Mercurial > hg > webserver / annotate

src/server/daemon/ldap_auth.c@d938228c382e (annotated)

src/server/daemon/ldap_auth.c

Sun, 06 Nov 2022 15:53:32 +0100

author
Olaf Wintermann <olaf.wintermann@gmail.com>
date
Sun, 06 Nov 2022 15:53:32 +0100
changeset 415
d938228c382e
parent 256
19259b6c5cf7
child 467
4d038bc6f86e
permissions
-rw-r--r--

switch from ucx 2 to 3

38
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
1 /*
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
2 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
3 *
44
3da1f7b6847f added some error messages
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 38
diff changeset
4 * Copyright 2013 Olaf Wintermann. All rights reserved.
38
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
5 *
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
6 * Redistribution and use in source and binary forms, with or without
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
7 * modification, are permitted provided that the following conditions are met:
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
8 *
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
9 * 1. Redistributions of source code must retain the above copyright
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
10 * notice, this list of conditions and the following disclaimer.
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
11 *
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
12 * 2. Redistributions in binary form must reproduce the above copyright
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
13 * notice, this list of conditions and the following disclaimer in the
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
14 * documentation and/or other materials provided with the distribution.
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
15 *
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
16 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
17 * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
18 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
19 * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
20 * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
21 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
22 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
23 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
24 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
25 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
26 * POSSIBILITY OF SUCH DAMAGE.
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
27 */
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
28
86
49bb6c8ceb2b replaced usage of deprecated openldap functions
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 66
diff changeset
29 #ifdef __gnu_linux__
49bb6c8ceb2b replaced usage of deprecated openldap functions
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 66
diff changeset
30 #define _GNU_SOURCE
49bb6c8ceb2b replaced usage of deprecated openldap functions
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 66
diff changeset
31 #endif
49bb6c8ceb2b replaced usage of deprecated openldap functions
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 66
diff changeset
32
38
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
33 #include <stdio.h>
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
34 #include <stdlib.h>
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
35 #include <string.h>
111
c93be34fde76 fixed NetBSD build and an uninitialized struct member
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 109
diff changeset
36 #include <sys/time.h>
38
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
37
415
d938228c382e switch from ucx 2 to 3
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 256
diff changeset
38 #include <cx/utils.h>
d938228c382e switch from ucx 2 to 3
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 256
diff changeset
39 #include <cx/hash_map.h>
97
09fbefc0e6a9 added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 91
diff changeset
40
38
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
41 #include "ldap_auth.h"
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
42
89
5eecce5314d6 fixed solaris build
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 87
diff changeset
43 static void ws_ldap_close(LDAP *ldap) {
5eecce5314d6 fixed solaris build
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 87
diff changeset
44 #ifdef SOLARIS
5eecce5314d6 fixed solaris build
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 87
diff changeset
45 ldap_unbind(ldap);
5eecce5314d6 fixed solaris build
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 87
diff changeset
46 #else
91
fac51f87def0 ucx update
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 89
diff changeset
47 ldap_unbind_ext_s(ldap, NULL, NULL);
89
5eecce5314d6 fixed solaris build
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 87
diff changeset
48 #endif
5eecce5314d6 fixed solaris build
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 87
diff changeset
49 }
5eecce5314d6 fixed solaris build
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 87
diff changeset
50
256
19259b6c5cf7 replace old server config loader
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 111
diff changeset
51 AuthDB* create_ldap_authdb(ServerConfiguration *cfg, const char *name, LDAPConfig *conf) {
415
d938228c382e switch from ucx 2 to 3
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 256
diff changeset
52 LDAPAuthDB *authdb = cxMalloc(cfg->a, sizeof(LDAPAuthDB));
256
19259b6c5cf7 replace old server config loader
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 111
diff changeset
53 authdb->authdb.name = pool_strdup(cfg->pool, name);
38
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
54 authdb->authdb.get_user = ldap_get_user;
66
74babc0082b7 added authentication cache
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 63
diff changeset
55 authdb->authdb.use_cache = 1;
38
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
56 authdb->config = *conf;
