#! /bin/sh
-# From configure.in Revision: 1.458 .
+# From configure.in Revision.
# Guess values for system-dependent variables and create Makefiles.
# Generated by GNU Autoconf 2.59 for Squid Web Proxy 3.0.PRE6-CVS.
#
rm -f core
- ac_config_files="$ac_config_files Makefile lib/Makefile scripts/Makefile scripts/RunCache scripts/RunAccel src/Makefile src/fs/Makefile src/repl/Makefile src/auth/Makefile contrib/Makefile snmplib/Makefile icons/Makefile errors/Makefile test-suite/Makefile doc/Makefile helpers/Makefile helpers/basic_auth/Makefile helpers/basic_auth/LDAP/Makefile helpers/basic_auth/MSNT/Makefile helpers/basic_auth/NCSA/Makefile helpers/basic_auth/PAM/Makefile helpers/basic_auth/SMB/Makefile helpers/basic_auth/mswin_sspi/Makefile helpers/basic_auth/YP/Makefile helpers/basic_auth/getpwnam/Makefile helpers/basic_auth/multi-domain-NTLM/Makefile helpers/basic_auth/SASL/Makefile helpers/basic_auth/POP3/Makefile helpers/basic_auth/DB/Makefile helpers/digest_auth/Makefile helpers/digest_auth/password/Makefile helpers/digest_auth/ldap/Makefile helpers/ntlm_auth/Makefile helpers/ntlm_auth/fakeauth/Makefile helpers/ntlm_auth/no_check/Makefile helpers/ntlm_auth/SMB/Makefile helpers/ntlm_auth/SMB/smbval/Makefile helpers/ntlm_auth/mswin_sspi/Makefile helpers/negotiate_auth/Makefile helpers/negotiate_auth/mswin_sspi/Makefile helpers/external_acl/Makefile helpers/external_acl/ip_user/Makefile helpers/external_acl/ldap_group/Makefile helpers/external_acl/session/Makefile helpers/external_acl/unix_group/Makefile helpers/external_acl/wbinfo_group/Makefile helpers/external_acl/mswin_lm_group/Makefile tools/Makefile"
+ ac_config_files="$ac_config_files Makefile lib/Makefile scripts/Makefile scripts/RunCache scripts/RunAccel src/Makefile src/fs/Makefile src/repl/Makefile src/auth/Makefile contrib/Makefile snmplib/Makefile icons/Makefile errors/Makefile test-suite/Makefile doc/Makefile helpers/Makefile helpers/basic_auth/Makefile helpers/basic_auth/LDAP/Makefile helpers/basic_auth/MSNT/Makefile helpers/basic_auth/NCSA/Makefile helpers/basic_auth/PAM/Makefile helpers/basic_auth/SMB/Makefile helpers/basic_auth/mswin_sspi/Makefile helpers/basic_auth/YP/Makefile helpers/basic_auth/getpwnam/Makefile helpers/basic_auth/multi-domain-NTLM/Makefile helpers/basic_auth/SASL/Makefile helpers/basic_auth/POP3/Makefile helpers/basic_auth/DB/Makefile helpers/digest_auth/Makefile helpers/digest_auth/password/Makefile helpers/digest_auth/ldap/Makefile helpers/digest_auth/eDirectory/Makefile helpers/ntlm_auth/Makefile helpers/ntlm_auth/fakeauth/Makefile helpers/ntlm_auth/no_check/Makefile helpers/ntlm_auth/SMB/Makefile helpers/ntlm_auth/SMB/smbval/Makefile helpers/ntlm_auth/mswin_sspi/Makefile helpers/negotiate_auth/Makefile helpers/negotiate_auth/mswin_sspi/Makefile helpers/external_acl/Makefile helpers/external_acl/ip_user/Makefile helpers/external_acl/ldap_group/Makefile helpers/external_acl/session/Makefile helpers/external_acl/unix_group/Makefile helpers/external_acl/wbinfo_group/Makefile helpers/external_acl/mswin_lm_group/Makefile tools/Makefile"
"helpers/digest_auth/Makefile" ) CONFIG_FILES="$CONFIG_FILES helpers/digest_auth/Makefile" ;;
"helpers/digest_auth/password/Makefile" ) CONFIG_FILES="$CONFIG_FILES helpers/digest_auth/password/Makefile" ;;
"helpers/digest_auth/ldap/Makefile" ) CONFIG_FILES="$CONFIG_FILES helpers/digest_auth/ldap/Makefile" ;;
+ "helpers/digest_auth/eDirectory/Makefile" ) CONFIG_FILES="$CONFIG_FILES helpers/digest_auth/eDirectory/Makefile" ;;
"helpers/ntlm_auth/Makefile" ) CONFIG_FILES="$CONFIG_FILES helpers/ntlm_auth/Makefile" ;;
"helpers/ntlm_auth/fakeauth/Makefile" ) CONFIG_FILES="$CONFIG_FILES helpers/ntlm_auth/fakeauth/Makefile" ;;
"helpers/ntlm_auth/no_check/Makefile" ) CONFIG_FILES="$CONFIG_FILES helpers/ntlm_auth/no_check/Makefile" ;;
dnl Configuration input file for Squid
dnl
-dnl $Id: configure.in,v 1.458 2007/06/10 12:08:07 hno Exp $
+dnl $Id: configure.in,v 1.459 2007/06/23 20:50:10 hno Exp $
dnl
dnl
dnl
AC_CONFIG_AUX_DIR(cfgaux)
AC_CONFIG_SRCDIR([src/main.cc])
AM_INIT_AUTOMAKE([tar-ustar])
-AC_REVISION($Revision: 1.458 $)dnl
+AC_REVISION($Revision: 1.459 $)dnl
AC_PREFIX_DEFAULT(/usr/local/squid)
AM_MAINTAINER_MODE
helpers/digest_auth/Makefile \
helpers/digest_auth/password/Makefile \
helpers/digest_auth/ldap/Makefile \
+ helpers/digest_auth/eDirectory/Makefile \
helpers/ntlm_auth/Makefile \
helpers/ntlm_auth/fakeauth/Makefile \
helpers/ntlm_auth/no_check/Makefile \
--- /dev/null
+#
+# Makefile for the Squid Object Cache server
+#
+# $Id: Makefile.am,v 1.1 2007/06/23 20:50:10 hno Exp $
+#
+# Uncomment and customize the following to suit your needs:
+#
+
+libexec_PROGRAMS = digest_edir_auth
+digest_edir_auth_SOURCES = digest_pw_auth.c \
+ digest_common.h \
+ ldap_backend.c \
+ ldap_backend.h \
+ edir_ldapext.c \
+ edir_ldapext.h
+INCLUDES = -I. -I$(top_builddir)/include -I$(top_srcdir)/include \
+ -I$(top_srcdir)/src/
+
+LDADD = -L$(top_builddir)/lib -lmiscutil $(LIB_LDAP) $(LIB_LBER) $(CRYPTLIB) $(XTRA_LIBS) $(SSLLIB)
--- /dev/null
+# Makefile.in generated by automake 1.9.6 from Makefile.am.
+# @configure_input@
+
+# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002,
+# 2003, 2004, 2005 Free Software Foundation, Inc.
+# This Makefile.in is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
+# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
+# PARTICULAR PURPOSE.
+
+@SET_MAKE@
+
+#
+# Makefile for the Squid Object Cache server
+#
+# $Id: Makefile.in,v 1.1 2007/06/23 20:50:10 hno Exp $
+#
+# Uncomment and customize the following to suit your needs:
+#
+
+srcdir = @srcdir@
+top_srcdir = @top_srcdir@
+VPATH = @srcdir@
+pkgdatadir = $(datadir)/@PACKAGE@
+pkglibdir = $(libdir)/@PACKAGE@
+pkgincludedir = $(includedir)/@PACKAGE@
+top_builddir = ../../..
