24 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) |
24 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) |
25 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE |
25 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE |
26 * POSSIBILITY OF SUCH DAMAGE. |
26 * POSSIBILITY OF SUCH DAMAGE. |
27 */ |
27 */ |
28 |
28 |
|
29 #ifdef __gnu_linux__ |
|
30 #define _GNU_SOURCE |
|
31 #endif |
|
32 |
29 #include <stdio.h> |
33 #include <stdio.h> |
30 #include <stdlib.h> |
34 #include <stdlib.h> |
31 #include <string.h> |
35 #include <string.h> |
32 |
36 |
33 #include "ldap_auth.h" |
37 #include "ldap_auth.h" |
34 |
38 |
35 AuthDB* create_ldap_authdb(char *name, LDAPConfig *conf) { |
39 AuthDB* create_ldap_authdb(char *name, LDAPConfig *conf) { |
36 LDAPAuthDB *authdb = malloc(sizeof (LDAPAuthDB)); |
40 LDAPAuthDB *authdb = malloc(sizeof(LDAPAuthDB)); |
37 authdb->authdb.name = strdup(name); |
41 authdb->authdb.name = strdup(name); |
38 authdb->authdb.get_user = ldap_get_user; |
42 authdb->authdb.get_user = ldap_get_user; |
39 authdb->authdb.use_cache = 1; |
43 authdb->authdb.use_cache = 1; |
40 authdb->config = *conf; |
44 authdb->config = *conf; |
41 |
45 |
51 |
55 |
52 User* ldap_get_user(AuthDB *db, char *username) { |
56 User* ldap_get_user(AuthDB *db, char *username) { |
53 LDAPAuthDB *authdb = (LDAPAuthDB*) db; |
57 LDAPAuthDB *authdb = (LDAPAuthDB*) db; |
54 LDAPConfig *config = &authdb->config; |
58 LDAPConfig *config = &authdb->config; |
55 |
59 |
56 LDAP *ld = ldap_init(config->hostname, config->port); |
60 LDAP *ld = NULL; |
|
61 #ifdef LINUX |
|
62 char *ldap_uri = NULL; |
|
63 asprintf(&ldap_uri, "ldap://%s:%d", config->hostname, config->port); |
|
64 if(ldap_initialize(&ld, ldap_uri)) { |
|
65 fprintf(stderr, "ldap_initialize failed\n"); |
|
66 } |
|
67 #else |
|
68 ld = ldap_init(config->hostname, config->port); |
|
69 #endif |
57 if (ld == NULL) { |
70 if (ld == NULL) { |
58 fprintf(stderr, "ldap_init failed\n"); |
71 fprintf(stderr, "ldap_init failed\n"); |
59 return NULL; |
72 return NULL; |
60 } |
73 } |
61 int ldapv = 3; |
74 |
|
75 int ldapv = LDAP_VERSION3; |
62 ldap_set_option(ld, LDAP_OPT_PROTOCOL_VERSION, &ldapv); |
76 ldap_set_option(ld, LDAP_OPT_PROTOCOL_VERSION, &ldapv); |
63 |
77 |
64 int r = ldap_simple_bind_s(ld, config->binddn, config->bindpw); |
78 //int r = ldap_simple_bind_s(ld, config->binddn, config->bindpw); |
|
79 struct berval cred; |
|
80 cred.bv_val = config->bindpw; |
|
81 cred.bv_len = strlen(config->bindpw); |
|
82 struct berval *server_cred; |
|
83 int r = ldap_sasl_bind_s( |
|
84 ld, |
|
85 config->binddn, |
|
86 LDAP_SASL_SIMPLE, |
|
87 &cred, |
|
88 NULL, |
|
89 NULL, |
|
90 &server_cred); |
65 if (r != LDAP_SUCCESS) { |
91 if (r != LDAP_SUCCESS) { |
66 ldap_unbind(ld); |
92 //ldap_unbind(ld); |
|
93 ldap_unbind_ext_s(ld, NULL, NULL); |
67 fprintf(stderr, "ldap_simple_bind_s failed: %s\n", ldap_err2string(r)); |
94 fprintf(stderr, "ldap_simple_bind_s failed: %s\n", ldap_err2string(r)); |
