Build using gcc 5.3

Mk/autoconf.mk.in

@@ -2,7 +2,7 @@ SHELL			= @SHELL@
 
 CC			= @CC@
 
-CFLAGS			= @CFLAGS@ @DEFS@ -Wall -Werror
+CFLAGS			= @CFLAGS@ @DEFS@ -Wall
 OBJCFLAGS		= @OBJCFLAGS@ ${OBJC_RUNTIME_FLAGS} -fno-strict-aliasing ${CFLAGS}
 OBJC_LIBS		= @OBJC_LIBS@
 OBJC_RUNTIME            = @OBJC_RUNTIME@

aclocal.m4

@@ -398,3 +398,28 @@ AC_DEFUN([TR_PF_IOCTL],[
 		AC_DEFINE([PF_DEV_PATH], ["/dev/pf"], [Path to the pf(4) device.])
 	fi
 ])
+
+#------------------------------------------------------------------------
+# TR_WERROR --
+#
+#	Enable -Werror
+#
+# Arguments:
+#	None.
+#
+# Requires:
+#	none
+#
+# Depends:
+#	none
+#
+# Results:
+#	Modifies CFLAGS variable.
+#------------------------------------------------------------------------
+AC_DEFUN([TR_WERROR],[
+	AC_REQUIRE([AC_PROG_CC])
+	AC_ARG_ENABLE(werror, AC_HELP_STRING([--enable-werror], [Add -Werror to CFLAGS. Used for development.]), [enable_werror=${enableval}], [enable_werror=no])
+	if test x"$enable_werror" != "xno"; then
+		CFLAGS="$CFLAGS -Werror"
+	fi
+])

auth-ldap.conf

@@ -2,12 +2,21 @@
 	# LDAP server URL
 	URL		ldap://ldap1.example.org
 
+	# Bind DN (If your LDAP server doesn't support anonymous binds)
+	# BindDN		uid=Manager,ou=People,dc=example,dc=com
+
+	# Bind Password
+	# Password	SecretPassword
+
 	# Network timeout (in seconds)
 	Timeout		15
 
 	# Enable Start TLS
 	TLSEnable	yes
 
+	# Follow LDAP Referrals (anonymously)
+	FollowReferrals yes
+
 	# TLS CA Certificate File
 	TLSCACertFile	/usr/local/etc/ssl/ca.pem
 

configure.ac

@@ -5,9 +5,13 @@ AC_CONFIG_HEADERS(config.h)
 
 AC_CANONICAL_SYSTEM
 
-# Programs
+# Compiler
 AC_PROG_CC
 AC_PROG_OBJC
+TR_WERROR
+AC_CACHE_SAVE
+
+# Programs
 AC_PROG_INSTALL
 AC_PROG_LN_S
 AC_PROG_MAKE_SET

src/LFAuthLDAPConfig.h

@@ -41,19 +41,23 @@
 	/* LDAP Settings */
 	LFString *_url;
 	BOOL _tlsEnabled;
+	BOOL _referralEnabled;
 	int _timeout;
 	LFString *_tlsCACertFile;
 	LFString *_tlsCACertDir;
 	LFString *_tlsCertFile;
 	LFString *_tlsKeyFile;
 	LFString *_tlsCipherSuite;
+	LFString *_bindDN;
+	LFString *_bindPassword;
 
 	/* Authentication / Authorization Settings */
 	LFString *_baseDN;
 	LFString *_searchFilter;
 	BOOL _requireGroup;
 	LFString *_pfTable;
 	TRArray *_ldapGroups;
+	BOOL _pfEnabled;
 
 	/* Parser State */
 	LFString *_configFileName;
@@ -94,18 +98,30 @@
 - (LFString *) tlsCipherSuite;
 - (void) setTLSCipherSuite: (LFString *) cipherSuite;
 
+- (LFString *) bindDN;
+- (void) setBindDN: (LFString *) bindDN;
+
+- (LFString *) bindPassword;
+- (void) setBindPassword: (LFString *) bindPassword;
+
 - (LFString *) baseDN;
 - (void) setBaseDN: (LFString *) baseDN;
 
 - (LFString *) searchFilter;
 - (void) setSearchFilter: (LFString *) searchFilter;
 
+- (BOOL) referralEnabled;
+- (void) setReferralEnabled: (BOOL) newReferralSetting;
+
 - (BOOL) requireGroup;
 - (void) setRequireGroup: (BOOL) requireGroup;
 
 - (LFString *) pfTable;
 - (void) setPFTable: (LFString *) tableName;
 
+- (BOOL) pfEnabled;
+- (void) setPFEnabled: (BOOL) newPFSetting;
+
 - (TRArray *) ldapGroups;
 
