Print this page
3882 remove xmod & friends


  46  * THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
  47  * AND FITNESS, IN NO EVENT SHALL CARNEGIE MELLON UNIVERSITY BE LIABLE
  48  * FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
  49  * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN
  50  * AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING
  51  * OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
  52  */
  53 
  54 #include <config.h>
  55 
  56 #include <stdlib.h>
  57 #include <stdio.h>
  58 #include <string.h>
  59 #ifndef macintosh
  60 #include <sys/types.h>
  61 #include <sys/stat.h>
  62 #endif
  63 #include <fcntl.h>
  64 #include <ctype.h>
  65 
  66 /* EXPORT DELETE START */
  67 /* DES support */
  68 #ifdef WITH_DES
  69 # ifdef WITH_SSL_DES
  70 #  include <openssl/des.h>
  71 # else /* system DES library */
  72 #  include <des.h>
  73 # endif
  74 #endif /* WITH_DES */
  75 /* EXPORT DELETE END */
  76 
  77 #ifdef WIN32
  78 # include <winsock.h>
  79 #else /* Unix */
  80 # include <netinet/in.h>
  81 #endif /* WIN32 */
  82 
  83 #ifdef _SUN_SDK_
  84 #include <unistd.h>
  85 #endif /* _SUN_SDK_ */
  86 
  87 #include <sasl.h>
  88 #include <saslplug.h>
  89 
  90 #include "plugin_common.h"
  91 
  92 #if defined _SUN_SDK_  && defined USE_UEF
  93 #include <security/cryptoki.h>
  94 static int uef_init(const sasl_utils_t *utils);
  95 #endif /* _SUN_SDK_ && USE_UEF */


 704     if (endpair[0] != ',') {
 705         if (endpair[0]!='\0') {
 706             *endpair++ = '\0'; 
 707         }
 708     }
 709     
 710     endpair = skip_lws(endpair);
 711     
 712     /* syntax check: MUST be '\0' or ',' */  
 713     if (endpair[0] == ',') {
 714         endpair[0] = '\0';
 715         endpair++; /* skipping <,> */
 716     } else if (endpair[0] != '\0') { 
 717         *name = NULL;
 718         return;
 719     }
 720     
 721     *in = endpair;
 722 }
 723 
 724 /* EXPORT DELETE START */
 725 #ifdef WITH_DES
 726 struct des_context_s {
 727     des_key_schedule keysched;  /* key schedule for des initialization */
 728     des_cblock ivec;            /* initial vector for encoding */
 729     des_key_schedule keysched2; /* key schedule for 3des initialization */
 730 };
 731 
 732 typedef struct des_context_s des_context_t;
 733 
 734 /* slide the first 7 bytes of 'inbuf' into the high seven bits of the
 735    first 8 bytes of 'keybuf'. 'keybuf' better be 8 bytes long or longer. */
 736 static void slidebits(unsigned char *keybuf, unsigned char *inbuf)
 737 {
 738     keybuf[0] = inbuf[0];
 739     keybuf[1] = (inbuf[0]<<7) | (inbuf[1]>>1);
 740     keybuf[2] = (inbuf[1]<<6) | (inbuf[2]>>2);
 741     keybuf[3] = (inbuf[2]<<5) | (inbuf[3]>>3);
 742     keybuf[4] = (inbuf[3]<<4) | (inbuf[4]>>4);
 743     keybuf[5] = (inbuf[4]<<3) | (inbuf[5]>>5);
 744     keybuf[6] = (inbuf[5]<<2) | (inbuf[6]>>6);