+am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
+INSTALL = @INSTALL@
+install_sh_DATA = $(install_sh) -c -m 644
+install_sh_PROGRAM = $(install_sh) -c
+install_sh_SCRIPT = $(install_sh) -c
+INSTALL_HEADER = $(INSTALL_DATA)
+transform = $(program_transform_name)
+NORMAL_INSTALL = :
+PRE_INSTALL = :
+POST_INSTALL = :
+NORMAL_UNINSTALL = :
+PRE_UNINSTALL = :
+POST_UNINSTALL = :
+build_triplet = @build@
+host_triplet = @host@
+libexec_PROGRAMS = digest_edir_auth$(EXEEXT)
+subdir = helpers/digest_auth/eDirectory
+DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in
+ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
+am__aclocal_m4_deps = $(top_srcdir)/acinclude.m4 \
+ $(top_srcdir)/configure.in
+am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
+ $(ACLOCAL_M4)
+mkinstalldirs = $(install_sh) -d
+CONFIG_HEADER = $(top_builddir)/include/autoconf.h
+CONFIG_CLEAN_FILES =
+am__installdirs = "$(DESTDIR)$(libexecdir)"
+libexecPROGRAMS_INSTALL = $(INSTALL_PROGRAM)
+PROGRAMS = $(libexec_PROGRAMS)
+am_digest_edir_auth_OBJECTS = digest_pw_auth.$(OBJEXT) \
+ ldap_backend.$(OBJEXT) edir_ldapext.$(OBJEXT)
+digest_edir_auth_OBJECTS = $(am_digest_edir_auth_OBJECTS)
+digest_edir_auth_LDADD = $(LDADD)
+am__DEPENDENCIES_1 =
+digest_edir_auth_DEPENDENCIES = $(am__DEPENDENCIES_1) \
+ $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \
+ $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1)
+DEFAULT_INCLUDES = -I. -I$(srcdir) -I$(top_builddir)/include
+depcomp = $(SHELL) $(top_srcdir)/cfgaux/depcomp
+am__depfiles_maybe = depfiles
+COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
+ $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
+LTCOMPILE = $(LIBTOOL) --tag=CC --mode=compile $(CC) $(DEFS) \
+ $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) \
+ $(AM_CFLAGS) $(CFLAGS)
+CCLD = $(CC)
+LINK = $(LIBTOOL) --tag=CC --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \
+ $(AM_LDFLAGS) $(LDFLAGS) -o $@
+SOURCES = $(digest_edir_auth_SOURCES)
+DIST_SOURCES = $(digest_edir_auth_SOURCES)
+ETAGS = etags
+CTAGS = ctags
+DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
+ACLOCAL = @ACLOCAL@
+ALLOCA = @ALLOCA@
+AMDEP_FALSE = @AMDEP_FALSE@
+AMDEP_TRUE = @AMDEP_TRUE@
+AMTAR = @AMTAR@
+AR = @AR@
+AR_R = @AR_R@
+AUTH_LIBS = @AUTH_LIBS@
+AUTH_LINKOBJS = @AUTH_LINKOBJS@
+AUTH_MODULES = @AUTH_MODULES@
+AUTH_OBJS = @AUTH_OBJS@
+AUTOCONF = @AUTOCONF@
+AUTOHEADER = @AUTOHEADER@
+AUTOMAKE = @AUTOMAKE@
+AWK = @AWK@
+BASIC_AUTH_HELPERS = @BASIC_AUTH_HELPERS@
+CACHE_HTTP_PORT = @CACHE_HTTP_PORT@
+CACHE_ICP_PORT = @CACHE_ICP_PORT@
+CC = @CC@
+CCDEPMODE = @CCDEPMODE@
+CFLAGS = @CFLAGS@
+CGIEXT = @CGIEXT@
+CPP = @CPP@
+CPPFLAGS = @CPPFLAGS@
+CPPUNITCONFIG = @CPPUNITCONFIG@
+CRYPTLIB = @CRYPTLIB@
+CXX = @CXX@
+CXXCPP = @CXXCPP@
+CXXDEPMODE = @CXXDEPMODE@
+CXXFLAGS = @CXXFLAGS@
+CYGPATH_W = @CYGPATH_W@
+DEFS = @DEFS@
+DEPDIR = @DEPDIR@
+DIGEST_AUTH_HELPERS = @DIGEST_AUTH_HELPERS@
+DISK_LIBS = @DISK_LIBS@
+DISK_LINKOBJS = @DISK_LINKOBJS@
+DISK_PROGRAMS = @DISK_PROGRAMS@
+ECHO = @ECHO@
+ECHO_C = @ECHO_C@
+ECHO_N = @ECHO_N@
+ECHO_T = @ECHO_T@
+EGREP = @EGREP@
+ENABLE_ARP_ACL_FALSE = @ENABLE_ARP_ACL_FALSE@
+ENABLE_ARP_ACL_TRUE = @ENABLE_ARP_ACL_TRUE@
+ENABLE_HTCP_FALSE = @ENABLE_HTCP_FALSE@
+ENABLE_HTCP_TRUE = @ENABLE_HTCP_TRUE@
+ENABLE_IDENT_FALSE = @ENABLE_IDENT_FALSE@
+ENABLE_IDENT_TRUE = @ENABLE_IDENT_TRUE@
+ENABLE_PINGER_FALSE = @ENABLE_PINGER_FALSE@
+ENABLE_PINGER_TRUE = @ENABLE_PINGER_TRUE@
+ENABLE_SSL_FALSE = @ENABLE_SSL_FALSE@
+ENABLE_SSL_TRUE = @ENABLE_SSL_TRUE@
+ENABLE_UNLINKD_FALSE = @ENABLE_UNLINKD_FALSE@
+ENABLE_UNLINKD_TRUE = @ENABLE_UNLINKD_TRUE@
+ENABLE_WIN32SPECIFIC_FALSE = @ENABLE_WIN32SPECIFIC_FALSE@
+ENABLE_WIN32SPECIFIC_TRUE = @ENABLE_WIN32SPECIFIC_TRUE@
+ENABLE_XPROF_STATS_FALSE = @ENABLE_XPROF_STATS_FALSE@
+ENABLE_XPROF_STATS_TRUE = @ENABLE_XPROF_STATS_TRUE@
+EPOLL_LIBS = @EPOLL_LIBS@
+ERR_DEFAULT_LANGUAGE = @ERR_DEFAULT_LANGUAGE@
+ERR_LANGUAGES = @ERR_LANGUAGES@
+EXEEXT = @EXEEXT@
+EXTERNAL_ACL_HELPERS = @EXTERNAL_ACL_HELPERS@
+F77 = @F77@
+FALSE = @FALSE@
+FFLAGS = @FFLAGS@
+ICAP_LIBS = @ICAP_LIBS@
+INSTALL_DATA = @INSTALL_DATA@
+INSTALL_PROGRAM = @INSTALL_PROGRAM@
+INSTALL_SCRIPT = @INSTALL_SCRIPT@
+INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
+LDFLAGS = @LDFLAGS@
+LIBADD_DL = @LIBADD_DL@
+LIBDLMALLOC = @LIBDLMALLOC@
+LIBOBJS = @LIBOBJS@
+LIBREGEX = @LIBREGEX@
+LIBS = @LIBS@
+LIBSASL = @LIBSASL@
+LIBTOOL = @LIBTOOL@
+LIB_DB = @LIB_DB@
+LIB_LBER = @LIB_LBER@
+LIB_LDAP = @LIB_LDAP@
+LIB_MALLOC = @LIB_MALLOC@
+LN = @LN@
+LN_S = @LN_S@
+LTLIBOBJS = @LTLIBOBJS@
+MAINT = @MAINT@
+MAINTAINER_MODE_FALSE = @MAINTAINER_MODE_FALSE@
+MAINTAINER_MODE_TRUE = @MAINTAINER_MODE_TRUE@
+MAKEINFO = @MAKEINFO@
+MAKE_LEAKFINDER_FALSE = @MAKE_LEAKFINDER_FALSE@
+MAKE_LEAKFINDER_TRUE = @MAKE_LEAKFINDER_TRUE@
+MINGW_LIBS = @MINGW_LIBS@
+MKDIR = @MKDIR@
+MV = @MV@
+NEED_OWN_MD5_FALSE = @NEED_OWN_MD5_FALSE@
+NEED_OWN_MD5_TRUE = @NEED_OWN_MD5_TRUE@
+NEED_OWN_SNPRINTF_FALSE = @NEED_OWN_SNPRINTF_FALSE@
+NEED_OWN_SNPRINTF_TRUE = @NEED_OWN_SNPRINTF_TRUE@
+NEED_OWN_STRSEP_FALSE = @NEED_OWN_STRSEP_FALSE@
+NEED_OWN_STRSEP_TRUE = @NEED_OWN_STRSEP_TRUE@
+NEGOTIATE_AUTH_HELPERS = @NEGOTIATE_AUTH_HELPERS@
+NTLM_AUTH_HELPERS = @NTLM_AUTH_HELPERS@
+OBJEXT = @OBJEXT@
+OPT_DEFAULT_HOSTS = @OPT_DEFAULT_HOSTS@
+PACKAGE = @PACKAGE@
+PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@
+PACKAGE_NAME = @PACKAGE_NAME@
+PACKAGE_STRING = @PACKAGE_STRING@
+PACKAGE_TARNAME = @PACKAGE_TARNAME@
+PACKAGE_VERSION = @PACKAGE_VERSION@
+PATH_SEPARATOR = @PATH_SEPARATOR@
+PERL = @PERL@
+RANLIB = @RANLIB@
+REGEXLIB = @REGEXLIB@
+REPL_LIBS = @REPL_LIBS@
+REPL_OBJS = @REPL_OBJS@
+REPL_POLICIES = @REPL_POLICIES@
+RM = @RM@
+SET_MAKE = @SET_MAKE@
+SH = @SH@
+SHELL = @SHELL@
+SNMPLIB = @SNMPLIB@
+SQUID_CFLAGS = @SQUID_CFLAGS@
+SQUID_CPPUNIT_INC = @SQUID_CPPUNIT_INC@
+SQUID_CPPUNIT_LA = @SQUID_CPPUNIT_LA@
+SQUID_CPPUNIT_LIBS = @SQUID_CPPUNIT_LIBS@
+SQUID_CXXFLAGS = @SQUID_CXXFLAGS@
+SSLLIB = @SSLLIB@
+STORE_LIBS = @STORE_LIBS@
+STORE_LINKOBJS = @STORE_LINKOBJS@
+STORE_OBJS = @STORE_OBJS@
+STORE_TESTS = @STORE_TESTS@
+STRIP = @STRIP@
+TRUE = @TRUE@
+USE_AIOPS_WIN32_FALSE = @USE_AIOPS_WIN32_FALSE@
+USE_AIOPS_WIN32_TRUE = @USE_AIOPS_WIN32_TRUE@
+USE_AIO_WIN32_FALSE = @USE_AIO_WIN32_FALSE@
+USE_AIO_WIN32_TRUE = @USE_AIO_WIN32_TRUE@
+USE_DELAY_POOLS_FALSE = @USE_DELAY_POOLS_FALSE@
+USE_DELAY_POOLS_TRUE = @USE_DELAY_POOLS_TRUE@
+USE_DEVPOLL_FALSE = @USE_DEVPOLL_FALSE@
+USE_DEVPOLL_TRUE = @USE_DEVPOLL_TRUE@
+USE_DNSSERVER_FALSE = @USE_DNSSERVER_FALSE@
+USE_DNSSERVER_TRUE = @USE_DNSSERVER_TRUE@
+USE_EPOLL_FALSE = @USE_EPOLL_FALSE@
+USE_EPOLL_TRUE = @USE_EPOLL_TRUE@
+USE_ESI_FALSE = @USE_ESI_FALSE@
+USE_ESI_TRUE = @USE_ESI_TRUE@
+USE_ICAP_CLIENT_FALSE = @USE_ICAP_CLIENT_FALSE@
+USE_ICAP_CLIENT_TRUE = @USE_ICAP_CLIENT_TRUE@
+USE_IPC_WIN32_FALSE = @USE_IPC_WIN32_FALSE@
+USE_IPC_WIN32_TRUE = @USE_IPC_WIN32_TRUE@
+USE_KQUEUE_FALSE = @USE_KQUEUE_FALSE@
+USE_KQUEUE_TRUE = @USE_KQUEUE_TRUE@
+USE_POLL_FALSE = @USE_POLL_FALSE@
+USE_POLL_TRUE = @USE_POLL_TRUE@
+USE_SELECT_FALSE = @USE_SELECT_FALSE@
+USE_SELECT_SIMPLE_FALSE = @USE_SELECT_SIMPLE_FALSE@
+USE_SELECT_SIMPLE_TRUE = @USE_SELECT_SIMPLE_TRUE@
+USE_SELECT_TRUE = @USE_SELECT_TRUE@
+USE_SELECT_WIN32_FALSE = @USE_SELECT_WIN32_FALSE@
