added LDAP support

2015-05-11 18:40:26 +00:00 · 2015-05-11 18:40:26 +00:00 · 9b140a31cb
parent ee24c8c862
commit 9b140a31cb
5 changed files with 53 additions and 4 deletions
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@ -27,4 +27,4 @@ epaper/bsp.c

 add_executable(doorlockd ${SRCS})

-target_link_libraries(doorlockd wiringPi jsoncpp)
+target_link_libraries(doorlockd wiringPi jsoncpp ldap)
--- a/config.h.in
+++ b/config.h.in
@ -13,4 +13,7 @@
 #define LOCKPAGE_PREFIX "https://lock.binary.kitchen/"
 #define FIFO_LOCATION "/tmp/fifo"

+#define LDAP_SERVER "ldaps://ldap.binary.kitchen"
+#define BINDDN "cn=%s,ou=Users,dc=binary-kitchen,dc=de"
+
 #endif
--- a/logic.cpp
+++ b/logic.cpp
@ -9,6 +9,9 @@
 #include <cstdlib>
 #include <json/json.h>

+#define LDAP_DEPRECATED 1
+#include <ldap.h>
+
 #include "util.h"
 #include "logic.h"

@ -17,6 +20,9 @@ using namespace std;
 const string Logic::_lockPagePrefix = LOCKPAGE_PREFIX;
 const string Logic::_fifoLocation = FIFO_LOCATION;

+const string Logic::_ldapServer = LDAP_SERVER;
+const string Logic::_bindDN = BINDDN;
+
 Logic &Logic::get()
 {
    static Logic l;
@ -86,7 +92,6 @@ void Logic::_parseRequest(const string &str)
        action = getJsonOrFail<string>(root, "action");
        host = getJsonOrFail<string>(root, "host");
        authenticated = getJsonOrFail<bool>(root, "authenticated");
-        string user, password;
        if (authenticated == true)
        {
            user = getJsonOrFail<string>(root, "user");
@ -218,7 +223,47 @@ bool Logic::_checkToken(const string &strToken)

 bool Logic::_checkLDAP(const string &user, const string &password)
 {
-    return true;
+    constexpr int BUFFERSIZE = 1024;
+    char buffer[BUFFERSIZE];
+    bool retval = false;
+    int rc = -1;
+    LDAP* ld = nullptr;
+    unsigned long version = LDAP_VERSION3;
+
+    _logger(LogLevel::notice, "Trying to authenticate as user \"%s\"", user.c_str());
+    snprintf(buffer, BUFFERSIZE, _bindDN.c_str(), user.c_str());
+
+    rc = ldap_initialize(&ld, _ldapServer.c_str());
+    if(rc != LDAP_SUCCESS)
+    {   
+        _logger(LogLevel::error, "LDAP initialize error: %s", ldap_err2string(rc));
+        goto out2;
+    }
+
+    rc = ldap_set_option(ld,
+                         LDAP_OPT_PROTOCOL_VERSION,
+                         (void*)&version);
+    if (rc != LDAP_SUCCESS)
+    {
+        _logger(LogLevel::error, "LDAP set version failed");
+        goto out;
+    }
+
+    rc = ldap_simple_bind_s(ld, buffer, password.c_str());
+    if (rc != LDAP_SUCCESS)
+    {   
+        _logger(LogLevel::error, "Credential check for user \"%s\" failed: %s", user.c_str(), ldap_err2string(rc));
+        goto out;
+    }
+
+    _logger(LogLevel::notice, "user \"%s\" successfully authenticated", user.c_str());
+    retval = true;
+
+out:
+    ldap_unbind(ld);
+    ld = nullptr;
+out2:
+    return retval;
 }

 void Logic::_createNewToken(const bool stillValid)
--- a/logic.h
+++ b/logic.h
@ -45,6 +45,8 @@ private:

    const static std::string _lockPagePrefix;
    const static std::string _fifoLocation;
+    const static std::string _bindDN;
+    const static std::string _ldapServer;

    int _fifoHandle = {-1};

--- a/main.cpp
+++ b/main.cpp
@ -14,7 +14,6 @@ int main(void)
 {
    l(LogLevel::notice, "Starting doorlockd");

-
    try {
        Logic &logic = Logic::get();
        logic.run();