First cut of SASL/EXTERNAL

diff --git a/libraries/libldap/cyrus.c b/libraries/libldap/cyrus.c
index b53570561d7df1c8f073a392e4a81e911e40c86d..05691e9de753da37bbbf325fa0a0e285bae2b2c1 100644 (file)
--- a/libraries/libldap/cyrus.c
+++ b/libraries/libldap/cyrus.c
@@ -655,6 +655,35 @@ ldap_int_sasl_bind(
        return rc;
 }
 
+int
+ldap_int_sasl_external(
+       LDAP *ld,
+       const char * authid,
+       ber_len_t ssf )
+{
+       int sc;
+       sasl_conn_t *ctx = ld->ld_defconn->lconn_sasl_ctx;
+       sasl_external_properties_t extprops;
+    
+       if ( ctx == NULL ) {
+               return LDAP_LOCAL_ERROR;
+       }
+    
+       memset( &extprops, '\0', sizeof(extprops) );
+       extprops.ssf = ssf;
+       extprops.auth_id = (char *) authid;
+    
+       sc = sasl_setprop( ctx, SASL_SSF_EXTERNAL,
+               (void *) &extprops );
+    
+       if ( sc != SASL_OK ) {
+               return LDAP_LOCAL_ERROR;
+       }
+
+       return LDAP_SUCCESS;
+}
+
+
 int ldap_pvt_sasl_secprops(
        const char *in,
        sasl_security_properties_t *secprops )
@@ -954,4 +983,12 @@ ldap_int_sasl_bind(
        LDAP_SASL_INTERACT_PROC *interact,
        void * defaults )
 { return LDAP_NOT_SUPPORTED; }
+
+int
+ldap_int_sasl_external(
+       LDAP *ld,
+       const char * authid,
+       ber_len_t ssf )
+{ return LDAP_SUCCESS; }
+
 #endif /* HAVE_CYRUS_SASL */

diff --git a/libraries/libldap/ldap-int.h b/libraries/libldap/ldap-int.h
index 7e38e6b043292c5dc01da60253a30b8a6857c2b5..f2dcea3488e54bca41f438dec2b11b62f45a520e 100644 (file)
--- a/libraries/libldap/ldap-int.h
+++ b/libraries/libldap/ldap-int.h
@@ -523,6 +523,9 @@ LDAP_F (int) ldap_int_sasl_open LDAP_P((
        const char* host, ber_len_t ssf ));
 LDAP_F (int) ldap_int_sasl_close LDAP_P(( LDAP *ld, LDAPConn *conn ));
 
+LDAP_F (int) ldap_int_sasl_external LDAP_P((
+       LDAP *ld, const char* authid, ber_len_t ssf ));
+
 LDAP_F (int) ldap_int_sasl_get_option LDAP_P(( LDAP *ld,
        int option, void *arg ));
 LDAP_F (int) ldap_int_sasl_set_option LDAP_P(( LDAP *ld,

diff --git a/libraries/libldap/tls.c b/libraries/libldap/tls.c
index 873d21c7738426c3ea3c7dcba9c67b298eb8926b..4e8673fad99051ea80e79f4bf3829810ca5ef1b8 100644 (file)
--- a/libraries/libldap/tls.c
+++ b/libraries/libldap/tls.c
@@ -880,6 +880,20 @@ ldap_pvt_tls_start ( LDAP *ld, Sockbuf *sb, void *ctx_arg )
         * certificate....
         */
 
+
+       {
+               void *ssl;
+               const char *authid;
+               ber_len_t ssf;
+
+               /* we need to let SASL know */
+               ssl = (void *) ldap_pvt_tls_sb_handle( sb );
+               ssf = ldap_pvt_tls_get_strength( ssl );
+               authid = ldap_pvt_tls_get_peer( ssl );
+
+               (void) ldap_int_sasl_external( ld, authid, ssf );
+       }
+
        return LDAP_SUCCESS;
 }