1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
|
--- lib/checkpw.c.orig Fri Jan 18 21:56:29 2002
+++ lib/checkpw.c Fri Jan 18 22:14:58 2002
@@ -1491,6 +1491,9 @@
# define FALSE 0
#endif
+#ifndef LDAP_NO_ATTRS
+#define LDAP_NO_ATTRS "1.1"
+#endif
static int ldap_isdigits(char *value)
{
char *ptr;
@@ -1504,6 +1507,16 @@
return num;
}
+#ifdef LDAP_VENDOR_VERSION
+#define SASL_ldap_search_ext_s(ld, base, scope, filter, attrs, attrsonly, serverctrls, clientctrls, timeout, sizelimit, res) \
+ ldap_search_ext_s(ld, base, scope, filter, attrs, attrsonly, serverctrls, clientctrls, timeout, sizelimit, res)
+#define SASL_ldap_memfree(dn) ldap_memfree(dn)
+#else
+#define SASL_ldap_search_ext_s(ld, base, scope, filter, attrs, attrsonly, serverctrls, clientctrls, timeout, sizelimit, res) \
+ ldap_search_st(ld, base, scope, filter, attrs, attrsonly, timeout, res)
+#define SASL_ldap_memfree(dn) free(dn)
+#endif
+
static int ldap_verify_password(sasl_conn_t *conn,
const char *userid,
const char *password,
@@ -1522,18 +1535,18 @@
*ldap_filter="",
*ldap_bind_dn="",
*ldap_bind_pw="",
- *ldap_ssl="",
*ldap_filter_mode="",
*port_num="";
int malloc_size; /* safety net */
int ldap_filter_flag = 0;
- int ldap_ssl_flag = 0;
int ldap_port = LDAP_PORT;
sasl_getopt_t *getopt;
void *context;
LDAPMessage *result, *e;
char *attrs[]={LDAP_NO_ATTRS, NULL};
#ifdef LDAP_OPT_X_TLS
+ char *ldap_ssl="";
+ int ldap_ssl_flag = 0;
int tls_option;
#endif
@@ -1625,9 +1638,11 @@
return SASL_FAIL;
}
/* set ssl mode if needed */
+#ifdef LDAP_OPT_X_TLS
if ( ldap_ssl_flag ) {
ldap_set_option(ld, LDAP_OPT_X_TLS, (void *)&tls_option);
}
+#endif
/* either run the filter or just bind as them ? */
@@ -1657,7 +1672,7 @@
snprintf(filter,malloc_size-1,"(&(%s=%s)%s)", ldap_uidattr, userid, ldap_filter);
/* Now do the search */
- if (ldap_search_ext_s(ld, ldap_basedn, LDAP_SCOPE_SUBTREE, filter,
+ if (SASL_ldap_search_ext_s(ld, ldap_basedn, LDAP_SCOPE_SUBTREE, filter,
attrs, 0, NULL, NULL, LDAP_NO_LIMIT, 1, &result) !=
LDAP_SUCCESS) {
free(filter);
@@ -1680,17 +1695,17 @@
ldap_unbind(ld);
return SASL_BADAUTH;
}
- if (ldap_simple_bind_s(ld,dn,password) != LDAP_SUCCESS) {
+ if (ldap_simple_bind_s(ld,dn,(char *)password) != LDAP_SUCCESS) {
e = NULL;
free(filter);
- ldap_memfree(dn);
+ SASL_ldap_memfree(dn);
ldap_msgfree(result);
ldap_unbind(ld);
return SASL_BADAUTH;
}
e = NULL;
free(filter);
- ldap_memfree(dn);
+ SASL_ldap_memfree(dn);
ldap_msgfree(result);
} else {
@@ -1710,7 +1725,7 @@
* If this is not so I have a version or that too
* Simon@surf.org.uk
*/
- if (ldap_simple_bind_s(ld,dn,password) != LDAP_SUCCESS) {
+ if (ldap_simple_bind_s(ld,dn,(char *)password) != LDAP_SUCCESS) {
free(dn);
ldap_unbind(ld);
return SASL_BADAUTH;
|