]> git.ipfire.org Git - thirdparty/squid.git/blob - helpers/digest_auth/eDirectory/ldap_backend.cc
projects / thirdparty / squid.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Helpers: upgrade digest helpers to C++
[thirdparty/squid.git] / helpers / digest_auth / eDirectory / ldap_backend.cc
1 /*
2 *
3 *
4 *
5 * ldap_backend.c
6 * AUTHOR: Flavio Pescuma, MARA Systems AB <flavio@marasystems.com>
7 */
8 #define SQUID_NO_ALLOC_PROTECT 1
9 #include "config.h"
10
11 #define LDAP_DEPRECATED 1
12
13 #include "ldap_backend.h"
14
15 #ifdef _SQUID_MSWIN_ /* Native Windows port and MinGW */
16
17 #define snprintf _snprintf
18 #include <windows.h>
19 #include <winldap.h>
20 #ifndef LDAPAPI
21 #define LDAPAPI __cdecl
22 #endif
23 #ifdef LDAP_VERSION3
24 #ifndef LDAP_OPT_X_TLS
25 #define LDAP_OPT_X_TLS 0x6000
26 #endif
27 /* Some tricks to allow dynamic bind with ldap_start_tls_s entry point at
28 * run time.
29 */
30 #undef ldap_start_tls_s
31 #if LDAP_UNICODE
32 #define LDAP_START_TLS_S "ldap_start_tls_sW"
33 typedef WINLDAPAPI ULONG(LDAPAPI * PFldap_start_tls_s) (IN PLDAP, OUT PULONG, OUT LDAPMessage **, IN PLDAPControlW *, IN PLDAPControlW *);
34 #else
35 #define LDAP_START_TLS_S "ldap_start_tls_sA"
36 typedef WINLDAPAPI ULONG(LDAPAPI * PFldap_start_tls_s) (IN PLDAP, OUT PULONG, OUT LDAPMessage **, IN PLDAPControlA *, IN PLDAPControlA *);
37 #endif /* LDAP_UNICODE */
38 PFldap_start_tls_s Win32_ldap_start_tls_s;
39 #define ldap_start_tls_s(l,s,c) Win32_ldap_start_tls_s(l,NULL,NULL,s,c)
40 #endif /* LDAP_VERSION3 */
41
42 #else
43
44 #include <lber.h>
45 #include <ldap.h>
46
47 #endif
48 #include "edir_ldapext.h"
49 #define PROGRAM_NAME "digest_pw_auth(LDAP_backend)"
50
51 /* Globals */
52
53 static LDAP *ld = NULL;
54 static const char *passattr = NULL;
55 static char *ldapServer = NULL;
56 static const char *userbasedn = NULL;
57 static const char *userdnattr = NULL;
58 static const char *usersearchfilter = NULL;
59 static const char *binddn = NULL;
60 static const char *bindpasswd = NULL;
61 static const char *delimiter = ":";
62 static int encrpass = 0;
63 static int searchscope = LDAP_SCOPE_SUBTREE;
64 static int persistent = 0;
65 static int noreferrals = 0;
66 static int port = LDAP_PORT;
67 static int strip_nt_domain = 0;
68 static int edir_universal_passwd = 0;
69 static int aliasderef = LDAP_DEREF_NEVER;
70 #if defined(NETSCAPE_SSL)
71 static char *sslpath = NULL;
72 static int sslinit = 0;
73 #endif
74 static int connect_timeout = 0;
75 static int timelimit = LDAP_NO_LIMIT;
76
77 #ifdef LDAP_VERSION3
78 /* Added for TLS support and version 3 */
79 static int use_tls = 0;
80 static int version = -1;
81 #endif
82
83 static void ldapconnect(void);
84 static int readSecret(const char *filename);
85
86 /* Yuck.. we need to glue to different versions of the API */
87
88 #if defined(LDAP_API_VERSION) && LDAP_API_VERSION > 1823
89 static void
90 squid_ldap_set_aliasderef(int deref)
91 {
92 ldap_set_option(ld, LDAP_OPT_DEREF, &deref);
93 }
94 static void
95 squid_ldap_set_referrals(int referrals)
96 {
97 int *value = static_cast<int*>(referrals ? LDAP_OPT_ON :LDAP_OPT_OFF);
