From c3e1da0bdafc30af758fa94c79111f3573aee743 Mon Sep 17 00:00:00 2001 From: Quanah Gibson-Mount Date: Thu, 27 Feb 2020 20:22:42 +0000 Subject: [PATCH] Fixes #596 - Remove java plugin Removes the java plugin --- Makefile.am | 7 +- config/sasl.spec | 2 +- configure.ac | 55 - java/.cvsignore | 5 - java/CyrusSasl/.cvsignore | 8 - java/CyrusSasl/ClientFactory.java | 79 - java/CyrusSasl/GenericClient.java | 197 --- java/CyrusSasl/GenericCommon.java | 294 ---- java/CyrusSasl/GenericServer.java | 86 - java/CyrusSasl/Makefile.am | 64 - java/CyrusSasl/Sasl.java | 122 -- java/CyrusSasl/SaslClient.java | 23 - java/CyrusSasl/SaslClientFactory.java | 16 - java/CyrusSasl/SaslException.java | 41 - java/CyrusSasl/SaslInputStream.java | 208 --- java/CyrusSasl/SaslOutputStream.java | 109 -- java/CyrusSasl/SaslServer.java | 20 - java/CyrusSasl/SaslServerFactory.java | 17 - java/CyrusSasl/SaslUtils.java | 202 --- java/CyrusSasl/ServerFactory.java | 105 -- java/CyrusSasl/javasasl.c | 930 ----------- java/Makefile.am | 27 - java/README | 37 - java/Test/.cvsignore | 5 - java/Test/Handler.java | 111 -- java/Test/Makefile.am | 27 - java/Test/ServerHandler.java | 112 -- java/Test/jimtest-compile.sh | 2 - java/Test/jimtest.java | 304 ---- java/Test/jimtest.sh | 10 - java/Test/testserver.java | 175 -- java/doc/.cvsignore | 5 - java/doc/draft-weltman-java-sasl-02.txt | 1444 ----------------- java/javax/.cvsignore | 5 - java/javax/Makefile.am | 42 - java/javax/security/.cvsignore | 5 - java/javax/security/Makefile.am | 42 - java/javax/security/auth/.cvsignore | 6 - java/javax/security/auth/Makefile.am | 43 - java/javax/security/auth/callback/.cvsignore | 7 - .../security/auth/callback/Callback.java | 13 - .../auth/callback/CallbackHandler.java | 8 - java/javax/security/auth/callback/Makefile.am | 55 - .../security/auth/callback/NameCallback.java | 40 - .../auth/callback/PasswordCallback.java | 34 - .../security/auth/callback/RealmCallback.java | 40 - .../UnsupportedCallbackException.java | 25 - 47 files changed, 2 insertions(+), 5212 deletions(-) delete mode 100644 java/.cvsignore delete mode 100644 java/CyrusSasl/.cvsignore delete mode 100644 java/CyrusSasl/ClientFactory.java delete mode 100644 java/CyrusSasl/GenericClient.java delete mode 100644 java/CyrusSasl/GenericCommon.java delete mode 100644 java/CyrusSasl/GenericServer.java delete mode 100644 java/CyrusSasl/Makefile.am delete mode 100644 java/CyrusSasl/Sasl.java delete mode 100644 java/CyrusSasl/SaslClient.java delete mode 100644 java/CyrusSasl/SaslClientFactory.java delete mode 100644 java/CyrusSasl/SaslException.java delete mode 100644 java/CyrusSasl/SaslInputStream.java delete mode 100644 java/CyrusSasl/SaslOutputStream.java delete mode 100644 java/CyrusSasl/SaslServer.java delete mode 100644 java/CyrusSasl/SaslServerFactory.java delete mode 100644 java/CyrusSasl/SaslUtils.java delete mode 100644 java/CyrusSasl/ServerFactory.java delete mode 100644 java/CyrusSasl/javasasl.c delete mode 100644 java/Makefile.am delete mode 100644 java/README delete mode 100644 java/Test/.cvsignore delete mode 100644 java/Test/Handler.java delete mode 100644 java/Test/Makefile.am delete mode 100644 java/Test/ServerHandler.java delete mode 100755 java/Test/jimtest-compile.sh delete mode 100644 java/Test/jimtest.java delete mode 100755 java/Test/jimtest.sh delete mode 100644 java/Test/testserver.java delete mode 100644 java/doc/.cvsignore delete mode 100644 java/doc/draft-weltman-java-sasl-02.txt delete mode 100644 java/javax/.cvsignore delete mode 100644 java/javax/Makefile.am delete mode 100644 java/javax/security/.cvsignore delete mode 100644 java/javax/security/Makefile.am delete mode 100644 java/javax/security/auth/.cvsignore delete mode 100644 java/javax/security/auth/Makefile.am delete mode 100644 java/javax/security/auth/callback/.cvsignore delete mode 100644 java/javax/security/auth/callback/Callback.java delete mode 100644 java/javax/security/auth/callback/CallbackHandler.java delete mode 100644 java/javax/security/auth/callback/Makefile.am delete mode 100644 java/javax/security/auth/callback/NameCallback.java delete mode 100644 java/javax/security/auth/callback/PasswordCallback.java delete mode 100644 java/javax/security/auth/callback/RealmCallback.java delete mode 100644 java/javax/security/auth/callback/UnsupportedCallbackException.java diff --git a/Makefile.am b/Makefile.am index 83dae6f8..f7d3b22e 100644 --- a/Makefile.am +++ b/Makefile.am @@ -59,18 +59,13 @@ SAM = sample else SAM = endif -if JAVA -JAV = java -else -JAV = -endif if MACOSX INSTALLOSX = install-exec-local-osx else INSTALLOSX = endif -SUBDIRS=include sasldb common lib plugins utils $(PWC) $(SAM) $(JAV) $(SAD) +SUBDIRS=include sasldb common lib plugins utils $(PWC) $(SAM) $(SAD) EXTRA_DIST=config doc docsrc win32 mac dlcompat-20010505 NTMakefile \ INSTALL.TXT libsasl2.pc.in diff --git a/config/sasl.spec b/config/sasl.spec index 12f62e9c..e45046bf 100644 --- a/config/sasl.spec +++ b/config/sasl.spec @@ -72,7 +72,7 @@ This plugin implements the SASL SCRAM-SHA-1/SCRAM-SHA-2 mechanism. %setup %build -./configure --prefix=/usr --disable-java +./configure --prefix=/usr make %install diff --git a/configure.ac b/configure.ac index 27e407bb..c8d1a318 100644 --- a/configure.ac +++ b/configure.ac @@ -152,54 +152,6 @@ if test "$with_purify" = yes; then AC_CHECK_PROGS(PURIFY, purify) fi -AC_ARG_ENABLE(java, [ --enable-java compile Java support [[no]]], - enable_java=$enableval, enable_java=no) -if test "$enable_java" = yes; then - AC_PATH_PROG(JAVAC, javac, no) - AC_PATH_PROGS(JAVAH, javah kaffeh, no) - AC_CHECK_PROGS(JAVADOC, javadoc, :) - if test "$JAVAC" = "no" -o "$JAVAH" = "no"; then - AC_WARN([Disabling Java support]) - enable_java=no - fi -else -# Make distcheck work - JAVAC="true" - JAVAH="true" - JAVADOC="true" -fi -AM_CONDITIONAL(JAVA, test "$enable_java" = yes) - -if test "$enable_java" = yes; then - AC_MSG_CHECKING([JNI cpp flags]) - AC_CACHE_VAL(sasl_cv_java_includes,[ - if test `echo $JAVAH | sed 's,.*/,,'` = "kaffeh"; then - sasl_cv_java_includes=-I`echo $JAVAH | sed -e 's,/bin.*,/include/kaffe,'` - else - java_base=`echo $JAVAC | sed 's,/bin.*,'','` - - AC_ARG_WITH(javabase, [ --with-javabase=PATH set path to find jni.h in [/usr/java/include] ], - java_base=$withval,) - - - sasl_cv_java_includes='' - for dir in `find ${java_base}/include -follow -type d -print | grep -v green_threads`; do - sasl_cv_java_includes="${sasl_cv_java_includes} -I$dir" - done - fi - - sasl_cv_java_includes="${sasl_cv_java_includes} -I$javapath/include"]) - - JAVA_INCLUDES=$sasl_cv_java_includes - AC_SUBST(JAVA_INCLUDES) - AC_MSG_RESULT(ok) - - JAVAROOT=".." - AC_SUBST(JAVAROOT) - JAVAC=`echo "$JAVAC" | sed 's,.*/,,'` - JAVAH=`echo "$JAVAH" | sed 's,.*/,,'` -fi - AM_CONDITIONAL(SAMPLE, test "$enable_sample" = yes) dnl call before we do the berkeley DB checks @@ -1564,13 +1516,6 @@ plugins/Makefile lib/Makefile utils/Makefile sample/Makefile -java/Makefile -java/CyrusSasl/Makefile -java/Test/Makefile -java/javax/Makefile -java/javax/security/Makefile -java/javax/security/auth/Makefile -java/javax/security/auth/callback/Makefile pwcheck/Makefile) AC_MSG_NOTICE([ diff --git a/java/.cvsignore b/java/.cvsignore deleted file mode 100644 index 13bb78db..00000000 --- a/java/.cvsignore +++ /dev/null @@ -1,5 +0,0 @@ -Makefile.in -Makefile -.deps -.libs -*.l[ao] diff --git a/java/CyrusSasl/.cvsignore b/java/CyrusSasl/.cvsignore deleted file mode 100644 index cfc88270..00000000 --- a/java/CyrusSasl/.cvsignore +++ /dev/null @@ -1,8 +0,0 @@ -Makefile.in -Makefile -.deps -.libs -*.l[ao] -*.class -*.stamp -javasasl.h diff --git a/java/CyrusSasl/ClientFactory.java b/java/CyrusSasl/ClientFactory.java deleted file mode 100644 index 7e4f40ec..00000000 --- a/java/CyrusSasl/ClientFactory.java +++ /dev/null @@ -1,79 +0,0 @@ -package CyrusSasl; - -import java.util.Hashtable; -import javax.security.auth.callback.*; - -class ClientFactory implements SaslClientFactory -{ - - public ClientFactory() - { - - } - - /* JNI functions */ - private native int jni_sasl_client_init(String appname); - private native int jni_sasl_client_new(String service, - String serverFQDN, - int secflags, boolean successdata); - - - private boolean init_client(String appname) - { - /* load library */ - try { - System.loadLibrary("javasasl"); - } catch (UnsatisfiedLinkError e) { - /* xxx */ - System.out.println("Unable to load javasasl library"); - } - - jni_sasl_client_init(appname); - - return true; - } - - /* initialize the client when the class is loaded */ - { - init_client("javasasl application"); - } - - public SaslClient createSaslClient(String[] mechanisms, - String authorizationId, - String protocol, - String serverName, - Hashtable props, - javax.security.auth.callback.CallbackHandler cbh) - throws SaslException - { - int cptr; - boolean successdata = true; - - // here's a list of protocols we know don't have success data - if (protocol.equals("imap") || - protocol.equals("pop3") || - protocol.equals("smtp")) { - successdata = false; - } - - cptr = jni_sasl_client_new(protocol, serverName, 0, successdata); - - if (cptr == 0) { - throw new SaslException("Unable to create new Client connection object", new Throwable()); - } - - /* create the mechlist the way our library likes to see it */ - String mechlist=""; - - for (int lup=0;lup 0) { - return new SaslInputStream(source,this); - } else { - // no security layer, no indirection needed - return source; - } - } - - public OutputStream getOutputStream(OutputStream dest) throws IOException - { - if (getSecurity() > 0) { - return new SaslOutputStream(dest,this); - } else { - // no security layer, no indirection needed - return dest; - } - } - - public byte[] createInitialResponse(){ - /* xxx this is deprecated */ - return initial_response; - } -} diff --git a/java/CyrusSasl/GenericCommon.java b/java/CyrusSasl/GenericCommon.java deleted file mode 100644 index 39ef0d23..00000000 --- a/java/CyrusSasl/GenericCommon.java +++ /dev/null @@ -1,294 +0,0 @@ -package CyrusSasl; - -import java.util.Hashtable; -import java.net.*; - -/** - * @version 1.0 - * @author Tim Martin - */ - -public abstract class GenericCommon -{ - - /* These are the jni functions called by the routines in common - * see javasasl.c for their implementations - */ - - private native void jni_sasl_set_prop_string(int ptr, int propnum, String value); - private native void jni_sasl_set_prop_int(int ptr, int propnum, int value); - private native void jni_sasl_set_prop_bytes(int ptr, int propnum, byte[] value); - private native void jni_sasl_set_server(int ptr, byte []ipnum, int port); - private native void jni_sasl_set_client(int ptr, byte []ipnum, int port); - private native void jni_sasl_setSecurity(int ptr, int minssf, int maxssf); - private native int jni_sasl_getSecurity(int ptr); - private native byte[] jni_sasl_encode(int ptr, byte[] in,int len); - private native byte[] jni_sasl_decode(int ptr, byte[] in,int len); - private native void jni_sasl_dispose(int ptr); - - /** - * security layer security strength factor - */ - public static int SASL_SSF =1; - - public static int SASL_MAXOUTBUF=2; /* security layer max output buf unsigned */ - public static int SASL_REALM =3; /* server authentication realm used */ - public static int SASL_GETOPTCTX=4; /* context for getopt callback */ - - - /** - * Local sockaddr_in (use setServer and setClient to set this) - */ - public static int SASL_IP_LOCAL =5; - - /** - * Remote sockaddr_in (use setClient and setServer to set this) - */ - - public static int SASL_IP_REMOTE =6; - - /** - * External security factor (use setSecurity to set this) - */ - public static int SASL_SSF_EXTERNAL=100; - public static int SASL_SEC_PROPS =101; /* sasl_security_properties_t */ - - - int ptr; // this is the actual pointer to sasl_conn_t - int ssfactive; // active ssf on this connection - - boolean finished; - - public boolean done() { return finished; } - - /** - * Set a SASL property that takes a string value - * - * @param PROPERTY one of the property constants - * @param value string value - */ - - public void setproperty(int PROPERTY, String value) - { - jni_sasl_set_prop_string(ptr,PROPERTY,value); - } - - /** - * Set a SASL property that takes a integer value - * - * @param PROPERTY one of the property constants - * @param value integer value - */ - - public void setproperty(int PROPERTY, int value) - { - jni_sasl_set_prop_int(ptr,PROPERTY,value); - } - - /** - * Set a SASL property that takes a byte[] value - * - * @param PROPERTY one of the property constants - * @param value byte[] value - */ - - public void setproperty(int PROPERTY, byte[] value) - { - jni_sasl_set_prop_bytes(ptr,PROPERTY,value); - } - - /** - * Set the SASL properties for the server - * This sets the IP address and port - * - * @param name String of name of server (e.g. cyrus.andrew.cmu.edu) - * @param port port connected to on that server - */ - - private boolean setRemoteIP(String name,int port) - { - byte[]ip=null; - try { - InetAddress server=InetAddress.getByName(name); - ip=server.getAddress(); - } catch (UnknownHostException e) { - return false; - } - - jni_sasl_set_server(ptr, ip, port); - return true; - } - - /** - * Set the SASL properties for the client - * This sets the IP address and port - * - * @param name String of local cannonical name (e.g. myhostname.andrew.cmu.edu) - * @param port port connecting - */ - - private boolean setLocalIP(String name, int port) - { - byte[]ip=null; - try { - InetAddress server=InetAddress.getByName(name); - ip=server.getAddress(); - } catch (UnknownHostException e) { - return false; - } - - jni_sasl_set_client(ptr, ip, port); - return true; - } - - /** - * Set the SASL properties for the client - * This sets the IP address and port - * - * @param local local InetAdress - * @param port port connecting - */ - - public boolean setClient(InetAddress local,int port) - { - byte[]ip=local.getAddress(); - - jni_sasl_set_client(ptr, ip, port); - - return true; - } - - /** - * Set the SASL properties for the client - * This sets the IP address and port - * The local IP address is determined with InetAddress.getLocalHost() - * - * @param port port connecting - */ - - public boolean setClient(int port) - { - try { - return setClient(InetAddress.getLocalHost(),port); - } catch (UnknownHostException e) { - return false; - } - } - - /** - * Sets the security properties for the session - * - * @param external external security strength - * @param minssf minimum security needed - * @param maxssf maximum security to negotiate - * - * @return if the propery was set sucessfully or not - */ - - - public boolean setSecurity(int external, int minssf, int maxssf) - { - /* setproperty(SASL_SSF_EXTERNAL, external); */ - - jni_sasl_setSecurity(ptr,minssf,maxssf); - - return true; - } - - public int getSecurity() { - return jni_sasl_getSecurity(ptr); - } - - /** - * Encode a String with the negotiated layer - * - * @param in String to be encoded - * @return the encoded string represented at a byte[] - */ - public byte[] encode(byte[] in) - { - - byte[] out=jni_sasl_encode(ptr,in,in.length); - - return out; - } - - /** - * Decode a byte[] with the negotiated layer - * - * @param in byte[] to be decoded - * @param len number of bytes to be decoded - * @return the decoded string represented at a byte[] - */ - public byte[] decode(byte[] in, int len) - { - - byte[] out=jni_sasl_decode(ptr,in,len); - - return out; - } - - /** - * Decode a String with the negotiated layer. NOTE: Be careful with - * this function. International or high ascii characters may do strange - * things. The byte[] method is preferred - * - * @param in String to be decoded - * @return the decoded string represented at a byte[] - */ - public byte[] decode(String in) - { - return decode(in.getBytes(),in.length()); - } - - protected void setcommonproperties(Hashtable props) - { - int i_ssfmin = 0; - String s_ssfmin=(String) props.get("javax.security.sasl.encryption.minimum"); - if (s_ssfmin!