diff options
| author | Simo Sorce <ssorce@redhat.com> | 2009-10-29 15:02:41 -0400 |
|---|---|---|
| committer | Stephen Gallagher <sgallagh@redhat.com> | 2009-10-29 16:05:13 -0400 |
| commit | 44685ff64447b7ad87c75aec478e5f21bd50b4b7 (patch) | |
| tree | b0c8b4e0054de890c006b0ad2486c99adbcc7b1c /server/providers/ldap/sdap.c | |
| parent | b79b1228de615c860df841670c9a882ca748f63a (diff) | |
| download | sssd-44685ff64447b7ad87c75aec478e5f21bd50b4b7.tar.gz sssd-44685ff64447b7ad87c75aec478e5f21bd50b4b7.tar.xz sssd-44685ff64447b7ad87c75aec478e5f21bd50b4b7.zip | |
Add support to get rootDSE from the LDAP server.
Also fic sdap_get_generic_send() to be a bit more "generic" :-)
Also figs bugs within it.
This patch allow us 2 good things.
A) we check that the server effectively supports GSSAPI auth before we try to
use it.
B) against IPA it substantially cuts delays when the server is offline because
it uses a 5 second async timeout on the connection and doesn't try to do a
slow synchronous kinit+sasl_bind if the server is not even available.
Diffstat (limited to 'server/providers/ldap/sdap.c')
| -rw-r--r-- | server/providers/ldap/sdap.c | 40 |
1 files changed, 37 insertions, 3 deletions
diff --git a/server/providers/ldap/sdap.c b/server/providers/ldap/sdap.c index 926869259..d0ea9ffd9 100644 --- a/server/providers/ldap/sdap.c +++ b/server/providers/ldap/sdap.c @@ -192,9 +192,9 @@ fail: } int sdap_parse_generic_entry(TALLOC_CTX *memctx, - struct sdap_handle *sh, - struct sdap_msg *sm, - struct sysdb_attrs **_attrs) + struct sdap_handle *sh, + struct sdap_msg *sm, + struct sysdb_attrs **_attrs) { struct sysdb_attrs *attrs; BerElement *ber = NULL; @@ -386,3 +386,37 @@ errno_t setup_tls_config(struct dp_option *basic_opts) return EOK; } + + +bool sdap_rootdse_sasl_mech_is_supported(struct sysdb_attrs *rootdse, + const char *sasl_mech) +{ + struct ldb_message_element *el = NULL; + struct ldb_val *val; + int i; + + for (i = 0; i < rootdse->num; i++) { + if (strcasecmp(rootdse->a[i].name, "supportedSASLMechanisms")) { + continue; + } + el = &rootdse->a[i]; + break; + } + + if (!el) { + /* no supported SASL Mechanism at all ? */ + return false; + } + + for (i = 0; i < el->num_values; i++) { + val = &el->values[i]; + if (strncasecmp(sasl_mech, (const char *)val->data, val->length)) { + continue; + } + return true; + } + + return false; +} + + |