ldap_backend.cc
Go to the documentation of this file.
1 /*
2  * Copyright (C) 1996-2023 The Squid Software Foundation and contributors
3  *
4  * Squid software is distributed under GPLv2+ license and includes
5  * contributions from numerous individuals and organizations.
6  * Please see the COPYING and CONTRIBUTORS files for details.
7  */
8 
9 /*
10  * AUTHOR: Flavio Pescuma, MARA Systems AB <flavio@marasystems.com>
11  */
12 
13 #include "squid.h"
14 #include "util.h"
15 
16 #define LDAP_DEPRECATED 1
17 
18 #include "auth/digest/LDAP/ldap_backend.h"
19 
20 #if _SQUID_WINDOWS_ && !_SQUID_CYGWIN_
21 
22 #define snprintf _snprintf
23 #include <windows.h>
24 #include <winldap.h>
25 #ifndef LDAPAPI
26 #define LDAPAPI __cdecl
27 #endif
28 #ifdef LDAP_VERSION3
29 #ifndef LDAP_OPT_X_TLS
30 #define LDAP_OPT_X_TLS 0x6000
31 #endif
32 /* Some tricks to allow dynamic bind with ldap_start_tls_s entry point at
33  * run time.
34  */
35 #undef ldap_start_tls_s
36 #if LDAP_UNICODE
37 #define LDAP_START_TLS_S "ldap_start_tls_sW"
38 typedef WINLDAPAPI ULONG(LDAPAPI * PFldap_start_tls_s) (IN PLDAP, OUT PULONG, OUT LDAPMessage **, IN PLDAPControlW *, IN PLDAPControlW *);
39 #else
40 #define LDAP_START_TLS_S "ldap_start_tls_sA"
41 typedef WINLDAPAPI ULONG(LDAPAPI * PFldap_start_tls_s) (IN PLDAP, OUT PULONG, OUT LDAPMessage **, IN PLDAPControlA *, IN PLDAPControlA *);
42 #endif /* LDAP_UNICODE */
43 PFldap_start_tls_s Win32_ldap_start_tls_s;
44 #define ldap_start_tls_s(l,s,c) Win32_ldap_start_tls_s(l, nullptr, nullptr,s,c)
45 #endif /* LDAP_VERSION3 */
46 
47 #else
48 
49 #include <lber.h>
50 #include <ldap.h>
51 
52 #endif
53 #define PROGRAM_NAME "digest_pw_auth(LDAP_backend)"
54 
55 /* Globals */
56 
57 static LDAP *ld = nullptr;
58 static const char *passattr = nullptr;
59 static char *ldapServer = nullptr;
60 static const char *userbasedn = nullptr;
61 static const char *userdnattr = nullptr;
62 static const char *usersearchfilter = nullptr;
63 static const char *binddn = nullptr;
64 static const char *bindpasswd = nullptr;
65 static const char *delimiter = ":";
66 static const char *frealm = "";
67 static int encrpass = 0;
68 static int searchscope = LDAP_SCOPE_SUBTREE;
69 static int persistent = 0;
70 static int noreferrals = 0;
71 static int port = LDAP_PORT;
72 static int strip_nt_domain = 0;
73 static int aliasderef = LDAP_DEREF_NEVER;
74 #if defined(NETSCAPE_SSL)
75 static char *sslpath = nullptr;
76 static int sslinit = 0;
77 #endif
78 static int connect_timeout = 0;
79 static int timelimit = LDAP_NO_LIMIT;
80 
81 #ifdef LDAP_VERSION3
82 /* Added for TLS support and version 3 */
83 static int use_tls = 0;
84 static int version = -1;
85 #endif
86 
87 static void ldapconnect(void);
88 static int readSecret(const char *filename);
89 
90 /* Yuck.. we need to glue to different versions of the API */
91 
92 #if defined(LDAP_API_VERSION) && LDAP_API_VERSION > 1823
93 static void
94 squid_ldap_set_aliasderef(int deref)
95 {
96  ldap_set_option(ld, LDAP_OPT_DEREF, &deref);
97 }
98 static void
99 squid_ldap_set_referrals(int referrals)
100 {
101  int *value = static_cast<int*>(referrals ? LDAP_OPT_ON :LDAP_OPT_OFF);
