From fb945a2cacc5506a2acb50349670f22078f1d4f5 Mon Sep 17 00:00:00 2001
From: Simo Sorce <simo@redhat.com>
Date: Fri, 2 Aug 2013 09:26:10 -0400
Subject: sssd_ad: Add hackish workaround for sasl ad_compat

This tries to set the ad_compat option for sasl, by working around
the openldap/sasl initialization as openldap does not allow us to pass
down to sasl our own getopt callback.

Resolves:
https://fedorahosted.org/sssd/ticket/2040
---
 src/providers/ad/ad_init.c | 41 +++++++++++++++++++++++++++++++++++++++++
 1 file changed, 41 insertions(+)

diff --git a/src/providers/ad/ad_init.c b/src/providers/ad/ad_init.c
index 39230767..ef39eaf7 100644
--- a/src/providers/ad/ad_init.c
+++ b/src/providers/ad/ad_init.c
@@ -26,6 +26,8 @@
 #include <sys/stat.h>
 #include <fcntl.h>
 
+#include <sasl/sasl.h>
+
 #include "util/util.h"
 #include "providers/ad/ad_common.h"
 #include "providers/ad/ad_access.h"
@@ -65,6 +67,43 @@ struct bet_ops ad_access_ops = {
     .finalize = NULL
 };
 
+#define AD_COMPAT_ON "1"
+static int ad_sasl_getopt(void *context, const char *plugin_name,
+                          const char *option,
+                          const char **result, unsigned *len)
+{
+    if (!plugin_name || !result) {
+        return SASL_FAIL;
+    }
+    if (strcmp(plugin_name, "GSSAPI") != 0) {
+        return SASL_FAIL;
+    }
+    if (strcmp(option, "ad_compat") != 0) {
+        return SASL_FAIL;
+    }
+    *result = AD_COMPAT_ON;
+    if (len) {
+        *len = 2;
+    }
+    return SASL_OK;
+}
+
+static const sasl_callback_t ad_sasl_callbacks[] = {
+    { SASL_CB_GETOPT, ad_sasl_getopt, NULL },
+    { SASL_CB_LIST_END, NULL, NULL }
+};
+/* This is quite a hack, we *try* to fool openldap libraries by initializing
+ * sasl first so we can pass in the SASL_CB_GETOPT callback we need to set some
+ * options. Should be removed as soon as openldap exposes a way to do that */
+static void ad_sasl_initialize(void)
+{
+    /* NOTE: this may fail if soe other library in the system happens to
+     * initialize and use openldap libraries or directly the cyrus-sasl
+     * library as this initialization function can be called only once per
+     * process */
+    (void)sasl_client_init(ad_sasl_callbacks);
+}
+
 static errno_t
 common_ad_init(struct be_ctx *bectx)
 {
@@ -73,6 +112,8 @@ common_ad_init(struct be_ctx *bectx)
     char *ad_backup_servers = NULL;
     char *ad_realm;
 
+    ad_sasl_initialize();
+
     /* Get AD-specific options */
     ret = ad_get_common_options(bectx, bectx->cdb,
                                 bectx->conf_path,
-- 
cgit