diff options
| author | Rich Megginson <rmeggins@redhat.com> | 2009-06-05 14:16:48 -0600 |
|---|---|---|
| committer | Rich Megginson <rmeggins@redhat.com> | 2009-06-09 09:08:51 -0600 |
| commit | 5fded8ec52bc6f8e6d381efe5268c4a174973b30 (patch) | |
| tree | 804230837ddf7465aa2f513c64cddeb4926b053c /LICENSE | |
| parent | dacd95700c876d7202193683ed52aec9f3c19f48 (diff) | |
| download | ds-5fded8ec52bc6f8e6d381efe5268c4a174973b30.tar.gz ds-5fded8ec52bc6f8e6d381efe5268c4a174973b30.tar.xz ds-5fded8ec52bc6f8e6d381efe5268c4a174973b30.zip | |
Implement SASL I/O as an NSPR I/O layer
This is part of the port to OpenLDAP, to simplify the code that
interacts with the BER I/O layer. Ideally, since we only deal
with NSPR I/O, not raw I/O, in the directory server, we can push
any additional layers, such as SASL, as NSPR I/O layers. This
is how NSS works, to push the SSL codec layer on top of the regular
NSPR network I/O layer.
Only 3 functions are implemented - PR_Send (sasl_io_send), PR_Recv
(sasl_io_recv), and PR_Write (sasl_io_write).
This simplified the code in saslbind.c and connection.c, and removed
special handling for SASL connections - now they are just treated as
regular NSPR connections - the app has not nor does not need to know
the connection is a SASL connection.
In addition, this gives us the ability to use SASL and SSL at the same
time. The SASL I/O layer can be pushed on top of the SSL layer, so
that we can use SSL for connection encryption, and SASL for authentication,
without having to worry about mixing the two.
Reviewed by: nkinder (Thanks!)
Platforms tested: RHEL5 x86_64, Fedora 9 x86_64
Diffstat (limited to 'LICENSE')
0 files changed, 0 insertions, 0 deletions