[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[GNUnet-SVN] [gnurl] 164/254: LDAP: using ldap_bind_s on Windows with me
From: |
gnunet |
Subject: |
[GNUnet-SVN] [gnurl] 164/254: LDAP: using ldap_bind_s on Windows with methods (#878) |
Date: |
Sat, 17 Jun 2017 16:53:16 +0200 |
This is an automated email from the git hooks/post-receive script.
ng0 pushed a commit to annotated tag gnurl-7.54.1
in repository gnurl.
commit f0fe66f13c93d3d0af45d9fb1231c9164e0f9dc8
Author: Sergei Nikulov <address@hidden>
AuthorDate: Tue May 23 22:45:39 2017 +0300
LDAP: using ldap_bind_s on Windows with methods (#878)
* LDAP: using ldap_bind_s on Windows with methods(BASIC/DIGEST/NTLM/AUTONEG)
* ldap: updated per build options handling
* ldap: fixed logic for auth selection
---
lib/ldap.c | 101 +++++++++++++++++++++++++++++++++++++++++++++++++++----------
1 file changed, 85 insertions(+), 16 deletions(-)
diff --git a/lib/ldap.c b/lib/ldap.c
index 979ce7de4..6751182ad 100644
--- a/lib/ldap.c
+++ b/lib/ldap.c
@@ -181,6 +181,81 @@ const struct Curl_handler Curl_handler_ldaps = {
};
#endif
+#if defined(USE_WIN32_LDAP)
+
+#if defined(USE_WINDOWS_SSPI)
+static int ldap_win_bind_auth(LDAP *server, const char *user,
+ const char *passwd, unsigned long authflags)
+{
+ ULONG method = 0;
+ SEC_WINNT_AUTH_IDENTITY cred = { 0, };
+ int rc = LDAP_AUTH_METHOD_NOT_SUPPORTED;
+
+#if defined(USE_SPNEGO)
+ if(authflags & CURLAUTH_NEGOTIATE) {
+ method = LDAP_AUTH_NEGOTIATE;
+ }
+ else
+#endif
+#if defined(USE_NTLM)
+ if(authflags & CURLAUTH_NTLM) {
+ method = LDAP_AUTH_NTLM;
+ }
+ else
+#endif
+#if !defined(CURL_DISABLE_CRYPTO_AUTH)
+ if(authflags & CURLAUTH_DIGEST) {
+ method = LDAP_AUTH_DIGEST;
+ }
+ else
+#endif
+ {
+ /* required anyway if one of upper preprocessor definitions enabled */
+ }
+
+ if(method && user && passwd) {
+ rc = Curl_create_sspi_identity(user, passwd, &cred);
+ if(!rc) {
+ rc = ldap_bind_s(server, NULL, (TCHAR *)&cred, method);
+ Curl_sspi_free_identity(&cred);
+ }
+ }
+ else {
+ /* proceed with current user credentials */
+ method = LDAP_AUTH_NEGOTIATE;
+ rc = ldap_bind_s(server, NULL, NULL, method);
+ }
+ return rc;
+}
+#endif /* #if defined(USE_WINDOWS_SSPI) */
+
+static int ldap_win_bind(struct connectdata *conn, LDAP *server,
+ const char *user, const char *passwd)
+{
+ int rc = LDAP_INVALID_CREDENTIALS;
+ ULONG method = LDAP_AUTH_SIMPLE;
+
+ PTCHAR inuser = NULL;
+ PTCHAR inpass = NULL;
+
+ if(user && passwd && (conn->data->set.httpauth & CURLAUTH_BASIC)) {
+ inuser = Curl_convert_UTF8_to_tchar((char*)user);
+ inpass = Curl_convert_UTF8_to_tchar((char*)passwd);
+
+ rc = ldap_bind_s(server, inuser, inpass, method);
+
+ Curl_unicodefree(inuser);
+ Curl_unicodefree(inpass);
+ }
+#if defined(USE_WINDOWS_SSPI)
+ else {
+ rc = ldap_win_bind_auth(server, user, passwd, conn->data->set.httpauth);
+ }
+#endif
+
+ return rc;
+}
+#endif /* #if defined(USE_WIN32_LDAP) */
static CURLcode Curl_ldap(struct connectdata *conn, bool *done)
{
@@ -202,13 +277,11 @@ static CURLcode Curl_ldap(struct connectdata *conn, bool
*done)
#endif
#if defined(USE_WIN32_LDAP)
TCHAR *host = NULL;
- TCHAR *user = NULL;
- TCHAR *passwd = NULL;
#else
char *host = NULL;
+#endif
char *user = NULL;
char *passwd = NULL;
-#endif
*done = TRUE; /* unconditionally */
infof(data, "LDAP local: LDAP Vendor = %s ; LDAP Version = %d\n",
@@ -239,24 +312,14 @@ static CURLcode Curl_ldap(struct connectdata *conn, bool
*done)
goto quit;
}
-
- if(conn->bits.user_passwd) {
