X-Git-Url: https://git.sur5r.net/?a=blobdiff_plain;ds=sidebyside;f=libraries%2Flibldap%2Finit.c;h=cf49633cb9045f32e0cd673352fb92b4d7a5c140;hb=dd733e163a74db2968107b75e14f8705417b02c5;hp=03fee191de20c21244f775bea2e579ae8ebfb1e8;hpb=77b235fba53850c4d498284fb886357c857e92b9;p=openldap diff --git a/libraries/libldap/init.c b/libraries/libldap/init.c index 03fee191de..cf49633cb9 100644 --- a/libraries/libldap/init.c +++ b/libraries/libldap/init.c @@ -26,8 +26,10 @@ struct ldapoptions ldap_int_global_options = #define ATTR_INT 2 #define ATTR_KV 3 #define ATTR_STRING 4 -#define ATTR_TLS 5 -#define ATTR_URIS 6 +#define ATTR_URIS 5 + +#define ATTR_SASL 6 +#define ATTR_TLS 7 struct ol_keyvalue { const char * key; @@ -59,26 +61,35 @@ static const struct ol_attribute { offsetof(struct ldapoptions, ldo_defbinddn)}, {0, ATTR_STRING, "BASE", NULL, offsetof(struct ldapoptions, ldo_defbase)}, - {0, ATTR_INT, "PORT", NULL, + {0, ATTR_INT, "PORT", NULL, /* deprecated */ offsetof(struct ldapoptions, ldo_defport)}, - /* **** keep this around for backward compatibility */ - {0, ATTR_URIS, "HOST", NULL, 1}, - /* **** */ - {0, ATTR_URIS, "URI", NULL, 0}, + {0, ATTR_URIS, "HOST", NULL, 1}, /* deprecated */ + {0, ATTR_URIS, "URI", NULL, 0}, /* replaces HOST/URI */ {0, ATTR_BOOL, "REFERRALS", NULL, LDAP_BOOL_REFERRALS}, {0, ATTR_BOOL, "RESTART", NULL, LDAP_BOOL_RESTART}, + +#ifdef HAVE_CYRUS_SASL + {1, ATTR_STRING, "SASL_MECH", NULL, + offsetof(struct ldapoptions, ldo_def_sasl_mech)}, + {1, ATTR_STRING, "SASL_REALM", NULL, + offsetof(struct ldapoptions, ldo_def_sasl_realm)}, + {1, ATTR_STRING, "SASL_AUTHCID", NULL, + offsetof(struct ldapoptions, ldo_def_sasl_authcid)}, + {1, ATTR_STRING, "SASL_AUTHZID", NULL, + offsetof(struct ldapoptions, ldo_def_sasl_authzid)}, + {0, ATTR_SASL, "SASL_SECPROPS", NULL, LDAP_OPT_X_SASL_SECPROPS}, +#endif + +#ifdef HAVE_TLS {0, ATTR_TLS, "TLS", NULL, LDAP_OPT_X_TLS}, - {0, ATTR_TLS, "TLS_CERT", NULL, LDAP_OPT_X_TLS_CERTFILE}, - {0, ATTR_TLS, "TLS_KEY", NULL, LDAP_OPT_X_TLS_KEYFILE}, + {1, ATTR_TLS, "TLS_CERT", NULL, LDAP_OPT_X_TLS_CERTFILE}, + {1, ATTR_TLS, "TLS_KEY", NULL, LDAP_OPT_X_TLS_KEYFILE}, {0, ATTR_TLS, "TLS_CACERT", NULL, LDAP_OPT_X_TLS_CACERTFILE}, {0, ATTR_TLS, "TLS_CACERTDIR",NULL, LDAP_OPT_X_TLS_CACERTDIR}, {0, ATTR_TLS, "TLS_REQCERT", NULL, LDAP_OPT_X_TLS_REQUIRE_CERT}, -#ifdef HAVE_CYRUS_SASL - {0, ATTR_INT, "SASL_MINSSF", NULL, - offsetof(struct ldapoptions, ldo_sasl_minssf)}, - {0, ATTR_INT, "SASL_MAXSSF", NULL, - offsetof(struct ldapoptions, ldo_sasl_maxssf)}, + {0, ATTR_TLS, "TLS_RANDFILE", NULL, LDAP_OPT_X_TLS_RANDOM_FILE}, #endif + {0, ATTR_NONE, NULL, NULL, 0} }; @@ -200,11 +211,6 @@ static void openldap_ldap_init_w_conf( if (* (char**) p != NULL) LDAP_FREE(* (char**) p); * (char**) p = LDAP_STRDUP(opt); break; - case ATTR_TLS: -#ifdef HAVE_TLS - ldap_pvt_tls_config( gopts, attrs[i].offset, opt ); -#endif - break; case ATTR_URIS: if (attrs[i].offset == 0) { ldap_set_option( NULL, LDAP_OPT_URI, opt ); @@ -212,7 +218,18 @@ static void openldap_ldap_init_w_conf( ldap_set_option( NULL, LDAP_OPT_HOST_NAME, opt ); } break; + case ATTR_SASL: +#ifdef HAVE_CYRUS_SASL + ldap_int_sasl_config( gopts, attrs[i].offset, opt ); +#endif + break; + case ATTR_TLS: +#ifdef HAVE_TLS + ldap_int_tls_config( gopts, attrs[i].offset, opt ); +#endif + break; } + break; } } @@ -334,11 +351,6 @@ static void openldap_ldap_init_w_env( * (char**) p = LDAP_STRDUP(value); } break; - case ATTR_TLS: -#ifdef HAVE_TLS - ldap_pvt_tls_config( gopts, attrs[i].offset, value ); -#endif - break; case ATTR_URIS: if (attrs[i].offset == 0) { ldap_set_option( NULL, LDAP_OPT_URI, value ); @@ -346,6 +358,16 @@ static void openldap_ldap_init_w_env( ldap_set_option( NULL, LDAP_OPT_HOST_NAME, value ); } break; + case ATTR_SASL: +#ifdef HAVE_CYRUS_SASL + ldap_int_sasl_config( gopts, attrs[i].offset, value ); +#endif + break; + case ATTR_TLS: +#ifdef HAVE_TLS + ldap_int_tls_config( gopts, attrs[i].offset, value ); +#endif + break; } } } @@ -381,34 +403,45 @@ void ldap_int_initialize_global_options( struct ldapoptions *gopts, int *dbglvl LDAP_BOOL_SET(gopts, LDAP_BOOL_REFERRALS); +#ifdef HAVE_CYRUS_SASL + gopts->ldo_def_sasl_mech = NULL; + gopts->ldo_def_sasl_realm = NULL; + gopts->ldo_def_sasl_authcid = NULL; + gopts->ldo_def_sasl_authzid = NULL; + + memset( &gopts->ldo_sasl_secprops, '\0', sizeof(gopts->ldo_sasl_secprops) ); + + gopts->ldo_sasl_secprops.max_ssf = INT_MAX; + gopts->ldo_sasl_secprops.maxbufsize = 65536; + gopts->ldo_sasl_secprops.security_flags = SASL_SEC_NOPLAINTEXT|SASL_SEC_NOANONYMOUS; +#endif + #ifdef HAVE_TLS gopts->ldo_tls_ctx = NULL; #endif -#ifdef HAVE_CYRUS_SASL - gopts->ldo_sasl_minssf = 0; - gopts->ldo_sasl_maxssf = INT_MAX; -#endif gopts->ldo_valid = LDAP_INITIALIZED; return; } +#if defined(LDAP_API_FEATURE_X_OPENLDAP_V2_KBIND) \ + || defined(HAVE_TLS) || defined(HAVE_CYRUS_SASL) +char * ldap_int_hostname = NULL; +#endif + void ldap_int_initialize( struct ldapoptions *gopts, int *dbglvl ) { if ( gopts->ldo_valid == LDAP_INITIALIZED ) { return; } - ldap_int_utils_init(); - -#ifdef HAVE_TLS - ldap_pvt_tls_init(); +#if defined(LDAP_API_FEATURE_X_OPENLDAP_V2_KBIND) \ + || defined(HAVE_TLS) || defined(HAVE_CYRUS_SASL) + ldap_int_hostname = ldap_pvt_get_fqdn( ldap_int_hostname ); #endif -#ifdef HAVE_CYRUS_SASL - ldap_pvt_sasl_init(); -#endif + ldap_int_utils_init(); if ( ldap_int_tblsize == 0 ) ldap_int_ip_init(); @@ -419,6 +452,21 @@ void ldap_int_initialize( struct ldapoptions *gopts, int *dbglvl ) return; } +#ifdef HAVE_CYRUS_SASL + { + /* set authentication identity to current user name */ + char *user = getenv("USER"); + + if( user == NULL ) user = getenv("USERNAME"); + if( user == NULL ) user = getenv("LOGNAME"); + + if( user != NULL ) { + /* this value is leaked, need at_exit() handler */ + gopts->ldo_def_sasl_authcid = LDAP_STRDUP( user ); + } + } +#endif + openldap_ldap_init_w_sysconf(LDAP_CONF_FILE); openldap_ldap_init_w_userconf(LDAP_USERRC_FILE); @@ -449,4 +497,6 @@ void ldap_int_initialize( struct ldapoptions *gopts, int *dbglvl ) } openldap_ldap_init_w_env(gopts, NULL); + + ldap_int_sasl_init(); }