From: hno <>
Date: Sat, 7 Sep 2002 16:09:10 +0000 (+0000)
Subject: Version 2.4. Fixes among other things support for multiple groups
X-Git-Tag: SQUID_3_0_PRE1~781
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=2d184c3e2b8235bb95c312d644b3d51e7c0801f4;p=thirdparty%2Fsquid.git

Version 2.4. Fixes among other things support for multiple groups
---

diff --git a/helpers/external_acl/ldap_group/squid_ldap_group.c b/helpers/external_acl/ldap_group/squid_ldap_group.c
index 3dcb428f5a..fc350aeeab 100644
--- a/helpers/external_acl/ldap_group/squid_ldap_group.c
+++ b/helpers/external_acl/ldap_group/squid_ldap_group.c
@@ -20,6 +20,13 @@
  * or (at your option) any later version.
  *
  * Changes:
+ * Version 2.4
+ * 2002-09-06: Henrik Nordstrom <hno@marasystems.com>
+ * 		Many bugfixes in connection management
+ * 		-g option added, and added support
+ * 		for multiple groups. Prior versions
+ * 		only supported one group and an optional
+ * 		group base RDN
  * Version 2.3
  * 2002-09-04: Henrik Nordstrom <hno@marasystems.com>
  *              Minor cleanups
@@ -203,11 +210,12 @@ int
 main(int argc, char **argv)
 {
     char buf[256];
-    char *user, *group, *grouprdn;
+    char *user, *group, *grouprdn = NULL;
     char *ldapServer = NULL;
     LDAP *ld = NULL;
     int tryagain, rc;
     int port = LDAP_PORT;
+    int use_grouprdn = 0;
 
     setbuf(stdout, NULL);
 
@@ -219,6 +227,7 @@ main(int argc, char **argv)
 	case 'R':
 	case 'z':
 	case 'Z':
+	case 'g':
 	    break;
 	default:
 	    if (strlen(argv[1]) > 2) {
@@ -318,6 +327,9 @@ main(int argc, char **argv)
 	case 'd':
 	    debug = 1;
 	    break;
+	case 'g':
+	    use_grouprdn = 1;
+	    break;
 	default:
 	    fprintf(stderr, "squid_ldap_match: ERROR: Unknown command line option '%c'\n", option);
 	    exit(1);
@@ -356,72 +368,79 @@ main(int argc, char **argv)
 	fprintf(stderr, "\t-a never|always|search|find\n\t\t\t\twhen to dereference aliases\n");
 	fprintf(stderr, "\t-v 1|2\t\t\tLDAP version\n");
 	fprintf(stderr, "\t-Z\t\t\tTLS encrypt the LDAP connection, requires LDAP version 3\n");
+	fprintf(stderr, "\t-g\t\t\tfirst query parameter is additional groups base RDN for this query\n");
 	fprintf(stderr, "\n");
 	fprintf(stderr, "\tIf you need to bind as a user to perform searches then use the\n\t-D binddn -w bindpasswd options\n\n");
 	exit(1);
     }
     while (fgets(buf, 256, stdin) != NULL) {
 	char *t;
+	int found = 0;
 	user = strwordtok(buf, &t);
-	group = strwordtok(NULL, &t);
-	grouprdn = strwordtok(NULL, &t);
+	if (use_grouprdn)
+		grouprdn = strwordtok(NULL, &t);
 
