• file
• latest
• revisions
• annotate
• diff
• comparison
• raw

src/server/daemon/ldap_auth.c@49bb6c8ceb2b (annotated)

src/server/daemon/ldap_auth.c

Tue, 09 Jul 2013 20:56:01 +0200

author

Olaf Wintermann <olaf.wintermann@gmail.com>

date

Tue, 09 Jul 2013 20:56:01 +0200

changeset 86

49bb6c8ceb2b

parent 66

74babc0082b7

child 87

bdec069d2239

permissions

-rw-r--r--

replaced usage of deprecated openldap functions

38 d07810b02147 added ldap authentication Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	1	/*
d07810b02147 added ldap authentication Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	2	* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
d07810b02147 added ldap authentication Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	3	*
44 3da1f7b6847f added some error messages Olaf Wintermann <olaf.wintermann@gmail.com> parents: 38 diff changeset	4	* Copyright 2013 Olaf Wintermann. All rights reserved.
38 d07810b02147 added ldap authentication Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	5	*
d07810b02147 added ldap authentication Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	6	* Redistribution and use in source and binary forms, with or without
d07810b02147 added ldap authentication Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	7	* modification, are permitted provided that the following conditions are met:
d07810b02147 added ldap authentication Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	8	*
d07810b02147 added ldap authentication Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	9	* 1. Redistributions of source code must retain the above copyright
d07810b02147 added ldap authentication Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	10	* notice, this list of conditions and the following disclaimer.
d07810b02147 added ldap authentication Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	11	*
d07810b02147 added ldap authentication Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	12	* 2. Redistributions in binary form must reproduce the above copyright
d07810b02147 added ldap authentication Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	13	* notice, this list of conditions and the following disclaimer in the
d07810b02147 added ldap authentication Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	14	* documentation and/or other materials provided with the distribution.
d07810b02147 added ldap authentication Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	15	*
d07810b02147 added ldap authentication Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	16	* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
d07810b02147 added ldap authentication Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	17	* AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
d07810b02147 added ldap authentication Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	18	* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
d07810b02147 added ldap authentication Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	19	* ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE
d07810b02147 added ldap authentication Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	20	* LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
d07810b02147 added ldap authentication Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	21	* CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
d07810b02147 added ldap authentication Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	22	* SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
d07810b02147 added ldap authentication Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	23	* INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
d07810b02147 added ldap authentication Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	24	* CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
d07810b02147 added ldap authentication Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	25	* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
d07810b02147 added ldap authentication Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	26	* POSSIBILITY OF SUCH DAMAGE.
d07810b02147 added ldap authentication Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	27	*/
d07810b02147 added ldap authentication Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	28
86 49bb6c8ceb2b replaced usage of deprecated openldap functions Olaf Wintermann <olaf.wintermann@gmail.com> parents: 66 diff changeset	29	#ifdef __gnu_linux__
49bb6c8ceb2b replaced usage of deprecated openldap functions Olaf Wintermann <olaf.wintermann@gmail.com> parents: 66 diff changeset	30	#define _GNU_SOURCE
49bb6c8ceb2b replaced usage of deprecated openldap functions Olaf Wintermann <olaf.wintermann@gmail.com> parents: 66 diff changeset	31	#endif
49bb6c8ceb2b replaced usage of deprecated openldap functions Olaf Wintermann <olaf.wintermann@gmail.com> parents: 66 diff changeset	32
38 d07810b02147 added ldap authentication Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	33	#include <stdio.h>
d07810b02147 added ldap authentication Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	34	#include <stdlib.h>
