Mercurial > hg > webserver / annotate

src/server/daemon/ldap_auth.c@ef3c8a0e1fee (annotated)

src/server/daemon/ldap_auth.c

Sun, 27 Nov 2022 13:33:30 +0100

author
Olaf Wintermann <olaf.wintermann@gmail.com>
date
Sun, 27 Nov 2022 13:33:30 +0100
changeset 443
ef3c8a0e1fee
parent 415
d938228c382e
child 467
4d038bc6f86e
permissions
-rw-r--r--

improve daemon startup
parent will wait until daemon is started and returns error code if startup failed
daemon startup log messages will be printed by parent

38
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
1 /*
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
2 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
3 *
44
3da1f7b6847f added some error messages
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 38
diff changeset
4 * Copyright 2013 Olaf Wintermann. All rights reserved.
38
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
5 *
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
6 * Redistribution and use in source and binary forms, with or without
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
7 * modification, are permitted provided that the following conditions are met:
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
8 *
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
9 * 1. Redistributions of source code must retain the above copyright
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
10 * notice, this list of conditions and the following disclaimer.
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
11 *
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
12 * 2. Redistributions in binary form must reproduce the above copyright
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
13 * notice, this list of conditions and the following disclaimer in the
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
14 * documentation and/or other materials provided with the distribution.
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
15 *
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
16 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
17 * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
18 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
19 * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
20 * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
21 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
22 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
23 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
24 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
25 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
26 * POSSIBILITY OF SUCH DAMAGE.
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
27 */
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
28
86
49bb6c8ceb2b replaced usage of deprecated openldap functions
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 66
diff changeset
29 #ifdef __gnu_linux__
49bb6c8ceb2b replaced usage of deprecated openldap functions
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 66
diff changeset
30 #define _GNU_SOURCE
49bb6c8ceb2b replaced usage of deprecated openldap functions
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 66
diff changeset
31 #endif
49bb6c8ceb2b replaced usage of deprecated openldap functions
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 66
diff changeset
32
38
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
33 #include <stdio.h>
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
34 #include <stdlib.h>
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
35 #include <string.h>
111
c93be34fde76 fixed NetBSD build and an uninitialized struct member
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 109
diff changeset
36 #include <sys/time.h>
38
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
37
415
d938228c382e switch from ucx 2 to 3
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 256
diff changeset
38 #include <cx/utils.h>
d938228c382e switch from ucx 2 to 3
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 256
diff changeset
39 #include <cx/hash_map.h>
97
09fbefc0e6a9 added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 91
diff changeset
40
38
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
41 #include "ldap_auth.h"
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
42
89
5eecce5314d6 fixed solaris build
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 87
diff changeset
43 static void ws_ldap_close(LDAP *ldap) {
5eecce5314d6 fixed solaris build
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 87
diff changeset
44 #ifdef SOLARIS
5eecce5314d6 fixed solaris build
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 87
diff changeset
45 ldap_unbind(ldap);
5eecce5314d6 fixed solaris build
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 87
diff changeset
46 #else
91
fac51f87def0 ucx update
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 89
diff changeset
47 ldap_unbind_ext_s(ldap, NULL, NULL);
89
5eecce5314d6 fixed solaris build
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 87
diff changeset
48 #endif
5eecce5314d6 fixed solaris build
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 87
diff changeset
49 }
5eecce5314d6 fixed solaris build
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 87
diff changeset
50
256
19259b6c5cf7 replace old server config loader
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 111
diff changeset
51 AuthDB* create_ldap_authdb(ServerConfiguration *cfg, const char *name, LDAPConfig *conf) {
415
d938228c382e switch from ucx 2 to 3
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 256
diff changeset
52 LDAPAuthDB *authdb = cxMalloc(cfg->a, sizeof(LDAPAuthDB));
256
19259b6c5cf7 replace old server config loader
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 111
diff changeset
53 authdb->authdb.name = pool_strdup(cfg->pool, name);
38
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
54 authdb->authdb.get_user = ldap_get_user;
66
74babc0082b7 added authentication cache
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 63
diff changeset