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
57
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
58 if (!authdb->config.usersearch) {
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
59 authdb->config.usersearch = "uid";
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
60 }
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
61 if (!authdb->config.groupsearch) {
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
62 authdb->config.groupsearch = "uniquemember";
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
63 }
97
09fbefc0e6a9 added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 91
diff changeset
64
09fbefc0e6a9 added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 91
diff changeset
65 // initialize group cache
09fbefc0e6a9 added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 91
diff changeset
66 authdb->groups.first = NULL;
09fbefc0e6a9 added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 91
diff changeset
67 authdb->groups.last = NULL;
415
d938228c382e switch from ucx 2 to 3
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 256
diff changeset
68 authdb->groups.map = cxHashMapCreate(cfg->a, 32);
38
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
69
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
70 return (AuthDB*) authdb;
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
71 }
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
72
97
09fbefc0e6a9 added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 91
diff changeset
73 LDAP* get_ldap_session(LDAPAuthDB *authdb) {
38
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
74 LDAPConfig *config = &authdb->config;
86
49bb6c8ceb2b replaced usage of deprecated openldap functions
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 66
diff changeset
75 LDAP *ld = NULL;
109
8a0a7754f123 experimental BSD support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 101
diff changeset
76
8a0a7754f123 experimental BSD support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 101
diff changeset
77 #ifdef SOLARIS
8a0a7754f123 experimental BSD support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 101
diff changeset
78 ld = ldap_init(config->hostname, config->port);
8a0a7754f123 experimental BSD support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 101
diff changeset
79 #else
86
49bb6c8ceb2b replaced usage of deprecated openldap functions
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 66
diff changeset
80 char *ldap_uri = NULL;
49bb6c8ceb2b replaced usage of deprecated openldap functions
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 66
diff changeset
81 asprintf(&ldap_uri, "ldap://%s:%d", config->hostname, config->port);
87
bdec069d2239 fixed pathcheck behavior
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 86
diff changeset
82 int init_ret = ldap_initialize(&ld, ldap_uri);
bdec069d2239 fixed pathcheck behavior
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 86
diff changeset
83 free(ldap_uri);
bdec069d2239 fixed pathcheck behavior
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 86
diff changeset
84 if(init_ret) {
86
49bb6c8ceb2b replaced usage of deprecated openldap functions
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 66
diff changeset
85 fprintf(stderr, "ldap_initialize failed\n");
49bb6c8ceb2b replaced usage of deprecated openldap functions
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 66
diff changeset
86 }
49bb6c8ceb2b replaced usage of deprecated openldap functions
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 66
diff changeset
87 #endif
97
09fbefc0e6a9 added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 91
diff changeset
88 if(!ld) {
38
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
89 return NULL;
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
90 }
86
49bb6c8ceb2b replaced usage of deprecated openldap functions
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 66
diff changeset
91
49bb6c8ceb2b replaced usage of deprecated openldap functions
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 66
diff changeset
92 int ldapv = LDAP_VERSION3;
49
1fd94945796e some fixes
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 48
diff changeset
93 ldap_set_option(ld, LDAP_OPT_PROTOCOL_VERSION, &ldapv);
97
09fbefc0e6a9 added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 91
diff changeset
94
09fbefc0e6a9 added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 91
diff changeset
95 // admin bind
86
49bb6c8ceb2b replaced usage of deprecated openldap functions
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 66
diff changeset
96 struct berval cred;
49bb6c8ceb2b replaced usage of deprecated openldap functions
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 66
diff changeset
97 cred.bv_val = config->bindpw;
49bb6c8ceb2b replaced usage of deprecated openldap functions
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 66
diff changeset
98 cred.bv_len = strlen(config->bindpw);
49bb6c8ceb2b replaced usage of deprecated openldap functions
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 66
diff changeset
99 struct berval *server_cred;
49bb6c8ceb2b replaced usage of deprecated openldap functions
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 66
diff changeset
100 int r = ldap_sasl_bind_s(
49bb6c8ceb2b replaced usage of deprecated openldap functions
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 66
diff changeset
101 ld,
49bb6c8ceb2b replaced usage of deprecated openldap functions
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 66
diff changeset
102 config->binddn,
49bb6c8ceb2b replaced usage of deprecated openldap functions
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 66
diff changeset
103 LDAP_SASL_SIMPLE,
49bb6c8ceb2b replaced usage of deprecated openldap functions
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 66
diff changeset
104 &cred,
49bb6c8ceb2b replaced usage of deprecated openldap functions
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 66
diff changeset
