00001
00015 #ifdef CPLUSPLUS
00016 #undef CPLUSPLUS
00017 #endif
00018
00019
00020 #include "ldap_tool.h"
00021 #include "jbxl_state.h"
00022
00023
00024 #ifdef ENABLE_LDAP
00025
00026
00027 #include "tlist.h"
00028
00029
00040 void read_ldap_config(char* fn, JBXL_LDAP_Host* ldap_host, JBXL_LDAP_Dn* ldap_bind)
00041 {
00042 if (ldap_host==NULL || ldap_bind==NULL) return;
00043
00044 tList* lp = NULL;
00045 tList* cnfg1 = NULL;
00046 tList* cnfg2 = NULL;
00047 tList* cnfg3 = NULL;
00048 tList* cnfg4 = NULL;
00049 Buffer protocol = init_Buffer();
00050
00051
00052 cnfg1 = read_index_tList_file("/etc/ldap.conf", ' ');
00053 cnfg2 = read_index_tList_file("/etc/openldap/ldap.conf", ' ');
00054 cnfg3 = read_index_tList_file("/etc/nslcd.conf", ' ');
00055 if (fn!=NULL) cnfg4 = read_index_tList_file(fn, ' ');
00056
00057 lp = add_tList_end(cnfg1, cnfg2);
00058 lp = add_tList_end(lp, cnfg3);
00059 lp = add_tList_end(lp, cnfg4);
00060 if (lp==NULL) return;
00061
00062
00063 Buffer uri = buffer_key_tList(lp, "uri", 1);
00064 if (uri.buf!=NULL) {
00065 decomp_url(uri, NULL, &protocol, &ldap_host->hostname, &ldap_host->port, NULL);
00066 if (!strcmp((const char*)protocol.buf, "ldaps")) {
00067 ldap_host->useSSL = TRUE;
00068 }
00069 free_Buffer(&protocol);
00070 free_Buffer(&uri);
00071 }
00072
00073 ldap_bind->base = buffer_key_tList(lp, "base", 1);
00074 ldap_bind->dnbind = buffer_key_tList(lp, "rootdn", 1);
00075 ldap_bind->passwd = buffer_key_tList(lp, "rootpw", 1);
00076
00077 if (ldap_bind->dnbind.buf==NULL || ldap_bind->passwd.buf==NULL) {
00078 free_Buffer(&ldap_bind->dnbind);
00079 free_Buffer(&ldap_bind->passwd);
00080 ldap_bind->dnbind = buffer_key_tList(lp, "binddn", 1);
00081 ldap_bind->passwd = buffer_key_tList(lp, "bindpw", 1);
00082 }
00083 if (ldap_bind->base.buf==NULL) {
00084 ldap_bind->base = dup_Buffer(ldap_bind->dnbind);
00085 }
00086
00087
00088 if (ldap_bind->dnbind.buf!=NULL) {
00089 Buffer tmp = erase_sBuffer(ldap_bind->dnbind, "\"\'");
00090 copy_Buffer(&tmp, &ldap_bind->dnbind);
00091 free_Buffer(&tmp);
00092 }
00093 if (ldap_bind->base.buf!=NULL) {
00094 Buffer tmp = erase_sBuffer(ldap_bind->base, "\"\'");
00095 copy_Buffer(&tmp, &ldap_bind->base);
00096 free_Buffer(&tmp);
00097 }
00098 if (ldap_host->port<=0) {
00099 if (ldap_host->useSSL==TRUE) ldap_host->port = 636;
00100 else ldap_host->port = 389;
00101 }
00102
00103
00104 Buffer param = buffer_key_tList(lp, "TLS_REQCERT", 1);
00105 if (param.buf!=NULL) {
00106 if (!strcasecmp((const char*)param.buf, "never")) ldap_host->reqCert = LDAP_OPT_X_TLS_NEVER;
00107 else if (!strcasecmp((const char*)param.buf, "hard")) ldap_host->reqCert = LDAP_OPT_X_TLS_HARD;
