src/server/daemon/ldap_auth.c

Mon, 08 Jul 2013 11:10:54 +0200

author
Olaf Wintermann <olaf.wintermann@gmail.com>
date
Mon, 08 Jul 2013 11:10:54 +0200
changeset 84
afd57ce39ec9
parent 66
74babc0082b7
child 86
49bb6c8ceb2b
permissions
-rw-r--r--

added initial java plugin code

/*
 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
 *
 * Copyright 2013 Olaf Wintermann. All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions are met:
 *
 *   1. Redistributions of source code must retain the above copyright
 *      notice, this list of conditions and the following disclaimer.
 *
 *   2. Redistributions in binary form must reproduce the above copyright
 *      notice, this list of conditions and the following disclaimer in the
 *      documentation and/or other materials provided with the distribution.
 *
 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
 * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
 * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE
 * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
 * POSSIBILITY OF SUCH DAMAGE.
 */

#include <stdio.h>
#include <stdlib.h>
#include <string.h>

#include "ldap_auth.h"

AuthDB* create_ldap_authdb(char *name, LDAPConfig *conf) {
    LDAPAuthDB *authdb = malloc(sizeof (LDAPAuthDB));
    authdb->authdb.name = strdup(name);
    authdb->authdb.get_user = ldap_get_user;
    authdb->authdb.use_cache = 1;
    authdb->config = *conf;

    if (!authdb->config.usersearch) {
        authdb->config.usersearch = "uid";
    }
    if (!authdb->config.groupsearch) {
        authdb->config.groupsearch = "uniquemember";
    }

    return (AuthDB*) authdb;
}

User* ldap_get_user(AuthDB *db, char *username) {
    LDAPAuthDB *authdb = (LDAPAuthDB*) db;
    LDAPConfig *config = &authdb->config;

    LDAP *ld = ldap_init(config->hostname, config->port);
    if (ld == NULL) {
        fprintf(stderr, "ldap_init failed\n");
        return NULL;
    }
    int ldapv = 3;
    ldap_set_option(ld, LDAP_OPT_PROTOCOL_VERSION, &ldapv);

    int r = ldap_simple_bind_s(ld, config->binddn, config->bindpw);
    if (r != LDAP_SUCCESS) {
        ldap_unbind(ld);
        fprintf(stderr, "ldap_simple_bind_s failed: %s\n", ldap_err2string(r));
        return NULL;
    }

    // get the user dn

    // TODO: use config for filter
    char filter[128];
    int s = snprintf(filter, 127, "uid=%s", username);
    filter[s] = 0;

    LDAPMessage *result;
    r = ldap_search_s(
            ld,
            config->basedn,
            LDAP_SCOPE_SUBTREE,
            filter,
            NULL,
            0,
            &result);
    if (r != LDAP_SUCCESS) {
        ldap_unbind(ld);
        fprintf(stderr, "ldap_search_s failed\n");
        return NULL;
    }

    LDAPMessage *msg = ldap_first_entry(ld, result);
    if (msg) {
        LDAPUser *user = malloc(sizeof(LDAPUser));
        if (user != NULL) {
            user->user.verify_password = ldap_user_verify_password;
            user->user.check_group = ldap_user_check_group;
            user->user.free = ldap_user_free;
            user->user.name = username; // must not be freed
            
            // TODO: get uid/gid from ldap
            user->user.uid = -1;
            user->user.gid = -1;

            user->ldap = ld;
            user->userdn = ldap_get_dn(ld, msg);

            ldap_msgfree(result);

            return (User*)user;
        }
    }

    ldap_unbind(ld);
    return NULL;
}

int ldap_user_verify_password(User *u, char *password) {
    LDAPUser *user = (LDAPUser*)u;
    
    int r = ldap_simple_bind_s(user->ldap, user->userdn, password);
    if(r == LDAP_SUCCESS) {
        printf("ldap password ok\n");
        return 1;
    } else {
        printf("ldap password not ok\n");
        return 0;
    }
}

int ldap_user_check_group(User *user, char *group) {
    // TODO
    return 0;
}

void ldap_user_free(User *u) {
    LDAPUser *user = (LDAPUser*)u;
    ldap_memfree(user->userdn);
    // TODO: use connection pool
    ldap_unbind(user->ldap);
    free(user);
}

mercurial