From 36fb2d9d78dbdf10c0b6dd47e98a4dfeed6838de Mon Sep 17 00:00:00 2001
From: Kurt Zeilenga <kurt@openldap.org>
Date: Fri, 14 Jul 2000 20:56:30 +0000
Subject: [PATCH] rework SASL callbacks

---
 libraries/libldap/cyrus.c | 17 +++++++++++++++--
 servers/slapd/sasl.c      | 30 ++++++++++++++++++++++++++++++
 2 files changed, 45 insertions(+), 2 deletions(-)

diff --git a/libraries/libldap/cyrus.c b/libraries/libldap/cyrus.c
index efb51720a4..da4bc62dab 100644
--- a/libraries/libldap/cyrus.c
+++ b/libraries/libldap/cyrus.c
@@ -34,7 +34,7 @@ int ldap_int_sasl_init( void )
 	/* XXX not threadsafe */
 	static int sasl_initialized = 0;
 
-	static sasl_callback_t client_callbacks[] = {
+	sasl_callback_t client_callbacks[] = {
 #ifdef SASL_CB_GETREALM
 		{ SASL_CB_GETREALM, NULL, NULL },
 #endif
@@ -380,6 +380,19 @@ ldap_int_sasl_open(
 {
 	int rc;
 	sasl_conn_t *ctx;
+
+	sasl_callback_t session_callbacks[] = {
+#ifdef SASL_CB_GETREALM
+		{ SASL_CB_GETREALM, NULL, NULL },
+#endif
+		{ SASL_CB_USER, NULL, NULL },
+		{ SASL_CB_AUTHNAME, NULL, NULL },
+		{ SASL_CB_PASS, NULL, NULL },
+		{ SASL_CB_ECHOPROMPT, NULL, NULL },
+		{ SASL_CB_NOECHOPROMPT, NULL, NULL },
+		{ SASL_CB_LIST_END, NULL, NULL }
+	};
+
 	assert( lc->lconn_sasl_ctx == NULL );
 
 	if ( host == NULL ) {
@@ -388,7 +401,7 @@ ldap_int_sasl_open(
 	}
 
 	rc = sasl_client_new( "ldap", host,
-		NULL,
+		session_callbacks,
 #ifdef LDAP_SASL_SECURITY_LAYER
 		SASL_SECURITY_LAYER,
 #else
diff --git a/servers/slapd/sasl.c b/servers/slapd/sasl.c
index 6ef2d1e278..2db9479577 100644
--- a/servers/slapd/sasl.c
+++ b/servers/slapd/sasl.c
@@ -67,6 +67,35 @@ sasl_cb_log(
 	return SASL_OK;
 }
 
+static int
+slap_sasl_proxy_policy(
+	void *context,
+	const char *authcid,
+	const char *authzid,
+	const char **user,
+	const char **errstr)
+{
+	char *canon = NULL;
+
+	if ( !authcid || *authcid ) {
+		*errstr = "empty authentication identity";
+		return SASL_BADAUTH;
+	}
+
+	if ( !authzid || *authzid ) {
+		size_t len = sizeof("u:") + strlen( authcid );
+		canon = ch_malloc( len );
+		strcpy( canon, "u:" );
+		strcpy( &canon[sizeof("u:")-1], authcid );
+
+		*user = canon;
+		return SASL_OK;
+	}
+
+	*errstr = "no proxy policy";
+    return SASL_BADAUTH;
+}
+
 
 static int
 slap_sasl_err2ldap( int saslerr )
@@ -186,6 +215,7 @@ int slap_sasl_open( Connection *conn )
 	sasl_conn_t *ctx = NULL;
 	sasl_callback_t session_callbacks[] = {
 		{ SASL_CB_LOG, &sasl_cb_log, conn },
+		{ SASL_CB_PROXY_POLICY, &slap_sasl_proxy_policy, conn },
 		{ SASL_CB_LIST_END, NULL, NULL }
 	};
 
-- 
2.39.5