=null) i_ssfmin = Integer.parseInt(s_ssfmin); - - int i_ssfmax = 256; - String s_ssfmax=(String) props.get("javax.security.sasl.encryption.maximum"); - if (s_ssfmax!=null) i_ssfmax = Integer.parseInt(s_ssfmax); - - - int i_external = 0; - /* String external=(String) props.getProperty("security.policy.encryption.external", - */ - - setSecurity(i_external, - i_ssfmin, - i_ssfmax); - - String iplocal = (String) props.get("javax.security.sasl.ip.local"); - if (iplocal!=null) setLocalIP(iplocal,0); - - String ipremote = (String) props.get("javax.security.sasl.ip.remote"); - if (ipremote!=null) setRemoteIP(ipremote,0); - - /* String maxbuf=props.getProperty("security.maxbuf","65000"); */ - /* xxx this raises an exception for some reason - setproperty(SASL_MAXOUTBUF,Integer.parseInt(maxbuf)); */ - } - - - final protected void finalize () throws Throwable - { - jni_sasl_dispose(ptr); - } - - protected boolean complete = false; - - public boolean isComplete() - { - return complete; - } - - /* called by JNI layer */ - public void setcomplete(int a) - { - complete = true; - } - - -} diff --git a/java/CyrusSasl/GenericServer.java b/java/CyrusSasl/GenericServer.java deleted file mode 100644 index 7baa2074..00000000 --- a/java/CyrusSasl/GenericServer.java +++ /dev/null @@ -1,86 +0,0 @@ -package CyrusSasl; - -import javax.security.auth.callback.*; -import java.io.*; - -public class GenericServer extends GenericCommon implements SaslServer -{ - - private byte[]initial_response; - private String mechanism; - private javax.security.auth.callback.CallbackHandler cbh; - private boolean started = false; - - /* JNI functions */ - private native byte[] jni_sasl_server_start(int ptr, - String mech, byte[]in, int inlen); - - private native byte[] jni_sasl_server_step(int ptr, - byte[] in, - int inlen); - - GenericServer(int cptr, String mechanism, - java.util.Hashtable props, - javax.security.auth.callback.CallbackHandler cbh) - { - ptr=cptr; - this.cbh = cbh; - this.mechanism = mechanism; - started = false; - - - /* set properties */ - super.setcommonproperties(props); - } - - - public byte[] evaluateResponse(byte[] response) throws SaslException - { - byte[] out; - byte[] in; - int inlen; - - if (response == null) - { - in=null; - inlen = 0; - } else { - in = response; - inlen = response.length; - } - - if (started == false) { - out=jni_sasl_server_start(ptr, mechanism,in,inlen); - started = true; - } else { - out=jni_sasl_server_step(ptr,in,inlen); - } - - return out; - } - - public String getMechanismName() - { - return mechanism; - } - - public InputStream getInputStream(InputStream source) throws IOException - { - if (getSecurity() > 0) { - return new SaslInputStream(source,this); - } else { - // no security layer, no indirection needed - return source; - } - } - - public OutputStream getOutputStream(OutputStream dest) throws IOException - { - if (getSecurity() > 0) { - return new SaslOutputStream(dest,this); - } else { - // no security layer, no indirection needed - return dest; - } - } -} diff --git a/java/CyrusSasl/Makefile.am b/java/CyrusSasl/Makefile.am deleted file mode 100644 index 1ce772aa..00000000 --- a/java/CyrusSasl/Makefile.am +++ /dev/null @@ -1,64 +0,0 @@ -# Makefile.am for the Java SASL library -# Rob Earhart -# -################################################################ -# Copyright 1998 by Carnegie Mellon University -# -# All Rights Reserved -# -#Permission to use, copy, modify, and distribute this software and its -#documentation for any purpose and without fee is hereby granted, -#provided that the above copyright notice appear in all copies and that -#both that copyright notice and this permission notice appear in -#supporting documentation, and that the name of Carnegie Mellon University -#not be used in advertising or publicity pertaining to distribution of the -#software without specific, written prior permission. -# -#CARNEGIE MELLON UNIVERSITY DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS -#SOFTWARE, INCLUDING #ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, -#IN NO EVENT SHALL CARNEGIE MELLON UNIVERSITY BE LIABLE FOR ANY SPECIAL, -#INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM -#LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE -#OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR -#PERFORMANCE OF THIS SOFTWARE. -################################################################ - -javasasl_version = 1:0:0 - -javasasldir = $(prefix)/lib/java/classes/sasl/CyrusSasl -javahtmldir = $(prefix)/html/sasl - -AM_CPPFLAGS=-I$(top_srcdir)/include $(JAVA_INCLUDES) - -javasasl_JAVA = Sasl.java GenericClient.java \ - ClientFactory.java \ - GenericCommon.java SaslClient.java \ - SaslClientFactory.java SaslException.java \ - SaslInputStream.java SaslOutputStream.java\ - SaslUtils.java ServerFactory.java \ - SaslServerFactory.java SaslServer.java \ - GenericServer.java -EXTRA_DIST = $(javasasl_JAVA) -CLASSES = $(javasasl_JAVA:.java=.class) - -lib_LTLIBRARIES = libjavasasl.la -libjavasasl_la_SOURCES = javasasl.h javasasl.c -libjavasasl_la_LDFLAGS = -export_dynamic -L../../lib/.libs -lsasl2 -version-info $(javasasl_version) $(wildcard ../lib/*.lo) -BUILT_SOURCES = javasasl.h $(CLASSES) - -$(srcdir)/javasasl.c: javasasl.h - -javasasl.h: $(CLASSES) - $(CLASSPATH_ENV) $(JAVAH) -o $@ -jni $(patsubst %.class,CyrusSasl.%,$^) - -# force build of class files -$(CLASSES): classjavasasl.stamp - -#install-data-local: -# xxx broken -# $(mkinstalldirs) $(javahtmldir) -# $(CLASSPATH_ENV) $(JAVADOC) -d $(javahtmldir) sasl -# -if test ! -h $(javahtmldir)/images; \ -# then \ -# $(LN_S) $(JAVA_BASE)/docs/api/images $(javahtmldir)/images; \ -# fi diff --git a/java/CyrusSasl/Sasl.java b/java/CyrusSasl/Sasl.java deleted file mode 100644 index 5368757d..00000000 --- a/java/CyrusSasl/Sasl.java +++ /dev/null @@ -1,122 +0,0 @@ -package CyrusSasl; - -import java.util.Hashtable; -import javax.security.auth.callback.*; - -public class Sasl -{ - - private static SaslClientFactory client_factory = null; - private static SaslServerFactory server_factory = null; - - /* - Creates a SaslClient using the parameters supplied. It returns null - if no SaslClient can be created using the parameters supplied. Throws - SaslException if it cannot create a SaslClient because of an error. - - The algorithm for selection is as follows: - - 1. If a factory has been installed via setSaslClientFactory(), try it - first. If non-null answer produced, return it. - 2. Use the packages listed in the javax.security.sasl.client.pkgs - property from props to load in a factory and try to create a - SaslClient, by looking for a class named ClientFactory. Repeat - this for each package on the list until a non-null answer is - produced. If non-null answer produced, return it. - 3. Repeat previous step using the javax.security.sasl.client.pkgs - System property. - 4. If no non-null answer produced, return null. - - Parameters are: - - mechanisms The non-null list of mechanism names to try. Each - is the IANA-registered name of a SASL mechanism. - (e.g. "GSSAPI", "CRAM-MD5"). - - - - authorizationID The possibly null protocol-dependent - identification to be used for authorization, e.g. - user name or distinguished name. When the SASL - authentication completes successfully, the entity - named by authorizationId is granted access. If - null, access is granted to a protocol-dependent - default (for example, in LDAP this is the DN in - the bind request). - - protocol The non-null string name of the protocol for - which the authentication is being performed, e.g - "pop", "ldap". - - serverName The non-null fully qualified host name of the - server to authenticate to. - - props The possibly null additional configuration - properties for the session, e.g. - - */ - - public static SaslClient - createSaslClient(String[] mechanisms, - String authorizationID, - String protocol, - String serverName, - Hashtable props, - javax.security.auth.callback.CallbackHandler cbh) throws SaslException - { - if (client_factory == null) - { - client_factory = new ClientFactory(); - } - - return client_factory.createSaslClient(mechanisms, - authorizationID, - protocol, - serverName, - props, - cbh); - } - - public static void setSaslClientFactory(SaslClientFactory fac) { - client_factory = fac; - } - - public static void setSaslServerFactory(SaslServerFactory fac) { - server_factory = fac; - } - - - public static SaslServer CreateSaslServer(String mechanism, - String protocol, - String serverName, - Hashtable props, - javax.security.auth.callback.CallbackHandler cbh) - throws SaslException - { - if (server_factory == null) - { - server_factory = new ServerFactory(); - } - - return server_factory.createSaslServer(mechanism, - protocol, - serverName, - props, - cbh); - } - - public static String[] getMechanismNames() - { - if (server_factory == null) - { - server_factory = new ServerFactory(); - } - - return server_factory.getMechanismNames(); - } - - - - - -} diff --git a/java/CyrusSasl/SaslClient.java b/java/CyrusSasl/SaslClient.java deleted file mode 100644 index 1115564d..00000000 --- a/java/CyrusSasl/SaslClient.java +++ /dev/null @@ -1,23 +0,0 @@ -package CyrusSasl; - -import java.io.*; - -public interface SaslClient -{ - public byte[] - evaluateChallenge(byte[] challenge) - throws SaslException; - - - public boolean hasInitialResponse(); - - public boolean isComplete(); - - public String getMechanismName(); - - public InputStream getInputStream(InputStream source) throws IOException; - - public OutputStream getOutputStream(OutputStream dest) throws IOException; - - -} diff --git a/java/CyrusSasl/SaslClientFactory.java b/java/CyrusSasl/SaslClientFactory.java deleted file mode 100644 index 7f8146ee..00000000 --- a/java/CyrusSasl/SaslClientFactory.java +++ /dev/null @@ -1,16 +0,0 @@ -package CyrusSasl; - -import java.util.Hashtable; - -public interface SaslClientFactory -{ - - public SaslClient createSaslClient(String[] mechanisms, - String authorizationId, - String protocol, - String serverName, - Hashtable props, - javax.security.auth.callback.CallbackHandler cbh) - throws SaslException; - -} diff --git a/java/CyrusSasl/SaslException.java b/java/CyrusSasl/SaslException.java deleted file mode 100644 index 008334d0..00000000 --- a/java/CyrusSasl/SaslException.java +++ /dev/null @@ -1,41 +0,0 @@ -package CyrusSasl; - -import java.io.IOException; - -public class SaslException extends IOException -{ - private int foo; - - public SaslException() - { - super(); - foo = 3; - - } - - public SaslException(String message) - { - super(message); - } - - public SaslException(String message, - Throwable ex) - { - - } - - public Throwable getException() - { - return null; - } - - public void printStackTrace() - { - - } - - - - - -} diff --git a/java/CyrusSasl/SaslInputStream.java b/java/CyrusSasl/SaslInputStream.java deleted file mode 100644 index 9ddaf3d2..00000000 --- a/java/CyrusSasl/SaslInputStream.java +++ /dev/null @@ -1,208 +0,0 @@ -package CyrusSasl; - -import java.io.