From 9b140a31cb272e5e32f3a83f33a89bc50de1d6c6 Mon Sep 17 00:00:00 2001 From: Ralf Ramsauer Date: Mon, 11 May 2015 18:40:26 +0000 Subject: [PATCH] added LDAP support --- CMakeLists.txt | 2 +- config.h.in | 3 +++ logic.cpp | 49 +++++++++++++++++++++++++++++++++++++++++++++++-- logic.h | 2 ++ main.cpp | 1 - 5 files changed, 53 insertions(+), 4 deletions(-) diff --git a/CMakeLists.txt b/CMakeLists.txt index 2618ac6..aed4c01 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -27,4 +27,4 @@ epaper/bsp.c add_executable(doorlockd ${SRCS}) -target_link_libraries(doorlockd wiringPi jsoncpp) +target_link_libraries(doorlockd wiringPi jsoncpp ldap) diff --git a/config.h.in b/config.h.in index 4e8542d..0a3ea1d 100644 --- a/config.h.in +++ b/config.h.in @@ -13,4 +13,7 @@ #define LOCKPAGE_PREFIX "https://lock.binary.kitchen/" #define FIFO_LOCATION "/tmp/fifo" +#define LDAP_SERVER "ldaps://ldap.binary.kitchen" +#define BINDDN "cn=%s,ou=Users,dc=binary-kitchen,dc=de" + #endif diff --git a/logic.cpp b/logic.cpp index 64ec4d3..f0d6901 100644 --- a/logic.cpp +++ b/logic.cpp @@ -9,6 +9,9 @@ #include #include +#define LDAP_DEPRECATED 1 +#include + #include "util.h" #include "logic.h" @@ -17,6 +20,9 @@ using namespace std; const string Logic::_lockPagePrefix = LOCKPAGE_PREFIX; const string Logic::_fifoLocation = FIFO_LOCATION; +const string Logic::_ldapServer = LDAP_SERVER; +const string Logic::_bindDN = BINDDN; + Logic &Logic::get() { static Logic l; @@ -86,7 +92,6 @@ void Logic::_parseRequest(const string &str) action = getJsonOrFail(root, "action"); host = getJsonOrFail(root, "host"); authenticated = getJsonOrFail(root, "authenticated"); - string user, password; if (authenticated == true) { user = getJsonOrFail(root, "user"); @@ -218,7 +223,47 @@ bool Logic::_checkToken(const string &strToken) bool Logic::_checkLDAP(const string &user, const string &password) { - return true; + constexpr int BUFFERSIZE = 1024; + char buffer[BUFFERSIZE]; + bool retval = false; + int rc = -1; + LDAP* ld = nullptr; + unsigned long version = LDAP_VERSION3; + + _logger(LogLevel::notice, "Trying to authenticate as user \"%s\"", user.c_str()); + snprintf(buffer, BUFFERSIZE, _bindDN.c_str(), user.c_str()); + + rc = ldap_initialize(&ld, _ldapServer.c_str()); + if(rc != LDAP_SUCCESS) + { + _logger(LogLevel::error, "LDAP initialize error: %s", ldap_err2string(rc)); + goto out2; + } + + rc = ldap_set_option(ld, + LDAP_OPT_PROTOCOL_VERSION, + (void*)&version); + if (rc != LDAP_SUCCESS) + { + _logger(LogLevel::error, "LDAP set version failed"); + goto out; + } + + rc = ldap_simple_bind_s(ld, buffer, password.c_str()); + if (rc != LDAP_SUCCESS) + { + _logger(LogLevel::error, "Credential check for user \"%s\" failed: %s", user.c_str(), ldap_err2string(rc)); + goto out; + } + + _logger(LogLevel::notice, "user \"%s\" successfully authenticated", user.c_str()); + retval = true; + +out: + ldap_unbind(ld); + ld = nullptr; +out2: + return retval; } void Logic::_createNewToken(const bool stillValid) diff --git a/logic.h b/logic.h index d519c95..8b7d8e2 100644 --- a/logic.h +++ b/logic.h @@ -45,6 +45,8 @@ private: const static std::string _lockPagePrefix; const static std::string _fifoLocation; + const static std::string _bindDN; + const static std::string _ldapServer; int _fifoHandle = {-1}; diff --git a/main.cpp b/main.cpp index 942c7b9..1e23569 100644 --- a/main.cpp +++ b/main.cpp @@ -14,7 +14,6 @@ int main(void) { l(LogLevel::notice, "Starting doorlockd"); - try { Logic &logic = Logic::get(); logic.run();