102  ldap_set_option(ld, LDAP_OPT_REFERRALS, value);
103 }
104 static void
105 squid_ldap_set_timelimit(int aTimeLimit)
106 {
107  ldap_set_option(ld, LDAP_OPT_TIMELIMIT, &aTimeLimit);
108 }
109 static void
110 squid_ldap_set_connect_timeout(int aTimeLimit)
111 {
112 #if defined(LDAP_OPT_NETWORK_TIMEOUT)
113  struct timeval tv;
114  tv.tv_sec = aTimeLimit;
115  tv.tv_usec = 0;
116  ldap_set_option(ld, LDAP_OPT_NETWORK_TIMEOUT, &tv);
117 #elif defined(LDAP_X_OPT_CONNECT_TIMEOUT)
118  aTimeLimit *= 1000;
119  ldap_set_option(ld, LDAP_X_OPT_CONNECT_TIMEOUT, &aTimeLimit);
120 #endif
121 }
122 
123 #else
124 static int
125 squid_ldap_errno(LDAP * ld)
126 {
127  return ld->ld_errno;
128 }
129 static void
130 squid_ldap_set_aliasderef(int deref)
131 {
132  ld->ld_deref = deref;
133 }
134 static void
135 squid_ldap_set_referrals(int referrals)
136 {
137  if (referrals)
138  ld->ld_options |= ~LDAP_OPT_REFERRALS;
139  else
140  ld->ld_options &= ~LDAP_OPT_REFERRALS;
141 }
142 static void
143 squid_ldap_set_timelimit(int aTimeLimit)
144 {
145  ld->ld_timelimit = aTimeLimit;
146 }
147 static void
148 squid_ldap_set_connect_timeout(int aTimeLimit)
149 {
150  fprintf(stderr, "Connect timeouts not supported in your LDAP library\n");
151 }
152 static void
153 squid_ldap_memfree(char *p)
154 {
155  free(p);
156 }
157 
158 #endif
159 
160 #ifdef LDAP_API_FEATURE_X_OPENLDAP
161 #if LDAP_VENDOR_VERSION > 194
162 #define HAS_URI_SUPPORT 1
163 #endif
164 #endif
165 
166 static int
167 ldap_escape_value(char *escaped, int size, const char *src)
168 {
169  int n = 0;
170  while (size > 4 && *src) {
171  switch (*src) {
172  case '*':
173  case '(':
174  case ')':
175  case '\\':
176  n += 3;
177  size -= 3;
178  if (size > 0) {
179  *escaped = '\\';
180  ++escaped;
181  snprintf(escaped, 3, "%02x", (int) *src);
182  ++src;
183  escaped += 2;
184  }
185  break;
186  default:
187  *escaped = *src;
188  ++escaped;
189  ++src;
190  ++n;
191  --size;
192  }
193  }
194  *escaped = '\0';
195  return n;
196 }
197 
198 static char *
199 getpassword(char *login, char *realm)
200 {
201  LDAPMessage *res = nullptr;
202  LDAPMessage *entry;
203  char **values = nullptr;
204  char **value = nullptr;
205  char *password = nullptr;
206  int retry = 0;
207  char filter[8192];
208  char searchbase[8192];
209  int rc = -1;
210  if (ld) {
211  if (usersearchfilter) {
212  char escaped_login[1024];
213  snprintf(searchbase, sizeof(searchbase), "%s", userbasedn);
214  ldap_escape_value(escaped_login, sizeof(escaped_login), login);
215  snprintf(filter, sizeof(filter), usersearchfilter, escaped_login, escaped_login, escaped_login, escaped_login, escaped_login, escaped_login, escaped_login, escaped_login, escaped_login, escaped_login, escaped_login, escaped_login, escaped_login, escaped_login, escaped_login, escaped_login);
216 
217 retrysrch:
218  debug("user filter '%s', searchbase '%s'\n", filter, searchbase);
219 
220  rc = ldap_search_s(ld, searchbase, searchscope, filter, nullptr, 0, &res);
221  if (rc != LDAP_SUCCESS) {
222  if (noreferrals && rc == LDAP_PARTIAL_RESULTS) {
223  /* Everything is fine. This is expected when referrals
224  * are disabled.
