1
0
mirror of https://github.com/binary-kitchen/doorlockd synced 2024-12-22 10:24:26 +01:00

added LDAP support

This commit is contained in:
Ralf Ramsauer 2015-05-11 18:40:26 +00:00
parent ee24c8c862
commit 9b140a31cb
5 changed files with 53 additions and 4 deletions

View File

@ -27,4 +27,4 @@ epaper/bsp.c
add_executable(doorlockd ${SRCS})
target_link_libraries(doorlockd wiringPi jsoncpp)
target_link_libraries(doorlockd wiringPi jsoncpp ldap)

View File

@ -13,4 +13,7 @@
#define LOCKPAGE_PREFIX "https://lock.binary.kitchen/"
#define FIFO_LOCATION "/tmp/fifo"
#define LDAP_SERVER "ldaps://ldap.binary.kitchen"
#define BINDDN "cn=%s,ou=Users,dc=binary-kitchen,dc=de"
#endif

View File

@ -9,6 +9,9 @@
#include <cstdlib>
#include <json/json.h>
#define LDAP_DEPRECATED 1
#include <ldap.h>
#include "util.h"
#include "logic.h"
@ -17,6 +20,9 @@ using namespace std;
const string Logic::_lockPagePrefix = LOCKPAGE_PREFIX;
const string Logic::_fifoLocation = FIFO_LOCATION;
const string Logic::_ldapServer = LDAP_SERVER;
const string Logic::_bindDN = BINDDN;
Logic &Logic::get()
{
static Logic l;
@ -86,7 +92,6 @@ void Logic::_parseRequest(const string &str)
action = getJsonOrFail<string>(root, "action");
host = getJsonOrFail<string>(root, "host");
authenticated = getJsonOrFail<bool>(root, "authenticated");
string user, password;
if (authenticated == true)
{
user = getJsonOrFail<string>(root, "user");
@ -218,7 +223,47 @@ bool Logic::_checkToken(const string &strToken)
bool Logic::_checkLDAP(const string &user, const string &password)
{
return true;
constexpr int BUFFERSIZE = 1024;
char buffer[BUFFERSIZE];
bool retval = false;
int rc = -1;
LDAP* ld = nullptr;
unsigned long version = LDAP_VERSION3;
_logger(LogLevel::notice, "Trying to authenticate as user \"%s\"", user.c_str());
snprintf(buffer, BUFFERSIZE, _bindDN.c_str(), user.c_str());
rc = ldap_initialize(&ld, _ldapServer.c_str());
if(rc != LDAP_SUCCESS)
{
_logger(LogLevel::error, "LDAP initialize error: %s", ldap_err2string(rc));
goto out2;
}
rc = ldap_set_option(ld,
LDAP_OPT_PROTOCOL_VERSION,
(void*)&version);
if (rc != LDAP_SUCCESS)
{
_logger(LogLevel::error, "LDAP set version failed");
goto out;
}
rc = ldap_simple_bind_s(ld, buffer, password.c_str());
if (rc != LDAP_SUCCESS)
{
_logger(LogLevel::error, "Credential check for user \"%s\" failed: %s", user.c_str(), ldap_err2string(rc));
goto out;
}
_logger(LogLevel::notice, "user \"%s\" successfully authenticated", user.c_str());
retval = true;
out:
ldap_unbind(ld);
ld = nullptr;
out2:
return retval;
}
void Logic::_createNewToken(const bool stillValid)

View File

@ -45,6 +45,8 @@ private:
const static std::string _lockPagePrefix;
const static std::string _fifoLocation;
const static std::string _bindDN;
const static std::string _ldapServer;
int _fifoHandle = {-1};

View File

@ -14,7 +14,6 @@ int main(void)
{
l(LogLevel::notice, "Starting doorlockd");
try {
Logic &logic = Logic::get();
logic.run();