1172                    unsigned *outputlen)
1173 {
1174     /* pad is zero */
1175     *outputlen = inputlen+10;
1176     
1177     /* encrypt the text part */
1178     rc4_encrypt((rc4_context_t *) text->cipher_enc_context,
1179                 input,
1180                 output,
1181                 inputlen);
1182     
1183     /* encrypt the HMAC part */
1184     rc4_encrypt((rc4_context_t *) text->cipher_enc_context, 
1185                 (const char *) digest, 
1186                 (output)+inputlen, 10);
1187     
1188     return SASL_OK;
1189 }
1190 
1191 #endif /* WITH_RC4 */
1192 /* EXPORT DELETE END */
1193 
1194 struct digest_cipher available_ciphers[] =
1195 {
1196     /* EXPORT DELETE START */
1197 #ifdef WITH_RC4
1198     { "rc4-40", 40, 5, 0x01, &enc_rc4, &dec_rc4, &init_rc4, &free_rc4 },
1199     { "rc4-56", 56, 7, 0x02, &enc_rc4, &dec_rc4, &init_rc4, &free_rc4 },
1200     { "rc4", 128, 16, 0x04, &enc_rc4, &dec_rc4, &init_rc4, &free_rc4 },
1201 #endif
1202 #ifdef WITH_DES
1203     { "des", 55, 16, 0x08, &enc_des, &dec_des, &init_des, &free_des },
1204     { "3des", 112, 16, 0x10, &enc_3des, &dec_3des, &init_3des, &free_des },
1205 #endif
1206     /* EXPORT DELETE END */
1207     { NULL, 0, 0, 0, NULL, NULL, NULL, NULL }
1208 };
1209 
1210 
1211 #ifdef USE_UEF
1212 DEFINE_STATIC_MUTEX(uef_init_mutex);
1213 #define DES_CIPHER_INDEX        3
1214 #define DES3_CIPHER_INDEX       4
1215 
1216 static int got_uef_slot = FALSE;
1217 static sasl_ssf_t uef_max_ssf = 0;
1218 static CK_SLOT_ID rc4_slot_id;
1219 static CK_SLOT_ID des_slot_id;
1220 static CK_SLOT_ID des3_slot_id;
1221 
1222 struct uef_context_s {
1223     CK_SESSION_HANDLE hSession;
1224     CK_OBJECT_HANDLE hKey;
1225 };
1226 


3671     
3672 #ifndef _SUN_SDK_
3673     return SASL_FAIL; /* should never get here */
3674 #endif /* !_SUN_SDK_ */
3675 }
3676 
3677 static void
3678 digestmd5_server_mech_dispose(void *conn_context, const sasl_utils_t *utils)
3679 {
3680     server_context_t *stext = (server_context_t *) conn_context;
3681     
3682     if (!stext || !utils) return;
3683     
3684     digestmd5_common_mech_dispose(conn_context, utils);
3685 }
3686 
3687 static sasl_server_plug_t digestmd5_server_plugins[] =
3688 {
3689     {
3690         "DIGEST-MD5",                   /* mech_name */
3691         /* EXPORT DELETE START */
3692 #ifdef WITH_RC4
3693         128,                            /* max_ssf */
3694 #elif WITH_DES
3695         112,
3696 #else 
3697         /* EXPORT DELETE END */
3698         0,
3699         /* EXPORT DELETE START */
3700 #endif
3701         /* EXPORT DELETE END */
3702         SASL_SEC_NOPLAINTEXT
3703         | SASL_SEC_NOANONYMOUS
3704         | SASL_SEC_MUTUAL_AUTH,         /* security_flags */
3705         SASL_FEAT_ALLOWS_PROXY,         /* features */
3706         NULL,                           /* glob_context */
3707         &digestmd5_server_mech_new, /* mech_new */
3708         &digestmd5_server_mech_step,        /* mech_step */
3709         &digestmd5_server_mech_dispose,     /* mech_dispose */
3710         &digestmd5_common_mech_free,        /* mech_free */
3711         NULL,                           /* setpass */
3712         NULL,                           /* user_query */
3713         NULL,                           /* idle */
3714         NULL,                           /* mech avail */
3715         NULL                            /* spare */
3716     }
3717 };
3718 
3719 int digestmd5_server_plug_init(sasl_utils_t *utils,
3720                                int maxversion,
3721                                int *out_version,


