Fix missing libsasl2.so by PkgConfig and set min_ssf SASL property

Added direct searching with hints for missing libsasl2.so.
This bandaid can be removed after libsasl2 corresponding
PkgConfig fixes.
SASL propertry min_ssf had been also set instead of max_ssf.
This provides minimum acceptable security layer strength and solves
trouble with unencrypted connection.

src/adldap/CMakeLists.txt

@@ -11,7 +11,7 @@ pkg_check_modules(NdrStandard REQUIRED IMPORTED_TARGET ndr_standard)
 pkg_check_modules(Smbclient REQUIRED IMPORTED_TARGET smbclient)
 pkg_check_modules(Krb5 REQUIRED IMPORTED_TARGET krb5)
 pkg_check_modules(Uuid REQUIRED IMPORTED_TARGET uuid)
-pkg_check_modules(Sasl REQUIRED IMPORTED_TARGET libsasl2)
+pkg_check_modules(REQUIRED libsasl2)
 
 pkg_check_modules(Ndr REQUIRED IMPORTED_TARGET ndr)
 if(Ndr_VERSION VERSION_GREATER "1.0.1")
@@ -96,6 +96,8 @@ target_include_directories(adldap PRIVATE
     ${CMAKE_CURRENT_BINARY_DIR}
 )
 
+find_library(LIBSASL "libsasl2.so" HINTS "/usr/lib64" "/lib64")
+
 target_link_libraries(adldap
     Qt5::Core
     PkgConfig::Uuid
@@ -103,7 +105,7 @@ target_link_libraries(adldap
     PkgConfig::Krb5
     Ldap::Ldap
     PkgConfig::NdrStandard
-    PkgConfig::Sasl
+    ${LIBSASL}
     resolv
 )
 

src/adldap/ad_interface.cpp

@@ -1540,8 +1540,10 @@ bool AdInterface::ldap_init() {
         return false;
     }
 
-    // Set maxssf
-    const char *sasl_secprops = "maxssf=56";
+    // Set SASL propertry min_ssf to the minimum acceptable security layer strength.
+    // SSF is a rough indication of how secure the connection is. A connection
+    // secured by 56-bit DES would have an SSF of 56.
+    const char *sasl_secprops = "minssf=56";
     result = ldap_set_option(d->ld, LDAP_OPT_X_SASL_SECPROPS, sasl_secprops);
     if (result != LDAP_SUCCESS) {
         option_error("LDAP_OPT_X_SASL_SECPROPS");