From ca17353ec5daf4f604f4133aab6b616a5fb8e3eb Mon Sep 17 00:00:00 2001
From: Simon Rettberg
Date: Sun, 13 Sep 2015 14:52:25 +0200
Subject: Add dn to fake group

---
 proxy.c | 12 ++++++++----
 1 file changed, 8 insertions(+), 4 deletions(-)

(limited to 'proxy.c')

diff --git a/proxy.c b/proxy.c
index e71134f..e4423ad 100644
--- a/proxy.c
+++ b/proxy.c
@@ -45,7 +45,7 @@ static struct string s_objectClass, s_objectclass, s_homeDirectory, s_gidNumber,
 static struct string s_loginShell, s_uidNumber, s_mail, s_objectCategory, s_memberOf, s_distinguishedName;
 static struct string s_3, s_1001, s_homeMount, s_member, s_memberUid, s_realAccount;
 static struct string s_namingContexts, s_supportedControl, s_supportedExtension, s_supportedFeatures, s_supportedLDAPVersion, s_lastUSN, s_highestCommittedUSN;
-static struct string str_ADUSER;
+static struct string str_ADUSER, str_ADUSERDN;
 
 // HACK
 static BOOL isInt(struct string *value, int start)
@@ -133,7 +133,9 @@ void proxy_init()
 	SETSTR(3);
 	// TODO: configurable
 	str_ADUSER.s = "ad_user";
-	str_ADUSER.l = strlen("ad_user");
+	str_ADUSER.l = strlen(str_ADUSER.s);
+	str_ADUSERDN.s = "cn=ad_user,ou=groups,dc=sausageface,dc=de";
+	str_ADUSERDN.l = strlen(str_ADUSERDN.s);
 }
 #undef SETSTR
 
@@ -333,6 +335,8 @@ static BOOL request_getGroupFilter(struct Filter *filter, struct string *wantedG
 		case APPROX:
 			if (iequals(&filter->ava.desc, &s_objectclass) && equals(&filter->ava.value, &s_posixGroup)) {
 				retval = TRUE;
+			} else if (iequals(&filter->ava.desc, &s_dn) && iequals(&filter->ava.value, &str_ADUSERDN)) {
+				*wantedGroupName = str_ADUSER;
 			} else if (equals(&filter->ava.desc, &s_gidNumber)) {
 				*wantedGroupId = 0; // Should we check for a valid number? I don't see how it would hurt not doing so...
 				for (size_t i = 0; i < filter->ava.value.l; ++i) *wantedGroupId = (*wantedGroupId * 10) + (filter->ava.value.s[i] - '0');
@@ -865,7 +869,7 @@ static BOOL proxy_clientBindRequest(epoll_client_t *client, const unsigned long
 				bodyLen = fmt_ldapbindresponse(bufoff, invalidCredentials, "", "invalid credentials", "");
 			} else {
 				// Seems to be an actual bind - forward to AD - TODO: SASL (DIGEST-MD5? Something?)
-				fixUnNumeric(&name);
+				// TODO: Handle DN, but should not be needed... fixUnNumeric(&name);
 				pending_t *pending = proxy_getFreePendingSlot(client);
 				epoll_server_t *con;
 				const unsigned long smid = server_tryUserBind(server, &name, &password, &con);
@@ -979,7 +983,7 @@ static BOOL proxy_localSearchRequest(epoll_client_t *client, const unsigned long
 			struct PartialAttributeList gidNumber, cn, objectClass;
 			struct AttributeDescriptionList gidNumberVal, cnVal, objectClassVal;
 			memset(&sre, 0, sizeof(sre));
-			sre.objectName.l = 0;
+			sre.objectName = str_ADUSERDN;
 			prependPal(&sre, &cn, &cnVal, &s_cn, &str_ADUSER);
 			prependPal(&sre, &gidNumber, &gidNumberVal, &s_gidNumber, &s_1001);
 			prependPal(&sre, &objectClass, &objectClassVal, &s_objectClass, &s_posixGroup);
-- 
cgit v1.2.3-55-g7522