summaryrefslogtreecommitdiffstats
path: root/src
diff options
context:
space:
mode:
authorTimothy Pearson <[email protected]>2013-02-13 22:29:58 -0600
committerTimothy Pearson <[email protected]>2013-02-13 22:29:58 -0600
commit9e61d1e26baaa84061d49d88dcf207063106cd67 (patch)
treefdb5bfc1accb60fc5616f289801fdd0f22ce39e7 /src
parenta3118cb55bc12866b608441b7719c529206cfc4c (diff)
downloadlibtdeldap-9e61d1e26baaa84061d49d88dcf207063106cd67.tar.gz
libtdeldap-9e61d1e26baaa84061d49d88dcf207063106cd67.zip
Obtain user name and realm from SASL on GSSAPI authentication success
Diffstat (limited to 'src')
-rw-r--r--src/libtdeldap.cpp36
1 files changed, 34 insertions, 2 deletions
diff --git a/src/libtdeldap.cpp b/src/libtdeldap.cpp
index 9faaecd..4c19b56 100644
--- a/src/libtdeldap.cpp
+++ b/src/libtdeldap.cpp
@@ -38,6 +38,7 @@
#include <krfcdate.h>
#include <ldap.h>
+#include <sasl/sasl.h>
#include <stdlib.h>
#include <sys/time.h>
#include <errno.h>
@@ -161,9 +162,11 @@ TQString ldapLikelyErrorCause(int errcode, int location) {
return ret;
}
-int sasl_bind_interact_callback(LDAP* ld, unsigned flags, void* defaults, void* sasl_interact) {
+int sasl_bind_interact_callback(LDAP* ld, unsigned flags, void* defaults, void* sasl_interaction_struct) {
// FIXME
// This currently does nothing and hopes for the best!
+ // sasl_interact* sasl_struct = (sasl_interact*)sasl_interaction_struct;
+
return LDAP_SUCCESS;
}
@@ -310,7 +313,36 @@ int LDAPManager::bind(TQString* errstr) {
}
if (m_creds->use_gssapi) {
- retcode = ldap_sasl_interactive_bind_s(m_ldap, "", "GSSAPI", NULL, NULL, LDAP_SASL_AUTOMATIC, sasl_bind_interact_callback, NULL);
+ //retcode = ldap_sasl_interactive_bind_s(m_ldap, "", "GSSAPI", NULL, NULL, LDAP_SASL_AUTOMATIC, sasl_bind_interact_callback, NULL);
+ const char* rmech = NULL;
+ LDAPMessage* result = NULL;
+ int msgid;
+ retcode = LDAP_SASL_BIND_IN_PROGRESS;
+ while (retcode == LDAP_SASL_BIND_IN_PROGRESS) {
+ retcode = ldap_sasl_interactive_bind(m_ldap, "", "GSSAPI", NULL, NULL, LDAP_SASL_AUTOMATIC, sasl_bind_interact_callback, NULL, result, &rmech, &msgid);
+ ldap_msgfree(result);
+
+ if (retcode != LDAP_SASL_BIND_IN_PROGRESS) {
+ break;
+ }
+
+ if ((ldap_result(m_ldap, msgid, LDAP_MSG_ALL, NULL, &result) == -1) || (!result)) {
+ retcode = LDAP_INVALID_CREDENTIALS;
+ }
+ }
+
+ if (retcode == LDAP_SUCCESS) {
+ if (m_creds->username == "") {
+ char* sasluser;
+ ldap_get_option(m_ldap, LDAP_OPT_X_SASL_USERNAME, &sasluser);
+ if (sasluser) {
+ TQStringList principalParts = TQStringList::split("@", TQString(sasluser), false);
+ m_creds->username = principalParts[0];
+ m_creds->realm = principalParts[1];
+ ldap_memfree(sasluser);
+ }
+ }
+ }
}
else {
retcode = ldap_sasl_bind_s(m_ldap, ldap_dn.ascii(), mechanism, &cred, NULL, NULL, NULL);