d07810b02147 added ldap authentication Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	35	#include <string.h>
d07810b02147 added ldap authentication Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	36
d07810b02147 added ldap authentication Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	37	#include "ldap_auth.h"
d07810b02147 added ldap authentication Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	38
d07810b02147 added ldap authentication Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	39	AuthDB* create_ldap_authdb(char *name, LDAPConfig *conf) {
86 49bb6c8ceb2b replaced usage of deprecated openldap functions Olaf Wintermann <olaf.wintermann@gmail.com> parents: 66 diff changeset	40	LDAPAuthDB *authdb = malloc(sizeof(LDAPAuthDB));
38 d07810b02147 added ldap authentication Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	41	authdb->authdb.name = strdup(name);
d07810b02147 added ldap authentication Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	42	authdb->authdb.get_user = ldap_get_user;
66 74babc0082b7 added authentication cache Olaf Wintermann <olaf.wintermann@gmail.com> parents: 63 diff changeset	43	authdb->authdb.use_cache = 1;
38 d07810b02147 added ldap authentication Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	44	authdb->config = *conf;
d07810b02147 added ldap authentication Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	45
d07810b02147 added ldap authentication Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	46	if (!authdb->config.usersearch) {
d07810b02147 added ldap authentication Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	47	authdb->config.usersearch = "uid";
d07810b02147 added ldap authentication Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	48	}
d07810b02147 added ldap authentication Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	49	if (!authdb->config.groupsearch) {
d07810b02147 added ldap authentication Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	50	authdb->config.groupsearch = "uniquemember";
d07810b02147 added ldap authentication Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	51	}
d07810b02147 added ldap authentication Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	52
d07810b02147 added ldap authentication Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	53	return (AuthDB*) authdb;
d07810b02147 added ldap authentication Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	54	}
d07810b02147 added ldap authentication Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	55
d07810b02147 added ldap authentication Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	56	User* ldap_get_user(AuthDB *db, char *username) {
d07810b02147 added ldap authentication Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	57	LDAPAuthDB *authdb = (LDAPAuthDB*) db;
d07810b02147 added ldap authentication Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	58	LDAPConfig *config = &authdb->config;
d07810b02147 added ldap authentication Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	59
86 49bb6c8ceb2b replaced usage of deprecated openldap functions Olaf Wintermann <olaf.wintermann@gmail.com> parents: 66 diff changeset	60	LDAP *ld = NULL;
49bb6c8ceb2b replaced usage of deprecated openldap functions Olaf Wintermann <olaf.wintermann@gmail.com> parents: 66 diff changeset	61	#ifdef LINUX
49bb6c8ceb2b replaced usage of deprecated openldap functions Olaf Wintermann <olaf.wintermann@gmail.com> parents: 66 diff changeset	62	char *ldap_uri = NULL;
49bb6c8ceb2b replaced usage of deprecated openldap functions Olaf Wintermann <olaf.wintermann@gmail.com> parents: 66 diff changeset	63	asprintf(&ldap_uri, "ldap://%s:%d", config->hostname, config->port);
49bb6c8ceb2b replaced usage of deprecated openldap functions Olaf Wintermann <olaf.wintermann@gmail.com> parents: 66 diff changeset	64	if(ldap_initialize(&ld, ldap_uri)) {
49bb6c8ceb2b replaced usage of deprecated openldap functions Olaf Wintermann <olaf.wintermann@gmail.com> parents: 66 diff changeset	65	fprintf(stderr, "ldap_initialize failed\n");
49bb6c8ceb2b replaced usage of deprecated openldap functions Olaf Wintermann <olaf.wintermann@gmail.com> parents: 66 diff changeset	66	}
49bb6c8ceb2b replaced usage of deprecated openldap functions Olaf Wintermann <olaf.wintermann@gmail.com> parents: 66 diff changeset	67	#else
49bb6c8ceb2b replaced usage of deprecated openldap functions Olaf Wintermann <olaf.wintermann@gmail.com> parents: 66 diff changeset	68	ld = ldap_init(config->hostname, config->port);
49bb6c8ceb2b replaced usage of deprecated openldap functions Olaf Wintermann <olaf.wintermann@gmail.com> parents: 66 diff changeset	69	#endif
38 d07810b02147 added ldap authentication Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	70	if (ld == NULL) {
d07810b02147 added ldap authentication Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	71	fprintf(stderr, "ldap_init failed\n");
d07810b02147 added ldap authentication Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	72	return NULL;
d07810b02147 added ldap authentication Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	73	}
86 49bb6c8ceb2b replaced usage of deprecated openldap functions Olaf Wintermann <olaf.wintermann@gmail.com> parents: 66 diff changeset	74
