|
1 /* |
|
2 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER. |
|
3 * |
|
4 * Copyright 2011 Olaf Wintermann. All rights reserved. |
|
5 * |
|
6 * Redistribution and use in source and binary forms, with or without |
|
7 * modification, are permitted provided that the following conditions are met: |
|
8 * |
|
9 * 1. Redistributions of source code must retain the above copyright |
|
10 * notice, this list of conditions and the following disclaimer. |
|
11 * |
|
12 * 2. Redistributions in binary form must reproduce the above copyright |
|
13 * notice, this list of conditions and the following disclaimer in the |
|
14 * documentation and/or other materials provided with the distribution. |
|
15 * |
|
16 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" |
|
17 * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE |
|
18 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE |
|
19 * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE |
|
20 * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR |
|
21 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF |
|
22 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS |
|
23 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN |
|
24 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) |
|
25 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE |
|
26 * POSSIBILITY OF SUCH DAMAGE. |
|
27 */ |
|
28 |
|
29 #include <stdio.h> |
|
30 #include <stdlib.h> |
|
31 #include <string.h> |
|
32 |
|
33 #include "ldap_auth.h" |
|
34 |
|
35 AuthDB* create_ldap_authdb(char *name, LDAPConfig *conf) { |
|
36 LDAPAuthDB *authdb = malloc(sizeof (LDAPAuthDB)); |
|
37 authdb->authdb.name = strdup(name); |
|
38 authdb->authdb.get_user = ldap_get_user; |
|
39 authdb->config = *conf; |
|
40 |
|
41 if (!authdb->config.usersearch) { |
|
42 authdb->config.usersearch = "uid"; |
|
43 } |
|
44 if (!authdb->config.groupsearch) { |
|
45 authdb->config.groupsearch = "uniquemember"; |
|
46 } |
|
47 |
|
48 return (AuthDB*) authdb; |
|
49 } |
|
50 |
|
51 User* ldap_get_user(AuthDB *db, char *username) { |
|
52 LDAPAuthDB *authdb = (LDAPAuthDB*) db; |
|
53 LDAPConfig *config = &authdb->config; |
|
54 |
|
55 LDAP *ld = ldap_init(config->hostname, config->port); |
|
56 if (ld == NULL) { |
|
57 fprintf(stderr, "ldap_init failed\n"); |
|
58 return NULL; |
|
59 } |
|
60 |
|
61 int r = ldap_simple_bind_s(ld, config->binddn, config->bindpw); |
|
62 if (r != LDAP_SUCCESS) { |
|
63 ldap_unbind(ld); |
|
64 fprintf(stderr, "ldap_simple_bind_s failed: %s\n", ldap_err2string(r)); |
|
65 return NULL; |
|
66 } |
|
67 |
|
68 // get the user dn |
|
69 |
|
70 // TODO: use config for filter |
|
71 char filter[128]; |
|
72 int s = snprintf(filter, 127, "uid=%s", username); |
|
73 filter[s] = 0; |
|
74 |
|
75 LDAPMessage *result; |
|
76 r = ldap_search_s( |
|
77 ld, |
|
78 config->basedn, |
|
79 LDAP_SCOPE_SUBTREE, |
|
80 filter, |
|
81 NULL, |
|
82 0, |
|
83 &result); |
|
84 if (r != LDAP_SUCCESS) { |
|
85 ldap_unbind(ld); |
|
86 fprintf(stderr, "ldap_search_s failed\n"); |
|
87 return NULL; |
|
88 } |
|
89 |
|
90 LDAPMessage *msg = ldap_first_entry(ld, result); |
|
91 if (msg) { |
|
92 LDAPUser *user = malloc(sizeof (LDAPUser)); |
|
93 if (user != NULL) { |
|
94 user->user.verify_password = ldap_user_verify_password; |
|
95 user->user.check_group = ldap_user_check_group; |
|
96 user->user.free = ldap_user_free; |
|
97 user->user.name = username; // must not be freed |
|
98 |
|
99 user->ldap = ld; |
|
100 user->userdn = ldap_get_dn(ld, msg); |
|
101 |
|
102 ldap_msgfree(result); |
|
103 |
|
104 return (User*)user; |
|
105 } |
|
106 } |
|
107 |
|
108 ldap_unbind(ld); |
|
109 return NULL; |
|
110 } |
|
111 |
|
112 int ldap_user_verify_password(User *u, char *password) { |
|
113 LDAPUser *user = (LDAPUser*)u; |
|
114 |
|
115 int r = ldap_simple_bind_s(user->ldap, user->userdn, password); |
|
116 if(r == LDAP_SUCCESS) { |
|
117 printf("ldap password ok\n"); |
|
118 return 1; |
|
119 } else { |
|
120 printf("ldap password not ok\n"); |
|
121 return 0; |
|
122 } |
|
123 } |
|
124 |
|
125 int ldap_user_check_group(User *user, char *group) { |
|
126 // TODO |
|
127 return 0; |
|
128 } |
|
129 |
|
130 void ldap_user_free(User *u) { |
|
131 LDAPUser *user = (LDAPUser*) u; |
|
132 ldap_memfree(user->userdn); |
|
133 // TODO: use connection pool |
|
134 ldap_unbind(user->ldap); |
|
135 free(user); |
|
136 } |