summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorSimon Rettberg2015-10-27 10:56:07 +0100
committerSimon Rettberg2015-10-27 10:56:07 +0100
commit647920590050b62e67a01ef54c0524f9183566c0 (patch)
tree9dc057e1939e6bb9e1bdbc2ba7b2c74c9a09fb96
parentUpdate example config (diff)
downloadldadp-647920590050b62e67a01ef54c0524f9183566c0.tar.gz
ldadp-647920590050b62e67a01ef54c0524f9183566c0.tar.xz
ldadp-647920590050b62e67a01ef54c0524f9183566c0.zip
Fix mapping of AD attributes if no filter is given
-rw-r--r--proxy.c54
-rw-r--r--server.c1
2 files changed, 31 insertions, 24 deletions
diff --git a/proxy.c b/proxy.c
index 4246381..22b1e71 100644
--- a/proxy.c
+++ b/proxy.c
@@ -46,7 +46,7 @@ static struct string s_objectClass, s_homeDirectory, s_gidNumber, s_gecos, s_cn,
static struct string s_loginShell, s_uidNumber, s_mail, s_objectCategory, s_memberOf, s_distinguishedName;
// Some again in lowercase
static struct string s_homemount, s_memberuid, s_realaccount, s_objectclass, s_homedirectory, s_gidnumber;
-static struct string s_uidnumber, s_memberof, s_distinguishedname;
+static struct string s_uidnumber, s_memberof, s_distinguishedname, s_loginshell;
// Values
static struct string s_shadowAccount, s_posixAccount, s_posixGroup, s_3, s_1001, s_user, s_member;
// Feature query
@@ -410,7 +410,7 @@ static void request_replaceFilter(server_t *server, struct Filter **filter)
}
}
-#define elifSETATTR(x) else if (equals(&(*adl)->a, &s_ ## x)) attr->x = TRUE, next = (*adl)->next, free(*adl), *adl = next
+#define elifSETATTR(MATCH,TOSET) else if (iequals(&(*adl)->a, &s_ ## MATCH)) attr->TOSET = TRUE, next = (*adl)->next, free(*adl), *adl = next
static void request_replaceAdl(server_t *server, struct AttributeDescriptionList **adl, attr_t *attr)
{
if (server->plainLdap) {
@@ -420,11 +420,11 @@ static void request_replaceAdl(server_t *server, struct AttributeDescriptionList
while (*adl != NULL) {
struct AttributeDescriptionList *next = NULL;
if (attr == NULL) { }
- elifSETATTR(homeDirectory);
- elifSETATTR(gidNumber);
- elifSETATTR(gecos);
- elifSETATTR(realAccount);
- elifSETATTR(loginShell);
+ elifSETATTR(homedirectory, homeDirectory);
+ elifSETATTR(gidnumber, gidNumber);
+ elifSETATTR(gecos, gecos);
+ elifSETATTR(realaccount, realAccount);
+ elifSETATTR(loginshell, loginShell);
else request_replaceAttribute(server, &(*adl)->a, NULL, attr);
if (*adl == NULL) break;
if (next == NULL) adl = &(*adl)->next; // If next is not NULL, we removed an entry, so we don't need to shift
@@ -479,10 +479,10 @@ static void request_replaceAdlLdap(server_t *server, struct AttributeDescription
struct AttributeDescriptionList *next = NULL;
if (attr == NULL) { }
else if (iequals(&(*adl)->a, &s_homedirectory)) attr->homeDirectory = TRUE;
- elifSETATTR(gidNumber);
- elifSETATTR(gecos);
- elifSETATTR(realAccount);
- elifSETATTR(loginShell);
+ elifSETATTR(gidnumber, gidNumber);
+ elifSETATTR(gecos, gecos);
+ elifSETATTR(realaccount, realAccount);
+ elifSETATTR(loginshell, loginShell);
else request_replaceAttributeLdap(server, &(*adl)->a, NULL, attr);
if (*adl == NULL) break;
if (next == NULL) adl = &(*adl)->next; // If next is not NULL, we removed an entry, so we don't need to shift
@@ -567,8 +567,8 @@ static BOOL response_filterLocalHomeDir(struct PartialAttributeList *pal);
static struct PartialAttributeList* response_addPal(struct PartialAttributeList *pal, struct string *attribute, const char *format, ...);
#define ADDATTR(x,...) do { if (attr->x) *pal = response_addPal(*pal, &s_ ## x, __VA_ARGS__); } while (0)
-#define elifDELATTR(x) else if (equals(&(*pal)->type, &s_ ## x)) next = (*pal)->next, del = TRUE, attr->x = TRUE