00108 else if (!strcasecmp((const char*)param.buf, "demand")) ldap_host->reqCert = LDAP_OPT_X_TLS_DEMAND;
00109 else if (!strcasecmp((const char*)param.buf, "allow")) ldap_host->reqCert = LDAP_OPT_X_TLS_ALLOW;
00110 else if (!strcasecmp((const char*)param.buf, "try")) ldap_host->reqCert = LDAP_OPT_X_TLS_TRY;
00111 free_Buffer(¶m);
00112 }
00113
00114
00115
00116 del_all_tList(&lp);
00117
00118 return;
00119 }
00120
00121
00122
00133 LDAP* open_ldap_connection(JBXL_LDAP_Host* ldap_host, JBXL_LDAP_Dn* ldap_bind)
00134 {
00135 if (ldap_host==NULL) return NULL;
00136 if (ldap_bind==NULL) return NULL;
00137
00138 if (ldap_bind->dnbind.buf==NULL) return NULL;
00139 if (ldap_bind->passwd.buf==NULL) return NULL;
00140 if (ldap_bind->passwd.buf[0]=='\0') return NULL;
00141 if (ldap_host->hostname.buf==NULL) return NULL;
00142 if (ldap_host->port<=0) return NULL;
00143
00144 int ret;
00145 LDAP* ld = NULL;
00146
00147 if (ldap_host->useSSL!=TRUE || ldap_host->port==389) {
00148 DEBUG_MODE PRINT_MESG("INFO LDAP NORMAL Mode\n");
00149 ld = ldap_init((char*)ldap_host->hostname.buf, ldap_host->port);
00150 if (ld==NULL) {
00151 DEBUG_MODE PRINT_MESG("ERR LDAP Init error.\n");
00152 return NULL;
00153 }
00154
00155 if (ldap_host->useSSL==TRUE) {
00156 DEBUG_MODE PRINT_MESG("INFO LDAP STARTTLS Mode\n");
00157 ret = ldap_set_option(NULL, LDAP_OPT_X_TLS_REQUIRE_CERT, &ldap_host->reqCert);
00158 if (ret!=LDAP_SUCCESS) {
00159 DEBUG_MODE PRINT_MESG("ERR LDAP STARTTLS Require Cert = %s\n", ldap_err2string(ret));
00160 ldap_unbind_s(ld);
00161 return NULL;
00162 }
00163
00164 int ldap_vers = LDAP_VERSION3;
00165 ret = ldap_set_option(ld, LDAP_OPT_PROTOCOL_VERSION, &ldap_vers);
00166 if (ret!=LDAP_SUCCESS) {
00167 DEBUG_MODE PRINT_MESG("ERR LDAP STARTTLS Version = %s\n", ldap_err2string(ret));
00168 ldap_unbind_s(ld);
00169 return NULL;
00170 }
00171
00172 ret = ldap_start_tls_s(ld, NULL, NULL);
00173 if (ret!=LDAP_SUCCESS) {
00174 DEBUG_MODE PRINT_MESG("ERR LDAP STARTTLS Start = %s\n", ldap_err2string(ret));
00175 ldap_unbind_s(ld);
00176 return NULL;
00177 }
00178 }
00179 }
00180
00181 else {
00182 DEBUG_MODE PRINT_MESG("INFO LDAP Over SSL Mode\n");
00183 Buffer url = make_Buffer_bystr("ldaps://");
00184 cat_Buffer(&ldap_host->hostname, &url);
00185 cat_s2Buffer(":", &url);
00186 char* str = itostr_ts(ldap_host->port);
00187 cat_s2Buffer(str, &url);
00188 freeNull(str);
00189 DEBUG_MODE PRINT_MESG("INFO LDAP SSL URL = %s\n", (char*)url.buf);
00190
00191 ret = ldap_initialize(&ld, (char*)url.buf);
00192 free_Buffer(&url);
00193 if (ret!=LDAP_SUCCESS) {
00194 DEBUG_MODE PRINT_MESG("ERR LDAP SSL Init = %s\n", ldap_err2string(ret));
