Arthur de Jong

Open Source / Free Software developer

summaryrefslogtreecommitdiffstats
path: root/nslcd
diff options
context:
space:
mode:
Diffstat (limited to 'nslcd')
-rw-r--r--nslcd/cfg.c33
-rw-r--r--nslcd/cfg.h10
-rw-r--r--nslcd/myldap.c69
3 files changed, 82 insertions, 30 deletions
diff --git a/nslcd/cfg.c b/nslcd/cfg.c
index 920b5b8..9b26093 100644
--- a/nslcd/cfg.c
+++ b/nslcd/cfg.c
@@ -81,8 +81,11 @@ static void cfg_defaults(struct ldap_config *cfg)
#endif /* not LDAP_VERSION3 */
cfg->ldc_binddn=NULL;
cfg->ldc_bindpw=NULL;
- cfg->ldc_saslid=NULL;
+ cfg->ldc_sasl_authcid=NULL;
+ cfg->ldc_sasl_authzid=NULL;
cfg->ldc_sasl_secprops=NULL;
+ cfg->ldc_sasl_mech=NULL;
+ cfg->ldc_sasl_realm=NULL;
cfg->ldc_usesasl=0;
cfg->ldc_base=NULL;
cfg->ldc_scope=LDAP_SCOPE_SUBTREE;
@@ -694,21 +697,39 @@ static void cfg_read(const char *filename,struct ldap_config *cfg)
get_restdup(filename,lnr,keyword,&line,&cfg->ldc_bindpw);
}
/* SASL authentication options */
- else if (strcasecmp(keyword,"sasl_authid")==0)
+ else if (strcasecmp(keyword,"sasl_authcid")==0)
{
- log_log(LOG_WARNING,"%s:%d: option %s is currently untested (please report any successes)",filename,lnr,keyword);
- get_strdup(filename,lnr,keyword,&line,&cfg->ldc_saslid);
+ log_log(LOG_WARNING,"%s:%d: option %s is currently not fully supported (please report any successes)",filename,lnr,keyword);
+ get_strdup(filename,lnr,keyword,&line,&cfg->ldc_sasl_authcid);
+ get_eol(filename,lnr,keyword,&line);
+ }
+ else if (strcasecmp(keyword,"sasl_authzid")==0)
+ {
+ log_log(LOG_WARNING,"%s:%d: option %s is currently not fully supported (please report any successes)",filename,lnr,keyword);
+ get_strdup(filename,lnr,keyword,&line,&cfg->ldc_sasl_authzid);
+ get_eol(filename,lnr,keyword,&line);
+ }
+ else if (strcasecmp(keyword,"sasl_mech")==0)
+ {
+ log_log(LOG_WARNING,"%s:%d: option %s is currently not fully supported (please report any successes)",filename,lnr,keyword);
+ get_strdup(filename,lnr,keyword,&line,&cfg->ldc_sasl_mech);
+ get_eol(filename,lnr,keyword,&line);
+ }
+ else if (strcasecmp(keyword,"sasl_realm")==0)
+ {
+ log_log(LOG_WARNING,"%s:%d: option %s is currently not fully supported (please report any successes)",filename,lnr,keyword);
+ get_strdup(filename,lnr,keyword,&line,&cfg->ldc_sasl_realm);
get_eol(filename,lnr,keyword,&line);
}
else if (strcasecmp(keyword,"sasl_secprops")==0)
{
- log_log(LOG_WARNING,"%s:%d: option %s is currently untested (please report any successes)",filename,lnr,keyword);
+ log_log(LOG_WARNING,"%s:%d: option %s is currently not fully supported (please report any successes)",filename,lnr,keyword);
get_strdup(filename,lnr,keyword,&line,&cfg->ldc_sasl_secprops);
get_eol(filename,lnr,keyword,&line);
}
else if (strcasecmp(keyword,"use_sasl")==0)
{
- log_log(LOG_WARNING,"%s:%d: option %s is currently untested (please report any successes)",filename,lnr,keyword);
+ log_log(LOG_WARNING,"%s:%d: option %s is currently not fully supported (please report any successes)",filename,lnr,keyword);
get_boolean(filename,lnr,keyword,&line,&cfg->ldc_usesasl);
get_eol(filename,lnr,keyword,&line);
}
diff --git a/nslcd/cfg.h b/nslcd/cfg.h
index 981af28..a6edb47 100644
