55 authdb->config.usersearch = "uid"; |
57 authdb->config.usersearch = "uid"; |
56 } |
58 } |
57 if (!authdb->config.groupsearch) { |
59 if (!authdb->config.groupsearch) { |
58 authdb->config.groupsearch = "uniquemember"; |
60 authdb->config.groupsearch = "uniquemember"; |
59 } |
61 } |
|
62 |
|
63 // initialize group cache |
|
64 authdb->groups.first = NULL; |
|
65 authdb->groups.last = NULL; |
|
66 authdb->groups.map = ucx_map_new(32); |
60 |
67 |
61 return (AuthDB*) authdb; |
68 return (AuthDB*) authdb; |
62 } |
69 } |
63 |
70 |
64 User* ldap_get_user(AuthDB *db, char *username) { |
71 LDAP* get_ldap_session(LDAPAuthDB *authdb) { |
65 LDAPAuthDB *authdb = (LDAPAuthDB*) db; |
|
66 LDAPConfig *config = &authdb->config; |
72 LDAPConfig *config = &authdb->config; |
67 |
|
68 LDAP *ld = NULL; |
73 LDAP *ld = NULL; |
69 #ifdef LINUX |
74 #ifdef LINUX |
70 char *ldap_uri = NULL; |
75 char *ldap_uri = NULL; |
71 asprintf(&ldap_uri, "ldap://%s:%d", config->hostname, config->port); |
76 asprintf(&ldap_uri, "ldap://%s:%d", config->hostname, config->port); |
72 int init_ret = ldap_initialize(&ld, ldap_uri); |
77 int init_ret = ldap_initialize(&ld, ldap_uri); |
73 free(ldap_uri); |
78 free(ldap_uri); |
74 if(init_ret) { |
79 if(init_ret) { |
75 fprintf(stderr, "ldap_initialize failed\n"); |
80 fprintf(stderr, "ldap_initialize failed\n"); |
76 } |
81 } |
77 |
|
78 #else |
82 #else |
79 ld = ldap_init(config->hostname, config->port); |
83 ld = ldap_init(config->hostname, config->port); |
80 #endif |
84 #endif |
81 if (ld == NULL) { |
85 if(!ld) { |
82 fprintf(stderr, "ldap_init failed\n"); |
|
83 return NULL; |
86 return NULL; |
84 } |
87 } |
85 |
88 |
86 int ldapv = LDAP_VERSION3; |
89 int ldapv = LDAP_VERSION3; |
87 ldap_set_option(ld, LDAP_OPT_PROTOCOL_VERSION, &ldapv); |
90 ldap_set_option(ld, LDAP_OPT_PROTOCOL_VERSION, &ldapv); |
88 |
91 |
89 //int r = ldap_simple_bind_s(ld, config->binddn, config->bindpw); |
92 // admin bind |
90 struct berval cred; |
93 struct berval cred; |
91 cred.bv_val = config->bindpw; |
94 cred.bv_val = config->bindpw; |
92 cred.bv_len = strlen(config->bindpw); |
95 cred.bv_len = strlen(config->bindpw); |
93 struct berval *server_cred; |
96 struct berval *server_cred; |
94 int r = ldap_sasl_bind_s( |
97 int r = ldap_sasl_bind_s( |
99 NULL, |
102 NULL, |
100 NULL, |
103 NULL, |
101 &server_cred); |
104 &server_cred); |
102 if (r != LDAP_SUCCESS) { |
105 if (r != LDAP_SUCCESS) { |
103 ws_ldap_close(ld); |
106 ws_ldap_close(ld); |
104 |
|
105 fprintf(stderr, "ldap_simple_bind_s failed: %s\n", ldap_err2string(r)); |
107 fprintf(stderr, "ldap_simple_bind_s failed: %s\n", ldap_err2string(r)); |
106 return NULL; |
108 return NULL; |
107 } |
109 } |
|
110 |
|
111 return ld; |
|
112 } |
|
113 |
|
114 User* ldap_get_user(AuthDB *db, char *username) { |
|
115 LDAPAuthDB *authdb = (LDAPAuthDB*) db; |
|