55 authdb->authdb.use_cache = 1;
38
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
56 authdb->config = *conf;
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
57
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
58 if (!authdb->config.usersearch) {
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
59 authdb->config.usersearch = "uid";
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
60 }
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
61 if (!authdb->config.groupsearch) {
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
62 authdb->config.groupsearch = "uniquemember";
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
63 }
97
09fbefc0e6a9 added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 91
diff changeset
64
09fbefc0e6a9 added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 91
diff changeset
65 // initialize group cache
09fbefc0e6a9 added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 91
diff changeset
66 authdb->groups.first = NULL;
09fbefc0e6a9 added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 91
diff changeset
67 authdb->groups.last = NULL;
415
d938228c382e switch from ucx 2 to 3
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 256
diff changeset
68 authdb->groups.map = cxHashMapCreate(cfg->a, 32);
38
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
69
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
70 return (AuthDB*) authdb;
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
71 }
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
72
97
09fbefc0e6a9 added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 91
diff changeset
73 LDAP* get_ldap_session(LDAPAuthDB *authdb) {
38
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
74 LDAPConfig *config = &authdb->config;
86
49bb6c8ceb2b replaced usage of deprecated openldap functions
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 66
diff changeset
75 LDAP *ld = NULL;
109
8a0a7754f123 experimental BSD support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 101
diff changeset
76
8a0a7754f123 experimental BSD support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 101
diff changeset
77 #ifdef SOLARIS
8a0a7754f123 experimental BSD support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 101
diff changeset
78 ld = ldap_init(config->hostname, config->port);
8a0a7754f123 experimental BSD support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 101
diff changeset
79 #else
86
49bb6c8ceb2b replaced usage of deprecated openldap functions
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 66
diff changeset
80 char *ldap_uri = NULL;
49bb6c8ceb2b replaced usage of deprecated openldap functions
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 66
diff changeset
81 asprintf(&ldap_uri, "ldap://%s:%d", config->hostname, config->port);
87
bdec069d2239 fixed pathcheck behavior
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 86
diff changeset
82 int init_ret = ldap_initialize(&ld, ldap_uri);
bdec069d2239 fixed pathcheck behavior
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 86
diff changeset
83 free(ldap_uri);
bdec069d2239 fixed pathcheck behavior
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 86
diff changeset
84 if(init_ret) {
86
49bb6c8ceb2b replaced usage of deprecated openldap functions
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 66
diff changeset
85 fprintf(stderr, "ldap_initialize failed\n");
49bb6c8ceb2b replaced usage of deprecated openldap functions
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 66
diff changeset
86 }
49bb6c8ceb2b replaced usage of deprecated openldap functions
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 66
diff changeset
87 #endif
97
09fbefc0e6a9 added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 91
diff changeset
88 if(!ld) {
38
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
89 return NULL;
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
90 }
86
49bb6c8ceb2b replaced usage of deprecated openldap functions
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 66
diff changeset
91
49bb6c8ceb2b replaced usage of deprecated openldap functions
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 66
diff changeset
92 int ldapv = LDAP_VERSION3;
49
1fd94945796e some fixes
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 48
diff changeset
93 ldap_set_option(ld, LDAP_OPT_PROTOCOL_VERSION, &ldapv);
97
09fbefc0e6a9 added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 91
diff changeset
94
09fbefc0e6a9 added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 91
diff changeset
95 // admin bind
86
49bb6c8ceb2b replaced usage of deprecated openldap functions
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 66
diff changeset
96 struct berval cred;
49bb6c8ceb2b replaced usage of deprecated openldap functions
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 66
diff changeset
97 cred.bv_val = config->bindpw;
49bb6c8ceb2b replaced usage of deprecated openldap functions
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 66
diff changeset
98 cred.bv_len = strlen(config->bindpw);
49bb6c8ceb2b replaced usage of deprecated openldap functions
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 66
diff changeset
99 struct berval *server_cred;
49bb6c8ceb2b replaced usage of deprecated openldap functions
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 66
diff changeset
100 int r = ldap_sasl_bind_s(
49bb6c8ceb2b replaced usage of deprecated openldap functions
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 66
diff changeset
101 ld,
49bb6c8ceb2b replaced usage of deprecated openldap functions
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 66
diff changeset
102 config->binddn,
49bb6c8ceb2b replaced usage of deprecated openldap functions
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 66
diff changeset
103 LDAP_SASL_SIMPLE,
49bb6c8ceb2b replaced usage of deprecated openldap functions
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 66
diff changeset
104 &cred,
49bb6c8ceb2b replaced usage of deprecated openldap functions