+USE_SELECT_WIN32_TRUE = @USE_SELECT_WIN32_TRUE@
+USE_SNMP_FALSE = @USE_SNMP_FALSE@
+USE_SNMP_TRUE = @USE_SNMP_TRUE@
+VERSION = @VERSION@
+WIN32_PSAPI = @WIN32_PSAPI@
+XTRA_LIBS = @XTRA_LIBS@
+XTRA_OBJS = @XTRA_OBJS@
+ac_ct_AR = @ac_ct_AR@
+ac_ct_CC = @ac_ct_CC@
+ac_ct_CXX = @ac_ct_CXX@
+ac_ct_F77 = @ac_ct_F77@
+ac_ct_RANLIB = @ac_ct_RANLIB@
+ac_ct_STRIP = @ac_ct_STRIP@
+am__fastdepCC_FALSE = @am__fastdepCC_FALSE@
+am__fastdepCC_TRUE = @am__fastdepCC_TRUE@
+am__fastdepCXX_FALSE = @am__fastdepCXX_FALSE@
+am__fastdepCXX_TRUE = @am__fastdepCXX_TRUE@
+am__include = @am__include@
+am__leading_dot = @am__leading_dot@
+am__quote = @am__quote@
+am__tar = @am__tar@
+am__untar = @am__untar@
+bindir = @bindir@
+build = @build@
+build_alias = @build_alias@
+build_cpu = @build_cpu@
+build_os = @build_os@
+build_vendor = @build_vendor@
+datadir = @datadir@
+exec_prefix = @exec_prefix@
+host = @host@
+host_alias = @host_alias@
+host_cpu = @host_cpu@
+host_os = @host_os@
+host_vendor = @host_vendor@
+includedir = @includedir@
+infodir = @infodir@
+install_sh = @install_sh@
+libdir = @libdir@
+libexecdir = @libexecdir@
+localstatedir = @localstatedir@
+makesnmplib = @makesnmplib@
+mandir = @mandir@
+mkdir_p = @mkdir_p@
+oldincludedir = @oldincludedir@
+prefix = @prefix@
+program_transform_name = @program_transform_name@
+sbindir = @sbindir@
+sharedstatedir = @sharedstatedir@
+subdirs = @subdirs@
+sysconfdir = @sysconfdir@
+target_alias = @target_alias@
+digest_edir_auth_SOURCES = digest_pw_auth.c \
+ digest_common.h \
+ ldap_backend.c \
+ ldap_backend.h \
+ edir_ldapext.c \
+ edir_ldapext.h
+
+INCLUDES = -I. -I$(top_builddir)/include -I$(top_srcdir)/include \
+ -I$(top_srcdir)/src/
+
+LDADD = -L$(top_builddir)/lib -lmiscutil $(LIB_LDAP) $(LIB_LBER) $(CRYPTLIB) $(XTRA_LIBS) $(SSLLIB)
+all: all-am
+
+.SUFFIXES:
+.SUFFIXES: .c .lo .o .obj
+$(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.am $(am__configure_deps)
+ @for dep in $?; do \
+ case '$(am__configure_deps)' in \
+ *$$dep*) \
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh \
+ && exit 0; \
+ exit 1;; \
+ esac; \
+ done; \
+ echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign helpers/digest_auth/eDirectory/Makefile'; \
+ cd $(top_srcdir) && \
+ $(AUTOMAKE) --foreign helpers/digest_auth/eDirectory/Makefile
+.PRECIOUS: Makefile
+Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
+ @case '$?' in \
+ *config.status*) \
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
+ *) \
+ echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \
+ cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \
+ esac;
+
+$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+
+$(top_srcdir)/configure: @MAINTAINER_MODE_TRUE@ $(am__configure_deps)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+$(ACLOCAL_M4): @MAINTAINER_MODE_TRUE@ $(am__aclocal_m4_deps)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+install-libexecPROGRAMS: $(libexec_PROGRAMS)
+ @$(NORMAL_INSTALL)
+ test -z "$(libexecdir)" || $(mkdir_p) "$(DESTDIR)$(libexecdir)"
+ @list='$(libexec_PROGRAMS)'; for p in $$list; do \
+ p1=`echo $$p|sed 's/$(EXEEXT)$$//'`; \
+ if test -f $$p \
+ || test -f $$p1 \
+ ; then \
+ f=`echo "$$p1" | sed 's,^.*/,,;$(transform);s/$$/$(EXEEXT)/'`; \
+ echo " $(INSTALL_PROGRAM_ENV) $(LIBTOOL) --mode=install $(libexecPROGRAMS_INSTALL) '$$p' '$(DESTDIR)$(libexecdir)/$$f'"; \
+ $(INSTALL_PROGRAM_ENV) $(LIBTOOL) --mode=install $(libexecPROGRAMS_INSTALL) "$$p" "$(DESTDIR)$(libexecdir)/$$f" || exit 1; \
+ else :; fi; \
+ done
+
+uninstall-libexecPROGRAMS:
+ @$(NORMAL_UNINSTALL)
+ @list='$(libexec_PROGRAMS)'; for p in $$list; do \
+ f=`echo "$$p" | sed 's,^.*/,,;s/$(EXEEXT)$$//;$(transform);s/$$/$(EXEEXT)/'`; \
+ echo " rm -f '$(DESTDIR)$(libexecdir)/$$f'"; \
+ rm -f "$(DESTDIR)$(libexecdir)/$$f"; \
+ done
+
+clean-libexecPROGRAMS:
+ @list='$(libexec_PROGRAMS)'; for p in $$list; do \
+ f=`echo $$p|sed 's/$(EXEEXT)$$//'`; \
+ echo " rm -f $$p $$f"; \
+ rm -f $$p $$f ; \
+ done
+digest_edir_auth$(EXEEXT): $(digest_edir_auth_OBJECTS) $(digest_edir_auth_DEPENDENCIES)
+ @rm -f digest_edir_auth$(EXEEXT)
+ $(LINK) $(digest_edir_auth_LDFLAGS) $(digest_edir_auth_OBJECTS) $(digest_edir_auth_LDADD) $(LIBS)
+
+mostlyclean-compile:
+ -rm -f *.$(OBJEXT)
+
+distclean-compile:
+ -rm -f *.tab.c
+
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/digest_pw_auth.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/edir_ldapext.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ldap_backend.Po@am__quote@
+
+.c.o:
+@am__fastdepCC_TRUE@ if $(COMPILE) -MT $@ -MD -MP -MF "$(DEPDIR)/$*.Tpo" -c -o $@ $<; \
+@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/$*.Tpo" "$(DEPDIR)/$*.Po"; else rm -f "$(DEPDIR)/$*.Tpo"; exit 1; fi
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(COMPILE) -c $<
+
+.c.obj:
+@am__fastdepCC_TRUE@ if $(COMPILE) -MT $@ -MD -MP -MF "$(DEPDIR)/$*.Tpo" -c -o $@ `$(CYGPATH_W) '$<'`; \
+@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/$*.Tpo" "$(DEPDIR)/$*.Po"; else rm -f "$(DEPDIR)/$*.Tpo"; exit 1; fi
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(COMPILE) -c `$(CYGPATH_W) '$<'`
+
+.c.lo:
+@am__fastdepCC_TRUE@ if $(LTCOMPILE) -MT $@ -MD -MP -MF "$(DEPDIR)/$*.Tpo" -c -o $@ $<; \
+@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/$*.Tpo" "$(DEPDIR)/$*.Plo"; else rm -f "$(DEPDIR)/$*.Tpo"; exit 1; fi
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(LTCOMPILE) -c -o $@ $<
+
+mostlyclean-libtool:
+ -rm -f *.lo
+
+clean-libtool:
+ -rm -rf .libs _libs
+
+distclean-libtool:
+ -rm -f libtool
+uninstall-info-am:
+
+ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES)
+ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
+ unique=`for i in $$list; do \
+ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+ done | \
+ $(AWK) ' { files[$$0] = 1; } \
+ END { for (i in files) print i; }'`; \
+ mkid -fID $$unique
+tags: TAGS
+
+TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \
+ $(TAGS_FILES) $(LISP)
+ tags=; \
+ here=`pwd`; \
+ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
+ unique=`for i in $$list; do \
+ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+ done | \
+ $(AWK) ' { files[$$0] = 1; } \
+ END { for (i in files) print i; }'`; \
+ if test -z "$(ETAGS_ARGS)$$tags$$unique"; then :; else \
+ test -n "$$unique" || unique=$$empty_fix; \
+ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
+ $$tags $$unique; \
+ fi
+ctags: CTAGS
+CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \
+ $(TAGS_FILES) $(LISP)
+ tags=; \
+ here=`pwd`; \
+ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
+ unique=`for i in $$list; do \
+ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+ done | \
+ $(AWK) ' { files[$$0] = 1; } \
+ END { for (i in files) print i; }'`; \
+ test -z "$(CTAGS_ARGS)$$tags$$unique" \
+ || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \
+ $$tags $$unique
+
+GTAGS:
+ here=`$(am__cd) $(top_builddir) && pwd` \
+ && cd $(top_srcdir) \
+ && gtags -i $(GTAGS_ARGS) $$here
+
+distclean-tags:
+ -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags
+
+distdir: $(DISTFILES)
+ @srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`; \
+ topsrcdirstrip=`echo "$(top_srcdir)" | sed 's|.|.|g'`; \
+ list='$(DISTFILES)'; for file in $$list; do \
+ case $$file in \