*; - -public class SaslInputStream extends InputStream -{ - static final boolean DoEncrypt = true; - static final boolean DoDebug = false; - private static int BUFFERSIZE = 16384; - - // if bufferend < bufferstart, we've wrapped around - private byte[] buffer=new byte[BUFFERSIZE]; - private int bufferstart = 0; - private int bufferend = 0; - private int size = 0; - - private GenericCommon conn; - - public InputStream in; - - public SaslInputStream(InputStream in, GenericCommon conn) - { - if (DoDebug) { - System.err.println("DEBUG constructing SaslInputStream"); - } - this.in = in; - this.conn = conn; - } - - public synchronized int available() throws IOException - { - int ina = in.available(); - if (ina > 1) ina = 1; - - return size + ina; - } - - private void buffer_add(byte[] str,int len) throws IOException - { - if (str == null) { - // nothing to add - return; - } - - byte[] b = str; - - /* xxx this can be optimized */ - for (int lup=0;lup= BUFFERSIZE) { - throw new IOException(); - } - } - } - - private void buffer_add(byte[] str) throws IOException - { - buffer_add(str,str.length); - } - - private void readsome() throws IOException - { - int len=in.available(); - - if (DoDebug) { - System.err.println("DEBUG in readsome(), avail " + len); - } - - if (len > BUFFERSIZE || len == 0) - len = BUFFERSIZE; - - byte[]tmp=new byte[len]; - len = in.read(tmp); - - if (len>0) { - if (DoEncrypt) { - buffer_add( conn.decode(tmp,len) ); - } else { - buffer_add(tmp, len); - } - } - } - - public synchronized void close() throws IOException - { - super.close(); - } - - public synchronized void reset() throws IOException - { - throw new IOException(); - } - - public synchronized void mark(int readlimit) - { - return; - } - - public boolean markSupported() - { - return false; - } - - /* read a single byte */ - public synchronized int read() throws IOException - { - int ret; - - if (DoDebug) { - System.err.println("DEBUG in read(), size " + size); - } - if (size == 0) { - readsome(); - } - - if (size == 0) { - if (DoDebug) { - System.err.println("DEBUG read() returning -1"); - } - return -1; - } - - ret = buffer[bufferstart]; - bufferstart = (bufferstart + 1) % BUFFERSIZE; - size--; - - if (DoDebug) { - System.err.println("DEBUG read() returning " + ret); - } - return ret; - } - - public synchronized int read(byte b[]) throws IOException - { - return read(b,0,b.length); - } - - public synchronized int read(byte b[], - int off, - int len) throws IOException - { - if (DoDebug) { - System.err.println("DEBUG in read(b, off, len), size " + size); - } - if (off < 0 || len < 0) { - throw new IndexOutOfBoundsException(); - } - if (len == 0) { - return 0; - } - - // block only if we need to - if (size == 0) { - readsome(); - if (size == 0) { - if (DoDebug) { - System.err.println("DEBUG read(b, off, len) returning -1"); - } - return -1; - } - } - - int l; - for (l = off; l < len + off; l++) { - if (bufferstart == bufferend) break; - - b[l] = buffer[bufferstart]; - bufferstart = (bufferstart + 1) % BUFFERSIZE; - size--; - } - - if (DoDebug) { - System.err.println("DEBUG read() returning " + (l - off)); - } - return l - off; - } - - public synchronized long skip(long n) throws IOException - { - if (n<=0) return 0; - - long toskip = n; - while (toskip > 0) { - if (size == 0) { - readsome(); - if (size == 0) { - return n - toskip; - } - } - - if (toskip > size) { - toskip -= size; - bufferstart = bufferend = size = 0; - } else { - // we've got all the data we need to skip - size -= toskip; - bufferstart = (int) ((bufferstart + toskip) % BUFFERSIZE); - } - } - - // skipped the full amount - return n; - } -} - diff --git a/java/CyrusSasl/SaslOutputStream.java b/java/CyrusSasl/SaslOutputStream.java deleted file mode 100644 index 558ab57e..00000000 --- a/java/CyrusSasl/SaslOutputStream.java +++ /dev/null @@ -1,109 +0,0 @@ -package CyrusSasl; - -import java.io.*; - -public class SaslOutputStream extends OutputStream -{ - static final boolean DoEncrypt = true; - static final boolean DoDebug = false; - - private static int MAXBUFFERSIZE=1000; - private GenericCommon conn; - OutputStream out; - - private byte[] buffer=new byte[MAXBUFFERSIZE]; - private int buffersize=0; - - public SaslOutputStream(OutputStream out, GenericCommon conn) - { - if (DoDebug) { - System.err.println("DEBUG constructing SaslOutputStream"); - } - this.conn=conn; - this.out=out; - } - - private void write_if_size() throws IOException - { - if (DoDebug) { - System.err.println("DEBUG write_if_size(): buffersize " + - buffersize); - } - if ( buffersize >=MAXBUFFERSIZE) - flush(); - } - - public synchronized void write(int b) throws IOException - { - buffer[buffersize]=(byte) b; - buffersize++; - write_if_size(); - } - - public synchronized void write(byte b[]) throws IOException - { - write(b,0,b.length); - } - - public synchronized void write(byte b[], - int off, - int len) throws IOException - { - if (DoDebug) { - System.err.println("DEBUG writing() len " + len); - } - if (len+buffersize < MAXBUFFERSIZE) { - for (int lup=0;lup 0; count--) - { - a = buf[i++]; - b = buf[i++]; - c = buf[i++]; - buffer.append(enc_table[(a >>> 2) & 0x3F]); - buffer.append(enc_table[((a << 4) & 0x30) + ((b >>> 4) & 0xf)]); - buffer.append(enc_table[((b << 2) & 0x3c) + ((c >>> 6) & 0x3)]); - buffer.append(enc_table[c & 0x3F]); - - /* if (i != 0 && i%57 == 0) - buffer.append("\r\n");*/ - } - - if (delta == 1) - { - a = buf[i++]; - buffer.append(enc_table[(a >>> 2) & 0x3F]); - buffer.append(enc_table[((a << 4) & 0x30)]); - buffer.append('='); - buffer.append('='); - } - if (delta == 2) - { - a = buf[i++]; - b = buf[i++]; - buffer.append(enc_table[(a >>> 2) & 0x3F]); - buffer.append(enc_table[((a << 4) & 0x30) + ((b >>> 4) & 0xf)]); - buffer.append(enc_table[((b << 2) & 0x3c)]); - buffer.append('='); - } - - /*buffer.append("\r\n");*/ - return buffer.toString(); - } - - /** - * Base 64 Encodes a String in String form - * - * @param s String to be encoded - * - * @return the encoded value in string form - */ - - public static String encode64( String s ) - { - return encode64( s.getBytes() ); - } - - - /** - * Base 64 Decodes a byte[] string - * Ignores trailing whitespace and newlines - * - * @param buf buffer to be decoded - * - * @return the decoded value in byte[] form - */ - - - public static byte[] - decode64( byte buf[] ) - { - int padCount = 0; - int i, len = buf.length; - int real_len = 0; - - for (i=len-1; i >= 0; --i) - { - if (buf[i] > ' ') - real_len++; - - if (buf[i] == 0x3D) - padCount++; - } - - // Hmm - should this be a "bad format MIME" exception instead? - if (real_len%4 != 0) - throw new IllegalArgumentException("Length not a multiple of 4"); - - int ret_len = (real_len/4)*3 - padCount; - byte ret[] = new byte[ret_len]; - - i = 0; - byte[] t = new byte[4]; - int output_index = 0; - int j = 0; - t[0] = t[1] = t[2] = t[3] = 61; // Ascii = - while (i < len) - { - byte c = buf[i++]; - if (c > ' ') - t[j++] = c; - - if (j == 4) - { - output_index += decode64(ret, output_index, t[0], t[1], t[2], t[3]); - j = 0; - t[0] = t[1] = t[2] = t[3] = 61; // Ascii = - } - } - if (j > 0) - decode64(ret, output_index, t[0], t[1], t[2], t[3]); - - return ret; - } - - /** - * Base 64 Decodes a String - * Ignores trailing whitespace and newlines - * - * @param msg String to be decoded - * - * @return the decoded value in byte[] form - */ - - public static byte[] decode64( String msg ) - { - return decode64( msg.getBytes()); - } - - // Returns the number of bytes converted - private static int - decode64( byte ret[], int ret_off, byte a, byte b, byte c, byte d ) - { - byte da = dec_table[a]; - byte db = dec_table[b]; - byte dc = dec_table[c]; - byte dd = dec_table[d]; - - if (da == -1 || db == -1 || (dc == -1 && c != 0x3d) || (dd == -1 && d != 0x3d)) - throw new IllegalArgumentException("Invalid character ["+a+", "+b+", "+c+", "+d+"]"); - - ret[ret_off++] = (byte)(da << 2 | db >>> 4); - if (c == 0x3d) // Ascii = - return 1; - ret[ret_off++] = (byte)(db << 4 | dc >>> 2); - if (d == 0x3d) // Ascii = - return 2; - ret[ret_off++] = (byte)(dc << 6 | dd); - return 3; - } - - -} diff --git a/java/CyrusSasl/ServerFactory.java b/java/CyrusSasl/ServerFactory.java deleted file mode 100644 index 1ce7236f..00000000 --- a/java/CyrusSasl/ServerFactory.java +++ /dev/null @@ -1,105 +0,0 @@ -package CyrusSasl; - -import java.util.Hashtable; -import javax.security.auth.callback.*; - -class ServerFactory implements SaslServerFactory -{ - private int localptr = 0; - - /* JNI functions */ - private native int jni_sasl_server_init(String appname); - private native int jni_sasl_server_new(String service, - String local_domain, - int secflags); - - - public ServerFactory() - { - /* these parameters aren't needed for getting mech list */ - localptr = jni_sasl_server_new("foo", "bar", 0); - } - - private boolean init(String appname) - { - /* load library */ - try { - System.loadLibrary("javasasl"); - } catch (UnsatisfiedLinkError e) { - /* xxx */ - System.out.println("Unable to load javasasl library"); - } - - jni_sasl_server_init(appname); - - return true; - } - - { - init("javasasl application"); - } - - public SaslServer createSaslServer(String mechanism, - String protocol, - String serverName, - Hashtable props, - javax.security.auth.callback.CallbackHandler cbh) - throws SaslException - { - int cptr; - - cptr = jni_sasl_server_new(protocol, - serverName, - 0); - - if (cptr == 0) { - throw new SaslException("Unable to create new Client connection object", - new Throwable()); - } - - return new GenericServer(cptr,mechanism,props,cbh); - } - - private native String jni_sasl_server_getlist(int ptr, String prefix, - String sep, String suffix); - - public String[] getMechanismNames() - { - if (localptr == 0) - localptr = jni_sasl_server_new("foo", - "bar", - 0); - - String list = jni_sasl_server_getlist(localptr, "", - "\n","\n"); - - /* count newlines */ - int newlines = 0; - int pos =0; - - while (pos < list.length()) { - if (list.charAt(pos)=='\n') - newlines++; - pos++; - } - - String[]ret = new String[newlines]; - - int num =0; - pos =0; - String temp=""; - - while (pos < list.length()) { - if (list.charAt(pos)=='\n') { - ret[num++]=temp; - temp=new String(""); - } else { - temp+=list.charAt(pos); - } - pos++; - } - - return ret; - } - -} diff --git a/java/CyrusSasl/javasasl.c b/java/CyrusSasl/javasasl.c deleted file mode 100644 index fcdac2df..00000000 --- a/java/CyrusSasl/javasasl.c +++ /dev/null @@ -1,930 +0,0 @@ -/* javasasl.c--Java SASL JNI implementation - * Tim Martin - */ -/*********************************************************** - Copyright 1998 by Carnegie Mellon University - - All Rights Reserved - -Permission to use, copy, modify, and distribute this software and its -documentation for any purpose and without fee is hereby granted, -provided that the above copyright notice appear in all copies and that -both that copyright notice and this permission notice appear in -supporting documentation, and that the name of Carnegie Mellon -University not be used in advertising or publicity pertaining to -distribution of the software without specific, written prior -permission. - -CARNEGIE MELLON UNIVERSITY DISCLAIMS ALL WARRANTIES WITH REGARD TO -THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND -FITNESS, IN NO EVENT SHALL CARNEGIE MELLON UNIVERSITY BE LIABLE FOR -ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES -WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN -ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT -OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. -******************************************************************/ - -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include - -#include "javasasl.h" - -#define VL(x) /* printf x */ - -static JNIEnv *globalenv; -static jobject globalobj; - -static int setcomplete(JNIEnv *env, jobject obj); - -static void throwexception(JNIEnv *env, int error) -{ - jclass newExcCls; - - VL (("Throwing exception!\n")); - - newExcCls = (*env)->FindClass(env, "CyrusSasl/SaslException"); - - if (newExcCls == 0) { - return; - } - - (*env)->ThrowNew(env, newExcCls, sasl_errstring(error,NULL,NULL)); -} - -/* server init */ - -JNIEXPORT jint JNICALL Java_CyrusSasl_ServerFactory_jni_1sasl_1server_1init - (JNIEnv *env, - jobject obj __attribute__((unused)), - jstring jstr) -{ - /* Obtain a C-copy of the Java string */ - const char *str = (*env)->GetStringUTFChars(env, jstr, 0); - int result; - - result=sasl_server_init(NULL,str); - if (result!=SASL_OK) - throwexception(env,result); - - /* Now we are done with str */ - (*env)->ReleaseStringUTFChars(env, jstr, str); - - return result; -} - -static int -log(void *context __attribute__((unused)), - int priority, - const char *message) -{ - const char *label; - jstring jlabel, jmessage; - jclass cls; - jmethodID mid; - - if (! message) - return SASL_BADPARAM; - - switch (priority) { - case SASL_LOG_ERR: - label = "Error"; - break; - case SASL_LOG_WARN: - label = "Warning"; - break; - case SASL_LOG_NOTE: - label = "Note"; - break; - case SASL_LOG_FAIL: - label = "Fail"; - break; - case SASL_LOG_PASS: - label = "Pass"; - break; - case SASL_LOG_TRACE: - label = "Trace"; - break; - case SASL_LOG_DEBUG: - label = "Debug"; - break; - default: - return SASL_BADPARAM; - } - - VL(("I have message %s\n",message)); - VL(("Trying to call log callback\n")); - cls = (*globalenv)->GetObjectClass(globalenv, globalobj); - mid = (*globalenv)->GetMethodID(globalenv, cls, "callback_log", - "(Ljava/lang/String;Ljava/lang/String;)V"); - if (mid == 0) { - return SASL_FAIL; - } - - /* make label into a java string */ - jlabel= (*globalenv)->NewStringUTF(globalenv,label); - - /* make message into a java string */ - jmessage= (*globalenv)->NewStringUTF(globalenv,message); - - /* call java */ - (*globalenv)->CallVoidMethod(globalenv, globalobj, mid, - jlabel, jmessage); - - /* Now we are done with jlabel */ - (*globalenv)->ReleaseStringUTFChars(globalenv, jlabel, label); - - /* Now we are done with jmessage */ - (*globalenv)->ReleaseStringUTFChars(globalenv, jmessage, message); - - VL(("done with log callback")); - - return SASL_OK; -} - -static sasl_callback_t callbacks[] = { - { - SASL_CB_LOG, &log, NULL - }, { - SASL_CB_PASS, NULL, NULL - }, { - SASL_CB_USER, NULL, NULL /* we'll handle these ourselves */ - }, { - SASL_CB_AUTHNAME, NULL, NULL /* we'll handle these ourselves */ - }, { - /* TODO - SASL_CB_ECHOPROMPT, &prompt, NULL - }, { - SASL_CB_NOECHOPROMPT, &prompt, NULL - }, { */ - SASL_CB_LIST_END, NULL, NULL - } -}; - -/* client init */ -JNIEXPORT jint JNICALL Java_CyrusSasl_ClientFactory_jni_1sasl_1client_1init - (JNIEnv *env, - jobject obj __attribute__((unused)), - jstring jstr) -{ - /* Obtain a C-copy of the Java string */ - const char *str = (*env)->GetStringUTFChars(env, jstr, 0); - int result; - - VL(("client initing\n")); - - result=sasl_client_init(callbacks); - if (result!