225  */
226  rc = LDAP_SUCCESS;
227  } else {
228  fprintf(stderr, PROGRAM_NAME " WARNING, LDAP search error '%s'\n", ldap_err2string(rc));
229 #if defined(NETSCAPE_SSL)
230  if (sslpath && ((rc == LDAP_SERVER_DOWN) || (rc == LDAP_CONNECT_ERROR))) {
231  int sslerr = PORT_GetError();
232  fprintf(stderr, PROGRAM_NAME ": WARNING, SSL error %d (%s)\n", sslerr, ldapssl_err2string(sslerr));
233  }
234 #endif
235  fprintf(stderr, PROGRAM_NAME " WARNING, LDAP search error, trying to recover'%s'\n", ldap_err2string(rc));
236  ldap_msgfree(res);
237  /* try to connect to the LDAP server again, maybe my persistent conexion failed. */
238  if (!retry) {
239  ++retry;
240  ldap_unbind(ld);
241  ld = nullptr;
242  ldapconnect();
243  goto retrysrch;
244  }
245  return nullptr;
246 
247  }
248  }
249  } else if (userdnattr) {
250  snprintf(filter,8192,"%s=%s",userdnattr,login);
251 
252 retrydnattr:
253  debug("searchbase '%s'\n", userbasedn);
254  rc = ldap_search_s(ld, userbasedn, searchscope, filter, nullptr, 0, &res);
255  }
256  if (rc == LDAP_SUCCESS) {
257  entry = ldap_first_entry(ld, res);
258  if (entry)
259  values = ldap_get_values(ld, entry, passattr);
260  else {
261  ldap_msgfree(res);
262  return nullptr;
263  }
264  if (!values) {
265  debug("No attribute value found\n");
266  ldap_msgfree(res);
267  return nullptr;
268  }
269  value = values;
270  while (*value) {
271  if (encrpass && *delimiter ) {
272  const char *t = strtok(*value, delimiter);
273  if (t && strcmp(t, realm) == 0) {
274  password = strtok(nullptr, delimiter);
275  break;
276  }
277  } else {
278  password = *value;
279  break;
280  }
281  ++value;
282  }
283  debug("password: %s\n", password);
284  if (password)
285  password = xstrdup(password);
286  ldap_value_free(values);
287  ldap_msgfree(res);
288  return password;
289  } else {
290  fprintf(stderr, PROGRAM_NAME " WARNING, LDAP error '%s'\n", ldap_err2string(rc));
291  /* try to connect to the LDAP server again, maybe my persistent conexion failed. */
292  if (!retry) {
293  ++retry;
294  ldap_unbind(ld);
295  ld = nullptr;
296  ldapconnect();
297  goto retrydnattr;
298  }
299  return nullptr;
300  }
301  }
302  return nullptr;
303 }
304 
305 static void
306 ldapconnect(void)
307 {
308  int rc;
309 
310  /* On Windows ldap_start_tls_s is available starting from Windows XP,
311  * so we need to bind at run-time with the function entry point
312  */
313 #if _SQUID_WINDOWS_
314  if (use_tls) {
315 
316  HMODULE WLDAP32Handle;
317 
318  WLDAP32Handle = GetModuleHandle("wldap32");
319  if ((Win32_ldap_start_tls_s = (PFldap_start_tls_s) GetProcAddress(WLDAP32Handle, LDAP_START_TLS_S)) == NULL) {
320  fprintf(stderr, PROGRAM_NAME ": ERROR: TLS (-Z) not supported on this platform.\n");
321  exit(EXIT_FAILURE);
322  }
323  }
324 #endif
325 
326  if (ld == nullptr) {
327 #if HAS_URI_SUPPORT
328  if (strstr(ldapServer, "://") != nullptr) {
329  rc = ldap_initialize(&ld, ldapServer);
330  if (rc != LDAP_SUCCESS) {
331  fprintf(stderr, "\nUnable to connect to LDAPURI:%s\n", ldapServer);
332  }
333  } else
334 #endif
335 #if NETSCAPE_SSL
336  if (sslpath) {
337  if (!sslinit && (ldapssl_client_init(sslpath, nullptr) != LDAP_SUCCESS)) {
338  fprintf(stderr, "\nUnable to initialise SSL with cert path %s\n",
339  sslpath);
340  exit(EXIT_FAILURE);
341  } else {
342  ++sslinit;
343  }
344  if ((ld = ldapssl_init(ldapServer, port, 1)) == NULL) {
345  fprintf(stderr, "\nUnable to connect to SSL LDAP server: %s port:%d\n",
346  ldapServer, port);
347  exit(EXIT_FAILURE);
348  }
349  } else
