summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorSimo Sorce <simo@redhat.com>2013-08-02 09:26:10 -0400
committerJakub Hrozek <jhrozek@redhat.com>2013-08-06 21:43:47 +0200
commitfb945a2cacc5506a2acb50349670f22078f1d4f5 (patch)
tree0b820407bc7d160723b5f1c1418503cb29643823
parent3d9edb4c510028def2df41aa7b0ce705b197e6fc (diff)
downloadsssd-fb945a2cacc5506a2acb50349670f22078f1d4f5.tar.gz
sssd-fb945a2cacc5506a2acb50349670f22078f1d4f5.tar.bz2
sssd-fb945a2cacc5506a2acb50349670f22078f1d4f5.zip
sssd_ad: Add hackish workaround for sasl ad_compat
This tries to set the ad_compat option for sasl, by working around the openldap/sasl initialization as openldap does not allow us to pass down to sasl our own getopt callback. Resolves: https://fedorahosted.org/sssd/ticket/2040
-rw-r--r--src/providers/ad/ad_init.c41
1 files changed, 41 insertions, 0 deletions
diff --git a/src/providers/ad/ad_init.c b/src/providers/ad/ad_init.c
index 39230767..ef39eaf7 100644
--- a/src/providers/ad/ad_init.c
+++ b/src/providers/ad/ad_init.c
@@ -26,6 +26,8 @@
#include <sys/stat.h>
#include <fcntl.h>
+#include <sasl/sasl.h>
+
#include "util/util.h"
#include "providers/ad/ad_common.h"
#include "providers/ad/ad_access.h"
@@ -65,6 +67,43 @@ struct bet_ops ad_access_ops = {
.finalize = NULL
};
+#define AD_COMPAT_ON "1"
+static int ad_sasl_getopt(void *context, const char *plugin_name,
+ const char *option,
+ const char **result, unsigned *len)
+{
+ if (!plugin_name || !result) {
+ return SASL_FAIL;
+ }
+ if (strcmp(plugin_name, "GSSAPI") != 0) {
+ return SASL_FAIL;
+ }
+ if (strcmp(option, "ad_compat") != 0) {
+ return SASL_FAIL;
+ }
+ *result = AD_COMPAT_ON;
+ if (len) {
+ *len = 2;
+ }
+ return SASL_OK;
+}
+
+static const sasl_callback_t ad_sasl_callbacks[] = {
+ { SASL_CB_GETOPT, ad_sasl_getopt, NULL },
+ { SASL_CB_LIST_END, NULL, NULL }
+};
+/* This is quite a hack, we *try* to fool openldap libraries by initializing
+ * sasl first so we can pass in the SASL_CB_GETOPT callback we need to set some
+ * options. Should be removed as soon as openldap exposes a way to do that */
+static void ad_sasl_initialize(void)
+{
+ /* NOTE: this may fail if soe other library in the system happens to
+ * initialize and use openldap libraries or directly the cyrus-sasl
+ * library as this initialization function can be called only once per
+ * process */
+ (void)sasl_client_init(ad_sasl_callbacks);
+}
+
static errno_t
common_ad_init(struct be_ctx *bectx)
{
@@ -73,6 +112,8 @@ common_ad_init(struct be_ctx *bectx)
char *ad_backup_servers = NULL;
char *ad_realm;
+ ad_sasl_initialize();
+
/* Get AD-specific options */
ret = ad_get_common_options(bectx, bectx->cdb,
bectx->conf_path,