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 66
diff changeset
105 NULL,
49bb6c8ceb2b replaced usage of deprecated openldap functions
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 66
diff changeset
106 NULL,
49bb6c8ceb2b replaced usage of deprecated openldap functions
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 66
diff changeset
107 &server_cred);
38
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
108 if (r != LDAP_SUCCESS) {
89
5eecce5314d6 fixed solaris build
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 87
diff changeset
109 ws_ldap_close(ld);
38
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
110 fprintf(stderr, "ldap_simple_bind_s failed: %s\n", ldap_err2string(r));
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
111 return NULL;
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
112 }
97
09fbefc0e6a9 added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 91
diff changeset
113
09fbefc0e6a9 added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 91
diff changeset
114 return ld;
09fbefc0e6a9 added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 91
diff changeset
115 }
09fbefc0e6a9 added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 91
diff changeset
116
415
d938228c382e switch from ucx 2 to 3
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 256
diff changeset
117 User* ldap_get_user(AuthDB *db, const char *username) {
97
09fbefc0e6a9 added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 91
diff changeset
118 LDAPAuthDB *authdb = (LDAPAuthDB*) db;
09fbefc0e6a9 added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 91
diff changeset
119 LDAPConfig *config = &authdb->config;
09fbefc0e6a9 added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 91
diff changeset
120
09fbefc0e6a9 added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 91
diff changeset
121 LDAP *ld = get_ldap_session(authdb);
09fbefc0e6a9 added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 91
diff changeset
122 if (ld == NULL) {
09fbefc0e6a9 added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 91
diff changeset
123 fprintf(stderr, "ldap_init failed\n");
09fbefc0e6a9 added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 91
diff changeset
124 return NULL;
09fbefc0e6a9 added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 91
diff changeset
125 }
38
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
126
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
127 // get the user dn
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
128 // TODO: use config for filter
97
09fbefc0e6a9 added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 91
diff changeset
129 // TODO: use asprintf
38
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
130 char filter[128];
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
131 int s = snprintf(filter, 127, "uid=%s", username);
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
132 filter[s] = 0;
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
133
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
134 LDAPMessage *result;
86
49bb6c8ceb2b replaced usage of deprecated openldap functions
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 66
diff changeset
135 struct timeval timeout;
49bb6c8ceb2b replaced usage of deprecated openldap functions
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 66
diff changeset
136 timeout.tv_sec = 8;
49bb6c8ceb2b replaced usage of deprecated openldap functions
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 66
diff changeset
137 timeout.tv_usec = 0;
97
09fbefc0e6a9 added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 91
diff changeset
138 int r = ldap_search_ext_s(
38
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
139 ld,
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
140 config->basedn,
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
141 LDAP_SCOPE_SUBTREE,
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
142 filter,
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
143 NULL,
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
144 0,
86
49bb6c8ceb2b replaced usage of deprecated openldap functions
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 66
diff changeset
145 NULL, // server controls
49bb6c8ceb2b replaced usage of deprecated openldap functions
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 66
diff changeset
146 NULL, // client controls
49bb6c8ceb2b replaced usage of deprecated openldap functions
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 66
diff changeset
147 &timeout,
49bb6c8ceb2b replaced usage of deprecated openldap functions
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 66
diff changeset
148 1, // size limit
38
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
149 &result);
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
150 if (r != LDAP_SUCCESS) {
89
5eecce5314d6 fixed solaris build
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 87
diff changeset
151 ws_ldap_close(ld);
5eecce5314d6 fixed solaris build
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 87
diff changeset
152
86
49bb6c8ceb2b replaced usage of deprecated openldap functions
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 66
diff changeset
153 fprintf(stderr, "ldap_search_ext_s failed\n");
38
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
154 return NULL;
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
155 }
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
156
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
157 LDAPMessage *msg = ldap_first_entry(ld, result);
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
158 if (msg) {
63
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 49
diff changeset
159 LDAPUser *user = malloc(sizeof(LDAPUser));
38
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
160 if (user != NULL) {
97
09fbefc0e6a9 added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 91
diff changeset
161 user->authdb = authdb;
38
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