49bb6c8ceb2b replaced usage of deprecated openldap functions Olaf Wintermann <olaf.wintermann@gmail.com> parents: 66 diff changeset	75	int ldapv = LDAP_VERSION3;
49 1fd94945796e some fixes Olaf Wintermann <olaf.wintermann@gmail.com> parents: 48 diff changeset	76	ldap_set_option(ld, LDAP_OPT_PROTOCOL_VERSION, &ldapv);
38 d07810b02147 added ldap authentication Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	77
86 49bb6c8ceb2b replaced usage of deprecated openldap functions Olaf Wintermann <olaf.wintermann@gmail.com> parents: 66 diff changeset	78	//int r = ldap_simple_bind_s(ld, config->binddn, config->bindpw);
49bb6c8ceb2b replaced usage of deprecated openldap functions Olaf Wintermann <olaf.wintermann@gmail.com> parents: 66 diff changeset	79	struct berval cred;
49bb6c8ceb2b replaced usage of deprecated openldap functions Olaf Wintermann <olaf.wintermann@gmail.com> parents: 66 diff changeset	80	cred.bv_val = config->bindpw;
49bb6c8ceb2b replaced usage of deprecated openldap functions Olaf Wintermann <olaf.wintermann@gmail.com> parents: 66 diff changeset	81	cred.bv_len = strlen(config->bindpw);
49bb6c8ceb2b replaced usage of deprecated openldap functions Olaf Wintermann <olaf.wintermann@gmail.com> parents: 66 diff changeset	82	struct berval *server_cred;
49bb6c8ceb2b replaced usage of deprecated openldap functions Olaf Wintermann <olaf.wintermann@gmail.com> parents: 66 diff changeset	83	int r = ldap_sasl_bind_s(
49bb6c8ceb2b replaced usage of deprecated openldap functions Olaf Wintermann <olaf.wintermann@gmail.com> parents: 66 diff changeset	84	ld,
49bb6c8ceb2b replaced usage of deprecated openldap functions Olaf Wintermann <olaf.wintermann@gmail.com> parents: 66 diff changeset	85	config->binddn,
49bb6c8ceb2b replaced usage of deprecated openldap functions Olaf Wintermann <olaf.wintermann@gmail.com> parents: 66 diff changeset	86	LDAP_SASL_SIMPLE,
49bb6c8ceb2b replaced usage of deprecated openldap functions Olaf Wintermann <olaf.wintermann@gmail.com> parents: 66 diff changeset	87	&cred,
49bb6c8ceb2b replaced usage of deprecated openldap functions Olaf Wintermann <olaf.wintermann@gmail.com> parents: 66 diff changeset	88	NULL,
49bb6c8ceb2b replaced usage of deprecated openldap functions Olaf Wintermann <olaf.wintermann@gmail.com> parents: 66 diff changeset	89	NULL,
49bb6c8ceb2b replaced usage of deprecated openldap functions Olaf Wintermann <olaf.wintermann@gmail.com> parents: 66 diff changeset	90	&server_cred);
38 d07810b02147 added ldap authentication Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	91	if (r != LDAP_SUCCESS) {
86 49bb6c8ceb2b replaced usage of deprecated openldap functions Olaf Wintermann <olaf.wintermann@gmail.com> parents: 66 diff changeset	92	//ldap_unbind(ld);
49bb6c8ceb2b replaced usage of deprecated openldap functions Olaf Wintermann <olaf.wintermann@gmail.com> parents: 66 diff changeset	93	ldap_unbind_ext_s(ld, NULL, NULL);
38 d07810b02147 added ldap authentication Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	94	fprintf(stderr, "ldap_simple_bind_s failed: %s\n", ldap_err2string(r));
d07810b02147 added ldap authentication Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	95	return NULL;
d07810b02147 added ldap authentication Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	96	}
d07810b02147 added ldap authentication Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	97
d07810b02147 added ldap authentication Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	98	// get the user dn
d07810b02147 added ldap authentication Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	99
d07810b02147 added ldap authentication Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	100	// TODO: use config for filter
d07810b02147 added ldap authentication Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	101	char filter[128];
d07810b02147 added ldap authentication Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	102	int s = snprintf(filter, 127, "uid=%s", username);
d07810b02147 added ldap authentication Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	103	filter[s] = 0;
d07810b02147 added ldap authentication Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	104
d07810b02147 added ldap authentication Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	105	LDAPMessage *result;
86 49bb6c8ceb2b replaced usage of deprecated openldap functions Olaf Wintermann <olaf.wintermann@gmail.com> parents: 66 diff changeset	106	struct timeval timeout;
49bb6c8ceb2b replaced usage of deprecated openldap functions Olaf Wintermann <olaf.wintermann@gmail.com> parents: 66 diff changeset	107	timeout.tv_sec = 8;
49bb6c8ceb2b replaced usage of deprecated openldap functions Olaf Wintermann <olaf.wintermann@gmail.com> parents: 66 diff changeset	108	timeout.tv_usec = 0;
49bb6c8ceb2b replaced usage of deprecated openldap functions Olaf Wintermann <olaf.wintermann@gmail.com> parents: 66 diff changeset	109	r = ldap_search_ext_s(
38 d07810b02147 added ldap authentication Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	110	ld,
d07810b02147 added ldap authentication Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	111	config->basedn,