-	if (!user || !group) {
-	    printf("ERR\n");
-	    continue;
-	}
 	tryagain = 1;
-      recover:
-	if (ld == NULL) {
-	    if ((ld = ldap_init(ldapServer, port)) == NULL) {
-		fprintf(stderr, "\nUnable to connect to LDAP server:%s port:%d\n",
-		    ldapServer, port);
-		printf("ERR\n");
-		continue;
-	    }
-	    if (version == -1) {
-		version = LDAP_VERSION2;
+	while (!found && user && (group = strwordtok(NULL, &t)) != NULL) {
+
+	  recover:
+	    if (ld == NULL) {
+		if ((ld = ldap_init(ldapServer, port)) == NULL) {
+		    fprintf(stderr, "\nUnable to connect to LDAP server:%s port:%d\n",
+			ldapServer, port);
+		    break;
+		}
+		if (version == -1) {
+		    version = LDAP_VERSION2;
+		}
+		if (ldap_set_option(ld, LDAP_OPT_PROTOCOL_VERSION, &version)
+		    != LDAP_OPT_SUCCESS) {
+		    fprintf(stderr, "Could not set LDAP_OPT_PROTOCOL_VERSION %d\n",
+			version);
+		    ldap_unbind(ld);
+		    ld = NULL;
+		    break;
+		}
+		if (use_tls && (version == LDAP_VERSION3) && (ldap_start_tls_s(ld, NULL, NULL) == LDAP_SUCCESS)) {
+		    fprintf(stderr, "Could not Activate TLS connection\n");
+		    ldap_unbind(ld);
+		    ld = NULL;
+		    break;
+		}
+		squid_ldap_set_referrals(ld, !noreferrals);
+		squid_ldap_set_aliasderef(ld, aliasderef);
 	    }
-	    if (ldap_set_option(ld, LDAP_OPT_PROTOCOL_VERSION, &version)
-		!= LDAP_OPT_SUCCESS) {
-		fprintf(stderr, "Could not set LDAP_OPT_PROTOCOL_VERSION %d\n",
-		    version);
+	    rc = ldap_simple_bind_s(ld, binddn, bindpasswd);
+	    if (rc != LDAP_SUCCESS) {
+		fprintf(stderr, "squid_ldap_match: WARNING, could not bind to binddn '%s'\n", ldap_err2string(rc));
 		ldap_unbind(ld);
-		printf("ERR\n");
-		continue;
+		ld = NULL;
+		break;
 	    }
-	    if (use_tls && (version == LDAP_VERSION3) && (ldap_start_tls_s(ld, NULL, NULL) == LDAP_SUCCESS)) {
-		fprintf(stderr, "Could not Activate TLS connection\n");
-		ldap_unbind(ld);
-		printf("ERR\n");
-		continue;
+	    if (debug)
+		printf("Binding OK\n");
+	    if (searchLDAP(ld, group, user, grouprdn) == 0) {
+		found = 1;
+		break;
+	    } else {
+		if (tryagain) {
+		    tryagain = 0;
+		    ldap_unbind(ld);
+		    ld = NULL;
+		    goto recover;
+		}
 	    }
-	    squid_ldap_set_referrals(ld, !noreferrals);
-	    squid_ldap_set_aliasderef(ld, aliasderef);
 	}
-	rc = ldap_simple_bind_s(ld, binddn, bindpasswd);
-	if (rc != LDAP_SUCCESS) {
-	    fprintf(stderr, "squid_ldap_match: WARNING, could not bind to binddn '%s'\n", ldap_err2string(rc));
-	    ldap_unbind(ld);
+	if (found)
+	    printf("OK\n");
+	else
 	    printf("ERR\n");
-	    continue;
-	}
-	if (debug)
-	    printf("Binding OK\n");
-	if (searchLDAP(ld, group, user, grouprdn) != 0) {
-	    if (tryagain) {
-		tryagain = 0;
+
+	if (ld != NULL) {
+	    if (!persistent || (squid_ldap_errno(ld) != LDAP_SUCCESS && squid_ldap_errno(ld) != LDAP_INVALID_CREDENTIALS)) {
 		ldap_unbind(ld);
 		ld = NULL;
-		goto recover;
 	    }
-	    printf("ERR\n");
-	} else {
-	    printf("OK\n");
-	}
-	if (!persistent || (squid_ldap_errno(ld) != LDAP_SUCCESS && squid_ldap_errno(ld) != LDAP_INVALID_CREDENTIALS)) {
-	    ldap_unbind(ld);
-	    ld = NULL;
 	}
     }
     if (ld)