From 4613fdc878380d876311a4356079f663048cf1d9 Mon Sep 17 00:00:00 2001 From: Quanah Gibson-Mount Date: Wed, 3 Jun 2009 00:09:52 +0000 Subject: [PATCH] ITS#6147 --- CHANGES | 1 + doc/man/man5/slapd-config.5 | 5 +++++ doc/man/man5/slapd.conf.5 | 5 +++++ servers/slapd/bconfig.c | 10 +++++++++- servers/slapd/proto-slap.h | 1 + servers/slapd/sasl.c | 22 ++++++++++++++++++++++ 6 files changed, 43 insertions(+), 1 deletion(-) diff --git a/CHANGES b/CHANGES index 665aa68a9c..2d84a41160 100644 --- a/CHANGES +++ b/CHANGES @@ -6,6 +6,7 @@ OpenLDAP 2.4.17 Engineering Fixed libldap tls NULL error messages (ITS#6079) Fixed liblutil opendir/closedir on windows (ITS#6041) Fixed liblutil for _GNU_SOURCE (ITS#5464,ITS#5666) + Added slapd sasl auxprop support (ITS#6147) Fixed slapd assert with closing connections (ITS#6111) Fixed slapd cert validation (ITS#6098) Fixed slapd errno handling (ITS#6037) diff --git a/doc/man/man5/slapd-config.5 b/doc/man/man5/slapd-config.5 index bde39220f3..e3e76914ae 100644 --- a/doc/man/man5/slapd-config.5 +++ b/doc/man/man5/slapd-config.5 @@ -665,6 +665,11 @@ ldapsearch -x -b "" -s base "+" .br See RFC 4512 section 5.1 for details. .TP +.B olcSaslAuxprops: [...] +Specify which auxprop plugins to use for authentication lookups. The +default is empty, which just uses slapd's internal support. Usually +no other auxprop plugins are needed. +.TP .B olcSaslHost: Used to specify the fully qualified domain name used for SASL processing. .TP diff --git a/doc/man/man5/slapd.conf.5 b/doc/man/man5/slapd.conf.5 index 4229c7a022..5753beba2c 100644 --- a/doc/man/man5/slapd.conf.5 +++ b/doc/man/man5/slapd.conf.5 @@ -814,6 +814,11 @@ ldapsearch -x -b "" -s base "+" .br See RFC 4512 section 5.1 for details. .TP +.B sasl-auxprops [...] +Specify which auxprop plugins to use for authentication lookups. The +default is empty, which just uses slapd's internal support. Usually +no other auxprop plugins are needed. +.TP .B sasl-host Used to specify the fully qualified domain name used for SASL processing. .TP diff --git a/servers/slapd/bconfig.c b/servers/slapd/bconfig.c index d78ae6176d..fae59ceb3b 100644 --- a/servers/slapd/bconfig.c +++ b/servers/slapd/bconfig.c @@ -530,6 +530,14 @@ static ConfigTable config_back_cf_table[] = { "SYNTAX OMsDirectoryString SINGLE-VALUE )", NULL, NULL }, { "sasl-authz-policy", NULL, 2, 2, 0, ARG_MAGIC|CFG_AZPOLICY, &config_generic, NULL, NULL, NULL }, + { "sasl-auxprops", NULL, 2, 0, 0, +#ifdef HAVE_CYRUS_SASL + ARG_STRING|ARG_UNIQUE, &slap_sasl_auxprops, +#else + ARG_IGNORED, NULL, +#endif + "( OLcfgGlAt:89 NAME 'olcSaslAuxprops' " + "SYNTAX OMsDirectoryString SINGLE-VALUE )", NULL, NULL }, { "sasl-host", "host", 2, 2, 0, #ifdef HAVE_CYRUS_SASL ARG_STRING|ARG_UNIQUE, &sasl_host, @@ -757,7 +765,7 @@ static ConfigOCs cf_ocs[] = { "olcPluginLogFile $ olcReadOnly $ olcReferral $ " "olcReplogFile $ olcRequires $ olcRestrict $ olcReverseLookup $ " "olcRootDSE $ " - "olcSaslHost $ olcSaslRealm $ olcSaslSecProps $ " + "olcSaslAuxprops $ olcSaslHost $ olcSaslRealm $ olcSaslSecProps $ " "olcSecurity $ olcServerID $ olcSizeLimit $ " "olcSockbufMaxIncoming $ olcSockbufMaxIncomingAuth $ " "olcThreads $ olcTimeLimit $ olcTLSCACertificateFile $ " diff --git a/servers/slapd/proto-slap.h b/servers/slapd/proto-slap.h index e52288cc67..afa95ac91f 100644 --- a/servers/slapd/proto-slap.h +++ b/servers/slapd/proto-slap.h @@ -1934,6 +1934,7 @@ LDAP_SLAPD_V (int) global_idletimeout; LDAP_SLAPD_V (char *) global_host; LDAP_SLAPD_V (char *) global_realm; LDAP_SLAPD_V (char *) sasl_host; +LDAP_SLAPD_V (char *) slap_sasl_auxprops; LDAP_SLAPD_V (char **) default_passwd_hash; LDAP_SLAPD_V (int) lber_debug; LDAP_SLAPD_V (int) ldap_syslog; diff --git a/servers/slapd/sasl.c b/servers/slapd/sasl.c index 459d38ce61..14e3d25b6e 100644 --- a/servers/slapd/sasl.c +++ b/servers/slapd/sasl.c @@ -63,8 +63,29 @@ typedef struct sasl_ctx { static struct berval ext_bv = BER_BVC( "EXTERNAL" ); +char *slap_sasl_auxprops; + #ifdef HAVE_CYRUS_SASL +/* Just use our internal auxprop by default */ +static int +slap_sasl_getopt( + void *context, + const char *plugin_name, + const char *option, + const char **result, + unsigned *len) +{ + if ( strcmp( option, "auxprop_plugin" )) { + return SASL_FAIL; + } + if ( slap_sasl_auxprops ) + *result = slap_sasl_auxprops; + else + *result = "slapd"; + return SASL_OK; +} + int slap_sasl_log( void *context, @@ -1078,6 +1099,7 @@ int slap_sasl_init( void ) int rc; static sasl_callback_t server_callbacks[] = { { SASL_CB_LOG, &slap_sasl_log, NULL }, + { SASL_CB_GETOPT, &slap_sasl_getopt, NULL }, { SASL_CB_LIST_END, NULL, NULL } }; #endif -- 2.39.5