105 NULL,
49bb6c8ceb2b replaced usage of deprecated openldap functions
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 66
diff changeset
106 NULL,
49bb6c8ceb2b replaced usage of deprecated openldap functions
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 66
diff changeset
107 &server_cred);
38
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
108 if (r != LDAP_SUCCESS) {
89
5eecce5314d6 fixed solaris build
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 87
diff changeset
109 ws_ldap_close(ld);
38
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
110 fprintf(stderr, "ldap_simple_bind_s failed: %s\n", ldap_err2string(r));
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
111 return NULL;
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
112 }
97
09fbefc0e6a9 added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 91
diff changeset
113
09fbefc0e6a9 added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 91
diff changeset
114 return ld;
09fbefc0e6a9 added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 91
diff changeset
115 }
09fbefc0e6a9 added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 91
diff changeset
116
415
d938228c382e switch from ucx 2 to 3
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 256
diff changeset
117 User* ldap_get_user(AuthDB *db, const char *username) {
97
09fbefc0e6a9 added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 91
diff changeset
118 LDAPAuthDB *authdb = (LDAPAuthDB*) db;
09fbefc0e6a9 added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 91
diff changeset
119 LDAPConfig *config = &authdb->config;
09fbefc0e6a9 added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 91
diff changeset
120
09fbefc0e6a9 added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 91
diff changeset
121 LDAP *ld = get_ldap_session(authdb);
09fbefc0e6a9 added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 91
diff changeset
122 if (ld == NULL) {
09fbefc0e6a9 added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 91
diff changeset
123 fprintf(stderr, "ldap_init failed\n");
09fbefc0e6a9 added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 91
diff changeset
124 return NULL;
09fbefc0e6a9 added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 91
diff changeset
125 }
38
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
126
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
127 // get the user dn
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
128 // TODO: use config for filter
97
09fbefc0e6a9 added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 91
diff changeset
129 // TODO: use asprintf
38
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
130 char filter[128];
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
131 int s = snprintf(filter, 127, "uid=%s", username);
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
132 filter[s] = 0;
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
133
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
134 LDAPMessage *result;
86
49bb6c8ceb2b replaced usage of deprecated openldap functions
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 66
diff changeset
135 struct timeval timeout;
49bb6c8ceb2b replaced usage of deprecated openldap functions
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 66
diff changeset
136 timeout.tv_sec = 8;
49bb6c8ceb2b replaced usage of deprecated openldap functions
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 66
diff changeset
137 timeout.tv_usec = 0;
97
09fbefc0e6a9 added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 91
diff changeset
138 int r = ldap_search_ext_s(
38
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
139 ld,
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
140 config->basedn,
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
141 LDAP_SCOPE_SUBTREE,
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
142 filter,
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
143 NULL,
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
144 0,
86
49bb6c8ceb2b replaced usage of deprecated openldap functions
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 66
diff changeset
145 NULL, // server controls
49bb6c8ceb2b replaced usage of deprecated openldap functions
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 66
diff changeset
146 NULL, // client controls
49bb6c8ceb2b replaced usage of deprecated openldap functions
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 66
diff changeset
147 &timeout,
49bb6c8ceb2b replaced usage of deprecated openldap functions
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 66
diff changeset
148 1, // size limit
38
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
149 &result);
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
150 if (r != LDAP_SUCCESS) {
89
5eecce5314d6 fixed solaris build
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 87
diff changeset
151 ws_ldap_close(ld);
5eecce5314d6 fixed solaris build
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 87
diff changeset
152
86
49bb6c8ceb2b replaced usage of deprecated openldap functions
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 66
diff changeset
153 fprintf(stderr, "ldap_search_ext_s failed\n");
38
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
154 return NULL;
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
155 }
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
156
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
157 LDAPMessage *msg = ldap_first_entry(ld, result);
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
158 if (msg) {
63
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 49
diff changeset
159 LDAPUser *user = malloc(sizeof(LDAPUser));
38
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
160 if (user != NULL) {
97
09fbefc0e6a9 added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 91
diff changeset
161 user->authdb = authdb;
38
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
162 user->user.verify_password = ldap_user_verify_password;
