28 #include <freeradius-devel/radiusd.h>
29 #include <freeradius-devel/rad_assert.h>
31 #include <sasl/sasl.h>
57 REQUEST *request = this->request;
59 sasl_interact_t *cb = sasl_callbacks;
60 sasl_interact_t *cb_p;
62 for (cb_p = cb; cb_p->id != SASL_CB_LIST_END; cb_p++) {
67 case SASL_CB_AUTHNAME:
72 cb_p->result = this->password;
76 cb_p->result = this->extra->proxy ? this->extra->proxy : this->
identity;
79 case SASL_CB_GETREALM:
80 if (this->extra->realm) cb_p->result = this->extra->realm;
108 LDAPControl **serverctrls, LDAPControl **clientctrls,
109 char const **error,
char **extra)
115 LDAPMessage *result = NULL;
122 sizeof(our_serverctrls) /
sizeof(*our_serverctrls),
123 sizeof(our_clientctrls) /
sizeof(*our_clientctrls),
124 conn, serverctrls, clientctrls);
127 if (error) *error = NULL;
128 if (extra) *extra = NULL;
134 sasl_ctx.
extra = sasl;
138 ret = ldap_sasl_interactive_bind(conn->
handle, NULL, sasl->
mech,
139 our_serverctrls, our_clientctrls,
152 if (ret != LDAP_SASL_BIND_IN_PROGRESS) {
153 status =
rlm_ldap_result(inst, conn, -1, identity, NULL, error, extra);
157 ldap_msgfree(result);
163 status =
rlm_ldap_result(inst, conn, msgid, identity, &result, error, extra);
182 struct berval *srv_cred;
184 if (ldap_parse_sasl_bind_result(conn->
handle, result, &srv_cred, 0) == 0) {
187 escaped =
fr_asprint(request, srv_cred->bv_val, srv_cred->bv_len,
'\0');
190 talloc_free(escaped);
191 ldap_memfree(srv_cred);
196 ldap_msgfree(result);
Tracks the state of a libldap connection handle.
static int _sasl_interact(UNUSED LDAP *handle, UNUSED unsigned flags, void *ctx, void *sasl_callbacks)
Callback for ldap_sasl_interactive_bind.
Operation was successfull.
#define RDEBUG_ENABLED3
True if request debug level 1-3 messages are enabled.
#define DEBUG_ENABLED3
True if global debug level 1-3 messages are enabled.
void rlm_ldap_control_merge(LDAPControl *serverctrls_out[], LDAPControl *clientctrls_out[], size_t serverctrls_len, size_t clientctrls_len, ldap_handle_t *conn, LDAPControl *serverctrls_in[], LDAPControl *clientctrls_in[])
Merge connection and call specific client and server controls.
ldap_rcode_t rlm_ldap_sasl_interactive(rlm_ldap_t const *inst, REQUEST *request, ldap_handle_t *conn, char const *identity, char const *password, ldap_sasl *sasl, LDAPControl **serverctrls, LDAPControl **clientctrls, char const **error, char **extra)
Initiate an LDAP interactive bind.
REQUEST * request
The current request.
rlm_ldap_t const * inst
LDAP instance.
ldap_rcode_t
Codes returned by rlm_ldap internal functions.
#define MOD_ROPTIONAL(_l_request, _l_global, fmt,...)
Use different logging functions depending on whether request is NULL or not.
Operation is in progress.
ldap_rcode_t rlm_ldap_result(rlm_ldap_t const *inst, ldap_handle_t const *conn, int msgid, char const *dn, LDAPMessage **result, char const **error, char **extra)
Parse response from LDAP server dealing with any errors.
struct rlm_ldap_sasl_ctx rlm_ldap_sasl_ctx_t
Data passed to the _sasl interact callback.
char * fr_asprint(TALLOC_CTX *ctx, char const *in, ssize_t inlen, char quote)
Escape string that may contain binary data, and write it to a new buffer.
ldap_sasl * extra
Extra fields (realm and proxy id).
char const * mech
SASL mech(s) to try.
Data passed to the _sasl interact callback.
char const * password
Bind password.
#define LDAP_MAX_CONTROLS
Maximum number of client/server controls.
char const * identity
User's DN or identity.
LDAP authorization and authentication module headers.
LDAP * handle
libldap handle.