Re: [squid-users] Squid 2.5 & group Ldap Auth.

From: Henrik Nordstrom <hno@dont-contact.us>
Date: Fri, 03 Jan 2003 18:46:41 +0100

"atwoved1@libero.it" wrote:
>
> Here under the info you asked for:
>
> Squid version: squid-2.5.STABLE1-20021218.
> No further patch applied.

> arizzo navigatori ====> the user arizzo is in group navigatori. Username char lenght 6
> Connected OK
> user filter uid=arizzoi
> squid_ldap_group WARNING, User 'uid=arizzoi' not found. ==========>The helper added the 7th character of the previous user to this user
> ERR

Thanks for your very clear information. The problem is in the user
search mode of the updated squid_ldap_group helper (v2.8).

Can you please try the attached patch? (v2.9)

Regards
Henrik

Index: helpers/external_acl/ldap_group/squid_ldap_group.c
===================================================================
RCS file: /server/cvs-server/squid/squid/helpers/external_acl/ldap_group/squid_ldap_group.c,v
retrieving revision 1.2.2.8
retrieving revision 1.2.2.10
diff -u -w -r1.2.2.8 -r1.2.2.10
--- helpers/external_acl/ldap_group/squid_ldap_group.c 29 Nov 2002 01:52:40 -0000 1.2.2.8
+++ helpers/external_acl/ldap_group/squid_ldap_group.c 3 Jan 2003 17:39:42 -0000 1.2.2.10
@@ -1,7 +1,7 @@
 /*
  * squid_ldap_group: lookup group membership in LDAP
  *
- * (C)2002 MARA Systems AB
+ * (C)2002,2003 MARA Systems AB
  *
  * License: squid_ldap_group is free software; you can redistribute it
  * and/or modify it under the terms of the GNU General Public License
@@ -10,7 +10,7 @@
  *
  * Authors:
  * Flavio Pescuma <flavio@marasystems.com>
- * Henriok Nordstrom <hno@marasystems.com>
+ * Henrik Nordstrom <hno@marasystems.com>
  * MARA Systems AB, Sweden <http://www.marasystems.com>
  *
  * With contributions from others mentioned in the change histor section
@@ -35,6 +35,10 @@
  *
  * History:
  *
+ * Version 2.9
+ * 2003-01-03 Henrik Nordstrom <hno@marasystems.com>
+ * Fixed missing string termination on ldap_escape_vale,
+ * and corrected build problem with LDAPv2 libraries
  * Version 2.8
  * 2002-11-27 Henrik Nordstrom <hno@marasystems.com>
  * Replacement for ldap_build_filter. Also changed
@@ -139,9 +143,11 @@
 static int debug = 0;
 static int aliasderef = LDAP_DEREF_NEVER;
 
+#ifdef LDAP_VERSION3
 /* Added for TLS support and version 3 */
 static int use_tls = 0;
 static int version = -1;
+#endif
 
 static int searchLDAP(LDAP * ld, char *group, char *user, char *extension_dn);
 
@@ -349,6 +355,7 @@
         case 'R':
             noreferrals = !noreferrals;
             break;
+#ifdef LDAP_VERSION3
         case 'v':
             switch (atoi(value)) {
             case 2:
@@ -371,6 +378,7 @@
             version = LDAP_VERSION3;
             use_tls = 1;
             break;
+#endif
         case 'd':
             debug = 1;
             break;
@@ -449,6 +457,7 @@
                         ldapServer, port);
                     break;
                 }
+#ifdef LDAP_VERSION3
                 if (version == -1) {
                     version = LDAP_VERSION2;
                 }
@@ -466,6 +475,7 @@
                     ld = NULL;
                     break;
                 }
+#endif
                 squid_ldap_set_referrals(ld, !noreferrals);
                 squid_ldap_set_aliasderef(ld, aliasderef);
                 if (binddn && bindpasswd && *binddn && *bindpasswd) {
@@ -512,10 +522,10 @@
 }
 
 static int
-ldap_escape_value(char *filter, int size, const char *src)
+ldap_escape_value(char *escaped, int size, const char *src)
 {
     int n = 0;
- while (size > 0 && *src) {
+ while (size > 4 && *src) {
         switch(*src) {
         case '*':
         case '(':
@@ -524,17 +534,18 @@
             n += 3;
             size -= 3;
             if (size > 0) {
- *filter++ = '\\';
- snprintf(filter, 3, "%02x", (int)*src++);
- filter+=2;
+ *escaped++ = '\\';
+ snprintf(escaped, 3, "%02x", (int)*src++);
+ escaped+=2;
             }
             break;
         default:
- *filter++ = *src++;
+ *escaped++ = *src++;
             n++;
             size--;
         }
     }
+ *escaped = '\0';
     return n;
 }
 
Received on Fri Jan 03 2003 - 10:50:03 MST

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:12:26 MST