162 user->user.verify_password = ldap_user_verify_password;
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
163 user->user.check_group = ldap_user_check_group;
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
164 user->user.free = ldap_user_free;
415
d938228c382e switch from ucx 2 to 3
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 256
diff changeset
165 user->user.name = (char*)username; // must not be freed TODO: maybe copy
63
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 49
diff changeset
166
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 49
diff changeset
167 // TODO: get uid/gid from ldap
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 49
diff changeset
168 user->user.uid = -1;
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 49
diff changeset
169 user->user.gid = -1;
38
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
170
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
171 user->ldap = ld;
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
172 user->userdn = ldap_get_dn(ld, msg);
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
173
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
174 ldap_msgfree(result);
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
175
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
176 return (User*)user;
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
177 }
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
178 }
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
179
89
5eecce5314d6 fixed solaris build
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 87
diff changeset
180 ws_ldap_close(ld);
38
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
181 return NULL;
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
182 }
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
183
415
d938228c382e switch from ucx 2 to 3
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 256
diff changeset
184 LDAPGroup* ldap_get_group(LDAPAuthDB *authdb, const char *group) {
97
09fbefc0e6a9 added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 91
diff changeset
185 printf("ldap_get_group: %s\n", group);
09fbefc0e6a9 added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 91
diff changeset
186
09fbefc0e6a9 added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 91
diff changeset
187 LDAPConfig *config = &authdb->config;
09fbefc0e6a9 added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 91
diff changeset
188
09fbefc0e6a9 added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 91
diff changeset
189 LDAP *ld = get_ldap_session(authdb);
09fbefc0e6a9 added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 91
diff changeset
190 if (ld == NULL) {
09fbefc0e6a9 added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 91
diff changeset
191 fprintf(stderr, "ldap_init failed\n");
09fbefc0e6a9 added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 91
diff changeset
192 return NULL;
09fbefc0e6a9 added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 91
diff changeset
193 }
09fbefc0e6a9 added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 91
diff changeset
194
09fbefc0e6a9 added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 91
diff changeset
195 // get the user dn
09fbefc0e6a9 added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 91
diff changeset
196 // TODO: use config for filter
09fbefc0e6a9 added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 91
diff changeset
197 // TODO: use asprintf
09fbefc0e6a9 added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 91
diff changeset
198 char filter[128];
09fbefc0e6a9 added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 91
diff changeset
199 int s = snprintf(filter, 127, "cn=%s", group);
09fbefc0e6a9 added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 91
diff changeset
200 filter[s] = 0;
09fbefc0e6a9 added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 91
diff changeset
201
09fbefc0e6a9 added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 91
diff changeset
202 LDAPMessage *result;
09fbefc0e6a9 added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 91
diff changeset
203 struct timeval timeout;
09fbefc0e6a9 added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 91
diff changeset
204 timeout.tv_sec = 8;
09fbefc0e6a9 added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 91
diff changeset
205 timeout.tv_usec = 0;
09fbefc0e6a9 added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 91
diff changeset
206 int r = ldap_search_ext_s(
09fbefc0e6a9 added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 91
diff changeset
207 ld,
09fbefc0e6a9 added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 91
diff changeset
208 config->basedn,
09fbefc0e6a9 added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 91
diff changeset
209 LDAP_SCOPE_SUBTREE,
09fbefc0e6a9 added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 91
diff changeset
210 filter,
09fbefc0e6a9 added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 91
diff changeset
211 NULL,
09fbefc0e6a9 added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 91
diff changeset
212 0,
09fbefc0e6a9 added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 91
diff changeset
213 NULL, // server controls
09fbefc0e6a9 added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 91
diff changeset
214 NULL, // client controls
09fbefc0e6a9 added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 91
diff changeset
215 &timeout,
09fbefc0e6a9 added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 91
diff changeset
216 1, // size limit
09fbefc0e6a9 added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 91
diff changeset
217 &result);
09fbefc0e6a9 added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 91
diff changeset
218 if (r != LDAP_SUCCESS) {
09fbefc0e6a9 added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 91
diff changeset
219 ws_ldap_close(ld);
09fbefc0e6a9 added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 91
diff changeset
220
09fbefc0e6a9 added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 91
