diff options
| author | Martin Nagy <mnagy@redhat.com> | 2009-08-04 12:07:42 +0200 |
|---|---|---|
| committer | Martin Nagy <mnagy@redhat.com> | 2009-08-04 16:51:10 +0200 |
| commit | 9af41d8186eb9c7031529f8ac79305e455e7c6c6 (patch) | |
| tree | 8f25e94da225ff2d62ef87c42c111885cf1d0db6 | |
| parent | 8adf6d5b56d036bd9a3c08e999bf3f0ecfe3c4a1 (diff) | |
| download | ldap_driver-9af41d8186eb9c7031529f8ac79305e455e7c6c6.tar.gz ldap_driver-9af41d8186eb9c7031529f8ac79305e455e7c6c6.tar.xz ldap_driver-9af41d8186eb9c7031529f8ac79305e455e7c6c6.zip | |
Consolidate the SASL authentication
* Change the default authentication method to GSSAPI
* Add "sasl_auth_name" setting for SASL_CB_AUTHNAME
* Add "sasl_password" setting for SASL_CB_PASS to be used instead of
ordinary password, which will now be only used for simple
authentication
| -rw-r--r-- | src/ldap_helper.c | 23 |
1 files changed, 15 insertions, 8 deletions
diff --git a/src/ldap_helper.c b/src/ldap_helper.c index b4152d3..c15e2a0 100644 --- a/src/ldap_helper.c +++ b/src/ldap_helper.c @@ -129,7 +129,9 @@ struct ldap_instance { ld_string_t *password; ld_string_t *sasl_mech; ld_string_t *sasl_user; + ld_string_t *sasl_auth_name; ld_string_t *sasl_realm; + ld_string_t *sasl_password; ld_string_t *krb5_keytab; }; @@ -290,9 +292,11 @@ new_ldap_instance(isc_mem_t *mctx, const char *db_name, { "auth_method", default_string("none") }, { "bind_dn", default_string("") }, { "password", default_string("") }, - { "sasl_mech", default_string("ANONYMOUS") }, + { "sasl_mech", default_string("GSSAPI") }, { "sasl_user", default_string("") }, + { "sasl_auth_name", default_string("") }, { "sasl_realm", default_string("") }, + { "sasl_password", default_string("") }, { "krb5_keytab", default_string("") }, end_of_settings }; @@ -326,7 +330,9 @@ new_ldap_instance(isc_mem_t *mctx, const char *db_name, CHECK(str_new(mctx, &ldap_inst->password)); CHECK(str_new(mctx, &ldap_inst->sasl_mech)); CHECK(str_new(mctx, &ldap_inst->sasl_user)); + CHECK(str_new(mctx, &ldap_inst->sasl_auth_name)); CHECK(str_new(mctx, &ldap_inst->sasl_realm)); + CHECK(str_new(mctx, &ldap_inst->sasl_password)); CHECK(str_new(mctx, &ldap_inst->krb5_keytab)); i = 0; @@ -339,7 +345,9 @@ new_ldap_instance(isc_mem_t *mctx, const char *db_name, ldap_settings[i++].target = ldap_inst->password; ldap_settings[i++].target = ldap_inst->sasl_mech; ldap_settings[i++].target = ldap_inst->sasl_user; + ldap_settings[i++].target = ldap_inst->sasl_auth_name; ldap_settings[i++].target = ldap_inst->sasl_realm; + ldap_settings[i++].target = ldap_inst->sasl_password; ldap_settings[i++].target = ldap_inst->krb5_keytab; CHECK(set_settings(ldap_settings, argv)); @@ -423,7 +431,8 @@ destroy_ldap_instance(ldap_instance_t **ldap_instp) str_destroy(&ldap_inst->password); str_destroy(&ldap_inst->sasl_mech); str_destroy(&ldap_inst->sasl_user); - str_destroy(&ldap_inst->sasl_realm); + str_destroy(&ldap_inst->sasl_auth_name); + str_destroy(&ldap_inst->sasl_password); str_destroy(&ldap_inst->krb5_keytab); semaphore_destroy(&ldap_inst->conn_semaphore); @@ -1458,18 +1467,16 @@ ldap_sasl_interact(LDAP *ld, unsigned flags, void *defaults, void *sin) in->len = str_len(ldap_inst->sasl_realm); ret = LDAP_SUCCESS; break; -#if 0 case SASL_CB_AUTHNAME: log_debug(4, "got request for SASL_CB_AUTHNAME"); - in->result = str_buf(ldap_inst->sasl_user); - in->len = str_len(ldap_inst->sasl_user); + in->result = str_buf(ldap_inst->sasl_auth_name); + in->len = str_len(ldap_inst->sasl_auth_name); ret = LDAP_SUCCESS; break; -#endif case SASL_CB_PASS: log_debug(4, "got request for SASL_CB_PASS"); - in->result = str_buf(ldap_inst->password); - in->len = str_len(ldap_inst->password); + in->result = str_buf(ldap_inst->sasl_password); + in->len = str_len(ldap_inst->sasl_password); ret = LDAP_SUCCESS; break; default: |