On Wed, 22 Dec 2004, Mike O'Rourke wrote:
Index: ldap.c =================================================================== RCS file: /cvs/src/cyrus/ptclient/ldap.c,v retrieving revision 1.7 diff -u -r1.7 ldap.c --- ldap.c 24 Jun 2004 19:28:39 -0000 1.7 +++ ldap.c 21 Dec 2004 15:38:49 -0000
Thanks, Igor.
Neither of these patches would apply (using "patch -p0 < ptclient_patch" on SuSE 9.1). They were both roundly rejected, so I applied them manually.
The first would go as far as a successful (according to the ldap server) ldap bind (using the ldap_bind_dn) and there was no other activity on the ldap server. Here is the imapd.log for an attempted login:
Dec 21 10:51:35 server12 master[20440]: about to exec /usr/cyrus/bin/imapd Dec 21 10:51:35 server12 imap[20440]: executed Dec 21 10:51:35 server12 imap[20440]: accepted connection Dec 21 10:51:35 server12 imap[20440]: ptload(): pinging ptloader Dec 21 10:51:35 server12 ptloader[20218]: accepted connection Dec 21 10:51:35 server12 imap[20440]: ptload(): bad response from ptloader server: identifier not found Dec 21 10:51:35 server12 imap[20440]: badlogin: server11.mydom.com [192.168.7.11] plaintext [EMAIL PROTECTED] invalid user Dec 21 10:52:36 server12 master[20215]: process 20440 exited, status 0
The second patch would not even compile, complaining about some undeclared variables in the patched area (perhaps I did not apply the patch properly, although I did it three times and checked it each time):
ldap.c: In function `ptsmodule_get_dn': ldap.c:835: error: `filter' undeclared (first use in this function) ldap.c:835: error: (Each undeclared identifier is reported only once ldap.c:835: error: for each function it appears in.) ldap.c:839: error: `base' undeclared (first use in this function) ldap.c:843: error: `attrs' undeclared (first use in this function) ldap.c:843: error: `res' undeclared (first use in this function) ldap.c:855: error: `entry' undeclared (first use in this function)
Should the patch apply against ldap.c in the 2.2.10 distribution, or do I need to grab the CVS? Should I simply invest the time to learn, setup and use ldap_sasl?
My bad. The first patch is not good and the second patch is incomplete. This patch is trivial; I am using a newer version of ldap.c than the one in cvs and I thought that I could just fix the original code without testing. Wrong... To make things worse, I pasted the patch in my email client which probably corrupted the patch.
Ok, the attached patch should apply and compile without errors. Please report what you find.
-- Igor
Index: ldap.c
===================================================================
RCS file: /cvs/src/cyrus/ptclient/ldap.c,v
retrieving revision 1.7
diff -u -r1.7 ldap.c
--- ldap.c 24 Jun 2004 19:28:39 -0000 1.7
+++ ldap.c 22 Dec 2004 16:35:02 -0000
@@ -783,14 +783,13 @@
LDAPControl c;
LDAPControl *ctrl[2];
