For LDAP_PROTO_IPC set the SASL EXTERNAL authid to allow the mech to be

used by the client side. Please review.
2025-01-06 10:46:21 +08:00 · 2002-12-07 13:06:20 +00:00 · 2002-12-07 13:06:20 +00:00 · cf6a9d9d0f
commit cf6a9d9d0f
parent db98e44d6a
1 changed files with 9 additions and 0 deletions
--- a/libraries/libldap/open.c
+++ b/libraries/libldap/open.c
@ -353,6 +353,15 @@ ldap_int_open_connection(
 		ldap_int_sasl_open( ld, conn, sasl_host, sasl_ssf );
 		LDAP_FREE( sasl_host );
 	}
+	/* sasl_ssf is set redundantly. Should probably remove it from
+	 * the ldap_int_sasl_open call since the TLS ssf isn't known
+	 * yet anyway.
+	 */
+	if( proto == LDAP_PROTO_IPC ) {
+		char authid[64];
+		sprintf( authid, "uid=%d+gid=%d", geteuid(), getegid() );
+		ldap_int_sasl_external( ld, conn, authid, sasl_ssf );
+	}
 #endif

 #ifdef HAVE_TLS