+ $(srcdir)/*) file=`echo "$$file" | sed "s|^$$srcdirstrip/||"`;; \
+ $(top_srcdir)/*) file=`echo "$$file" | sed "s|^$$topsrcdirstrip/|$(top_builddir)/|"`;; \
+ esac; \
+ if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
+ dir=`echo "$$file" | sed -e 's,/[^/]*$$,,'`; \
+ if test "$$dir" != "$$file" && test "$$dir" != "."; then \
+ dir="/$$dir"; \
+ $(mkdir_p) "$(distdir)$$dir"; \
+ else \
+ dir=''; \
+ fi; \
+ if test -d $$d/$$file; then \
+ if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
+ cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \
+ fi; \
+ cp -pR $$d/$$file $(distdir)$$dir || exit 1; \
+ else \
+ test -f $(distdir)/$$file \
+ || cp -p $$d/$$file $(distdir)/$$file \
+ || exit 1; \
+ fi; \
+ done
+check-am: all-am
+check: check-am
+all-am: Makefile $(PROGRAMS)
+installdirs:
+ for dir in "$(DESTDIR)$(libexecdir)"; do \
+ test -z "$$dir" || $(mkdir_p) "$$dir"; \
+ done
+install: install-am
+install-exec: install-exec-am
+install-data: install-data-am
+uninstall: uninstall-am
+
+install-am: all-am
+ @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
+
+installcheck: installcheck-am
+install-strip:
+ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
+ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
+ `test -z '$(STRIP)' || \
+ echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install
+mostlyclean-generic:
+
+clean-generic:
+
+distclean-generic:
+ -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
+
+maintainer-clean-generic:
+ @echo "This command is intended for maintainers to use"
+ @echo "it deletes files that may require special tools to rebuild."
+clean: clean-am
+
+clean-am: clean-generic clean-libexecPROGRAMS clean-libtool \
+ mostlyclean-am
+
+distclean: distclean-am
+ -rm -rf ./$(DEPDIR)
+ -rm -f Makefile
+distclean-am: clean-am distclean-compile distclean-generic \
+ distclean-libtool distclean-tags
+
+dvi: dvi-am
+
+dvi-am:
+
+html: html-am
+
+info: info-am
+
+info-am:
+
+install-data-am:
+
+install-exec-am: install-libexecPROGRAMS
+
+install-info: install-info-am
+
+install-man:
+
+installcheck-am:
+
+maintainer-clean: maintainer-clean-am
+ -rm -rf ./$(DEPDIR)
+ -rm -f Makefile
+maintainer-clean-am: distclean-am maintainer-clean-generic
+
+mostlyclean: mostlyclean-am
+
+mostlyclean-am: mostlyclean-compile mostlyclean-generic \
+ mostlyclean-libtool
+
+pdf: pdf-am
+
+pdf-am:
+
+ps: ps-am
+
+ps-am:
+
+uninstall-am: uninstall-info-am uninstall-libexecPROGRAMS
+
+.PHONY: CTAGS GTAGS all all-am check check-am clean clean-generic \
+ clean-libexecPROGRAMS clean-libtool ctags distclean \
+ distclean-compile distclean-generic distclean-libtool \
+ distclean-tags distdir dvi dvi-am html html-am info info-am \
+ install install-am install-data install-data-am install-exec \
+ install-exec-am install-info install-info-am \
+ install-libexecPROGRAMS install-man install-strip installcheck \
+ installcheck-am installdirs maintainer-clean \
+ maintainer-clean-generic mostlyclean mostlyclean-compile \
+ mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \
+ tags uninstall uninstall-am uninstall-info-am \
+ uninstall-libexecPROGRAMS
+
+# Tell versions [3.59,3.63) of GNU make to not export all variables.
+# Otherwise a system limit (for SysV at least) may be exceeded.
+.NOEXPORT:
--- /dev/null
+#!/bin/sh
+if [ -f /usr/include/ldap.h ]; then
+ exit 0
+fi
+if [ -f /usr/include/winldap.h ]; then
+ exit 0
+fi
+exit 1
--- /dev/null
+/*
+ * digest_common.h
+ *
+ * AUTHOR: Robert Collins.
+ *
+ * Digest helper API details.
+ *
+ * Copyright (c) 2003 Robert Collins <robertc@squid-cache.org>
+ */
+
+#ifndef _SQUID_DIGEST_COMMON_H_
+#define _SQUID_DIGEST_COMMON_H_
+
+#include "config.h"
+#if HAVE_STDIO_H
+#include <stdio.h>
+#endif
+#if HAVE_STDLIB_H
+#include <stdlib.h>
+#endif
+#if HAVE_UNISTD_H
+#include <unistd.h>
+#endif
+#if HAVE_STRING_H
+#include <string.h>
+#endif
+#if HAVE_SYS_TYPES_H
+#include <sys/types.h>
+#endif
+#if HAVE_SYS_STAT_H
+#include <sys/stat.h>
+#endif
+#if HAVE_CRYPT_H
+#include <crypt.h>
+#endif
+
+#include "util.h"
+#include "hash.h"
+#include "rfc2617.h"
+
+typedef struct _request_data {
+ char *user;
+ char *realm;
+ char *password;
+ HASHHEX HHA1;
+ int parsed;
+ int error;
+} RequestData;
+
+/* to use a backend, include your backend.h file
+ * and define thusly:
+ * #define ProcessArguments(A, B) MyHandleArguments(A,B)
+ * #define GetHHA1(A) MyGetHHA1(A)
+ */
+typedef void HandleArguments(int, char **);
+typedef void HHA1Creator(RequestData *);
+#endif /* _SQUID_DIGEST_COMMON_H_ */
--- /dev/null
+/*
+ * digest_pw_auth.c
+ *
+ * AUTHOR: Robert Collins. Based on ncsa_auth.c by Arjan de Vet
+ * <Arjan.deVet@adv.iae.nl>
+ * LDAP backend extension by Flavio Pescuma, MARA Systems AB <flavio@marasystems.com>
+ *
+ * Example digest authentication program for Squid, based on the original
+ * proxy_auth code from client_side.c, written by
+ * Jon Thackray <jrmt@uk.gdscorp.com>.
+ *
+ * - comment lines are possible and should start with a '#';
+ * - empty or blank lines are possible;
+ * - file format is username:password
+ *
+ * To build a directory integrated backend, you need to be able to
+ * calculate the HA1 returned to squid. To avoid storing a plaintext
+ * password you can calculate MD5(username:realm:password) when the
+ * user changes their password, and store the tuple username:realm:HA1.
+ * then find the matching username:realm when squid asks for the
+ * HA1.
+ *
+ * This implementation could be improved by using such a triple for
+ * the file format. However storing such a triple does little to
+ * improve security: If compromised the username:realm:HA1 combination
+ * is "plaintext equivalent" - for the purposes of digest authentication
+ * they allow the user access. Password syncronisation is not tackled
+ * by digest - just preventing on the wire compromise.
+ *
+ * Copyright (c) 2003 Robert Collins <robertc@squid-cache.org>
+ */
+
+#include "digest_common.h"
+#include "ldap_backend.h"
+#define PROGRAM_NAME "digest_ldap_auth"
+
+
+void
+GetHHA1(RequestData * requestData)
+{
+ LDAPHHA1(requestData);
+}
+
+static void
+ParseBuffer(char *buf, RequestData * requestData)
+{
+ char *p;
+ requestData->parsed = 0;
+ if ((p = strchr(buf, '\n')) != NULL)
+ *p = '\0'; /* strip \n */
+ if ((requestData->user = strtok(buf, "\"")) == NULL)
+ return;
+ if ((requestData->realm = strtok(NULL, "\"")) == NULL)
+ return;
+ if ((requestData->realm = strtok(NULL, "\"")) == NULL)
+ return;
+ requestData->parsed = -1;
+}
+
+static void
+OutputHHA1(RequestData * requestData)
+{
+ requestData->error = 0;
+ GetHHA1(requestData);
+ if (requestData->error) {
+ printf("ERR No such user\n");
+ return;
+ }
+ printf("%s\n", requestData->HHA1);
+}
+
+static void
+DoOneRequest(char *buf)
+{
+ RequestData requestData;
+ ParseBuffer(buf, &requestData);
+ if (!requestData.parsed) {
+ printf("ERR\n");
+ return;
+ }
+ OutputHHA1(&requestData);
+}
+
+void
+ProcessArguments(int argc, char **argv)
+{
+ int i;
+ i = LDAPArguments(argc, argv);
+ if (i)
+ exit(i);
+}
+
+int
+main(int argc, char **argv)
+{
+ char buf[256];
+ setbuf(stdout, NULL);
+ ProcessArguments(argc, argv);
+ while (fgets(buf, 256, stdin) != NULL)
+ DoOneRequest(buf);
+ exit(0);
+}
--- /dev/null
+/*
+ * Copyright (C) 2002-2004 Novell, Inc.