350 #endif
351  if ((ld = ldap_init(ldapServer, port)) == nullptr) {
352  fprintf(stderr, "\nUnable to connect to LDAP server:%s port:%d\n", ldapServer, port);
353  }
354  if (connect_timeout)
355  squid_ldap_set_connect_timeout(connect_timeout);
356 
357 #ifdef LDAP_VERSION3
358  if (version == -1) {
359  version = LDAP_VERSION2;
360  }
361  if (ldap_set_option(ld, LDAP_OPT_PROTOCOL_VERSION, &version)
362  != LDAP_SUCCESS) {
363  fprintf(stderr, "Could not set LDAP_OPT_PROTOCOL_VERSION %d\n",
364  version);
365  ldap_unbind(ld);
366  ld = nullptr;
367  }
368  if (use_tls) {
369 #ifdef LDAP_OPT_X_TLS
370  if (version != LDAP_VERSION3) {
371  fprintf(stderr, "TLS requires LDAP version 3\n");
372  exit(EXIT_FAILURE);
373  } else if (ldap_start_tls_s(ld, nullptr, nullptr) != LDAP_SUCCESS) {
374  fprintf(stderr, "Could not Activate TLS connection\n");
375  exit(EXIT_FAILURE);
376  }
377 #else
378  fprintf(stderr, "TLS not supported with your LDAP library\n");
379  ldap_unbind(ld);
380  ld = nullptr;
381 #endif
382  }
383 #endif
384  squid_ldap_set_timelimit(timelimit);
385  squid_ldap_set_referrals(!noreferrals);
386  squid_ldap_set_aliasderef(aliasderef);
387  if (binddn && bindpasswd && *binddn && *bindpasswd) {
388  rc = ldap_simple_bind_s(ld, binddn, bindpasswd);
389  if (rc != LDAP_SUCCESS) {
390  fprintf(stderr, PROGRAM_NAME " WARNING, could not bind to binddn '%s'\n", ldap_err2string(rc));
391  ldap_unbind(ld);
392  ld = nullptr;
393  }
394  }
395  debug("Connected OK\n");
396  }
397 }
398 int
399 LDAPArguments(int argc, char **argv)
400 {
401  setbuf(stdout, nullptr);
402 
403  while (argc > 1 && argv[1][0] == '-') {
404  const char *value = "";
405  char option = argv[1][1];
406  switch (option) {
407  case 'P':
408  case 'R':
409  case 'z':
410  case 'Z':
411  case 'g':
412  case 'e':
413  case 'S':
414  break;
415  default:
416  if (strlen(argv[1]) > 2) {
417  value = argv[1] + 2;
418  } else if (argc > 2) {
419  value = argv[2];
420  ++argv;
421  --argc;
422  } else
423  value = "";
424  break;
425  }
426  ++argv;
427  --argc;
428  switch (option) {
429  case 'H':
430 #if !HAS_URI_SUPPORT
431  fprintf(stderr, "ERROR: Your LDAP library does not have URI support\n");
432  return 1;
433 #endif
434  /* Fall thru to -h */
435  case 'h':
436  if (ldapServer) {
437  int len = strlen(ldapServer) + 1 + strlen(value) + 1;
438  char *newhost = static_cast<char*>(xmalloc(len));
439  snprintf(newhost, len, "%s %s", ldapServer, value);
440  free(ldapServer);
441  ldapServer = newhost;
442  } else {
443  ldapServer = xstrdup(value);
444  }
445  break;
446  case 'A':
447  passattr = value;
448  break;
449  case 'e':
450  encrpass = 1;
451  break;
452  case 'l':
453  delimiter = value;
454  break;
455  case 'r':
456  frealm = value;
457  break;
458  case 'b':
459  userbasedn = value;
460  break;
461  case 'F':
462  usersearchfilter = value;
463  break;
464  case 'u':
465  userdnattr = value;
466  break;
467  case 's':
468  if (strcmp(value, "base") == 0)
469  searchscope = LDAP_SCOPE_BASE;
470  else if (strcmp(value, "one") == 0)
471  searchscope = LDAP_SCOPE_ONELEVEL;
472  else if (strcmp(value, "sub") == 0)
473  searchscope = LDAP_SCOPE_SUBTREE;
474  else {
475  fprintf(stderr, PROGRAM_NAME " ERROR: Unknown search scope '%s'\n", value);
476  return 1;
477  }
478  break;
479  case 'S':
480 #if defined(NETSCAPE_SSL)
481  sslpath = value;
482  if (port == LDAP_PORT)
483  port = LDAPS_PORT;
484 #else
485  fprintf(stderr, PROGRAM_NAME " ERROR: -E unsupported with this LDAP library\n");
486  return 1;
487 #endif