diff changeset
221 fprintf(stderr, "ldap_search_ext_s failed\n");
09fbefc0e6a9 added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 91
diff changeset
222 return NULL;
09fbefc0e6a9 added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 91
diff changeset
223 }
09fbefc0e6a9 added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 91
diff changeset
224
09fbefc0e6a9 added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 91
diff changeset
225 LDAPGroup *wsgroup = NULL;
09fbefc0e6a9 added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 91
diff changeset
226 LDAPMessage *msg = ldap_first_entry(ld, result);
09fbefc0e6a9 added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 91
diff changeset
227 if (msg) {
09fbefc0e6a9 added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 91
diff changeset
228 // create group object
09fbefc0e6a9 added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 91
diff changeset
229 wsgroup = malloc(sizeof(LDAPGroup));
09fbefc0e6a9 added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 91
diff changeset
230 wsgroup->name = strdup(group);
09fbefc0e6a9 added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 91
diff changeset
231 wsgroup->members = NULL;
09fbefc0e6a9 added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 91
diff changeset
232 wsgroup->nmembers = 0;
09fbefc0e6a9 added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 91
diff changeset
233 wsgroup->update = 0;
09fbefc0e6a9 added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 91
diff changeset
234 wsgroup->next = NULL;
09fbefc0e6a9 added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 91
diff changeset
235
09fbefc0e6a9 added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 91
diff changeset
236 // get attributes
09fbefc0e6a9 added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 91
diff changeset
237 BerElement *ber = NULL;
09fbefc0e6a9 added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 91
diff changeset
238 char *attribute = attribute=ldap_first_attribute(ld, msg, &ber);
09fbefc0e6a9 added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 91
diff changeset
239 while(attribute != NULL) {
09fbefc0e6a9 added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 91
diff changeset
240 printf("attribute: %s\n", attribute);
09fbefc0e6a9 added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 91
diff changeset
241 if(!strcasecmp(attribute, "memberuid")) {
09fbefc0e6a9 added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 91
diff changeset
242 // get all memberuid values and add the users to the group obj
09fbefc0e6a9 added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 91
diff changeset
243
09fbefc0e6a9 added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 91
diff changeset
244 struct berval **values = ldap_get_values_len(ld, msg, attribute);
09fbefc0e6a9 added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 91
diff changeset
245 if(values) {
09fbefc0e6a9 added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 91
diff changeset
246 int count = ldap_count_values_len(values);
09fbefc0e6a9 added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 91
diff changeset
247 wsgroup->members = calloc(count, sizeof(LDAPMember));
09fbefc0e6a9 added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 91
diff changeset
248 wsgroup->nmembers = count;
09fbefc0e6a9 added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 91
diff changeset
249 for(int i=0;i<count;i++) {
415
d938228c382e switch from ucx 2 to 3
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 256
diff changeset
250 cxstring member = cx_strn(
97
09fbefc0e6a9 added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 91
diff changeset
251 values[i]->bv_val,
09fbefc0e6a9 added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 91
diff changeset
252 values[i]->bv_len);
415
d938228c382e switch from ucx 2 to 3
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 256
diff changeset
253 wsgroup->members[i].name = cx_strdup(member).ptr;
97
09fbefc0e6a9 added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 91
diff changeset
254 // TODO: uid?
101
7fbcdbad0baa added support for absolute URIs and improved keep alive
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 97
diff changeset
255 printf("added member: %.*s\n", (int)member.length, member.ptr);
97
09fbefc0e6a9 added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 91
diff changeset
256 }
09fbefc0e6a9 added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 91
diff changeset
257 }
09fbefc0e6a9 added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 91
diff changeset
258 }
09fbefc0e6a9 added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 91
diff changeset
259
09fbefc0e6a9 added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 91
diff changeset
260 attribute = ldap_next_attribute(ld, msg, ber);
09fbefc0e6a9 added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 91
diff changeset
261 }
09fbefc0e6a9 added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 91
diff changeset
262
09fbefc0e6a9 added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 91
diff changeset
263 if(ber) {
09fbefc0e6a9 added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 91
diff changeset
264 //ldap_ber_free(ber, 0);
09fbefc0e6a9 added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 91
diff changeset
265 }
09fbefc0e6a9 added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 91
diff changeset
266 if(attribute) {
09fbefc0e6a9 added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 91
diff changeset
267 ldap_memfree(attribute);
09fbefc0e6a9 added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 91
diff changeset
268 }
09fbefc0e6a9 added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 91
diff changeset
269 }
09fbefc0e6a9 added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 91
diff changeset
270
09fbefc0e6a9 added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 91
diff changeset
271 ws_ldap_close(ld);
09fbefc0e6a9 added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 91
