Index: squid/helpers/basic_auth/LDAP/squid_ldap_auth.8 diff -c squid/helpers/basic_auth/LDAP/squid_ldap_auth.8:1.7.2.5 squid/helpers/basic_auth/LDAP/squid_ldap_auth.8:1.7.2.6 *** squid/helpers/basic_auth/LDAP/squid_ldap_auth.8:1.7.2.5 Tue Mar 2 02:13:29 2004 --- squid/helpers/basic_auth/LDAP/squid_ldap_auth.8 Sat Jul 17 09:00:12 2004 *************** *** 1,14 **** ! .TH squid_ldap_auth 8 "1 Mars 2003" "Squid LDAP Auth" . .SH NAME squid_ldap_auth - Squid LDAP authentication helper . .SH SYNOPSIS .B squid_ldap_auth ! -b "base DN" [-u attribute] [options] [ldap_server_name[:port]...] .br .B squid_ldap_auth ! -b "base DN" -f "LDAP search filter" [options] [ldap_server_name[:port]...] . .SH DESCRIPTION This helper allows Squid to connect to a LDAP directory to --- 1,14 ---- ! .TH squid_ldap_auth 8 "17 July 2004" "Squid LDAP Auth" . .SH NAME squid_ldap_auth - Squid LDAP authentication helper . .SH SYNOPSIS .B squid_ldap_auth ! -b "base DN" [-u attribute] [options] [ldap_server_name[:port]|URI]... .br .B squid_ldap_auth ! -b "base DN" -f "LDAP search filter" [options] [ldap_server_name[:port]|URI]... . .SH DESCRIPTION This helper allows Squid to connect to a LDAP directory to *************** *** 47,52 **** --- 47,57 ---- to search for your users DN (-f option). . .TP + .BI "-U " passwordattr + Use ldap_compare instead of ldap_simple_bind to verify the users password. + passwordattr is the LDAP attribute storing the users password. + . + .TP .BI "-s " base|one|sub search scope when performing user DN searches specified by the -f option. Defaults to 'sub'. *************** *** 88,93 **** --- 93,108 ---- validations. Recommended for larger installations. . .TP + .BI -O + Only bind once per LDAP connection. Some LDAP servers do not + allow re-binding as another user after a successful ldap_bind. + The use of this option always opens a new connection for each + login attempt. If combined with the -P option for persistent + LDAP connection then the connection used for searching for the + user DN is kept persistent but a new connection is opened + to verify each users password once the DN is found. + . + .TP .BI -R do not follow referrals . *************** *** 106,120 **** . .TP .BI -H " ldapuri" ! Specity the LDAP server to connect to by LDAP URI (requires OpenLDAP libraries) . .TP .BI -h " ldapserver" ! Specify the LDAP server to connect to .TP .BI -p " ldapport" Specify an alternate TCP port where the ldap server is listening if ! other than the default LDAP port 389. . .TP .BI -Z --- 121,138 ---- . .TP .BI -H " ldapuri" ! Specity the LDAP server to connect to by LDAP URI (requires OpenLDAP libraries). ! Servers can also be specified last on the command line. . .TP .BI -h " ldapserver" ! Specify the LDAP server to connect to. Servers can also be specified last ! on the command line. .TP .BI -p " ldapport" Specify an alternate TCP port where the ldap server is listening if ! other than the default LDAP port 389. Can also be specified within the ! server specificiation by using servername:port syntax. . .TP .BI -Z *************** *** 133,139 **** Specify time limit on LDAP search operations . .TP ! .BU -d Debug mode where each step taken will get reported in detail. Useful for understanding