98 ldap_set_option(ld, LDAP_OPT_REFERRALS, value);
99 }
100 static void
101 squid_ldap_set_timelimit(int aTimeLimit)
102 {
103 ldap_set_option(ld, LDAP_OPT_TIMELIMIT, &aTimeLimit);
104 }
105 static void
106 squid_ldap_set_connect_timeout(int aTimeLimit)
107 {
108 #if defined(LDAP_OPT_NETWORK_TIMEOUT)
109 struct timeval tv;
110 tv.tv_sec = aTimeLimit;
111 tv.tv_usec = 0;
112 ldap_set_option(ld, LDAP_OPT_NETWORK_TIMEOUT, &tv);
113 #elif defined(LDAP_X_OPT_CONNECT_TIMEOUT)
114 aTimeLimit *= 1000;
115 ldap_set_option(ld, LDAP_X_OPT_CONNECT_TIMEOUT, &aTimeLimit);
116 #endif
117 }
118
119 #else
120 static int
121 squid_ldap_errno(LDAP * ld)
122 {
123 return ld->ld_errno;
124 }
125 static void
126 squid_ldap_set_aliasderef(int deref)
127 {
128 ld->ld_deref = deref;
129 }
130 static void
131 squid_ldap_set_referrals(int referrals)
132 {
133 if (referrals)
134 ld->ld_options |= ~LDAP_OPT_REFERRALS;
135 else
136 ld->ld_options &= ~LDAP_OPT_REFERRALS;
137 }
138 static void
139 squid_ldap_set_timelimit(int aTimeLimit)
140 {
141 ld->ld_timelimit = aTimeLimit;
142 }
143 static void
144 squid_ldap_set_connect_timeout(int aTimeLimit)
145 {
146 fprintf(stderr, "ERROR: Connect timeouts not supported in your LDAP library\n");
147 }
148 static void
149 squid_ldap_memfree(char *p)
150 {
151 free(p);
152 }
153
154 #endif
155
156 #ifdef LDAP_API_FEATURE_X_OPENLDAP
157 #if LDAP_VENDOR_VERSION > 194
158 #define HAS_URI_SUPPORT 1
159 #endif
160 #endif
161
162 static int
163 ldap_escape_value(char *escaped, int size, const char *src)
164 {
165 int n = 0;
166 while (size > 4 && *src) {
167 switch (*src) {
168 case '*':
169 case '(':
170 case ')':
171 case '\\':
172 n += 3;
173 size -= 3;
174 if (size > 0) {
175 *escaped++ = '\\';
176 snprintf(escaped, 3, "%02x", (int) *src++);
177 escaped += 2;
178 }
179 break;
180 default:
181 *escaped++ = *src++;
182 n++;
183 size--;
184 }
185 }
186 *escaped = '\0';
187 return n;
188 }
189
190 static char *
191 getpassword(char *login, char *realm)
192 {
193 LDAPMessage *res = NULL;
194 LDAPMessage *entry;
195 char **values = NULL;
196 char **value = NULL;
197 char *password = NULL;
198 int retry = 0;
199 char filter[8192];
200 char searchbase[8192];
201 char *universal_password = NULL;
202 size_t universal_password_len = 256;
203 int nmas_res = 0;
204 int rc = -1;
205 if (ld) {
206 if (usersearchfilter) {
207 char escaped_login[1024];
208 snprintf(searchbase, sizeof(searchbase), "%s", userbasedn);
209 ldap_escape_value(escaped_login, sizeof(escaped_login), login);
210 snprintf(filter, sizeof(filter), usersearchfilter, escaped_login, escaped_login, escaped_login, escaped_login, escaped_login, escaped_login, escaped_login, escaped_login, escaped_login, escaped_login, escaped_login, escaped_login, escaped_login, escaped_login, escaped_login, escaped_login);
211
212 retrysrch:
213 debug("user filter '%s', searchbase '%s'\n", filter, searchbase);
214
215 rc = ldap_search_s(ld, searchbase, searchscope, filter, NULL, 0, &res);
216 if (rc != LDAP_SUCCESS) {
217 if (noreferrals && rc == LDAP_PARTIAL_RESULTS) {
218 /* Everything is fine. This is expected when referrals
219 * are disabled.
