[ceph.git] / ceph / src / rgw / rgw_ldap.h

// -*- mode:C++; tab-width:8; c-basic-offset:2; indent-tabs-mode:t -*-
// vim: ts=8 sw=2 smarttab

#ifndef RGW_LDAP_H
#define RGW_LDAP_H

#include "acconfig.h"

#if defined(HAVE_OPENLDAP)
#define LDAP_DEPRECATED 1
#include "ldap.h"
#endif

#include <stdint.h>
#include <tuple>
#include <vector>
#include <string>
#include <iostream>
#include <mutex>

namespace rgw {

#if defined(HAVE_OPENLDAP)

  class LDAPHelper
  {
    std::string uri;
    std::string binddn;
    std::string bindpw;
    std::string searchdn;
    std::string searchfilter;
    std::string dnattr;
    LDAP *ldap;
    bool msad = false; /* TODO: possible future specialization */
    std::mutex mtx;

  public:
    using lock_guard = std::lock_guard<std::mutex>;

    LDAPHelper(std::string _uri, std::string _binddn, std::string _bindpw,
	       std::string _searchdn, std::string _searchfilter, std::string _dnattr)
      : uri(std::move(_uri)), binddn(std::move(_binddn)),
	bindpw(std::move(_bindpw)), searchdn(_searchdn), searchfilter(_searchfilter), dnattr(_dnattr),
	ldap(nullptr) {
      // nothing
    }

    int init() {
      int ret;
      ret = ldap_initialize(&ldap, uri.c_str());
      if (ret == LDAP_SUCCESS) {
	unsigned long ldap_ver = LDAP_VERSION3;
	ret = ldap_set_option(ldap, LDAP_OPT_PROTOCOL_VERSION,
			      (void*) &ldap_ver);
      }
      if (ret == LDAP_SUCCESS) {
	ret = ldap_set_option(ldap, LDAP_OPT_REFERRALS, LDAP_OPT_OFF); 
      }
      return (ret == LDAP_SUCCESS) ? ret : -EINVAL;
    }

    int bind() {
      int ret;
      ret = ldap_simple_bind_s(ldap, binddn.c_str(), bindpw.c_str());
      return (ret == LDAP_SUCCESS) ? ret : -EINVAL;
    }

    int rebind() {
      if (ldap) {
	(void) ldap_unbind(ldap);
	(void) init();
	return bind();
      }
      return -EINVAL;
    }

    int simple_bind(const char *dn, const std::string& pwd) {
      LDAP* tldap;
      int ret = ldap_initialize(&tldap, uri.c_str());
      if (ret == LDAP_SUCCESS) {
	unsigned long ldap_ver = LDAP_VERSION3;
	ret = ldap_set_option(tldap, LDAP_OPT_PROTOCOL_VERSION,
			      (void*) &ldap_ver);
	if (ret == LDAP_SUCCESS) {
	  ret = ldap_simple_bind_s(tldap, dn, pwd.c_str());
	  if (ret == LDAP_SUCCESS) {
	    (void) ldap_unbind(tldap);
	  }
	}
      }
      return ret; // OpenLDAP client error space
    }

    int auth(const std::string uid, const std::string pwd);

    ~LDAPHelper() {
      if (ldap)
	(void) ldap_unbind(ldap);
    }

  }; /* LDAPHelper */

#else

  class LDAPHelper
  {
  public:
    LDAPHelper(std::string _uri, std::string _binddn, std::string _bindpw,
	       std::string _searchdn, std::string _searchfilter, std::string _dnattr)
      {}

    int init() {
      return -ENOTSUP;
    }

    int bind() {
      return -ENOTSUP;
    }

    int auth(const std::string uid, const std::string pwd) {
      return -EACCES;
    }

    ~LDAPHelper() {}

  }; /* LDAPHelper */


#endif /* HAVE_OPENLDAP */
  
} /* namespace rgw */

#include "common/ceph_context.h"
#include "common/common_init.h"
#include "common/dout.h"
#include "common/safe_io.h"
#include <boost/algorithm/string.hpp>

#include "include/assert.h"

std::string parse_rgw_ldap_bindpw(CephContext* ctx);

