diff options
| author | Timothy Pearson <[email protected]> | 2012-06-06 13:47:24 -0500 |
|---|---|---|
| committer | Timothy Pearson <[email protected]> | 2012-06-06 13:47:24 -0500 |
| commit | 16fb6be0dbb2bc1c318b4d287cb99c51239c80f4 (patch) | |
| tree | 0b77a8b9f56000643cc03340c8fb2dbd1cca921a /src/libtdeldap.cpp | |
| parent | c1419e3a4c17f30aa504d9277a7750ce0a6b6a5a (diff) | |
| download | libtdeldap-16fb6be0dbb2bc1c318b4d287cb99c51239c80f4.tar.gz libtdeldap-16fb6be0dbb2bc1c318b4d287cb99c51239c80f4.zip | |
Enable SASL authentication
Diffstat (limited to 'src/libtdeldap.cpp')
| -rw-r--r-- | src/libtdeldap.cpp | 25 |
1 files changed, 21 insertions, 4 deletions
diff --git a/src/libtdeldap.cpp b/src/libtdeldap.cpp index 47f5057..1f1bf7a 100644 --- a/src/libtdeldap.cpp +++ b/src/libtdeldap.cpp @@ -50,7 +50,6 @@ #define LDAP_FILE "/etc/ldap/ldap.conf" int requested_ldap_version = LDAP_VERSION3; -int requested_ldap_auth_method = LDAP_AUTH_SIMPLE; // Is this safe and secure over an untrusted connection? char* ldap_user_and_operational_attributes[2] = {"*", "+"}; enum ErrorCauseLocation { @@ -114,6 +113,12 @@ TQString ldapLikelyErrorCause(int errcode, int location) { return ret; } +int sasl_bind_interact_callback(LDAP* ld, unsigned flags, void* defaults, void* sasl_interact) { + // FIXME + // This currently does nothing and hopes for the best! + return LDAP_SUCCESS; +} + int LDAPManager::bind(TQString* errstr) { printf("[RAJA DEBUG 600.0] In LDAPManager::bind(%p)\n\r", errstr); fflush(stdout); if (m_ldap) { @@ -121,6 +126,7 @@ printf("[RAJA DEBUG 600.0] In LDAPManager::bind(%p)\n\r", errstr); fflush(stdout } bool using_ldapi = false; + bool using_gssapi = false; if (m_host.startsWith("ldapi://")) { using_ldapi = true; } @@ -129,7 +135,7 @@ printf("[RAJA DEBUG 600.0] In LDAPManager::bind(%p)\n\r", errstr); fflush(stdout havepass = true; } else { -printf("[RAJA DEBUG 660.1] using_ldapi: %d\n\r", using_ldapi); fflush(stdout); +printf("[RAJA DEBUG 660.1]\n\r"); fflush(stdout); LDAPPasswordDialog passdlg(0); passdlg.m_base->ldapAdminRealm->setEnabled(false); passdlg.m_base->ldapAdminRealm->insertItem(m_realm); @@ -143,6 +149,12 @@ printf("[RAJA DEBUG 660.1] using_ldapi: %d\n\r", using_ldapi); fflush(stdout); m_creds->realm = passdlg.m_base->ldapAdminRealm->currentText(); m_creds->use_tls = passdlg.m_base->ldapUseTLS->isOn(); } + if (passdlg.use_gssapi) { + using_gssapi = true; + } + } + else { + return -1; } } @@ -191,7 +203,7 @@ printf("[RAJA DEBUG 660.0]\n\r"); fflush(stdout); cred.bv_val = pass.data(); cred.bv_len = pass.length(); printf("[RAJA DEBUG 660.2]\n\r"); fflush(stdout); - if (!using_ldapi) { + if ((!using_ldapi && !using_gssapi)) { if (!ldap_dn.contains(",")) { // Look for a POSIX account with anonymous bind and the specified account name TQString uri; @@ -255,7 +267,12 @@ printf("[RAJA DEBUG 660.2]\n\r"); fflush(stdout); } } - retcode = ldap_sasl_bind_s(m_ldap, ldap_dn.ascii(), mechanism, &cred, NULL, NULL, NULL); + if (using_gssapi) { + retcode = ldap_sasl_interactive_bind_s(m_ldap, "", "GSSAPI", NULL, NULL, LDAP_SASL_AUTOMATIC, sasl_bind_interact_callback, NULL); + } + else { + retcode = ldap_sasl_bind_s(m_ldap, ldap_dn.ascii(), mechanism, &cred, NULL, NULL, NULL); + } printf("[RAJA DEBUG 600.2] ldap_dn: %s\n\r", ldap_dn.ascii()); fflush(stdout); if (retcode != LDAP_SUCCESS ) { |