what goes wrong if the results is not what is expected. --- 151,157 ---- Specify time limit on LDAP search operations . .TP ! .BI -d Debug mode where each step taken will get reported in detail. Useful for understanding what goes wrong if the results is not what is expected. Index: squid/helpers/basic_auth/LDAP/squid_ldap_auth.c diff -c squid/helpers/basic_auth/LDAP/squid_ldap_auth.c:1.21.2.10 squid/helpers/basic_auth/LDAP/squid_ldap_auth.c:1.21.2.14 *** squid/helpers/basic_auth/LDAP/squid_ldap_auth.c:1.21.2.10 Thu Mar 4 02:37:38 2004 --- squid/helpers/basic_auth/LDAP/squid_ldap_auth.c Tue Aug 10 03:39:29 2004 *************** *** 30,46 **** * or (at your option) any later version. * * Changes: * 2004年03月01日: Henrik Nordstrom ! * - corrected building of search filters to escape ! * unsafe input ! * - -d option for "debug" like squid_ldap_group * 2004年01月05日: Henrik Nordstrom ! * - Corrected TLS mode * 2003年03月01日: David J N Begley ! * - Support for Netscape API method of ldap over SSL ! * connections ! * - Timeout option for better recovery when using ! * multiple LDAP servers * 2003年03月01日: Christoph Lechleitner * - Added -W option to read bindpasswd from file * 2003年03月01日: Juerg Michel --- 30,51 ---- * or (at your option) any later version. * * Changes: + * 2004年07月17日: Henrik Nordstrom + * - Corrected non-persistent mode to only issue one + * ldap_bind per connection. + * - -U option to compare the users password rather + * than binding. * 2004年03月01日: Henrik Nordstrom ! * - corrected building of search filters to escape ! * unsafe input ! * - -d option for "debug" like squid_ldap_group * 2004年01月05日: Henrik Nordstrom ! * - Corrected TLS mode * 2003年03月01日: David J N Begley ! * - Support for Netscape API method of ldap over SSL ! * connections ! * - Timeout option for better recovery when using ! * multiple LDAP servers * 2003年03月01日: Christoph Lechleitner * - Added -W option to read bindpasswd from file * 2003年03月01日: Juerg Michel *************** *** 89,96 **** --- 94,103 ---- static const char *binddn = NULL; static const char *bindpasswd = NULL; static const char *userattr = "uid"; + static const char *passwdattr = NULL; static int searchscope = LDAP_SCOPE_SUBTREE; static int persistent = 0; + static int bind_once = 0; static int noreferrals = 0; static int aliasderef = LDAP_DEREF_NEVER; #if defined(NETSCAPE_SSL) *************** *** 105,111 **** static int use_tls = 0; static int version = -1; ! static int checkLDAP(LDAP * ld, const char *userid, const char *password); static int readSecret(const char *filename); /* Yuck.. we need to glue to different versions of the API */ --- 112,118 ---- static int use_tls = 0; static int version = -1; ! static int checkLDAP(LDAP * ld, const char *userid, const char *password, const char *server, int port); static int readSecret(const char *filename); /* Yuck.. we need to glue to different versions of the API */ *************** *** 130,141 **** ldap_set_option(ld, LDAP_OPT_REFERRALS, value); } static void ! squid_ldap_set_timelimit(LDAP *ld, int timelimit) { ldap_set_option(ld, LDAP_OPT_TIMELIMIT, &timelimit); } static void ! squid_ldap_set_connect_timeout(LDAP *ld, int timelimit) { #if defined(LDAP_OPT_NETWORK_TIMEOUT) struct