Группа :: Система/Библиотеки
Пакет: cyrus-sasl2
навигация по пакетам
Главная Изменения Спек Патчи Загрузить Bugs and FR
Патч: cyrus-sasl-2.1.10-ldap_auxprop.patch
--- ./plugins/Makefile.am.orig Fri Dec 6 16:24:05 2002
+++ ./plugins/Makefile.am Sun Dec 29 20:47:40 2002
@@ -58,6 +58,7 @@
ntlm_version = 2:15:0
otp_version = 2:15:0
srp_version = 2:15:0
+ldapauxprop_version = 2:15:0
INCLUDES=-I$(top_srcdir)/include -I$(top_srcdir)/lib -I$(top_srcdir)/sasldb
LDFLAGS = @LDFLAGS@ -module -export-dynamic -rpath $(plugindir)
@@ -77,7 +78,7 @@
sasl_LTLIBRARIES = @SASL_MECHS@
EXTRA_LTLIBRARIES = libplain.la libanonymous.la libkerberos4.la libcrammd5.la \
libgssapiv2.la libdigestmd5.la liblogin.la libsrp.la libotp.la \
- libntlm.la libsasldb.la libmysql.la
+ libntlm.la libsasldb.la libmysql.la libldapauxprop.la
libplain_la_SOURCES = plain.c plain_init.c $(common_sources)
libplain_la_LDFLAGS = -version-info $(plain_version)
@@ -141,12 +142,19 @@
libmysql_la_DEPENDENCIES = $(COMPAT_OBJS)
libmysql_la_LIBADD = $(COMPAT_OBJS)
+# Auxprop Plugins Ldap
+libldapauxprop_la_SOURCES = ldapauxprop.c ldapauxprop_init.c $(common_sources)
+libldapauxprop_la_LDFLAGS = -lldap -llber -version-info $(ldapauxprop_version)
+libldapauxprop_la_DEPENDENCIES = $(COMPAT_OBJS)
+libldapauxprop_la_LIBADD = $(COMPAT_OBJS)
+
+
# Instructions for making the _init files
init_src=anonymous_init.c crammd5_init.c digestmd5_init.c gssapiv2_init.c \
kerberos4_init.c login_init.c plain_init.c srp_init.c otp_init.c ntlm_init.c \
-sasldb_init.c mysqlauxprop_init.c
+sasldb_init.c mysql_init.c ldapauxprop_init.c
CLEANFILES=$(init_src)
--- ./plugins/makeinit.sh.orig Tue Dec 3 19:47:19 2002
+++ ./plugins/makeinit.sh Sun Dec 29 20:42:28 2002
@@ -45,7 +45,7 @@
" > ${mech}_init.cdone
-for mech in sasldb mysql ; do
+for mech in sasldb mysql ldapauxprop ; do
echo "
#include <string.h>
--- ./plugins/ldapauxprop.c.orig Sun Dec 29 20:39:55 2002
+++ ./plugins/ldapauxprop.c Sun Dec 29 20:39:55 2002
@@ -0,0 +1,599 @@
+/*
+**
+** ldap Auxprop plugin
+** by Simon Loader
+**
+** $Id$
+**
+** Auxiliary property plugin for Sasl 2.1.0
+**
+** Note: This was tested against openldap-2.0.21 with
+** no cyrus-sasl support. If compiled with cyrus-sasl
+** it seemed to try and use cyrus-saslv2 as if they are
+** version 1. So in theory when openldap becomes saslv2
+** compliant all should work.
+**
+** The plugin uses the following options in the
+** sasl application config file ( usually in /usr/lib/sasl2 )
+**
+** ldap_user: <username to login as>
+** ldap_passwd: <password to use>
+** ldap_hostnames: < comma separated host list >
+** ldap_filter: < filter to get to users password >
+** ldap_basedn: <basedn for the search>
+** ldap_verbose: ( if it exists will print select statement to syslog )
+**
+** The filter used in the option ldap_filter is parsed
+** for 2 place holders %u and %r they are replaced with username
+** and realm required respectively.