220 */
221 rc = LDAP_SUCCESS;
222 } else {
223 fprintf(stderr, PROGRAM_NAME " WARNING, LDAP search error '%s'\n", ldap_err2string(rc));
224 #if defined(NETSCAPE_SSL)
225 if (sslpath && ((rc == LDAP_SERVER_DOWN) || (rc == LDAP_CONNECT_ERROR))) {
226 int sslerr = PORT_GetError();
227 fprintf(stderr, PROGRAM_NAME ": WARNING, SSL error %d (%s)\n", sslerr, ldapssl_err2string(sslerr));
228 }
229 #endif
230 fprintf(stderr, PROGRAM_NAME " WARNING, LDAP search error, trying to recover'%s'\n", ldap_err2string(rc));
231 ldap_msgfree(res);
232 /* try to connect to the LDAP server agin, maybe my persisten conexion failed. */
233 if (!retry) {
234 retry++;
235 ldap_unbind(ld);
236 ld = NULL;
237 ldapconnect();
238 goto retrysrch;
239 }
240 return NULL;
241
242 }
243 }
244 } else if (userdnattr) {
245 snprintf(searchbase, 8192, "%s=%s, %s", userdnattr, login, userbasedn);
246
247 retrydnattr:
248 debug("searchbase '%s'\n", searchbase);
249 rc = ldap_search_s(ld, searchbase, searchscope, NULL, NULL, 0, &res);
250 }
251 if (rc == LDAP_SUCCESS) {
252 entry = ldap_first_entry(ld, res);
253 if (entry) {
254 debug("ldap dn: %s\n", ldap_get_dn(ld, entry));
255 if (edir_universal_passwd) {
256
257 /* allocate some memory for the universal password returned by NMAS */
258 universal_password = (char*)calloc(1, universal_password_len);
259 values = (char**)calloc(1, sizeof(char *));
260
261 /* actually talk to NMAS to get a password */
262 nmas_res = nds_get_password(ld, ldap_get_dn(ld, entry), &universal_password_len, universal_password);
263 if (nmas_res == LDAP_SUCCESS && universal_password) {
264 debug("NMAS returned value %s\n", universal_password);
265 values[0] = universal_password;
266 } else {
267 debug("Error reading Universal Password: %d = %s\n", nmas_res, ldap_err2string(nmas_res));
268 }
269 } else {
270 values = ldap_get_values(ld, entry, passattr);
271 }
272 } else {
273 ldap_msgfree(res);
274 return NULL;
275 }
276 if (!values) {
277 debug("No attribute value found\n");
278 if (edir_universal_passwd)
279 free(universal_password);
280 ldap_msgfree(res);
281 return NULL;
282 }
283 value = values;
284 while (*value) {
285 if (encrpass) {
286 if (strcmp(strtok(*value, delimiter), realm) == 0) {
287 password = strtok(NULL, delimiter);
288 break;
289 }
290 } else {
291 password = *value;
292 break;
293 }
294 value++;
295 }
296 debug("password: %s\n", password);
297 if (password)
298 password = xstrdup(password);
299 if (edir_universal_passwd) {
300 free(values);
301 free(universal_password);
302 } else {
303 ldap_value_free(values);
304 }
305 ldap_msgfree(res);
306 return password;
307 } else {
308 fprintf(stderr, PROGRAM_NAME " WARNING, LDAP error '%s'\n", ldap_err2string(rc));
309 /* try to connect to the LDAP server agin, maybe my persisten conexion failed. */
310 if (!retry) {
311 retry++;
312 ldap_unbind(ld);
313 ld = NULL;
314 ldapconnect();
315 goto retrydnattr;
316 }
317 return NULL;
318 }
319 }
320 return NULL;
321 }
322
323
324
325 static void
326 ldapconnect(void)
327 {
328 int rc;
329
330 /* On Windows ldap_start_tls_s is available starting from Windows XP,
331 * so we need to bind at run-time with the function entry point
332 */
333 #ifdef _SQUID_MSWIN_
334 if (use_tls) {
335
336 HMODULE WLDAP32Handle;
337
338 WLDAP32Handle = GetModuleHandle("wldap32");
339 if ((Win32_ldap_start_tls_s = (PFldap_start_tls_s) GetProcAddress(WLDAP32Handle, LDAP_START_TLS_S)) == NULL) {