488  break;
489  case 'c':
490  connect_timeout = atoi(value);
491  break;
492  case 't':
493  timelimit = atoi(value);
494  break;
495  case 'a':
496  if (strcmp(value, "never") == 0)
497  aliasderef = LDAP_DEREF_NEVER;
498  else if (strcmp(value, "always") == 0)
499  aliasderef = LDAP_DEREF_ALWAYS;
500  else if (strcmp(value, "search") == 0)
501  aliasderef = LDAP_DEREF_SEARCHING;
502  else if (strcmp(value, "find") == 0)
503  aliasderef = LDAP_DEREF_FINDING;
504  else {
505  fprintf(stderr, PROGRAM_NAME " ERROR: Unknown alias dereference method '%s'\n", value);
506  return 1;
507  }
508  break;
509  case 'D':
510  binddn = value;
511  break;
512  case 'w':
513  bindpasswd = value;
514  break;
515  case 'W':
516  readSecret(value);
517  break;
518  case 'P':
519  persistent = !persistent;
520  break;
521  case 'p':
522  port = atoi(value);
523  break;
524  case 'R':
525  noreferrals = !noreferrals;
526  break;
527 #ifdef LDAP_VERSION3
528  case 'v':
529  switch (atoi(value)) {
530  case 2:
531  version = LDAP_VERSION2;
532  break;
533  case 3:
534  version = LDAP_VERSION3;
535  break;
536  default:
537  fprintf(stderr, "Protocol version should be 2 or 3\n");
538  return 1;
539  }
540  break;
541  case 'Z':
542  if (version == LDAP_VERSION2) {
543  fprintf(stderr, "TLS (-Z) is incompatible with version %d\n",
544  version);
545  return 1;
546  }
547  version = LDAP_VERSION3;
548  use_tls = 1;
549  break;
550 #endif
551  case 'd':
552  debug_enabled = 1;
553  break;
554  case 'E':
555  strip_nt_domain = 1;
556  break;
557  default:
558  fprintf(stderr, PROGRAM_NAME " ERROR: Unknown command line option '%c'\n", option);
559  return 1;
560  }
561  }
562 
563  while (argc > 1) {
564  char *value = argv[1];
565  if (ldapServer) {
566  int len = strlen(ldapServer) + 1 + strlen(value) + 1;
567  char *newhost = static_cast<char*>(xmalloc(len));
568  snprintf(newhost, len, "%s %s", ldapServer, value);
569  free(ldapServer);
570  ldapServer = newhost;
571  } else {
572  ldapServer = xstrdup(value);
573  }
574  --argc;
575  ++argv;
576  }
577 
578  if (!ldapServer)
579  ldapServer = (char *) "localhost";
580 
581  if (!userbasedn || !passattr || (!*delimiter && !*frealm)) {
582  fprintf(stderr, "Usage: " PROGRAM_NAME " -b basedn -F filter [options] ldap_server_name\n\n");
583  fprintf(stderr, "\t-A password attribute(REQUIRED)\t\tUser attribute that contains the password\n");
584  fprintf(stderr, "\t-l password realm delimiter(REQUIRED)\tCharacter(s) that divides the password attribute\n\t\t\t\t\t\tin realm and password tokens, default ':' realm:password, could be\n\t\t\t\t\t\tempty string if the password is alone in the password attribute\n");
585  fprintf(stderr, "\t-r filtered realm\t\t\tonly honor Squid requests for this realm. Mandatory if the password is alone in\n\t\t\t\t\t\tthe password attribute, acting as the implicit realm\n");
586  fprintf(stderr, "\t-b basedn (REQUIRED)\t\t\tbase dn under where to search for users\n");
587  fprintf(stderr, "\t-e Encrypted passwords(REQUIRED)\tPassword are stored encrypted using HHA1\n");
588  fprintf(stderr, "\t-F filter\t\t\t\tuser search filter pattern. %%s = login\n");
589  fprintf(stderr, "\t-u attribute\t\t\t\tattribute to use in combination with the basedn to create the user DN\n");
590  fprintf(stderr, "\t-s base|one|sub\t\t\t\tsearch scope\n");
591  fprintf(stderr, "\t-D binddn\t\t\t\tDN to bind as to perform searches\n");
592  fprintf(stderr, "\t-w bindpasswd\t\t\t\tpassword for binddn\n");
593  fprintf(stderr, "\t-W secretfile\t\t\t\tread password for binddn from file secretfile\n");