+ *
+ * edir_ldapext.c LDAP extension for reading eDirectory universal password
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of version 2 of the GNU General Public License as published
+ * by the Free Software Foundation.
+ *
+ * This program is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for
+ * more details.
+ *
+ * You should have received a copy of the GNU General Public License along with
+ * this program; if not, contact Novell, Inc.
+ *
+ * To contact Novell about this file by physical or electronic mail, you may
+ * find current contact information at www.novell.com.
+ */
+
+#include <ldap.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <strings.h>
+/* NMAS error codes */
+#define NMAS_E_BASE (-1600)
+
+#define NMAS_SUCCESS 0
+#define NMAS_E_SUCCESS NMAS_SUCCESS /* Alias */
+#define NMAS_OK NMAS_SUCCESS /* Alias */
+
+#define NMAS_E_FRAG_FAILURE (NMAS_E_BASE-31) /* -1631 0xFFFFF9A1 */
+#define NMAS_E_BUFFER_OVERFLOW (NMAS_E_BASE-33) /* -1633 0xFFFFF99F */
+#define NMAS_E_SYSTEM_RESOURCES (NMAS_E_BASE-34) /* -1634 0xFFFFF99E */
+#define NMAS_E_INSUFFICIENT_MEMORY (NMAS_E_BASE-35) /* -1635 0xFFFFF99D */
+#define NMAS_E_NOT_SUPPORTED (NMAS_E_BASE-36) /* -1636 0xFFFFF99C */
+#define NMAS_E_INVALID_PARAMETER (NMAS_E_BASE-43) /* -1643 0xFFFFF995 */
+#define NMAS_E_INVALID_VERSION (NMAS_E_BASE-52) /* -1652 0xFFFFF98C */
+
+/* OID of LDAP extenstion calls to read Universal Password */
+#define NMASLDAP_GET_PASSWORD_REQUEST "2.16.840.1.113719.1.39.42.100.13"
+#define NMASLDAP_GET_PASSWORD_RESPONSE "2.16.840.1.113719.1.39.42.100.14"
+
+#define NMAS_LDAP_EXT_VERSION 1
+
+
+
+/* ------------------------------------------------------------------------
+ * berEncodePasswordData
+ * ==============================
+ * RequestBer contents:
+ * clientVersion INTEGER
+ * targetObjectDN OCTET STRING
+ * password1 OCTET STRING
+ * password2 OCTET STRING
+ *
+ * Description:
+ * This function takes the request BER value and input data items
+ * and BER encodes the data into the BER value
+ *
+ * ------------------------------------------------------------------------ */
+int berEncodePasswordData(
+ struct berval **requestBV,
+ char *objectDN,
+ char *password,
+ char *password2)
+{
+ int err = 0, rc=0;
+ BerElement *requestBer = NULL;
+
+ char * utf8ObjPtr = NULL;
+ int utf8ObjSize = 0;
+ char * utf8PwdPtr = NULL;
+ int utf8PwdSize = 0;
+ char * utf8Pwd2Ptr = NULL;
+ int utf8Pwd2Size = 0;
+
+
+ utf8ObjSize = strlen(objectDN)+1;
+ utf8ObjPtr = objectDN;
+
+ if (password != NULL)
+ {
+ utf8PwdSize = strlen(password)+1;
+ utf8PwdPtr = password;
+ }
+
+ if (password2 != NULL)
+ {
+ utf8Pwd2Size = strlen(password2)+1;
+ utf8Pwd2Ptr = password2;
+ }
+
+ /* Allocate a BerElement for the request parameters.*/
+ if((requestBer = ber_alloc()) == NULL)
+ {
+ err = NMAS_E_FRAG_FAILURE;
+ goto Cleanup;
+ }
+
+ if (password != NULL && password2 != NULL)
+ {
+ /* BER encode the NMAS Version, the objectDN, and the password */
+ rc = ber_printf(requestBer, "{iooo}", NMAS_LDAP_EXT_VERSION, utf8ObjPtr, utf8ObjSize, utf8PwdPtr, utf8PwdSize, utf8Pwd2Ptr, utf8Pwd2Size);
+ }
+ else if (password != NULL)
+ {
+ /* BER encode the NMAS Version, the objectDN, and the password */
+ rc = ber_printf(requestBer, "{ioo}", NMAS_LDAP_EXT_VERSION, utf8ObjPtr, utf8ObjSize, utf8PwdPtr, utf8PwdSize);
+ }
+ else
+ {
+ /* BER encode the NMAS Version and the objectDN */
+ rc = ber_printf(requestBer, "{io}", NMAS_LDAP_EXT_VERSION, utf8ObjPtr, utf8ObjSize);
+ }
+
+ if (rc < 0)
+ {
+ err = NMAS_E_FRAG_FAILURE;
+ goto Cleanup;
+ }
+ else
+ {
+ err = 0;
+ }
+
+ /*
+ * Convert the BER we just built to a berval that we'll send with the extended request.
+ */
+ if(ber_flatten(requestBer, requestBV) == LBER_ERROR)
+ {
+ err = NMAS_E_FRAG_FAILURE;
+ goto Cleanup;
+ }
+
+Cleanup:
+
+ if(requestBer)
+ {
+ ber_free(requestBer, 1);
+ }
+
+ return err;
+} /* End of berEncodePasswordData */
+
+/* ------------------------------------------------------------------------
+ * berDecodeLoginData()
+ * ==============================
+ * ResponseBer contents:
+ * serverVersion INTEGER
+ * error INTEGER
+ * data OCTET STRING
+ *
+ * Description:
+ * This function takes the reply BER Value and decodes the
+ * NMAS server version and return code and if a non null retData
+ * buffer was supplied, tries to decode the the return data and length
+ *
+ * ------------------------------------------------------------------------ */
+int berDecodeLoginData(
+ struct berval *replyBV,
+ int *serverVersion,
+ size_t *retDataLen,
+ void *retData )
+{
+ int rc=0, err = 0;
+ BerElement *replyBer = NULL;
+ char *retOctStr = NULL;
+ size_t retOctStrLen = 0;
+
+ if((replyBer = ber_init(replyBV)) == NULL)
+ {
+ err = NMAS_E_SYSTEM_RESOURCES;
+ goto Cleanup;
+ }
+
+ if(retData)
+ {
+ retOctStrLen = *retDataLen + 1;
+ retOctStr = (char *)malloc(retOctStrLen);
+ if(!retOctStr)
+ {
+ err = NMAS_E_SYSTEM_RESOURCES;
+ goto Cleanup;
+ }
+
+ if( (rc = ber_scanf(replyBer, "{iis}", serverVersion, &err, retOctStr, &retOctStrLen)) != -1)
+ {
+ if (*retDataLen >= retOctStrLen)
+ {
+ memcpy(retData, retOctStr, retOctStrLen);
+ }
+ else if (!err)
+ {
+ err = NMAS_E_BUFFER_OVERFLOW;
+ }
+
+ *retDataLen = retOctStrLen;
+ }
+ else if (!err)
+ {
+ err = NMAS_E_FRAG_FAILURE;
+ }
+ }
+ else
+ {
+ if( (rc = ber_scanf(replyBer, "{ii}", serverVersion, &err)) == -1)
+ {
+ if (!err)
+ {
+ err = NMAS_E_FRAG_FAILURE;
+ }
+ }
+ }
+
+Cleanup:
+
+ if(replyBer)
+ {
+ ber_free(replyBer, 1);
+ }
+
+ if (retOctStr != NULL)
+ {
+ memset(retOctStr, 0, retOctStrLen);
+ free(retOctStr);
+ }
+
+ return err;
+} /* End of berDecodeLoginData */
+
+/* -----------------------------------------------------------------------
+ * nmasldap_get_password()
+ * ==============================
+ *
+ * Description:
+ * This API attempts to get the universal password
+ *
+ * ------------------------------------------------------------------------ */
+int nmasldap_get_password(
+ LDAP *ld,
+ char *objectDN,
+ size_t *pwdSize, // in bytes
+ char *pwd )
+{
+ int err = 0;
+
+ struct berval *requestBV = NULL;
+ char *replyOID = NULL;
+ struct berval *replyBV = NULL;
+ int serverVersion;
+ char *pwdBuf;
+ size_t pwdBufLen, bufferLen;
+
+#ifdef NOT_N_PLAT_NLM
+ int currentThreadGroupID;
+#endif
+
+ /* Validate char parameters. */
+ if(objectDN == NULL || (strlen(objectDN) == 0) || pwdSize == NULL || ld == NULL)
+ {
+ return NMAS_E_INVALID_PARAMETER;
+ }
+
+ bufferLen = pwdBufLen = *pwdSize;
+ pwdBuf = (char *)malloc(pwdBufLen+2);
+ if(pwdBuf == NULL)
+ {
+ return NMAS_E_INSUFFICIENT_MEMORY;
+ }
+
+#ifdef NOT_N_PLAT_NLM
+ currentThreadGroupID = SetThreadGroupID(nmasLDAPThreadGroupID);
+#endif
+
+ err = berEncodePasswordData(&requestBV, objectDN, NULL, NULL);
+ if(err)
+ {
+ goto Cleanup;
+ }
+
+ /* Call the ldap_extended_operation (synchronously) */
+ if((err = ldap_extended_operation_s(ld, NMASLDAP_GET_PASSWORD_REQUEST, requestBV, NULL, NULL, &replyOID, &replyBV)))
+ {
+ goto Cleanup;
+ }
+
+ /* Make sure there is a return OID */
+ if(!replyOID)
+ {
+ err = NMAS_E_NOT_SUPPORTED;
+ goto Cleanup;
+ }
+
+ /* Is this what we were expecting to get back. */
+ if(strcmp(replyOID, NMASLDAP_GET_PASSWORD_RESPONSE))
+ {
+ err = NMAS_E_NOT_SUPPORTED;
+ goto Cleanup;
+ }
+
+ /* Do we have a good returned berval? */
+ if(!replyBV)
+ {
+ /*
+ * No; returned berval means we experienced a rather drastic error.