340 fprintf(stderr, PROGRAM_NAME ": ERROR: TLS (-Z) not supported on this platform.\n");
341 exit(1);
342 }
343 }
344 #endif
345
346 if (ld == NULL) {
347 #if HAS_URI_SUPPORT
348 if (strstr(ldapServer, "://") != NULL) {
349 rc = ldap_initialize(&ld, ldapServer);
350 if (rc != LDAP_SUCCESS) {
351 fprintf(stderr, "\nUnable to connect to LDAPURI:%s\n", ldapServer);
352 }
353 } else
354 #endif
355 #if NETSCAPE_SSL
356 if (sslpath) {
357 if (!sslinit && (ldapssl_client_init(sslpath, NULL) != LDAP_SUCCESS)) {
358 fprintf(stderr, "\nUnable to initialise SSL with cert path %s\n",
359 sslpath);
360 exit(1);
361 } else {
362 sslinit++;
363 }
364 if ((ld = ldapssl_init(ldapServer, port, 1)) == NULL) {
365 fprintf(stderr, "\nUnable to connect to SSL LDAP server: %s port:%d\n",
366 ldapServer, port);
367 exit(1);
368 }
369 } else
370 #endif
371 if ((ld = ldap_init(ldapServer, port)) == NULL) {
372 fprintf(stderr, "\nUnable to connect to LDAP server:%s port:%d\n", ldapServer, port);
373 }
374 if (connect_timeout)
375 squid_ldap_set_connect_timeout(connect_timeout);
376
377 #ifdef LDAP_VERSION3
378 if (version == -1) {
379 version = LDAP_VERSION2;
380 }
381 if (ldap_set_option(ld, LDAP_OPT_PROTOCOL_VERSION, &version)
382 != LDAP_SUCCESS) {
383 fprintf(stderr, "Could not set LDAP_OPT_PROTOCOL_VERSION %d\n",
384 version);
385 ldap_unbind(ld);
386 ld = NULL;
387 }
388 if (use_tls) {
389 #ifdef LDAP_OPT_X_TLS
390 if ((version == LDAP_VERSION3) && (ldap_start_tls_s(ld, NULL, NULL) == LDAP_SUCCESS)) {
391 fprintf(stderr, "Could not Activate TLS connection\n");
392 ldap_unbind(ld);
393 ld = NULL;
394 }
395 #else
396 fprintf(stderr, "TLS not supported with your LDAP library\n");
397 ldap_unbind(ld);
398 ld = NULL;
399 #endif
400 }
401 #endif
402 squid_ldap_set_timelimit(timelimit);
403 squid_ldap_set_referrals(!noreferrals);
404 squid_ldap_set_aliasderef(aliasderef);
405 if (binddn && bindpasswd && *binddn && *bindpasswd) {
406 rc = ldap_simple_bind_s(ld, binddn, bindpasswd);
407 if (rc != LDAP_SUCCESS) {
408 fprintf(stderr, PROGRAM_NAME " WARNING, could not bind to binddn '%s'\n", ldap_err2string(rc));
409 ldap_unbind(ld);
410 ld = NULL;
411 }
412 }
413 debug("Connected OK\n");
414 }
415 }
416 int
417 LDAPArguments(int argc, char **argv)
418 {
419 setbuf(stdout, NULL);
420
421 while (argc > 1 && argv[1][0] == '-') {
422 const char *value = "";
423 char option = argv[1][1];
424 switch (option) {
425 case 'P':
426 case 'R':
427 case 'z':
428 case 'Z':
429 case 'g':
430 case 'e':
431 case 'S':
432 case 'n':
433 case 'd':
434 break;
435 default:
436 if (strlen(argv[1]) > 2) {
437 value = argv[1] + 2;
438 } else if (argc > 2) {
439 value = argv[2];
440 argv++;
441 argc--;
442 } else
443 value = "";
444 break;
445 }
446 argv++;
447 argc--;
448 switch (option) {
449 case 'H':
450 #if !HAS_URI_SUPPORT
451 fprintf(stderr, "ERROR: Your LDAP library does not have URI support\n");
452 return 1;
453 #endif
454 /* Fall thru to -h */
455 case 'h':
456 if (ldapServer) {
457 int len = strlen(ldapServer) + 1 + strlen(value) + 1;
458 char *newhost = (char*)malloc(len);
459 snprintf(newhost, len, "%s %s", ldapServer, value);
460 free(ldapServer);
461 ldapServer = newhost;
462 } else {
463 ldapServer = xstrdup(value);
464 }
465 break;
466 case 'A':
467 passattr = value;
468 break;
469 case 'e':
470 encrpass = 1;
471 break;
472 case 'l':
