X-Git-Url: https://code.citadel.org/?a=blobdiff_plain;f=citadel%2Fldap.c;h=f4bffb0aa3240c69ce77c5d614249e89c19bf07e;hb=738d978faebcf47543d9310c9ccd784ba457ee63;hp=fa423ffb759d81a2856392af90709af299509f96;hpb=a1d851ec6f97bef3c6d1bb299528c09d7fc65403;p=citadel.git diff --git a/citadel/ldap.c b/citadel/ldap.c index fa423ffb7..f4bffb0aa 100644 --- a/citadel/ldap.c +++ b/citadel/ldap.c @@ -59,10 +59,38 @@ void derive_fullname_from_ldap_result(char *fullname, int fullname_size, LDAP *l ldap_value_free(values); } } - syslog(LOG_DEBUG, "\033[31mldap: display name: <%s> \033[0m", fullname); } +/* + * Utility function, supply a search result and get back the uid from the first result + */ +uid_t derive_uid_from_ldap(LDAP *ldserver, LDAPMessage *entry) +{ + char **values; + uid_t uid = (-1); + + if (CtdlGetConfigInt("c_auth_mode") == AUTHMODE_LDAP_AD) { + values = ldap_get_values(ldserver, entry, "objectGUID"); // AD schema: uid hashed from objectGUID + if (values) { + if (values[0]) { + uid = abs(HashLittle(values[0], strlen(values[0]))); + } + ldap_value_free(values); + } + } + else { + values = ldap_get_values(ldserver, entry, "uidNumber"); // POSIX schema: uid = uidNumber + if (values) { + if (values[0]) { + uid = atoi(values[0]); + } + ldap_value_free(values); + } + } + + return(uid); +} /* @@ -86,26 +114,14 @@ int ctdl_ldap_initialize(LDAP **ld) { /* - * Look up a user in the directory to see if this is an account that can be authenticated + * Bind to the LDAP server and return a working handle */ -int CtdlTryUserLDAP(char *username, - char *found_dn, int found_dn_size, - char *fullname, int fullname_size, - uid_t *uid, int lookup_based_on_username) -{ +LDAP *ctdl_ldap_bind(void) { LDAP *ldserver = NULL; int i; - LDAPMessage *search_result = NULL; - LDAPMessage *entry = NULL; - char searchstring[1024]; - struct timeval tv; - char **values; - char *user_dn = NULL; - - if (fullname) safestrncpy(fullname, username, fullname_size); if (ctdl_ldap_initialize(&ldserver) != LDAP_SUCCESS) { - return(errno); + return(NULL); } ldap_set_option(ldserver, LDAP_OPT_PROTOCOL_VERSION, &ctdl_require_ldap_version); @@ -120,25 +136,41 @@ int CtdlTryUserLDAP(char *username, ); if (i != LDAP_SUCCESS) { syslog(LOG_ERR, "ldap: Cannot bind: %s (%d)", ldap_err2string(i), i); - return(i); + return(NULL); } + return(ldserver); +} + + +/* + * Look up a user in the directory to see if this is an account that can be authenticated + */ +int CtdlTryUserLDAP(char *username, + char *found_dn, int found_dn_size, + char *fullname, int fullname_size, + uid_t *uid) +{ + LDAP *ldserver = NULL; + LDAPMessage *search_result = NULL; + LDAPMessage *entry = NULL; + char searchstring[1024]; + struct timeval tv; + char *user_dn = NULL; + + ldserver = ctdl_ldap_bind(); + if (!ldserver) return(-1); + + if (fullname) safestrncpy(fullname, username, fullname_size); tv.tv_sec = 10; tv.tv_usec = 0; if (CtdlGetConfigInt("c_auth_mode") == AUTHMODE_LDAP_AD) { - if (lookup_based_on_username != 0) - snprintf(searchstring, sizeof(searchstring), "(displayName=%s)",username); - else - snprintf(searchstring, sizeof(searchstring), "(sAMAccountName=%s)", username); + snprintf(searchstring, sizeof(searchstring), "(sAMAccountName=%s)", username); } else { - if (lookup_based_on_username != 0) { - snprintf(searchstring, sizeof(searchstring), "(cn=%s)",username); - } - else { - snprintf(searchstring, sizeof(searchstring), "(&(objectclass=posixAccount)(uid=%s))", username); - } + snprintf(searchstring, sizeof(searchstring), "(&(objectclass=posixAccount)(cn=%s))", username); + // snprintf(searchstring, sizeof(searchstring), "(&(objectclass=posixAccount)(uid=%s))", username); } syslog(LOG_DEBUG, "ldap: search: %s", searchstring); @@ -177,35 +209,7 @@ int CtdlTryUserLDAP(char *username, } derive_fullname_from_ldap_result(fullname, fullname_size, ldserver, search_result); - - /* If we know the username is the CN/displayName, we already set the uid*/ - if (lookup_based_on_username==0) { - if (CtdlGetConfigInt("c_auth_mode") == AUTHMODE_LDAP_AD) { - values = ldap_get_values(ldserver, search_result, "objectGUID"); - if (values) { - if (values[0]) { - if (uid != NULL) { - *uid = abs(HashLittle(values[0], strlen(values[0]))); - syslog(LOG_DEBUG, "ldap: uid hashed from objectGUID = %d", *uid); - } - } - ldap_value_free(values); - } - } - else { - values = ldap_get_values(ldserver, search_result, "uidNumber"); - if (values) { - if (values[0]) { - syslog(LOG_DEBUG, "ldap: uidNumber = %s", values[0]); - if (uid != NULL) { - *uid = atoi(values[0]); - } - } - ldap_value_free(values); - } - } - } - + *uid = derive_uid_from_ldap(ldserver, search_result); } /* free the results */ @@ -301,7 +305,6 @@ int Ctdl_LDAP_to_vCard(char *ldap_dn, struct vCard *v) { int changed_something = 0; LDAP *ldserver = NULL; - int i; struct timeval tv; LDAPMessage *search_result = NULL; LDAPMessage *entry = NULL; @@ -332,24 +335,8 @@ int Ctdl_LDAP_to_vCard(char *ldap_dn, struct vCard *v) if (!ldap_dn) return(0); if (!v) return(0); - if (ctdl_ldap_initialize(&ldserver) != LDAP_SUCCESS) { - return(0); - } - - ldap_set_option(ldserver, LDAP_OPT_PROTOCOL_VERSION, &ctdl_require_ldap_version); - ldap_set_option(ldserver, LDAP_OPT_REFERRALS, (void *)LDAP_OPT_OFF); - - striplt(CtdlGetConfigStr("c_ldap_bind_dn")); - striplt(CtdlGetConfigStr("c_ldap_bind_pw")); - syslog(LOG_DEBUG, "ldap: bind DN: %s", CtdlGetConfigStr("c_ldap_bind_dn")); - i = ldap_simple_bind_s(ldserver, - (!IsEmptyStr(CtdlGetConfigStr("c_ldap_bind_dn")) ? CtdlGetConfigStr("c_ldap_bind_dn") : NULL), - (!IsEmptyStr(CtdlGetConfigStr("c_ldap_bind_pw")) ? CtdlGetConfigStr("c_ldap_bind_pw") : NULL) - ); - if (i != LDAP_SUCCESS) { - syslog(LOG_ERR, "ldap: Cannot bind: %s (%d)", ldap_err2string(i), i); - return(0); - } + ldserver = ctdl_ldap_bind(); + if (!ldserver) return(-1); tv.tv_sec = 10; tv.tv_usec = 0; @@ -467,7 +454,6 @@ int Ctdl_LDAP_to_vCard(char *ldap_dn, struct vCard *v) int extract_email_addresses_from_ldap(char *ldap_dn, char *emailaddrs) { LDAP *ldserver = NULL; - int i; struct timeval tv; LDAPMessage *search_result = NULL; LDAPMessage *entry = NULL; @@ -477,24 +463,8 @@ int extract_email_addresses_from_ldap(char *ldap_dn, char *emailaddrs) if (!ldap_dn) return(1); if (!emailaddrs) return(1); - if (ctdl_ldap_initialize(&ldserver) != LDAP_SUCCESS) { - return(2); - } - - ldap_set_option(ldserver, LDAP_OPT_PROTOCOL_VERSION, &ctdl_require_ldap_version); - ldap_set_option(ldserver, LDAP_OPT_REFERRALS, (void *)LDAP_OPT_OFF); - - striplt(CtdlGetConfigStr("c_ldap_bind_dn")); - striplt(CtdlGetConfigStr("c_ldap_bind_pw")); - syslog(LOG_DEBUG, "ldap: bind DN: %s", CtdlGetConfigStr("c_ldap_bind_dn")); - i = ldap_simple_bind_s(ldserver, - (!IsEmptyStr(CtdlGetConfigStr("c_ldap_bind_dn")) ? CtdlGetConfigStr("c_ldap_bind_dn") : NULL), - (!IsEmptyStr(CtdlGetConfigStr("c_ldap_bind_pw")) ? CtdlGetConfigStr("c_ldap_bind_pw") : NULL) - ); - if (i != LDAP_SUCCESS) { - syslog(LOG_ERR, "ldap: Cannot bind: %s (%d)", ldap_err2string(i), i); - return(3); - } + ldserver = ctdl_ldap_bind(); + if (!ldserver) return(-1); tv.tv_sec = 10; tv.tv_usec = 0; @@ -530,13 +500,12 @@ int extract_email_addresses_from_ldap(char *ldap_dn, char *emailaddrs) entry = ldap_first_entry(ldserver, search_result); if (entry) { syslog(LOG_DEBUG, "ldap: search got user details"); - mail=ldap_get_values(ldserver, search_result, "mail"); + mail = ldap_get_values(ldserver, search_result, "mail"); if (mail) { int q; for (q=0; q 512) { syslog(LOG_ERR, "ldap: can't fit all email addresses into user record"); } @@ -566,13 +535,11 @@ int extract_email_addresses_from_ldap(char *ldap_dn, char *emailaddrs) void CtdlSynchronizeUsersFromLDAP(void) { LDAP *ldserver = NULL; - int i; LDAPMessage *search_result = NULL; LDAPMessage *entry = NULL; char *user_dn = NULL; char searchstring[1024]; struct timeval tv; - char **values; if ((CtdlGetConfigInt("c_auth_mode") != AUTHMODE_LDAP) && (CtdlGetConfigInt("c_auth_mode") != AUTHMODE_LDAP_AD)) { return; // not running LDAP @@ -580,24 +547,8 @@ void CtdlSynchronizeUsersFromLDAP(void) syslog(LOG_INFO, "ldap: synchronizing Citadel user database from LDAP"); - if (ctdl_ldap_initialize(&ldserver) != LDAP_SUCCESS) { - return; - } - - ldap_set_option(ldserver, LDAP_OPT_PROTOCOL_VERSION, &ctdl_require_ldap_version); - ldap_set_option(ldserver, LDAP_OPT_REFERRALS, (void *)LDAP_OPT_OFF); - - striplt(CtdlGetConfigStr("c_ldap_bind_dn")); - striplt(CtdlGetConfigStr("c_ldap_bind_pw")); - syslog(LOG_DEBUG, "ldap: bind DN: %s", CtdlGetConfigStr("c_ldap_bind_dn")); - i = ldap_simple_bind_s(ldserver, - (!IsEmptyStr(CtdlGetConfigStr("c_ldap_bind_dn")) ? CtdlGetConfigStr("c_ldap_bind_dn") : NULL), - (!IsEmptyStr(CtdlGetConfigStr("c_ldap_bind_pw")) ? CtdlGetConfigStr("c_ldap_bind_pw") : NULL) - ); - if (i != LDAP_SUCCESS) { - syslog(LOG_ERR, "ldap: Cannot bind: %s (%d)", ldap_err2string(i), i); - return; - } + ldserver = ctdl_ldap_bind(); + if (!ldserver) return; tv.tv_sec = 10; tv.tv_usec = 0; @@ -645,30 +596,21 @@ void CtdlSynchronizeUsersFromLDAP(void) uid_t uid = (-1); derive_fullname_from_ldap_result(fullname, fullname_size, ldserver, entry); + uid = derive_uid_from_ldap(ldserver, entry); + syslog(LOG_DEBUG, "\033[33mldap: display name: <%s> , uid = <%d>\033[0m", fullname, uid); - if (CtdlGetConfigInt("c_auth_mode") == AUTHMODE_LDAP_AD) { - values = ldap_get_values(ldserver, entry, "objectGUID"); // AD schema: uid hashed from objectGUID - if (values) { - if (values[0]) { - uid = abs(HashLittle(values[0], strlen(values[0]))); - } - ldap_value_free(values); - } + // FIXME now create or update the user + int i; + struct ctdluser usbuf; + + i = getuserbyuid(&usbuf, uid); + if (i == 0) { + syslog(LOG_DEBUG, "\033[32m...and that user EXISTZ0RS!!!\033[0m"); } else { - values = ldap_get_values(ldserver, entry, "uidNumber"); // POSIX schema: uid = uidNumber - if (values) { - if (values[0]) { - uid = atoi(values[0]); - } - ldap_value_free(values); - } + syslog(LOG_DEBUG, "\033[31m...and that user D0EZ N0T EXISTZ0R!!\033[0m"); } - syslog(LOG_DEBUG, "\033[33mldap: display name: <%s> , uid = <%d>\033[0m", fullname, uid); - - // FIXME now create or update the user - }