116 LDAPConfig *config = &authdb->config; |
|
117 |
|
118 LDAP *ld = get_ldap_session(authdb); |
|
119 if (ld == NULL) { |
|
120 fprintf(stderr, "ldap_init failed\n"); |
|
121 return NULL; |
|
122 } |
108 |
123 |
109 // get the user dn |
124 // get the user dn |
110 |
|
111 // TODO: use config for filter |
125 // TODO: use config for filter |
|
126 // TODO: use asprintf |
112 char filter[128]; |
127 char filter[128]; |
113 int s = snprintf(filter, 127, "uid=%s", username); |
128 int s = snprintf(filter, 127, "uid=%s", username); |
114 filter[s] = 0; |
129 filter[s] = 0; |
115 |
130 |
116 LDAPMessage *result; |
131 LDAPMessage *result; |
117 struct timeval timeout; |
132 struct timeval timeout; |
118 timeout.tv_sec = 8; |
133 timeout.tv_sec = 8; |
119 timeout.tv_usec = 0; |
134 timeout.tv_usec = 0; |
120 r = ldap_search_ext_s( |
135 int r = ldap_search_ext_s( |
121 ld, |
136 ld, |
122 config->basedn, |
137 config->basedn, |
123 LDAP_SCOPE_SUBTREE, |
138 LDAP_SCOPE_SUBTREE, |
124 filter, |
139 filter, |
125 NULL, |
140 NULL, |
138 |
153 |
139 LDAPMessage *msg = ldap_first_entry(ld, result); |
154 LDAPMessage *msg = ldap_first_entry(ld, result); |
140 if (msg) { |
155 if (msg) { |
141 LDAPUser *user = malloc(sizeof(LDAPUser)); |
156 LDAPUser *user = malloc(sizeof(LDAPUser)); |
142 if (user != NULL) { |
157 if (user != NULL) { |
|
158 user->authdb = authdb; |
143 user->user.verify_password = ldap_user_verify_password; |
159 user->user.verify_password = ldap_user_verify_password; |
144 user->user.check_group = ldap_user_check_group; |
160 user->user.check_group = ldap_user_check_group; |
145 user->user.free = ldap_user_free; |
161 user->user.free = ldap_user_free; |
146 user->user.name = username; // must not be freed |
162 user->user.name = username; // must not be freed |
147 |
163 |
158 } |
174 } |
159 } |
175 } |
160 |
176 |
161 ws_ldap_close(ld); |
177 ws_ldap_close(ld); |
162 return NULL; |
178 return NULL; |
|
179 } |
|
180 |
|
181 LDAPGroup* ldap_get_group(LDAPAuthDB *authdb, char *group) { |
|
182 printf("ldap_get_group: %s\n", group); |
|
183 |
|
184 LDAPConfig *config = &authdb->config; |
|
185 |
|
186 LDAP *ld = get_ldap_session(authdb); |
|
187 if (ld == NULL) { |
|
188 fprintf(stderr, "ldap_init failed\n"); |
|
189 return NULL; |
|
190 } |
|
191 |
|
192 // get the user dn |
|
193 // TODO: use config for filter |
|
194 // TODO: use asprintf |
|
195 char filter[128]; |
|
196 int s = snprintf(filter, 127, "cn=%s", group); |
|
197 filter[s] = 0; |
|
198 |
|
199 LDAPMessage *result; |
|
200 struct timeval timeout; |
|
201 timeout.tv_sec = 8; |
|
202 timeout.tv_usec = 0; |
|
203 int r = ldap_search_ext_s( |
|
204 ld, |
|
205 config->basedn, |
|
206 LDAP_SCOPE_SUBTREE, |
|
207 filter, |
|
208 NULL, |
|
209 0, |
|
210 NULL, // server controls |
|
211 NULL, // client controls |
|
212 &timeout, |
|
213 1, // size limit |
|
214 &result); |
|