3762         if (!reauth_cache->mutex)
3763             return SASL_FAIL;
3764 
3765         /* entries */
3766         reauth_cache->size = 100;
3767         reauth_cache->e = utils->malloc(reauth_cache->size *
3768                                         sizeof(reauth_entry_t));
3769         if (reauth_cache->e == NULL)
3770             return SASL_NOMEM;
3771         memset(reauth_cache->e, 0, reauth_cache->size * sizeof(reauth_entry_t));
3772     }
3773 
3774     digestmd5_server_plugins[0].glob_context = reauth_cache;
3775 
3776 #ifdef _SUN_SDK_
3777 #ifdef USE_UEF_CLIENT
3778     digestmd5_server_plugins[0].max_ssf = uef_max_ssf;
3779 #endif /* USE_UEF_CLIENT */
3780 #endif /* _SUN_SDK_ */
3781 
3782     /* EXPORT DELETE START */
3783     /* CRYPT DELETE START */
3784 #ifdef _INTEGRATED_SOLARIS_
3785     /*
3786      * Let libsasl know that we are a "Sun" plugin so that privacy
3787      * and integrity will be allowed.
3788      */
3789     REG_PLUG("DIGEST-MD5", digestmd5_server_plugins);
3790 #endif /* _INTEGRATED_SOLARIS_ */
3791     /* CRYPT DELETE END */
3792     /* EXPORT DELETE END */
3793 
3794     *out_version = SASL_SERVER_PLUG_VERSION;
3795     *pluglist = digestmd5_server_plugins;
3796     *plugcount = 1;
3797     
3798     return SASL_OK;
3799 }
3800 
3801 /*****************************  Client Section  *****************************/
3802 
3803 typedef struct client_context {
3804     context_t common;
3805 
3806     sasl_secret_t *password;    /* user password */
3807     unsigned int free_password; /* set if we need to free password */
3808 
3809     int protection;
3810     struct digest_cipher *cipher;
3811     unsigned int server_maxbuf;
3812 #ifdef _INTEGRATED_SOLARIS_


5161 static void
5162 digestmd5_client_mech_dispose(void *conn_context, const sasl_utils_t *utils)
5163 {
5164     client_context_t *ctext = (client_context_t *) conn_context;
5165     
5166     if (!ctext || !utils) return;
5167     
5168 #ifdef _INTEGRATED_SOLARIS_
5169     convert_prompt(utils, &ctext->h, NULL);
5170 #endif /* _INTEGRATED_SOLARIS_ */
5171 
5172     if (ctext->free_password) _plug_free_secret(utils, &ctext->password);
5173 
5174     digestmd5_common_mech_dispose(conn_context, utils);
5175 }
5176 
5177 static sasl_client_plug_t digestmd5_client_plugins[] =
5178 {
5179     {
5180         "DIGEST-MD5",
5181         /* EXPORT DELETE START */
5182 #ifdef WITH_RC4                         /* mech_name */
5183         128,                            /* max ssf */
5184 #elif WITH_DES
5185         112,
5186 #else
5187         /* EXPORT DELETE END */
5188         0,
5189         /* EXPORT DELETE START */
5190 #endif
5191         /* EXPORT DELETE END */
5192         SASL_SEC_NOPLAINTEXT
5193         | SASL_SEC_NOANONYMOUS
5194         | SASL_SEC_MUTUAL_AUTH,         /* security_flags */
5195         SASL_FEAT_ALLOWS_PROXY,         /* features */
5196         NULL,                           /* required_prompts */
5197         NULL,                           /* glob_context */
5198         &digestmd5_client_mech_new, /* mech_new */
5199         &digestmd5_client_mech_step,        /* mech_step */
5200         &digestmd5_client_mech_dispose,     /* mech_dispose */
5201         &digestmd5_common_mech_free,        /* mech_free */
5202         NULL,                           /* idle */
5203         NULL,                           /* spare1 */
5204         NULL                            /* spare2 */
5205     }
5206 };
5207 
5208 int digestmd5_client_plug_init(sasl_utils_t *utils,
5209                                int maxversion,
5210                                int *out_version,
5211                                sasl_client_plug_t **pluglist,


