summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorSimon Rettberg2017-12-13 17:04:17 +0100
committerSimon Rettberg2017-12-13 17:04:17 +0100
commitb92ac97a8bb9cd3761e77c128e1daedd07fefcc7 (patch)
treebf608bb930dae96db323641c87ee5f44fd853a5d
parentAlways send empty search replies for unknown queries, fixes sssd sudo queries (diff)
downloadldadp-b92ac97a8bb9cd3761e77c128e1daedd07fefcc7.tar.gz
ldadp-b92ac97a8bb9cd3761e77c128e1daedd07fefcc7.tar.xz
ldadp-b92ac97a8bb9cd3761e77c128e1daedd07fefcc7.zip
[proxy] More ugly hacks to support sssd for user names containing '@'
-rw-r--r--proxy.c41
1 files changed, 39 insertions, 2 deletions
diff --git a/proxy.c b/proxy.c
index 0eba792..e345ed9 100644
--- a/proxy.c
+++ b/proxy.c
@@ -25,9 +25,20 @@ typedef struct
BOOL uidNumber;
BOOL cn;
BOOL realAccount;
+ BOOL bogusFieldName42;
+ BOOL bogusFieldName43;
// Internal
BOOL hasUser;
} attr_t;
+/*
+ * The bogus fields can be used to map two arbitrary additional fields
+ * to the uid when searching for a user. It's currently used to handle
+ * sssd being smart and doing lookups for krbPrincipalName and mail
+ * when the authenticating user's name contains '@'
+ * For this reason the sssd.conf contains (in the ldap section):
+ * ldap_user_email = bogusFieldName42
+ * ldap_user_principal = bogusFieldName43
+ */
typedef struct
{
@@ -51,6 +62,8 @@ static struct string s_homedirectory, s_gidnumber, s_uidnumber, s_memberof, s_di
static struct string s_shadowAccount, s_posixAccount, s_posixGroup, s_3, s_1001, s_user, s_member;
// Feature query
static struct string s_namingContexts, s_supportedControl, s_supportedExtension, s_supportedFeatures, s_supportedLDAPVersion, s_lastUSN, s_highestCommittedUSN;
+static struct string s_bogusFieldName42, s_bogusFieldName43;
+static struct string s_bogusfieldname42, s_bogusfieldname43;
// Other
static struct string str_ADUSER, str_ADUSERDN;
@@ -148,6 +161,10 @@ void proxy_init()
SETSTR(uidnumber);
SETSTR(memberof);
SETSTR(distinguishedname);
+ SETSTR(bogusFieldName42);
+ SETSTR(bogusFieldName43);
+ SETSTR(bogusfieldname42);
+ SETSTR(bogusfieldname43);
// TODO: configurable
str_ADUSER.s = "ad_user";
str_ADUSER.l = strlen(str_ADUSER.s);
@@ -555,6 +572,18 @@ static BOOL request_replaceAttribute(server_t *server, struct string *attribute,
fixUnNumeric(value);
}
////// ###################
+ } else if (iequals(attribute, &s_bogusfieldname42)) {
+ if (attr) {
+ attr->bogusFieldName42 = TRUE;
+ return FALSE;
+ }
+ *attribute = server->map.uid;
+ } else if (iequals(attribute, &s_bogusfieldname43)) {
+ if (attr) {
+ attr->bogusFieldName43 = TRUE;
+ return FALSE;
+ }
+ *attribute = server->map.uid;
} else if (iequals(attribute, &s_homemount)) {
*attribute = server->map.homemount;
if (attr != NULL) attr->homeMount = TRUE;
@@ -624,7 +653,7 @@ static void request_filterRequestedAttributes(struct AttributeDescriptionList **
const struct string * const str = &(*adl)->a;
if (!(S_EQ(uid) || S_EQ(homemount) || S_EQ(memberuid) || S_EQ(realaccount) || S_EQ(objectclass)
|| S_EQ(homedirectory) || S_EQ(gidnumber) || S_EQ(uidnumber) || S_EQ(memberof)
- || S_EQ(distinguishedname))) {
+ || S_EQ(distinguishedname) || S_EQ(bogusfieldname42) || S_EQ(bogusfieldname43))) {
// Delete
struct AttributeDescriptionList *next = (*adl)->next;
free(*adl);
@@ -707,6 +736,12 @@ static void response_replacePal(server_t *server, struct PartialAttributeList **
}
ADDATTR(gecos, "%s,,,", user);
ADDATTR(cn, "%s", user);
+ if (attr->bogusFieldName42) {
+ ADDATTR(bogusFieldName42, "%s", user);
+ }
+ if (attr->bogusFieldName43) {
+ ADDATTR(bogusFieldName43, "%s", user);
+ }
if (wasNumeric) user++; // From here on, user is the real AD/ldap username, no leading 's'
if (attr->homeMount && server->homeTemplate[0] != '\0') {
ADDATTR(homeMount, server->homeTemplate, user, user, user, user, user, user);
@@ -861,6 +896,8 @@ static BOOL proxy_clientSearchRequest(epoll_client_t *client, const unsigned lon
if (_debugLevel >= DEBUG_TRACE) {
printf("[Client] Search request (original): ");
helper_printfilter(req.filter);
+ printf("[Client] Wanted attributes: ");
+ helper_printal(req.attributes);
}
if (req.sizeLimit == 0 || req.sizeLimit > 20) req.sizeLimit = 20; // TODO: Magic value
pending_t *pending = proxy_getFreePendingSlot(client);
@@ -888,7 +925,7 @@ static BOOL proxy_clientSearchRequest(epoll_client_t *client, const unsigned lon
if (_debugLevel >= DEBUG_TRACE) {
printf("[Client] Search request (translated): ");
helper_printfilter(req.filter);
- printf("Wanted attributes: ");
+ printf("[Client] Wanted attributes: ");
helper_printal(req.attributes);
}
pending->clientMessageId = messageId;