rework SASL callbacks

diff --git a/libraries/libldap/cyrus.c b/libraries/libldap/cyrus.c
index efb51720a4f2f3753b5674e3494663f1f66253d1..da4bc62dabd7a48a8c534c9d33d722c2bd6ff7ed 100644 (file)
--- a/libraries/libldap/cyrus.c
+++ b/libraries/libldap/cyrus.c
@@ -34,7 +34,7 @@ int ldap_int_sasl_init( void )
        /* XXX not threadsafe */
        static int sasl_initialized = 0;
 
-       static sasl_callback_t client_callbacks[] = {
+       sasl_callback_t client_callbacks[] = {
 #ifdef SASL_CB_GETREALM
                { SASL_CB_GETREALM, NULL, NULL },
 #endif
@@ -380,6 +380,19 @@ ldap_int_sasl_open(
 {
        int rc;
        sasl_conn_t *ctx;
+
+       sasl_callback_t session_callbacks[] = {
+#ifdef SASL_CB_GETREALM
+               { SASL_CB_GETREALM, NULL, NULL },
+#endif
+               { SASL_CB_USER, NULL, NULL },
+               { SASL_CB_AUTHNAME, NULL, NULL },
+               { SASL_CB_PASS, NULL, NULL },
+               { SASL_CB_ECHOPROMPT, NULL, NULL },
+               { SASL_CB_NOECHOPROMPT, NULL, NULL },
+               { SASL_CB_LIST_END, NULL, NULL }
+       };
+
        assert( lc->lconn_sasl_ctx == NULL );
 
        if ( host == NULL ) {
@@ -388,7 +401,7 @@ ldap_int_sasl_open(
        }
 
        rc = sasl_client_new( "ldap", host,
-               NULL,
+               session_callbacks,
 #ifdef LDAP_SASL_SECURITY_LAYER
                SASL_SECURITY_LAYER,
 #else

diff --git a/servers/slapd/sasl.c b/servers/slapd/sasl.c
index 6ef2d1e278347b7cb9e92ef72691e79be37c03e3..2db9479577f8824a56741acc010cbcc7016a69a6 100644 (file)
--- a/servers/slapd/sasl.c
+++ b/servers/slapd/sasl.c
@@ -67,6 +67,35 @@ sasl_cb_log(
        return SASL_OK;
 }
 
+static int
+slap_sasl_proxy_policy(
+       void *context,
+       const char *authcid,
+       const char *authzid,
+       const char **user,
+       const char **errstr)
+{
+       char *canon = NULL;
+
+       if ( !authcid || *authcid ) {
+               *errstr = "empty authentication identity";
+               return SASL_BADAUTH;
+       }
+
+       if ( !authzid || *authzid ) {
+               size_t len = sizeof("u:") + strlen( authcid );
+               canon = ch_malloc( len );
+               strcpy( canon, "u:" );
+               strcpy( &canon[sizeof("u:")-1], authcid );
+
+               *user = canon;
+               return SASL_OK;
+       }
+
+       *errstr = "no proxy policy";
+    return SASL_BADAUTH;
+}
+
 
 static int
 slap_sasl_err2ldap( int saslerr )
@@ -186,6 +215,7 @@ int slap_sasl_open( Connection *conn )
        sasl_conn_t *ctx = NULL;
        sasl_callback_t session_callbacks[] = {
                { SASL_CB_LOG, &sasl_cb_log, conn },
+               { SASL_CB_PROXY_POLICY, &slap_sasl_proxy_policy, conn },
                { SASL_CB_LIST_END, NULL, NULL }
        };