Import SASL/EXTERNAL (TLS) code from devel

libraries/libldap/cyrus.c

@@ -654,6 +654,35 @@ ldap_int_sasl_bind(
 	return rc;
 }
 
+int
+ldap_int_sasl_external(
+	LDAP *ld,
+	const char * authid,
+	ber_len_t ssf )
+{
+	int sc;
+	sasl_conn_t *ctx = ld->ld_defconn->lconn_sasl_ctx;
+	sasl_external_properties_t extprops;
+    
+	if ( ctx == NULL ) {
+		return LDAP_LOCAL_ERROR;
+	}
+    
+	memset( &extprops, '\0', sizeof(extprops) );
+	extprops.ssf = ssf;
+	extprops.auth_id = (char *) authid;
+    
+	sc = sasl_setprop( ctx, SASL_SSF_EXTERNAL,
+		(void *) &extprops );
+    
+	if ( sc != SASL_OK ) {
+		return LDAP_LOCAL_ERROR;
+	}
+
+	return LDAP_SUCCESS;
+}
+
+
 int ldap_pvt_sasl_secprops(
 	const char *in,
 	sasl_security_properties_t *secprops )
@@ -953,4 +982,12 @@ ldap_int_sasl_bind(
 	LDAP_SASL_INTERACT_PROC *interact,
 	void * defaults )
 { return LDAP_NOT_SUPPORTED; }
+
+int
+ldap_int_sasl_external(
+	LDAP *ld,
+	const char * authid,
+	ber_len_t ssf )
+{ return LDAP_SUCCESS; }
+
 #endif /* HAVE_CYRUS_SASL */

libraries/libldap/ldap-int.h

@@ -520,6 +520,9 @@ LDAP_F (int) ldap_int_sasl_open LDAP_P((
 	const char* host, ber_len_t ssf ));
 LDAP_F (int) ldap_int_sasl_close LDAP_P(( LDAP *ld, LDAPConn *conn ));
 
+LDAP_F (int) ldap_int_sasl_external LDAP_P((
+	LDAP *ld, const char* authid, ber_len_t ssf ));
+
 LDAP_F (int) ldap_int_sasl_get_option LDAP_P(( LDAP *ld,
 	int option, void *arg ));
 LDAP_F (int) ldap_int_sasl_set_option LDAP_P(( LDAP *ld,

libraries/libldap/tls.c

@@ -880,6 +880,20 @@ ldap_pvt_tls_start ( LDAP *ld, Sockbuf *sb, void *ctx_arg )
 	 * certificate....
 	 */
 
+
+	{
+		void *ssl;
+		const char *authid;
+		ber_len_t ssf;
+
+		/* we need to let SASL know */
+		ssl = (void *) ldap_pvt_tls_sb_handle( sb );
+		ssf = ldap_pvt_tls_get_strength( ssl );
+		authid = ldap_pvt_tls_get_peer( ssl );
+
+		(void) ldap_int_sasl_external( ld, authid, ssf );
+	}
+
 	return LDAP_SUCCESS;
 }