+**
+** %u is the username the user logged in as
+** %r is the realm which could be the kerbros realm, the FQDN of the
+** computer the sasl app is on or what ever is after the @ on a username.
+** %% is replaced with %
+** %<char> is left as is
+**
+** e.g
+** ldap_filter: uid=%u
+** or feasibly uid=%s,domain=%r,o=SURF
+** ldap_basedn: c=UK
+**
+** if something matches the filter the code
+** will try and retrieve all properties requested.
+** Usually userPassword and cmusaslsecretMECHNAME where
+** MECHNAME is the name of a mechanism.
+**
+** ldap_hostnames: tries to be clever and is can understand url type input.
+** e.g. ldap:ldap.surf.org.uk:344,ldaps:secureldap.surf.org.uk
+**
+** put in verbose mode if you want to see what the filter is looking
+** for and what it got.
+**
+**
+*/
+
+#include <config.h>
+
+/* checkpw stuff */
+
+#include <stdio.h>
+#include <assert.h>
+
+#include "sasl.h"
+#include "saslutil.h"
+#include "saslplug.h"
+
+#include <ldap.h>
+#include <lber.h>
+#include <ctype.h>
+
+#include "plugin_common.h"
+
+typedef struct ldap_settings {+ char *ldap_user;
+ char *ldap_passwd;
+ char *ldap_hostnames;
+ char *ldap_basedn;
+ char *ldap_filter;
+ int ldap_verbose;
+ int have_settings;
+#ifdef LDAP_OPT_DEREF
+ int ldap_alias_deref;
+#endif
+} ldap_settings_t;
+
+
+/* ldap_host_connect
+**
+** takes: hosts a string of hosts separeted by commas
+** e.g
+** 193.242.127.1,ldaps:banana.com:58,ldap:fish.com
+*/
+LDAP *ldap_host_connect(char *hosts) {+ const char *rfc_port = "389";
+ char *cur_ldap_host;
+ char *next_ldap_host;
+ char *host_dup_ptr;
+ char *port;
+ int ssl_mode = 0;
+#ifdef LDAP_OPT_X_TLS
+ int tls_option;
+#endif
+ LDAP *ld = NULL;
+
+
+ host_dup_ptr = strdup(hosts);
+ next_ldap_host = cur_ldap_host = host_dup_ptr;
+
+
+ while ( cur_ldap_host != NULL ) {+ ssl_mode = 0;
+ /* find first , and set to null */
+ next_ldap_host = strchr(next_ldap_host,',');
+ if ( next_ldap_host != NULL ) {+ next_ldap_host[0] = 0x00;
+ /* be nice ignore white space */
+ while (!isalnum(next_ldap_host[0]))
+ next_ldap_host++;
+ }
+ /* ok so we need to know hostname/ip, ldaps or ldap
+ ** and port number if set ???
+ */
+ if ( strstr(cur_ldap_host,"ldaps:") != NULL ) {+ cur_ldap_host += 6;
+ ssl_mode = 1;
+ }
+ if ( strstr(cur_ldap_host,"ldap:") != NULL ) {+ cur_ldap_host += 5;
+ ssl_mode = 0;
+ }
+ /* if it doesnt have either we presume ldap */
+ /* now to get the port */
+ if ( (port = strchr(cur_ldap_host,':')) != NULL ) {+ port[0] = 0x00;
+ port++;
+ } else {+ port = (char *)rfc_port;
+ }
+
+ ld = ldap_init(cur_ldap_host,atoi(port));
+ if ( ssl_mode ) {+#ifdef LDAP_OPT_X_TLS
+ ldap_set_option(ld, LDAP_OPT_X_TLS, (void *)&tls_option);
+#else
+ /* ++++ Print an error saying no TLS support but TLS requested */
+#endif
+ }
+ if ( ld != NULL ) {+ break;
+ }
+ cur_ldap_host = next_ldap_host;
+ }
+
+ free(host_dup_ptr);
+ return(ld);
+}
+
+
+
+
+/*
+** ldap_create_filter
+** uses select line and allocate memory to replace
+** Parts with the strings provided.