00195 return NULL;
00196 }
00197
00198 ret = ldap_set_option(NULL, LDAP_OPT_X_TLS_REQUIRE_CERT, &ldap_host->reqCert);
00199 if (ret!=LDAP_SUCCESS) {
00200 DEBUG_MODE PRINT_MESG("ERR LDAP SSL Require Cert = %s\n", ldap_err2string(ret));
00201 ldap_unbind_s(ld);
00202 return NULL;
00203 }
00204 }
00205
00206 ret = ldap_simple_bind_s(ld, (char*)ldap_bind->dnbind.buf, (char*)ldap_bind->passwd.buf);
00207 if (ret!=LDAP_SUCCESS) {
00208 DEBUG_MODE PRINT_MESG("ERR LDAP Bind = %s\n", ldap_err2string(ret));
00209 ldap_unbind_s(ld);
00210 return NULL;
00211 }
00212
00213 return ld;
00214 }
00215
00216
00234 int simple_check_ldap_passwd(LDAP* ld, char* userid, char* passwd, JBXL_LDAP_Dn* ldap_bind)
00235 {
00236 JBXL_LDAP_Dn user;
00237 init_LDAP_Dn(&user);
00238
00239 if (userid!=NULL) user.dnbind = make_Buffer_bystr(userid);
00240 if (passwd!=NULL) user.passwd = make_Buffer_bystr(passwd);
00241 user.base = dup_Buffer(ldap_bind->base);
00242
00243 int ret = check_ldap_passwd(ld, &user, ldap_bind);
00244 free_LDAP_Dn(&user);
00245
00246 return ret;
00247 }
00248
00249
00265 int check_ldap_passwd(LDAP* ld, JBXL_LDAP_Dn* user, JBXL_LDAP_Dn* ldap_bind)
00266 {
00267
00268 char* dn_attr[] = {_tochar("distinguishedName"), _tochar("commonName"), NULL};
00269
00270 if (ld==NULL) return JBXL_ARGS_ERROR;
00271
00272 if (user->base.buf==NULL) user->base = dup_Buffer(ldap_bind->base);
00273 if (user->base.buf==NULL) return JBXL_LDAP_BASE_ERROR;
00274
00275
00276 if (user->dnbind.buf==NULL) {
00277 return JBXL_LDAP_NO_USER_ERROR;
00278 }
00279 else {
00280 Buffer tmp = erase_sBuffer(user->dnbind, "*");
00281 copy_Buffer(&tmp, &user->dnbind);
00282 free_Buffer(&tmp);
00283 }
00284 if (user->dnbind.buf[0]=='\0') {
00285 return JBXL_LDAP_NO_USER_ERROR;
00286 }
00287
00288 Buffer cond = make_Buffer_bystr("uid=");
00289 cat_Buffer(&user->dnbind, &cond);
00290
00291 LDAPMessage* res = NULL;
00292 ldap_search_s(ld, (char*)user->base.buf, LDAP_SCOPE_SUBTREE, (char*)cond.buf, dn_attr, 0, &res);
00293 free_Buffer(&cond);
00294 if (res==NULL) {
00295 return JBXL_LDAP_USER_ERROR;
00296 }
00297
00298 char* attr;
00299 LDAPMessage* ent = NULL;
00300 BerElement* ber = NULL;
00301
00302
00303
00304
00305
00306
00307
00308
00309
00310
00311
00312
00313
00314
00315
00316 ent = ldap_first_entry(ld, res);
00317 if (ent==NULL) {
00318 ldap_msgfree(res);
00319 return JBXL_LDAP_NO_ENTRY_ERROR;
00320 }
00321
00322 attr = ldap_first_attribute(ld, ent, &ber);
00323 ber_free(ber, 0);
00324 if (attr==NULL) {
00325 ldap_msgfree(res);
00326 return JBXL_LDAP_NO_ATTR_ERROR;
00327 }
00328
00329 char** dn = ldap_get_values(ld, ent, attr);