-#define elifDEL(x) else if (equals(&(*pal)->type, &s_ ## x)) next = (*pal)->next, del = TRUE
+#define elifDELATTR(MATCH,FIELD) else if (iequals(&(*pal)->type, &s_ ## MATCH)) next = (*pal)->next, del = TRUE, attr->FIELD = TRUE
+#define elifDEL(MATCH) else if (iequals(&(*pal)->type, &s_ ## MATCH)) next = (*pal)->next, del = TRUE
static void response_replacePal(server_t *server, struct PartialAttributeList **pal, attr_t *attr)
{
if (server->plainLdap) {
@@ -581,14 +581,14 @@ static void response_replacePal(server_t *server, struct PartialAttributeList **
while (*pal != NULL) {
BOOL del = FALSE;
if (0) { } // Remove fields we don't want from AD
- elifDELATTR(gidNumber);
- elifDELATTR(gecos);
- elifDELATTR(loginShell);
- elifDELATTR(uidNumber);
+ elifDELATTR(gidnumber, gidNumber);
+ elifDELATTR(gecos, gecos);
+ elifDELATTR(loginshell, loginShell);
+ elifDELATTR(uidnumber, uidNumber);
elifDEL(mail);
- elifDELATTR(cn);
- elifDEL(memberOf);
- else if (equals(&(*pal)->type, &s_homeDirectory)) {
+ elifDELATTR(cn, cn);
+ elifDEL(memberof);
+ else if (iequals(&(*pal)->type, &s_homedirectory)) {
// homeDirectory is set in AD - it can either be a local path (in which case it's useless)
// or a UNC path, which we can easily mount via mount.cifs
if (!response_filterHomeDir(*pal)) {
@@ -748,11 +748,11 @@ static void response_replacePalLdap(server_t *server, struct PartialAttributeLis
while (*pal != NULL) {
BOOL del = FALSE;
if (0) { } // Remove fields we don't want from AD
- elifDELATTR(gidNumber);
- elifDELATTR(gecos);
- elifDELATTR(loginShell);
+ elifDELATTR(gidnumber, gidNumber);
+ elifDELATTR(gecos, gecos);
+ elifDELATTR(loginshell, loginShell);
elifDEL(mail);
- elifDELATTR(cn);
+ elifDELATTR(cn, cn);
elifDEL(memberOf);
else if (iequals(&(*pal)->type, &s_homedirectory)) {
// homeDirectory is set in LDAP - use if it's a local path
@@ -869,6 +869,9 @@ static BOOL proxy_clientSearchRequest(epoll_client_t *client, const unsigned lon
if (req.attributes == NULL) {
if (client->fixedServer == NULL) {
request_addDefaultAttributes(&req.attributes);
+ if (!server->plainLdap) {
+ request_replaceAdl(server, &req.attributes, &pending->attr);
+ }
}
memset(&pending->attr, -1, sizeof(pending->attr));
}
@@ -879,6 +882,7 @@ static BOOL proxy_clientSearchRequest(epoll_client_t *client, const unsigned lon
} else {
pending->serverMessageId = server_searchRequestOnConnection(client->fixedServer, &req);
}
+ helper_printal(req.attributes); // DEBUG
if (pending->serverMessageId == 0) {
// Failed to forward.. TODO: Fail client
printf("Failed to forward search request.\n");
@@ -910,7 +914,9 @@ static BOOL proxy_serverSearchResult(epoll_server_t *server, const unsigned long
struct SearchResultEntry sre;
const size_t res = scan_ldapsearchresultentry(server->readBuffer + offset, server->readBuffer + maxLen, &sre);
if (res == 0) return FALSE;
+ helper_printpal(sre.attributes); // DEBUG
response_replacePal(server->serverData, &sre.attributes, &pending->attr);
+ helper_printpal(sre.attributes); // DEBUG
bodyLen = fmt_ldapsearchresultentry(NULL, &sre);
if (bodyLen == 0) {
printf("Error formatting ldapsearchresultentry after transformation\n");
diff --git a/server.c b/server.c
index c4eb37d..6382b31 100644
--- a/server.c
+++ b/server.c
@@ -170,6 +170,7 @@ BOOL server_initServers()
servers[i].sslContext = ssl_newClientCtx(servers[i].cabundle);
}
printf("%s:\n Bind: %s\n Base: %s\n", servers[i].addr, servers[i].bind, servers[i].base);
+ printf("Plain LDAP-LDAP: %d\n", (int)servers[i].plainLdap);
if (!server_ensureConnected(&servers[i]))
return FALSE;
}