#endif /* RGW_LDAP_H */
Commit	Line	Data
7c673cae FG	1	// -- mode:C++; tab-width:8; c-basic-offset:2; indent-tabs-mode:t --
	2	// vim: ts=8 sw=2 smarttab
	3
	4	#ifndef RGW_LDAP_H
	5	#define RGW_LDAP_H
	6
	7	#include "acconfig.h"
	8
	9	#if defined(HAVE_OPENLDAP)
	10	#define LDAP_DEPRECATED 1
	11	#include "ldap.h"
	12	#endif
	13
	14	#include <stdint.h>
	15	#include <tuple>
	16	#include <vector>
	17	#include <string>
	18	#include <iostream>
	19	#include <mutex>
	20
	21	namespace rgw {
	22
	23	#if defined(HAVE_OPENLDAP)
	24
	25	class LDAPHelper
	26	{
	27	std::string uri;
	28	std::string binddn;
	29	std::string bindpw;
	30	std::string searchdn;
	31	std::string searchfilter;
	32	std::string dnattr;
	33	LDAP *ldap;
	34	bool msad = false; /* TODO: possible future specialization */
	35	std::mutex mtx;
	36
	37	public:
	38	using lock_guard = std::lock_guard<std::mutex>;
	39
	40	LDAPHelper(std::string _uri, std::string _binddn, std::string _bindpw,
	41	std::string _searchdn, std::string _searchfilter, std::string _dnattr)
	42	: uri(std::move(_uri)), binddn(std::move(_binddn)),
	43	bindpw(std::move(_bindpw)), searchdn(_searchdn), searchfilter(_searchfilter), dnattr(_dnattr),
	44	ldap(nullptr) {
	45	// nothing
	46	}
	47
	48	int init() {
	49	int ret;
	50	ret = ldap_initialize(&ldap, uri.c_str());
	51	if (ret == LDAP_SUCCESS) {
	52	unsigned long ldap_ver = LDAP_VERSION3;
	53	ret = ldap_set_option(ldap, LDAP_OPT_PROTOCOL_VERSION,
	54	(void*) &ldap_ver);
	55	}
	56	if (ret == LDAP_SUCCESS) {
	57	ret = ldap_set_option(ldap, LDAP_OPT_REFERRALS, LDAP_OPT_OFF);
	58	}
	59	return (ret == LDAP_SUCCESS) ? ret : -EINVAL;
	60	}
	61
	62	int bind() {
	63	int ret;
	64	ret = ldap_simple_bind_s(ldap, binddn.c_str(), bindpw.c_str());
65	return (ret == LDAP_SUCCESS) ? ret : -EINVAL;
66	}
67
68	int rebind() {
69	if (ldap) {
70	(void) ldap_unbind(ldap);
71	(void) init();
72	return bind();
73	}
74	return -EINVAL;
75	}
76
77	int simple_bind(const char *dn, const std::string& pwd) {
78	LDAP* tldap;
79	int ret = ldap_initialize(&tldap, uri.c_str());
80	if (ret == LDAP_SUCCESS) {
81	unsigned long ldap_ver = LDAP_VERSION3;
82	ret = ldap_set_option(tldap, LDAP_OPT_PROTOCOL_VERSION,
83	(void*) &ldap_ver);
84	if (ret == LDAP_SUCCESS) {
85	ret = ldap_simple_bind_s(tldap, dn, pwd.c_str());
86	if (ret == LDAP_SUCCESS) {
87	(void) ldap_unbind(tldap);
88	}
89	}
90	}
91	return ret; // OpenLDAP client error space
92	}
93
94	int auth(const std::string uid, const std::string pwd);
95
96	~LDAPHelper() {
97	if (ldap)
98	(void) ldap_unbind(ldap);
99	}
100
101	}; /* LDAPHelper */
102
103	#else
104
105	class LDAPHelper
106	{
107	public:
108	LDAPHelper(std::string _uri, std::string _binddn, std::string _bindpw,
109	std::string _searchdn, std::string _searchfilter, std::string _dnattr)
110	{}
111
112	int init() {
113	return -ENOTSUP;
114	}
115
116	int bind() {
117	return -ENOTSUP;
118	}
119
120	int auth(const std::string uid, const std::string pwd) {
121	return -EACCES;
122	}
123
124	~LDAPHelper() {}
125
126	}; /* LDAPHelper */
127
128
129	#endif /* HAVE_OPENLDAP */
130
131	} /* namespace rgw */
132
133	#include "common/ceph_context.h"
134	#include "common/common_init.h"
135	#include "common/dout.h"
136	#include "common/safe_io.h"
137	#include <boost/algorithm/string.hpp>
138
139	#include "include/assert.h"
140
141	std::string parse_rgw_ldap_bindpw(CephContext* ctx);
142
143	#endif /* RGW_LDAP_H */