594 #if HAS_URI_SUPPORT
595  fprintf(stderr, "\t-H URI\t\t\t\t\tLDAPURI (defaults to ldap://localhost)\n");
596 #endif
597  fprintf(stderr, "\t-h server\t\t\t\tLDAP server (defaults to localhost)\n");
598  fprintf(stderr, "\t-p port\t\t\t\t\tLDAP server port (defaults to %d)\n", LDAP_PORT);
599  fprintf(stderr, "\t-P\t\t\t\t\tpersistent LDAP connection\n");
600 #if defined(NETSCAPE_SSL)
601  fprintf(stderr, "\t-E sslcertpath\t\t\t\tenable LDAP over SSL\n");
602 #endif
603  fprintf(stderr, "\t-c timeout\t\t\t\tconnect timeout\n");
604  fprintf(stderr, "\t-t timelimit\t\t\t\tsearch time limit\n");
605  fprintf(stderr, "\t-R\t\t\t\t\tdo not follow referrals\n");
606  fprintf(stderr, "\t-a never|always|search|find\t\twhen to dereference aliases\n");
607 #ifdef LDAP_VERSION3
608  fprintf(stderr, "\t-v 2|3\t\t\t\t\tLDAP version\n");
609  fprintf(stderr, "\t-Z\t\t\t\t\tTLS encrypt the LDAP connection, requires\n\t\t\t\tLDAP version 3\n");
610 #endif
611  fprintf(stderr, "\t-S\t\t\t\t\tStrip NT domain from usernames\n");
612  fprintf(stderr, "\n");
613  fprintf(stderr, "\tIf you need to bind as a user to perform searches then use the\n\t-D binddn -w bindpasswd or -D binddn -W secretfile options\n\n");
614  return -1;
615  }
616  return 0;
617 }
618 static int
619 readSecret(const char *filename)
620 {
621  char buf[BUFSIZ];
622  char *e = nullptr;
623  FILE *f;
624 
625  if (!(f = fopen(filename, "r"))) {
626  fprintf(stderr, PROGRAM_NAME " ERROR: Can not read secret file %s\n", filename);
627  return 1;
628  }
629  if (!fgets(buf, sizeof(buf) - 1, f)) {
630  fprintf(stderr, PROGRAM_NAME " ERROR: Secret file %s is empty\n", filename);
631  fclose(f);
632  return 1;
633  }
634  /* strip whitespaces on end */
635  if ((e = strrchr(buf, '\n')))
636  *e = 0;
637  if ((e = strrchr(buf, '\r')))
638  *e = 0;
639 
640  bindpasswd = xstrdup(buf);
641  if (!bindpasswd) {
642  fprintf(stderr, PROGRAM_NAME " ERROR: can not allocate memory\n");
643  }
644  fclose(f);
645 
646  return 0;
647 }
648 
649 void
650 LDAPHHA1(RequestData * requestData)
651 {
652  char *password = nullptr;
653  ldapconnect();
654 
655  // use the -l delimiter to find realm, or
656  // only honor the -r specified realm
657  const bool lookup = (!*frealm && *delimiter) ||
658  (*frealm && strcmp(requestData->realm, frealm) == 0);
659 
660  if (lookup)
661  password = getpassword(requestData->user, requestData->realm);
662 
663  if (password != nullptr) {
664  if (encrpass)
665  xstrncpy(requestData->HHA1, password, sizeof(requestData->HHA1));
666  else {
667  HASH HA1;
668  DigestCalcHA1("md5", requestData->user, requestData->realm, password, nullptr, nullptr, HA1, requestData->HHA1);
669  }
670  free(password);
671  } else {
672  requestData->error = -1;
673  }
674 
675 }
676 
encrpass
static int encrpass
Definition: ldap_backend.cc:67
bindpasswd
static const char * bindpasswd
Definition: ldap_backend.cc:64
ldapServer
static char * ldapServer
Definition: ldap_backend.cc:59
usersearchfilter
static const char * usersearchfilter
Definition: ldap_backend.cc:62
userdnattr
static const char * userdnattr
Definition: ldap_backend.cc:61
ld
static LDAP * ld
Definition: ldap_backend.cc:57
BUFSIZ
#define BUFSIZ
Definition: defines.h:20
connect_timeout
static int connect_timeout
Definition: ldap_backend.cc:78
xmalloc
#define xmalloc
Definition: negotiate_wrapper.cc:48
ldap_escape_value
static int ldap_escape_value(char *escaped, int size, const char *src)
Definition: ldap_backend.cc:167
debug
void debug(const char *format,...)