5234     /* mutex */
5235     reauth_cache->mutex = utils->mutex_alloc();
5236     if (!reauth_cache->mutex)
5237         return SASL_FAIL;
5238 
5239     /* entries */
5240     reauth_cache->size = 10;
5241     reauth_cache->e = utils->malloc(reauth_cache->size *
5242                                     sizeof(reauth_entry_t));
5243     if (reauth_cache->e == NULL)
5244         return SASL_NOMEM;
5245     memset(reauth_cache->e, 0, reauth_cache->size * sizeof(reauth_entry_t));
5246 
5247     digestmd5_client_plugins[0].glob_context = reauth_cache;
5248 #ifdef _SUN_SDK_
5249 #ifdef USE_UEF_CLIENT
5250     digestmd5_client_plugins[0].max_ssf = uef_max_ssf;
5251 #endif /* USE_UEF_CLIENT */
5252 #endif /* _SUN_SDK_ */
5253 
5254     /* EXPORT DELETE START */
5255     /* CRYPT DELETE START */
5256 #ifdef _INTEGRATED_SOLARIS_
5257     /*
5258      * Let libsasl know that we are a "Sun" plugin so that privacy
5259      * and integrity will be allowed.
5260      */
5261     REG_PLUG("DIGEST-MD5", digestmd5_client_plugins);
5262 #endif /* _INTEGRATED_SOLARIS_ */
5263     /* CRYPT DELETE END */
5264     /* EXPORT DELETE END */
5265 
5266     *out_version = SASL_CLIENT_PLUG_VERSION;
5267     *pluglist = digestmd5_client_plugins;
5268     *plugcount = 1;
5269     
5270     return SASL_OK;
5271 }
5272 
5273 #ifdef _SUN_SDK_
5274 #ifdef USE_UEF
5275 /* If we fail here - we should just not offer privacy or integrity */
5276 static int
5277 getSlotID(const sasl_utils_t *utils, CK_MECHANISM_TYPE mech_type,
5278           CK_SLOT_ID *slot_id)
5279 {
5280     CK_RV rv;
5281     CK_ULONG ulSlotCount;
5282     CK_ULONG ulMechTypeCount;
5283     CK_SLOT_ID *pSlotList = NULL;
5284     CK_SLOT_ID slotID;




  46  * THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
  47  * AND FITNESS, IN NO EVENT SHALL CARNEGIE MELLON UNIVERSITY BE LIABLE
  48  * FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
  49  * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN
  50  * AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING
  51  * OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
  52  */
  53 
  54 #include <config.h>
  55 
  56 #include <stdlib.h>
  57 #include <stdio.h>
  58 #include <string.h>
  59 #ifndef macintosh
  60 #include <sys/types.h>
  61 #include <sys/stat.h>
  62 #endif
  63 #include <fcntl.h>
  64 #include <ctype.h>
  65 

  66 /* DES support */
  67 #ifdef WITH_DES
  68 # ifdef WITH_SSL_DES
  69 #  include <openssl/des.h>
  70 # else /* system DES library */
  71 #  include <des.h>
  72 # endif
  73 #endif /* WITH_DES */

  74 
  75 #ifdef WIN32
  76 # include <winsock.h>
  77 #else /* Unix */
  78 # include <netinet/in.h>
  79 #endif /* WIN32 */
  80 
  81 #ifdef _SUN_SDK_
  82 #include <unistd.h>
  83 #endif /* _SUN_SDK_ */
  84 
  85 #include <sasl.h>
  86 #include <saslplug.h>
  87 
  88 #include "plugin_common.h"
  89 
  90 #if defined _SUN_SDK_  && defined USE_UEF
  91 #include <security/cryptoki.h>
  92 static int uef_init(const sasl_utils_t *utils);
  93 #endif /* _SUN_SDK_ && USE_UEF */


