diff options
author | Timothy Pearson <[email protected]> | 2013-02-13 22:29:58 -0600 |
---|---|---|
committer | Timothy Pearson <[email protected]> | 2013-02-13 22:29:58 -0600 |
commit | 9e61d1e26baaa84061d49d88dcf207063106cd67 (patch) | |
tree | fdb5bfc1accb60fc5616f289801fdd0f22ce39e7 /src | |
parent | a3118cb55bc12866b608441b7719c529206cfc4c (diff) | |
download | libtdeldap-9e61d1e26baaa84061d49d88dcf207063106cd67.tar.gz libtdeldap-9e61d1e26baaa84061d49d88dcf207063106cd67.zip |
Obtain user name and realm from SASL on GSSAPI authentication success
Diffstat (limited to 'src')
-rw-r--r-- | src/libtdeldap.cpp | 36 |
1 files changed, 34 insertions, 2 deletions
diff --git a/src/libtdeldap.cpp b/src/libtdeldap.cpp index 9faaecd..4c19b56 100644 --- a/src/libtdeldap.cpp +++ b/src/libtdeldap.cpp @@ -38,6 +38,7 @@ #include <krfcdate.h> #include <ldap.h> +#include <sasl/sasl.h> #include <stdlib.h> #include <sys/time.h> #include <errno.h> @@ -161,9 +162,11 @@ TQString ldapLikelyErrorCause(int errcode, int location) { return ret; } -int sasl_bind_interact_callback(LDAP* ld, unsigned flags, void* defaults, void* sasl_interact) { +int sasl_bind_interact_callback(LDAP* ld, unsigned flags, void* defaults, void* sasl_interaction_struct) { // FIXME // This currently does nothing and hopes for the best! + // sasl_interact* sasl_struct = (sasl_interact*)sasl_interaction_struct; + return LDAP_SUCCESS; } @@ -310,7 +313,36 @@ int LDAPManager::bind(TQString* errstr) { } if (m_creds->use_gssapi) { - retcode = ldap_sasl_interactive_bind_s(m_ldap, "", "GSSAPI", NULL, NULL, LDAP_SASL_AUTOMATIC, sasl_bind_interact_callback, NULL); + //retcode = ldap_sasl_interactive_bind_s(m_ldap, "", "GSSAPI", NULL, NULL, LDAP_SASL_AUTOMATIC, sasl_bind_interact_callback, NULL); + const char* rmech = NULL; + LDAPMessage* result = NULL; + int msgid; + retcode = LDAP_SASL_BIND_IN_PROGRESS; + while (retcode == LDAP_SASL_BIND_IN_PROGRESS) { + retcode = ldap_sasl_interactive_bind(m_ldap, "", "GSSAPI", NULL, NULL, LDAP_SASL_AUTOMATIC, sasl_bind_interact_callback, NULL, result, &rmech, &msgid); + ldap_msgfree(result); + + if (retcode != LDAP_SASL_BIND_IN_PROGRESS) { + break; + } + + if ((ldap_result(m_ldap, msgid, LDAP_MSG_ALL, NULL, &result) == -1) || (!result)) { + retcode = LDAP_INVALID_CREDENTIALS; + } + } + + if (retcode == LDAP_SUCCESS) { + if (m_creds->username == "") { + char* sasluser; + ldap_get_option(m_ldap, LDAP_OPT_X_SASL_USERNAME, &sasluser); + if (sasluser) { + TQStringList principalParts = TQStringList::split("@", TQString(sasluser), false); + m_creds->username = principalParts[0]; + m_creds->realm = principalParts[1]; + ldap_memfree(sasluser); + } + } + } } else { retcode = ldap_sasl_bind_s(m_ldap, ldap_dn.ascii(), mechanism, &cred, NULL, NULL, NULL); |