=SASL_OK) - throwexception(env,result); - - /* Now we are done with str */ - (*env)->ReleaseStringUTFChars(env, jstr, str); - - return result; -} - -/* server new */ - -JNIEXPORT jint JNICALL Java_CyrusSasl_ServerFactory_jni_1sasl_1server_1new - (JNIEnv *env, - jobject obj __attribute__((unused)), - jstring jservice, - jstring jlocal, - jint jsecflags) -{ - sasl_conn_t *conn; - - const char *service = (*env)->GetStringUTFChars(env, jservice, 0); - const char *local_domain = (*env)->GetStringUTFChars(env, jlocal, 0); - const char *user_domain = NULL; - int result; - - if (local_domain) { - VL(("local domain = %s\n",local_domain)); - } - if (user_domain) { - VL(("user domain = %s\n",user_domain)); - } - - result=sasl_server_new(service, local_domain, user_domain, - NULL, NULL, NULL, jsecflags, &conn); - if (result!=SASL_OK) - throwexception(env,result); - - /* Now we are done with str */ - (*env)->ReleaseStringUTFChars(env, jservice, service); - (*env)->ReleaseStringUTFChars(env, jlocal, local_domain); - - return (jint) conn; -} - - -JNIEXPORT jint JNICALL JNICALL Java_CyrusSasl_ClientFactory_jni_1sasl_1client_1new - (JNIEnv *env, - jobject obj __attribute__((unused)), - jstring jservice, jstring jserver, jint jsecflags, jboolean successdata) -{ - sasl_conn_t *conn; - - const char *service = (*env)->GetStringUTFChars(env, jservice, 0); - const char *serverFQDN = (*env)->GetStringUTFChars(env, jserver, 0); - int result; - - result=sasl_client_new(service, serverFQDN, NULL, NULL, NULL, - jsecflags | (successdata ? SASL_SUCCESS_DATA : 0), - &conn); - - if (result!=SASL_OK) - throwexception(env,result); - - /* Now we are done with str */ - (*env)->ReleaseStringUTFChars(env, jservice, service); - (*env)->ReleaseStringUTFChars(env, jserver, serverFQDN); - - return (jint) conn; -} - -/* server start */ - -JNIEXPORT jbyteArray JNICALL Java_CyrusSasl_GenericServer_jni_1sasl_1server_1start - (JNIEnv *env, - jobject obj __attribute__((unused)), - jint ptr, jstring jstr, jbyteArray jarr, jint jlen) -{ - sasl_conn_t *conn; - const char *mech = (*env)->GetStringUTFChars(env, jstr, 0); - const char *out; - unsigned int outlen; - int result; - jbyteArray arr; - char *tmp; - char *in=NULL; - - VL(("in server start\n")); - - if (jarr!=NULL) - in = (*env)->GetByteArrayElements(env, jarr, 0); - - conn=(sasl_conn_t *) ptr; - - result=sasl_server_start(conn, mech, - (const char *) in, jlen, - &out, &outlen); - - if ((result!=SASL_OK) && (result!=SASL_CONTINUE)) - { - - throwexception(env,result); - return NULL; - } - - /* Because SASLv2 does not allow for persistance, we'll copy - * it here */ - tmp = malloc(outlen); - if(!tmp) { - throwexception(env, SASL_NOMEM); - return NULL; - } - - memcpy(tmp, out, outlen); - - arr=(*env)->NewByteArray(env,outlen); - (*env)->SetByteArrayRegion(env,arr, 0, outlen, (char *)tmp); - - return arr; -} - - -static int getvalue(JNIEnv *env, jobject obj, char *funcname, char **result, int *len) -{ - jclass cls; - jmethodID mid; - const char *str; - jstring jstr; - - /* set up for java callback */ - cls = (*env)->GetObjectClass(env, obj); - mid = (*env)->GetMethodID(env, cls, funcname, - "(I)Ljava/lang/String;"); - if (mid == 0) { - VL(("Can't find %s callback!!!\n",funcname)); - return SASL_FAIL; - } - - VL(("do the callback\n")); - jstr = (jstring) (*env)->CallObjectMethod(env, obj, mid); - - if (jstr) { - VL(("convert the result string into a char *\n")); - str = (*env)->GetStringUTFChars(env, jstr, 0); - - /* copy password into the result */ - *result=(char *) malloc( strlen(str)); - strcpy(*result, str); - *len=strlen(str); - - /* Now we are done with str */ - (*env)->ReleaseStringUTFChars(env, jstr, str); - } else { - *result = NULL; - *len = 0; - } - - return SASL_OK; -} - -static int callall_callbacks(JNIEnv *env, jobject obj, - int calluid,int callaid, - int callpass,int callrealm) -{ - jclass cls; - jmethodID mid; - - /* set up for java callback */ - cls = (*env)->GetObjectClass(env, obj); - mid = (*env)->GetMethodID(env, cls, "do_callbacks", "(IIII)V"); - if (mid == 0) { - VL(("Can't find do_callbacks callback!!!\n")); - return SASL_FAIL; - } - - /* do the callback */ - (*env)->CallVoidMethod(env, obj, mid,calluid,callaid,callpass,callrealm); - - VL(("callall_callbacks worked\n")); - return SASL_OK; -} - -/* - * Fills in all the prompts by doing callbacks to java - * returns SASL_INTERACT on sucess - */ - -static int fillin_interactions(JNIEnv *env, jobject obj, - sasl_interact_t *tlist) -{ - sasl_interact_t *ptr=tlist; - sasl_interact_t *uid=NULL; int is_uid = 0; - sasl_interact_t *aid=NULL; int is_aid = 0; - sasl_interact_t *pass=NULL;int is_pass = 0; - sasl_interact_t *realm=NULL; int is_realm = 0; - - /* First go through the prompt list to see what we have */ - while (ptr->id!=SASL_CB_LIST_END) - { - if (ptr->id==SASL_CB_PASS) - { pass=ptr; is_pass = 1; } - if (ptr->id==SASL_CB_AUTHNAME) - { aid=ptr; is_aid = 1; } - if (ptr->id==SASL_CB_USER) - { uid=ptr; is_uid = 1; } - if (ptr->id==SASL_CB_GETREALM) - { realm = ptr; is_realm = 1; } - ptr->result=NULL; - - /* increment to next sasl_interact_t */ - ptr++; - } - - callall_callbacks(env,obj,is_uid,is_aid,is_pass,is_realm); - - if (is_pass) { - VL(("in is_pass\n")); - - getvalue(env,obj,"get_password",(char **) &(pass->result),(int *) &(pass->len)); - } - if (is_aid) { - VL(("in is_aid\n")); - - getvalue(env,obj,"get_authid",(char **) &(aid->result),(int *) &(aid->len)); - } - if (is_uid) { - VL(("in is_uid\n")); - - getvalue(env,obj,"get_userid",(char **) &(uid->result),(int *) &(uid->len)); - } - if (is_realm) { - VL(("in is_realm\n")); - - getvalue(env,obj,"get_realm",(char **) &(realm->result),(int *) &(realm->len)); - } - - /* everything should now be filled in (i think) */ - VL(("everything should now be filled in (i think)\n")); - - return SASL_INTERACT; -} - -/* client start */ - -JNIEXPORT jbyteArray JNICALL Java_CyrusSasl_GenericClient_jni_1sasl_1client_1start(JNIEnv *env, jobject obj, jint ptr, jstring jstr) -{ - sasl_conn_t *conn=(sasl_conn_t *) ptr; - const char *mechlist = (*env)->GetStringUTFChars(env, jstr, 0); - const char *out; - unsigned int outlen=0; - const char *mechusing; - int result; - sasl_interact_t *client_interact=NULL; - char *tmp; - jbyteArray arr; - jstring jmechusing; - jclass cls; - jmethodID mid; - - VL(("sasl_start")); - - do { - - result=sasl_client_start(conn, mechlist, - &client_interact, - &out, - &outlen, - &mechusing); - - if (result==SASL_INTERACT) { - int res2 = fillin_interactions(env,obj,client_interact); - } - - } while (result==SASL_INTERACT); - - /* ok release mechlist */ - (*env)->ReleaseStringUTFChars(env, jstr, mechlist); - - if ((result!=SASL_OK) && (result!=SASL_CONTINUE)) - { - throwexception(env,result); - return NULL; - } - - /* tell the java layer what mechanism we're using */ - - /* set up for java callback */ - cls = (*env)->GetObjectClass(env, obj); - mid = (*env)->GetMethodID(env, cls, "callback_setmechanism", - "(Ljava/lang/String;I)V"); - if (mid == 0) { - throwexception(env,SASL_FAIL); - return NULL; - } - - VL(("mechusing=%s\n",mechusing)); - - /* make into mech */ - jmechusing= (*env)->NewStringUTF(env,mechusing); - - /* do the callback */ - (*env)->CallVoidMethod(env, obj, mid,jmechusing); - - /* Because SASLv2 does not allow for persistance, we'll copy - * it here */ - tmp = malloc(outlen); - if(!tmp) { - throwexception(env, SASL_NOMEM); - return NULL; - } - - memcpy(tmp, out, outlen); - - arr=(*env)->NewByteArray(env,outlen); - (*env)->SetByteArrayRegion(env,arr, 0, outlen, (char *)tmp); - - return arr; -} - -/* server step */ - -JNIEXPORT jbyteArray JNICALL Java_CyrusSasl_GenericServer_jni_1sasl_1server_1step - - (JNIEnv *env, - jobject obj __attribute__((unused)), - jint ptr, jbyteArray jarr, jint jlen) -{ - sasl_conn_t *conn=(sasl_conn_t *) ptr; - int result; - const char *out; - unsigned int outlen; - jbyteArray arr; - char *in = NULL; - char *tmp; - - if (jlen > 0) - in = (*env)->GetByteArrayElements(env, jarr, 0); - - result=sasl_server_step(conn, (const char *) in, jlen, - &out, &outlen); - - if ((result!=SASL_OK) && (result!=SASL_CONTINUE)) - { - VL (("Throwing exception! %d\n",result)); - /* throw exception */ - throwexception(env,result); - return NULL; - } - - if (result == SASL_OK) { - setcomplete(env,obj); - } - - if (jlen > 0) - (*env)->ReleaseByteArrayElements(env, jarr,in ,0); - - /* Because SASLv2 does not allow for persistance, we'll copy - * it here */ - tmp = malloc(outlen); - if(!tmp) { - throwexception(env, SASL_NOMEM); - return NULL; - } - - memcpy(tmp, out, outlen); - - arr=(*env)->NewByteArray(env,outlen); - (*env)->SetByteArrayRegion(env,arr, 0, outlen, (char *)tmp); - - return arr; -} - - -/* - * Tell client we're done - */ -static int setcomplete(JNIEnv *env, jobject obj) -{ - jclass cls; - jmethodID mid; - - VL (("Complete!\n")); - - /* set up for java callback */ - cls = (*env)->GetObjectClass(env, obj); - mid = (*env)->GetMethodID(env, cls, "setcomplete", - "(I)V"); - if (mid == 0) { - VL(("Can't find do_callbacks callback!!!\n")); - return SASL_FAIL; - } - - /* do the callback */ - (*env)->CallVoidMethod(env, obj, mid, 5); - - return SASL_OK; -} - -/* client step */ - -JNIEXPORT jbyteArray JNICALL Java_CyrusSasl_GenericClient_jni_1sasl_1client_1step - (JNIEnv *env, jobject obj, jint ptr, jbyteArray jarr, jint jlen) -{ - sasl_conn_t *conn=(sasl_conn_t *) ptr; - /* const char *in = (*env)->GetStringUTFChars(env, jstr, 0);*/ - int result; - sasl_interact_t *client_interact=NULL; - const char *out; - unsigned int outlen; - jbyteArray arr; - char *in; - char *tmp; - - VL(("in client step\n")); - - if (jarr) { - in = (*env)->GetByteArrayElements(env, jarr, 0); - in[jlen]=0; - } else { - assert(jlen == 0); - in = NULL; - } - - VL(("in client step 2\n")); - - globalenv=env; - globalobj=obj; - - do { - result=sasl_client_step(conn, (const char *) in, jlen, - &client_interact, - &out, &outlen); - - VL(("in client step 3\n")); - - if (result==SASL_INTERACT) { - result = fillin_interactions(env,obj,client_interact); - } - } while (result==SASL_INTERACT); - - if ((result!=SASL_OK) && (result!=SASL_CONTINUE)) { - /* throw exception */ - VL (("Throwing exception %d\n",result)); - throwexception(env,result); - return NULL; - } - - if (result == SASL_OK) { - VL (("Setting complete\n")); - setcomplete(env,obj); - } - - if (jarr) { - VL(("about to releasebytearrayelements\n")); - (*env)->ReleaseByteArrayElements(env, jarr,in ,0); - } - - /* Because SASLv2 does not allow for persistance, we'll copy - * it here */ - tmp = malloc(outlen); - if(!tmp) { - throwexception(env, SASL_NOMEM); - return NULL; - } - - VL(("in client step 4\n")); - - memcpy(tmp, out, outlen); - - arr=(*env)->NewByteArray(env,outlen); - (*env)->SetByteArrayRegion(env,arr, 0, outlen, (char *)tmp); - - VL(("returning arr\n")); - return arr; -} - - -JNIEXPORT void JNICALL Java_CyrusSasl_GenericCommon_jni_1sasl_1set_1prop_1string - (JNIEnv *env, - jobject obj __attribute__((unused)), - jint ptr, jint propnum, jstring val) -{ - sasl_conn_t *conn=(sasl_conn_t *) ptr; - const char *value = (*env)->GetStringUTFChars(env, val, 0); - - int result=sasl_setprop(conn, propnum, value); - - if (result!=SASL_OK) - throwexception(env,result); -} - - -JNIEXPORT void JNICALL Java_CyrusSasl_GenericCommon_jni_1sasl_1set_1prop_1int - (JNIEnv *env, - jobject obj __attribute__((unused)), - jint ptr, jint propnum, jint jval) -{ - - sasl_conn_t *conn=(sasl_conn_t *) ptr; - int value=jval; - int result; - - VL(("sasl conn = %d\n",conn)); - VL (("propnum = %d\n",propnum)); - - result=sasl_setprop(conn, propnum, &value); - - VL (("setprop returned %d\n",result)); - - if (result!=SASL_OK) - throwexception(env,result); -} -JNIEXPORT void JNICALL Java_CyrusSasl_GenericCommon_jni_1sasl_1set_1prop_1bytes - (JNIEnv *env, - jobject obj __attribute__((unused)), - jint ptr, jint propnum, jbyteArray jarr) -{ - char *value = (*env)->GetByteArrayElements(env, jarr, 0); - sasl_conn_t *conn=(sasl_conn_t *) ptr; - int result; - - result=sasl_setprop(conn, propnum, value); - if (result!=SASL_OK) - throwexception(env,result); - -} - -/* encode */ -JNIEXPORT jbyteArray JNICALL Java_CyrusSasl_GenericCommon_jni_1sasl_1encode - (JNIEnv *env, - jobject obj __attribute__((unused)), - jint ptr, - jbyteArray jarr, jint jlen) -{ - sasl_conn_t *conn=(sasl_conn_t *) ptr; - char *in = (*env)->GetByteArrayElements(env, jarr, 0); - const char *out; - unsigned int outlen; - char *tmp; - int result; - jbyteArray arr; - - result=sasl_encode(conn,(const char *) in, jlen, &out, &outlen); - if (result!=SASL_OK) - throwexception(env,result); - - /* Because SASLv2 does not allow for persistance, we'll copy - * it here */ - tmp = malloc(outlen); - if(!tmp) { - throwexception(env, SASL_NOMEM); - return NULL; - } - - memcpy(tmp, out, outlen); - - arr=(*env)->NewByteArray(env,outlen); - (*env)->SetByteArrayRegion(env,arr, 0, outlen, (char *)tmp); - - return arr; -} - -/* decode */ -JNIEXPORT jbyteArray JNICALL Java_CyrusSasl_GenericCommon_jni_1sasl_1decode - (JNIEnv *env, - jobject obj __attribute__((unused)), - jint ptr, jbyteArray jarr, jint jlen) -{ - - sasl_conn_t *conn=(sasl_conn_t *) ptr; - char *in = (*env)->GetByteArrayElements(env, jarr, 0); - const char *out; - unsigned int outlen=9; - char *tmp; - int inlen=jlen; - int result; - jbyteArray arr; - - result=sasl_decode(conn, (const char *) in, inlen, &out, &outlen); - if (result!=SASL_OK) - throwexception(env,result); - - - /* Because SASLv2 does not allow for persistance, we'll copy - * it here */ - tmp = malloc(outlen); - if(!tmp) { - throwexception(env, SASL_NOMEM); - return NULL; - } - - memcpy(tmp, out, outlen); - - arr=(*env)->NewByteArray(env,outlen); - (*env)->SetByteArrayRegion(env,arr, 0, outlen, (char *)tmp); - - (*env)->ReleaseByteArrayElements(env, jarr, in,0); - - return arr; - -} - -/*JNIEXPORT jbyteArray JNICALL Java_sasl_saslServerConn_jni_1sasl_1server_1decode - (JNIEnv *env, jobject obj, jint ptr, jbyteArray in, jint inlen) -{ - return Java_sasl_saslClientConn_jni_1sasl_1client_1decode(env,obj,ptr,in,inlen); - }*/ - -JNIEXPORT void JNICALL Java_CyrusSasl_CommonConn_jni_1sasl_1dispose - (JNIEnv *env __attribute__((unused)), - jobject obj __attribute__((unused)), - jint ptr) -{ - sasl_conn_t *conn=(sasl_conn_t *) ptr; - - sasl_dispose(&conn); - -} - -JNIEXPORT jstring JNICALL Java_CyrusSasl_ServerFactory_jni_1sasl_1server_1getlist - (JNIEnv *env, - jobject obj __attribute__((unused)), - jint ptr, jstring jpre, jstring jsep, jstring jsuf) -{ - sasl_conn_t *conn=(sasl_conn_t *) ptr; - const char *pre = (*env)->GetStringUTFChars(env, jpre, 0); - const char *sep = (*env)->GetStringUTFChars(env, jsep, 0); - const char *suf = (*env)->GetStringUTFChars(env, jsuf, 0); - const char *list; - unsigned int plen; - jstring ret; - - int result=sasl_listmech(conn, NULL, pre, sep, suf, &list, &plen, NULL); - - if (result!