PTS & LDAP Take 3

Igor Brezac igor at ipass.net
Fri Jan 23 08:16:45 EST 2004



On Fri, 23 Jan 2004, Sava Chankov wrote:

> Tim Pushor wrote:
> > No, ldap.c doesn't work for me at all. If there are no memberOf
> > attributes, it dies and user authentication fails (!). I guess I could
> > setup a test user and step through it, but I did see what was happening
> > at least in my adaptation of ldap.c. Canonicalization (of a group) was
> > returning null because of the colon. So what use is it? There are enough
> > unknowns that I would like to get cleared up if at all possible. I was
> > hoping someone from CMU would be able to help advise.
> >
> > Thanks,
> > Tim
>
>  Hi Tim, I have gone through all that you explain here, even stepped
> through the program with gdb. I have fixed some bugs (like
> canonicalization failure with colon and null replies on error that used
> to hang ptloader) and added some additional functionality. If you are
> interested, you can download them from
> ftp://ftp.blueboard.biz/pub/cyrus-imap-ptloader-patches/
>

If someone is interested, I attached a patch which removes dependency on
openldap internal libs/includes (lutil).

-- 
Igor
-------------- next part --------------
Index: configure.in
===================================================================
RCS file: /cvs/src/cyrus/configure.in,v
retrieving revision 1.277
diff -u -r1.277 configure.in
--- configure.in	6 Jan 2004 22:08:07 -0000	1.277
+++ configure.in	18 Jan 2004 03:52:44 -0000
@@ -540,7 +540,7 @@
 
 	    LDAP_LIBS=""
 	    AC_CHECK_LIB(ldap, ldap_initialize, [
-                         LDAP_LIBS="-lldap -llber -llutil" ],,-llber)
+                         LDAP_LIBS="-lldap -llber" ],,-llber)
 	else
 	    AC_ERROR(unknown with-pts value)
 	fi
Index: ptclient/ldap.c
===================================================================
RCS file: /cvs/src/cyrus/ptclient/ldap.c,v
retrieving revision 1.2
diff -u -r1.2 ldap.c
--- ptclient/ldap.c	22 Oct 2003 18:03:22 -0000	1.2
+++ ptclient/ldap.c	18 Jan 2004 03:53:08 -0000
@@ -60,10 +60,7 @@
 
 #include <ldap.h>
 #include <lber.h>
-
-/* xxx autoconf checks for these? */
-#include <lutil.h>
-#include <lutil_ldap.h>
+#include <sasl/sasl.h>
 
 /* libimap */
 #include "global.h"
@@ -129,6 +126,51 @@
     0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0
 };
 
+typedef struct ldapglue {
+	const char *authc;
+	const char *authz;	
+	const char *realm;	
+	const char *password;
+} ldapglue;
+
+static int ldap_interact(
+	LDAP *ld, 
+	unsigned flags __attribute__((unused)), 
+	void *def, 
+	void *inter)
+{
+	sasl_interact_t *in = inter;
+	const char *p;
+	ldapglue *glue = def;
+
+	for (;in->id != SASL_CB_LIST_END;in++) {
+		p = NULL;
+		switch(in->id) {
+			case SASL_CB_AUTHNAME:
+				if (glue->authc)
+					p = glue->authc;
+				break;
+			case SASL_CB_USER:
+				if (glue->authz)
+					p = glue->authz;
+				break;
+			case SASL_CB_GETREALM:
+				if (glue->realm)
+					p = glue->realm;
+				break;          
+			case SASL_CB_PASS:
+				if (glue->password)
+					p = glue->password;
+				break;
+		}
+
+		in->result = p ? p : "";
+		in->len = strlen(in->result);
+	}
+
+	return LDAP_SUCCESS;
+}
+
 /*
  * Convert 'identifier' into canonical form.
  * Returns a pointer to a static buffer containing the canonical form
@@ -190,34 +232,25 @@
     /* Initilization */
     if(config_getswitch(IMAPOPT_LDAP_SASL))
     {
-	struct berval passwd = { 0, NULL };
 	const char *sasl_password =
 	    config_getstring(IMAPOPT_LDAP_SASL_PASSWORD);
 	const char *sasl_mech = config_getstring(IMAPOPT_LDAP_SASL_MECH);
 	const char *sasl_realm = config_getstring(IMAPOPT_LDAP_SASL_REALM);
 	const char *sasl_authc_id = config_getstring(IMAPOPT_LDAP_SASL_AUTHC);
 	const char *sasl_authz_id = config_getstring(IMAPOPT_LDAP_SASL_AUTHZ);
-	unsigned sasl_flags = LDAP_SASL_AUTOMATIC;
+    ldapglue glue;
 	