timeval tv; --- 137,148 ---- ldap_set_option(ld, LDAP_OPT_REFERRALS, value); } static void ! squid_ldap_set_timelimit(LDAP * ld, int timelimit) { ldap_set_option(ld, LDAP_OPT_TIMELIMIT, &timelimit); } static void ! squid_ldap_set_connect_timeout(LDAP * ld, int timelimit) { #if defined(LDAP_OPT_NETWORK_TIMEOUT) struct timeval tv; *************** *** 152,157 **** --- 159,165 ---- { ldap_memfree(p); } + #else static int squid_ldap_errno(LDAP * ld) *************** *** 171,182 **** else ld->ld_options &= ~LDAP_OPT_REFERRALS; } ! static void squid_ldap_set_timelimit(LDAP *ld, int timelimit) { ld->ld_timelimit = timelimit; } static void ! squid_ldap_set_connect_timeout(LDAP *ld, int timelimit) { fprintf(stderr, "Connect timeouts not supported in your LDAP library\n"); } --- 179,191 ---- else ld->ld_options &= ~LDAP_OPT_REFERRALS; } ! static void ! squid_ldap_set_timelimit(LDAP * ld, int timelimit) { ld->ld_timelimit = timelimit; } static void ! squid_ldap_set_connect_timeout(LDAP * ld, int timelimit) { fprintf(stderr, "Connect timeouts not supported in your LDAP library\n"); } *************** *** 185,198 **** { free(p); } #endif #ifdef LDAP_API_FEATURE_X_OPENLDAP ! #if LDAP_VENDOR_VERSION> 194 ! #define HAS_URI_SUPPORT 1 ! #endif #endif int main(int argc, char **argv) { --- 194,266 ---- { free(p); } + #endif #ifdef LDAP_API_FEATURE_X_OPENLDAP ! #if LDAP_VENDOR_VERSION> 194 ! #define HAS_URI_SUPPORT 1 ! #endif #endif + static LDAP * + open_ldap_connection(const char *ldapServer, int port) + { + LDAP *ld = NULL; + #if HAS_URI_SUPPORT + if (strstr(ldapServer, "://") != NULL) { + int rc = ldap_initialize(&ld, ldapServer); + if (rc != LDAP_SUCCESS) { + fprintf(stderr, "\nUnable to connect to LDAPURI:%s\n", ldapServer); + exit(1); + } + } else + #endif + #if NETSCAPE_SSL + if (sslpath) { + if (!sslinit && (ldapssl_client_init(sslpath, NULL) != LDAP_SUCCESS)) { + fprintf(stderr, "\nUnable to initialise SSL with cert path %s\n", + sslpath); + exit(1); + } else { + sslinit++; + } + if ((ld = ldapssl_init(ldapServer, port, 1)) == NULL) { + fprintf(stderr, "\nUnable to connect to SSL LDAP server: %s port:%d\n", + ldapServer, port); + exit(1); + } + } else + #endif + if ((ld = ldap_init(ldapServer, port)) == NULL) { + fprintf(stderr, "\nUnable to connect to LDAP server:%s port:%d\n", + ldapServer, port); + exit(1); + } + if (connect_timeout) + squid_ldap_set_connect_timeout(ld, connect_timeout); + + #ifdef LDAP_VERSION3 + if (version == -1) { + version = LDAP_VERSION2; + } + if (ldap_set_option(ld, LDAP_OPT_PROTOCOL_VERSION, &version) + != LDAP_OPT_SUCCESS) { + fprintf(stderr, "Could not set LDAP_OPT_PROTOCOL_VERSION %d\n", + version); + exit(1); + } + if (use_tls && (version == LDAP_VERSION3) && (ldap_start_tls_s(ld, NULL, NULL) != LDAP_SUCCESS)) { + fprintf(stderr, "Could not Activate TLS connection\n"); + exit(1); + } + #endif + squid_ldap_set_timelimit(ld, timelimit); + squid_ldap_set_referrals(ld, !noreferrals); + squid_ldap_set_aliasderef(ld, aliasderef); + return ld; + } + int main(int argc, char **argv) { *************** *** 214,219 **** --- 282,288 ---- case 'z': case 'Z': case 'd': + case 'O': break; default: if (strlen(argv[1])> 2) { *************** *** 255,260 **** --- 324,332 ---- case 