--------------------- PatchSet 11465 Date: 2008/02/19 20:14:49 Author: Guido Serassio Branch: SQUID_3_0 Tag: (none) Log: Author: Klaubert Herr Patch to strip kerberos realm from username This patch add a new option to squid_ldap_group to strip kerberos realm from username received from squid. This is useful when you make kerberos authentication on squid, and try to authorize the user using ldap in MS Active Directory, quering for sAMAccountName. Members: helpers/external_acl/ldap_group/squid_ldap_group.8:1.10->1.10.4.1 helpers/external_acl/ldap_group/squid_ldap_group.c:1.26.2.1->1.26.2.2 Index: squid3/helpers/external_acl/ldap_group/squid_ldap_group.8 =================================================================== RCS file: /cvsroot/squid/squid3/helpers/external_acl/ldap_group/squid_ldap_group.8,v retrieving revision 1.10 retrieving revision 1.10.4.1 diff -u -r1.10 -r1.10.4.1 --- squid3/helpers/external_acl/ldap_group/squid_ldap_group.8 22 Mar 2005 23:12:30 -0000 1.10 +++ squid3/helpers/external_acl/ldap_group/squid_ldap_group.8 19 Feb 2008 20:14:49 -0000 1.10.4.1 @@ -152,6 +152,10 @@ Strip NT domain name component from user names (/ or \\ separated) . .TP +.BI -K +Strip Kerberos Realm component from user names (@ separated) +. +.TP .BI -d Debug mode where each step taken will get reported in detail. Useful for understanding what goes wrong if the results is Index: squid3/helpers/external_acl/ldap_group/squid_ldap_group.c =================================================================== RCS file: /cvsroot/squid/squid3/helpers/external_acl/ldap_group/squid_ldap_group.c,v retrieving revision 1.26.2.1 retrieving revision 1.26.2.2 diff -u -r1.26.2.1 -r1.26.2.2 --- squid3/helpers/external_acl/ldap_group/squid_ldap_group.c 19 Feb 2008 20:07:50 -0000 1.26.2.1 +++ squid3/helpers/external_acl/ldap_group/squid_ldap_group.c 19 Feb 2008 20:14:49 -0000 1.26.2.2 @@ -217,6 +217,7 @@ int port = LDAP_PORT; int use_extension_dn = 0; int strip_nt_domain = 0; + int strip_kerberos_realm = 0; int err = 0; setbuf(stdout, NULL); @@ -372,6 +373,9 @@ case 'S': strip_nt_domain = 1; break; + case 'K': + strip_kerberos_realm = 1; + break; default: fprintf(stderr, PROGRAM_NAME " ERROR: Unknown command line option '%c'\n", option); exit(1); @@ -426,6 +430,7 @@ #endif fprintf(stderr, "\t-g\t\t\tfirst query parameter is base DN extension\n\t\t\t\tfor this query\n"); fprintf(stderr, "\t-S\t\t\tStrip NT domain from usernames\n"); + fprintf(stderr, "\t-K\t\t\tStrip Kerberos realm from usernames\n"); fprintf(stderr, "\n"); fprintf(stderr, "\tIf you need to bind as a user to perform searches then use the\n\t-D binddn -w bindpasswd or -D binddn -W secretfile options\n\n"); exit(1); @@ -471,6 +476,12 @@ if (u && u[1]) user = u + 1; } + if (strip_kerberos_realm) { + char *u = strchr(user, '@'); + if (u != NULL) { + *u = '\0'; + } + } if (use_extension_dn) { extension_dn = strtok(NULL, " \n"); if (!extension_dn) { @@ -785,7 +796,7 @@ } -int +int readSecret(const char *filename) { char buf[BUFSIZ];