Import SASL/EXTERNAL (TLS) code from devel

diff --git a/libraries/libldap/cyrus.c b/libraries/libldap/cyrus.c
index 03387d59aca325b14eefa2f1f58c7903f0b93e53..6d213f3da4fded78810dd8e165e09e183caf341f 100644 (file)
--- a/libraries/libldap/cyrus.c
+++ b/libraries/libldap/cyrus.c
@@ -654,6 +654,35 @@ ldap_int_sasl_bind(
        return rc;
 }
 
+int
+ldap_int_sasl_external(
+       LDAP *ld,
+       const char * authid,
+       ber_len_t ssf )
+{
+       int sc;
+       sasl_conn_t *ctx = ld->ld_defconn->lconn_sasl_ctx;
+       sasl_external_properties_t extprops;
+    
+       if ( ctx == NULL ) {
+               return LDAP_LOCAL_ERROR;
+       }
+    
+       memset( &extprops, '\0', sizeof(extprops) );
+       extprops.ssf = ssf;
+       extprops.auth_id = (char *) authid;
+    
+       sc = sasl_setprop( ctx, SASL_SSF_EXTERNAL,
+               (void *) &extprops );
+    
+       if ( sc != SASL_OK ) {
+               return LDAP_LOCAL_ERROR;
+       }
+
+       return LDAP_SUCCESS;
+}
+
+
 int ldap_pvt_sasl_secprops(
        const char *in,
        sasl_security_properties_t *secprops )
@@ -953,4 +982,12 @@ ldap_int_sasl_bind(
        LDAP_SASL_INTERACT_PROC *interact,
        void * defaults )
 { return LDAP_NOT_SUPPORTED; }
+
+int
+ldap_int_sasl_external(
+       LDAP *ld,
+       const char * authid,
+       ber_len_t ssf )
+{ return LDAP_SUCCESS; }
+
 #endif /* HAVE_CYRUS_SASL */

diff --git a/libraries/libldap/ldap-int.h b/libraries/libldap/ldap-int.h
index c6978b80030b362f96fb073362da438eda10efc5..8247624d330b9f41984433d076bbc3ad42be9e23 100644 (file)
--- a/libraries/libldap/ldap-int.h
+++ b/libraries/libldap/ldap-int.h
@@ -520,6 +520,9 @@ LDAP_F (int) ldap_int_sasl_open LDAP_P((
        const char* host, ber_len_t ssf ));
 LDAP_F (int) ldap_int_sasl_close LDAP_P(( LDAP *ld, LDAPConn *conn ));
 
+LDAP_F (int) ldap_int_sasl_external LDAP_P((
+       LDAP *ld, const char* authid, ber_len_t ssf ));
+
 LDAP_F (int) ldap_int_sasl_get_option LDAP_P(( LDAP *ld,
        int option, void *arg ));
 LDAP_F (int) ldap_int_sasl_set_option LDAP_P(( LDAP *ld,

diff --git a/libraries/libldap/tls.c b/libraries/libldap/tls.c
index b82d8835f33e4bc2563249cd646c7e52afa21c4f..4fd4543efa43591b6ae48a0e72dac38e12afdd53 100644 (file)
--- a/libraries/libldap/tls.c
+++ b/libraries/libldap/tls.c
@@ -880,6 +880,20 @@ ldap_pvt_tls_start ( LDAP *ld, Sockbuf *sb, void *ctx_arg )
         * certificate....
         */
 
+
+       {
+               void *ssl;
+               const char *authid;
+               ber_len_t ssf;
+
+               /* we need to let SASL know */
+               ssl = (void *) ldap_pvt_tls_sb_handle( sb );
+               ssf = ldap_pvt_tls_get_strength( ssl );
+               authid = ldap_pvt_tls_get_peer( ssl );
+
+               (void) ldap_int_sasl_external( ld, authid, ssf );
+       }
+
        return LDAP_SUCCESS;
 }