+ * Return operations error.
+ */
+ err = NMAS_E_SYSTEM_RESOURCES;
+ goto Cleanup;
+ }
+
+ err = berDecodeLoginData(replyBV, &serverVersion, &pwdBufLen, pwdBuf);
+
+ if(serverVersion != NMAS_LDAP_EXT_VERSION)
+ {
+ err = NMAS_E_INVALID_VERSION;
+ goto Cleanup;
+ }
+
+ if (!err && pwdBufLen != 0)
+ {
+ if (*pwdSize >= pwdBufLen+1 && pwd != NULL)
+ {
+ memcpy(pwd, pwdBuf, pwdBufLen);
+ pwd[pwdBufLen] = 0; /* add null termination */
+ }
+ *pwdSize = pwdBufLen; /* does not include null termination */
+ }
+
+Cleanup:
+
+ if(replyBV)
+ {
+ ber_bvfree(replyBV);
+ }
+
+ /* Free the return OID string if one was returned. */
+ if(replyOID)
+ {
+ ldap_memfree(replyOID);
+ }
+
+ /* Free memory allocated while building the request ber and berval. */
+ if(requestBV)
+ {
+ ber_bvfree(requestBV);
+ }
+
+ if (pwdBuf != NULL)
+ {
+ memset(pwdBuf, 0, bufferLen);
+ free(pwdBuf);
+ }
+
+#ifdef NOT_N_PLAT_NLM
+ SetThreadGroupID(currentThreadGroupID);
+#endif
+
+ /* Return the appropriate error/success code. */
+ return err;
+} /* end of nmasldap_get_password */
--- /dev/null
+/*
+ * edir_ldapext.h
+ *
+ * AUTHOR: Guy Antony Halse <g.halse@ru.ac.za>
+ *
+ * stubs for FreeRadius's edir_ldapext.h
+ *
+ */
+#include <ldap.h>
+
+#define UNIVERSAL_PASS_LEN 256
+#define NMAS_SUCCESS 0
+
+extern int berEncodePasswordData(struct berval **requestBV, char *objectDN, char *password, char *password2);
+extern int berDecodeLoginData(struct berval *replyBV, int *serverVersion, size_t *retDataLen, void *retData);
+extern int nmasldap_get_password(LDAP *ld, char *objectDN, size_t *pwdSize, char *pwd);
--- /dev/null
+/*
+ *
+ *
+ *
+ * ldap_backend.c
+ * AUTHOR: Flavio Pescuma, MARA Systems AB <flavio@marasystems.com>
+ */
+
+#define LDAP_DEPRECATED 1
+
+#include <stdio.h>
+#include <string.h>
+#include <stdlib.h>
+#include <ctype.h>
+#include "ldap_backend.h"
+#include "edir_ldapext.h"
+
+#ifdef _SQUID_MSWIN_ /* Native Windows port and MinGW */
+
+#define snprintf _snprintf
+#include <windows.h>
+#include <winldap.h>
+#ifndef LDAPAPI
+#define LDAPAPI __cdecl
+#endif
+#ifdef LDAP_VERSION3
+#ifndef LDAP_OPT_X_TLS
+#define LDAP_OPT_X_TLS 0x6000
+#endif
+/* Some tricks to allow dynamic bind with ldap_start_tls_s entry point at
+ * run time.
+ */
+#undef ldap_start_tls_s
+#if LDAP_UNICODE
+#define LDAP_START_TLS_S "ldap_start_tls_sW"
+typedef WINLDAPAPI ULONG(LDAPAPI * PFldap_start_tls_s) (IN PLDAP, OUT PULONG, OUT LDAPMessage **, IN PLDAPControlW *, IN PLDAPControlW *);
+#else
+#define LDAP_START_TLS_S "ldap_start_tls_sA"
+typedef WINLDAPAPI ULONG(LDAPAPI * PFldap_start_tls_s) (IN PLDAP, OUT PULONG, OUT LDAPMessage **, IN PLDAPControlA *, IN PLDAPControlA *);
+#endif /* LDAP_UNICODE */
+PFldap_start_tls_s Win32_ldap_start_tls_s;
+#define ldap_start_tls_s(l,s,c) Win32_ldap_start_tls_s(l,NULL,NULL,s,c)
+#endif /* LDAP_VERSION3 */
+
+#else
+
+#include <lber.h>
+#include <ldap.h>
+
+#endif
+#define PROGRAM_NAME "digest_pw_auth(LDAP_backend)"
+
+/* Globals */
+
+static LDAP *ld = NULL;
+static char *passattr = NULL;
+static char *ldapServer = NULL;
+static char *userbasedn = NULL;
+static char *userdnattr = NULL;
+static char *usersearchfilter = NULL;
+static char *binddn = NULL;
+static char *bindpasswd = NULL;
+static char *delimiter = ":";
+static int encrpass = 0;
+static int searchscope = LDAP_SCOPE_SUBTREE;
+static int persistent = 0;
+static int noreferrals = 0;
+static int debug = 0;
+static int port = LDAP_PORT;
+static int strip_nt_domain = 0;
+static int edir_universal_passwd = 0;
+static int aliasderef = LDAP_DEREF_NEVER;
+#if defined(NETSCAPE_SSL)
+static char *sslpath = NULL;
+static int sslinit = 0;
+#endif
+static int connect_timeout = 0;
+static int timelimit = LDAP_NO_LIMIT;
+
+#ifdef LDAP_VERSION3
+/* Added for TLS support and version 3 */
+static int use_tls = 0;
+static int version = -1;
+#endif
+
+static void ldapconnect(void);
+static int readSecret(char *filename);
+
+/* Yuck.. we need to glue to different versions of the API */
+
+#if defined(LDAP_API_VERSION) && LDAP_API_VERSION > 1823
+static void
+squid_ldap_set_aliasderef(int deref)
+{
+ ldap_set_option(ld, LDAP_OPT_DEREF, &deref);
+}
+static void
+squid_ldap_set_referrals(int referrals)
+{
+ int *value = referrals ? LDAP_OPT_ON : LDAP_OPT_OFF;
+ ldap_set_option(ld, LDAP_OPT_REFERRALS, value);
+}
+static void
+squid_ldap_set_timelimit(int timelimit)
+{
+ ldap_set_option(ld, LDAP_OPT_TIMELIMIT, &timelimit);
+}
+static void
+squid_ldap_set_connect_timeout(int timelimit)
+{
+#if defined(LDAP_OPT_NETWORK_TIMEOUT)
+ struct timeval tv;
+ tv.tv_sec = timelimit;
+ tv.tv_usec = 0;
+ ldap_set_option(ld, LDAP_OPT_NETWORK_TIMEOUT, &tv);
+#elif defined(LDAP_X_OPT_CONNECT_TIMEOUT)
+ timelimit *= 1000;
+ ldap_set_option(ld, LDAP_X_OPT_CONNECT_TIMEOUT, &timelimit);
+#endif
+}
+
+#else
+static int
+squid_ldap_errno(LDAP * ld)
+{
+ return ld->ld_errno;
+}
+static void
+squid_ldap_set_aliasderef(int deref)
+{
+ ld->ld_deref = deref;
+}
+static void
+squid_ldap_set_referrals(int referrals)
+{
+ if (referrals)
+ ld->ld_options |= ~LDAP_OPT_REFERRALS;
+ else
+ ld->ld_options &= ~LDAP_OPT_REFERRALS;
+}
+static void
+squid_ldap_set_timelimit(int timelimit)
+{
+ ld->ld_timelimit = timelimit;
+}
+static void
+squid_ldap_set_connect_timeout(int timelimit)
+{
+ fprintf(stderr, "Connect timeouts not supported in your LDAP library\n");
+}
+static void
+squid_ldap_memfree(char *p)
+{
+ free(p);
+}
+
+#endif
+
+#ifdef LDAP_API_FEATURE_X_OPENLDAP
+#if LDAP_VENDOR_VERSION > 194
+#define HAS_URI_SUPPORT 1
+#endif
+#endif
+
+static int
+ldap_escape_value(char *escaped, int size, const char *src)
+{
+ int n = 0;
+ while (size > 4 && *src) {
+ switch (*src) {
+ case '*':
+ case '(':
+ case ')':
+ case '\\':
+ n += 3;
+ size -= 3;
+ if (size > 0) {
+ *escaped++ = '\\';
+ snprintf(escaped, 3, "%02x", (int) *src++);
+ escaped += 2;
+ }
+ break;
+ default:
+ *escaped++ = *src++;
+ n++;
+ size--;
+ }
+ }
+ *escaped = '\0';
+ return n;
+}
+
+static char *
+getpassword(char *login, char *realm)
+{
+ LDAPMessage *res = NULL;
+ LDAPMessage *entry;
+ char **values = NULL;
+ char **value = NULL;
+ char *password = NULL;
+ int retry = 0;
+ char filter[8192];
+ char searchbase[8192];
+ char *universal_password = NULL;
+ size_t universal_password_len = UNIVERSAL_PASS_LEN;
+ int nmas_res = 0;
+ int rc = -1;
+ if (ld) {
+ if (usersearchfilter) {
+ char escaped_login[1024];
+ snprintf(searchbase, sizeof(searchbase), "%s", userbasedn);
+ ldap_escape_value(escaped_login, sizeof(escaped_login), login);
+ snprintf(filter, sizeof(filter), usersearchfilter, escaped_login, escaped_login, escaped_login, escaped_login, escaped_login, escaped_login, escaped_login, escaped_login, escaped_login, escaped_login, escaped_login, escaped_login, escaped_login, escaped_login, escaped_login, escaped_login);
+
+ retrysrch:
+ if (debug)
+ fprintf(stderr, "user filter '%s', searchbase '%s'\n", filter, searchbase);
+
+ rc = ldap_search_s(ld, searchbase, searchscope, filter, NULL, 0, &res);
+ if (rc != LDAP_SUCCESS) {
+ if (noreferrals && rc == LDAP_PARTIAL_RESULTS) {
+ /* Everything is fine. This is expected when referrals
+ * are disabled.