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
163 user->user.check_group = ldap_user_check_group;
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
164 user->user.free = ldap_user_free;
415
d938228c382e switch from ucx 2 to 3
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 256
diff changeset
165 user->user.name = (char*)username; // must not be freed TODO: maybe copy
63
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 49
diff changeset
166
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 49
diff changeset
167 // TODO: get uid/gid from ldap
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 49
diff changeset
168 user->user.uid = -1;
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 49
diff changeset
169 user->user.gid = -1;
38
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
170
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
171 user->ldap = ld;
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
172 user->userdn = ldap_get_dn(ld, msg);
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
173
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
174 ldap_msgfree(result);
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
175
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
176 return (User*)user;
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
177 }
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
178 }
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
179
89
5eecce5314d6 fixed solaris build
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 87
diff changeset
180 ws_ldap_close(ld);
38
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
181 return NULL;
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
182 }
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
183
415
d938228c382e switch from ucx 2 to 3
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 256
diff changeset
184 LDAPGroup* ldap_get_group(LDAPAuthDB *authdb, const char *group) {
97
09fbefc0e6a9 added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 91
diff changeset
185 printf("ldap_get_group: %s\n", group);
09fbefc0e6a9 added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 91
diff changeset
186
09fbefc0e6a9 added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 91
diff changeset
187 LDAPConfig *config = &authdb->config;
09fbefc0e6a9 added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 91
diff changeset
188
09fbefc0e6a9 added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 91
diff changeset
189 LDAP *ld = get_ldap_session(authdb);
09fbefc0e6a9 added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 91
diff changeset
190 if (ld == NULL) {
09fbefc0e6a9 added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 91
diff changeset
191 fprintf(stderr, "ldap_init failed\n");
09fbefc0e6a9 added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 91
diff changeset
192 return NULL;
09fbefc0e6a9 added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 91
diff changeset
193 }
09fbefc0e6a9 added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 91
diff changeset
194
09fbefc0e6a9 added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 91
diff changeset
195 // get the user dn
09fbefc0e6a9 added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 91
diff changeset
196 // TODO: use config for filter
09fbefc0e6a9 added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 91
diff changeset
197 // TODO: use asprintf
09fbefc0e6a9 added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 91
diff changeset
198 char filter[128];
09fbefc0e6a9 added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 91
diff changeset
199 int s = snprintf(filter, 127, "cn=%s", group);
09fbefc0e6a9 added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 91
diff changeset
200 filter[s] = 0;
09fbefc0e6a9 added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 91
diff changeset
201
09fbefc0e6a9 added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 91
diff changeset
202 LDAPMessage *result;
09fbefc0e6a9 added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 91
diff changeset
203 struct timeval timeout;
09fbefc0e6a9 added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 91
diff changeset
204 timeout.tv_sec = 8;
09fbefc0e6a9 added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 91
diff changeset
205 timeout.tv_usec = 0;
09fbefc0e6a9 added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 91
diff changeset
206 int r = ldap_search_ext_s(
09fbefc0e6a9 added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 91
diff changeset
207 ld,
09fbefc0e6a9 added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 91
diff changeset
208 config->basedn,
09fbefc0e6a9 added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 91
diff changeset
209 LDAP_SCOPE_SUBTREE,
09fbefc0e6a9 added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 91
diff changeset
210 filter,
09fbefc0e6a9 added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 91
diff changeset
211 NULL,
09fbefc0e6a9 added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 91
diff changeset
212 0,
09fbefc0e6a9 added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 91
diff changeset
213 NULL, // server controls
09fbefc0e6a9 added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 91
diff changeset
214 NULL, // client controls
09fbefc0e6a9 added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 91
diff changeset
215 &timeout,
09fbefc0e6a9 added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 91
diff changeset
216 1, // size limit
09fbefc0e6a9 added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 91
diff changeset
217 &result);
09fbefc0e6a9 added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 91
diff changeset
218 if (r != LDAP_SUCCESS) {
09fbefc0e6a9 added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 91
diff changeset
219 ws_ldap_close(ld);
09fbefc0e6a9 added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 91
diff changeset
220
09fbefc0e6a9 added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 91
diff changeset
