View | Details | Raw Unified | Return to bug 51757
Collapse All | Expand All

(-)clean/httpd-2.2.15/modules/ldap/util_ldap.c (-3 / +62 lines)
Lines 32-37 Link Here
32
#include "util_ldap_cache.h"
32
#include "util_ldap_cache.h"
33
33
34
#include <apr_strings.h>
34
#include <apr_strings.h>
35
#include <sasl/sasl.h>
35
36
36
#if APR_HAVE_UNISTD_H
37
#if APR_HAVE_UNISTD_H
37
#include <unistd.h>
38
#include <unistd.h>
Lines 73-78 Link Here
73
        apr_global_mutex_unlock(st->util_ldap_cache_lock);      \
74
        apr_global_mutex_unlock(st->util_ldap_cache_lock);      \
74
} while (0)
75
} while (0)
75
76
77
#ifdef SASL_H
78
typedef struct {
79
	const char *passwd;
80
	const char *realm;
81
	const char *authzid;
82
	request_rec *request;
83
} uldap_sasl_ctx;
84
#endif
85
76
static void util_ldap_strdup (char **str, const char *newstr)
86
static void util_ldap_strdup (char **str, const char *newstr)
77
{
87
{
78
    if (*str) {
88
    if (*str) {
Lines 330-335 Link Here
330
    return(rc);
340
    return(rc);
331
}
341
}
332
342
343
#ifdef SASL_H
344
static int uldap_sasl_interact(LDAP *ldap, unsigned flags, void *defaults, void *in)
345
{
346
	sasl_interact_t *interact = in;
347
	uldap_sasl_ctx *ctx = defaults;
348
	const char *p;
349
350
	for (;interact->id != SASL_CB_LIST_END;interact++) {
351
		p = NULL;
352
		switch(interact->id) {
353
			case SASL_CB_GETREALM:
354
				p = ctx->realm;
355
				break;
356
			case SASL_CB_AUTHNAME:
357
				p = ctx->request->user;
358
				break;
359
			case SASL_CB_USER:
360
				p = ctx->authzid;
361
				break;
362
			case SASL_CB_PASS:
363
				p = ctx->passwd;
364
				break;
365
		}
366
		if (p) {
367
			interact->result = p;
368
			interact->len = strlen(interact->result);
369
		}
370
	}
371
	return LDAP_SUCCESS;
372
}
373
374
static int uldap_sasl_bind(request_rec *r, util_ldap_connection_t *ldc, const char *bindpw, const char *binddn)
375
{
376
	int rc;
377
	uldap_sasl_ctx ctx;
378
379
	ctx.passwd=bindpw;
380
	ctx.realm=NULL;
381
	ctx.authzid=NULL;
382
	ctx.request=r;
383
384
	rc = ldap_sasl_interactive_bind_s(ldc->ldap, binddn, "PLAIN", NULL, NULL, LDAP_SASL_QUIET, uldap_sasl_interact, &ctx);
385
386
	if (rc != LDAP_SUCCESS) {
387
		ap_log_error(APLOG_MARK, APLOG_ERR, 0, r->server, "LDAP: SASL Failed %s", ldap_err2string(rc));
388
		rc = ldap_simple_bind_s(ldc->ldap, binddn, bindpw);
389
	}
390
	return rc;
391
}
392
#endif
393
333
/*
394
/*
334
 * Connect to the LDAP server and binds. Does not connect if already
395
 * Connect to the LDAP server and binds. Does not connect if already
335
 * connected (i.e. ldc->ldap is non-NULL.) Does not bind if already bound.
396
 * connected (i.e. ldc->ldap is non-NULL.) Does not bind if already bound.
Lines 1023-1031 Link Here
1023
     * fails, it means that the password is wrong (the dn obviously
1084
     * fails, it means that the password is wrong (the dn obviously
1024
     * exists, since we just retrieved it)
1085
     * exists, since we just retrieved it)
1025
     */
1086
     */
1026
    result = ldap_simple_bind_s(ldc->ldap,
1087
    result = uldap_sasl_bind(r, ldc, bindpw, *binddn);
1027
                                (char *)*binddn,
1028
                                (char *)bindpw);
1029
    if (AP_LDAP_IS_SERVER_DOWN(result)) {
1088
    if (AP_LDAP_IS_SERVER_DOWN(result)) {
1030
        ldc->reason = "ldap_simple_bind_s() to check user credentials "
1089
        ldc->reason = "ldap_simple_bind_s() to check user credentials "
1031
                      "failed with server down";
1090
                      "failed with server down";

Return to bug 51757