 702     if (endpair[0] != ',') {
 703         if (endpair[0]!='\0') {
 704             *endpair++ = '\0'; 
 705         }
 706     }
 707     
 708     endpair = skip_lws(endpair);
 709     
 710     /* syntax check: MUST be '\0' or ',' */  
 711     if (endpair[0] == ',') {
 712         endpair[0] = '\0';
 713         endpair++; /* skipping <,> */
 714     } else if (endpair[0] != '\0') { 
 715         *name = NULL;
 716         return;
 717     }
 718     
 719     *in = endpair;
 720 }
 721 

 722 #ifdef WITH_DES
 723 struct des_context_s {
 724     des_key_schedule keysched;  /* key schedule for des initialization */
 725     des_cblock ivec;            /* initial vector for encoding */
 726     des_key_schedule keysched2; /* key schedule for 3des initialization */
 727 };
 728 
 729 typedef struct des_context_s des_context_t;
 730 
 731 /* slide the first 7 bytes of 'inbuf' into the high seven bits of the
 732    first 8 bytes of 'keybuf'. 'keybuf' better be 8 bytes long or longer. */
 733 static void slidebits(unsigned char *keybuf, unsigned char *inbuf)
 734 {
 735     keybuf[0] = inbuf[0];
 736     keybuf[1] = (inbuf[0]<<7) | (inbuf[1]>>1);
 737     keybuf[2] = (inbuf[1]<<6) | (inbuf[2]>>2);
 738     keybuf[3] = (inbuf[2]<<5) | (inbuf[3]>>3);
 739     keybuf[4] = (inbuf[3]<<4) | (inbuf[4]>>4);
 740     keybuf[5] = (inbuf[4]<<3) | (inbuf[5]>>5);
 741     keybuf[6] = (inbuf[5]<<2) | (inbuf[6]>>6);


1169                    unsigned *outputlen)
1170 {
1171     /* pad is zero */
1172     *outputlen = inputlen+10;
1173     
1174     /* encrypt the text part */
1175     rc4_encrypt((rc4_context_t *) text->cipher_enc_context,
1176                 input,
1177                 output,
1178                 inputlen);
1179     
1180     /* encrypt the HMAC part */
1181     rc4_encrypt((rc4_context_t *) text->cipher_enc_context, 
1182                 (const char *) digest, 
1183                 (output)+inputlen, 10);
1184     
1185     return SASL_OK;
1186 }
1187 
1188 #endif /* WITH_RC4 */

1189 
1190 struct digest_cipher available_ciphers[] =
1191 {

1192 #ifdef WITH_RC4
1193     { "rc4-40", 40, 5, 0x01, &enc_rc4, &dec_rc4, &init_rc4, &free_rc4 },
1194     { "rc4-56", 56, 7, 0x02, &enc_rc4, &dec_rc4, &init_rc4, &free_rc4 },
1195     { "rc4", 128, 16, 0x04, &enc_rc4, &dec_rc4, &init_rc4, &free_rc4 },
1196 #endif
1197 #ifdef WITH_DES
1198     { "des", 55, 16, 0x08, &enc_des, &dec_des, &init_des, &free_des },
1199     { "3des", 112, 16, 0x10, &enc_3des, &dec_3des, &init_3des, &free_des },
1200 #endif

1201     { NULL, 0, 0, 0, NULL, NULL, NULL, NULL }
1202 };
1203 
1204 
1205 #ifdef USE_UEF
1206 DEFINE_STATIC_MUTEX(uef_init_mutex);
1207 #define DES_CIPHER_INDEX        3
1208 #define DES3_CIPHER_INDEX       4
1209 
1210 static int got_uef_slot = FALSE;
1211 static sasl_ssf_t uef_max_ssf = 0;
1212 static CK_SLOT_ID rc4_slot_id;
1213 static CK_SLOT_ID des_slot_id;
1214 static CK_SLOT_ID des3_slot_id;
1215 
1216 struct uef_context_s {
1217     CK_SESSION_HANDLE hSession;
1218     CK_OBJECT_HANDLE hKey;
1219 };
1220 