+ */
+ rc = LDAP_SUCCESS;
+ } else {
+ fprintf(stderr, PROGRAM_NAME " WARNING, LDAP search error '%s'\n", ldap_err2string(rc));
+#if defined(NETSCAPE_SSL)
+ if (sslpath && ((rc == LDAP_SERVER_DOWN) || (rc == LDAP_CONNECT_ERROR))) {
+ int sslerr = PORT_GetError();
+ fprintf(stderr, PROGRAM_NAME ": WARNING, SSL error %d (%s)\n", sslerr, ldapssl_err2string(sslerr));
+ }
+#endif
+ fprintf(stderr, PROGRAM_NAME " WARNING, LDAP search error, trying to recover'%s'\n", ldap_err2string(rc));
+ ldap_msgfree(res);
+ /* try to connect to the LDAP server agin, maybe my persisten conexion failed. */
+ if (!retry) {
+ retry++;
+ ldap_unbind(ld);
+ ld = NULL;
+ ldapconnect();
+ goto retrysrch;
+ }
+ return NULL;
+
+ }
+ }
+ } else if (userdnattr) {
+ sprintf(searchbase, "%s=%s, %s", userdnattr, login, userbasedn);
+
+ retrydnattr:
+ if (debug)
+ fprintf(stderr, "searchbase '%s'\n", searchbase);
+ rc = ldap_search_s(ld, searchbase, searchscope, NULL, NULL, 0, &res);
+ }
+ if (rc == LDAP_SUCCESS) {
+ entry = ldap_first_entry(ld, res);
+ if (entry) {
+ if (debug)
+ printf("ldap dn: %s\n", ldap_get_dn(ld, entry));
+ if (edir_universal_passwd) {
+
+ /* allocate some memory for the universal password returned by NMAS */
+ universal_password = malloc(universal_password_len);
+ memset(universal_password, 0, universal_password_len);
+ values = malloc(sizeof(char *));
+
+ /* actually talk to NMAS to get a password */
+ nmas_res = nmasldap_get_password(ld, ldap_get_dn(ld, entry), &universal_password_len, universal_password);
+ if (nmas_res == NMAS_SUCCESS && universal_password) {
+ if (debug)
+ printf("NMAS returned value %s\n", universal_password);
+ values[0] = universal_password;
+ } else {
+ if (debug)
+ printf("Error reading Universal Password: %d = %s\n", nmas_res, ldap_err2string(nmas_res));
+ }
+ } else {
+ values = ldap_get_values(ld, entry, passattr);
+ }
+ } else {
+ ldap_msgfree(res);
+ return NULL;
+ }
+ if (!values) {
+ if (debug)
+ printf("No attribute value found\n");
+ if (edir_universal_passwd)
+ free(universal_password);
+ ldap_msgfree(res);
+ return NULL;
+ }
+ value = values;
+ while (*value) {
+ if (encrpass) {
+ if (strcmp(strtok(*value, delimiter), realm) == 0) {
+ password = strtok(NULL, delimiter);
+ break;
+ }
+ } else {
+ password = *value;
+ break;
+ }
+ value++;
+ }
+ if (debug)
+ printf("password: %s\n", password);
+ if (password)
+ password = strdup(password);
+ if (edir_universal_passwd) {
+ free(values);
+ free(universal_password);
+ } else {
+ ldap_value_free(values);
+ }
+ ldap_msgfree(res);
+ return password;
+ } else {
+ fprintf(stderr, PROGRAM_NAME " WARNING, LDAP error '%s'\n", ldap_err2string(rc));
+ /* try to connect to the LDAP server agin, maybe my persisten conexion failed. */
+ if (!retry) {
+ retry++;
+ ldap_unbind(ld);
+ ld = NULL;
+ ldapconnect();
+ goto retrydnattr;
+ }
+ return NULL;
+ }
+ }
+ return NULL;
+}
+
+
+
+static void
+ldapconnect(void)
+{
+ int rc;
+
+/* On Windows ldap_start_tls_s is available starting from Windows XP,
+ * so we need to bind at run-time with the function entry point
+ */
+#ifdef _SQUID_MSWIN_
+ if (use_tls) {
+
+ HMODULE WLDAP32Handle;
+
+ WLDAP32Handle = GetModuleHandle("wldap32");
+ if ((Win32_ldap_start_tls_s = (PFldap_start_tls_s) GetProcAddress(WLDAP32Handle, LDAP_START_TLS_S)) == NULL) {
+ fprintf(stderr, PROGRAM_NAME ": ERROR: TLS (-Z) not supported on this platform.\n");
+ exit(1);
+ }
+ }
+#endif
+
+ if (ld == NULL) {
+#if HAS_URI_SUPPORT
+ if (strstr(ldapServer, "://") != NULL) {
+ rc = ldap_initialize(&ld, ldapServer);
+ if (rc != LDAP_SUCCESS) {
+ fprintf(stderr, "\nUnable to connect to LDAPURI:%s\n", ldapServer);
+ }
+ } else
+#endif
+#if NETSCAPE_SSL
+ if (sslpath) {
+ if (!sslinit && (ldapssl_client_init(sslpath, NULL) != LDAP_SUCCESS)) {
+ fprintf(stderr, "\nUnable to initialise SSL with cert path %s\n",
+ sslpath);
+ exit(1);
+ } else {
+ sslinit++;
+ }
+ if ((ld = ldapssl_init(ldapServer, port, 1)) == NULL) {
+ fprintf(stderr, "\nUnable to connect to SSL LDAP server: %s port:%d\n",
+ ldapServer, port);
+ exit(1);
+ }
+ } else
+#endif
+ if ((ld = ldap_init(ldapServer, port)) == NULL) {
+ fprintf(stderr, "\nUnable to connect to LDAP server:%s port:%d\n", ldapServer, port);
+ }
+ if (connect_timeout)
+ squid_ldap_set_connect_timeout(connect_timeout);
+
+#ifdef LDAP_VERSION3
+ if (version == -1) {
+ version = LDAP_VERSION2;
+ }
+ if (ldap_set_option(ld, LDAP_OPT_PROTOCOL_VERSION, &version)
+ != LDAP_SUCCESS) {
+ fprintf(stderr, "Could not set LDAP_OPT_PROTOCOL_VERSION %d\n",
+ version);
+ ldap_unbind(ld);
+ ld = NULL;
+ }
+ if (use_tls) {
+#ifdef LDAP_OPT_X_TLS
+ if ((version == LDAP_VERSION3) && (ldap_start_tls_s(ld, NULL, NULL) == LDAP_SUCCESS)) {
+ fprintf(stderr, "Could not Activate TLS connection\n");
+ ldap_unbind(ld);
+ ld = NULL;
+ }
+#else
+ fprintf(stderr, "TLS not supported with your LDAP library\n");
+ ldap_unbind(ld);
+ ld = NULL;
+#endif
+ }
+#endif
+ squid_ldap_set_timelimit(timelimit);
+ squid_ldap_set_referrals(!noreferrals);
+ squid_ldap_set_aliasderef(aliasderef);
+ if (binddn && bindpasswd && *binddn && *bindpasswd) {
+ rc = ldap_simple_bind_s(ld, binddn, bindpasswd);
+ if (rc != LDAP_SUCCESS) {
+ fprintf(stderr, PROGRAM_NAME " WARNING, could not bind to binddn '%s'\n", ldap_err2string(rc));
+ ldap_unbind(ld);
+ ld = NULL;
+ }
+ }
+ if (debug)
+ fprintf(stderr, "Connected OK\n");
+ }
+}
+int
+LDAPArguments(int argc, char **argv)
+{
+ setbuf(stdout, NULL);
+
+ while (argc > 1 && argv[1][0] == '-') {
+ char *value = "";
+ char option = argv[1][1];
+ switch (option) {
+ case 'P':
+ case 'R':
+ case 'z':
+ case 'Z':
+ case 'g':
+ case 'e':
+ case 'S':
+ case 'n':
+ case 'd':
+ break;
+ default:
+ if (strlen(argv[1]) > 2) {
+ value = argv[1] + 2;
+ } else if (argc > 2) {
+ value = argv[2];
+ argv++;
+ argc--;
+ } else
+ value = "";
+ break;
+ }
+ argv++;
+ argc--;
+ switch (option) {
+ case 'H':
+#if !HAS_URI_SUPPORT
+ fprintf(stderr, "ERROR: Your LDAP library does not have URI support\n");
+ return 1;
+#endif
+ /* Fall thru to -h */
+ case 'h':
+ if (ldapServer) {
+ int len = strlen(ldapServer) + 1 + strlen(value) + 1;
+ char *newhost = malloc(len);
+ snprintf(newhost, len, "%s %s", ldapServer, value);
+ free(ldapServer);
+ ldapServer = newhost;
+ } else {
+ ldapServer = strdup(value);
+ }
+ break;
+ case 'A':
+ passattr = value;
+ break;
+ case 'e':
+ encrpass = 1;
+ break;
+ case 'l':
+ delimiter = value;
+ break;
+ case 'b':
+ userbasedn = value;
+ break;
+ case 'F':
+ usersearchfilter = value;
