]>
Commit | Line | Data |
---|---|---|
7c673cae | 1 | // -*- mode:C++; tab-width:8; c-basic-offset:2; indent-tabs-mode:t -*- |
9f95a23c | 2 | // vim: ts=8 sw=2 smarttab ft=cpp |
7c673cae FG |
3 | |
4 | #ifndef RGW_LDAP_H | |
5 | #define RGW_LDAP_H | |
6 | ||
7 | #include "acconfig.h" | |
8 | ||
9 | #if defined(HAVE_OPENLDAP) | |
10 | #define LDAP_DEPRECATED 1 | |
11 | #include "ldap.h" | |
12 | #endif | |
13 | ||
14 | #include <stdint.h> | |
15 | #include <tuple> | |
16 | #include <vector> | |
17 | #include <string> | |
18 | #include <iostream> | |
19 | #include <mutex> | |
20 | ||
21 | namespace rgw { | |
22 | ||
23 | #if defined(HAVE_OPENLDAP) | |
24 | ||
25 | class LDAPHelper | |
26 | { | |
27 | std::string uri; | |
28 | std::string binddn; | |
29 | std::string bindpw; | |
30 | std::string searchdn; | |
31 | std::string searchfilter; | |
32 | std::string dnattr; | |
33 | LDAP *ldap; | |
34 | bool msad = false; /* TODO: possible future specialization */ | |
35 | std::mutex mtx; | |
36 | ||
37 | public: | |
38 | using lock_guard = std::lock_guard<std::mutex>; | |
39 | ||
40 | LDAPHelper(std::string _uri, std::string _binddn, std::string _bindpw, | |
11fdf7f2 | 41 | const std::string &_searchdn, const std::string &_searchfilter, const std::string &_dnattr) |
7c673cae FG |
42 | : uri(std::move(_uri)), binddn(std::move(_binddn)), |
43 | bindpw(std::move(_bindpw)), searchdn(_searchdn), searchfilter(_searchfilter), dnattr(_dnattr), | |
44 | ldap(nullptr) { | |
45 | // nothing | |
46 | } | |
47 | ||
48 | int init() { | |
49 | int ret; | |
50 | ret = ldap_initialize(&ldap, uri.c_str()); | |
51 | if (ret == LDAP_SUCCESS) { | |
52 | unsigned long ldap_ver = LDAP_VERSION3; | |
53 | ret = ldap_set_option(ldap, LDAP_OPT_PROTOCOL_VERSION, | |
54 | (void*) &ldap_ver); | |
55 | } | |
56 | if (ret == LDAP_SUCCESS) { | |
57 | ret = ldap_set_option(ldap, LDAP_OPT_REFERRALS, LDAP_OPT_OFF); | |
58 | } | |
59 | return (ret == LDAP_SUCCESS) ? ret : -EINVAL; | |
60 | } | |
61 | ||
62 | int bind() { | |
63 | int ret; | |
64 | ret = ldap_simple_bind_s(ldap, binddn.c_str(), bindpw.c_str()); | |
65 | return (ret == LDAP_SUCCESS) ? ret : -EINVAL; | |
66 | } | |
67 | ||
68 | int rebind() { | |
69 | if (ldap) { | |
70 | (void) ldap_unbind(ldap); | |
71 | (void) init(); | |
72 | return bind(); | |
73 | } | |
74 | return -EINVAL; | |
75 | } | |
76 | ||
77 | int simple_bind(const char *dn, const std::string& pwd) { | |
78 | LDAP* tldap; | |
79 | int ret = ldap_initialize(&tldap, uri.c_str()); | |
80 | if (ret == LDAP_SUCCESS) { | |
81 | unsigned long ldap_ver = LDAP_VERSION3; | |
82 | ret = ldap_set_option(tldap, LDAP_OPT_PROTOCOL_VERSION, | |
83 | (void*) &ldap_ver); | |
84 | if (ret == LDAP_SUCCESS) { | |
85 | ret = ldap_simple_bind_s(tldap, dn, pwd.c_str()); | |
86 | if (ret == LDAP_SUCCESS) { | |
87 | (void) ldap_unbind(tldap); | |
88 | } | |
89 | } | |
90 | } | |
91 | return ret; // OpenLDAP client error space | |
92 | } | |
93 | ||
11fdf7f2 | 94 | int auth(const std::string &uid, const std::string &pwd); |
7c673cae FG |
95 | |
96 | ~LDAPHelper() { | |
97 | if (ldap) | |
98 | (void) ldap_unbind(ldap); | |
99 | } | |
100 | ||
101 | }; /* LDAPHelper */ | |
102 | ||
103 | #else | |
104 | ||
105 | class LDAPHelper | |
106 | { | |
107 | public: | |
11fdf7f2 TL |
108 | LDAPHelper(const std::string &_uri, const std::string &_binddn, const std::string &_bindpw, |
109 | const std::string &_searchdn, const std::string &_searchfilter, const std::string &_dnattr) | |
7c673cae FG |
110 | {} |
111 | ||
112 | int init() { | |
113 | return -ENOTSUP; | |
114 | } | |
115 | ||
116 | int bind() { | |
117 | return -ENOTSUP; | |
118 | } | |
119 | ||
11fdf7f2 | 120 | int auth(const std::string &uid, const std::string &pwd) { |
7c673cae FG |
121 | return -EACCES; |
122 | } | |
123 | ||
124 | ~LDAPHelper() {} | |
125 | ||
126 | }; /* LDAPHelper */ | |
127 | ||
128 | ||
129 | #endif /* HAVE_OPENLDAP */ | |
130 | ||
131 | } /* namespace rgw */ | |
132 | ||
133 | #include "common/ceph_context.h" | |
134 | #include "common/common_init.h" | |
135 | #include "common/dout.h" | |
136 | #include "common/safe_io.h" | |
137 | #include <boost/algorithm/string.hpp> | |
138 | ||
11fdf7f2 | 139 | #include "include/ceph_assert.h" |
7c673cae FG |
140 | |
141 | std::string parse_rgw_ldap_bindpw(CephContext* ctx); | |
142 | ||
143 | #endif /* RGW_LDAP_H */ |