--------------------- PatchSet 11958 Date: 2008/02/23 01:20:56 Author: hno Branch: SQUID_2_7 Tag: (none) Log: Author: Klaubert Herr Patch to strip kerberos realm from username This patch add a new option to squid_ldap_group to strip kerberos realm from username received from squid. This is useful when you make kerberos authentication on squid, and try to authorize the user using ldap in MS Active Directory, quering for sAMAccountName. Members: helpers/external_acl/ldap_group/squid_ldap_group.8:1.4->1.4.6.1 helpers/external_acl/ldap_group/squid_ldap_group.c:1.14->1.14.6.1 Index: squid/helpers/external_acl/ldap_group/squid_ldap_group.8 =================================================================== RCS file: /cvsroot/squid/squid/helpers/external_acl/ldap_group/squid_ldap_group.8,v retrieving revision 1.4 retrieving revision 1.4.6.1 diff -u -r1.4 -r1.4.6.1 --- squid/helpers/external_acl/ldap_group/squid_ldap_group.8 22 May 2006 20:42:04 -0000 1.4 +++ squid/helpers/external_acl/ldap_group/squid_ldap_group.8 23 Feb 2008 01:20:56 -0000 1.4.6.1 @@ -152,6 +152,10 @@ Strip NT domain name component from user names (/ or \\ separated) . .TP +.BI -K +Strip Kerberos Realm component from user names (@ separated) +. +.TP .BI -d Debug mode where each step taken will get reported in detail. Useful for understanding what goes wrong if the results is Index: squid/helpers/external_acl/ldap_group/squid_ldap_group.c =================================================================== RCS file: /cvsroot/squid/squid/helpers/external_acl/ldap_group/squid_ldap_group.c,v retrieving revision 1.14 retrieving revision 1.14.6.1 diff -u -r1.14 -r1.14.6.1 --- squid/helpers/external_acl/ldap_group/squid_ldap_group.c 22 May 2006 20:42:04 -0000 1.14 +++ squid/helpers/external_acl/ldap_group/squid_ldap_group.c 23 Feb 2008 01:20:56 -0000 1.14.6.1 @@ -217,6 +217,7 @@ int port = LDAP_PORT; int use_extension_dn = 0; int strip_nt_domain = 0; + int strip_kerberos_realm = 0; int err = 0; setbuf(stdout, NULL); @@ -372,6 +373,9 @@ case 'S': strip_nt_domain = 1; break; + case 'K': + strip_kerberos_realm = 1; + break; default: fprintf(stderr, PROGRAM_NAME " ERROR: Unknown command line option '%c'\n", option); exit(1); @@ -426,6 +430,7 @@ #endif fprintf(stderr, "\t-g\t\t\tfirst query parameter is base DN extension\n\t\t\t\tfor this query\n"); fprintf(stderr, "\t-S\t\t\tStrip NT domain from usernames\n"); + fprintf(stderr, "\t-K\t\t\tStrip Kerberos realm from usernames\n"); fprintf(stderr, "\n"); fprintf(stderr, "\tIf you need to bind as a user to perform searches then use the\n\t-D binddn -w bindpasswd or -D binddn -W secretfile options\n\n"); exit(1); @@ -471,6 +476,12 @@ if (u && u[1]) user = u + 1; } + if (strip_kerberos_realm) { + char *u = strchr(user, '@'); + if (u != NULL) { + *u = '\0'; + } + } if (use_extension_dn) { extension_dn = strtok(NULL, " \n"); if (!extension_dn) { @@ -785,7 +796,7 @@ } -int +int readSecret(char *filename) { char buf[BUFSIZ];