--- a/nslcd/cfg.h
+++ b/nslcd/cfg.h
@@ -87,10 +87,16 @@ struct ldap_config
char *ldc_binddn;
/* bind cred */
char *ldc_bindpw;
- /* sasl auth id */
- char *ldc_saslid;
+ /* sasl authentication id */
+ char *ldc_sasl_authcid;
+ /* sasl authorization id */
+ char *ldc_sasl_authzid;
/* sasl security */
char *ldc_sasl_secprops;
+ /* sasl mech */
+ char *ldc_sasl_mech;
+ /* sasl realm */
+ char *ldc_sasl_realm;
/* do we use sasl when binding? */
int ldc_usesasl;
/* base DN, eg. dc=gnu,dc=org */
diff --git a/nslcd/myldap.c b/nslcd/myldap.c
index f2c8062..6a05b53 100644
--- a/nslcd/myldap.c
+++ b/nslcd/myldap.c
@@ -310,26 +310,43 @@ PURE static inline int is_valid_entry(MYLDAP_ENTRY *entry)
/* this is registered with ldap_sasl_interactive_bind_s() in do_bind() */
static int do_sasl_interact(LDAP UNUSED(*ld),unsigned UNUSED(flags),void *defaults,void *_interact)
{
- char *authzid=(char *)defaults;
- sasl_interact_t *interact=(sasl_interact_t *)_interact;
+ struct ldap_config *cfg=defaults;
+ sasl_interact_t *interact=_interact;
while (interact->id!=SASL_CB_LIST_END)
{
- if (interact->id!=SASL_CB_USER)
- return LDAP_PARAM_ERROR;
- if (authzid!=NULL)
+ switch(interact->id)
{
- interact->result=authzid;
- interact->len=strlen(authzid);
- }
- else if (interact->defresult!=NULL)
- {
- interact->result=interact->defresult;
- interact->len=strlen(interact->defresult);
- }
- else
- {
- interact->result="";
- interact->len=0;
+ case SASL_CB_GETREALM:
+ if (cfg->ldc_sasl_realm)
+ {
+ interact->result=cfg->ldc_sasl_realm;
+ interact->len=strlen(cfg->ldc_sasl_realm);
+ }
+ break;
+ case SASL_CB_AUTHNAME:
+ if (cfg->ldc_sasl_authcid)
+ {
+ interact->result=cfg->ldc_sasl_authcid;
+ interact->len=strlen(cfg->ldc_sasl_authcid);
+ }
+ break;
+ case SASL_CB_USER:
+ if (cfg->ldc_sasl_authzid)
+ {
+ interact->result=cfg->ldc_sasl_authzid;
+ interact->len=strlen(cfg->ldc_sasl_authzid);
+ }
+ break;
+ case SASL_CB_PASS:
+ if (cfg->ldc_bindpw)
+ {
+ interact->result=cfg->ldc_bindpw;
+ interact->len=strlen(cfg->ldc_bindpw);
+ }
+ break;
+ default:
+ /* just ignore */
+ break;
}
interact++;
}
@@ -388,13 +405,21 @@ static int do_bind(MYLDAP_SESSION *session,const char *uri)
LDAP_SET_OPTION(session->ld,LDAP_OPT_X_SASL_SECPROPS,(void *)nslcd_cfg->ldc_sasl_secprops);
}
#ifdef HAVE_SASL_INTERACT_T
- return ldap_sasl_interactive_bind_s(session->ld,nslcd_cfg->ldc_binddn,"GSSAPI",NULL,NULL,
+ return ldap_sasl_interactive_bind_s(session->ld,nslcd_cfg->ldc_binddn,nslcd_cfg->ldc_sasl_mech,NULL,NULL,
LDAP_SASL_QUIET,
- do_sasl_interact,(void *)nslcd_cfg->ldc_saslid);
+ do_sasl_interact,(void *)nslcd_cfg);
#else /* HAVE_SASL_INTERACT_T */
- cred.bv_val=nslcd_cfg->ldc_saslid;
- cred.bv_len=strlen(nslcd_cfg->ldc_saslid);
- return ldap_sasl_bind_s(session->ld,nslcd_cfg->ldc_binddn,"GSSAPI",&cred,NULL,NULL,NULL);
+ if (nslcd_cfg->ldc_bindpw!=NULL)
+ {
+ cred.bv_val=nslcd_cfg->ldc_bindpw;
+ cred.bv_len=strlen(nslcd_cfg->ldc_bindpw);
+ }
+ else
+ {
+ cred.bv_val="";
+ cred.bv_len=0;
+ }
+ return ldap_sasl_bind_s(session->ld,NULL,nslcd_cfg->ldc_sasl_mech,&cred,NULL,NULL,NULL);
#endif /* not HAVE_SASL_INTERACT_T */
}
#endif /* HAVE_LDAP_SASL_INTERACTIVE_BIND_S */