+** %% = %
+** %u = user
+** %r = realm
+** %<char> = left as is
+** Note: calling function must free memory.
+** Better memory copy and proper allocation for muliple %u\%r
+** by Birger Toedtmann birger-takatukaland.de
+**
+*/
+static char *ldap_create_filter(sasl_server_params_t *sparams,char *select_line,char *user,char *realm)
+{+ char *buf,*ptr;
+ char *buf_ptr,*line_ptr;
+ int filtersize = 0;
+
+ /* ++++ this could be modulised more */
+ /* calculate memory needed for creating
+ the complete filter string. */
+ buf = select_line;
+
+ /* we can use strtok to get all vars */
+ while ( (ptr = strchr(buf,'%')) ) {+ buf = ++ptr;
+ switch ( buf[0] ) {+ case '%':
+ filtersize--; /* we are actully deleting a character */
+ break;
+ case 'u':
+ filtersize += strlen(user)-2;
+ break;
+ case 'r':
+ filtersize += strlen(realm)-2;
+ break;
+ default:
+ break;
+
+ }
+ }
+
+/*****************************/
+
+/* alloc mem */
+ filtersize = filtersize+strlen(select_line)+1; /* don't forget the trailing 0x0 */
+
+ /* ok, now try to allocate a chunk of that size */
+ if ( (buf = (char *)sparams->utils->malloc(filtersize)) == NULL ) {+ /* ummm couldnt get the memory something must be up */
+ return NULL;
+ }
+
+/*********************************/
+
+buf_ptr = buf;
+line_ptr = select_line;
+
+/* replace the strings */
+ while ( (ptr = strchr(line_ptr,'%')) ) {+ /* copy what ever we have not done so already */
+ memcpy(buf_ptr,line_ptr,ptr - line_ptr); /* -1 we dont want the % */
+ buf_ptr += ptr - line_ptr;
+ ptr++;
+ switch (ptr[0]) {+ case '%':
+ buf_ptr[0] = '%';
+ buf_ptr++;
+ break;
+ case 'u':
+ memcpy(buf_ptr,user,strlen(user));
+ buf_ptr += strlen(user);
+ break;
+ case 'r':
+ memcpy(buf_ptr,realm,strlen(realm));
+ buf_ptr += strlen(realm);
+ break;
+ default:
+ buf_ptr[0] = '%';
+ buf_ptr[1] = ptr[0];
+ buf_ptr += 2;
+ break;
+ }
+ ptr++;
+ line_ptr = ptr;
+ }
+ /* now copy the last bit */
+ memcpy(buf_ptr,line_ptr,strlen(line_ptr)+1); /* need the null */
+ return(buf);
+
+
+}
+
+void ldap_get_settings(const sasl_utils_t *utils,void *glob_context) {+ struct ldap_settings *settings;
+ char *verbose_test;
+
+ settings = (struct ldap_settings *)glob_context;
+ if ( settings->have_settings == 0 ) {+ /* do I have to allocate memory for the vars only testing will tell */
+ /*( probably )*/
+ utils->getopt(utils->getopt_context,"LDAPAUXPROP","ldap_verbose",(const char **)&verbose_test,NULL);
+ if ( verbose_test != NULL ) {+ settings->ldap_verbose = 1;
+ utils->log(NULL, SASL_LOG_WARN, "ldap auxprop plugin has been initilizsed\n");
+ } else {+ settings->ldap_verbose = 0;
+ }
+
+ utils->getopt(utils->getopt_context,"LDAPAUXPROP","ldap_user",(const char **)&settings->ldap_user,NULL);
+ if ( settings->ldap_user == NULL ) {+ /* set it to a blank string */
+ _plug_strdup(utils,"",&settings->ldap_user,NULL);
+ }
+ utils->getopt(utils->getopt_context,"LDAPAUXPROP", "ldap_passwd", (const char **) &settings->ldap_passwd, NULL);
