/*

 * cyrus-sasl-extern.c - Module for Cyrus sasl external authentication.

 *

 *   Copyright 2010 Ian Kent <raven@themaw.net>

 *   Copyright 2010 Red Hat, Inc.

 *   All rights reserved.

 *

 *   This program is free software; you can redistribute it and/or modify

 *   it under the terms of the GNU General Public License as published by

 *   the Free Software Foundation, Inc., 675 Mass Ave, Cambridge MA 02139,

 *   USA; either version 2 of the License, or (at your option) any later

 *   version.

 *

 *   This program is distributed in the hope that it will be useful,

 *   but WITHOUT ANY WARRANTY; without even the implied warranty of

 *   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the

 *   GNU General Public License for more details.

 */

#include "config.h"

#ifdef WITH_SASL

#include <stdio.h>

#include <stdlib.h>

#include <string.h>

#include <unistd.h>

#include <sasl/sasl.h>

#include <ldap.h>

#include <ldap_cdefs.h>

#include <lber_types.h>

#include "lookup_ldap.h"

struct values {

	char *mech;

	char *realm;

	char *authcid;

	char *authzid;

	char *password;

	char **resps;

	int nresps;

};

static int interaction(unsigned flags, sasl_interact_t *interact, void *values)

{

	const char *val = interact->defresult;

	struct values *vals = values;

	switch(interact->id) {

	case SASL_CB_GETREALM:

		if (values)

			val = vals->realm;

		break;

	case SASL_CB_AUTHNAME:

		if (values)

			val = vals->authcid;

		break;

	case SASL_CB_PASS:

		if (values)

			val = vals->password;

		break;

	case SASL_CB_USER:

		if (values)

			val = vals->authzid;

		break;

	case SASL_CB_NOECHOPROMPT:

	case SASL_CB_ECHOPROMPT:

		break;

	}

	if (val && !*val)

		val = NULL;

	if (val || interact->id == SASL_CB_USER) {

		interact->result = (val && *val) ? val : "";

		interact->len = strlen(interact->result);

	}

	return LDAP_SUCCESS;

}

int sasl_extern_interact(LDAP *ldap, unsigned flags, void *values, void *list)

{

	sasl_interact_t *interact = list;

	if (!ldap)

		return LDAP_PARAM_ERROR;

	while (interact->id != SASL_CB_LIST_END) {

		int rc = interaction(flags, interact, values);

		if (rc)

			return rc;

		interact++;

	}

	return LDAP_SUCCESS;

}

int do_sasl_extern(LDAP *ldap, struct lookup_context *ctxt)

{

	int flags = LDAP_SASL_QUIET;

	char *mech = ctxt->sasl_mech;

	struct values values;

	int rc;

	memset(&values, 0, sizeof(struct values));

	values.mech = mech;

	rc = ldap_sasl_interactive_bind_s(ldap, NULL, mech, NULL, NULL,

					  flags, sasl_extern_interact, &values);

	return rc;

}

#endif