summaryrefslogtreecommitdiffstats
path: root/src/libtdeldap.cpp
diff options
context:
space:
mode:
Diffstat (limited to 'src/libtdeldap.cpp')
-rw-r--r--src/libtdeldap.cpp25
1 files changed, 21 insertions, 4 deletions
diff --git a/src/libtdeldap.cpp b/src/libtdeldap.cpp
index 47f5057..1f1bf7a 100644
--- a/src/libtdeldap.cpp
+++ b/src/libtdeldap.cpp
@@ -50,7 +50,6 @@
#define LDAP_FILE "/etc/ldap/ldap.conf"
int requested_ldap_version = LDAP_VERSION3;
-int requested_ldap_auth_method = LDAP_AUTH_SIMPLE; // Is this safe and secure over an untrusted connection?
char* ldap_user_and_operational_attributes[2] = {"*", "+"};
enum ErrorCauseLocation {
@@ -114,6 +113,12 @@ TQString ldapLikelyErrorCause(int errcode, int location) {
return ret;
}
+int sasl_bind_interact_callback(LDAP* ld, unsigned flags, void* defaults, void* sasl_interact) {
+ // FIXME
+ // This currently does nothing and hopes for the best!
+ return LDAP_SUCCESS;
+}
+
int LDAPManager::bind(TQString* errstr) {
printf("[RAJA DEBUG 600.0] In LDAPManager::bind(%p)\n\r", errstr); fflush(stdout);
if (m_ldap) {
@@ -121,6 +126,7 @@ printf("[RAJA DEBUG 600.0] In LDAPManager::bind(%p)\n\r", errstr); fflush(stdout
}
bool using_ldapi = false;
+ bool using_gssapi = false;
if (m_host.startsWith("ldapi://")) {
using_ldapi = true;
}
@@ -129,7 +135,7 @@ printf("[RAJA DEBUG 600.0] In LDAPManager::bind(%p)\n\r", errstr); fflush(stdout
havepass = true;
}
else {
-printf("[RAJA DEBUG 660.1] using_ldapi: %d\n\r", using_ldapi); fflush(stdout);
+printf("[RAJA DEBUG 660.1]\n\r"); fflush(stdout);
LDAPPasswordDialog passdlg(0);
passdlg.m_base->ldapAdminRealm->setEnabled(false);
passdlg.m_base->ldapAdminRealm->insertItem(m_realm);
@@ -143,6 +149,12 @@ printf("[RAJA DEBUG 660.1] using_ldapi: %d\n\r", using_ldapi); fflush(stdout);
m_creds->realm = passdlg.m_base->ldapAdminRealm->currentText();
m_creds->use_tls = passdlg.m_base->ldapUseTLS->isOn();
}
+ if (passdlg.use_gssapi) {
+ using_gssapi = true;
+ }
+ }
+ else {
+ return -1;
}
}
@@ -191,7 +203,7 @@ printf("[RAJA DEBUG 660.0]\n\r"); fflush(stdout);
cred.bv_val = pass.data();
cred.bv_len = pass.length();
printf("[RAJA DEBUG 660.2]\n\r"); fflush(stdout);
- if (!using_ldapi) {
+ if ((!using_ldapi && !using_gssapi)) {
if (!ldap_dn.contains(",")) {
// Look for a POSIX account with anonymous bind and the specified account name
TQString uri;
@@ -255,7 +267,12 @@ printf("[RAJA DEBUG 660.2]\n\r"); fflush(stdout);
}
}
- retcode = ldap_sasl_bind_s(m_ldap, ldap_dn.ascii(), mechanism, &cred, NULL, NULL, NULL);
+ if (using_gssapi) {
+ retcode = ldap_sasl_interactive_bind_s(m_ldap, "", "GSSAPI", NULL, NULL, LDAP_SASL_AUTOMATIC, sasl_bind_interact_callback, NULL);
+ }
+ else {
+ retcode = ldap_sasl_bind_s(m_ldap, ldap_dn.ascii(), mechanism, &cred, NULL, NULL, NULL);
+ }
printf("[RAJA DEBUG 600.2] ldap_dn: %s\n\r", ldap_dn.ascii()); fflush(stdout);
if (retcode != LDAP_SUCCESS ) {
generated by cgit v1.2.1 (git 2.18.0) at 2025-01-10 20:52:33 +0000