+ if ( settings->ldap_passwd == NULL ) {+ _plug_strdup(utils,"",&settings->ldap_passwd,NULL);
+ }
+ utils->getopt(utils->getopt_context,"LDAPAUXPROP", "ldap_hostnames", (const char **) &settings->ldap_hostnames, NULL);
+ if ( settings->ldap_hostnames == NULL ) {+ _plug_strdup(utils,"",&settings->ldap_hostnames,NULL);
+ }
+
+/* this probably came in in openldap v2 so lets not have it unless it exists */
+#ifdef LDAP_OPT_DEREF
+ /* get alias deref type but set to default first */
+ settings->ldap_alias_deref = LDAP_DEREF_NEVER;
+ utils->getopt(utils->getopt_context,"LDAPAUXPROP", "ldap_alias_deref", (const char **) &verbose_test, NULL);
+ if ( verbose_test != NULL ) {+ if (*verbose_test == 'n' || *verbose_test =='N')
+ { settings->ldap_alias_deref=LDAP_DEREF_NEVER; }+ if (*verbose_test == 's' || *verbose_test =='S')
+ { settings->ldap_alias_deref=LDAP_DEREF_SEARCHING; }+ if (*verbose_test == 'f' || *verbose_test =='F')
+ { settings->ldap_alias_deref=LDAP_DEREF_FINDING; }+ if (*verbose_test == 'a' || *verbose_test =='A')
+ { settings->ldap_alias_deref=LDAP_DEREF_ALWAYS; }+ }
+#endif /* LDAP_OPT_DEREF */
+
+ utils->getopt(utils->getopt_context,"LDAPAUXPROP", "ldap_filter", (const char **) &settings->ldap_filter, NULL);
+ if ( settings->ldap_filter == NULL ) {+ _plug_strdup(utils,"",&settings->ldap_filter,NULL);
+ }
+ utils->getopt(utils->getopt_context,"LDAPAUXPROP", "ldap_basedn", (const char **) &settings->ldap_basedn, NULL);
+ if ( settings->ldap_basedn == NULL ) {+ _plug_strdup(utils,"",&settings->ldap_basedn,NULL);
+ }
+ settings->have_settings = 1;
+ }
+}
+
+
+/* returns the realm we should pretend to be in */
+static int parseuser(const sasl_utils_t *utils,
+ char **user, char **realm, const char *user_realm,
+ const char *serverFQDN, const char *input)
+{+ int ret;
+ char *r;
+
+ if(!user || !serverFQDN) {+ PARAMERROR( utils );
+ return SASL_BADPARAM;
+ }
+
+ r = strchr(input, '@');
+ if (!r) {+ /* hmmm, the user didn't specify a realm */
+ if(user_realm && user_realm[0]) {+ ret = _plug_strdup(utils, user_realm, realm, NULL);
+ } else {+ /* Default to serverFQDN */
+ ret = _plug_strdup(utils, serverFQDN, realm, NULL);
+ }
+
+ if (ret == SASL_OK) {+ ret = _plug_strdup(utils, input, user, NULL);
+ }
+ } else {+ r++;
+ ret = _plug_strdup(utils, r, realm, NULL);
+ *--r = '\0';
+ *user = utils->malloc(r - input + 1);
+ if (*user) {+ strncpy(*user, input, r - input +1);
+ } else {+ MEMERROR( utils );
+ ret = SASL_NOMEM;
+ }
+ *r = '@';
+ }
+
+ return ret;
+}
+
+
+/* from Scot W. Hetzel <hetzels at westbend.net>
+** this is for comptabilty with openldap 1 and 2
+*/
+#ifdef LDAP_VENDOR_VERSION
+#define SASL_ldap_search_ext_s(ld, base, scope, filter, attrs, attrsonly, serverctrls, clientctrls, timeout, sizelimit, res) \
+ ldap_search_ext_s(ld, base, scope, filter, attrs, attrsonly, serverctrls, clientctrls, timeout, sizelimit, res)
+#define SASL_ldap_memfree(dn) ldap_memfree(dn)
