comparison: src/server/daemon/ldap_auth.c
src/server/daemon/ldap_auth.c
- changeset 38
- d07810b02147
- child 44
- 3da1f7b6847f
equal
deleted
inserted
replaced
| 37:360b9aabe17e | 38:d07810b02147 |
|---|---|
| 1 /* | |
| 2 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER. | |
| 3 * | |
| 4 * Copyright 2011 Olaf Wintermann. All rights reserved. | |
| 5 * | |
| 6 * Redistribution and use in source and binary forms, with or without | |
| 7 * modification, are permitted provided that the following conditions are met: | |
| 8 * | |
| 9 * 1. Redistributions of source code must retain the above copyright | |
| 10 * notice, this list of conditions and the following disclaimer. | |
| 11 * | |
| 12 * 2. Redistributions in binary form must reproduce the above copyright | |
| 13 * notice, this list of conditions and the following disclaimer in the | |
| 14 * documentation and/or other materials provided with the distribution. | |
| 15 * | |
| 16 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" | |
| 17 * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | |
| 18 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE | |
| 19 * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE | |
| 20 * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR | |
| 21 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF | |
| 22 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS | |
| 23 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN | |
| 24 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) | |
| 25 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE | |
| 26 * POSSIBILITY OF SUCH DAMAGE. | |
| 27 */ | |
| 28 | |
| 29 #include <stdio.h> | |
| 30 #include <stdlib.h> | |
| 31 #include <string.h> | |
| 32 | |
| 33 #include "ldap_auth.h" | |
| 34 | |
| 35 AuthDB* create_ldap_authdb(char *name, LDAPConfig *conf) { | |
| 36 LDAPAuthDB *authdb = malloc(sizeof (LDAPAuthDB)); | |
| 37 authdb->authdb.name = strdup(name); | |
| 38 authdb->authdb.get_user = ldap_get_user; | |
| 39 authdb->config = *conf; | |
| 40 | |
| 41 if (!authdb->config.usersearch) { | |
| 42 authdb->config.usersearch = "uid"; | |
| 43 } | |
| 44 if (!authdb->config.groupsearch) { | |
| 45 authdb->config.groupsearch = "uniquemember"; | |
| 46 } | |
| 47 | |
| 48 return (AuthDB*) authdb; | |
| 49 } | |
| 50 | |
| 51 User* ldap_get_user(AuthDB *db, char *username) { | |
| 52 LDAPAuthDB *authdb = (LDAPAuthDB*) db; | |
| 53 LDAPConfig *config = &authdb->config; | |
| 54 | |
| 55 LDAP *ld = ldap_init(config->hostname, config->port); | |
| 56 if (ld == NULL) { | |
| 57 fprintf(stderr, "ldap_init failed\n"); | |
| 58 return NULL; | |
| 59 } | |
| 60 | |
| 61 int r = ldap_simple_bind_s(ld, config->binddn, config->bindpw); | |
| 62 if (r != LDAP_SUCCESS) { | |
| 63 ldap_unbind(ld); | |
| 64 fprintf(stderr, "ldap_simple_bind_s failed: %s\n", ldap_err2string(r)); | |
| 65 return NULL; | |
| 66 } | |
| 67 | |
| 68 // get the user dn | |
| 69 | |
| 70 // TODO: use config for filter | |
| 71 char filter[128]; | |
| 72 int s = snprintf(filter, 127, "uid=%s", username); | |
| 73 filter[s] = 0; | |
| 74 | |
| 75 LDAPMessage *result; | |
| 76 r = ldap_search_s( | |
| 77 ld, | |
| 78 config->basedn, | |
| 79 LDAP_SCOPE_SUBTREE, | |
| 80 filter, | |
| 81 NULL, | |
| 82 0, | |
| 83 &result); | |
| 84 if (r != LDAP_SUCCESS) { | |
| 85 ldap_unbind(ld); | |
| 86 fprintf(stderr, "ldap_search_s failed\n"); | |
| 87 return NULL; | |
| 88 } | |
| 89 | |
| 90 LDAPMessage *msg = ldap_first_entry(ld, result); | |
| 91 if (msg) { | |
| 92 LDAPUser *user = malloc(sizeof (LDAPUser)); | |
| 93 if (user != NULL) { | |
| 94 user->user.verify_password = ldap_user_verify_password; | |
| 95 user->user.check_group = ldap_user_check_group; | |
| 96 user->user.free = ldap_user_free; | |
| 97 user->user.name = username; // must not be freed | |
| 98 | |
| 99 user->ldap = ld; | |
| 100 user->userdn = ldap_get_dn(ld, msg); | |
| 101 | |
| 102 ldap_msgfree(result); | |
| 103 | |
| 104 return (User*)user; | |
| 105 } | |
| 106 } | |
| 107 | |
| 108 ldap_unbind(ld); | |
| 109 return NULL; | |
| 110 } | |
| 111 | |
| 112 int ldap_user_verify_password(User *u, char *password) { | |
| 113 LDAPUser *user = (LDAPUser*)u; | |
| 114 | |
| 115 int r = ldap_simple_bind_s(user->ldap, user->userdn, password); | |
| 116 if(r == LDAP_SUCCESS) { | |
| 117 printf("ldap password ok\n"); | |
| 118 return 1; | |
| 119 } else { | |
| 120 printf("ldap password not ok\n"); | |
| 121 return 0; | |
| 122 } | |
| 123 } | |
| 124 | |
| 125 int ldap_user_check_group(User *user, char *group) { | |
| 126 // TODO | |
| 127 return 0; | |
| 128 } | |
| 129 | |
| 130 void ldap_user_free(User *u) { | |
| 131 LDAPUser *user = (LDAPUser*) u; | |
| 132 ldap_memfree(user->userdn); | |
| 133 // TODO: use connection pool | |
| 134 ldap_unbind(user->ldap); | |
| 135 free(user); | |
| 136 } |