00330 if (dn==NULL || *dn==NULL) {
00331 ldap_memfree(attr);
00332 ldap_msgfree(res);
00333 return JBXL_LDAP_NO_VAL_ERROR;
00334 }
00335
00336
00337 if (user->passwd.buf==NULL || user->passwd.buf[0]=='\0') return JBXL_LDAP_PASSWD_ERROR;
00338
00339 Buffer dName = make_Buffer_bystr(*dn);
00340
00341 if (!strncasecmp(attr, "commonName", 10)) {
00342 ins_s2Buffer("cn=", &dName);
00343 cat_s2Buffer(",", &dName);
00344 cat_Buffer(&ldap_bind->base, &dName);
00345 }
00346 ldap_memfree(attr);
00347 ldap_msgfree(res);
00348 free(*dn);
00349
00350
00351 int ret = ldap_simple_bind_s(ld, (const char*)dName.buf, (char*)user->passwd.buf);
00352 free_Buffer(&dName);
00353 if (ret!=LDAP_SUCCESS) return JBXL_LDAP_PASSWD_ERROR;
00354
00355
00356
00357
00358
00359 return 0;
00360 }
00361
00362
00372 void close_ldap_connection(LDAP* ld, JBXL_LDAP_Host** p_ldap_host, JBXL_LDAP_Dn** p_ldap_bind)
00373 {
00374 del_LDAP_Host(p_ldap_host);
00375 del_LDAP_Dn (p_ldap_bind);
00376
00377 ldap_unbind_s(ld);
00378 }
00379
00380
00381
00383
00384 void init_LDAP_Host(JBXL_LDAP_Host* host)
00385 {
00386 if (host==NULL) return;
00387
00388 host->hostname = init_Buffer();
00389 host->port = 0;
00390 host->useSSL = FALSE;
00391 host->reqCert = LDAP_OPT_X_TLS_HARD;
00392 }
00393
00394
00395 void init_LDAP_Dn(JBXL_LDAP_Dn* dn)
00396 {
00397 if (dn==NULL) return;
00398
00399 dn->base = init_Buffer();
00400 dn->dnbind = init_Buffer();
00401 dn->passwd = init_Buffer();
00402 }
00403
00404
00405 void free_LDAP_Host(JBXL_LDAP_Host* host)
00406 {
00407 if (host==NULL) return;
00408
00409 free_Buffer(&(host->hostname));
00410 init_LDAP_Host(host);
00411 }
00412
00413
00414 void free_LDAP_Dn(JBXL_LDAP_Dn* dn)
00415 {
00416 if (dn==NULL) return;
00417
00418 free_Buffer(&(dn->base));
00419 free_Buffer(&(dn->dnbind));
00420 free_Buffer(&(dn->passwd));
00421 }
00422
00423
00424 JBXL_LDAP_Host* new_LDAP_Host(void)
00425 {
00426 JBXL_LDAP_Host* host = (JBXL_LDAP_Host*)malloc(sizeof(JBXL_LDAP_Host));
00427 init_LDAP_Host(host);
00428
00429 return host;
00430 }
00431
00432
00433 JBXL_LDAP_Dn* new_LDAP_Dn(void)
00434 {
00435 JBXL_LDAP_Dn* dn = (JBXL_LDAP_Dn*)malloc(sizeof(JBXL_LDAP_Dn));
00436 init_LDAP_Dn(dn);
00437
00438 return dn;
00439 }
00440
00441
00442 void del_LDAP_Host(JBXL_LDAP_Host** p_host)
00443 {
00444 if (p_host==NULL) return;
00445
00446 free_LDAP_Host(*p_host);
00447 if (*p_host!=NULL) free(*p_host);
00448 *p_host = NULL;
00449 }
00450
00451
00452 void del_LDAP_Dn(JBXL_LDAP_Dn** p_dn)
00453 {
00454 if (p_dn==NULL) return;
00455
00456 free_LDAP_Dn(*p_dn);
00457 if (*p_dn!=NULL) free(*p_dn);
00458 *p_dn = NULL;
00459 }
00460
00461
00462 #endif // DISABLE_LDAP