+#else
+#define SASL_ldap_search_ext_s(ld, base, scope, filter, attrs, attrsonly, serverctrls, clientctrls, timeout, sizelimit, res) \
+ ldap_search_st(ld, base, scope, filter, attrs, attrsonly, timeout, res)
+#define SASL_ldap_memfree(dn) sparams->utils->free(dn)
+#endif
+
+
+
+static void ldap_auxprop_lookup(void *glob_context,
+ sasl_server_params_t *sparams,
+ unsigned flags,
+ const char *user,
+ unsigned ulen)
+{+ char *userid = NULL;
+ /* realm could be used for something clever */
+ char *realm = NULL;
+ const char *user_realm = NULL;
+ const struct propval *to_fetch, *cur;
+ char value[8192];
+ size_t value_len = 0;
+
+ char *user_buf;
+ char *cur_prop;
+
+ char *filter = NULL;
+ struct ldap_settings *settings;
+ LDAP *ld = NULL;
+ int attrs_index = 0;
+ LDAPMessage *result,*entry;
+ BerElement *berptr;
+ struct berval **berval = NULL;
+ char *attrs[100];
+
+ if(!sparams || !user) return;
+
+ /* setup the settings */
+ settings = (struct ldap_settings *)glob_context;
+ ldap_get_settings(sparams->utils,glob_context);
+ /* MOVE BELOW TO PARSEUSER function */
+
+ user_buf = sparams->utils->malloc(ulen + 1);
+ if(!user_buf)
+ goto done;
+
+ memcpy(user_buf, user, ulen);
+ user_buf[ulen] = '\0';
+
+ if(sparams->user_realm) {+ user_realm = sparams->user_realm;
+ } else {+ user_realm = sparams->serverFQDN;
+ }
+
+ if ( parseuser(sparams->utils, &userid, &realm, user_realm,
+ sparams->serverFQDN, user_buf) != SASL_OK ) goto done;
+
+ /*************************************/
+
+ /* find out what we need to get */
+ /* this corrupts const char *user */
+ to_fetch = sparams->utils->prop_get(sparams->propctx);
+ if(!to_fetch) goto done;
+
+ /* now loop around hostnames till we get a connection
+ ** it should probably save the connection but for
+ ** now we will just disconnect eveyrtime
+ */
+
+ /***************************************/
+ /* Make a connection to an ldap server */
+ if ( settings->ldap_verbose )
+ sparams->utils->log(NULL, SASL_LOG_WARN,
+ "ldap plugin trying hostnames %s\n",settings->ldap_hostnames);
+ if ( (ld = ldap_host_connect(settings->ldap_hostnames)) == NULL ) {+ sparams->utils->log(NULL, SASL_LOG_WARN, "ldap plugin failed to connect to a server\n");
+ goto done;
+ }
+#ifdef LDAP_OPT_DEREF
+ /* Ok lets set the dereferensing alias mode */
+ if (ldap_set_option(ld, LDAP_OPT_DEREF, (void *) &settings->ldap_alias_deref) != LDAP_OPT_SUCCESS) {+ sparams->utils->log(NULL, SASL_LOG_WARN, "ldap plugin failed to set dereferensing aliases mode\n");
+ goto done;
+ }
+#endif /* LDAP_OPT_DEREF */
+ if ( settings->ldap_verbose )
+ sparams->utils->log(NULL, SASL_LOG_WARN,
+ "ldap plugin trying binding as %s with %s\n",settings->ldap_user,settings->ldap_passwd);
+ /* bind as user given */
+ if (ldap_simple_bind_s(ld,settings->ldap_user,settings->ldap_passwd) != LDAP_SUCCESS) {+ sparams->utils->log(NULL, SASL_LOG_WARN, "ldap plugin failed to bind as user given\n");
+ goto done;
+ }
