mirror of
https://github.com/binary-kitchen/doorlockd
synced 2024-10-31 22:47:05 +01:00
doorlockd.py: Add LDAP authentication support
Shamelessly copied from moep's DSS tool. Signed-off-by: Ralf Ramsauer <ralf@binary-kitchen.de> Cc: Markus Hauschild <moepman@binary-kitchen.de>
This commit is contained in:
parent
d82272f53a
commit
f72f731b59
@ -3,6 +3,10 @@ SIMULATE = True
|
|||||||
RUN_HOOKS = False
|
RUN_HOOKS = False
|
||||||
SECRET_KEY = 'foobar'
|
SECRET_KEY = 'foobar'
|
||||||
|
|
||||||
|
LDAP_CA = './ssl/BKCA.crt'
|
||||||
|
LDAP_URI = 'ldaps://ldap1.binary.kitchen'
|
||||||
|
LDAP_BINDDN = 'cn=%s,ou=people,dc=binary-kitchen,dc=de'
|
||||||
|
|
||||||
BOOTSTRAP_SERVE_LOCAL = True
|
BOOTSTRAP_SERVE_LOCAL = True
|
||||||
|
|
||||||
SERIAL_PORT = '/dev/ttyS0'
|
SERIAL_PORT = '/dev/ttyS0'
|
||||||
|
@ -17,6 +17,7 @@ FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
|
|||||||
details.
|
details.
|
||||||
"""
|
"""
|
||||||
|
|
||||||
|
import ldap
|
||||||
import logging
|
import logging
|
||||||
import sys
|
import sys
|
||||||
|
|
||||||
@ -62,6 +63,14 @@ serial_port = webapp.config.get('SERIAL_PORT')
|
|||||||
simulate = webapp.config.get('SIMULATE')
|
simulate = webapp.config.get('SIMULATE')
|
||||||
run_hooks = webapp.config.get('RUN_HOOKS')
|
run_hooks = webapp.config.get('RUN_HOOKS')
|
||||||
|
|
||||||
|
ldap.set_option(ldap.OPT_X_TLS_REQUIRE_CERT, ldap.OPT_X_TLS_DEMAND)
|
||||||
|
ldap.set_option(ldap.OPT_REFERRALS, 0)
|
||||||
|
if 'LDAP_CA' in webapp.config.keys():
|
||||||
|
ldap.set_option(ldap.OPT_X_TLS_CACERTFILE, webapp.config.get('LDAP_CA'))
|
||||||
|
|
||||||
|
ldap_uri = webapp.config.get('LDAP_URI')
|
||||||
|
ldap_binddn = webapp.config.get('LDAP_BINDDN')
|
||||||
|
|
||||||
# copied from sudo
|
# copied from sudo
|
||||||
eperm_insults = {
|
eperm_insults = {
|
||||||
'Wrong! You cheating scum!',
|
'Wrong! You cheating scum!',
|
||||||
@ -243,8 +252,19 @@ class Logic:
|
|||||||
log.info('SIMULATION MODE! ACCEPTING ANYTHING!')
|
log.info('SIMULATION MODE! ACCEPTING ANYTHING!')
|
||||||
return LogicResponse.Success
|
return LogicResponse.Success
|
||||||
|
|
||||||
log.info('Trying to LDAP auth (user, password) as user %s', user)
|
log.info(' Trying to LDAP auth (user, password) as user %s', user)
|
||||||
|
ldap_username = ldap_binddn % user
|
||||||
|
try:
|
||||||
|
l = ldap.initialize(ldap_uri)
|
||||||
|
l.simple_bind_s(ldap_username, password)
|
||||||
|
l.unbind_s()
|
||||||
|
except ldap.INVALID_CREDENTIALS:
|
||||||
|
log.info(' Invalid credentials')
|
||||||
|
return LogicResponse.Perm
|
||||||
|
except ldap.LDAPError as e:
|
||||||
|
log.info(' LDAP Error: %s' % e)
|
||||||
return LogicResponse.LDAP
|
return LogicResponse.LDAP
|
||||||
|
return LogicResponse.Success
|
||||||
|
|
||||||
def try_auth(self, credentials):
|
def try_auth(self, credentials):
|
||||||
method = credentials[0]
|
method = credentials[0]
|
||||||
|
Loading…
Reference in New Issue
Block a user