<p>Removed <em>ntlm_smb_lm_auth</em> NTLM authentication helper.
Use the <em>ntlm_auth</em> helper from the Samba project instead.
+ <p>Updated <em>ext_ldap_group_acl</em> external ACL helper:
+ now requires <tt>-B</tt> (user base DN) and <tt>-F</tt>
+ (user search filter) to locate the user prior to evaluating
+ group membership. Administrators who omitted one or both options
+ must update their configurations to continue using this helper.
+
+ <p>Fixed <em>ext_ldap_group_acl</em> handling of LDAP referrals and
+ placeholders: corrected referrals option processing and aligned the
+ <tt>%v</tt> placeholder to mean the requested group name, matching
+ the helper documentation/help-text.
+
</descrip>
<sect1>Cache Manager changes
squid_ldap_set_referrals(LDAP * ld, int referrals)
{
if (referrals)
- ld->ld_options |= ~LDAP_OPT_REFERRALS;
+ ld->ld_options |= LDAP_OPT_REFERRALS;
else
ld->ld_options &= ~LDAP_OPT_REFERRALS;
}
setbuf(stdout, nullptr);
+ const auto prog = argv[0];
while (argc > 1 && argv[1][0] == '-') {
const char *value = "";
char option = argv[1][1];
if (!ldapServer)
ldapServer = (char *) "localhost";
- if (!basedn || !searchfilter) {
+ if (!basedn || !searchfilter || !userbasedn || !usersearchfilter) {
fprintf(stderr, "\n" PROGRAM_NAME " version " PROGRAM_VERSION "\n\n");
fprintf(stderr, "Usage: " PROGRAM_NAME " -b basedn -f filter [options] ldap_server_name\n\n");
fprintf(stderr, "\t-b basedn (REQUIRED)\tbase dn under where to search for groups\n");
int found = 0;
if (!strchr(buf, '\n')) {
/* too large message received.. skip and deny */
- fprintf(stderr, "%s: ERROR: Input Too large: %s\n", argv[0], buf);
+ fprintf(stderr, "%s: ERROR: Input Too large: %s\n", prog, buf);
while (fgets(buf, sizeof(buf), stdin)) {
- fprintf(stderr, "%s: ERROR: Input Too large..: %s\n", argv[0], buf);
+ fprintf(stderr, "%s: ERROR: Input Too large..: %s\n", prog, buf);
if (strchr(buf, '\n') != nullptr)
break;
}
}
user = strtok(buf, " \n");
if (!user) {
- debug("%s: Invalid request: No Username given\n", argv[0]);
+ debug("%s: Invalid request: No Username given\n", prog);
SEND_BH(HLP_MSG("Invalid request. No Username"));
continue;
}
if (use_extension_dn) {
extension_dn = strtok(nullptr, " \n");
if (!extension_dn) {
- debug("%s: Invalid request: Extension DN configured, but none sent.\n", argv[0]);
+ debug("%s: Invalid request: Extension DN configured, but none sent.\n", prog);
SEND_BH(HLP_MSG("Invalid Request. Extension DN required"));
continue;
}
rc = ldap_initialize(&ld, ldapServer);
if (rc != LDAP_SUCCESS) {
broken = HLP_MSG("Unable to connect to LDAP server");
- fprintf(stderr, "%s: ERROR: Unable to connect to LDAPURI:%s\n", argv[0], ldapServer);
+ fprintf(stderr, "%s: ERROR: Unable to connect to LDAPURI:%s\n", prog, ldapServer);
break;
}
} else
rc = ldap_simple_bind_s(ld, binddn, bindpasswd);
if (rc != LDAP_SUCCESS) {
broken = HLP_MSG("could not bind");
- fprintf(stderr, PROGRAM_NAME ": WARNING: %s to binddn '%s'\n", broken, ldap_err2string(rc));
+ fprintf(stderr, PROGRAM_NAME ": WARNING: %s to binddn '%s'\n", broken, binddn);
ldap_unbind(ld);
ld = nullptr;
break;
++templ;
switch (*templ) {
case 'u':
- case 'v':
++templ;
str << ldap_escape_value(user);
break;
+ case 'v':
case 'g':
case 'a':
++templ;
entry = ldap_first_entry(ld, ldapRes.get());
if (!entry) {
std::cerr << PROGRAM_NAME << ": WARNING: User '" << login <<
- " not found in '" << searchbase.c_str() << "'" << std::endl;
+ "' not found in '" << searchbase.c_str() << "'" << std::endl;
return 1;
}
userdn = ldap_get_dn(ld, entry);
projects / thirdparty / squid.git / commitdiff
