$NetBSD: patch-am,v 1.6 2009/03/07 22:26:23 manu Exp $
--- libraries/libldap/cyrus.c.orig	2009-02-08 06:06:04.000000000 +0000
+++ libraries/libldap/cyrus.c	2009-03-07 21:21:47.000000000 +0000
@@ -712,9 +712,9 @@
 ldap_int_sasl_external(
 	LDAP *ld,
 	LDAPConn *conn,
 	const char * authid,
-	ber_len_t ssf )
+	ber_uint_t ssf )
 {
 	int sc;
 	sasl_conn_t *ctx;
 #if SASL_VERSION_MAJOR < 2
@@ -856,8 +856,9 @@
 	unsigned i, j, l;
 	char **props;
 	unsigned sflags = 0;
 	int got_sflags = 0;
+	int tmp_ssf;
 	sasl_ssf_t max_ssf = 0;
 	int got_max_ssf = 0;
 	sasl_ssf_t min_ssf = 0;
 	int got_min_ssf = 0;
@@ -886,11 +887,11 @@
 				v = strtoul( &props[i][sprops[j].key.bv_len], &next, 10 );
 				if ( next == &props[i][sprops[j].key.bv_len] || next[0] != '\0' ) continue;
 				switch( sprops[j].ival ) {
 				case GOT_MINSSF:
-					min_ssf = v; got_min_ssf++; break;
+					min_ssf = (v >= 0 ? (sasl_ssf_t)v : 0); got_min_ssf++; break;
 				case GOT_MAXSSF:
-					max_ssf = v; got_max_ssf++; break;
+					max_ssf = (v >= 0 ? (sasl_ssf_t)v : 0); got_max_ssf++; break;
 				case GOT_MAXBUF:
 					maxbufsize = v; got_maxbufsize++; break;
 				}
 			} else {
@@ -992,23 +993,23 @@
 			if ( sc != SASL_OK ) {
 				return -1;
 			}
 
-			*(ber_len_t *)arg = *ssf;
+			*(sasl_ssf_t *)arg = *ssf;
 		} break;
 
 		case LDAP_OPT_X_SASL_SSF_EXTERNAL:
 			/* this option is write only */
 			return -1;
 
 		case LDAP_OPT_X_SASL_SSF_MIN:
-			*(ber_len_t *)arg = ld->ld_options.ldo_sasl_secprops.min_ssf;
+			*(sasl_ssf_t *)arg = ld->ld_options.ldo_sasl_secprops.min_ssf;
 			break;
 		case LDAP_OPT_X_SASL_SSF_MAX:
-			*(ber_len_t *)arg = ld->ld_options.ldo_sasl_secprops.max_ssf;
+			*(sasl_ssf_t *)arg = ld->ld_options.ldo_sasl_secprops.max_ssf;
 			break;
 		case LDAP_OPT_X_SASL_MAXBUFSIZE:
-			*(ber_len_t *)arg = ld->ld_options.ldo_sasl_secprops.maxbufsize;
+			*(sasl_ssf_t *)arg = ld->ld_options.ldo_sasl_secprops.maxbufsize;
 			break;
 		case LDAP_OPT_X_SASL_NOCANON:
 			*(int *)arg = (int) LDAP_BOOL_GET(&ld->ld_options, LDAP_BOOL_SASL_NOCANON );
 			break;
@@ -1061,9 +1062,9 @@
 		sc = sasl_setprop( ctx, SASL_SSF_EXTERNAL, &sasl_ssf);
 #else
 		memset(&extprops, 0L, sizeof(extprops));
 
-		extprops.ssf = * (ber_len_t *) arg;
+		extprops.ssf = * (sasl_ssf_t *) arg;
 
 		sc = sasl_setprop( ctx, SASL_SSF_EXTERNAL,
 			(void *) &extprops );
 #endif
@@ -1073,15 +1074,15 @@
 		}
 		} break;
 
 	case LDAP_OPT_X_SASL_SSF_MIN:
-		ld->ld_options.ldo_sasl_secprops.min_ssf = *(ber_len_t *)arg;
+		ld->ld_options.ldo_sasl_secprops.min_ssf = *(sasl_ssf_t *)arg;
 		break;
 	case LDAP_OPT_X_SASL_SSF_MAX:
-		ld->ld_options.ldo_sasl_secprops.max_ssf = *(ber_len_t *)arg;
+		ld->ld_options.ldo_sasl_secprops.max_ssf = *(sasl_ssf_t *)arg;
 		break;
 	case LDAP_OPT_X_SASL_MAXBUFSIZE:
-		ld->ld_options.ldo_sasl_secprops.maxbufsize = *(ber_len_t *)arg;
+		ld->ld_options.ldo_sasl_secprops.maxbufsize = *(sasl_ssf_t *)arg;
 		break;
 	case LDAP_OPT_X_SASL_NOCANON:
 		if ( arg == LDAP_OPT_OFF ) {
 			LDAP_BOOL_CLR(&ld->ld_options, LDAP_BOOL_SASL_NOCANON );
@@ -1185,8 +1186,8 @@
 ldap_int_sasl_external(
 	LDAP *ld,
 	LDAPConn *conn,
 	const char * authid,
-	ber_len_t ssf )
+	ber_uint_t ssf )
 { return LDAP_SUCCESS; }
 
 #endif /* HAVE_CYRUS_SASL */