=SASL_OK) - { - throwexception(env,result); - return NULL; - } - - ret= (*env)->NewStringUTF(env,list); - if (ret==NULL) - throwexception(env, -1); - - return ret; -} - -JNIEXPORT void JNICALL Java_CyrusSasl_GenericCommon_jni_1sasl_1set_1server - (JNIEnv *env, - jobject obj __attribute__((unused)), - jint ptr, jbyteArray jarr, jint jport) -{ - sasl_conn_t *conn=(sasl_conn_t *) ptr; - unsigned char *ip = (*env)->GetByteArrayElements(env, jarr, 0); - char out[52]; - int result; - - sprintf(out, "%d.%d.%d.%d;%d", ip[0], ip[1], ip[2], ip[3], (int)jport); - - result=sasl_setprop(conn, SASL_IPREMOTEPORT, out); - - VL(("Set IP_REMOTE: %s: %d\n",out, result)); - - /* if not set throw an exception */ - if (result!=SASL_OK) - throwexception(env,result); -} - - - -JNIEXPORT void JNICALL Java_CyrusSasl_GenericCommon_jni_1sasl_1set_1client - (JNIEnv *env, - jobject obj __attribute__((unused)), - jint ptr, jbyteArray jarr, jint jport) -{ - sasl_conn_t *conn=(sasl_conn_t *) ptr; - unsigned char *ip = (*env)->GetByteArrayElements(env, jarr, 0); - char out[52]; - int result; - - sprintf(out, "%d.%d.%d.%d;%d", ip[0], ip[1], ip[2], ip[3], (int)jport); - - result=sasl_setprop(conn, SASL_IPLOCALPORT, out); - - VL(("Set IP_LOCAL: %s: %d\n",out, result)); - - /* if not set throw and exception */ - if (result!=SASL_OK) - throwexception(env,result); -} - -/* allocate a secprops structure */ - -static sasl_security_properties_t *make_secprops(int min,int max) -{ - sasl_security_properties_t *ret=(sasl_security_properties_t *) - malloc(sizeof(sasl_security_properties_t)); - - ret->maxbufsize=1024; - ret->min_ssf=min; - ret->max_ssf=max; - - ret->security_flags=0; - ret->property_names=NULL; - ret->property_values=NULL; - - return ret; -} - - -JNIEXPORT void JNICALL Java_CyrusSasl_GenericCommon_jni_1sasl_1setSecurity - (JNIEnv *env, - jobject obj __attribute__((unused)), - jint ptr, jint minssf, jint maxssf) -{ - int result=SASL_FAIL; - sasl_conn_t *conn=(sasl_conn_t *) ptr; - sasl_security_properties_t *secprops=NULL; - - /* set sec props */ - secprops=make_secprops(minssf,maxssf); - - if (secprops!=NULL) - result=sasl_setprop(conn, SASL_SEC_PROPS, secprops); - - /* if not set throw and exception */ - if (result!=SASL_OK) - throwexception(env,result); -} - -JNIEXPORT jint JNICALL Java_CyrusSasl_GenericCommon_jni_1sasl_1getSecurity - (JNIEnv *env, - jobject obj __attribute__((unused)), - jint ptr) -{ - int r = SASL_FAIL; - sasl_conn_t *conn = (sasl_conn_t *) ptr; - int *ssfp; - - r = sasl_getprop(conn, SASL_SSF, (const void **) &ssfp); - if (r != SASL_OK) { - throwexception(env, r); - } - - return *ssfp; -} - - diff --git a/java/Makefile.am b/java/Makefile.am deleted file mode 100644 index 849f9423..00000000 --- a/java/Makefile.am +++ /dev/null @@ -1,27 +0,0 @@ -# Makefile.am for the Java SASL library -# Rob Earhart -# -################################################################ -# Copyright 1998 by Carnegie Mellon University -# -# All Rights Reserved -# -#Permission to use, copy, modify, and distribute this software and its -#documentation for any purpose and without fee is hereby granted, -#provided that the above copyright notice appear in all copies and that -#both that copyright notice and this permission notice appear in -#supporting documentation, and that the name of Carnegie Mellon University -#not be used in advertising or publicity pertaining to distribution of the -#software without specific, written prior permission. -# -#CARNEGIE MELLON UNIVERSITY DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS -#SOFTWARE, INCLUDING #ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, -#IN NO EVENT SHALL CARNEGIE MELLON UNIVERSITY BE LIABLE FOR ANY SPECIAL, -#INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM -#LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE -#OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR -#PERFORMANCE OF THIS SOFTWARE. -################################################################ - -SUBDIRS = CyrusSasl javax Test -EXTRA_DIST = doc diff --git a/java/README b/java/README deleted file mode 100644 index 123db7d4..00000000 --- a/java/README +++ /dev/null @@ -1,37 +0,0 @@ -4-Nov-2000 - -after a "make install" -class files are installed in - -$(prefix)/lib/java/classes/sasl - -to compile programs using it, do: - -javac -classpath /usr/java/lib/classes.zip:/usr/local/lib/java/classes/sasl .java - -(make sure to substitute your JDK for /usr/java/lib/classes.zip) - -to run, do - -java -classpath - ----------------------------- -This is a java version of the SASL libraries. It supports all the -mechanisms in the C version and conforms to the internet draft in the -doc/ directory. JNI is used. - -Sample applications exist in the Test/ directory. - -They generally can be run with something like: - -java -debug -classpath -../:/usr/java/lib/classes.zip:/usr/obj/sasl/java/:. jimtest -p 2143 -m -KERBEROS_V4 cyrus-dev - -and - -java -debug -classpath -../:/usr/java/lib/classes.zip:/usr/obj/sasl/java/:. testserver - - -Any feedback is welcome. \ No newline at end of file diff --git a/java/Test/.cvsignore b/java/Test/.cvsignore deleted file mode 100644 index 13bb78db..00000000 --- a/java/Test/.cvsignore +++ /dev/null @@ -1,5 +0,0 @@ -Makefile.in -Makefile -.deps -.libs -*.l[ao] diff --git a/java/Test/Handler.java b/java/Test/Handler.java deleted file mode 100644 index de222eff..00000000 --- a/java/Test/Handler.java +++ /dev/null @@ -1,111 +0,0 @@ - -import java.io.*; -import javax.security.auth.callback.*; - -class Handler implements javax.security.auth.callback.CallbackHandler{ - - String authid; - String userid; - String password; - String realm; - - public Handler() - { - - } - - public Handler(String authid, String userid, String password, String realm) - { - this.authid = authid; - this.userid = userid; - this.password = password; - this.realm = realm; - } - - - - private String getinput(String prompt) - { - System.out.println(prompt); - System.out.print(">"); - - String result=""; - - try { - int c; - do { - c = System.in.read(); - if (c!='\n') - result+=(char)c; - } while (c!='\n'); - - System.out.println("res = "+result); - } catch (IOException e) { - - } - - return result; - } - - private void getauthid(NameCallback c) - { - if (authid!=null) { - c.setName(authid); - return; - } - - /* authid = System.getProperty("user.name"); - if (authid!=null) { - c.setName(authid); - return; - } */ - - c.setName( getinput(c.getPrompt())); - } - - private void getpassword(PasswordCallback c) - { - if (password!=null) { - c.setPassword(password.toCharArray()); - return; - } - - c.setPassword( (getinput("Enter password")).toCharArray()); - } - - private void getrealm(RealmCallback c) - { - if (realm!=null) { - c.setRealm(realm); - return; - } - - c.setRealm( getinput(c.getPrompt()) ); - } - - public void invokeCallback(Callback[] callbacks) - throws java.io.IOException, UnsupportedCallbackException - { - for (int lup=0;lup"); - - String result=""; - - try { - int c; - do { - c = System.in.read(); - if (c!='\n') - result+=(char)c; - } while (c!='\n'); - - System.out.println("res = "+result); - } catch (IOException e) { - - } - - return result; - } - - private void getauthid(NameCallback c) - { - if (authid!=null) { - c.setName(authid); - return; - } - - /* authid = System.getProperty("user.name"); - if (authid!=null) { - c.setName(authid); - return; - } */ - - c.setName( getinput(c.getPrompt())); - } - - private void getpassword(PasswordCallback c) - { - if (password!=null) { - c.setPassword(password.toCharArray()); - return; - } - - c.setPassword( (getinput("Enter password")).toCharArray()); - } - - private void getrealm(RealmCallback c) - { - if (realm!=null) { - c.setRealm(realm); - return; - } - - c.setRealm( getinput(c.getPrompt()) ); - } - - public void invokeCallback(Callback[] callbacks) - throws java.io.IOException, UnsupportedCallbackException - { - for (int lup=0;lup0) { - - /* read from keyboard */ - arr = new byte[len+1]; - System.in.read(arr,0,len); - - if (arr[len-1]=='\n') { - arr[len-1]= (byte) '\r'; - arr[len]= (byte) '\n'; - } - - /* write out to stream */ - saslout.write(arr); - saslout.flush(); - - } else if ((len = saslin.available())>0) { - - /* read from socket */ - arr = new byte[len]; - saslin.read(arr); - - System.out.print(new String(arr)); - - } else { - /* sleep */ - } - } - - } catch (SaslException e) { - - } catch (IOException e) { - - } - - - } - - static void usage() - { - System.out.println("Usage:"); - System.out.println("jimtest [-k minssf] [-l maxssf] [-m mech] [-p port] server"); - System.exit(1); - } - - public static void main (String args[]) - { - String[] mechs; - SaslClient conn; - - String arg; - int i = 0; - int minssf = 0; - int maxssf = 9999; - String onemech = null; - int port = 143; - - while ((i < (args.length-1) ) && (args[i].startsWith("-"))) { - arg = args[i++]; - - // use this type of check for arguments that require arguments - if (arg.equals("-k")) { - if (i < args.length) - minssf = Integer.parseInt(args[i++]); - else { - System.err.println("-k requires a number"); - usage(); - } - } else if (arg.equals("-l")) { - if (i < args.length) - maxssf = Integer.parseInt(args[i++]); - else { - System.err.println("-l requires a number"); - usage(); - } - } else if (arg.equals("-m")) { - if (i < args.length) - onemech = args[i++]; - else { - System.err.println("-m requires parameter"); - usage(); - } - } else if (arg.equals("-p")) { - if (i < args.length) - port = Integer.parseInt(args[i++]); - else { - System.err.println("-p requires a number"); - usage(); - } - } else { - usage(); - } - } - - if (i != args.length-1) usage(); - - String servername = args[i]; - - if (connect(servername,port)==false) { - System.out.println("Unable to connect to host: "+servername); - System.exit(1); - } - - mechs = askcapabilities(); - - if (onemech!=null) { - mechs = new String[1]; - mechs[0]=onemech; - } - - conn = start_sasl(mechs,servername, s.getLocalAddress().getHostName(), minssf,maxssf); - - if (conn == null) { - System.out.println("Authentication failed"); - System.exit(1); - } - - be_interactive(conn); - } - - -} diff --git a/java/Test/jimtest.sh b/java/Test/jimtest.sh deleted file mode 100755 index 261e397f..00000000 --- a/java/Test/jimtest.sh +++ /dev/null @@ -1,10 +0,0 @@ -#!/bin/sh -p - -IMAPSERVER=cyrus.andrew.cmu.edu - -LD_LIBRARY_PATH=/usr/local/lib:/usr/openwin/lib:/usr/lib -export LD_LIBRARY_PATH -java -cp .:/usr/java/jre/lib/rt.jar:/usr/local/lib/java/classes/sasl jimtest ${IMAPSERVER} - - - diff --git a/java/Test/testserver.java b/java/Test/testserver.java deleted file mode 100644 index 716d9b90..00000000 --- a/java/Test/testserver.java +++ /dev/null @@ -1,175 +0,0 @@ - -import CyrusSasl.*; -import java.net.*; -import java.io.*; -import java.util.*; - -class testserver { - - static ServerSocket ssock; - - private static PrintWriter os=null; - private static InputStreamReader ir=null; - private static Socket s=null; - private static BufferedReader br=null; - - private static void give_capabilities() throws IOException - { - String []list = Sasl.getMechanismNames(); - - String cap="* CAPABILITY IMAP4 IMAP4rev1 ACL QUOTA LITERAL+ NAMESPACE UIDPLUS X-NON-HIERARCHICAL-RENAME NO_ATOMIC_RENAME"; - - for (int lup=0;lup +--| Protocol Driver | - ------------------- | | ------------------- - | | - ------------------- ------------------- - | SaslClient | | SaslServer | - ------------------- ------------------- - | | - ----------------- | | ----------------- - | MD5 |----| |---| MD5 | - ----------------- | | ----------------- - | | - ----------------- | | ----------------- - | Kerberos v5 |----| |---| Kerberos v5 | - ----------------- | | ----------------- - | | - ----------------- | | ----------------- - - -Expires 12/99 [Page 4] - -JAVA SASL API June 1999 - - | PKCS-11 |----| |---| PKCS-11 | - ----------------- | | ----------------- - | | - - - - - - - - - - | | - - - - - - - - - - | xxxYYYxxx |----+ +---| xxxYYYxxx | - - - - - - - - - - - - - - - - - - - - - A client using the Java SASL API may communicate with any server - implementing the SASL protocol, and a server may use the API to - process authentication requests from any client using the SASL - protocol. It is not required that both sides use the same language - bindings. - -1 Overview of the SASL classes - - -1.1 Interfaces - - - SaslClient Performs SASL authentication as a - client. - - SaslClientFactory An interface for creating instances of - SaslClient. It is not normally accessed - directly by a client, which will use the - Sasl static methods instead. However, a - particular environment may provide and - install a new or different - SaslClientFactory. - - SaslServer Performs SASL authentication as a - server. - - SaslServerFactory An interface for creating instances of - SaslServer. It is not normally accessed - directly by a server, which will use the - Sasl static methods instead. However, a - particular environment may provide and - install a new or different - SaslServerFactory. - - SecurityLayer An interface for encoding and decoding - data. - - -1.2 Classes - - - Sasl A static class for creating SASL clients - and servers. It transparently locates - and uses any available - SaslClientFactory/SaslServerFactory - instances. - - - -Expires 12/99 [Page 5] - -JAVA SASL API June 1999 - - SaslException Exception