Expose SASL context to SLAPI plugins (SLAPI_X_CONN_SASL_CONTEXT)

Useful for plugins that may wish to collude with the SASL library to, for example, retrieve a user's authorization data from a Kerberos ticket for access control purposes
2025-12-24 16:49:39 -05:00 · 2003-08-30 17:29:14 +00:00 · 2003-08-30 17:29:14 +00:00 · a08fb7de7e
commit a08fb7de7e
parent c36f32a9e4
3 changed files with 10 additions and 0 deletions
--- a/servers/slapd/slapi/slapi.h
+++ b/servers/slapd/slapi/slapi.h
@ -274,6 +274,7 @@ extern Backend * slapi_cl_get_be(char *dn);
 #define SLAPI_X_CONN_SERVERPATH			1301
 #define SLAPI_X_CONN_IS_UDP			1302
 #define SLAPI_X_CONN_SSF			1303
+#define SLAPI_X_CONN_SASL_CONTEXT		1304

 #define SLAPD_AUTH_NONE   "none"
 #define SLAPD_AUTH_SIMPLE "simple"
--- a/servers/slapd/slapi/slapi_pblock.c
+++ b/servers/slapd/slapi/slapi_pblock.c
@ -45,6 +45,7 @@ isOkNetscapeParam( int param )
 	case SLAPI_X_CONN_CLIENTPATH:
 	case SLAPI_X_CONN_SERVERPATH:
 	case SLAPI_X_CONN_SSF:
+	case SLAPI_X_CONN_SASL_CONTEXT:
 	case SLAPI_IBM_CONN_DN_ALT:
 	case SLAPI_IBM_CONN_DN_ORIG:
 	case SLAPI_IBM_GSSAPI_CONTEXT:
--- a/servers/slapd/slapi/slapi_utils.c
+++ b/servers/slapd/slapi/slapi_utils.c
@ -2265,6 +2265,14 @@ static int initConnectionPB( Slapi_PBlock *pb, Connection *conn )
 	}

 	rc = slapi_pblock_set(pb, SLAPI_X_CONN_SSF, (void *)conn->c_ssf);
+	if ( rc != LDAP_SUCCESS )
+		return rc;
+
+	rc = slapi_pblock_set(pb, SLAPI_X_CONN_SASL_CONTEXT,
+		( conn->c_sasl_authctx != NULL ? conn->c_sasl_authctx :
+						 conn->c_sasl_sockctx ) );
+	if ( rc != LDAP_SUCCESS )
+		return rc;

 	return rc;
 }