-	void *defaults;
 
-	passwd.bv_val = sasl_password;
-	if(passwd.bv_val) passwd.bv_len = strlen(passwd.bv_val);
-	
-	/* xxx security properties */
-	syslog(LOG_DEBUG, "making LDAP defaults");
-	defaults = lutil_sasl_defaults( ld,
-					(char *)sasl_mech,
-					(char *)sasl_realm,
-					(char *)sasl_authc_id,
-					passwd.bv_val,
-					(char *)sasl_authz_id );
+    glue.authc = sasl_authc_id;
+    glue.authz = sasl_authz_id;
+    glue.realm = sasl_realm;
+    glue.password = sasl_password;
 
 	syslog(LOG_DEBUG, "doing LDAP SASL bind");
 	rc = ldap_sasl_interactive_bind_s( ld, NULL /* binddn */,
 					   sasl_mech, NULL, NULL,
-					   sasl_flags, lutil_sasl_interact,
-					   defaults );
+					   LDAP_SASL_QUIET, ldap_interact,
+					   &glue );
     } else {
 	/* xxx we should probably also allow simple non-anonymous binds */
 	syslog(LOG_DEBUG, "doing LDAP SIMPLE [anonymous] bind");
Index: ptclient/Makefile.in
===================================================================
RCS file: /cvs/src/cyrus/ptclient/Makefile.in,v
retrieving revision 1.25
diff -u -r1.25 Makefile.in
--- ptclient/Makefile.in	12 Nov 2003 04:02:11 -0000	1.25
+++ ptclient/Makefile.in	18 Jan 2004 03:54:17 -0000
@@ -102,13 +102,13 @@
 	$(PURIFY) $(PUREARGS) $(CC) $(LDFLAGS) -o $@ ptloader.o @WITH_PTS at .o ../imap/mutex_fake.o $(SERVICETHREAD) ${AFS_LDFLAGS} ${LDAP_LDFLAGS} $(AFS_LIBS) ${LDAP_LIBS} $(DEPLIBS) $(LIB_SASL) $(LIBS) $(LIB_WRAP) $(LIB_RT)
 
 ptexpire: ptexpire.o $(DEPLIBS) $(UTIL_LIBS)
-	$(CC) $(LDFLAGS) -o $@ ptexpire.o $(UTIL_LIBS) $(DEPLIBS) $(LIB_SASL) $(LIBS) $(LIB_WRAP) $(LIB_RT)
+	$(CC) $(LDFLAGS) -o $@ ptexpire.o $(UTIL_LIBS) $(DEPLIBS) $(LIB_SASL) $(LIBS) $(LIB_RT)
 
 ptexpire.pure: ptexpire.o $(DEPLIBS) $(UTIL_LIBS)
 	$(PURIFY) $(PUREARGS) $(CC) $(LDFLAGS) -o $@ ptexpire.o $(UTIL_LIBS) $(DEPLIBS) $(LIB_SASL) $(LIBS) $(LIB_WRAP) $(LIB_RT)
 
 ptdump: ptdump.o $(DEPLIBS) $(UTIL_LIBS)
-	$(CC) $(LDFLAGS) -o $@ ptdump.o $(UTIL_LIBS) $(DEPLIBS) $(LIB_SASL) $(LIBS) $(LIB_WRAP) $(LIB_RT)
+	$(CC) $(LDFLAGS) -o $@ ptdump.o $(UTIL_LIBS) $(DEPLIBS) $(LIB_SASL) $(LIBS) $(LIB_RT)
 
 ptdump.pure: ptexpire.o $(DEPLIBS) $(UTIL_LIBS)
 	$(PURIFY) $(PUREARGS) $(CC) $(LDFLAGS) -o $@ ptdump.o $(UTIL_LIBS) $(DEPLIBS) $(LIB_SASL) $(LIBS) $(LIB_WRAP) $(LIB_RT)


More information about the Info-cyrus mailing list