d07810b02147 added ldap authentication Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	112	LDAP_SCOPE_SUBTREE,
d07810b02147 added ldap authentication Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	113	filter,
d07810b02147 added ldap authentication Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	114	NULL,
d07810b02147 added ldap authentication Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	115	0,
86 49bb6c8ceb2b replaced usage of deprecated openldap functions Olaf Wintermann <olaf.wintermann@gmail.com> parents: 66 diff changeset	116	NULL, // server controls
49bb6c8ceb2b replaced usage of deprecated openldap functions Olaf Wintermann <olaf.wintermann@gmail.com> parents: 66 diff changeset	117	NULL, // client controls
49bb6c8ceb2b replaced usage of deprecated openldap functions Olaf Wintermann <olaf.wintermann@gmail.com> parents: 66 diff changeset	118	&timeout,
49bb6c8ceb2b replaced usage of deprecated openldap functions Olaf Wintermann <olaf.wintermann@gmail.com> parents: 66 diff changeset	119	1, // size limit
38 d07810b02147 added ldap authentication Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	120	&result);
d07810b02147 added ldap authentication Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	121	if (r != LDAP_SUCCESS) {
86 49bb6c8ceb2b replaced usage of deprecated openldap functions Olaf Wintermann <olaf.wintermann@gmail.com> parents: 66 diff changeset	122	//ldap_unbind(ld);
49bb6c8ceb2b replaced usage of deprecated openldap functions Olaf Wintermann <olaf.wintermann@gmail.com> parents: 66 diff changeset	123	ldap_unbind_ext_s(ld, NULL, NULL);
49bb6c8ceb2b replaced usage of deprecated openldap functions Olaf Wintermann <olaf.wintermann@gmail.com> parents: 66 diff changeset	124	fprintf(stderr, "ldap_search_ext_s failed\n");
38 d07810b02147 added ldap authentication Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	125	return NULL;
d07810b02147 added ldap authentication Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	126	}
d07810b02147 added ldap authentication Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	127
d07810b02147 added ldap authentication Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	128	LDAPMessage *msg = ldap_first_entry(ld, result);
d07810b02147 added ldap authentication Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	129	if (msg) {
63 66442f81f823 supports file system ACLs on Solaris Olaf Wintermann <olaf.wintermann@gmail.com> parents: 49 diff changeset	130	LDAPUser *user = malloc(sizeof(LDAPUser));
38 d07810b02147 added ldap authentication Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	131	if (user != NULL) {
d07810b02147 added ldap authentication Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	132	user->user.verify_password = ldap_user_verify_password;
d07810b02147 added ldap authentication Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	133	user->user.check_group = ldap_user_check_group;
d07810b02147 added ldap authentication Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	134	user->user.free = ldap_user_free;
d07810b02147 added ldap authentication Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	135	user->user.name = username; // must not be freed
63 66442f81f823 supports file system ACLs on Solaris Olaf Wintermann <olaf.wintermann@gmail.com> parents: 49 diff changeset	136
66442f81f823 supports file system ACLs on Solaris Olaf Wintermann <olaf.wintermann@gmail.com> parents: 49 diff changeset	137	// TODO: get uid/gid from ldap
66442f81f823 supports file system ACLs on Solaris Olaf Wintermann <olaf.wintermann@gmail.com> parents: 49 diff changeset	138	user->user.uid = -1;
66442f81f823 supports file system ACLs on Solaris Olaf Wintermann <olaf.wintermann@gmail.com> parents: 49 diff changeset	139	user->user.gid = -1;
38 d07810b02147 added ldap authentication Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	140
d07810b02147 added ldap authentication Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	141	user->ldap = ld;
d07810b02147 added ldap authentication Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	142	user->userdn = ldap_get_dn(ld, msg);
d07810b02147 added ldap authentication Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	143
d07810b02147 added ldap authentication Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	144	ldap_msgfree(result);
d07810b02147 added ldap authentication Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	145
d07810b02147 added ldap authentication Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	146	return (User*)user;
d07810b02147 added ldap authentication Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	147	}
d07810b02147 added ldap authentication Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	148	}
d07810b02147 added ldap authentication Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	149
86 49bb6c8ceb2b replaced usage of deprecated openldap functions Olaf Wintermann <olaf.wintermann@gmail.com> parents: 66 diff changeset	150	ldap_unbind_ext_s(ld, NULL, NULL);
38 d07810b02147 added ldap authentication Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	151	return NULL;
d07810b02147 added ldap authentication Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	152	}
