Mercurial > hg > webserver / file comparison

comparison: src/server/daemon/ldap_auth.c

src/server/daemon/ldap_auth.c

changeset 86
49bb6c8ceb2b
parent 66
74babc0082b7
child 87
bdec069d2239
equal deleted inserted replaced
85:b62e77d8e80c 86:49bb6c8ceb2b
24 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 24 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
25 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 25 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
26 * POSSIBILITY OF SUCH DAMAGE. 26 * POSSIBILITY OF SUCH DAMAGE.
27 */ 27 */
28 28
29 #ifdef __gnu_linux__
30 #define _GNU_SOURCE
31 #endif
32
29 #include <stdio.h> 33 #include <stdio.h>
30 #include <stdlib.h> 34 #include <stdlib.h>
31 #include <string.h> 35 #include <string.h>
32 36
33 #include "ldap_auth.h" 37 #include "ldap_auth.h"
34 38
35 AuthDB* create_ldap_authdb(char *name, LDAPConfig *conf) { 39 AuthDB* create_ldap_authdb(char *name, LDAPConfig *conf) {
36 LDAPAuthDB *authdb = malloc(sizeof (LDAPAuthDB)); 40 LDAPAuthDB *authdb = malloc(sizeof(LDAPAuthDB));
37 authdb->authdb.name = strdup(name); 41 authdb->authdb.name = strdup(name);
38 authdb->authdb.get_user = ldap_get_user; 42 authdb->authdb.get_user = ldap_get_user;
39 authdb->authdb.use_cache = 1; 43 authdb->authdb.use_cache = 1;
40 authdb->config = *conf; 44 authdb->config = *conf;
41 45
51 55
52 User* ldap_get_user(AuthDB *db, char *username) { 56 User* ldap_get_user(AuthDB *db, char *username) {
53 LDAPAuthDB *authdb = (LDAPAuthDB*) db; 57 LDAPAuthDB *authdb = (LDAPAuthDB*) db;
54 LDAPConfig *config = &authdb->config; 58 LDAPConfig *config = &authdb->config;
55 59
56 LDAP *ld = ldap_init(config->hostname, config->port); 60 LDAP *ld = NULL;
61 #ifdef LINUX
62 char *ldap_uri = NULL;
63 asprintf(&ldap_uri, "ldap://%s:%d", config->hostname, config->port);
64 if(ldap_initialize(&ld, ldap_uri)) {
65 fprintf(stderr, "ldap_initialize failed\n");
66 }
67 #else
68 ld = ldap_init(config->hostname, config->port);
69 #endif
57 if (ld == NULL) { 70 if (ld == NULL) {
58 fprintf(stderr, "ldap_init failed\n"); 71 fprintf(stderr, "ldap_init failed\n");
59 return NULL; 72 return NULL;
60 } 73 }
61 int ldapv = 3; 74
75 int ldapv = LDAP_VERSION3;
62 ldap_set_option(ld, LDAP_OPT_PROTOCOL_VERSION, &ldapv); 76 ldap_set_option(ld, LDAP_OPT_PROTOCOL_VERSION, &ldapv);
63 77
64 int r = ldap_simple_bind_s(ld, config->binddn, config->bindpw); 78 //int r = ldap_simple_bind_s(ld, config->binddn, config->bindpw);
79 struct berval cred;
80 cred.bv_val = config->bindpw;
81 cred.bv_len = strlen(config->bindpw);
82 struct berval *server_cred;
83 int r = ldap_sasl_bind_s(
84 ld,
85 config->binddn,
86 LDAP_SASL_SIMPLE,
87 &cred,
88 NULL,
89 NULL,
90 &server_cred);
65 if (r != LDAP_SUCCESS) { 91 if (r != LDAP_SUCCESS) {
66 ldap_unbind(ld); 92 //ldap_unbind(ld);
93 ldap_unbind_ext_s(ld, NULL, NULL);
