使用Cyrus SASL的外部机制
Cyrus SASL api不支持外部机制吗?我正在努力 将其用作客户端,但当被询问时,它会返回使用Cyrus SASL的外部机制,c,authentication,sasl,cyrus,C,Authentication,Sasl,Cyrus,Cyrus SASL api不支持外部机制吗?我正在努力 将其用作客户端,但当被询问时,它会返回SASL\u NOMECH % cat cyrus_sal_ex.c /* cyrus_sasl_ex.c: Example of using the Cyrus SASL api */ #include <stdio.h> /* for printf() */ #include <sasl/sasl.h> /* for sasl_client_*(), SASL_
SASL\u NOMECH
% cat cyrus_sal_ex.c
/* cyrus_sasl_ex.c: Example of using the Cyrus SASL api */
#include <stdio.h> /* for printf() */
#include <sasl/sasl.h> /* for sasl_client_*(), SASL_*, sasl_*_t */
static char const * SASL_return_code(int const code)
{
switch(code)
{
/* ... */
case SASL_OK: return "SASL_OK[0]: successful result";
/* ... */
case SASL_NOMECH: return "SASL_NOMECH[-4]: mechanism not supported";
/* ... */
}
return "unrecognized";
}
int main()
{
char const * output = NULL;
unsigned outlen = 0;
char const * mechanism = NULL;
sasl_conn_t * conn;
# define PRINT_RESULT( x ) do\
{\
int const __result = (x);\
printf("%s == %d\n\t%s\n", #x, __result, SASL_return_code(__result));\
if (__result < 0) goto done;\
}\
while (0)
PRINT_RESULT( sasl_client_init( NULL ) );
PRINT_RESULT( sasl_client_new( "fake", "fakey.mcfaker.ton", "127.0.0.1", "127.255.255.1", NULL, 0, &conn) );
PRINT_RESULT( sasl_client_start( conn, "EXTERNAL", NULL, &output, &outlen, &mechanism) );
done:
# undef PRINT_RESULT
printf("output: [%d bytes] : %s\n", outlen, (output ? output : "NULL") );
printf("mechanism: %s\n", (mechanism ? mechanism : "NULL"));
return 0;
}
% gcc -I/sw/include -L/sw/lib -lsasl2 cyrus_sasl_ex.c -o cyrus_sasl_ex # your header/library locations may vary
% ./cyrus_sasl_ex
sasl_client_init( NULL ) == 0
SASL_OK[0]: successful result
sasl_client_new( "fake", "fakey.mcfaker.ton", "127.0.0.1", "127.255.255.1", NULL, 0, &conn) == 0
SASL_OK[0]: successful result
sasl_client_start( conn, "EXTERNAL", NULL, &output, &outlen, &mechanism) == -4
SASL_NOMECH[-4]: mechanism not supported
output: [0 bytes] : NULL
mechanism: EXTERNAL
%
所以我猜我做错了什么。我尝试将我能想到的所有sasl\u回调添加到sasl\u客户机*()
,但是
他们都没有接到电话。我是否应该通过一些论点来断言外部机制是一种可接受的机制?
或者SASL_NOMECH总是返回外部b/c,这似乎不正确
有人能帮我吗?好的,我找到了遗漏的步骤
根据sasl/sasl.h
,我需要设置sasl\u AUTH\u EXTERNAL
属性
对于我的sasl\u conn\t
首先:
/* set property in SASL connection state
* returns:
* SASL_OK -- value set
* SASL_BADPARAM -- invalid property or value
*/
LIBSASL_API int sasl_setprop(sasl_conn_t *conn,
int propnum,
const void *value);
#define SASL_SSF_EXTERNAL 100 /* external SSF active (sasl_ssf_t *) */
#define SASL_SEC_PROPS 101 /* sasl_security_properties_t */
#define SASL_AUTH_EXTERNAL 102 /* external authentication ID (const char *) */
/* If the SASL_AUTH_EXTERNAL value is non-NULL, then a special version of the
* EXTERNAL mechanism is enabled (one for server-embedded EXTERNAL mechanisms).
* Otherwise, the EXTERNAL mechanism will be absent unless a plug-in
* including EXTERNAL is present.
