LCOV - code coverage report
Current view: directory - extensions/auth - nsAuthSASL.cpp (source / functions) Found Hit Coverage
Test: app.info Lines: 63 0 0.0 %
Date: 2012-06-02 Functions: 9 0 0.0 %

       1                 : /* vim:set ts=4 sw=4 et cindent: */
       2                 : /* ***** BEGIN LICENSE BLOCK *****
       3                 :  * Version: MPL 1.1/GPL 2.0/LGPL 2.1
       4                 :  *
       5                 :  * The contents of this file are subject to the Mozilla Public License Version
       6                 :  * 1.1 (the "License"); you may not use this file except in compliance with
       7                 :  * the License. You may obtain a copy of the License at
       8                 :  * http://www.mozilla.org/MPL/
       9                 :  *
      10                 :  * Software distributed under the License is distributed on an "AS IS" basis,
      11                 :  * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
      12                 :  * for the specific language governing rights and limitations under the
      13                 :  * License.
      14                 :  *
      15                 :  * The Original Code is saslgssapi
      16                 :  *
      17                 :  * The Initial Developer of the Original Code is Simon Wilkinson
      18                 :  * Portions created by the Initial Developer are Copyright (C) 2005
      19                 :  * the Initial Developer. All Rights Reserved.
      20                 :  *
      21                 :  * Contributor(s):
      22                 :  *   Simon Wilkinson <simon@sxw.org.uk>
      23                 :  *
      24                 :  * Alternatively, the contents of this file may be used under the terms of
      25                 :  * either the GNU General Public License Version 2 or later (the "GPL"), or
      26                 :  * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
      27                 :  * in which case the provisions of the GPL or the LGPL are applicable instead
      28                 :  * of those above. If you wish to allow use of your version of this file only
      29                 :  * under the terms of either the GPL or the LGPL, and not to allow others to
      30                 :  * use your version of this file under the terms of the MPL, indicate your
      31                 :  * decision by deleting the provisions above and replace them with the notice
      32                 :  * and other provisions required by the GPL or the LGPL. If you do not delete
      33                 :  * the provisions above, a recipient may use your version of this file under
      34                 :  * the terms of any one of the MPL, the GPL or the LGPL.
      35                 :  *
      36                 :  * ***** END LICENSE BLOCK ***** */
      37                 : 
      38                 : #include "nsComponentManagerUtils.h"
      39                 : #include "nsNativeCharsetUtils.h"
      40                 : #include "nsIServiceManager.h"
      41                 : #include "nsIPrefService.h"
      42                 : 
      43                 : #include "nsAuthSASL.h"
      44                 : 
      45                 : static const char kNegotiateAuthSSPI[] = "network.auth.use-sspi";
      46                 : 
      47               0 : nsAuthSASL::nsAuthSASL()
      48                 : {
      49               0 :     mSASLReady = false;
      50               0 : }
      51                 : 
      52               0 : void nsAuthSASL::Reset() 
      53                 : {
      54               0 :     mSASLReady = false;
      55               0 : }
      56                 : 
      57                 : /* Limitations apply to this class's thread safety. See the header file */
      58               0 : NS_IMPL_THREADSAFE_ISUPPORTS1(nsAuthSASL, nsIAuthModule)
      59                 : 
      60                 : NS_IMETHODIMP
      61               0 : nsAuthSASL::Init(const char *serviceName,
      62                 :                  PRUint32    serviceFlags,
      63                 :                  const PRUnichar *domain,
      64                 :                  const PRUnichar *username,
      65                 :                  const PRUnichar *password)
      66                 : {
      67                 :     nsresult rv;
      68                 :     
      69               0 :     NS_ASSERTION(username, "SASL requires a username");
      70               0 :     NS_ASSERTION(!domain && !password, "unexpected credentials");
      71                 : 
      72               0 :     mUsername = username;
      73                 :     
      74                 :     // If we're doing SASL, we should do mutual auth
      75               0 :     serviceFlags |= REQ_MUTUAL_AUTH;
      76                 :    
      77                 :     // Find out whether we should be trying SSPI or not
      78               0 :     const char *contractID = NS_AUTH_MODULE_CONTRACTID_PREFIX "kerb-gss";
      79                 :     
      80               0 :     nsCOMPtr<nsIPrefBranch> prefs = do_GetService(NS_PREFSERVICE_CONTRACTID);
      81               0 :     if (prefs) {
      82                 :         bool val;
      83               0 :         rv = prefs->GetBoolPref(kNegotiateAuthSSPI, &val);
      84               0 :         if (NS_SUCCEEDED(rv) && val)
      85               0 :             contractID = NS_AUTH_MODULE_CONTRACTID_PREFIX "kerb-sspi";
      86                 :     }
      87                 :     
      88               0 :     mInnerModule = do_CreateInstance(contractID, &rv);
      89                 :     // if we can't create the GSSAPI module, then bail
      90               0 :     NS_ENSURE_SUCCESS(rv, rv);
      91                 : 
      92               0 :     mInnerModule->Init(serviceName, serviceFlags, nsnull, nsnull, nsnull);
      93                 : 
      94               0 :     return NS_OK;
      95                 : }
      96                 : 
      97                 : NS_IMETHODIMP
      98               0 : nsAuthSASL::GetNextToken(const void *inToken,
      99                 :                          PRUint32    inTokenLen,
     100                 :                          void      **outToken,
     101                 :                          PRUint32   *outTokenLen)
     102                 : {
     103                 :     nsresult rv;
     104                 :     void *unwrappedToken;
     105                 :     char *message;
     106                 :     PRUint32 unwrappedTokenLen, messageLen;
     107               0 :     nsCAutoString userbuf;
     108                 :     
     109               0 :     if (!mInnerModule) 
     110               0 :         return NS_ERROR_NOT_INITIALIZED;
     111                 : 
     112               0 :     if (mSASLReady) {
     113                 :         // If the server COMPLETEs with an empty token, Cyrus sends us that token.