Definition: debug.cc:19
strip_nt_domain
static int strip_nt_domain
Definition: ldap_backend.cc:72
xstrdup
#define xstrdup
Definition: negotiate_wrapper.cc:51
use_tls
static int use_tls
Definition: basic_ldap_auth.cc:165
userbasedn
static const char * userbasedn
Definition: ldap_backend.cc:60
squid_ldap_memfree
static void squid_ldap_memfree(char *p)
Definition: ldap_backend.cc:153
_request_data::error
int error
Definition: digest_common.h:46
xstrncpy
char * xstrncpy(char *dst, const char *src, size_t n)
Definition: xstring.cc:37
frealm
static const char * frealm
Definition: ldap_backend.cc:66
persistent
static int persistent
Definition: ldap_backend.cc:69
_request_data::HHA1
HASHHEX HHA1
Definition: digest_common.h:44
squid_ldap_errno
static int squid_ldap_errno(LDAP *ld)
Definition: ldap_backend.cc:125
readSecret
static int readSecret(const char *filename)
Definition: ldap_backend.cc:619
ldap_backend.h
size
int size
Definition: ModDevPoll.cc:69
getpassword
static char * getpassword(char *login, char *realm)
Definition: ldap_backend.cc:199
NULL
#define NULL
Definition: types.h:145
timelimit
static int timelimit
Definition: ldap_backend.cc:79
binddn
static const char * binddn
Definition: ldap_backend.cc:63
debug_enabled
int debug_enabled
Definition: debug.cc:13
squid_ldap_set_timelimit
static void squid_ldap_set_timelimit(int aTimeLimit)
Definition: ldap_backend.cc:143
version
static int version
Definition: basic_ldap_auth.cc:166
LDAPHHA1
void LDAPHHA1(RequestData *requestData)
Definition: ldap_backend.cc:679
ULONG
unsigned int ULONG
Definition: smblib-priv.h:147
_request_data
Definition: digest_common.h:39
_request_data::realm
char * realm
Definition: digest_common.h:42
squid_ldap_set_referrals
static void squid_ldap_set_referrals(int referrals)
Definition: ldap_backend.cc:135
delimiter
static const char * delimiter
Definition: ldap_backend.cc:65
aliasderef
static int aliasderef
Definition: ldap_backend.cc:73
_request_data::user
char * user
Definition: digest_common.h:41
LDAPArguments
int LDAPArguments(int argc, char **argv)
Definition: ldap_backend.cc:426
ldapconnect
static void ldapconnect(void)
Definition: ldap_backend.cc:306
HASH
char HASH[HASHLEN]
Definition: rfc2617.h:31
searchscope
static int searchscope
Definition: ldap_backend.cc:68
squid_ldap_set_aliasderef
static void squid_ldap_set_aliasderef(int deref)
Definition: ldap_backend.cc:130
noreferrals
static int noreferrals
Definition: ldap_backend.cc:70
DigestCalcHA1
void DigestCalcHA1(const char *pszAlg, const char *pszUserName, const char *pszRealm, const char *pszPassword, const char *pszNonce, const char *pszCNonce, HASH HA1, HASHHEX SessionKey)
Definition: rfc2617.c:88
passattr
static const char * passattr
Definition: ldap_backend.cc:58
port
static int port
Definition: ldap_backend.cc:71
squid_ldap_set_connect_timeout
static void squid_ldap_set_connect_timeout(int aTimeLimit)
Definition: ldap_backend.cc:148
PROGRAM_NAME
#define PROGRAM_NAME
Definition: ldap_backend.cc:53

 

Introduction

Documentation

Support

Miscellaneous