67 fprintf(stderr, "ldap_simple_bind_s failed: %s\n", ldap_err2string(r)); 94 fprintf(stderr, "ldap_simple_bind_s failed: %s\n", ldap_err2string(r));
68 return NULL; 95 return NULL;
69 } 96 }
70 97
71 // get the user dn 98 // get the user dn
74 char filter[128]; 101 char filter[128];
75 int s = snprintf(filter, 127, "uid=%s", username); 102 int s = snprintf(filter, 127, "uid=%s", username);
76 filter[s] = 0; 103 filter[s] = 0;
77 104
78 LDAPMessage *result; 105 LDAPMessage *result;
79 r = ldap_search_s( 106 struct timeval timeout;
107 timeout.tv_sec = 8;
108 timeout.tv_usec = 0;
109 r = ldap_search_ext_s(
80 ld, 110 ld,
81 config->basedn, 111 config->basedn,
82 LDAP_SCOPE_SUBTREE, 112 LDAP_SCOPE_SUBTREE,
83 filter, 113 filter,
84 NULL, 114 NULL,
85 0, 115 0,
116 NULL, // server controls
117 NULL, // client controls
118 &timeout,
119 1, // size limit
86 &result); 120 &result);
87 if (r != LDAP_SUCCESS) { 121 if (r != LDAP_SUCCESS) {
88 ldap_unbind(ld); 122 //ldap_unbind(ld);
89 fprintf(stderr, "ldap_search_s failed\n"); 123 ldap_unbind_ext_s(ld, NULL, NULL);
124 fprintf(stderr, "ldap_search_ext_s failed\n");
90 return NULL; 125 return NULL;
91 } 126 }
92 127
93 LDAPMessage *msg = ldap_first_entry(ld, result); 128 LDAPMessage *msg = ldap_first_entry(ld, result);
94 if (msg) { 129 if (msg) {
110 145
111 return (User*)user; 146 return (User*)user;
112 } 147 }
113 } 148 }
114 149
115 ldap_unbind(ld); 150 ldap_unbind_ext_s(ld, NULL, NULL);
116 return NULL; 151 return NULL;
117 } 152 }
118 153
119 int ldap_user_verify_password(User *u, char *password) { 154 int ldap_user_verify_password(User *u, char *password) {
120 LDAPUser *user = (LDAPUser*)u; 155 LDAPUser *user = (LDAPUser*)u;
121 156
122 int r = ldap_simple_bind_s(user->ldap, user->userdn, password); 157 //int r = ldap_simple_bind_s(user->ldap, user->userdn, password);
158 struct berval cred;
159 cred.bv_val = password;
160 cred.bv_len = strlen(password);
161 struct berval *server_cred;
162 int r = ldap_sasl_bind_s(
163 user->ldap,
164 user->userdn,
165 LDAP_SASL_SIMPLE,
166 &cred,
167 NULL,
168 NULL,
169 &server_cred);
123 if(r == LDAP_SUCCESS) { 170 if(r == LDAP_SUCCESS) {
124 printf("ldap password ok\n"); 171 printf("ldap password ok\n");
125 return 1; 172 return 1;
126 } else { 173 } else {
127 printf("ldap password not ok\n"); 174 printf("ldap password not ok\n");
136 183
137 void ldap_user_free(User *u) { 184 void ldap_user_free(User *u) {
138 LDAPUser *user = (LDAPUser*)u; 185 LDAPUser *user = (LDAPUser*)u;
139 ldap_memfree(user->userdn); 186 ldap_memfree(user->userdn);
140 // TODO: use connection pool 187 // TODO: use connection pool
141 ldap_unbind(user->ldap); 188 //ldap_unbind(user->ldap);
189 ldap_unbind_ext_s(user->ldap, NULL, NULL);
142 free(user); 190 free(user);
143 } 191 }

Mercurial Repository: webserver

mercurial