thrown on errors and failures - in the authentication process. - - -2 Overview of SASL API Use - - An application generally uses the SASL API as follows: - - - Pass a list of acceptable or known Mechanisms to - Sasl.createSaslClient. The method returns an object - implementing SaslClient on success. - - - Create an object implementing the client authentication - callback interfaces, which can provide credentials when - required by the SaslClient. - - - Have the SaslClient object begin the authentication process by - providing an initial server response, if the protocol supports - an initial response. - - - Responses/challenges are exchanged with the server. If a - response indicates authentication has completed, SaslClient is - queried for validation, and a SecurityLayer object may be - obtained from it. If not, the SaslClient is queried for an - appropriate next response to the server. This continues until - authentication has completed. - - - For the rest of the session, messages to the server are encoded - first by the Security Layer (if one has been provided by - SaslClient), and messages from the server are decoded by it - before processing in the application. - - - A server generally uses the SASL API as follows: - - - It receives a request from the client requesting authentication - for a particular SASL mechanism, accompanied by an optional - an initial response. - - - It processes the initial response and generates a challenge - specific for the SASL mechanism to be sent back to the client - if the response is processed successfully. If the response is - not processed successfully, it sends an error to the client and - terminates the authentication session. - - - Responses/challenges are exchanged with the client. If the - server cannot successful process a response, the server sends - an error to the client and terminates the authentication. If - the server has completed the authentication and has no more - challenges to send, it sends a success indication to the - client. - - - If the authentication has completed successfully, the server - extracts the authorization ID of the client from the SaslServer - - -Expires 12/99 [Page 6] - -JAVA SASL API June 1999 - - instance (if appropriate) to be used for subsequent access - control checks. - - - For the rest of the session, messages to and from the client - are encoded and decoded by the Security Layer, if one has been - provided by SaslServer. - - The following sections describe the SASL classes in more detail. - - -3 The Java SASL classes - - -3.1 public class Sasl - - A class capable of providing a SaslClient or SaslServer. - - -3.1.1 createSaslClient - - public static SaslClient - createSaslClient(String[] mechanisms, - String authorizationID, - String protocol, - String serverName, - Hashtable props, - javax.security.auth.callback.CallbackHandler cbh) - throws SaslException - - Creates a SaslClient using the parameters supplied. It returns null - if no SaslClient can be created using the parameters supplied. - Throws SaslException if it cannot create a SaslClient because of an - error. - - The algorithm for selection is as follows: - - 1.If a factory has been installed via setSaslClientFactory(), try - it first. If non-null answer produced, return it. - 2.Use the packages listed in the javax.security.sasl.client.pkgs - property from props to load in a factory and try to create a - SaslClient, by looking for a class named ClientFactory. Repeat - this for each package on the list until a non-null answer is - produced. If non-null answer produced, return it. - 3.Repeat previous step using the javax.security.sasl.client.pkgs - System property. - 4.If no non-null answer produced, return null. - - Parameters are: - - mechanisms The non-null list of mechanism names to try. Each - is the IANA-registered name of a SASL mechanism. - (e.g. "GSSAPI", "CRAM-MD5"). - - - - -Expires 12/99 [Page 7] - -JAVA SASL API June 1999 - - authorizationIDThe possibly null protocol-dependent - identification to be used for authorization, e.g. - user name or distinguished name. When the SASL - authentication completes successfully, the entity - named by authorizationId is granted access. If - null, access is granted to a protocol-dependent - default (for example, in LDAP this is the DN in - the bind request). - - protocol The non-null string name of the protocol for - which the authentication is being performed, e.g - "pop", "ldap". - - serverName The non-null fully qualified host name of the - server to authenticate to. - - props The possibly null additional configuration - properties for the session, e.g. - - javax.security.sasl.encryption.minimum Minimum key length; - default "0" (no - session - protection). "1" - means integrity - protection only. - - javax.security.sasl.encryption.maximum Maximum key length; - default "256". - - javax.security.sasl.server.authentication "true" if - server must - authenticate to - client; default - "false". - - javax.security.sasl.ip.local IP address in - dotted decimal - format, for - kerberos v4; no - default. - - javax.security.sasl.ip.remote IP address in - dotted decimal - format, for - kerberos v4; no - default. - - javax.security.sasl.maxbuffer Maximum size of - security layer - frames; default "0" - (client will - not use the - security layer). - - - -Expires 12/99 [Page 8] - -JAVA SASL API June 1999 - - javax.security.sasl.client.pkgs A space-separated - list of package - names to use when - locating a - SaslClientFactory. - - cbh The possibly null callback handler to used by the - SASL mechanisms to get further information from - the application/library to complete the - authentication. For example, a SASL mechanism - might require the authentication ID and password - from the caller. The authentication ID may be - requested with a NameCallback, and the password - with a PasswordCallback. - - -3.1.2 setSaslClientFactory - - public static void - setSaslClientFactory(SaslClientFactory fac) - - Sets the default SaslClientFactory to use. This method sets fac to - be the default factory. It can only be called with a non-null value - once per VM. If a factory has been set already, this method throws - IllegalStateException. - - Parameters are: - - fac The possibly null factory to set. If null, it - doesn't do anything. - - - -3.1.3 createSaslServer - - public static SaslServer - createSaslServer(String mechanism, - String protocol, - String serverName, - Hashtable props, - javax.security.auth.callback.CallbackHandler cbh) - throws SaslException - - This method creates a SaslServer for the specified mechanism. It - returns null if no SaslServer can be created for the specified - mechanism. - - The algorithm for selection is as follows: - - 1.If a factory has been installed via setSaslServerFactory(), try - it first. If non-null answer produced, return it. - 2.Use the packages listed in the javax.security.sasl.server.pkgs - property in props, if present, to load in a factory and try to - create a SaslServer, by looking for a class named - - -Expires 12/99 [Page 9] - -JAVA SASL API June 1999 - - ServerFactory. Repeat this for each package on the list until a - non-null answer is produced. If non-null answer produced, - return it. - 3.Use the packages listed in the javax.security.sasl.server.pkgs - System property to load in a factory and try to create a - SaslServer. Repeat this for each package on the list until a - non-null answer is produced. If non-null answer produced, - return it. - 4.If no non-null answer produced, return null. - - Parameters are: - - mechanism A non-null IANA-registered name of a SASL - mechanism (e.g. "GSSAPI", "CRAM-MD5"). - - protocol The non-null string name of the protocol for - which the authentication is being performed, e.g - "pop", "ldap". - - serverName The non-null fully qualified host name of the - server to authenticate to. - - props The possibly null properties to be used by the - SASL mechanisms to configure the authentication - exchange. See Sasl.createSaslClient for examples - of properties. - - cbh The possibly null callback handler to used by the - SASL mechanisms to get further information from - the application/library to complete the - authentication. For example, a SASL mechanism - might require the authentication ID and password - from the caller. The authentication ID may be - requested with a NameCallback, and the password - with a PasswordCallback. - - -3.1.4 setSaslServerFactory - - public static void - setSaslServerFactory(SaslServerFactory fac) - - Sets the default SaslServerFactory to use. This method sets fac to - be the default factory. It can only be called with a non-null value - once per VM. If a factory has been set already, this method throws - IllegalStateException. - - Parameters are: - - fac The possibly null factory to set. If null, it - doesn't do anything. - - - - - -Expires 12/99 [Page 10] - -JAVA SASL API June 1999 - -3.2 public interface SaslClient - - An object implementing this interface can negotiate authentication - using one of the IANA-registered mechanisms. - - -3.2.1 createInitialResponse - - public byte[] - createInitialResponse() throws SaslException - - This method prepares a byte array to use for the initial response to - start the authentication process. A SaslException is thrown if the - driver cannot initiate authentication. The return value may be - null, indicating there is no initial response to send to the server. - - -3.2.2 evaluateChallenge - - public byte[] - evaluateChallenge(byte[] challenge) - throws SaslException - - If a challenge is received from the server during the authentication - process, this method is called to prepare an appropriate next - response to submit to the server. The response is null if the - challenge accompanied a "SUCCESS" status and the challenge only - contains data for the client to update its state and no response - needs to be sent to the server. A SaslException is thrown if an - error occurred while processing the challenge or generating a - response. - - Parameters are: - - challenge The non-null challenge received from the server. - - -3.2.3 isComplete - - public boolean - isComplete() - - This method may be called at any time to determine if the - authentication process is finished. Typically, the protocol driver - will not do this until it has received something from the server - which indicates (in a protocol-specific manner) that the process has - completed. - -3.2.4 getSecurityLayer - - public SecurityLayer - getSecurityLayer() throws SaslException - - - - -Expires 12/99 [Page 11] - -JAVA SASL API June 1999 - - Once authentication is complete, this method may be called to obtain - an object capable of encoding/decoding data content for the rest of - the session. An exception is thrown if authentication is not yet - complete. It may return null if the mechanism does not define a - security layer, or if none was negotiated. - - -3.2.5 getMechanismName - - public String - getMechanismName() - - Report the IANA-registered name of the mechanism used by this - client, e.g. "GSSAPI" or "CRAM-MD5". - - - -3.3 public interface SaslClientFactory - - An object implementing this interface can provide a SaslClient. - Implementations must be thread-safe and handle multiple simultaneous - requests. - - -3.3.1 createSaslClient - - public SaslClient - createSaslClient(String[] mechanisms, - String authorizationID, - String protocol, - String serverName, - Hashtable props, - javax.security.auth.callback.CallbackHandler cbh) - throws SaslException - - Creates a SaslClient using the parameters supplied. It returns null - if no SaslClient can be created using the parameters supplied. - Throws SaslException if it cannot create a SaslClient because of an - error. - - Returns a possibly null SaslClient created using the parameters - supplied. If null, this factory cannot produce a SaslClient using - the parameters supplied. - - Parameters are: - - mechanisms The non-null list of mechanism names to try. Each - is the IANA-registered name of a SASL mechanism. - (e.g. "GSSAPI", "CRAM-MD5"). - - authorizationID The possibly null protocol-dependent - identification to be used for authorization, e.g. - user name or distinguished name. When the SASL - authentication completes successfully, the entity - - -Expires 12/99 [Page 12] - -JAVA SASL API June 1999 - - named by authorizationId is granted access. If - null, access is granted to a protocol-dependent - default (for example, in LDAP this is the DN in - the bind request). - - protocol The non-null string name of the protocol for - which the authentication is being performed, e.g - "pop", "ldap". - - serverName The non-null fully qualified host name of the - server to authenticate to. - - props The possibly null properties to be used by the - SASL mechanisms to configure the authentication - exchange. See Sasl.createSaslClient for examples - of properties. - - cbh The possibly null callback handler to used by the - SASL mechanisms to get further information from - the application/library to complete the - authentication. For example, a SASL mechanism - might require the authentication ID and password - from the caller. The authentication ID may be - requested with a NameCallback, and the password - with a PasswordCallback. - - - -3.3.2 getMechanismNames - - public String[] - getMechanismNames() - - Returns a non-null array of names of mechanisms supported by this - factory. - - -3.4 public interface SaslServer - - An object implementing this interface can negotiate authentication - using one of the IANA-registered mechanisms. - - -3.4.1 evaluateResponse - - public byte[] - evaluateResponse(byte[] response) - throws SaslException - - If a response is received from the client during the authentication - process, this method is called to prepare an appropriate next - challenge to submit to the client. The challenge is null if the - authentication has succeeded and no more challenge data is to be - sent to the client. It is non-null if the authentication must be - - -Expires 12/99 [Page 13] - -JAVA SASL API June 1999 - - continued by sending a challenge to the client, or if the - authentication has succeeded but challenge data needs to be - processed by the client. A SaslException is thrown if an error - occurred while processing the response or generating a challenge. - isComplete() should be called after each call to evaluateResponse(), - to determine if any further response is needed from the client. The - protocol driver will send an indication (in a protocol-specific - manner) as to whether the authentication has succeeded, failed, or - should be continued, and any accompanying challenge data. - - Parameters are: - - response Non-null response received from client. - - -3.4.2 isComplete - - public boolean - isComplete() - - This method may be called at any time to determine if the - authentication process is finished. This method is typically called - after each invocation of evaluateResponse() to determine whether the - authentication has completed successfully or should be continued. - - -3.4.3 getSecurityLayer - - public SecurityLayer - getSecurityLayer() throws SaslException - - Once authentication is complete, this method may be called to obtain - an object capable of encoding/decoding data content for the rest of - the session. An exception is thrown if authentication is not yet - complete. It may return null if the mechanism does not define a - security layer, or if none was negotiated. - - -3.4.4 getMechanismName - - public String - getMechanismName() - - Returns the non-null IANA-registered name of the mechanism used by - this server, e.g. "GSSAPI" or "CRAM-MD5". - - -3.4.5 getAuthorizationID - - public String - getAuthorizationID() - - Report the authorization ID in effect for the client of this - session. If null, a protocol-dependent default is assumed. - - -Expires 12/99 [Page 14] - -JAVA SASL API June 1999 - - - - -3.5 public interface SaslServerFactory - - An object implementing this interface can provide a SaslServer. - Implementations must be thread-safe and handle multiple simultaneous - requests. - - -3.5.1 createSaslServer - - public SaslServer - createSaslServer(String mechanism, - String protocol, - String serverName, - Hashtable props, - javax.security.auth.callback.CallbackHandler cbh) - throws SaslException - - Creates a SaslServer using the mechanism supplied. It returns null - if no SaslClient can be created using the parameters supplied. - Throws SaslException if it cannot create a SaslClient because of an - error. - - Returns a possibly null SaslServer which supports the specified - mechanism. If null, this factory cannot produce a SaslServer for the - specified mechanism. - - Parameters are: - - mechanism The non-null IANA-registered name of a SASL - mechanism (e.g. "GSSAPI", "CRAM-MD5"). - - protocol The non-null string name of the protocol for - which the authentication is being performed, e.g - "pop", "ldap". - - serverName The non-null fully qualified host name of the - server. - - props The possibly null properties to be used by the - SASL mechanisms to configure the authentication - exchange. See Sasl.createSaslClient for examples - of properties. - - cbh The possibly null callback handler to used by the - SASL mechanisms to get further information from - the application/library to complete the - authentication. For example, a SASL mechanism - might require the authentication ID and password - from the caller. The authentication ID may be - requested with a NameCallback, and the password - with a PasswordCallback. - - -Expires 12/99 [Page 15] - -JAVA SASL API June 1999 - - - -3.5.2 getMechanismNames - - public String[] - getMechanismNames() - - Returns a non-null array of names of mechanisms supported by this - factory. - - -3.6 public class SaslException - extends IOException - - Exception thrown on errors and failures in authentication. - - -3.6.1 Constructors - - public SaslException() - - Constructs a new instance of SaslException. The root exception and - the detailed message are null. - - - public SaslException(String message) - - - Constructs a default exception with a detailed message and no root - exception. - - - public SaslException(String messag, - Throwable ex) - - Constructs a new instance of SaslException with a detailed message - and a root exception. For example, a SaslException might result from - a problem with the callback handler, which might throw a - NoSuchCallbackException if it does not support the requested - callback, or throw an IOException if it had problems obtaining data - for the callback. The SaslException's root exception would be then - be the exception thrown by the callback handler. - - - Parameters are: - - message Possibly null additional detail about the - exception. - - ex A possibly null root exception that caused this - exception. - - - - - -Expires 12/99 [Page 16] - -JAVA SASL API June 1999 - -3.6.2 getException - - public Throwable - getException() - - Returns the possibly null root exception that caused this exception. - - -3.6.3 printStackTrace - - public void - printStackTrace() - - Prints this exception's stack trace to System.err. If this - exception has a root exception, the stack trace of the root - exception is printed to System.err instead. - - public void - printStackTrace(PrintStream ps) - - Prints this exception's stack trace to a print stream. If this - exception has a root exception, the stack trace of the root - exception is printed to the print stream instead. - - public void - printStackTrace(PrintWriter pw) - - Prints this exception's stack trace to a print writer. If this - exception has a root exception, the stack trace of the root - exception is printed to the print writer instead. - - Parameters are: - - ps The non-null print stream to which to print. - - pw The non-null print writer to which to print. - - -3.7 public interface SecurityLayer - - An object implementing this interface translates buffers back and - forth during a session, after the authentication process has - completed, to provide a security layer. The security layer may - provide data integrity and/or session privacy. - - -3.7.1 encode - - public byte[] - encode(byte[] inVals, int offset, int count) throws SASLException - - Take a protocol-dependent byte array and encode it (encrypt, for - example) for sending to the server. - - - -Expires 12/99 [Page 17] - -JAVA SASL API June 1999 - - - Parameters are: - - inVals A request to be encoded before sending to the - server. - - offset The inclusive starting offset in the byte array - inVals to use. 0 <= offset < inVals.length. - - count The number of bytes in inVals to use. - 0 <= count < inVals.length-offset. - - -3.7.2 decode - - public byte[] - decode(byte[] outVals, int offset, int count) throws SASLException - - Take an encoded byte array received from the server and decode it. - - Parameters are: - - outVals A response received from the server, to be - decoded. - - offset The inclusive starting offset in the byte array - outVals to use. 0 <= offset < outVals.length. - - count The number of bytes in outVals to use. - 0 <= count < outVals.length-offset. - - - - - - - - - - - - - - - - - - - - - - - - - - -Expires 12/99 [Page 18] - -JAVA SASL API June 1999 - -4 Security Considerations - - When SASL authentication is performed over unsecured connections, it - is possible for an active attacker to spoof the server's protocol- - specific indication that authentication is complete. Clients should - protect against this attack by verifying the completion of - authentication with the mechanism driver by calling the driver's - isComplete() method. - - Additional security considerations are discussed in [SASL]. - - -5 Bibliography - - [JAAS] Java Software, Sun Microsystems, Inc., "Java Authentication - and Authorization Service," http://java.sun.com/security/jaas, - March 1999. - - [SASL] J. Myers, "Simple Authentication and Security Layer (SASL)", - RFC 2222, October 1997 - - -6 Authors' Addresses - - Rob Weltman - Netscape Communications Corp. - 501 E. Middlefield Rd. - Mail Stop MV-029 - Mountain View, CA 94043-4042 - USA - Email: rweltman@netscape.com - - Rosanna Lee - Sun Microsystems - Mail Stop UCUP02-206 - 901 San Antonio Road - Palo Alto, CA 94303 - USA - Email: rosanna.lee@eng.sun.com - - Rob Earhart - Carnegie Mellon - 5000 Forbes Ave. - Pittsburgh, PA 15213-3890 - USA - Email: earhart@cmu.edu - - -7 Acknowledgements - - Scott Seligman of Sun Microsystems, Inc. contributed to the - architecture and API proposed in this document. - - - - -Expires 12/99 [Page 19] - -JAVA SASL API June 1999 - -8 Appendix A - Sample java LDAP program using SASL - - /**************************************************************** - It might look like this in LDAP. The Protocol Driver is - implemented as part of the authenticate method of - LDAPConnection. - ****************************************************************/ - - public class LDAPConnection { - public void authenticate( String dn, - String[] mechs, - Hashtable props, - CallbackHandler cbh ) - throws SaslException { - - // Create SASL client to use for authentication - SaslClient saslClnt = Sasl.createSaslClient( - mechs, dn, "ldap", getHost(), props, cbh); - - if (saslClnt == null) { - throw new SaslException("SASL client not available"); - } - - String mechName = saslClnt.getMechanismName(); - byte[] response = saslClnt.createInitialResponse(); - - // Create a bind request message, including the initial - - // response (if any), and send it off - - LDAPSASLBindResponse msg = - - writeRequest( new LDAPSASLBindRequest( dn, mechName, - - response ) ); - - // Get the server challenge - LDAPSASLBindResponse msg = (LDAPSASLBindResponse)readResponse(); - // Authentication done? - while (!saslClnt.isComplete() && - msg.getStatus() == LDAP_SASL_BIND_IN_PROGRESS) { - // No, get an appropriate next response and send it off - byte[] challenge = msg.getChallenge(); - response = saslClnt.evaluateChallenge( challenge ); - // May be a success message with no further challenge - if ( response != null ) { - // Wrap the response in another bind request and - // send it off - writeRequest( new LDAPSASLBindRequest( dn, - mechName, response ) ); - msg = (LDAPSASLBindResponse)readResponse(); - } - } - // Make sure authentication REALLY is complete - if ( !driver.isComplete() ) { - /* Authentication session hijacked! */ - throw new SaslException( "SASL session hijacked!" ); - } - // Get the negotiated security layer, if any - - -Expires 12/99 [Page 20] - -JAVA SASL API June 1999 - - security = saslClnt.getSecurityLayer(); - - } - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -Expires 12/99 [Page 21] - -JAVA SASL API June 1999 - - /**************************************************************** - This might be in an application - ****************************************************************/ - - /** - * A sample callback handler. This implementation is created by - * using the input that it will return. Other implementations are - * typically more sophisticated and might prompt the user on demand - * in order to satisfy the callbacks. - */ - class SimpleCallbackHandler implements CallbackHandler { - private char[] passwd; - private String authenticationID; - - SimpleCallbackHandler(String principal, Object cred) - throws IOException { - authenticationID = principal; - - if (cred instanceof String) { - passwd = ((String)cred).toCharArray(); - } else if (cred instanceof char[]) { - passwd = (char[])((char[])cred).clone(); - } else if (cred instanceof byte[]) { - // PasswordCallback expects char[]; assume UTF-8 - // encoding - String orig = new String((byte[])cred, "UTF8"); - passwd = orig.toCharArray(); - } else { - throw new IOException("Unsupported password format: " + - cred); - } - } - - public void invokeCallback(Callback[] callbacks) - throws java.io.IOException, UnsupportedCallbackException { - for (int i = 0; i < callbacks.length; i++) { - if (callbacks[i] instanceof NameCallback) { - ((NameCallback)callbacks[i]).setName( - authenticationID); - - } else if (callbacks[i] instanceof PasswordCallback) { - ((PasswordCallback)callbacks[i]).setPassword( - passwd); - } else { - throw new - UnsupportedCallbackException(callbacks[i]); - } - } - } - } - - - - - - -Expires 12/99 [Page 22] - -JAVA SASL API June 1999 - - /*************************************************************** - And so the application code to do authentication - ***************************************************************/ - - // Set up all SASL parameters; some may have reasonable defaults - Hashtable props = new Hashtable(); - props.add("javax.security.sasl.encryption.minimum", "40"); - props.add("javax.security.sasl.encryption.maximum", "128"); - props.add("javax.security.sasl.server_authentication", "true"); - props.add("javax.security.sasl.maxbuffer", "4096"); - // The following two for kerberos v4, only - //props.add("javax.security.sasl.ip.local", "192.68.1.10"); - //props.add("javax.security.sasl.ip.remote", "192.68.1.50"); - - // What we want to authenticate as - String dn = "cn=Directory Manager"; - - // Create an object for possible use by the authentication - // process - SimpleCallbackHandler cbh = new SimpleCallbackHandler(); - - try { - // Note: cbh methods may be called during authentication - // Note: "connection" includes the SASL Protocol Driver - // functionality, and it will internally manage a Mechanism - // Driver for GSSAPI, and then a Security Layer object for - // data translation - String[] mechNames = { "GSSAPI" }; - connection.authenticate( dn, mechNames, props, cbh ); - } catch ( SaslException e ) { - // Abort, return, maybe try some other authentication - } - - // Okay. From here on, everything goes through security, but the - // methods have the same signatures as if we were not using SASL - - - - - - - - - - - - - - - - - - - - - -Expires 12/99 [Page 23] - -JAVA SASL API June 1999 - -9 Appendix B - Changes from draft-weltman-java-sasl-01.txt - - The class hierarchy defined in this document is entirely different - from that defined in the previous document. - - For callback handling, the newly released - javax.security.auth.callback package is used. