summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--proxy.c12
1 files changed, 8 insertions, 4 deletions
diff --git a/proxy.c b/proxy.c
index e71134f..e4423ad 100644
--- a/proxy.c
+++ b/proxy.c
@@ -45,7 +45,7 @@ static struct string s_objectClass, s_objectclass, s_homeDirectory, s_gidNumber,
static struct string s_loginShell, s_uidNumber, s_mail, s_objectCategory, s_memberOf, s_distinguishedName;
static struct string s_3, s_1001, s_homeMount, s_member, s_memberUid, s_realAccount;
static struct string s_namingContexts, s_supportedControl, s_supportedExtension, s_supportedFeatures, s_supportedLDAPVersion, s_lastUSN, s_highestCommittedUSN;
-static struct string str_ADUSER;
+static struct string str_ADUSER, str_ADUSERDN;
// HACK
static BOOL isInt(struct string *value, int start)
@@ -133,7 +133,9 @@ void proxy_init()
SETSTR(3);
// TODO: configurable
str_ADUSER.s = "ad_user";
- str_ADUSER.l = strlen("ad_user");
+ str_ADUSER.l = strlen(str_ADUSER.s);
+ str_ADUSERDN.s = "cn=ad_user,ou=groups,dc=sausageface,dc=de";
+ str_ADUSERDN.l = strlen(str_ADUSERDN.s);
}
#undef SETSTR
@@ -333,6 +335,8 @@ static BOOL request_getGroupFilter(struct Filter *filter, struct string *wantedG
case APPROX:
if (iequals(&filter->ava.desc, &s_objectclass) && equals(&filter->ava.value, &s_posixGroup)) {
retval = TRUE;
+ } else if (iequals(&filter->ava.desc, &s_dn) && iequals(&filter->ava.value, &str_ADUSERDN)) {
+ *wantedGroupName = str_ADUSER;
} else if (equals(&filter->ava.desc, &s_gidNumber)) {
*wantedGroupId = 0; // Should we check for a valid number? I don't see how it would hurt not doing so...
for (size_t i = 0; i < filter->ava.value.l; ++i) *wantedGroupId = (*wantedGroupId * 10) + (filter->ava.value.s[i] - '0');
@@ -865,7 +869,7 @@ static BOOL proxy_clientBindRequest(epoll_client_t *client, const unsigned long
bodyLen = fmt_ldapbindresponse(bufoff, invalidCredentials, "", "invalid credentials", "");
} else {
// Seems to be an actual bind - forward to AD - TODO: SASL (DIGEST-MD5? Something?)
- fixUnNumeric(&name);
+ // TODO: Handle DN, but should not be needed... fixUnNumeric(&name);
pending_t *pending = proxy_getFreePendingSlot(client);
epoll_server_t *con;
const unsigned long smid = server_tryUserBind(server, &name, &password, &con);
@@ -979,7 +983,7 @@ static BOOL proxy_localSearchRequest(epoll_client_t *client, const unsigned long
struct PartialAttributeList gidNumber, cn, objectClass;
struct AttributeDescriptionList gidNumberVal, cnVal, objectClassVal;
memset(&sre, 0, sizeof(sre));
- sre.objectName.l = 0;
+ sre.objectName = str_ADUSERDN;
prependPal(&sre, &cn, &cnVal, &s_cn, &str_ADUSER);
prependPal(&sre, &gidNumber, &gidNumberVal, &s_gidNumber, &s_1001);
prependPal(&sre, &objectClass, &objectClassVal, &s_objectClass, &s_posixGroup);