Mercurial > hg > webserver / file comparison

comparison: src/server/daemon/ldap_auth.c

src/server/daemon/ldap_auth.c

changeset 472
d6bc67906c8c
parent 471
9aa5ae3258f5
child 473
102322b6f4ee
equal deleted inserted replaced
471:9aa5ae3258f5 472:d6bc67906c8c
539 LDAP *ld = get_ldap_session(sn, rq, authdb); 539 LDAP *ld = get_ldap_session(sn, rq, authdb);
540 if (ld == NULL) { 540 if (ld == NULL) {
541 return NULL; 541 return NULL;
542 } 542 }
543 543
544 cxstring groupSearch = cx_str(config->groupSearchFilter); 544 // if userNameIsDN is true, group will be the full group dn and we
545 cxmutstr filter = cx_strreplace_a(a, groupSearch, cx_str("%s"), cx_str(group)); 545 // don't need to search with a filter, to get the entry
546 if(!filter.ptr) { 546 char *filterStr;
547 return NULL; 547 const char *basedn;
548 } 548 int scope;
549 if(config->userNameIsDN) {
550 filterStr = NULL;
551 basedn = group;
552 scope = LDAP_SCOPE_BASE;
553 } else {
554 cxstring groupSearch = cx_str(config->groupSearchFilter);
555 cxmutstr filter = cx_strreplace_a(a, groupSearch, cx_str("%s"), cx_str(group));
556 if(!filter.ptr) {
557 return NULL;
558 }
559 filterStr = filter.ptr;
560 basedn = config->basedn;
561 scope = LDAP_SCOPE_SUBTREE;
562 }
563
564 log_ereport(LOG_DEBUG, "ldap_get_group: basedn: %s filter: %s", basedn, filterStr);
549 565
550 LDAPMessage *result; 566 LDAPMessage *result;
551 struct timeval timeout; 567 struct timeval timeout;
552 timeout.tv_sec = 8; 568 timeout.tv_sec = 8;
553 timeout.tv_usec = 0; 569 timeout.tv_usec = 0;
554 int r = ldap_search_ext_s( 570 int r = ldap_search_ext_s(
555 ld, 571 ld,
556 config->basedn, 572 basedn,
557 LDAP_SCOPE_SUBTREE, 573 scope,
558 filter.ptr, 574 filterStr,
559 NULL, 575 NULL,
560 0, 576 0,
561 NULL, // server controls 577 NULL, // server controls
562 NULL, // client controls 578 NULL, // client controls
563 &timeout, 579 &timeout,
564 2, // size limit 580 2, // size limit
565 &result); 581 &result);
582 if(filterStr) {
583 cxFree(a, filterStr);
584 }
585
566 if (r != LDAP_SUCCESS) { 586 if (r != LDAP_SUCCESS) {
567 if(result) { 587 if(result) {
568 ldap_msgfree(result); 588 ldap_msgfree(result);
569 } 589 }
570 log_ereport(LOG_FAILURE, "ldap_get_group: search failed: %s", ldap_err2string(r)); 590 log_ereport(LOG_FAILURE, "ldap_get_group %s: search failed: %s", group, ldap_err2string(r));
571 return NULL; 591 return NULL;
572 } 592 }
573 593
574 LDAPMessage *msg = ldap_first_entry(ld, result); 594 LDAPMessage *msg = ldap_first_entry(ld, result);
575 LDAPGroup *wsgroup = NULL; 595 LDAPGroup *wsgroup = NULL;
579 } else { 599 } else {
580 wsgroup = ldap_msg_to_group(sn, rq, authdb, ld, msg, group); 600 wsgroup = ldap_msg_to_group(sn, rq, authdb, ld, msg, group);
581 } 601 }
582 } 602 }
583 ldap_msgfree(result); 603 ldap_msgfree(result);
584
585 /*
586 LDAPMessage *msg = ldap_first_entry(ld, result);
587 if (msg) {
588 // create group object
589 wsgroup = malloc(sizeof(LDAPGroup));
590 wsgroup->name = strdup(group);
591 wsgroup->members = NULL;
592 wsgroup->nmembers = 0;
593 wsgroup->update = 0;
594 wsgroup->next = NULL;
595
596 // get attributes
597 BerElement *ber = NULL;
598 char *attribute = attribute=ldap_first_attribute(ld, msg, &ber);
599 while(attribute != NULL) {
600 printf("attribute: %s\n", attribute);
601 if(!strcasecmp(attribute, "memberuid")) {
602 // get all memberuid values and add the users to the group obj
603
604 struct berval **values = ldap_get_values_len(ld, msg, attribute);
605 if(values) {
606 int count = ldap_count_values_len(values);
607 wsgroup->members = calloc(count, sizeof(LDAPMember));
608 wsgroup->nmembers = count;
609 for(int i=0;i<count;i++) {
610 cxstring member = cx_strn(
611 values[i]->bv_val,
612 values[i]->bv_len);
613 wsgroup->members[i].name = cx_strdup(member).ptr;
614 // TODO: uid?
615 printf("added member: %.*s\n", (int)member.length, member.ptr);
616 }
617 }
618 }
619
620 attribute = ldap_next_attribute(ld, msg, ber);
621 }
622
623 if(ber) {
624 //ldap_ber_free(ber, 0);
625 }
626 if(attribute) {
627 ldap_memfree(attribute);
628 }
629 }
630 */
631 604
632 return wsgroup; 605 return wsgroup;
633 } 606 }
634 607
635 int ldap_user_verify_password(User *u, const char *password) { 608 int ldap_user_verify_password(User *u, const char *password) {
656 } 629 }
657 } 630 }
658 631
659 int ldap_user_check_group(User *u, const char *group_str) { 632 int ldap_user_check_group(User *u, const char *group_str) {
660 LDAPUser *user = (LDAPUser*)u; 633 LDAPUser *user = (LDAPUser*)u;
634 LDAPAuthDB *authdb = user->authdb;
635 if(!authdb->config.enableGroups) {
636 log_ereport(
637 LOG_DEBUG,
638 "ldap_user_check_group: authdb %s: groups disabled",
639 authdb->authdb.name);
640 return 0;
641 }
661 642
662 int ret = 0; 643 int ret = 0;
663 644 LDAPGroup *group = ldap_get_group(user->sn, user->rq, authdb, group_str);
664 LDAPGroup *group = ldap_get_group(user->sn, user->rq, user->authdb, group_str);
665 if(group) { 645 if(group) {
666 char *member = cxMapGet(group->members, cx_hash_key_str(u->name)); 646 const char *usr = authdb->config.groupMemberType == WS_LDAP_GROUP_MEMBER_DN ? user->userdn : user->uid_attr;
647 char *member = cxMapGet(group->members, cx_hash_key_str(usr));
667 if(member) { 648 if(member) {
668 ret = 1; 649 ret = 1;
669 } 650 }
670 } 651 }
671
672 652
673 return ret; 653 return ret;
674 } 654 }
675 655
676 void ldap_user_free(User *u) { 656 void ldap_user_free(User *u) {
677 LDAPUser *user = (LDAPUser*)u; 657 LDAPUser *user = (LDAPUser*)u;
678 ldap_memfree(user->userdn); 658 pool_free(user->sn->pool, user->userdn);
679 // TODO: use connection pool 659 pool_free(user->sn->pool, user->uid_attr);
680 //ws_ldap_close(user->ldap); 660 pool_free(user->sn->pool, user);
681 free(user); 661 }
682 }

Mercurial Repository: webserver

mercurial