]> git.proxmox.com Git - ceph.git/blob - ceph/src/rgw/rgw_ldap.h
projects / ceph.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
import 15.2.0 Octopus source
[ceph.git] / ceph / src / rgw / rgw_ldap.h
1 // -*- mode:C++; tab-width:8; c-basic-offset:2; indent-tabs-mode:t -*-
2 // vim: ts=8 sw=2 smarttab ft=cpp
3
4 #ifndef RGW_LDAP_H
5 #define RGW_LDAP_H
6
7 #include "acconfig.h"
8
9 #if defined(HAVE_OPENLDAP)
10 #define LDAP_DEPRECATED 1
11 #include "ldap.h"
12 #endif
13
14 #include <stdint.h>
15 #include <tuple>
16 #include <vector>
17 #include <string>
18 #include <iostream>
19 #include <mutex>
20
21 namespace rgw {
22
23 #if defined(HAVE_OPENLDAP)
24
25 class LDAPHelper
26 {
27 std::string uri;
28 std::string binddn;
29 std::string bindpw;
30 std::string searchdn;
31 std::string searchfilter;
32 std::string dnattr;
33 LDAP *ldap;
34 bool msad = false; /* TODO: possible future specialization */
35 std::mutex mtx;
36
37 public:
38 using lock_guard = std::lock_guard<std::mutex>;
39
40 LDAPHelper(std::string _uri, std::string _binddn, std::string _bindpw,
41 const std::string &_searchdn, const std::string &_searchfilter, const std::string &_dnattr)
42 : uri(std::move(_uri)), binddn(std::move(_binddn)),
43 bindpw(std::move(_bindpw)), searchdn(_searchdn), searchfilter(_searchfilter), dnattr(_dnattr),
44 ldap(nullptr) {
45 // nothing
46 }
47
48 int init() {
49 int ret;
50 ret = ldap_initialize(&ldap, uri.c_str());
51 if (ret == LDAP_SUCCESS) {
52 unsigned long ldap_ver = LDAP_VERSION3;
53 ret = ldap_set_option(ldap, LDAP_OPT_PROTOCOL_VERSION,
54 (void*) &ldap_ver);
55 }
56 if (ret == LDAP_SUCCESS) {
57 ret = ldap_set_option(ldap, LDAP_OPT_REFERRALS, LDAP_OPT_OFF);
58 }
59 return (ret == LDAP_SUCCESS) ? ret : -EINVAL;
60 }
61
62 int bind() {
63 int ret;
64 ret = ldap_simple_bind_s(ldap, binddn.c_str(), bindpw.c_str());
65 return (ret == LDAP_SUCCESS) ? ret : -EINVAL;
66 }
67
68 int rebind() {
69 if (ldap) {
70 (void) ldap_unbind(ldap);
71 (void) init();
72 return bind();
73 }
74 return -EINVAL;
75 }
76
77 int simple_bind(const char *dn, const std::string& pwd) {
78 LDAP* tldap;
79 int ret = ldap_initialize(&tldap, uri.c_str());
80 if (ret == LDAP_SUCCESS) {
81 unsigned long ldap_ver = LDAP_VERSION3;
82 ret = ldap_set_option(tldap, LDAP_OPT_PROTOCOL_VERSION,
83 (void*) &ldap_ver);
84 if (ret == LDAP_SUCCESS) {
85 ret = ldap_simple_bind_s(tldap, dn, pwd.c_str());
86 if (ret == LDAP_SUCCESS) {
87 (void) ldap_unbind(tldap);
88 }
89 }
90 }
91 return ret; // OpenLDAP client error space
92 }
93
94 int auth(const std::string &uid, const std::string &pwd);
95
96 ~LDAPHelper() {
97 if (ldap)
98 (void) ldap_unbind(ldap);
99 }
100
101 }; /* LDAPHelper */
102
103 #else
104
105 class LDAPHelper
106 {
107 public:
108 LDAPHelper(const std::string &_uri, const std::string &_binddn, const std::string &_bindpw,
109 const std::string &_searchdn, const std::string &_searchfilter, const std::string &_dnattr)
110 {}
111
112 int init() {
113 return -ENOTSUP;
114 }
115
116 int bind() {
117 return -ENOTSUP;
118 }
119
120 int auth(const std::string &uid, const std::string &pwd) {
121 return -EACCES;
122 }
123
124 ~LDAPHelper() {}
125
126 }; /* LDAPHelper */
127
128
129 #endif /* HAVE_OPENLDAP */
130
131 } /* namespace rgw */
132
133 #include "common/ceph_context.h"
134 #include "common/common_init.h"
135 #include "common/dout.h"
136 #include "common/safe_io.h"
137 #include <boost/algorithm/string.hpp>
138
139 #include "include/ceph_assert.h"
140
141 std::string parse_rgw_ldap_bindpw(CephContext* ctx);
142
143 #endif /* RGW_LDAP_H */
Ceph