From: Kurt Zeilenga <kurt@openldap.org>
Date: Tue, 31 Oct 2000 23:00:35 +0000 (+0000)
Subject: First cut of SASL/EXTERNAL
X-Git-Tag: LDBM_PRE_GIANT_RWLOCK~1666
X-Git-Url: https://git.sur5r.net/?a=commitdiff_plain;h=511a84bc31bab1a573831884b0915cfa3056d6ee;p=openldap

First cut of SASL/EXTERNAL
---

diff --git a/libraries/libldap/cyrus.c b/libraries/libldap/cyrus.c
index b53570561d..05691e9de7 100644
--- a/libraries/libldap/cyrus.c
+++ b/libraries/libldap/cyrus.c
@@ -655,6 +655,35 @@ ldap_int_sasl_bind(
 	return rc;
 }
 
+int
+ldap_int_sasl_external(
+	LDAP *ld,
+	const char * authid,
+	ber_len_t ssf )
+{
+	int sc;
+	sasl_conn_t *ctx = ld->ld_defconn->lconn_sasl_ctx;
+	sasl_external_properties_t extprops;
+    
+	if ( ctx == NULL ) {
+		return LDAP_LOCAL_ERROR;
+	}
+    
+	memset( &extprops, '\0', sizeof(extprops) );
+	extprops.ssf = ssf;
+	extprops.auth_id = (char *) authid;
+    
+	sc = sasl_setprop( ctx, SASL_SSF_EXTERNAL,
+		(void *) &extprops );
+    
+	if ( sc != SASL_OK ) {
+		return LDAP_LOCAL_ERROR;
+	}
+
+	return LDAP_SUCCESS;
+}
+
+
 int ldap_pvt_sasl_secprops(
 	const char *in,
 	sasl_security_properties_t *secprops )
@@ -954,4 +983,12 @@ ldap_int_sasl_bind(
 	LDAP_SASL_INTERACT_PROC *interact,
 	void * defaults )
 { return LDAP_NOT_SUPPORTED; }
+
+int
+ldap_int_sasl_external(
+	LDAP *ld,
+	const char * authid,
+	ber_len_t ssf )
+{ return LDAP_SUCCESS; }
+
 #endif /* HAVE_CYRUS_SASL */
diff --git a/libraries/libldap/ldap-int.h b/libraries/libldap/ldap-int.h
index 7e38e6b043..f2dcea3488 100644
--- a/libraries/libldap/ldap-int.h
+++ b/libraries/libldap/ldap-int.h
@@ -523,6 +523,9 @@ LDAP_F (int) ldap_int_sasl_open LDAP_P((
 	const char* host, ber_len_t ssf ));
 LDAP_F (int) ldap_int_sasl_close LDAP_P(( LDAP *ld, LDAPConn *conn ));
 
+LDAP_F (int) ldap_int_sasl_external LDAP_P((
+	LDAP *ld, const char* authid, ber_len_t ssf ));
+
 LDAP_F (int) ldap_int_sasl_get_option LDAP_P(( LDAP *ld,
 	int option, void *arg ));
 LDAP_F (int) ldap_int_sasl_set_option LDAP_P(( LDAP *ld,
diff --git a/libraries/libldap/tls.c b/libraries/libldap/tls.c
index 873d21c773..4e8673fad9 100644
--- a/libraries/libldap/tls.c
+++ b/libraries/libldap/tls.c
@@ -880,6 +880,20 @@ ldap_pvt_tls_start ( LDAP *ld, Sockbuf *sb, void *ctx_arg )
 	 * certificate....
 	 */
 
+
+	{
+		void *ssl;
+		const char *authid;
+		ber_len_t ssf;
+
+		/* we need to let SASL know */
+		ssl = (void *) ldap_pvt_tls_sb_handle( sb );
+		ssf = ldap_pvt_tls_get_strength( ssl );
+		authid = ldap_pvt_tls_get_peer( ssl );
+
+		(void) ldap_int_sasl_external( ld, authid, ssf );
+	}
+
 	return LDAP_SUCCESS;
 }