3665     
3666 #ifndef _SUN_SDK_
3667     return SASL_FAIL; /* should never get here */
3668 #endif /* !_SUN_SDK_ */
3669 }
3670 
3671 static void
3672 digestmd5_server_mech_dispose(void *conn_context, const sasl_utils_t *utils)
3673 {
3674     server_context_t *stext = (server_context_t *) conn_context;
3675     
3676     if (!stext || !utils) return;
3677     
3678     digestmd5_common_mech_dispose(conn_context, utils);
3679 }
3680 
3681 static sasl_server_plug_t digestmd5_server_plugins[] =
3682 {
3683     {
3684         "DIGEST-MD5",                   /* mech_name */

3685 #ifdef WITH_RC4
3686         128,                            /* max_ssf */
3687 #elif WITH_DES
3688         112,
3689 #else 

3690         0,

3691 #endif

3692         SASL_SEC_NOPLAINTEXT
3693         | SASL_SEC_NOANONYMOUS
3694         | SASL_SEC_MUTUAL_AUTH,         /* security_flags */
3695         SASL_FEAT_ALLOWS_PROXY,         /* features */
3696         NULL,                           /* glob_context */
3697         &digestmd5_server_mech_new, /* mech_new */
3698         &digestmd5_server_mech_step,        /* mech_step */
3699         &digestmd5_server_mech_dispose,     /* mech_dispose */
3700         &digestmd5_common_mech_free,        /* mech_free */
3701         NULL,                           /* setpass */
3702         NULL,                           /* user_query */
3703         NULL,                           /* idle */
3704         NULL,                           /* mech avail */
3705         NULL                            /* spare */
3706     }
3707 };
3708 
3709 int digestmd5_server_plug_init(sasl_utils_t *utils,
3710                                int maxversion,
3711                                int *out_version,


3752         if (!reauth_cache->mutex)
3753             return SASL_FAIL;
3754 
3755         /* entries */
3756         reauth_cache->size = 100;
3757         reauth_cache->e = utils->malloc(reauth_cache->size *
3758                                         sizeof(reauth_entry_t));
3759         if (reauth_cache->e == NULL)
3760             return SASL_NOMEM;
3761         memset(reauth_cache->e, 0, reauth_cache->size * sizeof(reauth_entry_t));
3762     }
3763 
3764     digestmd5_server_plugins[0].glob_context = reauth_cache;
3765 
3766 #ifdef _SUN_SDK_
3767 #ifdef USE_UEF_CLIENT
3768     digestmd5_server_plugins[0].max_ssf = uef_max_ssf;
3769 #endif /* USE_UEF_CLIENT */
3770 #endif /* _SUN_SDK_ */
3771 


3772 #ifdef _INTEGRATED_SOLARIS_
3773     /*
3774      * Let libsasl know that we are a "Sun" plugin so that privacy
3775      * and integrity will be allowed.
3776      */
3777     REG_PLUG("DIGEST-MD5", digestmd5_server_plugins);
3778 #endif /* _INTEGRATED_SOLARIS_ */


3779 
3780     *out_version = SASL_SERVER_PLUG_VERSION;
3781     *pluglist = digestmd5_server_plugins;
3782     *plugcount = 1;
3783     
3784     return SASL_OK;
3785 }
3786 
3787 /*****************************  Client Section  *****************************/
3788 
3789 typedef struct client_context {
3790     context_t common;
3791 
3792     sasl_secret_t *password;    /* user password */
3793     unsigned int free_password; /* set if we need to free password */
3794 
3795     int protection;
3796     struct digest_cipher *cipher;
3797     unsigned int server_maxbuf;
3798 #ifdef _INTEGRATED_SOLARIS_


