webserver: comparison src/server/daemon/ldap

-:0185b13bf41f
+:09fbefc0e6a9
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
+#include <ucx/utils.h>
 #include "ldap_auth.h"
 static void ws_ldap_close(LDAP *ldap) {
 #ifdef SOLARIS
 ldap_unbind(ldap);
 authdb->config.usersearch = "uid";
 }
 if (!authdb->config.groupsearch) {
 authdb->config.groupsearch = "uniquemember";
 }
+// initialize group cache
+authdb->groups.first = NULL;
+authdb->groups.last = NULL;
+authdb->groups.map = ucx_map_new(32);
 return (AuthDB*) authdb;
 }
-User* ldap_get_user(AuthDB *db, char *username) {
+LDAP* get_ldap_session(LDAPAuthDB *authdb) {
-LDAPAuthDB *authdb = (LDAPAuthDB*) db;
 LDAPConfig *config = &authdb->config;
 LDAP *ld = NULL;
 #ifdef LINUX
 char *ldap_uri = NULL;
 asprintf(&ldap_uri, "ldap://%s:%d", config->hostname, config->port);
 int init_ret = ldap_initialize(&ld, ldap_uri);
 free(ldap_uri);
 if(init_ret) {
 fprintf(stderr, "ldap_initialize failed\n");
 }
 #else
 ld = ldap_init(config->hostname, config->port);
 #endif
-if (ld == NULL) {
+if(!ld) {
-fprintf(stderr, "ldap_init failed\n");
 return NULL;
 }
 int ldapv = LDAP_VERSION3;
 ldap_set_option(ld, LDAP_OPT_PROTOCOL_VERSION, &ldapv);
-//int r = ldap_simple_bind_s(ld, config->binddn, config->bindpw);
+// admin bind
 struct berval cred;
 cred.bv_val = config->bindpw;
 cred.bv_len = strlen(config->bindpw);
 struct berval *server_cred;
 int r = ldap_sasl_bind_s(
 NULL,
 NULL,
 &server_cred);
 if (r != LDAP_SUCCESS) {
 ws_ldap_close(ld);
 fprintf(stderr, "ldap_simple_bind_s failed: %s\n", ldap_err2string(r));
 return NULL;
 }
+return ld;
+}
+User* ldap_get_user(AuthDB *db, char *username) {
+LDAPAuthDB *authdb = (LDAPAuthDB*) db;
+LDAPConfig *config = &authdb->config;
+LDAP *ld = get_ldap_session(authdb);
+if (ld == NULL) {
+fprintf(stderr, "ldap_init failed\n");
+return NULL;
+}
 // get the user dn
 // TODO: use config for filter
+// TODO: use asprintf
 char filter[128];
 int s = snprintf(filter, 127, "uid=%s", username);
 filter[s] = 0;
 LDAPMessage *result;
 struct timeval timeout;
 timeout.tv_sec = 8;
 timeout.tv_usec = 0;
-r = ldap_search_ext_s(
+int r = ldap_search_ext_s(
 ld,
 config->basedn,
 LDAP_SCOPE_SUBTREE,
 filter,
 NULL,
 LDAPMessage *msg = ldap_first_entry(ld, result);
 if (msg) {
 LDAPUser *user = malloc(sizeof(LDAPUser));
 if (user != NULL) {
+user->authdb = authdb;
 user->user.verify_password = ldap_user_verify_password;
 user->user.check_group = ldap_user_check_group;
 user->user.free = ldap_user_free;
 user->user.name = username; // must not be freed
 }
 }
 ws_ldap_close(ld);
 return NULL;
+}
+LDAPGroup* ldap_get_group(LDAPAuthDB *authdb, char *group) {
+printf("ldap_get_group: %s\n", group);
+LDAPConfig *config = &authdb->config;
+LDAP *ld = get_ldap_session(authdb);
+if (ld == NULL) {
+fprintf(stderr, "ldap_init failed\n");
+return NULL;
+}
+// get the user dn
+// TODO: use config for filter
+// TODO: use asprintf
+char filter[128];
+int s = snprintf(filter, 127, "cn=%s", group);
+filter[s] = 0;
+LDAPMessage *result;
+struct timeval timeout;
+timeout.tv_sec = 8;
+timeout.tv_usec = 0;
+int r = ldap_search_ext_s(
+ld,
+config->basedn,
+LDAP_SCOPE_SUBTREE,
+filter,
+NULL,
+0,
+NULL,        // server controls
+NULL,        // client controls
+&timeout,
+1,           // size limit
+&result);
+if (r != LDAP_SUCCESS) {
+ws_ldap_close(ld);
+fprintf(stderr, "ldap_search_ext_s failed\n");
+return NULL;
+}
+LDAPGroup *wsgroup = NULL;
+LDAPMessage *msg = ldap_first_entry(ld, result);
+if (msg) {
+// create group object
+wsgroup = malloc(sizeof(LDAPGroup));
+wsgroup->name = strdup(group);
+wsgroup->members = NULL;
+wsgroup->nmembers = 0;
+wsgroup->update = 0;
+wsgroup->next = NULL;
+// get attributes
+BerElement *ber = NULL;
+char *attribute = attribute=ldap_first_attribute(ld, msg, &ber);
+while(attribute != NULL) {
+printf("attribute: %s\n", attribute);
+if(!strcasecmp(attribute, "memberuid")) {
+// get all memberuid values and add the users to the group obj
+struct berval **values = ldap_get_values_len(ld, msg, attribute);
+if(values) {
+int count = ldap_count_values_len(values);
+wsgroup->members = calloc(count, sizeof(LDAPMember));
+wsgroup->nmembers = count;
+for(int i=0;i<count;i++) {
+sstr_t member = sstrn(
+values[i]->bv_val,
+values[i]->bv_len);
+wsgroup->members[i].name = sstrdup(member).ptr;
+// TODO: uid?
+printf("added member: %.*s\n", member.length, member.ptr);
+}
+}
+}
+attribute = ldap_next_attribute(ld, msg, ber);
+}
+if(ber) {
+//ldap_ber_free(ber, 0);
+}
+if(attribute) {
+ldap_memfree(attribute);
+}
+}
+ws_ldap_close(ld);
+return wsgroup;
 }
 int ldap_user_verify_password(User *u, char *password) {
 LDAPUser *user = (LDAPUser*)u;
 printf("ldap password not ok\n");
 return 0;
 }
 }
-int ldap_user_check_group(User *user, char *group) {
+int ldap_user_check_group(User *u, char *group_str) {
-// TODO
+LDAPUser *user = (LDAPUser*)u;
-return 0;
+int ret = 0;
+LDAPGroup *group = ldap_get_group(user->authdb, group_str);
+for(int i=0;i<group->nmembers;i++) {
+char *member = group->members[i].name;
+if(!strcmp(member, u->name)) {
+printf("is member\n");
+ret = 1;
+}
+}
+// TODO: free or cache group
+return ret;
 }
 void ldap_user_free(User *u) {
 LDAPUser *user = (LDAPUser*)u;
 ldap_memfree(user->userdn);

comparison: src/server/daemon/ldap_auth.c

src/server/daemon/ldap_auth.c

Mercurial > hg > webserver / file comparison

comparison: src/server/daemon/ldap_auth.c

src/server/daemon/ldap_auth.c