+ /***************************************/
+ /* create a list of attributes we want */
+ for(cur = to_fetch; cur->name; cur++) {+ /* Only look up properties that apply to this lookup! */
+#ifdef SASL_AUXPROP_AUTHZID
+ if(cur->name[0] == '*' && (flags & SASL_AUXPROP_AUTHZID)) continue;
+ if(!(flags & SASL_AUXPROP_AUTHZID) && cur->name[0] != '*') {+ continue;
+ }
+#endif
+ /* If it's there already, we want to see if it needs to be
+ * overridden */
+ if(cur->values && !(flags & SASL_AUXPROP_OVERRIDE))
+ continue;
+ else if(cur->values)
+ sparams->utils->prop_erase(sparams->propctx, cur->name);
+ /* add it to the list */
+ /* +++++++ need to allocate some memory for all this */
+ if ( settings->ldap_verbose )
+ sparams->utils->log(NULL, SASL_LOG_WARN, "looking for value %s\n",cur->name);
+#ifdef SASL_AUXPROP_AUTHZID
+ if(!(flags & SASL_AUXPROP_AUTHZID) && cur->name[0] == '*' ) {+ attrs[attrs_index++] = (char *)cur->name+1;
+ } else {+#endif
+ attrs[attrs_index++] = (char *)cur->name;
+#ifdef SASL_AUXPROP_AUTHZID
+ }
+#endif
+ if ( attrs_index > 99 ) {+ sparams->utils->log(NULL, SASL_LOG_WARN, "ldap plugin more than 100 properties\n");
+ break;
+ }
+ }
+ /* make the last bit null to signify end as not all
+ ** unices null memory
+ ** bug found by
+ ** by Birger Toedtmann birger-takatukaland.de
+ */
+ attrs[attrs_index++] = NULL;
+ /*****************************************/
+ /* create a filter to find the user info */
+ filter = ldap_create_filter(sparams,settings->ldap_filter,userid,realm);
+ if ( settings->ldap_verbose )
+ sparams->utils->log(NULL, SASL_LOG_WARN,
+ "ldap plugin doing filter %s\n",filter);
+ /* run this filter and get the properties */
+ /* Now do the search */
+ if (SASL_ldap_search_ext_s(ld,settings->ldap_basedn, LDAP_SCOPE_SUBTREE, filter,
+ attrs, 0, NULL, NULL, LDAP_NO_LIMIT, 1, &result) !=
+ LDAP_SUCCESS) {+ sparams->utils->free(filter);
+ goto done;
+ }
+
+ /* Get the property name and value for everything */
+ /* Now get the entry from the search results */
+ if ( (entry = ldap_first_entry(ld, result)) ==NULL) {+ sparams->utils->free(filter);
+ SASL_ldap_memfree(result);
+ goto done;
+ }
+
+ /* free filter */
+ sparams->utils->free(filter);
+
+ /* now get the results set value and value_len */
+ cur_prop = ldap_first_attribute(ld, entry,&berptr);
+
+ while ( cur_prop != NULL ) {+ berval = ldap_get_values_len(ld,entry,cur_prop);
+ strncpy(value,berval[0]->bv_val,8190);
+ value_len = berval[0]->bv_len;
+
+ if ( settings->ldap_verbose )
+ sparams->utils->log(NULL, SASL_LOG_WARN,
+ "ldap plugin setting property %s to value %s\n",cur_prop,value);
+ sparams->utils->prop_set(sparams->propctx, cur_prop,
+ value, value_len);
+ ldap_value_free_len(berval);
+ cur_prop = ldap_next_attribute(ld, entry, berptr);
+ }
+ ber_memfree(berptr);
+
+ done:
+ if (ld) ldap_unbind(ld);
+ if (userid) sparams->utils->free(userid);
+ if (realm) sparams->utils->free(realm);
