diff --git a/libraries/libldap/cyrus.c b/libraries/libldap/cyrus.c index 03387d59ac..6d213f3da4 100644 --- a/libraries/libldap/cyrus.c +++ b/libraries/libldap/cyrus.c @@ -654,6 +654,35 @@ ldap_int_sasl_bind( return rc; } +int +ldap_int_sasl_external( + LDAP *ld, + const char * authid, + ber_len_t ssf ) +{ + int sc; + sasl_conn_t *ctx = ld->ld_defconn->lconn_sasl_ctx; + sasl_external_properties_t extprops; + + if ( ctx == NULL ) { + return LDAP_LOCAL_ERROR; + } + + memset( &extprops, '\0', sizeof(extprops) ); + extprops.ssf = ssf; + extprops.auth_id = (char *) authid; + + sc = sasl_setprop( ctx, SASL_SSF_EXTERNAL, + (void *) &extprops ); + + if ( sc != SASL_OK ) { + return LDAP_LOCAL_ERROR; + } + + return LDAP_SUCCESS; +} + + int ldap_pvt_sasl_secprops( const char *in, sasl_security_properties_t *secprops ) @@ -953,4 +982,12 @@ ldap_int_sasl_bind( LDAP_SASL_INTERACT_PROC *interact, void * defaults ) { return LDAP_NOT_SUPPORTED; } + +int +ldap_int_sasl_external( + LDAP *ld, + const char * authid, + ber_len_t ssf ) +{ return LDAP_SUCCESS; } + #endif /* HAVE_CYRUS_SASL */ diff --git a/libraries/libldap/ldap-int.h b/libraries/libldap/ldap-int.h index c6978b8003..8247624d33 100644 --- a/libraries/libldap/ldap-int.h +++ b/libraries/libldap/ldap-int.h @@ -520,6 +520,9 @@ LDAP_F (int) ldap_int_sasl_open LDAP_P(( const char* host, ber_len_t ssf )); LDAP_F (int) ldap_int_sasl_close LDAP_P(( LDAP *ld, LDAPConn *conn )); +LDAP_F (int) ldap_int_sasl_external LDAP_P(( + LDAP *ld, const char* authid, ber_len_t ssf )); + LDAP_F (int) ldap_int_sasl_get_option LDAP_P(( LDAP *ld, int option, void *arg )); LDAP_F (int) ldap_int_sasl_set_option LDAP_P(( LDAP *ld, diff --git a/libraries/libldap/tls.c b/libraries/libldap/tls.c index b82d8835f3..4fd4543efa 100644 --- a/libraries/libldap/tls.c +++ b/libraries/libldap/tls.c @@ -880,6 +880,20 @@ ldap_pvt_tls_start ( LDAP *ld, Sockbuf *sb, void *ctx_arg ) * certificate.... */ + + { + void *ssl; + const char *authid; + ber_len_t ssf; + + /* we need to let SASL know */ + ssl = (void *) ldap_pvt_tls_sb_handle( sb ); + ssf = ldap_pvt_tls_get_strength( ssl ); + authid = ldap_pvt_tls_get_peer( ssl ); + + (void) ldap_int_sasl_external( ld, authid, ssf ); + } + return LDAP_SUCCESS; }