d07810b02147 added ldap authentication Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	153
d07810b02147 added ldap authentication Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	154	int ldap_user_verify_password(User *u, char *password) {
d07810b02147 added ldap authentication Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	155	LDAPUser *user = (LDAPUser*)u;
d07810b02147 added ldap authentication Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	156
86 49bb6c8ceb2b replaced usage of deprecated openldap functions Olaf Wintermann <olaf.wintermann@gmail.com> parents: 66 diff changeset	157	//int r = ldap_simple_bind_s(user->ldap, user->userdn, password);
49bb6c8ceb2b replaced usage of deprecated openldap functions Olaf Wintermann <olaf.wintermann@gmail.com> parents: 66 diff changeset	158	struct berval cred;
49bb6c8ceb2b replaced usage of deprecated openldap functions Olaf Wintermann <olaf.wintermann@gmail.com> parents: 66 diff changeset	159	cred.bv_val = password;
49bb6c8ceb2b replaced usage of deprecated openldap functions Olaf Wintermann <olaf.wintermann@gmail.com> parents: 66 diff changeset	160	cred.bv_len = strlen(password);
49bb6c8ceb2b replaced usage of deprecated openldap functions Olaf Wintermann <olaf.wintermann@gmail.com> parents: 66 diff changeset	161	struct berval *server_cred;
49bb6c8ceb2b replaced usage of deprecated openldap functions Olaf Wintermann <olaf.wintermann@gmail.com> parents: 66 diff changeset	162	int r = ldap_sasl_bind_s(
49bb6c8ceb2b replaced usage of deprecated openldap functions Olaf Wintermann <olaf.wintermann@gmail.com> parents: 66 diff changeset	163	user->ldap,
49bb6c8ceb2b replaced usage of deprecated openldap functions Olaf Wintermann <olaf.wintermann@gmail.com> parents: 66 diff changeset	164	user->userdn,
49bb6c8ceb2b replaced usage of deprecated openldap functions Olaf Wintermann <olaf.wintermann@gmail.com> parents: 66 diff changeset	165	LDAP_SASL_SIMPLE,
49bb6c8ceb2b replaced usage of deprecated openldap functions Olaf Wintermann <olaf.wintermann@gmail.com> parents: 66 diff changeset	166	&cred,
49bb6c8ceb2b replaced usage of deprecated openldap functions Olaf Wintermann <olaf.wintermann@gmail.com> parents: 66 diff changeset	167	NULL,
49bb6c8ceb2b replaced usage of deprecated openldap functions Olaf Wintermann <olaf.wintermann@gmail.com> parents: 66 diff changeset	168	NULL,
49bb6c8ceb2b replaced usage of deprecated openldap functions Olaf Wintermann <olaf.wintermann@gmail.com> parents: 66 diff changeset	169	&server_cred);
38 d07810b02147 added ldap authentication Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	170	if(r == LDAP_SUCCESS) {
d07810b02147 added ldap authentication Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	171	printf("ldap password ok\n");
d07810b02147 added ldap authentication Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	172	return 1;
d07810b02147 added ldap authentication Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	173	} else {
d07810b02147 added ldap authentication Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	174	printf("ldap password not ok\n");
d07810b02147 added ldap authentication Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	175	return 0;
d07810b02147 added ldap authentication Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	176	}
d07810b02147 added ldap authentication Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	177	}
d07810b02147 added ldap authentication Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	178
d07810b02147 added ldap authentication Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	179	int ldap_user_check_group(User *user, char *group) {
d07810b02147 added ldap authentication Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	180	// TODO
d07810b02147 added ldap authentication Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	181	return 0;
d07810b02147 added ldap authentication Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	182	}
d07810b02147 added ldap authentication Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	183
d07810b02147 added ldap authentication Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	184	void ldap_user_free(User *u) {
48 37a512d7b8f6 fixed some memory leaks Olaf Wintermann <olaf.wintermann@gmail.com> parents: 44 diff changeset	185	LDAPUser *user = (LDAPUser*)u;
38 d07810b02147 added ldap authentication Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	186	ldap_memfree(user->userdn);
d07810b02147 added ldap authentication Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	187	// TODO: use connection pool
86 49bb6c8ceb2b replaced usage of deprecated openldap functions Olaf Wintermann <olaf.wintermann@gmail.com> parents: 66 diff changeset	188	//ldap_unbind(user->ldap);
49bb6c8ceb2b replaced usage of deprecated openldap functions Olaf Wintermann <olaf.wintermann@gmail.com> parents: 66 diff changeset	189	ldap_unbind_ext_s(user->ldap, NULL, NULL);
38 d07810b02147 added ldap authentication Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	190	free(user);
d07810b02147 added ldap authentication Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	191	}