char *authzid;
-#else
+#endif
char *base = NULL, *filter = NULL;
char *attrs[] = {NULL};
LDAPMessage *res;
LDAPMessage *entry;
char *attr, **vals;
BerElement *ber;
-#endif
*ret = NULL;
@@ -799,64 +798,66 @@
#if LDAP_VENDOR_VERSION >= 20125
- authzid = xmalloc(size + sizeof("u:"));
- if (authzid == NULL)
- return PTSM_NOMEM;
-
- strcpy(authzid, "u:");
- strcpy(authzid+2, canon_id);
- c.ldctl_oid = LDAP_CONTROL_PROXY_AUTHZ;
- c.ldctl_value.bv_val = authzid;
- c.ldctl_value.bv_len = size + 2;
- c.ldctl_iscritical = 1;
-
- ctrl[0] = &c;
- ctrl[1] = NULL;
- rc = ldap_whoami_s(ptsm->ld, &dn, ctrl, NULL);
- free(authzid);
- if ( rc != LDAP_SUCCESS || !dn ) {
- if (rc == LDAP_SERVER_DOWN) {
- ldap_unbind(ptsm->ld);
- ptsm->ld = NULL;
- return PTSM_RETRY;
+ if (ptsm->sasl) {
+ authzid = xmalloc(size + sizeof("u:"));
+ if (authzid == NULL)
+ return PTSM_NOMEM;
+
+ strcpy(authzid, "u:");
+ strcpy(authzid+2, canon_id);
+ c.ldctl_oid = LDAP_CONTROL_PROXY_AUTHZ;
+ c.ldctl_value.bv_val = authzid;
+ c.ldctl_value.bv_len = size + 2;
+ c.ldctl_iscritical = 1;
+
+ ctrl[0] = &c;
+ ctrl[1] = NULL;
+ rc = ldap_whoami_s(ptsm->ld, &dn, ctrl, NULL);
+ free(authzid);
+ if ( rc != LDAP_SUCCESS || !dn ) {
+ if (rc == LDAP_SERVER_DOWN) {
+ ldap_unbind(ptsm->ld);
+ ptsm->ld = NULL;
+ return PTSM_RETRY;
+ }
+ return PTSM_FAIL;
}
- return PTSM_FAIL;
- }
- if ( dn->bv_val &&
- !strncmp(dn->bv_val, "dn:", 3) )
- *ret = strdup(dn->bv_val+3);
- ber_bvfree(dn);
-
-#else
-
- rc = ptsmodule_expand_tokens(ptsm->filter, canon_id, NULL, &filter);
- if (rc != PTSM_OK)
- return rc;
-
- rc = ptsmodule_expand_tokens(ptsm->base, canon_id, NULL, &base);
- if (rc != PTSM_OK)
- return rc;
-
- rc = ldap_search_st(ptsm->ld, base, ptsm->scope, filter, attrs, 0,
&(ptsm->timeout), &res);
- free(filter);
- free(base);
- if (rc != LDAP_SUCCESS) {
- if (rc == LDAP_SERVER_DOWN) {
- ldap_unbind(ptsm->ld);
- ptsm->ld = NULL;
- return PTSM_RETRY;
- }
- return PTSM_FAIL;
- }
+ if ( dn->bv_val &&
+ !strncmp(dn->bv_val, "dn:", 3) )
+ *ret = strdup(dn->bv_val+3);
+ ber_bvfree(dn);
+ } else
+
+#endif
- if ( (entry = ldap_first_entry(ptsm->ld, res)) != NULL )
- *ret = ldap_get_dn(ptsm->ld, entry);
+ {
+ rc = ptsmodule_expand_tokens(ptsm->filter, canon_id, NULL, &filter);
+ if (rc != PTSM_OK)
+ return rc;
+
+ rc = ptsmodule_expand_tokens(ptsm->base, canon_id, NULL, &base);
+ if (rc != PTSM_OK)
+ return rc;
+
+ rc = ldap_search_st(ptsm->ld, base, ptsm->scope, filter, attrs, 0,
&(ptsm->timeout), &res);
+ free(filter);
+ free(base);
+ if (rc != LDAP_SUCCESS) {
+ if (rc == LDAP_SERVER_DOWN) {
+ ldap_unbind(ptsm->ld);
+ ptsm->ld = NULL;
+ return PTSM_RETRY;
+ }
+ return PTSM_FAIL;
+ }
- ldap_msgfree(res);
- res = NULL;
+ if ( (entry = ldap_first_entry(ptsm->ld, res)) != NULL )
+ *ret = ldap_get_dn(ptsm->ld, entry);
-#endif
+ ldap_msgfree(res);
+ res = NULL;
+ }
return (*ret ? PTSM_OK : PTSM_FAIL);
}
