ITS#6242

[openldap] / servers / slapd / sasl.c

diff --git a/servers/slapd/sasl.c b/servers/slapd/sasl.c
index 0f8b909a9ed9c9ebee378c6d2eff09c44352e48c..e12a82946fad2fbc7ae0c9caa64b128f95ea5692 100644 (file)
--- a/servers/slapd/sasl.c
+++ b/servers/slapd/sasl.c
@@ -1,7 +1,7 @@
 /* $OpenLDAP$ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2008 The OpenLDAP Foundation.
+ * Copyright 1998-2009 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -63,8 +63,29 @@ typedef struct sasl_ctx {
 
 static struct berval ext_bv = BER_BVC( "EXTERNAL" );
 
+char *slap_sasl_auxprops;
+
 #ifdef HAVE_CYRUS_SASL
 
+/* Just use our internal auxprop by default */
+static int
+slap_sasl_getopt(
+       void *context,
+       const char *plugin_name,
+       const char *option,
+       const char **result,
+       unsigned *len)
+{
+       if ( strcmp( option, "auxprop_plugin" )) {
+               return SASL_FAIL;
+       }
+       if ( slap_sasl_auxprops )
+               *result = slap_sasl_auxprops;
+       else
+               *result = "slapd";
+       return SASL_OK;
+}
+
 int
 slap_sasl_log(
        void *context,
@@ -1078,6 +1099,7 @@ int slap_sasl_init( void )
        int rc;
        static sasl_callback_t server_callbacks[] = {
                { SASL_CB_LOG, &slap_sasl_log, NULL },
+               { SASL_CB_GETOPT, &slap_sasl_getopt, NULL },
                { SASL_CB_LIST_END, NULL, NULL }
        };
 #endif
@@ -1518,7 +1540,7 @@ int slap_sasl_bind( Operation *op, SlapReply *rs )
                }
 
                /* Must send response using old security layer */
-               if (response.bv_len) rs->sr_sasldata = &response;
+               rs->sr_sasldata = (response.bv_len ? &response : NULL);
                send_ldap_sasl( op, rs );
                
                /* Now dispose of the old security layer.