From 647920590050b62e67a01ef54c0524f9183566c0 Mon Sep 17 00:00:00 2001
From: Simon Rettberg
Date: Tue, 27 Oct 2015 10:56:07 +0100
Subject: Fix mapping of AD attributes if no filter is given

---
 proxy.c  | 54 ++++++++++++++++++++++++++++++------------------------
 server.c |  1 +
 2 files changed, 31 insertions(+), 24 deletions(-)

diff --git a/proxy.c b/proxy.c
index 4246381..22b1e71 100644
--- a/proxy.c
+++ b/proxy.c
@@ -46,7 +46,7 @@ static struct string s_objectClass, s_homeDirectory, s_gidNumber, s_gecos, s_cn,
 static struct string s_loginShell, s_uidNumber, s_mail, s_objectCategory, s_memberOf, s_distinguishedName;
 // Some again in lowercase
 static struct string s_homemount, s_memberuid, s_realaccount, s_objectclass, s_homedirectory, s_gidnumber;
-static struct string s_uidnumber, s_memberof, s_distinguishedname;
+static struct string s_uidnumber, s_memberof, s_distinguishedname, s_loginshell;
 // Values
 static struct string s_shadowAccount, s_posixAccount, s_posixGroup, s_3, s_1001, s_user, s_member;
 // Feature query
@@ -410,7 +410,7 @@ static void request_replaceFilter(server_t *server, struct Filter **filter)
 	}
 }
 
-#define elifSETATTR(x) else if (equals(&(*adl)->a, &s_ ## x)) attr->x = TRUE, next = (*adl)->next, free(*adl), *adl = next
+#define elifSETATTR(MATCH,TOSET) else if (iequals(&(*adl)->a, &s_ ## MATCH)) attr->TOSET = TRUE, next = (*adl)->next, free(*adl), *adl = next
 static void request_replaceAdl(server_t *server, struct AttributeDescriptionList **adl, attr_t *attr)
 {
 	if (server->plainLdap) {
@@ -420,11 +420,11 @@ static void request_replaceAdl(server_t *server, struct AttributeDescriptionList
 	while (*adl != NULL) {
 		struct AttributeDescriptionList *next = NULL;
 		if (attr == NULL) { }
-		elifSETATTR(homeDirectory);
-		elifSETATTR(gidNumber);
-		elifSETATTR(gecos);
-		elifSETATTR(realAccount);
-		elifSETATTR(loginShell);
+		elifSETATTR(homedirectory, homeDirectory);
+		elifSETATTR(gidnumber, gidNumber);
+		elifSETATTR(gecos, gecos);
+		elifSETATTR(realaccount, realAccount);
+		elifSETATTR(loginshell, loginShell);
 		else request_replaceAttribute(server, &(*adl)->a, NULL, attr);
 		if (*adl == NULL) break;
 		if (next == NULL) adl = &(*adl)->next; // If next is not NULL, we removed an entry, so we don't need to shift
@@ -479,10 +479,10 @@ static void request_replaceAdlLdap(server_t *server, struct AttributeDescription
 		struct AttributeDescriptionList *next = NULL;
 		if (attr == NULL) { }
 		else if (iequals(&(*adl)->a, &s_homedirectory)) attr->homeDirectory = TRUE;
-		elifSETATTR(gidNumber);
-		elifSETATTR(gecos);
-		elifSETATTR(realAccount);
-		elifSETATTR(loginShell);
+		elifSETATTR(gidnumber, gidNumber);
+		elifSETATTR(gecos, gecos);
+		elifSETATTR(realaccount, realAccount);
+		elifSETATTR(loginshell, loginShell);
 		else request_replaceAttributeLdap(server, &(*adl)->a, NULL, attr);
 		if (*adl == NULL) break;
 		if (next == NULL) adl = &(*adl)->next; // If next is not NULL, we removed an entry, so we don't need to shift
@@ -567,8 +567,8 @@ static BOOL response_filterLocalHomeDir(struct PartialAttributeList *pal);
 static struct PartialAttributeList* response_addPal(struct PartialAttributeList *pal, struct string *attribute, const char *format, ...);
 