diff changeset
272 return wsgroup;
09fbefc0e6a9 added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 91
diff changeset
273 }
09fbefc0e6a9 added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 91
diff changeset
274
415
d938228c382e switch from ucx 2 to 3
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 256
diff changeset
275 int ldap_user_verify_password(User *u, const char *password) {
38
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
276 LDAPUser *user = (LDAPUser*)u;
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
277
86
49bb6c8ceb2b replaced usage of deprecated openldap functions
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 66
diff changeset
278 //int r = ldap_simple_bind_s(user->ldap, user->userdn, password);
49bb6c8ceb2b replaced usage of deprecated openldap functions
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 66
diff changeset
279 struct berval cred;
415
d938228c382e switch from ucx 2 to 3
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 256
diff changeset
280 cred.bv_val = (char*)password;
86
49bb6c8ceb2b replaced usage of deprecated openldap functions
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 66
diff changeset
281 cred.bv_len = strlen(password);
49bb6c8ceb2b replaced usage of deprecated openldap functions
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 66
diff changeset
282 struct berval *server_cred;
49bb6c8ceb2b replaced usage of deprecated openldap functions
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 66
diff changeset
283 int r = ldap_sasl_bind_s(
49bb6c8ceb2b replaced usage of deprecated openldap functions
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 66
diff changeset
284 user->ldap,
49bb6c8ceb2b replaced usage of deprecated openldap functions
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 66
diff changeset
285 user->userdn,
49bb6c8ceb2b replaced usage of deprecated openldap functions
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 66
diff changeset
286 LDAP_SASL_SIMPLE,
49bb6c8ceb2b replaced usage of deprecated openldap functions
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 66
diff changeset
287 &cred,
49bb6c8ceb2b replaced usage of deprecated openldap functions
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 66
diff changeset
288 NULL,
49bb6c8ceb2b replaced usage of deprecated openldap functions
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 66
diff changeset
289 NULL,
49bb6c8ceb2b replaced usage of deprecated openldap functions
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 66
diff changeset
290 &server_cred);
38
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
291 if(r == LDAP_SUCCESS) {
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
292 printf("ldap password ok\n");
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
293 return 1;
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
294 } else {
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
295 printf("ldap password not ok\n");
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
296 return 0;
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
297 }
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
298 }
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
299
415
d938228c382e switch from ucx 2 to 3
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 256
diff changeset
300 int ldap_user_check_group(User *u, const char *group_str) {
97
09fbefc0e6a9 added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 91
diff changeset
301 LDAPUser *user = (LDAPUser*)u;
09fbefc0e6a9 added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 91
diff changeset
302
09fbefc0e6a9 added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 91
diff changeset
303 int ret = 0;
09fbefc0e6a9 added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 91
diff changeset
304
09fbefc0e6a9 added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 91
diff changeset
305 LDAPGroup *group = ldap_get_group(user->authdb, group_str);
09fbefc0e6a9 added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 91
diff changeset
306 for(int i=0;i<group->nmembers;i++) {
09fbefc0e6a9 added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 91
diff changeset
307 char *member = group->members[i].name;
09fbefc0e6a9 added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 91
diff changeset
308 if(!strcmp(member, u->name)) {
09fbefc0e6a9 added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 91
diff changeset
309 printf("is member\n");
09fbefc0e6a9 added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 91
diff changeset
310 ret = 1;
09fbefc0e6a9 added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 91
diff changeset
311 }
09fbefc0e6a9 added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 91
diff changeset
312 }
09fbefc0e6a9 added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 91
diff changeset
313
09fbefc0e6a9 added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 91
diff changeset
314 // TODO: free or cache group
09fbefc0e6a9 added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 91
diff changeset
315
09fbefc0e6a9 added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 91
diff changeset
316 return ret;
38
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
317 }
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
318
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
319 void ldap_user_free(User *u) {
48
37a512d7b8f6 fixed some memory leaks
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 44
diff changeset
320 LDAPUser *user = (LDAPUser*)u;
38
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
321 ldap_memfree(user->userdn);
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
322 // TODO: use connection pool
89
5eecce5314d6 fixed solaris build
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 87
diff changeset
323 ws_ldap_close(user->ldap);
38
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
324 free(user);
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
325 }

Mercurial Repository: webserver

mercurial