PTS & LDAP Take 3
Igor Brezac
igor at ipass.net
Fri Jan 23 08:16:45 EST 2004
On Fri, 23 Jan 2004, Sava Chankov wrote:
> Tim Pushor wrote:
> > No, ldap.c doesn't work for me at all. If there are no memberOf
> > attributes, it dies and user authentication fails (!). I guess I could
> > setup a test user and step through it, but I did see what was happening
> > at least in my adaptation of ldap.c. Canonicalization (of a group) was
> > returning null because of the colon. So what use is it? There are enough
> > unknowns that I would like to get cleared up if at all possible. I was
> > hoping someone from CMU would be able to help advise.
> >
> > Thanks,
> > Tim
>
> Hi Tim, I have gone through all that you explain here, even stepped
> through the program with gdb. I have fixed some bugs (like
> canonicalization failure with colon and null replies on error that used
> to hang ptloader) and added some additional functionality. If you are
> interested, you can download them from
> ftp://ftp.blueboard.biz/pub/cyrus-imap-ptloader-patches/
>
If someone is interested, I attached a patch which removes dependency on
openldap internal libs/includes (lutil).
--
Igor
-------------- next part --------------
Index: configure.in
===================================================================
RCS file: /cvs/src/cyrus/configure.in,v
retrieving revision 1.277
diff -u -r1.277 configure.in
--- configure.in 6 Jan 2004 22:08:07 -0000 1.277
+++ configure.in 18 Jan 2004 03:52:44 -0000
@@ -540,7 +540,7 @@
LDAP_LIBS=""
AC_CHECK_LIB(ldap, ldap_initialize, [
- LDAP_LIBS="-lldap -llber -llutil" ],,-llber)
+ LDAP_LIBS="-lldap -llber" ],,-llber)
else
AC_ERROR(unknown with-pts value)
fi
Index: ptclient/ldap.c
===================================================================
RCS file: /cvs/src/cyrus/ptclient/ldap.c,v
retrieving revision 1.2
diff -u -r1.2 ldap.c
--- ptclient/ldap.c 22 Oct 2003 18:03:22 -0000 1.2
+++ ptclient/ldap.c 18 Jan 2004 03:53:08 -0000
@@ -60,10 +60,7 @@
#include <ldap.h>
#include <lber.h>
-
-/* xxx autoconf checks for these? */
-#include <lutil.h>
-#include <lutil_ldap.h>
+#include <sasl/sasl.h>
/* libimap */
#include "global.h"
@@ -129,6 +126,51 @@
0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0
};
+typedef struct ldapglue {
+ const char *authc;
+ const char *authz;
+ const char *realm;
+ const char *password;
+} ldapglue;
+
+static int ldap_interact(
+ LDAP *ld,
+ unsigned flags __attribute__((unused)),
+ void *def,
+ void *inter)
+{
+ sasl_interact_t *in = inter;
+ const char *p;
+ ldapglue *glue = def;
+
+ for (;in->id != SASL_CB_LIST_END;in++) {
+ p = NULL;
+ switch(in->id) {
+ case SASL_CB_AUTHNAME:
+ if (glue->authc)
+ p = glue->authc;
+ break;
+ case SASL_CB_USER:
+ if (glue->authz)
+ p = glue->authz;
+ break;
+ case SASL_CB_GETREALM:
+ if (glue->realm)
+ p = glue->realm;
+ break;
+ case SASL_CB_PASS:
+ if (glue->password)
+ p = glue->password;
+ break;
+ }
+
+ in->result = p ? p : "";
+ in->len = strlen(in->result);
+ }
+
+ return LDAP_SUCCESS;
+}
+
/*
* Convert 'identifier' into canonical form.
