diff options
| author | Simon Rettberg | 2015-09-13 14:52:25 +0200 |
|---|---|---|
| committer | Simon Rettberg | 2015-09-13 14:52:25 +0200 |
| commit | ca17353ec5daf4f604f4133aab6b616a5fb8e3eb (patch) | |
| tree | 90e028b33fb9c1b354baa23347c8b3942f30d12b /proxy.c | |
| parent | Support LDAP-LDAP proxying (diff) | |
| download | ldadp-ca17353ec5daf4f604f4133aab6b616a5fb8e3eb.tar.gz ldadp-ca17353ec5daf4f604f4133aab6b616a5fb8e3eb.tar.xz ldadp-ca17353ec5daf4f604f4133aab6b616a5fb8e3eb.zip | |
Add dn to fake group
Diffstat (limited to 'proxy.c')
| -rw-r--r-- | proxy.c | 12 |
1 files changed, 8 insertions, 4 deletions
@@ -45,7 +45,7 @@ static struct string s_objectClass, s_objectclass, s_homeDirectory, s_gidNumber, static struct string s_loginShell, s_uidNumber, s_mail, s_objectCategory, s_memberOf, s_distinguishedName; static struct string s_3, s_1001, s_homeMount, s_member, s_memberUid, s_realAccount; static struct string s_namingContexts, s_supportedControl, s_supportedExtension, s_supportedFeatures, s_supportedLDAPVersion, s_lastUSN, s_highestCommittedUSN; -static struct string str_ADUSER; +static struct string str_ADUSER, str_ADUSERDN; // HACK static BOOL isInt(struct string *value, int start) @@ -133,7 +133,9 @@ void proxy_init() SETSTR(3); // TODO: configurable str_ADUSER.s = "ad_user"; - str_ADUSER.l = strlen("ad_user"); + str_ADUSER.l = strlen(str_ADUSER.s); + str_ADUSERDN.s = "cn=ad_user,ou=groups,dc=sausageface,dc=de"; + str_ADUSERDN.l = strlen(str_ADUSERDN.s); } #undef SETSTR @@ -333,6 +335,8 @@ static BOOL request_getGroupFilter(struct Filter *filter, struct string *wantedG case APPROX: if (iequals(&filter->ava.desc, &s_objectclass) && equals(&filter->ava.value, &s_posixGroup)) { retval = TRUE; + } else if (iequals(&filter->ava.desc, &s_dn) && iequals(&filter->ava.value, &str_ADUSERDN)) { + *wantedGroupName = str_ADUSER; } else if (equals(&filter->ava.desc, &s_gidNumber)) { *wantedGroupId = 0; // Should we check for a valid number? I don't see how it would hurt not doing so... for (size_t i = 0; i < filter->ava.value.l; ++i) *wantedGroupId = (*wantedGroupId * 10) + (filter->ava.value.s[i] - '0'); @@ -865,7 +869,7 @@ static BOOL proxy_clientBindRequest(epoll_client_t *client, const unsigned long bodyLen = fmt_ldapbindresponse(bufoff, invalidCredentials, "", "invalid credentials", ""); } else { // Seems to be an actual bind - forward to AD - TODO: SASL (DIGEST-MD5? Something?) - fixUnNumeric(&name); + // TODO: Handle DN, but should not be needed... fixUnNumeric(&name); pending_t *pending = proxy_getFreePendingSlot(client); epoll_server_t *con; const unsigned long smid = server_tryUserBind(server, &name, &password, &con); @@ -979,7 +983,7 @@ static BOOL proxy_localSearchRequest(epoll_client_t *client, const unsigned long struct PartialAttributeList gidNumber, cn, objectClass; struct AttributeDescriptionList gidNumberVal, cnVal, objectClassVal; memset(&sre, 0, sizeof(sre)); - sre.objectName.l = 0; + sre.objectName = str_ADUSERDN; prependPal(&sre, &cn, &cnVal, &s_cn, &str_ADUSER); prependPal(&sre, &gidNumber, &gidNumberVal, &s_gidNumber, &s_1001); prependPal(&sre, &objectClass, &objectClassVal, &s_objectClass, &s_posixGroup); |