221 fprintf(stderr, "ldap_search_ext_s failed\n");
09fbefc0e6a9 added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 91
diff changeset
222 return NULL;
09fbefc0e6a9 added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 91
diff changeset
223 }
09fbefc0e6a9 added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 91
diff changeset
224
09fbefc0e6a9 added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 91
diff changeset
225 LDAPGroup *wsgroup = NULL;
09fbefc0e6a9 added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 91
diff changeset
226 LDAPMessage *msg = ldap_first_entry(ld, result);
09fbefc0e6a9 added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 91
diff changeset
227 if (msg) {
09fbefc0e6a9 added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 91
diff changeset
228 // create group object
09fbefc0e6a9 added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 91
diff changeset
229 wsgroup = malloc(sizeof(LDAPGroup));
09fbefc0e6a9 added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 91
diff changeset
230 wsgroup->name = strdup(group);
09fbefc0e6a9 added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 91
diff changeset
231 wsgroup->members = NULL;
09fbefc0e6a9 added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 91
diff changeset
232 wsgroup->nmembers = 0;
09fbefc0e6a9 added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 91
diff changeset
233 wsgroup->update = 0;
09fbefc0e6a9 added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 91
diff changeset
234 wsgroup->next = NULL;
09fbefc0e6a9 added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 91
diff changeset
235
09fbefc0e6a9 added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 91
diff changeset
236 // get attributes
09fbefc0e6a9 added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 91
diff changeset
237 BerElement *ber = NULL;
09fbefc0e6a9 added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 91
diff changeset
238 char *attribute = attribute=ldap_first_attribute(ld, msg, &ber);
09fbefc0e6a9 added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 91
diff changeset
239 while(attribute != NULL) {
09fbefc0e6a9 added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 91
diff changeset
240 printf("attribute: %s\n", attribute);
09fbefc0e6a9 added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 91
diff changeset
241 if(!strcasecmp(attribute, "memberuid")) {
09fbefc0e6a9 added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 91
diff changeset
242 // get all memberuid values and add the users to the group obj
09fbefc0e6a9 added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 91
diff changeset
243
09fbefc0e6a9 added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 91
diff changeset
244 struct berval **values = ldap_get_values_len(ld, msg, attribute);
09fbefc0e6a9 added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 91
diff changeset
245 if(values) {
09fbefc0e6a9 added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 91
diff changeset
246 int count = ldap_count_values_len(values);
09fbefc0e6a9 added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 91
diff changeset
247 wsgroup->members = calloc(count, sizeof(LDAPMember));
09fbefc0e6a9 added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 91
diff changeset
248 wsgroup->nmembers = count;
09fbefc0e6a9 added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 91
diff changeset
249 for(int i=0;i<count;i++) {
415
d938228c382e switch from ucx 2 to 3
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 256
diff changeset
250 cxstring member = cx_strn(
97
09fbefc0e6a9 added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 91
diff changeset
251 values[i]->bv_val,
09fbefc0e6a9 added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 91
diff changeset
252 values[i]->bv_len);
415
d938228c382e switch from ucx 2 to 3
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 256
diff changeset
253 wsgroup->members[i].name = cx_strdup(member).ptr;
97
09fbefc0e6a9 added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 91
diff changeset
254 // TODO: uid?
101
7fbcdbad0baa added support for absolute URIs and improved keep alive
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 97
diff changeset
255 printf("added member: %.*s\n", (int)member.length, member.ptr);
97
09fbefc0e6a9 added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 91
diff changeset
256 }
09fbefc0e6a9 added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 91
diff changeset
257 }
09fbefc0e6a9 added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 91
diff changeset
258 }
09fbefc0e6a9 added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 91
diff changeset
259
09fbefc0e6a9 added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 91
diff changeset
260 attribute = ldap_next_attribute(ld, msg, ber);
09fbefc0e6a9 added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 91
diff changeset
261 }
09fbefc0e6a9 added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 91
diff changeset
262
09fbefc0e6a9 added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 91
diff changeset
263 if(ber) {
09fbefc0e6a9 added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 91
diff changeset
264 //ldap_ber_free(ber, 0);
09fbefc0e6a9 added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 91
diff changeset
265 }
09fbefc0e6a9 added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 91
diff changeset
266 if(attribute) {
09fbefc0e6a9 added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 91
diff changeset
267 ldap_memfree(attribute);
09fbefc0e6a9 added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 91
diff changeset
268 }
09fbefc0e6a9 added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 91
diff changeset
269 }
09fbefc0e6a9 added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 91
diff changeset
270
09fbefc0e6a9 added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 91
diff changeset
271 ws_ldap_close(ld);
09fbefc0e6a9 added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 91
