diff --git a/src/ldappasswddlg.cpp b/src/ldappasswddlg.cpp index 8246d18..445956a 100644 --- a/src/ldappasswddlg.cpp +++ b/src/ldappasswddlg.cpp @@ -33,7 +33,7 @@ #include "ldappasswddlg.h" LDAPPasswordDialog::LDAPPasswordDialog(TQWidget* parent, const char* name) - : KDialogBase(parent, name, true, i18n("LDAP Authentication"), Ok|Cancel, Ok, true) + : KDialogBase(parent, name, true, i18n("LDAP Authentication"), Ok|Cancel|User1, Ok, true, i18n("Authenticate with SASL/GSSAPI")) { m_base = new LDAPLogin(this); @@ -41,6 +41,12 @@ LDAPPasswordDialog::LDAPPasswordDialog(TQWidget* parent, const char* name) } void LDAPPasswordDialog::slotOk() { + use_gssapi = false; + accept(); +} + +void LDAPPasswordDialog::slotUser1() { + use_gssapi = true; accept(); } diff --git a/src/ldappasswddlg.h b/src/ldappasswddlg.h index 2a653d6..c9ece35 100644 --- a/src/ldappasswddlg.h +++ b/src/ldappasswddlg.h @@ -35,9 +35,11 @@ public: public slots: void slotOk(); + void slotUser1(); public: LDAPLogin *m_base; + bool use_gssapi; }; #endif diff --git a/src/libtdeldap.cpp b/src/libtdeldap.cpp index 47f5057..1f1bf7a 100644 --- a/src/libtdeldap.cpp +++ b/src/libtdeldap.cpp @@ -50,7 +50,6 @@ #define LDAP_FILE "/etc/ldap/ldap.conf" int requested_ldap_version = LDAP_VERSION3; -int requested_ldap_auth_method = LDAP_AUTH_SIMPLE; // Is this safe and secure over an untrusted connection? char* ldap_user_and_operational_attributes[2] = {"*", "+"}; enum ErrorCauseLocation { @@ -114,6 +113,12 @@ TQString ldapLikelyErrorCause(int errcode, int location) { return ret; } +int sasl_bind_interact_callback(LDAP* ld, unsigned flags, void* defaults, void* sasl_interact) { + // FIXME + // This currently does nothing and hopes for the best! + return LDAP_SUCCESS; +} + int LDAPManager::bind(TQString* errstr) { printf("[RAJA DEBUG 600.0] In LDAPManager::bind(%p)\n\r", errstr); fflush(stdout); if (m_ldap) { @@ -121,6 +126,7 @@ printf("[RAJA DEBUG 600.0] In LDAPManager::bind(%p)\n\r", errstr); fflush(stdout } bool using_ldapi = false; + bool using_gssapi = false; if (m_host.startsWith("ldapi://")) { using_ldapi = true; } @@ -129,7 +135,7 @@ printf("[RAJA DEBUG 600.0] In LDAPManager::bind(%p)\n\r", errstr); fflush(stdout havepass = true; } else { -printf("[RAJA DEBUG 660.1] using_ldapi: %d\n\r", using_ldapi); fflush(stdout); +printf("[RAJA DEBUG 660.1]\n\r"); fflush(stdout); LDAPPasswordDialog passdlg(0); passdlg.m_base->ldapAdminRealm->setEnabled(false); passdlg.m_base->ldapAdminRealm->insertItem(m_realm); @@ -143,6 +149,12 @@ printf("[RAJA DEBUG 660.1] using_ldapi: %d\n\r", using_ldapi); fflush(stdout); m_creds->realm = passdlg.m_base->ldapAdminRealm->currentText(); m_creds->use_tls = passdlg.m_base->ldapUseTLS->isOn(); } + if (passdlg.use_gssapi) { + using_gssapi = true; + } + } + else { + return -1; } } @@ -191,7 +203,7 @@ printf("[RAJA DEBUG 660.0]\n\r"); fflush(stdout); cred.bv_val = pass.data(); cred.bv_len = pass.length(); printf("[RAJA DEBUG 660.2]\n\r"); fflush(stdout); - if (!using_ldapi) { + if ((!using_ldapi && !using_gssapi)) { if (!ldap_dn.contains(",")) { // Look for a POSIX account with anonymous bind and the specified account name TQString uri; @@ -255,7 +267,12 @@ printf("[RAJA DEBUG 660.2]\n\r"); fflush(stdout); } } - retcode = ldap_sasl_bind_s(m_ldap, ldap_dn.ascii(), mechanism, &cred, NULL, NULL, NULL); + if (using_gssapi) { + retcode = ldap_sasl_interactive_bind_s(m_ldap, "", "GSSAPI", NULL, NULL, LDAP_SASL_AUTOMATIC, sasl_bind_interact_callback, NULL); + } + else { + retcode = ldap_sasl_bind_s(m_ldap, ldap_dn.ascii(), mechanism, &cred, NULL, NULL, NULL); + } printf("[RAJA DEBUG 600.2] ldap_dn: %s\n\r", ldap_dn.ascii()); fflush(stdout); if (retcode != LDAP_SUCCESS ) {