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -Expires 12/99 [Page 24] - \ No newline at end of file diff --git a/java/javax/.cvsignore b/java/javax/.cvsignore deleted file mode 100644 index 13bb78db..00000000 --- a/java/javax/.cvsignore +++ /dev/null @@ -1,5 +0,0 @@ -Makefile.in -Makefile -.deps -.libs -*.l[ao] diff --git a/java/javax/Makefile.am b/java/javax/Makefile.am deleted file mode 100644 index f7f20eb1..00000000 --- a/java/javax/Makefile.am +++ /dev/null @@ -1,42 +0,0 @@ -################################################################ -# Copyright (c) 2000 Carnegie Mellon University. All rights reserved. -# -# Redistribution and use in source and binary forms, with or without -# modification, are permitted provided that the following conditions -# are met: -# -# 1. Redistributions of source code must retain the above copyright -# notice, this list of conditions and the following disclaimer. -# -# 2. Redistributions in binary form must reproduce the above copyright -# notice, this list of conditions and the following disclaimer in -# the documentation and/or other materials provided with the -# distribution. -# -# 3. The name "Carnegie Mellon University" must not be used to -# endorse or promote products derived from this software without -# prior written permission. For permission or any other legal -# details, please contact -# Office of Technology Transfer -# Carnegie Mellon University -# 5000 Forbes Avenue -# Pittsburgh, PA 15213-3890 -# (412) 268-4387, fax: (412) 268-7395 -# tech-transfer@andrew.cmu.edu -# -# 4. Redistributions of any form whatsoever must retain the following -# acknowledgment: -# "This product includes software developed by Computing Services -# at Carnegie Mellon University (http://www.cmu.edu/computing/)." -# -# CARNEGIE MELLON UNIVERSITY DISCLAIMS ALL WARRANTIES WITH REGARD TO -# THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY -# AND FITNESS, IN NO EVENT SHALL CARNEGIE MELLON UNIVERSITY BE LIABLE -# FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES -# WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN -# AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING -# OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. -# -################################################################ - -SUBDIRS = security diff --git a/java/javax/security/.cvsignore b/java/javax/security/.cvsignore deleted file mode 100644 index 13bb78db..00000000 --- a/java/javax/security/.cvsignore +++ /dev/null @@ -1,5 +0,0 @@ -Makefile.in -Makefile -.deps -.libs -*.l[ao] diff --git a/java/javax/security/Makefile.am b/java/javax/security/Makefile.am deleted file mode 100644 index dff8b40c..00000000 --- a/java/javax/security/Makefile.am +++ /dev/null @@ -1,42 +0,0 @@ -################################################################ -# Copyright (c) 2000 Carnegie Mellon University. All rights reserved. -# -# Redistribution and use in source and binary forms, with or without -# modification, are permitted provided that the following conditions -# are met: -# -# 1. Redistributions of source code must retain the above copyright -# notice, this list of conditions and the following disclaimer. -# -# 2. Redistributions in binary form must reproduce the above copyright -# notice, this list of conditions and the following disclaimer in -# the documentation and/or other materials provided with the -# distribution. -# -# 3. The name "Carnegie Mellon University" must not be used to -# endorse or promote products derived from this software without -# prior written permission. For permission or any other legal -# details, please contact -# Office of Technology Transfer -# Carnegie Mellon University -# 5000 Forbes Avenue -# Pittsburgh, PA 15213-3890 -# (412) 268-4387, fax: (412) 268-7395 -# tech-transfer@andrew.cmu.edu -# -# 4. Redistributions of any form whatsoever must retain the following -# acknowledgment: -# "This product includes software developed by Computing Services -# at Carnegie Mellon University (http://www.cmu.edu/computing/)." -# -# CARNEGIE MELLON UNIVERSITY DISCLAIMS ALL WARRANTIES WITH REGARD TO -# THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY -# AND FITNESS, IN NO EVENT SHALL CARNEGIE MELLON UNIVERSITY BE LIABLE -# FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES -# WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN -# AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING -# OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. -# -################################################################ - -SUBDIRS = auth diff --git a/java/javax/security/auth/.cvsignore b/java/javax/security/auth/.cvsignore deleted file mode 100644 index 8836268f..00000000 --- a/java/javax/security/auth/.cvsignore +++ /dev/null @@ -1,6 +0,0 @@ -Makefile.in -Makefile -.deps -.libs -*.l[ao] -javax diff --git a/java/javax/security/auth/Makefile.am b/java/javax/security/auth/Makefile.am deleted file mode 100644 index c3705055..00000000 --- a/java/javax/security/auth/Makefile.am +++ /dev/null @@ -1,43 +0,0 @@ -################################################################ -# Copyright (c) 2000 Carnegie Mellon University. All rights reserved. -# -# Redistribution and use in source and binary forms, with or without -# modification, are permitted provided that the following conditions -# are met: -# -# 1. Redistributions of source code must retain the above copyright -# notice, this list of conditions and the following disclaimer. -# -# 2. Redistributions in binary form must reproduce the above copyright -# notice, this list of conditions and the following disclaimer in -# the documentation and/or other materials provided with the -# distribution. -# -# 3. The name "Carnegie Mellon University" must not be used to -# endorse or promote products derived from this software without -# prior written permission. For permission or any other legal -# details, please contact -# Office of Technology Transfer -# Carnegie Mellon University -# 5000 Forbes Avenue -# Pittsburgh, PA 15213-3890 -# (412) 268-4387, fax: (412) 268-7395 -# tech-transfer@andrew.cmu.edu -# -# 4. Redistributions of any form whatsoever must retain the following -# acknowledgment: -# "This product includes software developed by Computing Services -# at Carnegie Mellon University (http://www.cmu.edu/computing/)." -# -# CARNEGIE MELLON UNIVERSITY DISCLAIMS ALL WARRANTIES WITH REGARD TO -# THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY -# AND FITNESS, IN NO EVENT SHALL CARNEGIE MELLON UNIVERSITY BE LIABLE -# FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES -# WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN -# AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING -# OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. -# -################################################################ - -SUBDIRS = callback - diff --git a/java/javax/security/auth/callback/.cvsignore b/java/javax/security/auth/callback/.cvsignore deleted file mode 100644 index baa4f5e2..00000000 --- a/java/javax/security/auth/callback/.cvsignore +++ /dev/null @@ -1,7 +0,0 @@ -Makefile.in -Makefile -.deps -.libs -*.l[ao] -*.class -*.stamp diff --git a/java/javax/security/auth/callback/Callback.java b/java/javax/security/auth/callback/Callback.java deleted file mode 100644 index 2aec2a79..00000000 --- a/java/javax/security/auth/callback/Callback.java +++ /dev/null @@ -1,13 +0,0 @@ - -package javax.security.auth.callback; - -/** -All Known Implementing Classes: -ConfirmationCallback, LanguageCallback, NameCallback, PasswordCallback, -TextInputCallback, TextOutputCallback, ChoiceCallback -*/ - -public abstract interface Callback -{ - /* nothing. just use as a base */ -} diff --git a/java/javax/security/auth/callback/CallbackHandler.java b/java/javax/security/auth/callback/CallbackHandler.java deleted file mode 100644 index 3b3dc296..00000000 --- a/java/javax/security/auth/callback/CallbackHandler.java +++ /dev/null @@ -1,8 +0,0 @@ - -package javax.security.auth.callback; - -public abstract interface CallbackHandler -{ - public void handle(Callback[] callbacks) - throws java.io.IOException, UnsupportedCallbackException; -} diff --git a/java/javax/security/auth/callback/Makefile.am b/java/javax/security/auth/callback/Makefile.am deleted file mode 100644 index e5be4797..00000000 --- a/java/javax/security/auth/callback/Makefile.am +++ /dev/null @@ -1,55 +0,0 @@ -################################################################ -# Copyright (c) 2000 Carnegie Mellon University. All rights reserved. -# -# Redistribution and use in source and binary forms, with or without -# modification, are permitted provided that the following conditions -# are met: -# -# 1. Redistributions of source code must retain the above copyright -# notice, this list of conditions and the following disclaimer. -# -# 2. Redistributions in binary form must reproduce the above copyright -# notice, this list of conditions and the following disclaimer in -# the documentation and/or other materials provided with the -# distribution. -# -# 3. The name "Carnegie Mellon University" must not be used to -# endorse or promote products derived from this software without -# prior written permission. For permission or any other legal -# details, please contact -# Office of Technology Transfer -# Carnegie Mellon University -# 5000 Forbes Avenue -# Pittsburgh, PA 15213-3890 -# (412) 268-4387, fax: (412) 268-7395 -# tech-transfer@andrew.cmu.edu -# -# 4. Redistributions of any form whatsoever must retain the following -# acknowledgment: -# "This product includes software developed by Computing Services -# at Carnegie Mellon University (http://www.cmu.edu/computing/)." -# -# CARNEGIE MELLON UNIVERSITY DISCLAIMS ALL WARRANTIES WITH REGARD TO -# THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY -# AND FITNESS, IN NO EVENT SHALL CARNEGIE MELLON UNIVERSITY BE LIABLE -# FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES -# WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN -# AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING -# OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. -# -################################################################ - -javasasldir = $(prefix)/lib/java/classes/sasl/javax/security/auth/callback -javahtmldir = $(prefix)/html/sasl - -javasasl_JAVA = PasswordCallback.java \ - Callback.java \ - RealmCallback.java \ - CallbackHandler.java \ - UnsupportedCallbackException.java \ - NameCallback.java -EXTRA_DIST = $(javasasl_JAVA) - -CLASSES = $(javasasl_JAVA:.java=.class) - -$(CLASSES): callback.stamp diff --git a/java/javax/security/auth/callback/NameCallback.java b/java/javax/security/auth/callback/NameCallback.java deleted file mode 100644 index 6f149d8c..00000000 --- a/java/javax/security/auth/callback/NameCallback.java +++ /dev/null @@ -1,40 +0,0 @@ -package javax.security.auth.callback; - -public class NameCallback implements Callback -{ - private String prompt; - private String defaultName; - private String name; - - public NameCallback(String prompt) - { - this.prompt = prompt; - } - - public NameCallback(String prompt, String defaultName) - { - this.prompt = prompt; - this.defaultName = defaultName; - } - - public String getDefaultName() - { - return defaultName; - } - - public String getPrompt() - { - return prompt; - } - - public String getName() - { - return name; - } - - public void setName(String name) - { - this.name = name; - } -} - diff --git a/java/javax/security/auth/callback/PasswordCallback.java b/java/javax/security/auth/callback/PasswordCallback.java deleted file mode 100644 index 7353f0ee..00000000 --- a/java/javax/security/auth/callback/PasswordCallback.java +++ /dev/null @@ -1,34 +0,0 @@ -package javax.security.auth.callback; - -public class PasswordCallback implements Callback -{ - private String prompt; - private boolean echoOn = false; - private String password; - - public PasswordCallback(String prompt) - { - this.prompt = prompt; - } - - public PasswordCallback(String prompt, boolean echoOn) - { - this.prompt = prompt; - this.echoOn = echoOn; - } - - public boolean isEchoOn() - { - return echoOn; - } - - public String getPassword() - { - return password; - } - - public void setPassword(char[] password) - { - this.password = new String(password); - } -} diff --git a/java/javax/security/auth/callback/RealmCallback.java b/java/javax/security/auth/callback/RealmCallback.java deleted file mode 100644 index 4faa6cb3..00000000 --- a/java/javax/security/auth/callback/RealmCallback.java +++ /dev/null @@ -1,40 +0,0 @@ -package javax.security.auth.callback; - -public class RealmCallback implements Callback -{ - private String prompt; - private String defaultName; - private String name; - - public RealmCallback(String prompt) - { - this.prompt = prompt; - } - - public RealmCallback(String prompt, String defaultName) - { - this.prompt = prompt; - this.defaultName = defaultName; - } - - public String getDefaultRealm() - { - return defaultName; - } - - public String getPrompt() - { - return prompt; - } - - public String getRealm() - { - return name; - } - - public void setRealm(String name) - { - this.name = name; - } -} - diff --git a/java/javax/security/auth/callback/UnsupportedCallbackException.java b/java/javax/security/auth/callback/UnsupportedCallbackException.java deleted file mode 100644 index 6b78f331..00000000 --- a/java/javax/security/auth/callback/UnsupportedCallbackException.java +++ /dev/null @@ -1,25 +0,0 @@ -package javax.security.auth.callback; - - -public class UnsupportedCallbackException extends Exception -{ - Callback callback; - - public UnsupportedCallbackException(Callback callback) - { - super(); - this.callback = callback; - } - - public UnsupportedCallbackException(Callback callback, String msg) - { - super(msg); - this.callback = callback; - } - - public Callback getCallback() - { - return callback; - } - -}