Set userPassword field for SASL authentication

debian/changelog

@@ -1,3 +1,9 @@
+ceo (0.7.0-buster1) buster; urgency=medium
+
+  * Set userPassword field in LDAP for SASL authentication
+
+ -- Zachary Seguin <ztseguin@csclub.uwaterloo.ca>  Fri, 07 May 2021 21:44:02 -0400
+
 ceo (0.6.0-buster1.2) buster; urgency=medium
 
   * Decrease minimum username length from 3 to 2

src/op-adduser.c

@@ -146,6 +146,7 @@ static void adduser_spam(Ceo__AddUser *in, Ceo__AddUserResponse *out, char *clie
 static int32_t addmember(Ceo__AddUser *in, Ceo__AddUserResponse *out) {
     char homedir[1024];
     char principal[1024];
+    char sasl[1024];
     int user_stat, group_stat, krb_stat, home_stat, quota_stat;
     int id;
 
@@ -163,8 +164,12 @@ static int32_t addmember(Ceo__AddUser *in, Ceo__AddUserResponse *out) {
     if ((krb_stat = ceo_del_princ(in->username)))
         return response_message(out, EEXIST, "unable to overwrite orphaned kerberos principal %s", in->username);
 
+    if (snprintf(sasl, sizeof(sasl), "{SASL}%s",
+                principal) >= sizeof(sasl))
+        fatal("sasl overflow");
+
     if ((user_stat = ceo_add_user(in->username, ldap_users_base, "member", in->realname, homedir,
-            member_shell, id, "program", in->program, NULL)))
+            member_shell, id, "program", in->program, "userPassword", sasl, NULL)))
         return response_message(out, ELDAP, "unable to create ldap account %s", in->username);
     response_message(out, 0, "successfully created ldap account");