     114                 :         // I don't think this is correct, but we need to handle that behaviour.
     115                 :         // Cyrus ignores the contents of our reply token.
     116               0 :         if (inTokenLen == 0) {
     117               0 :             *outToken = NULL;
     118               0 :             *outTokenLen = 0;
     119               0 :             return NS_OK;
     120                 :         }
     121                 :         // We've completed the GSSAPI portion of the handshake, and are
     122                 :         // now ready to do the SASL security layer and authzid negotiation
     123                 : 
     124                 :         // Input packet from the server needs to be unwrapped.
     125               0 :         rv = mInnerModule->Unwrap(inToken, inTokenLen, &unwrappedToken, 
     126               0 :                                   &unwrappedTokenLen);
     127               0 :         if (NS_FAILED(rv)) {
     128               0 :             Reset();
     129               0 :             return rv;
     130                 :         }
     131                 :         
     132                 :         // If we were doing security layers then we'd care what the
     133                 :         // server had sent us. We're not, so all we had to do was make
     134                 :         // sure that the signature was correct with the above unwrap()
     135               0 :         nsMemory::Free(unwrappedToken);
     136                 :         
     137               0 :         NS_CopyUnicodeToNative(mUsername, userbuf);
     138               0 :         messageLen = userbuf.Length() + 4 + 1;
     139               0 :         message = (char *)nsMemory::Alloc(messageLen);
     140               0 :         if (!message) {
     141               0 :           Reset();
     142               0 :           return NS_ERROR_OUT_OF_MEMORY;
     143                 :         }
     144               0 :         message[0] = 0x01; // No security layer
     145               0 :         message[1] = 0x00;
     146               0 :         message[2] = 0x00;
     147               0 :         message[3] = 0x00; // Maxbuf must be zero if we've got no sec layer
     148               0 :         strcpy(message+4, userbuf.get());
     149                 :         // Userbuf should not be NULL terminated, so trim the trailing NULL
     150                 :         // when wrapping the message
     151               0 :         rv = mInnerModule->Wrap((void *) message, messageLen-1, false, 
     152               0 :                                 outToken, outTokenLen);
     153               0 :         nsMemory::Free(message);
     154               0 :         Reset(); // All done
     155               0 :         return NS_SUCCEEDED(rv) ? NS_SUCCESS_AUTH_FINISHED : rv;
     156                 :     }
     157               0 :     rv = mInnerModule->GetNextToken(inToken, inTokenLen, outToken, 
     158               0 :                                     outTokenLen);
     159               0 :     if (rv == NS_SUCCESS_AUTH_FINISHED) {
     160               0 :         mSASLReady = true;
     161               0 :         rv = NS_OK;
     162                 :     }
     163               0 :     return rv;
     164                 : }
     165                 : 
     166                 : NS_IMETHODIMP
     167               0 : nsAuthSASL::Unwrap(const void *inToken,
     168                 :                    PRUint32    inTokenLen,
     169                 :                    void      **outToken,
     170                 :                    PRUint32   *outTokenLen)
     171                 : {
     172               0 :     return NS_ERROR_NOT_IMPLEMENTED;
     173                 : }
     174                 : 
     175                 : NS_IMETHODIMP
     176               0 : nsAuthSASL::Wrap(const void *inToken,
     177                 :                  PRUint32    inTokenLen,
     178                 :                  bool        confidential,
     179                 :                  void      **outToken,
     180                 :                  PRUint32   *outTokenLen)
     181                 : {
     182               0 :     return NS_ERROR_NOT_IMPLEMENTED;
     183                 : }

Generated by: LCOV version 1.7