'u': userattr = value; break; + case 'U': + passwdattr = value; + break; case 's': if (strcmp(value, "base") == 0) searchscope = LDAP_SCOPE_BASE; *************** *** 269,288 **** break; case 'E': #if defined(NETSCAPE_SSL) ! sslpath = value; ! if (port == LDAP_PORT) ! port = LDAPS_PORT; #else ! fprintf(stderr, PROGRAM_NAME " ERROR: -E unsupported with this LDAP library\n"); ! exit(1); #endif ! break; case 'c': ! connect_timeout = atoi(value); ! break; case 't': ! timelimit = atoi(value); ! break; case 'a': if (strcmp(value, "never") == 0) aliasderef = LDAP_DEREF_NEVER; --- 341,360 ---- break; case 'E': #if defined(NETSCAPE_SSL) ! sslpath = value; ! if (port == LDAP_PORT) ! port = LDAPS_PORT; #else ! fprintf(stderr, PROGRAM_NAME " ERROR: -E unsupported with this LDAP library\n"); ! exit(1); #endif ! break; case 'c': ! connect_timeout = atoi(value); ! break; case 't': ! timelimit = atoi(value); ! break; case 'a': if (strcmp(value, "never") == 0) aliasderef = LDAP_DEREF_NEVER; *************** *** 304,314 **** bindpasswd = value; break; case 'W': ! readSecret (value); break; case 'P': persistent = !persistent; break; case 'p': port = atoi(value); break; --- 376,389 ---- bindpasswd = value; break; case 'W': ! readSecret(value); break; case 'P': persistent = !persistent; break; + case 'O': + bind_once = !bind_once; + break; case 'p': port = atoi(value); break; *************** *** 317,323 **** break; #ifdef LDAP_VERSION3 case 'v': ! switch( atoi(value) ) { case 2: version = LDAP_VERSION2; break; --- 392,398 ---- break; #ifdef LDAP_VERSION3 case 'v': ! switch (atoi(value)) { case 2: version = LDAP_VERSION2; break; *************** *** 325,338 **** version = LDAP_VERSION3; break; default: ! fprintf( stderr, "Protocol version should be 2 or 3\n"); exit(1); } break; case 'Z': ! if ( version == LDAP_VERSION2 ) { ! fprintf( stderr, "TLS (-Z) is incompatible with version %d\n", ! version); exit(1); } version = LDAP_VERSION3; --- 400,413 ---- version = LDAP_VERSION3; break; default: ! fprintf(stderr, "Protocol version should be 2 or 3\n"); exit(1); } break; case 'Z': ! if (version == LDAP_VERSION2) { ! fprintf(stderr, "TLS (-Z) is incompatible with version %d\n", ! version); exit(1); } version = LDAP_VERSION3; *************** *** 406,471 **** } rfc1738_unescape(user); rfc1738_unescape(passwd); ! tryagain = 1; recover: ! if (ld == NULL) { ! #if HAS_URI_SUPPORT ! if (strstr(ldapServer, "://") != NULL) { ! int rc = ldap_initialize( &ld, ldapServer ); ! if( rc != LDAP_SUCCESS ) { ! fprintf(stderr, "\nUnable to connect to LDAPURI:%s\n", ldapServer); ! break; ! } ! } else ! #endif ! #if NETSCAPE_SSL ! if (sslpath) { ! if ( !sslinit && (ldapssl_client_init(sslpath, NULL) != LDAP_SUCCESS)) { ! fprintf(stderr, "\nUnable to initialise SSL with cert path %s\n", ! sslpath); ! exit(1); ! } else { ! sslinit++; ! } ! if ((ld = ldapssl_init(ldapServer, port, 1)) == NULL) { ! fprintf(stderr, "\nUnable to connect to SSL LDAP server: %s port:%d\n", ! ldapServer, port); ! exit(1); ! } ! } else ! #endif ! if ((ld = ldap_init(ldapServer, port)) == NULL) { ! fprintf(stderr, "\nUnable to connect to LDAP server:%s port:%d\n", ! ldapServer, port); ! exit(1); ! } ! ! if (connect_timeout) ! squid_ldap_set_connect_timeout(ld, connect_timeout); ! ! #ifdef