253	int result = 0;
257	const char *errstr = NULL;
258	int result;
259	char *user_domain = NULL;
260	int repeat = 0;	254	int repeat = 0;
261		255
262	while ((c = getopt(argc, argv, "p:u:r:s:f:R:")) != EOF)	256	while ((c = getopt(argc, argv, "p:u:r:s:f:R:")) != EOF)

Lines 422-428 main(int argc, char *argv[]) Link Here

(-)a/utils/pluginviewer.c (-4 / +3 lines)
422	case 'b':	422	case 'b':
423	options = optarg;	423	options = optarg;
424	while (*options != '\0') {	424	while (*options != '\0') {
425	switch(getsubopt(&options, (const char * const *)bit_subopts, &value)) {	425	switch(getsubopt(&options, (char * const *)bit_subopts, &value)) {
426	case OPT_MIN:	426	case OPT_MIN:
427	if (! value) {	427	if (! value) {
428	errflag = 1;	428	errflag = 1;
Lines 447-453 main(int argc, char *argv[]) Link Here
447	case 'e':	447	case 'e':
448	options = optarg;	448	options = optarg;
449	while (*options != '\0') {	449	while (*options != '\0') {
450	switch(getsubopt(&options, (const char * const *)ext_subopts, &value)) {	450	switch(getsubopt(&options, (char * const *)ext_subopts, &value)) {
451	case OPT_EXT_SSF:	451	case OPT_EXT_SSF:
452	if (! value) {	452	if (! value) {
453	errflag = 1;	453	errflag = 1;
Lines 476-482 main(int argc, char *argv[]) Link Here
476	case 'f':	476	case 'f':
477	options = optarg;	477	options = optarg;
478	while (*options != '\0') {	478	while (*options != '\0') {
479	switch(getsubopt(&options, (const char * const *)flag_subopts, &value)) {	479	switch(getsubopt(&options, (char * const *)flag_subopts, &value)) {
480	case OPT_NOPLAIN:	480	case OPT_NOPLAIN:
481	secprops.security_flags \|= SASL_SEC_NOPLAINTEXT;	481	secprops.security_flags \|= SASL_SEC_NOPLAINTEXT;
482	break;	482	break;
483	-