473 delimiter = value;
474 break;
475 case 'b':
476 userbasedn = value;
477 break;
478 case 'F':
479 usersearchfilter = value;
480 break;
481 case 'u':
482 userdnattr = value;
483 break;
484 case 's':
485 if (strcmp(value, "base") == 0)
486 searchscope = LDAP_SCOPE_BASE;
487 else if (strcmp(value, "one") == 0)
488 searchscope = LDAP_SCOPE_ONELEVEL;
489 else if (strcmp(value, "sub") == 0)
490 searchscope = LDAP_SCOPE_SUBTREE;
491 else {
492 fprintf(stderr, PROGRAM_NAME " ERROR: Unknown search scope '%s'\n", value);
493 return 1;
494 }
495 break;
496 case 'S':
497 #if defined(NETSCAPE_SSL)
498 sslpath = value;
499 if (port == LDAP_PORT)
500 port = LDAPS_PORT;
501 #else
502 fprintf(stderr, PROGRAM_NAME " ERROR: -E unsupported with this LDAP library\n");
503 return 1;
504 #endif
505 break;
506 case 'c':
507 connect_timeout = atoi(value);
508 break;
509 case 't':
510 timelimit = atoi(value);
511 break;
512 case 'a':
513 if (strcmp(value, "never") == 0)
514 aliasderef = LDAP_DEREF_NEVER;
515 else if (strcmp(value, "always") == 0)
516 aliasderef = LDAP_DEREF_ALWAYS;
517 else if (strcmp(value, "search") == 0)
518 aliasderef = LDAP_DEREF_SEARCHING;
519 else if (strcmp(value, "find") == 0)
520 aliasderef = LDAP_DEREF_FINDING;
521 else {
522 fprintf(stderr, PROGRAM_NAME " ERROR: Unknown alias dereference method '%s'\n", value);
523 return 1;
524 }
525 break;
526 case 'D':
527 binddn = value;
528 break;
529 case 'w':
530 bindpasswd = value;
531 break;
532 case 'W':
533 readSecret(value);
534 break;
535 case 'P':
536 persistent = !persistent;
537 break;
538 case 'p':
539 port = atoi(value);
540 break;
541 case 'R':
542 noreferrals = !noreferrals;
543 break;
544 #ifdef LDAP_VERSION3
545 case 'v':
546 switch (atoi(value)) {
547 case 2:
548 version = LDAP_VERSION2;
549 break;
550 case 3:
551 version = LDAP_VERSION3;
552 break;
553 default:
554 fprintf(stderr, "Protocol version should be 2 or 3\n");
555 return 1;
556 }
557 break;
558 case 'Z':
559 if (version == LDAP_VERSION2) {
560 fprintf(stderr, "TLS (-Z) is incompatible with version %d\n",
561 version);
562 return 1;
563 }
564 version = LDAP_VERSION3;
565 use_tls = 1;
566 break;
567 #endif
568 case 'd':
569 debug_enabled = 1;
570 break;
571 case 'E':
572 strip_nt_domain = 1;
573 break;
574 case 'n':
575 edir_universal_passwd = 1;
576 break;
577 default:
578 fprintf(stderr, PROGRAM_NAME " ERROR: Unknown command line option '%c'\n", option);
579 return 1;
580 }
581 }
582
583 while (argc > 1) {
584 char *value = argv[1];
585 if (ldapServer) {
586 int len = strlen(ldapServer) + 1 + strlen(value) + 1;
587 char *newhost = (char*)malloc(len);
588 snprintf(newhost, len, "%s %s", ldapServer, value);
589 free(ldapServer);
590 ldapServer = newhost;
591 } else {
592 ldapServer = xstrdup(value);
593 }
594 argc--;
595 argv++;
596 }
597
598 if (!ldapServer)
599 ldapServer = (char *) "localhost";
600
601 if (!userbasedn || !((passattr != NULL) || (edir_universal_passwd && usersearchfilter && version == LDAP_VERSION3 && use_tls))) {
602 fprintf(stderr, "Usage: " PROGRAM_NAME " -b basedn -f filter [options] ldap_server_name\n\n");
603 fprintf(stderr, "\t-A password attribute(REQUIRED)\t\tUser attribute that contains the password\n");
604 fprintf(stderr, "\t-l password realm delimiter(REQUIRED)\tCharater(s) that devides the password attribute\n\t\t\t\t\t\tin realm and password tokens, default ':' realm:password\n");
