1
0
mirror of https://github.com/Yubico/yubico-pam.git synced 2024-12-01 15:24:12 +01:00

Merge branch 'pr-224'

This commit is contained in:
Klas Lindfors 2021-04-22 11:55:59 +02:00
commit 9836acc3c2
No known key found for this signature in database
GPG Key ID: BCA00FD4B2168C0A

View File

@ -124,6 +124,7 @@ struct cfg
const char *urllist; const char *urllist;
const char *ldapserver; const char *ldapserver;
const char *ldap_uri; const char *ldap_uri;
int ldap_connection_timeout;
const char *ldap_bind_user; const char *ldap_bind_user;
const char *ldap_bind_password; const char *ldap_bind_password;
const char *ldap_filter; const char *ldap_filter;
@ -322,6 +323,13 @@ authorize_user_token_ldap (struct cfg *cfg,
ldap_set_option(ld, LDAP_OPT_REFERRALS, LDAP_OPT_OFF); ldap_set_option(ld, LDAP_OPT_REFERRALS, LDAP_OPT_OFF);
ldap_set_option (ld, LDAP_OPT_PROTOCOL_VERSION, &protocol); ldap_set_option (ld, LDAP_OPT_PROTOCOL_VERSION, &protocol);
if(cfg->ldap_connection_timeout > 0) {
struct timeval network_timeout;
network_timeout.tv_usec = 0;
network_timeout.tv_sec = cfg->ldap_connection_timeout;
ldap_set_option(ld, LDAP_OPT_NETWORK_TIMEOUT, &network_timeout);
}
if (cfg->ldap_uri && cfg->ldap_cacertfile) { if (cfg->ldap_uri && cfg->ldap_cacertfile) {
/* Set CA CERTFILE. This makes ldaps work when using ldap_uri */ /* Set CA CERTFILE. This makes ldaps work when using ldap_uri */
ldap_set_option (0, LDAP_OPT_X_TLS_CACERTFILE, cfg->ldap_cacertfile); ldap_set_option (0, LDAP_OPT_X_TLS_CACERTFILE, cfg->ldap_cacertfile);
@ -863,6 +871,8 @@ parse_cfg (int flags, int argc, const char **argv, struct cfg *cfg)
cfg->ldapserver = argv[i] + 11; cfg->ldapserver = argv[i] + 11;
if (strncmp (argv[i], "ldap_uri=", 9) == 0) if (strncmp (argv[i], "ldap_uri=", 9) == 0)
cfg->ldap_uri = argv[i] + 9; cfg->ldap_uri = argv[i] + 9;
if (strncmp (argv[i], "ldap_connection_timeout=", 24) == 0)
sscanf (argv[i], "ldap_connection_timeout=%u", &cfg->ldap_connection_timeout);
if (strncmp (argv[i], "ldap_bind_user=", 15) == 0) if (strncmp (argv[i], "ldap_bind_user=", 15) == 0)
cfg->ldap_bind_user = argv[i] + 15; cfg->ldap_bind_user = argv[i] + 15;
if (strncmp (argv[i], "ldap_bind_password=", 19) == 0) if (strncmp (argv[i], "ldap_bind_password=", 19) == 0)
@ -949,6 +959,7 @@ parse_cfg (int flags, int argc, const char **argv, struct cfg *cfg)
DBG ("authfile=%s", cfg->auth_file ? cfg->auth_file : "(null)"); DBG ("authfile=%s", cfg->auth_file ? cfg->auth_file : "(null)");
DBG ("ldapserver=%s", cfg->ldapserver ? cfg->ldapserver : "(null)"); DBG ("ldapserver=%s", cfg->ldapserver ? cfg->ldapserver : "(null)");
DBG ("ldap_uri=%s", cfg->ldap_uri ? cfg->ldap_uri : "(null)"); DBG ("ldap_uri=%s", cfg->ldap_uri ? cfg->ldap_uri : "(null)");
DBG ("ldap_connection_timeout=%d", cfg->ldap_connection_timeout);
DBG ("ldap_bind_user=%s", cfg->ldap_bind_user ? cfg->ldap_bind_user : "(null)"); DBG ("ldap_bind_user=%s", cfg->ldap_bind_user ? cfg->ldap_bind_user : "(null)");
DBG ("ldap_bind_password=%s", cfg->ldap_bind_password ? cfg->ldap_bind_password : "(null)"); DBG ("ldap_bind_password=%s", cfg->ldap_bind_password ? cfg->ldap_bind_password : "(null)");
DBG ("ldap_filter=%s", cfg->ldap_filter ? cfg->ldap_filter : "(null)"); DBG ("ldap_filter=%s", cfg->ldap_filter ? cfg->ldap_filter : "(null)");