68 return NULL; |
95 return NULL; |
69 } |
96 } |
70 |
97 |
71 // get the user dn |
98 // get the user dn |
74 char filter[128]; |
101 char filter[128]; |
75 int s = snprintf(filter, 127, "uid=%s", username); |
102 int s = snprintf(filter, 127, "uid=%s", username); |
76 filter[s] = 0; |
103 filter[s] = 0; |
77 |
104 |
78 LDAPMessage *result; |
105 LDAPMessage *result; |
79 r = ldap_search_s( |
106 struct timeval timeout; |
|
107 timeout.tv_sec = 8; |
|
108 timeout.tv_usec = 0; |
|
109 r = ldap_search_ext_s( |
80 ld, |
110 ld, |
81 config->basedn, |
111 config->basedn, |
82 LDAP_SCOPE_SUBTREE, |
112 LDAP_SCOPE_SUBTREE, |
83 filter, |
113 filter, |
84 NULL, |
114 NULL, |
85 0, |
115 0, |
|
116 NULL, // server controls |
|
117 NULL, // client controls |
|
118 &timeout, |
|
119 1, // size limit |
86 &result); |
120 &result); |
87 if (r != LDAP_SUCCESS) { |
121 if (r != LDAP_SUCCESS) { |
88 ldap_unbind(ld); |
122 //ldap_unbind(ld); |
89 fprintf(stderr, "ldap_search_s failed\n"); |
123 ldap_unbind_ext_s(ld, NULL, NULL); |
|
124 fprintf(stderr, "ldap_search_ext_s failed\n"); |
90 return NULL; |
125 return NULL; |
91 } |
126 } |
92 |
127 |
93 LDAPMessage *msg = ldap_first_entry(ld, result); |
128 LDAPMessage *msg = ldap_first_entry(ld, result); |
94 if (msg) { |
129 if (msg) { |
110 |
145 |
111 return (User*)user; |
146 return (User*)user; |
112 } |
147 } |
113 } |
148 } |
114 |
149 |
115 ldap_unbind(ld); |
150 ldap_unbind_ext_s(ld, NULL, NULL); |
116 return NULL; |
151 return NULL; |
117 } |
152 } |
118 |
153 |
119 int ldap_user_verify_password(User *u, char *password) { |
154 int ldap_user_verify_password(User *u, char *password) { |
120 LDAPUser *user = (LDAPUser*)u; |
155 LDAPUser *user = (LDAPUser*)u; |
121 |
156 |
122 int r = ldap_simple_bind_s(user->ldap, user->userdn, password); |
157 //int r = ldap_simple_bind_s(user->ldap, user->userdn, password); |
|
158 struct berval cred; |
|
159 cred.bv_val = password; |
|
160 cred.bv_len = strlen(password); |
|
161 struct berval *server_cred; |
|
162 int r = ldap_sasl_bind_s( |
|
163 user->ldap, |
|
164 user->userdn, |
|
165 LDAP_SASL_SIMPLE, |
|
166 &cred, |
|
167 NULL, |
|
168 NULL, |
|
169 &server_cred); |
123 if(r == LDAP_SUCCESS) { |
170 if(r == LDAP_SUCCESS) { |
124 printf("ldap password ok\n"); |
171 printf("ldap password ok\n"); |
125 return 1; |
172 return 1; |
126 } else { |
173 } else { |
127 printf("ldap password not ok\n"); |
174 printf("ldap password not ok\n"); |
136 |
183 |
137 void ldap_user_free(User *u) { |
184 void ldap_user_free(User *u) { |
138 LDAPUser *user = (LDAPUser*)u; |
185 LDAPUser *user = (LDAPUser*)u; |
139 ldap_memfree(user->userdn); |
186 ldap_memfree(user->userdn); |
140 // TODO: use connection pool |
187 // TODO: use connection pool |
141 ldap_unbind(user->ldap); |
188 //ldap_unbind(user->ldap); |
|
189 ldap_unbind_ext_s(user->ldap, NULL, NULL); |
142 free(user); |
190 free(user); |
143 } |
191 } |