diff options
Diffstat (limited to 'src/backend/libpq/auth.c')
| -rw-r--r-- | src/backend/libpq/auth.c | 263 |
1 files changed, 134 insertions, 129 deletions
diff --git a/src/backend/libpq/auth.c b/src/backend/libpq/auth.c index defe45334c7..6e3ef149f3a 100644 --- a/src/backend/libpq/auth.c +++ b/src/backend/libpq/auth.c @@ -8,7 +8,7 @@ * * * IDENTIFICATION - * $PostgreSQL: pgsql/src/backend/libpq/auth.c,v 1.143 2006/10/03 21:21:36 momjian Exp $ + * $PostgreSQL: pgsql/src/backend/libpq/auth.c,v 1.144 2006/10/04 00:29:53 momjian Exp $ * *------------------------------------------------------------------------- */ @@ -75,16 +75,17 @@ static Port *pam_port_cludge; /* Workaround for passing "Port *port" into #include <winldap.h> /* Correct header from the Platform SDK */ -typedef ULONG (*__ldap_start_tls_sA)( - IN PLDAP ExternalHandle, - OUT PULONG ServerReturnValue, - OUT LDAPMessage **result, - IN PLDAPControlA *ServerControls, - IN PLDAPControlA *ClientControls +typedef +ULONG(*__ldap_start_tls_sA) ( + IN PLDAP ExternalHandle, + OUT PULONG ServerReturnValue, + OUT LDAPMessage ** result, + IN PLDAPControlA * ServerControls, + IN PLDAPControlA * ClientControls ); #endif -static int CheckLDAPAuth(Port *port); +static int CheckLDAPAuth(Port *port); #endif @@ -347,9 +348,9 @@ auth_failed(Port *port, int status) break; #endif /* USE_PAM */ #ifdef USE_LDAP - case uaLDAP: - errstr = gettext_noop("LDAP authentication failed for user \"%s\""); - break; + case uaLDAP: + errstr = gettext_noop("LDAP authentication failed for user \"%s\""); + break; #endif /* USE_LDAP */ default: errstr = gettext_noop("authentication failed for user \"%s\": invalid authentication method"); @@ -480,9 +481,9 @@ ClientAuthentication(Port *port) #endif /* USE_PAM */ #ifdef USE_LDAP - case uaLDAP: - status = CheckLDAPAuth(port); - break; + case uaLDAP: + status = CheckLDAPAuth(port); + break; #endif case uaTrust: @@ -709,100 +710,102 @@ CheckPAMAuth(Port *port, char *user, char *password) static int CheckLDAPAuth(Port *port) { - char *passwd; - char server[128]; - char basedn[128]; - char prefix[128]; - char suffix[128]; - LDAP *ldap; - int ssl = 0; - int r; - int ldapversion = LDAP_VERSION3; - int ldapport = LDAP_PORT; - char fulluser[128]; - - if (!port->auth_arg || port->auth_arg[0] == '\0') - { - ereport(LOG, - (errmsg("LDAP configuration URL not specified"))); - return STATUS_ERROR; - } - - /* - * Crack the LDAP url. We do a very trivial parse.. - * ldap[s]://<server>[:<port>]/<basedn>[;prefix[;suffix]] - */ - - server[0] = '\0'; - basedn[0] = '\0'; - prefix[0] = '\0'; - suffix[0] = '\0'; - - /* ldap, including port number */ - r = sscanf(port->auth_arg, - "ldap://%127[^:]:%i/%127[^;];%127[^;];%127s", - server, &ldapport, basedn, prefix, suffix); - if (r < 3) - { - /* ldaps, including port number */ - r = sscanf(port->auth_arg, - "ldaps://%127[^:]:%i/%127[^;];%127[^;];%127s", - server, &ldapport, basedn, prefix, suffix); - if (r >=3) ssl = 1; - } - if (r < 3) - { - /* ldap, no port number */ - r = sscanf(port->auth_arg, - "ldap://%127[^/]/%127[^;];%127[^;];%127s", - server, basedn, prefix, suffix); - } - if (r < 2) - { - /* ldaps, no port number */ - r = sscanf(port->auth_arg, - "ldaps://%127[^/]/%127[^;];%127[^;];%127s", - server, basedn, prefix, suffix); - if (r >= 2) ssl = 1; - } - if (r < 2) - { - ereport(LOG, - (errmsg("invalid LDAP URL: \"%s\"", + char *passwd; + char server[128]; + char basedn[128]; + char prefix[128]; + char suffix[128]; + LDAP *ldap; + int ssl = 0; + int r; + int ldapversion = LDAP_VERSION3; + int ldapport = LDAP_PORT; + char fulluser[128]; + + if (!port->auth_arg || port->auth_arg[0] == '\0') + { + ereport(LOG, + (errmsg("LDAP configuration URL not specified"))); + return STATUS_ERROR; + } + + /* + * Crack the LDAP url. We do a very trivial parse.. + * ldap[s]://<server>[:<port>]/<basedn>[;prefix[;suffix]] + */ + + server[0] = '\0'; + basedn[0] = '\0'; + prefix[0] = '\0'; + suffix[0] = '\0'; + + /* ldap, including port number */ + r = sscanf(port->auth_arg, + "ldap://%127[^:]:%i/%127[^;];%127[^;];%127s", + server, &ldapport, basedn, prefix, suffix); + if (r < 3) + { + /* ldaps, including port number */ + r = sscanf(port->auth_arg, + "ldaps://%127[^:]:%i/%127[^;];%127[^;];%127s", + server, &ldapport, basedn, prefix, suffix); + if (r >= 3) + ssl = 1; + } + if (r < 3) + { + /* ldap, no port number */ + r = sscanf(port->auth_arg, + "ldap://%127[^/]/%127[^;];%127[^;];%127s", + server, basedn, prefix, suffix); + } + if (r < 2) + { + /* ldaps, no port number */ + r = sscanf(port->auth_arg, + "ldaps://%127[^/]/%127[^;];%127[^;];%127s", + server, basedn, prefix, suffix); + if (r >= 2) + ssl = 1; + } + if (r < 2) + { + ereport(LOG, + (errmsg("invalid LDAP URL: \"%s\"", port->auth_arg))); - return STATUS_ERROR; - } - - sendAuthRequest(port, AUTH_REQ_PASSWORD); - - passwd = recv_password_packet(port); - if (passwd == NULL) - return STATUS_EOF; /* client wouldn't send password */ - - ldap = ldap_init(server, ldapport); - if (!ldap) - { + return STATUS_ERROR; + } + + sendAuthRequest(port, AUTH_REQ_PASSWORD); + + passwd = recv_password_packet(port); + if (passwd == NULL) + return STATUS_EOF; /* client wouldn't send password */ + + ldap = ldap_init(server, ldapport); + if (!ldap) + { #ifndef WIN32 - ereport(LOG, - (errmsg("could not initialize LDAP: error code %d", - errno))); + ereport(LOG, + (errmsg("could not initialize LDAP: error code %d", + errno))); #else - ereport(LOG, - (errmsg("could not initialize LDAP: error code %d", - (int) LdapGetLastError()))); + ereport(LOG, + (errmsg("could not initialize LDAP: error code %d", + (int) LdapGetLastError()))); #endif - return STATUS_ERROR; - } - - if ((r = ldap_set_option(ldap, LDAP_OPT_PROTOCOL_VERSION, &ldapversion)) != LDAP_SUCCESS) - { - ereport(LOG, - (errmsg("could not set LDAP protocol version: error code %d", r))); - return STATUS_ERROR; - } - - if (ssl) - { + return STATUS_ERROR; + } + + if ((r = ldap_set_option(ldap, LDAP_OPT_PROTOCOL_VERSION, &ldapversion)) != LDAP_SUCCESS) + { + ereport(LOG, + (errmsg("could not set LDAP protocol version: error code %d", r))); + return STATUS_ERROR; + } + + if (ssl) + { #ifndef WIN32 if ((r = ldap_start_tls_s(ldap, NULL, NULL)) != LDAP_SUCCESS) #else @@ -815,17 +818,20 @@ CheckLDAPAuth(Port *port) * exist on Windows 2000, and causes a load error for the whole * exe if referenced. */ - HANDLE ldaphandle; - + HANDLE ldaphandle; + ldaphandle = LoadLibrary("WLDAP32.DLL"); if (ldaphandle == NULL) { - /* should never happen since we import other files from wldap32, but check anyway */ + /* + * should never happen since we import other files from + * wldap32, but check anyway + */ ereport(LOG, (errmsg("could not load wldap32.dll"))); return STATUS_ERROR; } - _ldap_start_tls_sA = (__ldap_start_tls_sA)GetProcAddress(ldaphandle, "ldap_start_tls_sA"); + _ldap_start_tls_sA = (__ldap_start_tls_sA) GetProcAddress(ldaphandle, "ldap_start_tls_sA"); if (_ldap_start_tls_sA == NULL) { ereport(LOG, @@ -839,33 +845,32 @@ CheckLDAPAuth(Port *port) * process and is automatically cleaned up on process exit. */ } - if ((r = _ldap_start_tls_sA(ldap, NULL, NULL, NULL, NULL)) != LDAP_SUCCESS) + if ((r = _ldap_start_tls_sA(ldap, NULL, NULL, NULL, NULL)) != LDAP_SUCCESS) #endif - { - ereport(LOG, - (errmsg("could not start LDAP TLS session: error code %d", r))); - return STATUS_ERROR; - } - } - - snprintf(fulluser, sizeof(fulluser)-1, "%s%s%s", + { + ereport(LOG, + (errmsg("could not start LDAP TLS session: error code %d", r))); + return STATUS_ERROR; + } + } + + snprintf(fulluser, sizeof(fulluser) - 1, "%s%s%s", prefix, port->user_name, suffix); - fulluser[sizeof(fulluser)-1] = '\0'; + fulluser[sizeof(fulluser) - 1] = '\0'; - r = ldap_simple_bind_s(ldap, fulluser, passwd); - ldap_unbind(ldap); + r = ldap_simple_bind_s(ldap, fulluser, passwd); + ldap_unbind(ldap); - if (r != LDAP_SUCCESS) - { - ereport(LOG, - (errmsg("LDAP login failed for user \"%s\" on server \"%s\": error code %d", + if (r != LDAP_SUCCESS) + { + ereport(LOG, + (errmsg("LDAP login failed for user \"%s\" on server \"%s\": error code %d", fulluser, server, r))); - return STATUS_ERROR; - } - - return STATUS_OK; -} + return STATUS_ERROR; + } + return STATUS_OK; +} #endif /* USE_LDAP */ /* |