*/
一旦我这么做了,其余的人都明白了:
% cat cyrus_sasl_ex.c
/* Example of using the Cyrus SASL api */
#include <stdio.h> /* for printf() */
#include <sasl/sasl.h> /* for sasl_client_*(), SASL_*, sasl_*_t */
int main()
{
char const * output = NULL;
unsigned outlen = 0;
char const * mechanism = NULL;
sasl_conn_t * conn;
# define PRINT_RESULT( x ) do\
{\
int const __result = (x);\
printf("%s == %d\n\t%s\n", #x, __result, sasl_errstring(__result,NULL,NULL));\
if (__result < 0) goto done;\
}\
while (0)
PRINT_RESULT( sasl_client_init( NULL ) );
PRINT_RESULT( sasl_client_new( "fake", "fakey.mcfaker.ton", "127.0.0.1", "127.255.255.1", NULL, 0, &conn) );
PRINT_RESULT( sasl_setprop( conn, SASL_AUTH_EXTERNAL, "fake authority" ) );
PRINT_RESULT( sasl_client_start( conn, "EXTERNAL", NULL, &output, &outlen, &mechanism) );
done:
# undef PRINT_RESULT
printf("output: [%d bytes] : %s\n", outlen, (output ? output : "NULL") );
printf("mechanism: %s\n", (mechanism ? mechanism : "NULL"));
return 0;
}
% gcc -I/sw/include -L/sw/lib -lsasl2 cyrus_sasl_ex.c -o cyrus_sasl_ex
% ./cyrus_sasl_ex
sasl_client_init( NULL ) == 0
successful result
sasl_client_new( "fake", "fakey.mcfaker.ton", "127.0.0.1", "127.255.255.1", NULL, 0, &conn) == 0
successful result
sasl_setprop( conn, SASL_AUTH_EXTERNAL, "fake authority" ) == 0
successful result
sasl_client_start( conn, "EXTERNAL", NULL, &output, &outlen, &mechanism) == 0
successful result
output: [0 bytes] :
mechanism: EXTERNAL
%cat cyrus\u sasl\u ex.c
/*使用Cyrus SASL api的示例*/
#包括/*用于printf()*/
#包括/*用于sasl_客户机*()、sasl_*、sasl_*\t*/
int main()
{
char const*output=NULL;
无符号outlen=0;
char const*机制=NULL;
萨斯勒康涅狄格州;
#定义打印结果(x)do\
{\
int const_uuuresult=(x)\
printf(“%s==%d\n\t%s\n”、#x、#u结果、sasl_错误字符串(#u结果、NULL、NULL))\
如果(_结果<0)转到完成\
}\
而(0)
打印结果(sasl客户端初始化(NULL));
打印结果(sasl_客户机_新(“假”、“假”、“假”.mcfaker.ton”、“127.0.0.1”、“127.255.255.1”、空、0和连接”);
打印结果(sasl_setprop(连接,sasl_AUTH_外部,“假授权”);
打印结果(sasl客户端启动(连接、外部、空、输出、输出和机制));
完成:
#未定义打印结果
printf(“输出:[%d字节]:%s\n”,outlen,(输出?输出:“NULL”);
printf(“机制:%s\n”,(机制?机制:“NULL”);
返回0;
}
%gcc-I/sw/include-L/sw/lib-lsasl2 cyrus_sasl_ex.c-o cyrus_sasl_ex
%/cyrus_sasl_ex
sasl_客户端_初始化(NULL)==0
成功的结果
sasl_客户端_新建(“假”、“假”、“假.mcfaker.ton”、“127.0.0.1”、“127.255.255.1”、NULL、0和conn)=0
成功的结果
sasl_setprop(连接,sasl_认证,外部,“假授权”)==0
成功的结果
sasl_客户端_启动(连接、外部、空、输出、输出和机制)=0
成功的结果
输出:[0字节]:
机制:外部
然而,由于预装在OS X 10.5上的Cyrus SASL版本有一个bug,使得外部插件需要一个SASL\u CB\u用户
回调并传递一个空指针来存储其返回值,这仍然意味着我必须在所有这些机器上更新Cyrus SASL
或者,我可能只是围绕这个bug编写代码。这是因为Cyrus SASL编译时没有任何机制(默认情况下,它们被假定为动态链接)。因此,如果没有动态链接的机制,它将报告没有匹配机制
因此,更好的答案是使用静态链接的机制(在Cyrus包中称为插件)重新编译Cyrus SASL。如果查看config.h头并#将相应的静态定义定义定义为1,然后重新编译(我手动将插件源从plugins dir添加到libsasl2.a存档)。然后,当你链接这个库时,你不会得到那个错误(没有你找到的解决方法)
% cat cyrus_sasl_ex.c
/* Example of using the Cyrus SASL api */
#include <stdio.h> /* for printf() */
#include <sasl/sasl.h> /* for sasl_client_*(), SASL_*, sasl_*_t */
int main()
{
char const * output = NULL;
unsigned outlen = 0;
char const * mechanism = NULL;
sasl_conn_t * conn;
# define PRINT_RESULT( x ) do\
{\
int const __result = (x);\
printf("%s == %d\n\t%s\n", #x, __result, sasl_errstring(__result,NULL,NULL));\
if (__result < 0) goto done;\
}\
while (0)
PRINT_RESULT( sasl_client_init( NULL ) );
PRINT_RESULT( sasl_client_new( "fake", "fakey.mcfaker.ton", "127.0.0.1", "127.255.255.1", NULL, 0, &conn) );
PRINT_RESULT( sasl_setprop( conn, SASL_AUTH_EXTERNAL, "fake authority" ) );
PRINT_RESULT( sasl_client_start( conn, "EXTERNAL", NULL, &output, &outlen, &mechanism) );
done:
# undef PRINT_RESULT
printf("output: [%d bytes] : %s\n", outlen, (output ? output : "NULL") );
printf("mechanism: %s\n", (mechanism ? mechanism : "NULL"));
return 0;
}
% gcc -I/sw/include -L/sw/lib -lsasl2 cyrus_sasl_ex.c -o cyrus_sasl_ex
% ./cyrus_sasl_ex
sasl_client_init( NULL ) == 0
successful result
sasl_client_new( "fake", "fakey.mcfaker.ton", "127.0.0.1", "127.255.255.1", NULL, 0, &conn) == 0
successful result
sasl_setprop( conn, SASL_AUTH_EXTERNAL, "fake authority" ) == 0
successful result
sasl_client_start( conn, "EXTERNAL", NULL, &output, &outlen, &mechanism) == 0
successful result
output: [0 bytes] :
mechanism: EXTERNAL