* Returns a pointer to a static buffer containing the canonical form
@@ -190,34 +232,25 @@
/* Initilization */
if(config_getswitch(IMAPOPT_LDAP_SASL))
{
- struct berval passwd = { 0, NULL };
const char *sasl_password =
config_getstring(IMAPOPT_LDAP_SASL_PASSWORD);
const char *sasl_mech = config_getstring(IMAPOPT_LDAP_SASL_MECH);
const char *sasl_realm = config_getstring(IMAPOPT_LDAP_SASL_REALM);
const char *sasl_authc_id = config_getstring(IMAPOPT_LDAP_SASL_AUTHC);
const char *sasl_authz_id = config_getstring(IMAPOPT_LDAP_SASL_AUTHZ);
- unsigned sasl_flags = LDAP_SASL_AUTOMATIC;
+ ldapglue glue;
- void *defaults;
- passwd.bv_val = sasl_password;
- if(passwd.bv_val) passwd.bv_len = strlen(passwd.bv_val);
-
- /* xxx security properties */
- syslog(LOG_DEBUG, "making LDAP defaults");
- defaults = lutil_sasl_defaults( ld,
- (char *)sasl_mech,
- (char *)sasl_realm,
- (char *)sasl_authc_id,
- passwd.bv_val,
- (char *)sasl_authz_id );
+ glue.authc = sasl_authc_id;
+ glue.authz = sasl_authz_id;
+ glue.realm = sasl_realm;
+ glue.password = sasl_password;
syslog(LOG_DEBUG, "doing LDAP SASL bind");
rc = ldap_sasl_interactive_bind_s( ld, NULL /* binddn */,
sasl_mech, NULL, NULL,
- sasl_flags, lutil_sasl_interact,
- defaults );
+ LDAP_SASL_QUIET, ldap_interact,
+ &glue );
} else {
/* xxx we should probably also allow simple non-anonymous binds */
syslog(LOG_DEBUG, "doing LDAP SIMPLE [anonymous] bind");
Index: ptclient/Makefile.in
===================================================================
RCS file: /cvs/src/cyrus/ptclient/Makefile.in,v
retrieving revision 1.25
diff -u -r1.25 Makefile.in
--- ptclient/Makefile.in 12 Nov 2003 04:02:11 -0000 1.25
+++ ptclient/Makefile.in 18 Jan 2004 03:54:17 -0000
@@ -102,13 +102,13 @@
$(PURIFY) $(PUREARGS) $(CC) $(LDFLAGS) -o $@ ptloader.o @WITH_PTS at .o ../imap/mutex_fake.o $(SERVICETHREAD) ${AFS_LDFLAGS} ${LDAP_LDFLAGS} $(AFS_LIBS) ${LDAP_LIBS} $(DEPLIBS) $(LIB_SASL) $(LIBS) $(LIB_WRAP) $(LIB_RT)
ptexpire: ptexpire.o $(DEPLIBS) $(UTIL_LIBS)
- $(CC) $(LDFLAGS) -o $@ ptexpire.o $(UTIL_LIBS) $(DEPLIBS) $(LIB_SASL) $(LIBS) $(LIB_WRAP) $(LIB_RT)
+ $(CC) $(LDFLAGS) -o $@ ptexpire.o $(UTIL_LIBS) $(DEPLIBS) $(LIB_SASL) $(LIBS) $(LIB_RT)
ptexpire.pure: ptexpire.o $(DEPLIBS) $(UTIL_LIBS)
$(PURIFY) $(PUREARGS) $(CC) $(LDFLAGS) -o $@ ptexpire.o $(UTIL_LIBS) $(DEPLIBS) $(LIB_SASL) $(LIBS) $(LIB_WRAP) $(LIB_RT)
ptdump: ptdump.o $(DEPLIBS) $(UTIL_LIBS)
- $(CC) $(LDFLAGS) -o $@ ptdump.o $(UTIL_LIBS) $(DEPLIBS) $(LIB_SASL) $(LIBS) $(LIB_WRAP) $(LIB_RT)
+ $(CC) $(LDFLAGS) -o $@ ptdump.o $(UTIL_LIBS) $(DEPLIBS) $(LIB_SASL) $(LIBS) $(LIB_RT)
ptdump.pure: ptexpire.o $(DEPLIBS) $(UTIL_LIBS)
$(PURIFY) $(PUREARGS) $(CC) $(LDFLAGS) -o $@ ptdump.o $(UTIL_LIBS) $(DEPLIBS) $(LIB_SASL) $(LIBS) $(LIB_WRAP) $(LIB_RT)
More information about the Info-cyrus
mailing list