Hello,
please find enclosed a small patch for squid_ldap_group.c
This allows the user to add a parameter to the -S flag, allowing the
user to choose the separator when stripping domain name from users
name instead of only allowing / or \\
for 2.5-Stable12:
--- squid-2.5.STABLE12/helpers/external_acl/ldap_group/
squid_ldap_group.c 2005-09-11 02:53:23.000000000 +0200
+++ squid_ldap_group.c.mod-2.5-rc 2005-12-22 12:56:29.000000000 +0100
@@ -218,6 +218,7 @@
char buf[8192];
char *user, *group, *extension_dn = NULL;
char *ldapServer = NULL;
+ char nt_domain_separator=0;
LDAP *ld = NULL;
int tryagain = 0, rc;
int port = LDAP_PORT;
@@ -236,8 +237,16 @@
case 'Z':
case 'd':
case 'g':
+ break;
case 'S':
- break;
+ if (argv[2][0] == '-' )
+ break;
+ if (strlen(argv[2]) > 1) {
+ fprintf(stderr,"ERROR: -S takes only single character argument,
you provided %s \n", argv[2]);
+ exit(1);
+ }
+ nt_domain_separator = argv[2][0];
+ break;
default:
if (strlen(argv[1]) > 2) {
value = argv[1] + 2;
@@ -375,6 +384,9 @@
use_extension_dn = 1;
break;
case 'S':
+ if (value[0]) {
+ nt_domain_separator = value[0];
+ };
strip_nt_domain = 1;
break;
default:
@@ -430,7 +442,7 @@
fprintf(stderr, "\t-Z\t\t\tTLS encrypt the LDAP connection, requires
\n\t\t\t\tLDAP version 3\n");
#endif
fprintf(stderr, "\t-g\t\t\tfirst query parameter is base DN extension
\n\t\t\t\tfor this query\n");
- fprintf(stderr, "\t-S\t\t\tStrip NT domain from usernames\n");
+ fprintf(stderr, "\t-S char\t\t\tStrip NT domain from usernames
using 'char' as domain separator. 'char' defaults to both / and \\ \n");
fprintf(stderr, "\n");
fprintf(stderr, "\tIf you need to bind as a user to perform searches
then use the\n\t-D binddn -w bindpasswd or -D binddn -W secretfile
options\n\n");
exit(1);
@@ -440,11 +452,16 @@
int found = 0;
user = strwordtok(buf, &tptr);
if (user && strip_nt_domain) {
- char *u = strchr(user, '\\');
- if (!u)
- u = strchr(user, '/');
- if (u && u[1])
- user = u + 1;
+ char *u = NULL;
+ if (nt_domain_separator) {
+ u = strchr(user, nt_domain_separator);
+ } else {
+ u = strchr(user, '\\');
+ if (!u)
+ u = strchr(user, '/');
+ }
+ if (u && u[1])
+ user = u + 1;
}
if (use_extension_dn)
extension_dn = strwordtok(NULL, &tptr);
for 3.0-pre3-20051221
--- squid-3.0-PRE3-20051221/helpers/external_acl/ldap_group/
squid_ldap_group.c 2005-09-11 03:02:33.000000000 +0200
+++ squid_ldap_group.c.mod-3.0 2005-12-22 13:22:52.000000000 +0100
@@ -208,6 +208,7 @@
char buf[8192];
char *user, *group, *extension_dn = NULL;
char *ldapServer = NULL;
+ char nt_domain_separator=0;
LDAP *ld = NULL;
int tryagain = 0, rc;
int port = LDAP_PORT;
@@ -227,8 +228,16 @@
case 'Z':
case 'd':
case 'g':
+ break;
case 'S':
- break;
+ if (argv[2][0] == '-' )
+ break;
+ if (strlen(argv[2]) > 1) {
+ fprintf(stderr,"ERROR: -S takes only single character argument,
you provided %s \n", argv[2]);
+ exit(1);
+ }
+ nt_domain_separator = argv[2][0];
+ break;
default:
if (strlen(argv[1]) > 2) {
value = argv[1] + 2;
@@ -366,6 +375,9 @@
use_extension_dn = 1;
break;
case 'S':
+ if (value[0]) {
+ nt_domain_separator = value[0];
+ };
strip_nt_domain = 1;
break;
default:
@@ -421,7 +433,7 @@
fprintf(stderr, "\t-Z\t\t\tTLS encrypt the LDAP connection, requires
\n\t\t\t\tLDAP version 3\n");
#endif
fprintf(stderr, "\t-g\t\t\tfirst query parameter is base DN extension
\n\t\t\t\tfor this query\n");
- fprintf(stderr, "\t-S\t\t\tStrip NT domain from usernames\n");
+ fprintf(stderr, "\t-S char\t\t\tStrip NT domain from usernames
using 'char' as domain separator. 'char' defaults to both / and \\ \n");
fprintf(stderr, "\n");
fprintf(stderr, "\tIf you need to bind as a user to perform searches
then use the\n\t-D binddn -w bindpasswd or -D binddn -W secretfile
options\n\n");
exit(1);
@@ -462,11 +474,16 @@
}
rfc1738_unescape(user);
if (strip_nt_domain) {
- char *u = strchr(user, '\\');
+ char *u = NULL;
+ if (nt_domain_separator) {
+ u = strchr(user, nt_domain_separator);
+ } else {
+ u = strchr(user, '\\');
if (!u)
- u = strchr(user, '/');
+ u = strchr(user, '/');
+ }
if (u && u[1])
- user = u + 1;
+ user = u + 1;
}
if (use_extension_dn) {
extension_dn = strtok(NULL, " \n");
François
Received on Thu Dec 22 2005 - 12:20:19 MST
This archive was generated by hypermail pre-2.1.9 : Sat Dec 31 2005 - 12:00:03 MST