diff options
author | Simo Sorce <simo@redhat.com> | 2013-08-02 09:26:10 -0400 |
---|---|---|
committer | Jakub Hrozek <jhrozek@redhat.com> | 2013-08-06 21:43:47 +0200 |
commit | fb945a2cacc5506a2acb50349670f22078f1d4f5 (patch) | |
tree | 0b820407bc7d160723b5f1c1418503cb29643823 | |
parent | 3d9edb4c510028def2df41aa7b0ce705b197e6fc (diff) | |
download | sssd-fb945a2cacc5506a2acb50349670f22078f1d4f5.tar.gz sssd-fb945a2cacc5506a2acb50349670f22078f1d4f5.tar.bz2 sssd-fb945a2cacc5506a2acb50349670f22078f1d4f5.zip |
sssd_ad: Add hackish workaround for sasl ad_compat
This tries to set the ad_compat option for sasl, by working around
the openldap/sasl initialization as openldap does not allow us to pass
down to sasl our own getopt callback.
Resolves:
https://fedorahosted.org/sssd/ticket/2040
-rw-r--r-- | src/providers/ad/ad_init.c | 41 |
1 files changed, 41 insertions, 0 deletions
diff --git a/src/providers/ad/ad_init.c b/src/providers/ad/ad_init.c index 39230767..ef39eaf7 100644 --- a/src/providers/ad/ad_init.c +++ b/src/providers/ad/ad_init.c @@ -26,6 +26,8 @@ #include <sys/stat.h> #include <fcntl.h> +#include <sasl/sasl.h> + #include "util/util.h" #include "providers/ad/ad_common.h" #include "providers/ad/ad_access.h" @@ -65,6 +67,43 @@ struct bet_ops ad_access_ops = { .finalize = NULL }; +#define AD_COMPAT_ON "1" +static int ad_sasl_getopt(void *context, const char *plugin_name, + const char *option, + const char **result, unsigned *len) +{ + if (!plugin_name || !result) { + return SASL_FAIL; + } + if (strcmp(plugin_name, "GSSAPI") != 0) { + return SASL_FAIL; + } + if (strcmp(option, "ad_compat") != 0) { + return SASL_FAIL; + } + *result = AD_COMPAT_ON; + if (len) { + *len = 2; + } + return SASL_OK; +} + +static const sasl_callback_t ad_sasl_callbacks[] = { + { SASL_CB_GETOPT, ad_sasl_getopt, NULL }, + { SASL_CB_LIST_END, NULL, NULL } +}; +/* This is quite a hack, we *try* to fool openldap libraries by initializing + * sasl first so we can pass in the SASL_CB_GETOPT callback we need to set some + * options. Should be removed as soon as openldap exposes a way to do that */ +static void ad_sasl_initialize(void) +{ + /* NOTE: this may fail if soe other library in the system happens to + * initialize and use openldap libraries or directly the cyrus-sasl + * library as this initialization function can be called only once per + * process */ + (void)sasl_client_init(ad_sasl_callbacks); +} + static errno_t common_ad_init(struct be_ctx *bectx) { @@ -73,6 +112,8 @@ common_ad_init(struct be_ctx *bectx) char *ad_backup_servers = NULL; char *ad_realm; + ad_sasl_initialize(); + /* Get AD-specific options */ ret = ad_get_common_options(bectx, bectx->cdb, bectx->conf_path, |