+ if (user_buf) sparams->utils->free(user_buf);
+}
+
+static void ldap_auxprop_free(void *glob_context, const sasl_utils_t *utils) {+ struct ldap_settings *settings;
+ settings = (struct ldap_settings *)glob_context;
+ utils->log(NULL, SASL_LOG_DEBUG, "ldap freeing meme\n");
+ utils->free(settings->ldap_user);
+ utils->free(settings->ldap_passwd);
+ utils->free(settings->ldap_hostnames);
+ utils->free(settings->ldap_filter);
+ utils->free(settings);
+}
+
+static sasl_auxprop_plug_t ldap_auxprop_plugin = {+ 0, /* Features */
+ 0, /* spare */
+ NULL, /* glob_context */
+ ldap_auxprop_free, /* auxprop_free */
+ ldap_auxprop_lookup, /* auxprop_lookup */
+ NULL, /* spares */
+ NULL
+};
+
+int ldapauxprop_auxprop_plug_init(const sasl_utils_t *utils,
+ int max_version,
+ int *out_version,
+ sasl_auxprop_plug_t **plug,
+ const char *plugname)
+{+ struct ldap_settings *settings;
+ if(!out_version || !plug) return SASL_BADPARAM;
+
+ /* We only support the "LDAP" plugin */
+ if(plugname && strcmp(plugname, "ldapauxprop")) return SASL_NOMECH;
+
+ if(max_version < SASL_AUXPROP_PLUG_VERSION) return SASL_BADVERS;
+ *out_version = SASL_AUXPROP_PLUG_VERSION;
+
+ *plug = &ldap_auxprop_plugin;
+
+ /* should I get config values here or not
+ ** only testing will tell
+ ** ok we need to get some options
+ **
+ */
+
+ settings = (struct ldap_settings *)utils->malloc(sizeof(struct ldap_settings));
+ ldap_auxprop_plugin.glob_context = settings;
+ settings->have_settings = 0;
+
+
+ return SASL_OK;
+}
--- ./lib/staticopen.h.orig Tue Sep 10 18:17:37 2002
+++ ./lib/staticopen.h Sun Dec 29 20:51:40 2002
@@ -119,6 +119,9 @@
#ifdef STATIC_SASLDB
extern SPECIFIC_AUXPROP_PLUG_INIT_PROTO( sasldb );
#endif
+#ifdef STATIC_LDAPAUXPROP
+extern SPECIFIC_AUXPROP_PLUG_INIT_PROTO( ldapauxprop);
+#endif
#ifdef STATIC_MYSQL
extern SPECIFIC_AUXPROP_PLUG_INIT_PROTO( mysql );
#endif
@@ -169,6 +172,9 @@
#endif
#ifdef STATIC_MYSQL
SPECIFIC_AUXPROP_PLUG_INIT( mysql, "MYSQL" ),
+#endif
+#ifdef STATIC_LDAPAUXPROP
+ SPECIFIC_AUXPROP_PLUG_INIT( ldapauxprop, "LDAPAUXPROP" ),
#endif
{ UNKNOWN, NULL, NULL }};
--- ./doc/options.html.orig Mon Dec 30 22:15:57 2002
+++ ./doc/options.html Sun Dec 29 22:20:01 2002
@@ -130,6 +130,59 @@
valid value for "<tt>mysql_statement</tt>".
<hr>
+
+
+
+
+<h4>Ldap auxprop options</h4><br>
+
+<p><b>important note:</b>The auxprop will crash (SEGV) if the ldap libraries
+ are compiled against cyrus sasl Version 1.(see code for details)<br>
+
+ <p> The plugin uses the following options:-<br>
+<br>
+<p>
+ ldap_user: (username to login as)<br>
+ ldap_passwd: (password to use)<br>
+ ldap_hostnames: (comma separated host list)<br>
+ ldap_filter: (filter to get to users password)<br>
+ ldap_basedn: (basedn for the search)<br>
+ ldap_verbose: (if it exists will print information to syslog)<br>
+
+<p>The filter used in the option ldap_filter is parsed
+ for 2 place holders %u and %r they are replaced with username
+ and realm required respectively.
