diff -r 360b9aabe17e -r d07810b02147 src/server/daemon/ldap_auth.c --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/src/server/daemon/ldap_auth.c Sat Dec 29 18:08:23 2012 +0100 @@ -0,0 +1,136 @@ +/* + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER. + * + * Copyright 2011 Olaf Wintermann. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE + * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR + * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + * POSSIBILITY OF SUCH DAMAGE. + */ + +#include +#include +#include + +#include "ldap_auth.h" + +AuthDB* create_ldap_authdb(char *name, LDAPConfig *conf) { + LDAPAuthDB *authdb = malloc(sizeof (LDAPAuthDB)); + authdb->authdb.name = strdup(name); + authdb->authdb.get_user = ldap_get_user; + authdb->config = *conf; + + if (!authdb->config.usersearch) { + authdb->config.usersearch = "uid"; + } + if (!authdb->config.groupsearch) { + authdb->config.groupsearch = "uniquemember"; + } + + return (AuthDB*) authdb; +} + +User* ldap_get_user(AuthDB *db, char *username) { + LDAPAuthDB *authdb = (LDAPAuthDB*) db; + LDAPConfig *config = &authdb->config; + + LDAP *ld = ldap_init(config->hostname, config->port); + if (ld == NULL) { + fprintf(stderr, "ldap_init failed\n"); + return NULL; + } + + int r = ldap_simple_bind_s(ld, config->binddn, config->bindpw); + if (r != LDAP_SUCCESS) { + ldap_unbind(ld); + fprintf(stderr, "ldap_simple_bind_s failed: %s\n", ldap_err2string(r)); + return NULL; + } + + // get the user dn + + // TODO: use config for filter + char filter[128]; + int s = snprintf(filter, 127, "uid=%s", username); + filter[s] = 0; + + LDAPMessage *result; + r = ldap_search_s( + ld, + config->basedn, + LDAP_SCOPE_SUBTREE, + filter, + NULL, + 0, + &result); + if (r != LDAP_SUCCESS) { + ldap_unbind(ld); + fprintf(stderr, "ldap_search_s failed\n"); + return NULL; + } + + LDAPMessage *msg = ldap_first_entry(ld, result); + if (msg) { + LDAPUser *user = malloc(sizeof (LDAPUser)); + if (user != NULL) { + user->user.verify_password = ldap_user_verify_password; + user->user.check_group = ldap_user_check_group; + user->user.free = ldap_user_free; + user->user.name = username; // must not be freed + + user->ldap = ld; + user->userdn = ldap_get_dn(ld, msg); + + ldap_msgfree(result); + + return (User*)user; + } + } + + ldap_unbind(ld); + return NULL; +} + +int ldap_user_verify_password(User *u, char *password) { + LDAPUser *user = (LDAPUser*)u; + + int r = ldap_simple_bind_s(user->ldap, user->userdn, password); + if(r == LDAP_SUCCESS) { + printf("ldap password ok\n"); + return 1; + } else { + printf("ldap password not ok\n"); + return 0; + } +} + +int ldap_user_check_group(User *user, char *group) { + // TODO + return 0; +} + +void ldap_user_free(User *u) { + LDAPUser *user = (LDAPUser*) u; + ldap_memfree(user->userdn); + // TODO: use connection pool + ldap_unbind(user->ldap); + free(user); +}