215 if (r != LDAP_SUCCESS) { |
|
216 ws_ldap_close(ld); |
|
217 |
|
218 fprintf(stderr, "ldap_search_ext_s failed\n"); |
|
219 return NULL; |
|
220 } |
|
221 |
|
222 LDAPGroup *wsgroup = NULL; |
|
223 LDAPMessage *msg = ldap_first_entry(ld, result); |
|
224 if (msg) { |
|
225 // create group object |
|
226 wsgroup = malloc(sizeof(LDAPGroup)); |
|
227 wsgroup->name = strdup(group); |
|
228 wsgroup->members = NULL; |
|
229 wsgroup->nmembers = 0; |
|
230 wsgroup->update = 0; |
|
231 wsgroup->next = NULL; |
|
232 |
|
233 // get attributes |
|
234 BerElement *ber = NULL; |
|
235 char *attribute = attribute=ldap_first_attribute(ld, msg, &ber); |
|
236 while(attribute != NULL) { |
|
237 printf("attribute: %s\n", attribute); |
|
238 if(!strcasecmp(attribute, "memberuid")) { |
|
239 // get all memberuid values and add the users to the group obj |
|
240 |
|
241 struct berval **values = ldap_get_values_len(ld, msg, attribute); |
|
242 if(values) { |
|
243 int count = ldap_count_values_len(values); |
|
244 wsgroup->members = calloc(count, sizeof(LDAPMember)); |
|
245 wsgroup->nmembers = count; |
|
246 for(int i=0;i<count;i++) { |
|
247 sstr_t member = sstrn( |
|
248 values[i]->bv_val, |
|
249 values[i]->bv_len); |
|
250 wsgroup->members[i].name = sstrdup(member).ptr; |
|
251 // TODO: uid? |
|
252 printf("added member: %.*s\n", member.length, member.ptr); |
|
253 } |
|
254 } |
|
255 } |
|
256 |
|
257 attribute = ldap_next_attribute(ld, msg, ber); |
|
258 } |
|
259 |
|
260 if(ber) { |
|
261 //ldap_ber_free(ber, 0); |
|
262 } |
|
263 if(attribute) { |
|
264 ldap_memfree(attribute); |
|
265 } |
|
266 } |
|
267 |
|
268 ws_ldap_close(ld); |
|
269 return wsgroup; |
163 } |
270 } |
164 |
271 |
165 int ldap_user_verify_password(User *u, char *password) { |
272 int ldap_user_verify_password(User *u, char *password) { |
166 LDAPUser *user = (LDAPUser*)u; |
273 LDAPUser *user = (LDAPUser*)u; |
167 |
274 |
185 printf("ldap password not ok\n"); |
292 printf("ldap password not ok\n"); |
186 return 0; |
293 return 0; |
187 } |
294 } |
188 } |
295 } |
189 |
296 |
190 int ldap_user_check_group(User *user, char *group) { |
297 int ldap_user_check_group(User *u, char *group_str) { |
191 // TODO |
298 LDAPUser *user = (LDAPUser*)u; |
192 return 0; |
299 |
|
300 int ret = 0; |
|
301 |
|
302 LDAPGroup *group = ldap_get_group(user->authdb, group_str); |
|
303 for(int i=0;i<group->nmembers;i++) { |
|
304 char *member = group->members[i].name; |
|
305 if(!strcmp(member, u->name)) { |
|
306 printf("is member\n"); |
|
307 ret = 1; |
|
308 } |
|
309 } |
|
310 |
|
311 // TODO: free or cache group |
|
312 |
|
313 return ret; |
193 } |
314 } |
194 |
315 |
195 void ldap_user_free(User *u) { |
316 void ldap_user_free(User *u) { |
196 LDAPUser *user = (LDAPUser*)u; |
317 LDAPUser *user = (LDAPUser*)u; |
197 ldap_memfree(user->userdn); |
318 ldap_memfree(user->userdn); |