[gq-commit] gq/src util.c,1.92,1.93
Status: Beta
Brought to you by:
sur5r
Menu
▾
▴
[gq-commit] gq/src util.c,1.92,1.93
|
From: <he...@us...> - 2006-04-09 20:48:46
|
Update of /cvsroot/gqclient/gq/src In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv11864/src Modified Files: util.c Log Message: 2006-04-09 Sven Herzberg <he...@gn...> * src/util.c: adding the patch to fix SASL authentication Index: util.c =================================================================== RCS file: /cvsroot/gqclient/gq/src/util.c,v retrieving revision 1.92 retrieving revision 1.93 diff -C2 -d -r1.92 -r1.93 *** util.c 7 Apr 2006 21:48:15 -0000 1.92 --- util.c 9 Apr 2006 20:48:41 -0000 1.93 *************** *** 78,94 **** static int util_ldap_sasl_interact(LDAP *ld, unsigned flags, void *defaults, void *in) { ! sasl_interact_t *interact; ! for (interact = in; interact->id != SASL_CB_LIST_END; interact++) { ! if (interact->id == SASL_CB_USER) { ! interact->result = strdup(""); ! interact->len = 0; ! } else return LDAP_OTHER; } - return LDAP_SUCCESS; } #endif static int do_ldap_connect(LDAP **ld_out, struct ldapserver *server, int open_context, int flags) --- 78,168 ---- static int util_ldap_sasl_interact(LDAP *ld, unsigned flags, void *defaults, void *in) { ! sasl_interact_t *interact = in; ! struct ldapserver *def = defaults; ! for (; interact->id != SASL_CB_LIST_END; interact++) { ! ! switch (interact->id) { ! case SASL_CB_AUTHNAME: ! interact->result = def->binddn; ! interact->len = strlen(def->binddn); ! break; ! ! case SASL_CB_PASS: ! interact->result = def->bindpw; ! interact->len = strlen(def->bindpw); ! break; ! } } return LDAP_SUCCESS; } #endif + int do_ldap_auth(LDAP *ld, struct ldapserver *server, int open_context) + { + char *binddn = NULL; + char *bindpw = NULL; + int rc = LDAP_SUCCESS; + + if (server->binddn[0]) { + binddn = server->binddn; + } + + /* do not ever use the bindpw if we have turned on to ask + * for a password */ + /* Thanks to Tomas A. Maly <tom...@ya...> for + * indirectly causing me to check this area */ + if (server->ask_pw) { + if (server->enteredpw[0]) + bindpw = server->enteredpw; + } + else if (server->bindpw[0]) + bindpw = server->bindpw; + + /* take care of special characters... */ + if (binddn) binddn = encoded_string(binddn); + if (bindpw) bindpw = encoded_string(bindpw); + + switch (server->bindtype) { + case BINDTYPE_KERBEROS: + #ifdef HAVE_KERBEROS + rc = ldap_bind_s(ld, binddn, bindpw, LDAP_AUTH_KRBV4); + #else + error_push(open_context, + _("Cannot use Kerberos bind with '%s'.\n" + "GQ was compiled without Kerberos support.\n" + "Run 'configure --help' for more information\n"), + server->name); + statusbar_msg_clear(); + /* XXX - should merge kerberos into sasl (gssapi) */ + rc = SASL_FAIL; + #endif + break; + case BINDTYPE_SASL: + #ifdef HAVE_SASL + rc = ldap_sasl_interactive_bind_s(ld, NULL, NULL, NULL, NULL, LDAP_SASL_QUIET, util_ldap_sasl_interact, server); + if (rc == LDAP_SUCCESS) + break; + #else + error_push(open_context, + _("Cannot use SASL bind with '%s'.\n" + "GQ was compiled without SASL support.\n" + "Run 'configure --help' for more information\n"), + server->name); + statusbar_msg_clear(); + rc = SASL_FAIL; + #endif + break; + default: + rc = ldap_simple_bind_s(ld, binddn, bindpw); + break; + } + + if (binddn) free(binddn); + if (bindpw) free(bindpw); + + return rc; + } + static int do_ldap_connect(LDAP **ld_out, struct ldapserver *server, int open_context, int flags) *************** *** 205,272 **** } ! binddn = NULL; ! bindpw = NULL; ! ! if(server->binddn[0]) { ! binddn = server->binddn; ! } ! ! /* do not ever use the bindpw if we have turned on to ask ! for a password */ ! /* Thanks to Tomas A. Maly <tom...@ya...> for ! indirectly causing me to check this area */ ! if (server->ask_pw) { ! if (server->enteredpw[0]) { ! bindpw = server->enteredpw; ! } ! } else { ! if (server->bindpw[0]) { ! bindpw = server->bindpw; ! } ! } ! ! /* take care of special characters... */ ! ! if (binddn) binddn = encoded_string(binddn); ! if (bindpw) bindpw = encoded_string(bindpw); ! ! switch (server->bindtype) { ! case BINDTYPE_KERBEROS: ! # ifdef HAVE_KERBEROS ! rc = ldap_bind_s(ld, binddn, bindpw, LDAP_AUTH_KRBV4); ! # else ! error_push(open_context, ! _("Cannot use Kerberos bind with '%s'.\n" ! "GQ was compiled without Kerberos support.\n" ! "Run 'configure --help' for more information\n"), ! server->name); ! statusbar_msg_clear(); ! ldap_unbind(ld); ! ld = NULL; ! # endif ! break; ! case BINDTYPE_SASL: ! # ifdef HAVE_SASL ! rc = ldap_sasl_interactive_bind_s(ld, binddn, NULL, NULL, NULL, LDAP_SASL_QUIET, util_ldap_sasl_interact, NULL); ! # else ! error_push(open_context, ! _("Cannot use SASL bind with '%s'.\n" ! "GQ was compiled without SASL support.\n" ! "Run 'configure --help' for more information\n"), ! server->name); ! statusbar_msg_clear(); ! ldap_unbind(ld); ! ld = NULL; ! # endif ! break; ! default: ! rc = ldap_simple_bind_s(ld, binddn, bindpw); ! break; ! } ! ! if (binddn) free(binddn); ! if (bindpw) free(bindpw); ! ! binddn = bindpw = NULL; if (rc != LDAP_SUCCESS) { --- 279,284 ---- } ! /* perform the auth */ ! rc = do_ldap_auth(ld, server, open_context); if (rc != LDAP_SUCCESS) { |