5147 static void
5148 digestmd5_client_mech_dispose(void *conn_context, const sasl_utils_t *utils)
5149 {
5150     client_context_t *ctext = (client_context_t *) conn_context;
5151     
5152     if (!ctext || !utils) return;
5153     
5154 #ifdef _INTEGRATED_SOLARIS_
5155     convert_prompt(utils, &ctext->h, NULL);
5156 #endif /* _INTEGRATED_SOLARIS_ */
5157 
5158     if (ctext->free_password) _plug_free_secret(utils, &ctext->password);
5159 
5160     digestmd5_common_mech_dispose(conn_context, utils);
5161 }
5162 
5163 static sasl_client_plug_t digestmd5_client_plugins[] =
5164 {
5165     {
5166         "DIGEST-MD5",

5167 #ifdef WITH_RC4                         /* mech_name */
5168         128,                            /* max ssf */
5169 #elif WITH_DES
5170         112,
5171 #else

5172         0,

5173 #endif

5174         SASL_SEC_NOPLAINTEXT
5175         | SASL_SEC_NOANONYMOUS
5176         | SASL_SEC_MUTUAL_AUTH,         /* security_flags */
5177         SASL_FEAT_ALLOWS_PROXY,         /* features */
5178         NULL,                           /* required_prompts */
5179         NULL,                           /* glob_context */
5180         &digestmd5_client_mech_new, /* mech_new */
5181         &digestmd5_client_mech_step,        /* mech_step */
5182         &digestmd5_client_mech_dispose,     /* mech_dispose */
5183         &digestmd5_common_mech_free,        /* mech_free */
5184         NULL,                           /* idle */
5185         NULL,                           /* spare1 */
5186         NULL                            /* spare2 */
5187     }
5188 };
5189 
5190 int digestmd5_client_plug_init(sasl_utils_t *utils,
5191                                int maxversion,
5192                                int *out_version,
5193                                sasl_client_plug_t **pluglist,


5216     /* mutex */
5217     reauth_cache->mutex = utils->mutex_alloc();
5218     if (!reauth_cache->mutex)
5219         return SASL_FAIL;
5220 
5221     /* entries */
5222     reauth_cache->size = 10;
5223     reauth_cache->e = utils->malloc(reauth_cache->size *
5224                                     sizeof(reauth_entry_t));
5225     if (reauth_cache->e == NULL)
5226         return SASL_NOMEM;
5227     memset(reauth_cache->e, 0, reauth_cache->size * sizeof(reauth_entry_t));
5228 
5229     digestmd5_client_plugins[0].glob_context = reauth_cache;
5230 #ifdef _SUN_SDK_
5231 #ifdef USE_UEF_CLIENT
5232     digestmd5_client_plugins[0].max_ssf = uef_max_ssf;
5233 #endif /* USE_UEF_CLIENT */
5234 #endif /* _SUN_SDK_ */
5235 


5236 #ifdef _INTEGRATED_SOLARIS_
5237     /*
5238      * Let libsasl know that we are a "Sun" plugin so that privacy
5239      * and integrity will be allowed.
5240      */
5241     REG_PLUG("DIGEST-MD5", digestmd5_client_plugins);
5242 #endif /* _INTEGRATED_SOLARIS_ */


5243 
5244     *out_version = SASL_CLIENT_PLUG_VERSION;
5245     *pluglist = digestmd5_client_plugins;
5246     *plugcount = 1;
5247     
5248     return SASL_OK;
5249 }
5250 
5251 #ifdef _SUN_SDK_
5252 #ifdef USE_UEF
5253 /* If we fail here - we should just not offer privacy or integrity */
5254 static int
5255 getSlotID(const sasl_utils_t *utils, CK_MECHANISM_TYPE mech_type,
5256           CK_SLOT_ID *slot_id)
5257 {
5258     CK_RV rv;
5259     CK_ULONG ulSlotCount;
5260     CK_ULONG ulMechTypeCount;
5261     CK_SLOT_ID *pSlotList = NULL;
5262     CK_SLOT_ID slotID;