diff changeset
272 return wsgroup;
09fbefc0e6a9 added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 91
diff changeset
273 }
09fbefc0e6a9 added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 91
diff changeset
274
415
d938228c382e switch from ucx 2 to 3
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 256
diff changeset
275 int ldap_user_verify_password(User *u, const char *password) {
38
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
276 LDAPUser *user = (LDAPUser*)u;
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
277
86
49bb6c8ceb2b replaced usage of deprecated openldap functions
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 66
diff changeset
278 //int r = ldap_simple_bind_s(user->ldap, user->userdn, password);
49bb6c8ceb2b replaced usage of deprecated openldap functions
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 66
diff changeset
279 struct berval cred;
415
d938228c382e switch from ucx 2 to 3
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 256
diff changeset
280 cred.bv_val = (char*)password;
86
49bb6c8ceb2b replaced usage of deprecated openldap functions
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 66
diff changeset
281 cred.bv_len = strlen(password);
49bb6c8ceb2b replaced usage of deprecated openldap functions
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 66
diff changeset
282 struct berval *server_cred;
49bb6c8ceb2b replaced usage of deprecated openldap functions
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 66
diff changeset
283 int r = ldap_sasl_bind_s(
49bb6c8ceb2b replaced usage of deprecated openldap functions
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 66
diff changeset
284 user->ldap,
49bb6c8ceb2b replaced usage of deprecated openldap functions
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 66
diff changeset
285 user->userdn,
49bb6c8ceb2b replaced usage of deprecated openldap functions
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 66
diff changeset
286 LDAP_SASL_SIMPLE,
49bb6c8ceb2b replaced usage of deprecated openldap functions
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 66
diff changeset
287 &cred,
49bb6c8ceb2b replaced usage of deprecated openldap functions
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 66
diff changeset
288 NULL,
49bb6c8ceb2b replaced usage of deprecated openldap functions
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 66
diff changeset
289 NULL,
49bb6c8ceb2b replaced usage of deprecated openldap functions
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 66
diff changeset
290 &server_cred);
38
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
291 if(r == LDAP_SUCCESS) {
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
292 printf("ldap password ok\n");
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
293 return 1;
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
294 } else {
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
295 printf("ldap password not ok\n");
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
296 return 0;
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
297 }
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
298 }
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
299
415
d938228c382e switch from ucx 2 to 3
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 256
diff changeset
300 int ldap_user_check_group(User *u, const char *group_str) {
97
09fbefc0e6a9 added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 91
diff changeset
301 LDAPUser *user = (LDAPUser*)u;
09fbefc0e6a9 added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 91
diff changeset
302
09fbefc0e6a9 added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 91
diff changeset
303 int ret = 0;
09fbefc0e6a9 added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 91
diff changeset
304
09fbefc0e6a9 added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 91
diff changeset
305 LDAPGroup *group = ldap_get_group(user->authdb, group_str);
09fbefc0e6a9 added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 91
diff changeset
306 for(int i=0;i<group->nmembers;i++) {
09fbefc0e6a9 added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 91
diff changeset
307 char *member = group->members[i].name;
09fbefc0e6a9 added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 91
diff changeset
308 if(!strcmp(member, u->name)) {
09fbefc0e6a9 added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 91
diff changeset
309 printf("is member\n");
09fbefc0e6a9 added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 91
diff changeset
310 ret = 1;
09fbefc0e6a9 added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 91
diff changeset
311 }
09fbefc0e6a9 added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 91
diff changeset
312 }
09fbefc0e6a9 added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 91
diff changeset
313
09fbefc0e6a9 added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 91
diff changeset
314 // TODO: free or cache group
09fbefc0e6a9 added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 91
diff changeset
315
09fbefc0e6a9 added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 91
diff changeset
316 return ret;
38
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
317 }
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
318
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
319 void ldap_user_free(User *u) {
48
37a512d7b8f6 fixed some memory leaks
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 44
diff changeset
320 LDAPUser *user = (LDAPUser*)u;
38
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
321 ldap_memfree(user->userdn);
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
322 // TODO: use connection pool
89
5eecce5314d6 fixed solaris build
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 87
diff changeset
323 ws_ldap_close(user->ldap);
38
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
324 free(user);
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
325 }

Mercurial Repository: webserver

mercurial