+ break;
+ case 'u':
+ userdnattr = value;
+ break;
+ case 's':
+ if (strcmp(value, "base") == 0)
+ searchscope = LDAP_SCOPE_BASE;
+ else if (strcmp(value, "one") == 0)
+ searchscope = LDAP_SCOPE_ONELEVEL;
+ else if (strcmp(value, "sub") == 0)
+ searchscope = LDAP_SCOPE_SUBTREE;
+ else {
+ fprintf(stderr, PROGRAM_NAME " ERROR: Unknown search scope '%s'\n", value);
+ return 1;
+ }
+ break;
+ case 'S':
+#if defined(NETSCAPE_SSL)
+ sslpath = value;
+ if (port == LDAP_PORT)
+ port = LDAPS_PORT;
+#else
+ fprintf(stderr, PROGRAM_NAME " ERROR: -E unsupported with this LDAP library\n");
+ return 1;
+#endif
+ break;
+ case 'c':
+ connect_timeout = atoi(value);
+ break;
+ case 't':
+ timelimit = atoi(value);
+ break;
+ case 'a':
+ if (strcmp(value, "never") == 0)
+ aliasderef = LDAP_DEREF_NEVER;
+ else if (strcmp(value, "always") == 0)
+ aliasderef = LDAP_DEREF_ALWAYS;
+ else if (strcmp(value, "search") == 0)
+ aliasderef = LDAP_DEREF_SEARCHING;
+ else if (strcmp(value, "find") == 0)
+ aliasderef = LDAP_DEREF_FINDING;
+ else {
+ fprintf(stderr, PROGRAM_NAME " ERROR: Unknown alias dereference method '%s'\n", value);
+ return 1;
+ }
+ break;
+ case 'D':
+ binddn = value;
+ break;
+ case 'w':
+ bindpasswd = value;
+ break;
+ case 'W':
+ readSecret(value);
+ break;
+ case 'P':
+ persistent = !persistent;
+ break;
+ case 'p':
+ port = atoi(value);
+ break;
+ case 'R':
+ noreferrals = !noreferrals;
+ break;
+#ifdef LDAP_VERSION3
+ case 'v':
+ switch (atoi(value)) {
+ case 2:
+ version = LDAP_VERSION2;
+ break;
+ case 3:
+ version = LDAP_VERSION3;
+ break;
+ default:
+ fprintf(stderr, "Protocol version should be 2 or 3\n");
+ return 1;
+ }
+ break;
+ case 'Z':
+ if (version == LDAP_VERSION2) {
+ fprintf(stderr, "TLS (-Z) is incompatible with version %d\n",
+ version);
+ return 1;
+ }
+ version = LDAP_VERSION3;
+ use_tls = 1;
+ break;
+#endif
+ case 'd':
+ debug = 1;
+ break;
+ case 'E':
+ strip_nt_domain = 1;
+ break;
+ case 'n':
+ edir_universal_passwd = 1;
+ break;
+ default:
+ fprintf(stderr, PROGRAM_NAME " ERROR: Unknown command line option '%c'\n", option);
+ return 1;
+ }
+ }
+
+ while (argc > 1) {
+ char *value = argv[1];
+ if (ldapServer) {
+ int len = strlen(ldapServer) + 1 + strlen(value) + 1;
+ char *newhost = malloc(len);
+ snprintf(newhost, len, "%s %s", ldapServer, value);
+ free(ldapServer);
+ ldapServer = newhost;
+ } else {
+ ldapServer = strdup(value);
+ }
+ argc--;
+ argv++;
+ }
+
+ if (!ldapServer)
+ ldapServer = "localhost";
+
+ if (!userbasedn || !((passattr != NULL) || (edir_universal_passwd && usersearchfilter && version == LDAP_VERSION3 && use_tls))) {
+ fprintf(stderr, "Usage: " PROGRAM_NAME " -b basedn -f filter [options] ldap_server_name\n\n");
+ fprintf(stderr, "\t-A password attribute(REQUIRED)\t\tUser attribute that contains the password\n");
+ fprintf(stderr, "\t-l password realm delimiter(REQUIRED)\tCharater(s) that devides the password attribute\n\t\t\t\t\t\tin realm and password tokens, default ':' realm:password\n");
+ fprintf(stderr, "\t-b basedn (REQUIRED)\t\t\tbase dn under where to search for users\n");
+ fprintf(stderr, "\t-e Encrypted passwords(REQUIRED)\tPassword are stored encrypted using HHA1\n");
+ fprintf(stderr, "\t-F filter\t\t\t\tuser search filter pattern. %%s = login\n");
+ fprintf(stderr, "\t-u attribute\t\t\t\tattribute to use in combination with the basedn to create the user DN\n");
+ fprintf(stderr, "\t-s base|one|sub\t\t\t\tsearch scope\n");
+ fprintf(stderr, "\t-D binddn\t\t\t\tDN to bind as to perform searches\n");
+ fprintf(stderr, "\t-w bindpasswd\t\t\t\tpassword for binddn\n");
+ fprintf(stderr, "\t-W secretfile\t\t\t\tread password for binddn from file secretfile\n");
+#if HAS_URI_SUPPORT
+ fprintf(stderr, "\t-H URI\t\t\t\t\tLDAPURI (defaults to ldap://localhost)\n");
+#endif
+ fprintf(stderr, "\t-h server\t\t\t\tLDAP server (defaults to localhost)\n");
+ fprintf(stderr, "\t-p port\t\t\t\t\tLDAP server port (defaults to %d)\n", LDAP_PORT);
+ fprintf(stderr, "\t-P\t\t\t\t\tpersistent LDAP connection\n");
+#if defined(NETSCAPE_SSL)
+ fprintf(stderr, "\t-E sslcertpath\t\t\t\tenable LDAP over SSL\n");
+#endif
+ fprintf(stderr, "\t-c timeout\t\t\t\tconnect timeout\n");
+ fprintf(stderr, "\t-t timelimit\t\t\t\tsearch time limit\n");
+ fprintf(stderr, "\t-R\t\t\t\t\tdo not follow referrals\n");
+ fprintf(stderr, "\t-a never|always|search|find\t\twhen to dereference aliases\n");
+#ifdef LDAP_VERSION3
+ fprintf(stderr, "\t-v 2|3\t\t\t\t\tLDAP version\n");
+ fprintf(stderr, "\t-Z\t\t\t\t\tTLS encrypt the LDAP connection, requires\n\t\t\t\tLDAP version 3\n");
+#endif
+ fprintf(stderr, "\t-S\t\t\t\t\tStrip NT domain from usernames\n");
+ fprintf(stderr, "\t-n\t\t\t\t\tGet an eDirectory Universal Password from Novell NMAS\n\t\t\t\t\t\t(requires bind credentials, version 3, TLS, and a search filter)\n");
+ fprintf(stderr, "\n");
+ fprintf(stderr, "\tIf you need to bind as a user to perform searches then use the\n\t-D binddn -w bindpasswd or -D binddn -W secretfile options\n\n");
+ return -1;
+ }
+ return 0;
+}
+static int
+readSecret(char *filename)
+{
+ char buf[BUFSIZ];
+ char *e = 0;
+ FILE *f;
+
+ if (!(f = fopen(filename, "r"))) {
+ fprintf(stderr, PROGRAM_NAME " ERROR: Can not read secret file %s\n", filename);
+ return 1;
+ }
+ if (!fgets(buf, sizeof(buf) - 1, f)) {
+ fprintf(stderr, PROGRAM_NAME " ERROR: Secret file %s is empty\n", filename);
+ fclose(f);
+ return 1;
+ }
+ /* strip whitespaces on end */
+ if ((e = strrchr(buf, '\n')))
+ *e = 0;
+ if ((e = strrchr(buf, '\r')))
+ *e = 0;
+
+ bindpasswd = (char *) calloc(sizeof(char), strlen(buf) + 1);
+ if (bindpasswd) {
+ strcpy(bindpasswd, buf);
+ } else {
+ fprintf(stderr, PROGRAM_NAME " ERROR: can not allocate memory\n");
+ }
+
+ fclose(f);
+
+ return 0;
+}
+
+void
+LDAPHHA1(RequestData * requestData)
+{
+ char *password = "";
+ ldapconnect();
+ password = getpassword(requestData->user, requestData->realm);
+ if (password != NULL) {
+ if (encrpass)
+ xstrncpy(requestData->HHA1, password, sizeof(requestData->HHA1));
+ else {
+ HASH HA1;
+ DigestCalcHA1("md5", requestData->user, requestData->realm, password, NULL, NULL, HA1, requestData->HHA1);
+ }
+ free(password);
+ } else {
+ requestData->error = -1;
+ }
+
+}
--- /dev/null
+/*
+ * text_backend.h
+ *
+ * AUTHOR: Flavio Pescuma. <flavio@marasystems.com>
+ *
+ */
+#include "digest_common.h"
+extern int LDAPArguments(int argc, char **argv);
+extern void LDAPHHA1(RequestData * requestData);
projects / thirdparty / squid.git / commitdiff