- user = Curl_convert_UTF8_to_tchar(conn->user);
- passwd = Curl_convert_UTF8_to_tchar(conn->passwd);
- if(!user || !passwd) {
- result = CURLE_OUT_OF_MEMORY;
-
- goto quit;
- }
- }
#else
host = conn->host.name;
+#endif
if(conn->bits.user_passwd) {
user = conn->user;
passwd = conn->passwd;
}
-#endif
#ifdef LDAP_OPT_NETWORK_TIMEOUT
ldap_set_option(NULL, LDAP_OPT_NETWORK_TIMEOUT, &ldap_timeout);
@@ -402,11 +465,19 @@ static CURLcode Curl_ldap(struct connectdata *conn, bool
*done)
ldap_set_option(server, LDAP_OPT_PROTOCOL_VERSION, &ldap_proto);
#endif
+#ifdef USE_WIN32_LDAP
+ rc = ldap_win_bind(conn, server, user, passwd);
+#else
rc = ldap_simple_bind_s(server, user, passwd);
+#endif
if(!ldap_ssl && rc != 0) {
ldap_proto = LDAP_VERSION2;
ldap_set_option(server, LDAP_OPT_PROTOCOL_VERSION, &ldap_proto);
+#ifdef USE_WIN32_LDAP
+ rc = ldap_win_bind(conn, server, user, passwd);
+#else
rc = ldap_simple_bind_s(server, user, passwd);
+#endif
}
if(rc != 0) {
failf(data, "LDAP local: ldap_simple_bind_s %s", ldap_err2string(rc));
@@ -669,8 +740,6 @@ quit:
#endif /* HAVE_LDAP_SSL && CURL_HAS_NOVELL_LDAPSDK */
#if defined(USE_WIN32_LDAP)
- Curl_unicodefree(passwd);
- Curl_unicodefree(user);
Curl_unicodefree(host);
#endif
--
To stop receiving notification emails like this one, please contact
address@hidden
- [GNUnet-SVN] [gnurl] 160/254: assert: avoid, use DEBUGASSERT instead!, (continued)
- [GNUnet-SVN] [gnurl] 160/254: assert: avoid, use DEBUGASSERT instead!, gnunet, 2017/06/17
- [GNUnet-SVN] [gnurl] 209/254: MD(4|5): silence cast-align clang warning, gnunet, 2017/06/17
- [GNUnet-SVN] [gnurl] 187/254: curl-compilers.m4: enable -Wshift-sign-overflow for clang, gnunet, 2017/06/17
- [GNUnet-SVN] [gnurl] 247/254: BINDINGS: update SP-Forth and OCaml urls, gnunet, 2017/06/17
- [GNUnet-SVN] [gnurl] 219/254: travis: add coverage, distcheck and cmake builds, gnunet, 2017/06/17
- [GNUnet-SVN] [gnurl] 223/254: RELEASE-NOTES: synced with 65ba92650, gnunet, 2017/06/17
- [GNUnet-SVN] [gnurl] 186/254: CURLOPT_PROXY.3: fix test 1140 breakage, gnunet, 2017/06/17
- [GNUnet-SVN] [gnurl] 162/254: url: fix declaration of 'pipe' shadows a global declaration, gnunet, 2017/06/17
- [GNUnet-SVN] [gnurl] 214/254: updatemanpages.pl: error out on too old git version, gnunet, 2017/06/17
- [GNUnet-SVN] [gnurl] 148/254: mkhelp.pl: do not add current time into curl binary, gnunet, 2017/06/17
- [GNUnet-SVN] [gnurl] 164/254: LDAP: using ldap_bind_s on Windows with methods (#878),
gnunet <=
- [GNUnet-SVN] [gnurl] 234/254: metalink: remove unused printf() argument, gnunet, 2017/06/17
- [GNUnet-SVN] [gnurl] 153/254: tests: stabilize test 1034, gnunet, 2017/06/17
- [GNUnet-SVN] [gnurl] 238/254: asyn-ares: s/Curl_expire_latest/Curl_expire, gnunet, 2017/06/17
- [GNUnet-SVN] [gnurl] 235/254: file: make speedcheck use current time for checks, gnunet, 2017/06/17
- [GNUnet-SVN] [gnurl] 156/254: cmake: add CURL_CA_BUNDLE/CURL_CA_FALLBACK/CURL_CA_PATH options, gnunet, 2017/06/17
- [GNUnet-SVN] [gnurl] 183/254: docs: clarify NO_PROXY further, gnunet, 2017/06/17
- [GNUnet-SVN] [gnurl] 237/254: expire: remove Curl_expire_latest(), gnunet, 2017/06/17
- [GNUnet-SVN] [gnurl] 200/254: typecheck-gcc.h: separate getinfo slist checks from other pointers, gnunet, 2017/06/17
- [GNUnet-SVN] [gnurl] 218/254: libtest: fix int-in-bool-context warnings, gnunet, 2017/06/17
- [GNUnet-SVN] [gnurl] 244/254: RELEASE-PROCEDURE: updated future release dates, gnunet, 2017/06/17