 @end

src/LFAuthLDAPConfig.m

@@ -66,6 +66,7 @@
 	LF_LDAP_TIMEOUT,		/* LDAP Server Timeout */
 	LF_LDAP_BINDDN,			/* Bind DN for LDAP Searches */
 	LF_LDAP_PASSWORD,		/* Associated Password */
+	LF_LDAP_REFERRAL,		/* Enable Referrals */
 	LF_LDAP_TLS,			/* Enable TLS */
 	LF_LDAP_TLS_CA_CERTFILE,	/* TLS CA Certificate File */
 	LF_LDAP_TLS_CA_CERTDIR,		/* TLS CA Certificate Dir */
@@ -124,6 +125,7 @@
 	{ "Timeout",		LF_LDAP_TIMEOUT,	NO,	NO },
 	{ "BindDN",		LF_LDAP_BINDDN,		NO,	NO },
 	{ "Password",		LF_LDAP_PASSWORD,	NO,	NO },
+	{ "FollowReferrals",	LF_LDAP_REFERRAL,	NO,	NO },
 	{ "TLSEnable",		LF_LDAP_TLS,		NO,	NO },
 	{ "TLSCACertFile",	LF_LDAP_TLS_CA_CERTFILE, NO,	NO },
 	{ "TLSCACertDir",	LF_LDAP_TLS_CA_CERTDIR,	NO,	NO },
@@ -273,6 +275,10 @@ @implementation LFAuthLDAPConfig
 - (void) dealloc {
 	if (_url)
 		[_url release];
+	if (_bindDN)
+		[_bindDN release];
+	if (_bindPassword)
+		[_bindPassword release];
 	if (_tlsCACertFile)
 		[_tlsCACertFile release];
 	if (_tlsCACertDir)
@@ -568,12 +574,23 @@ - (void) setKey: (TRConfigToken *) key value: (TRConfigToken *) value {
 			switch (opcodeEntry->opcode) {
 				int timeout;
 				BOOL enableTLS;
+				BOOL enableReferral;
 
 				/* LDAP URL */
 				case LF_LDAP_URL:
 					[self setURL: [value string]];
 					break;
 
+				/* LDAP Bind DN */
+				case LF_LDAP_BINDDN:
+					[self setBindDN: [value string]];
+					break;
+
+				/* LDAP Bind Password */
+				case LF_LDAP_PASSWORD:
+					[self setBindPassword: [value string]];
+					break;
+
 				/* LDAP Connection Timeout */
 				case LF_LDAP_TIMEOUT:
 					if (![value intValue: &timeout]) {
@@ -583,6 +600,15 @@ - (void) setKey: (TRConfigToken *) key value: (TRConfigToken *) value {
 					[self setTimeout: timeout];
 					break;
 
+				/* LDAP Referrals Enabled */
+				case LF_LDAP_REFERRAL:
+					if (![value boolValue: &enableReferral]) {
+						[self errorBoolValue: value];
+						return;
+					}
+					[self setReferralEnabled: enableReferral];
+					break;
+
 				/* LDAP TLS Enabled */
 				case LF_LDAP_TLS:
 					if (![value boolValue: &enableTLS]) {
@@ -612,7 +638,7 @@ - (void) setKey: (TRConfigToken *) key value: (TRConfigToken *) value {
 					[self setTLSKeyFile: [value string]];
 					break;
 
-				/* LDAP Key File */
+				/* TLS Cipher Suite */
 				case LF_LDAP_TLS_CIPHER_SUITE:
 					[self setTLSCipherSuite: [value string]];
 					break;
@@ -652,6 +678,7 @@ - (void) setKey: (TRConfigToken *) key value: (TRConfigToken *) value {
 
 				case LF_AUTH_PFTABLE:
 					[self setPFTable: [value string]];
+					[self setPFEnabled: YES];
 					break;
 
 				/* Unknown Setting */
@@ -688,6 +715,7 @@ - (void) setKey: (TRConfigToken *) key value: (TRConfigToken *) value {
 				case LF_AUTH_PFTABLE:
 					config = [self currentSectionContext];
 					[config setPFTable: [value string]];
+					[self setPFEnabled: YES];
 					break;
 
 				/* Unknown Setting */
@@ -773,6 +801,26 @@ - (LFString *) url {
 	return (_url);
 }
 
+- (LFString *) bindDN {
+	return (_bindDN);
+}
+
+- (void) setBindDN: (LFString *) bindDN {
+	if (_bindDN)
+		[_bindDN release];
+	_bindDN = [bindDN retain];
+}
+
+- (LFString *) bindPassword {
+	return (_bindPassword);
+}
+
+- (void) setBindPassword: (LFString *) bindPassword {
+	if (_bindPassword)
+		[_bindPassword release];
+	_bindPassword = [bindPassword retain];
+}
+
 - (void) setURL: (LFString *) newURL {
 	if (_url)
 		[_url release];
@@ -807,6 +855,14 @@ - (void) setSearchFilter: (LFString *) searchFilter {
 	_searchFilter = [searchFilter retain];
 }
 
+- (BOOL) referralEnabled {
+	return (_referralEnabled);
+}
+
+- (void) setReferralEnabled: (BOOL) newReferralSetting {
+	_referralEnabled = newReferralSetting;
+}
+
 - (int) timeout {
 	return (_timeout);
 }
@@ -875,6 +931,15 @@ - (LFString *) pfTable {
 	return (_pfTable);
 }
 
+
+- (BOOL) pfEnabled {
+	return (_pfEnabled);
+}
+
+- (void) setPFEnabled: (BOOL) newPFSetting {
+	_pfEnabled = newPFSetting;
+}
+
 - (TRArray *) ldapGroups {
 	return _ldapGroups;
 }

src/LFLDAPConnection.h

@@ -57,6 +57,7 @@
 		    attributes: (TRArray *) attributes;
 - (BOOL) compareDN: (LFString *) dn withAttribute: (LFString *) attribute value: (LFString *) value;
 
+- (BOOL) setReferralEnabled: (BOOL) enabled;
 - (BOOL) setTLSCACertFile: (LFString *) fileName;
 - (BOOL) setTLSCACertDir: (LFString *) directory;
 - (BOOL) setTLSClientCert: (LFString *) certFile keyFile: (LFString *) keyFile;