squid_ldap_group : domain stripping for use against AD : configurable separator

Hello,

please find enclosed a small patch for squid_ldap_group.c
This allows the user to add a parameter to the -S flag, allowing the
user to choose the separator when stripping domain name from users
name instead of only allowing / or \\

for 2.5-Stable12:
--- squid-2.5.STABLE12/helpers/external_acl/ldap_group/
squid_ldap_group.c 2005-09-11 02:53:23.000000000 +0200
+++ squid_ldap_group.c.mod-2.5-rc 2005-12-22 12:56:29.000000000 +0100
@@ -218,6 +218,7 @@
      char buf[8192];
      char *user, *group, *extension_dn = NULL;
      char *ldapServer = NULL;
+ char nt_domain_separator=0;
      LDAP *ld = NULL;
      int tryagain = 0, rc;
      int port = LDAP_PORT;
@@ -236,8 +237,16 @@
        case 'Z':
        case 'd':
        case 'g':
+ break;
        case 'S':
- break;
+ if (argv[2][0] == '-' )
+ break;
+ if (strlen(argv[2]) > 1) {
+ fprintf(stderr,"ERROR: -S takes only single character argument,
you provided %s \n", argv[2]);
+ exit(1);
+ }
+ nt_domain_separator = argv[2][0];
+ break;
        default:
            if (strlen(argv[1]) > 2) {
                value = argv[1] + 2;
@@ -375,6 +384,9 @@
            use_extension_dn = 1;
            break;
        case 'S':
+ if (value[0]) {
+ nt_domain_separator = value[0];
+ };
            strip_nt_domain = 1;
            break;
        default:
@@ -430,7 +442,7 @@
        fprintf(stderr, "\t-Z\t\t\tTLS encrypt the LDAP connection, requires
\n\t\t\t\tLDAP version 3\n");
#endif
        fprintf(stderr, "\t-g\t\t\tfirst query parameter is base DN extension
\n\t\t\t\tfor this query\n");
- fprintf(stderr, "\t-S\t\t\tStrip NT domain from usernames\n");
+ fprintf(stderr, "\t-S char\t\t\tStrip NT domain from usernames
using 'char' as domain separator. 'char' defaults to both / and \\ \n");
        fprintf(stderr, "\n");
        fprintf(stderr, "\tIf you need to bind as a user to perform searches
then use the\n\t-D binddn -w bindpasswd or -D binddn -W secretfile
options\n\n");
        exit(1);
@@ -440,11 +452,16 @@
        int found = 0;
        user = strwordtok(buf, &tptr);
        if (user && strip_nt_domain) {
- char *u = strchr(user, '\\');
- if (!u)
- u = strchr(user, '/');
- if (u && u[1])
- user = u + 1;
+ char *u = NULL;
+ if (nt_domain_separator) {
+ u = strchr(user, nt_domain_separator);
+ } else {
+ u = strchr(user, '\\');
+ if (!u)
+ u = strchr(user, '/');
+ }
+ if (u && u[1])
+ user = u + 1;
        }
        if (use_extension_dn)
                extension_dn = strwordtok(NULL, &tptr);

for 3.0-pre3-20051221

--- squid-3.0-PRE3-20051221/helpers/external_acl/ldap_group/
squid_ldap_group.c 2005-09-11 03:02:33.000000000 +0200
+++ squid_ldap_group.c.mod-3.0 2005-12-22 13:22:52.000000000 +0100
@@ -208,6 +208,7 @@
      char buf[8192];
      char *user, *group, *extension_dn = NULL;
      char *ldapServer = NULL;
+ char nt_domain_separator=0;
      LDAP *ld = NULL;
      int tryagain = 0, rc;
      int port = LDAP_PORT;
@@ -227,8 +228,16 @@
        case 'Z':
        case 'd':
        case 'g':
+ break;
        case 'S':
- break;
+ if (argv[2][0] == '-' )
+ break;
+ if (strlen(argv[2]) > 1) {
+ fprintf(stderr,"ERROR: -S takes only single character argument,
you provided %s \n", argv[2]);
+ exit(1);
+ }
+ nt_domain_separator = argv[2][0];
+ break;
        default:
            if (strlen(argv[1]) > 2) {
                value = argv[1] + 2;
@@ -366,6 +375,9 @@
            use_extension_dn = 1;
            break;
        case 'S':
+ if (value[0]) {
+ nt_domain_separator = value[0];
+ };
            strip_nt_domain = 1;
            break;
        default:
@@ -421,7 +433,7 @@
        fprintf(stderr, "\t-Z\t\t\tTLS encrypt the LDAP connection, requires
\n\t\t\t\tLDAP version 3\n");
#endif
        fprintf(stderr, "\t-g\t\t\tfirst query parameter is base DN extension
\n\t\t\t\tfor this query\n");
- fprintf(stderr, "\t-S\t\t\tStrip NT domain from usernames\n");
+ fprintf(stderr, "\t-S char\t\t\tStrip NT domain from usernames
using 'char' as domain separator. 'char' defaults to both / and \\ \n");
        fprintf(stderr, "\n");
        fprintf(stderr, "\tIf you need to bind as a user to perform searches
then use the\n\t-D binddn -w bindpasswd or -D binddn -W secretfile
options\n\n");
        exit(1);
@@ -462,11 +474,16 @@
        }
        rfc1738_unescape(user);
        if (strip_nt_domain) {
- char *u = strchr(user, '\\');
+ char *u = NULL;
+ if (nt_domain_separator) {
+ u = strchr(user, nt_domain_separator);
+ } else {
+ u = strchr(user, '\\');
            if (!u)
- u = strchr(user, '/');
+ u = strchr(user, '/');
+ }
            if (u && u[1])
- user = u + 1;
+ user = u + 1;
        }
        if (use_extension_dn) {
            extension_dn = strtok(NULL, " \n");

François
Received on Thu Dec 22 2005 - 12:20:19 MST