 #define ADDATTR(x,...) do { if (attr->x) *pal = response_addPal(*pal, &s_ ## x, __VA_ARGS__); } while (0)
-#define elifDELATTR(x) else if (equals(&(*pal)->type, &s_ ## x)) next = (*pal)->next, del = TRUE, attr->x = TRUE
-#define elifDEL(x) else if (equals(&(*pal)->type, &s_ ## x)) next = (*pal)->next, del = TRUE
+#define elifDELATTR(MATCH,FIELD) else if (iequals(&(*pal)->type, &s_ ## MATCH)) next = (*pal)->next, del = TRUE, attr->FIELD = TRUE
+#define elifDEL(MATCH) else if (iequals(&(*pal)->type, &s_ ## MATCH)) next = (*pal)->next, del = TRUE
 static void response_replacePal(server_t *server, struct PartialAttributeList **pal, attr_t *attr)
 {
 	if (server->plainLdap) {
@@ -581,14 +581,14 @@ static void response_replacePal(server_t *server, struct PartialAttributeList **
 	while (*pal != NULL) {
 		BOOL del = FALSE;
 		if (0) { } // Remove fields we don't want from AD
-		elifDELATTR(gidNumber);
-		elifDELATTR(gecos);
-		elifDELATTR(loginShell);
-		elifDELATTR(uidNumber);
+		elifDELATTR(gidnumber, gidNumber);
+		elifDELATTR(gecos, gecos);
+		elifDELATTR(loginshell, loginShell);
+		elifDELATTR(uidnumber, uidNumber);
 		elifDEL(mail);
-		elifDELATTR(cn);
-		elifDEL(memberOf);
-		else if (equals(&(*pal)->type, &s_homeDirectory)) {
+		elifDELATTR(cn, cn);
+		elifDEL(memberof);
+		else if (iequals(&(*pal)->type, &s_homedirectory)) {
 			// homeDirectory is set in AD - it can either be a local path (in which case it's useless)
 			// or a UNC path, which we can easily mount via mount.cifs
 			if (!response_filterHomeDir(*pal)) {
@@ -748,11 +748,11 @@ static void response_replacePalLdap(server_t *server, struct PartialAttributeLis
 	while (*pal != NULL) {
 		BOOL del = FALSE;
 		if (0) { } // Remove fields we don't want from AD
-		elifDELATTR(gidNumber);
-		elifDELATTR(gecos);
-		elifDELATTR(loginShell);
+		elifDELATTR(gidnumber, gidNumber);
+		elifDELATTR(gecos, gecos);
+		elifDELATTR(loginshell, loginShell);
 		elifDEL(mail);
-		elifDELATTR(cn);
+		elifDELATTR(cn, cn);
 		elifDEL(memberOf);
 		else if (iequals(&(*pal)->type, &s_homedirectory)) {
 			// homeDirectory is set in LDAP - use if it's a local path
@@ -869,6 +869,9 @@ static BOOL proxy_clientSearchRequest(epoll_client_t *client, const unsigned lon
 	if (req.attributes == NULL) {
 		if (client->fixedServer == NULL) {
 			request_addDefaultAttributes(&req.attributes);
+			if (!server->plainLdap) {
+				request_replaceAdl(server, &req.attributes, &pending->attr);
+			}
 		}
 		memset(&pending->attr, -1, sizeof(pending->attr));
 	}
@@ -879,6 +882,7 @@ static BOOL proxy_clientSearchRequest(epoll_client_t *client, const unsigned lon
 	} else {
 		pending->serverMessageId = server_searchRequestOnConnection(client->fixedServer, &req);
 	}
+	helper_printal(req.attributes); // DEBUG
 	if (pending->serverMessageId == 0) {
 		// Failed to forward.. TODO: Fail client
 		printf("Failed to forward search request.\n");
@@ -910,7 +914,9 @@ static BOOL proxy_serverSearchResult(epoll_server_t *server, const unsigned long
 		struct SearchResultEntry sre;
 		const size_t res = scan_ldapsearchresultentry(server->readBuffer + offset, server->readBuffer + maxLen, &sre);
 		if (res == 0) return FALSE;
+		helper_printpal(sre.attributes); // DEBUG
 		response_replacePal(server->serverData, &sre.attributes, &pending->attr);
+		helper_printpal(sre.attributes); // DEBUG
 		bodyLen = fmt_ldapsearchresultentry(NULL, &sre);
 		if (bodyLen == 0) {
 			printf("Error formatting ldapsearchresultentry after transformation\n");
diff --git a/server.c b/server.c
index c4eb37d..6382b31 100644
--- a/server.c
+++ b/server.c
@@ -170,6 +170,7 @@ BOOL server_initServers()
 			servers[i].sslContext = ssl_newClientCtx(servers[i].cabundle);
 		}
 		printf("%s:\n  Bind: %s\n  Base: %s\n", servers[i].addr, servers[i].bind, servers[i].base);
+		printf("Plain LDAP-LDAP: %d\n", (int)servers[i].plainLdap);
 		if (!server_ensureConnected(&servers[i]))
 			return FALSE;
 	}
-- 
cgit v1.2.3-55-g7522