LDAP_VERSION3 ! if (version == -1 ) { ! version = LDAP_VERSION2; ! } ! ! if( ldap_set_option( ld, LDAP_OPT_PROTOCOL_VERSION, &version ) ! != LDAP_OPT_SUCCESS ) ! { ! fprintf( stderr, "Could not set LDAP_OPT_PROTOCOL_VERSION %d\n", ! version ); ! exit(1); ! } ! ! if ( use_tls && ( version == LDAP_VERSION3 ) && ( ldap_start_tls_s( ld, NULL, NULL ) != LDAP_SUCCESS )) { ! fprintf( stderr, "Could not Activate TLS connection\n"); ! exit(1); ! } ! #endif ! squid_ldap_set_timelimit(ld, timelimit); ! squid_ldap_set_referrals(ld, !noreferrals); ! squid_ldap_set_aliasderef(ld, aliasderef); ! } ! if (checkLDAP(ld, user, passwd) != 0) { if (tryagain && squid_ldap_errno(ld) != LDAP_INVALID_CREDENTIALS) { tryagain = 0; ldap_unbind(ld); --- 481,491 ---- } rfc1738_unescape(user); rfc1738_unescape(passwd); ! tryagain = (ld != NULL); recover: ! if (ld == NULL && persistent) ! ld = open_ldap_connection(ldapServer, port); ! if (checkLDAP(ld, user, passwd, ldapServer, port) != 0) { if (tryagain && squid_ldap_errno(ld) != LDAP_INVALID_CREDENTIALS) { tryagain = 0; ldap_unbind(ld); *************** *** 476,482 **** } else { printf("OK\n"); } ! if (!persistent || (squid_ldap_errno(ld) != LDAP_SUCCESS && squid_ldap_errno(ld) != LDAP_INVALID_CREDENTIALS)) { ldap_unbind(ld); ld = NULL; } --- 496,502 ---- } else { printf("OK\n"); } ! if (ld && (squid_ldap_errno(ld) != LDAP_SUCCESS && squid_ldap_errno(ld) != LDAP_INVALID_CREDENTIALS)) { ldap_unbind(ld); ld = NULL; } *************** *** 491,497 **** { int n = 0; while (size> 4 && *src) { ! switch(*src) { case '*': case '(': case ')': --- 511,517 ---- { int n = 0; while (size> 4 && *src) { ! switch (*src) { case '*': case '(': case ')': *************** *** 500,507 **** size -= 3; if (size> 0) { *escaped++ = '\\'; ! snprintf(escaped, 3, "%02x", (unsigned char)*src++); ! escaped+=2; } break; default: --- 520,527 ---- size -= 3; if (size> 0) { *escaped++ = '\\'; ! snprintf(escaped, 3, "%02x", (unsigned char) *src++); ! escaped += 2; } break; default: *************** *** 515,523 **** } static int ! checkLDAP(LDAP * ld, const char *userid, const char *password) { char dn[256]; if (!*password) { /* LDAP can't bind with a blank password. Seen as "anonymous" --- 535,545 ---- } static int ! checkLDAP(LDAP * persistent_ld, const char *userid, const char *password, const char *ldapServer, int port) { char dn[256]; + int ret = 0; + LDAP *bind_ld = NULL; if (!*password) { /* LDAP can't bind with a blank password. Seen as "anonymous" *************** *** 534,552 **** {NULL}; char *userdn; int rc; ldap_escape_value(escaped_login, sizeof(escaped_login), userid); if (binddn) { ! rc = ldap_simple_bind_s(ld, binddn, bindpasswd); if (rc != LDAP_SUCCESS) { fprintf(stderr, PROGRAM_NAME ": WARNING, could not bind to binddn '%s'\n", ldap_err2string(rc)); ! return 1; } } snprintf(filter, sizeof(filter), searchfilter, escaped_login, escaped_login, escaped_login, escaped_login, escaped_login, escaped_login, escaped_login, escaped_login, escaped_login, escaped_login, escaped_login, escaped_login, escaped_login, escaped_login, escaped_login); if (debug) fprintf(stderr, "user filter '%s', searchbase '%s'\n", filter, basedn); ! rc = ldap_search_s(ld, basedn, searchscope, filter, searchattr, 1, &res); if (rc != LDAP_SUCCESS) { if (noreferrals && rc == LDAP_PARTIAL_RESULTS) { /* Everything is fine. This is expected when referrals --- 556,579 ---- {NULL}; char *userdn; int rc; + LDAP *search_ld = persistent_ld; + + if (!search_ld) + search_ld = open_ldap_connection(ldapServer, port); ldap_escape_value(escaped_login, sizeof(escaped_login), userid); if (binddn) { ! rc = ldap_simple_bind_s(search_ld, binddn, bindpasswd); if (rc != LDAP_SUCCESS) { fprintf(stderr, PROGRAM_NAME ": WARNING, could not bind to binddn '%s'\n", ldap_err2string(rc)); ! ret = 1; ! goto search_done; } } snprintf(filter, sizeof(filter), searchfilter, escaped_login, escaped_login, escaped_login, escaped_login, escaped_login, escaped_login, escaped_login, escaped_login, escaped_login, escaped_login, escaped_login, escaped_login, escaped_login, escaped_login, escaped_login); if (debug) fprintf(stderr, "user filter '%s', searchbase '%s'\n", filter, basedn); ! rc = ldap_search_s(search_ld, basedn, searchscope, filter, searchattr, 1, &res); if (rc != LDAP_SUCCESS) { if (noreferrals && rc == LDAP_PARTIAL_RESULTS) { /* Everything is fine. This is expected when referrals *************** *** 560,626 **** fprintf(stderr, PROGRAM_NAME ": WARNING, SSL error %d (%s)\n", sslerr, ldapssl_err2string(sslerr)); } #endif ! ldap_msgfree(res); ! return 1; } } ! entry = ldap_first_entry(ld, res); if (!entry) { ! ldap_msgfree(res); ! return 1; } ! userdn = ldap_get_dn(ld, entry); if (!userdn) { fprintf(stderr, PROGRAM_NAME ": ERROR, could not get user DN for '%s'\n", userid); ! ldap_msgfree(res); ! return 1; } snprintf(dn, sizeof(dn), "%s", userdn); squid_ldap_memfree(userdn); ! ldap_msgfree(res); } else { snprintf(dn, sizeof(dn), "%s=%s,%s", userattr, userid, basedn); } if (debug) fprintf(stderr, "attempting to bind to user '%s'\n", dn); ! if (ldap_simple_bind_s(ld, dn, password) != LDAP_SUCCESS) ! return 1; ! ! return 0; } ! int readSecret(const char *filename) { ! char buf[BUFSIZ]; ! char *e = NULL; ! FILE *f; ! char *passwd = NULL; ! ! if(!(f=fopen(filename, "r"))) { ! fprintf(stderr, PROGRAM_NAME " ERROR: Can not read secret file %s\n", filename); ! return 1; ! } ! if( !fgets(buf, sizeof(buf)-1, f)) { ! fprintf(stderr, PROGRAM_NAME " ERROR: Secret file %s is empty\n", filename); ! fclose(f); ! return 1; ! } ! ! /* strip whitespaces on end */ ! if((e = strrchr(buf, '\n'))) *e = 0; ! if((e = strrchr(buf, '\r'))) *e = 0; ! ! passwd = (char *) calloc(sizeof(char), strlen(buf)+1); ! if (!passwd) { ! fprintf(stderr, PROGRAM_NAME " ERROR: can not allocate memory\n"); ! exit(1); ! } ! strcpy(passwd, buf); ! bindpasswd = passwd; ! fclose(f); ! return 0; } --- 587,679 ---- fprintf(stderr, PROGRAM_NAME ": WARNING, SSL error %d (%s)\n", sslerr, ldapssl_err2string(sslerr)); } #endif ! ret = 1; ! goto search_done; } } ! entry = ldap_first_entry(search_ld, res); if (!entry) { ! ret = 1; ! goto search_done; } ! userdn = ldap_get_dn(search_ld, entry); if (!userdn) { fprintf(stderr, PROGRAM_NAME ": ERROR, could not get user DN for '%s'\n", userid); ! ret = 1; ! goto search_done; } snprintf(dn, sizeof(dn), "%s", userdn); squid_ldap_memfree(userdn); ! ! if (ret == 0 && (!binddn || !bind_once || passwdattr)) { ! /* Reuse the search connection for comparing the user password attribute */ ! bind_ld = search_ld; ! search_ld = NULL; ! } ! search_done: ! if (res) { ! ldap_msgfree(res); ! res = NULL; ! } ! if (search_ld && search_ld != persistent_ld) { ! ldap_unbind(search_ld); ! search_ld = NULL; ! } ! if (ret != 0) ! return ret; } else { snprintf(dn, sizeof(dn), "%s=%s,%s", userattr, userid, basedn); } if (debug) fprintf(stderr, "attempting to bind to user '%s'\n", dn); ! if (!bind_ld && !bind_once) ! bind_ld = persistent_ld; ! if (!bind_ld) ! bind_ld = open_ldap_connection(ldapServer, port); ! if (passwdattr && ldap_compare_s(bind_ld, dn, passwdattr, password) != LDAP_COMPARE_TRUE) ! ret = 1; ! else if (ldap_simple_bind_s(bind_ld, dn, password) != LDAP_SUCCESS) ! ret = 1; ! if (bind_ld != persistent_ld) { ! ldap_unbind(bind_ld); ! bind_ld = NULL; ! } ! return ret; } ! int ! readSecret(const char *filename) { ! char buf[BUFSIZ]; ! char *e = NULL; ! FILE *f; ! char *passwd = NULL; ! if (!(f = fopen(filename, "r"))) { ! fprintf(stderr, PROGRAM_NAME " ERROR: Can not read secret file %s\n", filename); ! return 1; ! } ! if (!fgets(buf, sizeof(buf) - 1, f)) { ! fprintf(stderr, PROGRAM_NAME " ERROR: Secret file %s is empty\n", filename); ! fclose(f); ! return 1; ! } ! /* strip whitespaces on end */ ! if ((e = strrchr(buf, '\n'))) ! *e = 0; ! if ((e = strrchr(buf, '\r'))) ! *e = 0; ! ! passwd = (char *) calloc(sizeof(char), strlen(buf) + 1); ! if (!passwd) { ! fprintf(stderr, PROGRAM_NAME " ERROR: can not allocate memory\n"); ! exit(1); ! } ! strcpy(passwd, buf); ! bindpasswd = passwd; ! fclose(f); ! return 0; } Index: squid/helpers/external_acl/ldap_group/squid_ldap_group.8 diff -c squid/helpers/external_acl/ldap_group/squid_ldap_group.8:1.1.2.4 squid/helpers/external_acl/ldap_group/squid_ldap_group.8:1.1.2.5 *** squid/helpers/external_acl/ldap_group/squid_ldap_group.8:1.1.2.4 Tue Mar 2 02:13:29 2004 --- squid/helpers/external_acl/ldap_group/squid_ldap_group.8 Sat Jul 17 09:00:12 2004 *************** *** 1,10 **** ! .TH squid_ldap_group 8 "1 Mars 2003" "Squid LDAP Group" . .SH NAME squid_ldap_group - Squid LDAP external acl group helper . .SH SYNOPSIS ! squid_ldap_group -b "base DN" -f "LDAP search filter" [options] [ldap_server_name[:port]...|URI] . .SH DESCRIPTION This helper allows Squid to connect to a LDAP directory to --- 1,10 ---- ! .TH squid_ldap_group 8 "17 July 2004" "Squid LDAP Group" . .SH NAME squid_ldap_group - Squid LDAP external acl group helper . .SH SYNOPSIS ! squid_ldap_group -b "base DN" -f "LDAP search filter" [options] [ldap_server_name[:port]|URI]... . .SH DESCRIPTION This helper allows Squid to connect to a LDAP directory to *************** *** 139,145 **** Strip NT domain name component from user names (/ or \\ separated) . .TP ! .BU -d Debug mode where each step taken will get reported in detail. Useful for understanding what goes wrong if the results is not what is expected. --- 139,145 ---- Strip NT domain name component from user names (/ or \\ separated) . .TP ! .BI -d Debug mode where each step taken will get reported in detail. Useful for understanding what goes wrong if the results is not what is expected.

AltStyle によって変換されたページ (->オリジナル) /