605 fprintf(stderr, "\t-b basedn (REQUIRED)\t\t\tbase dn under where to search for users\n");
606 fprintf(stderr, "\t-e Encrypted passwords(REQUIRED)\tPassword are stored encrypted using HHA1\n");
607 fprintf(stderr, "\t-F filter\t\t\t\tuser search filter pattern. %%s = login\n");
608 fprintf(stderr, "\t-u attribute\t\t\t\tattribute to use in combination with the basedn to create the user DN\n");
609 fprintf(stderr, "\t-s base|one|sub\t\t\t\tsearch scope\n");
610 fprintf(stderr, "\t-D binddn\t\t\t\tDN to bind as to perform searches\n");
611 fprintf(stderr, "\t-w bindpasswd\t\t\t\tpassword for binddn\n");
612 fprintf(stderr, "\t-W secretfile\t\t\t\tread password for binddn from file secretfile\n");
613 #if HAS_URI_SUPPORT
614 fprintf(stderr, "\t-H URI\t\t\t\t\tLDAPURI (defaults to ldap://localhost)\n");
615 #endif
616 fprintf(stderr, "\t-h server\t\t\t\tLDAP server (defaults to localhost)\n");
617 fprintf(stderr, "\t-p port\t\t\t\t\tLDAP server port (defaults to %d)\n", LDAP_PORT);
618 fprintf(stderr, "\t-P\t\t\t\t\tpersistent LDAP connection\n");
619 #if defined(NETSCAPE_SSL)
620 fprintf(stderr, "\t-E sslcertpath\t\t\t\tenable LDAP over SSL\n");
621 #endif
622 fprintf(stderr, "\t-c timeout\t\t\t\tconnect timeout\n");
623 fprintf(stderr, "\t-t timelimit\t\t\t\tsearch time limit\n");
624 fprintf(stderr, "\t-R\t\t\t\t\tdo not follow referrals\n");
625 fprintf(stderr, "\t-a never|always|search|find\t\twhen to dereference aliases\n");
626 #ifdef LDAP_VERSION3
627 fprintf(stderr, "\t-v 2|3\t\t\t\t\tLDAP version\n");
628 fprintf(stderr, "\t-Z\t\t\t\t\tTLS encrypt the LDAP connection, requires\n\t\t\t\tLDAP version 3\n");
629 #endif
630 fprintf(stderr, "\t-S\t\t\t\t\tStrip NT domain from usernames\n");
631 fprintf(stderr, "\t-n\t\t\t\t\tGet an eDirectory Universal Password from Novell NMAS\n\t\t\t\t\t\t(requires bind credentials, version 3, TLS, and a search filter)\n");
632 fprintf(stderr, "\n");
633 fprintf(stderr, "\tIf you need to bind as a user to perform searches then use the\n\t-D binddn -w bindpasswd or -D binddn -W secretfile options\n\n");
634 return -1;
635 }
636 return 0;
637 }
638 static int
639 readSecret(const char *filename)
640 {
641 char buf[BUFSIZ];
642 char *e = 0;
643 FILE *f;
644
645 if (!(f = fopen(filename, "r"))) {
646 fprintf(stderr, PROGRAM_NAME " ERROR: Can not read secret file %s\n", filename);
647 return 1;
648 }
649 if (!fgets(buf, sizeof(buf) - 1, f)) {
650 fprintf(stderr, PROGRAM_NAME " ERROR: Secret file %s is empty\n", filename);
651 fclose(f);
652 return 1;
653 }
654 /* strip whitespaces on end */
655 if ((e = strrchr(buf, '\n')))
656 *e = 0;
657 if ((e = strrchr(buf, '\r')))
658 *e = 0;
659
660 bindpasswd = xstrdup(buf);
661 if (!bindpasswd) {
662 fprintf(stderr, PROGRAM_NAME " ERROR: can not allocate memory\n");
663 }
664 fclose(f);
665
666 return 0;
667 }
668
669 void
670 LDAPHHA1(RequestData * requestData)
671 {
672 char *password;
673 ldapconnect();
674 password = getpassword(requestData->user, requestData->realm);
675 if (password != NULL) {
676 if (encrpass)
677 xstrncpy(requestData->HHA1, password, sizeof(requestData->HHA1));
678 else {
679 HASH HA1;
680 DigestCalcHA1("md5", requestData->user, requestData->realm, password, NULL, NULL, HA1, requestData->HHA1);
681 }
682 free(password);
683 } else {
684 requestData->error = -1;
685 }
686
687 }
Mirror of https://github.com/squid-cache/squid.git