summaryrefslogtreecommitdiffstats
path: root/src/rgw/rgw_ldap.h
diff options
context:
space:
mode:
Diffstat (limited to 'src/rgw/rgw_ldap.h')
-rw-r--r--src/rgw/rgw_ldap.h143
1 files changed, 143 insertions, 0 deletions
diff --git a/src/rgw/rgw_ldap.h b/src/rgw/rgw_ldap.h
new file mode 100644
index 00000000..aeb5f613
--- /dev/null
+++ b/src/rgw/rgw_ldap.h
@@ -0,0 +1,143 @@
+// -*- mode:C++; tab-width:8; c-basic-offset:2; indent-tabs-mode:t -*-
+// vim: ts=8 sw=2 smarttab
+
+#ifndef RGW_LDAP_H
+#define RGW_LDAP_H
+
+#include "acconfig.h"
+
+#if defined(HAVE_OPENLDAP)
+#define LDAP_DEPRECATED 1
+#include "ldap.h"
+#endif
+
+#include <stdint.h>
+#include <tuple>
+#include <vector>
+#include <string>
+#include <iostream>
+#include <mutex>
+
+namespace rgw {
+
+#if defined(HAVE_OPENLDAP)
+
+ class LDAPHelper
+ {
+ std::string uri;
+ std::string binddn;
+ std::string bindpw;
+ std::string searchdn;
+ std::string searchfilter;
+ std::string dnattr;
+ LDAP *ldap;
+ bool msad = false; /* TODO: possible future specialization */
+ std::mutex mtx;
+
+ public:
+ using lock_guard = std::lock_guard<std::mutex>;
+
+ LDAPHelper(std::string _uri, std::string _binddn, std::string _bindpw,
+ const std::string &_searchdn, const std::string &_searchfilter, const std::string &_dnattr)
+ : uri(std::move(_uri)), binddn(std::move(_binddn)),
+ bindpw(std::move(_bindpw)), searchdn(_searchdn), searchfilter(_searchfilter), dnattr(_dnattr),
+ ldap(nullptr) {
+ // nothing
+ }
+
+ int init() {
+ int ret;
+ ret = ldap_initialize(&ldap, uri.c_str());
+ if (ret == LDAP_SUCCESS) {
+ unsigned long ldap_ver = LDAP_VERSION3;
+ ret = ldap_set_option(ldap, LDAP_OPT_PROTOCOL_VERSION,
+ (void*) &ldap_ver);
+ }
+ if (ret == LDAP_SUCCESS) {
+ ret = ldap_set_option(ldap, LDAP_OPT_REFERRALS, LDAP_OPT_OFF);
+ }
+ return (ret == LDAP_SUCCESS) ? ret : -EINVAL;
+ }
+
+ int bind() {
+ int ret;
+ ret = ldap_simple_bind_s(ldap, binddn.c_str(), bindpw.c_str());
+ return (ret == LDAP_SUCCESS) ? ret : -EINVAL;
+ }
+
+ int rebind() {
+ if (ldap) {
+ (void) ldap_unbind(ldap);
+ (void) init();
+ return bind();
+ }
+ return -EINVAL;
+ }
+
+ int simple_bind(const char *dn, const std::string& pwd) {
+ LDAP* tldap;
+ int ret = ldap_initialize(&tldap, uri.c_str());
+ if (ret == LDAP_SUCCESS) {
+ unsigned long ldap_ver = LDAP_VERSION3;
+ ret = ldap_set_option(tldap, LDAP_OPT_PROTOCOL_VERSION,
+ (void*) &ldap_ver);
+ if (ret == LDAP_SUCCESS) {
+ ret = ldap_simple_bind_s(tldap, dn, pwd.c_str());
+ if (ret == LDAP_SUCCESS) {
+ (void) ldap_unbind(tldap);
+ }
+ }
+ }
+ return ret; // OpenLDAP client error space
+ }
+
+ int auth(const std::string &uid, const std::string &pwd);
+
+ ~LDAPHelper() {
+ if (ldap)
+ (void) ldap_unbind(ldap);
+ }
+
+ }; /* LDAPHelper */
+
+#else
+
+ class LDAPHelper
+ {
+ public:
+ LDAPHelper(const std::string &_uri, const std::string &_binddn, const std::string &_bindpw,
+ const std::string &_searchdn, const std::string &_searchfilter, const std::string &_dnattr)
+ {}
+
+ int init() {
+ return -ENOTSUP;
+ }
+
+ int bind() {
+ return -ENOTSUP;
+ }
+
+ int auth(const std::string &uid, const std::string &pwd) {
+ return -EACCES;
+ }
+
+ ~LDAPHelper() {}
+
+ }; /* LDAPHelper */
+
+
+#endif /* HAVE_OPENLDAP */
+
+} /* namespace rgw */
+
+#include "common/ceph_context.h"
+#include "common/common_init.h"
+#include "common/dout.h"
+#include "common/safe_io.h"
+#include <boost/algorithm/string.hpp>
+
+#include "include/ceph_assert.h"
+
+std::string parse_rgw_ldap_bindpw(CephContext* ctx);
+
+#endif /* RGW_LDAP_H */