+<br>
+<font color=red>DO NOT PUT "' quotes around the filter</font>
+<br>
+
+<br>
+<p>
+ %u is the username the user logged in as<br>
+ %r is the realm which could be the kerbros realm, the FQDN of the
+ computer the sasl app is on or what ever is after the @ on a username.<br>
+<br>
+
+<pre>
+ ldap_filter: uid=%u
+ ldap_filter: uid=%s,domain=%r,o=SURF
+</pre>
+
+<br><p>
+ If something matches the filter the code
+ will try and retrieve all properties requested.
+ Usually userPassword and cmusaslsecretMECHNAME where
+ MECHNAME is the name of a mechanism.
+<p>
+
+ ldap_hostnames: Can understands url type input.
+<pre>
+ e.g. ldap:ldap.surf.org.uk:344,ldaps:secureldap.surf.org.uk
+</pre>
+
+
+
+
Back to the <A href=index.html>index</a>
</body>
--- ./acconfig.h.orig Tue Sep 10 18:17:32 2002
+++ ./acconfig.h Sun Dec 29 21:56:19 2002
@@ -75,6 +75,9 @@
#undef STATIC_SASLDB
#undef STATIC_SRP
+/* auxprop mechs we can link staticly? */
+#undef STATIC_LDAPAUXPROP
+
/* This is where plugins will live at runtime */
#undef PLUGINDIR
--- ./configure.in.orig Fri Dec 6 16:23:56 2002
+++ ./configure.in Mon Dec 30 05:03:04 2002
@@ -646,6 +646,53 @@
esac
AC_SUBST(LIB_MYSQL)
+
+########################################################################
+# Simon tries to do autoconf for ldap (has a book now)
+
+dnl LDAP
+AC_ARG_WITH(ldapauxprop, [ --with-ldapauxprop=PATH enable authentication from LDAP [no] ],
+ with_ldapauxprop=$withval,
+ with_ldapauxprop=no)
+
+if test "$with_ldapauxprop" = "yes"; then
+ for ldaploc in lib/ldap lib
+ do
+ if test -f ${prefix}/${ldaploc}/libldap.a; then+ with_ldapauxprop="${prefix}"+ break
+ elif test -f /usr/local/${ldaploc}/libldap.a; then+ with_ldapauxprop="/usr/local"
+ break
+ elif test -f /usr/${ldaploc}/libldap.a; then+ with_ldapauxprop="/usr"
+ break
+ fi
+ done
+fi
+
+case "$with_ldapauxprop" in
+ no) true;;
+ *)
+ if test -d ${with_ldapauxprop}/include/ldap; then+ CPPFLAGS="${CPPFLAGS} -I${with_ldapauxprop}/include/ldap"+ LDFLAGS="$LDFLAGS -L${with_ldapauxprop}/lib/ldap"+ else
+ CPPFLAGS="${CPPFLAGS} -I${with_ldapauxprop}/include"+ LDFLAGS="$LDFLAGS -L${with_ldapauxprop}/lib"+ fi
+ AC_CHECK_LIB(ldap, ldap_open,[
+ SASL_MECHS="$SASL_MECHS libldapauxprop.la"
+ SASL_STATIC_OBJS="$SASL_STATIC_OBJS ../plugins/ldapauxprop.o"
+ AC_DEFINE(STATIC_LDAPAUXPROP)],
+ [AC_ERROR([LDAP libarary ldap and lber not found])],
+ [-llber -lssl -lcrypto]);;
+esac
+AC_SUBST(LIB_LDAP)
+
+
+
+
# simon finishes trying to do autoconf
###############################################################################