Wittyshare  0.2
 All Classes Namespaces Files Functions Variables Typedefs Enumerations Enumerator Macros Pages
WsLdapAuth.cpp
Go to the documentation of this file.
1 
14 #include "WsLdapAuth.h"
15 #include <Include/WsGlobalConfig.h>
16 #include <boost/tokenizer.hpp>
17 #include <stdlib.h>
18 using namespace std;
19 
20 extern "C" {
21  void WsLdapAuthInit(void)
22  {
23  LOG(DEBUG) << "WsLdapAuth::WsLdapAuthInit() : Preparing required libraries : libgdcore ";
24  void* hndl = dlopen("libgdcore.so", RTLD_NOW | RTLD_GLOBAL);
25  if ( hndl == NULL )
26  LOG(ERROR) << "WsLdapAuth::WsLdapAuthInit() : Cannot load libgdcore.so shared library! " << dlerror();
27  }
28 }
29 
30 
31 WsLdapAuth::WsLdapAuth()
32 {
33  m_ldapStatus = notLoaded;
34 }
35 
36 int WsLdapAuth::authentify(const string& uid, const string& pass, const std::string& ip)
37 {
38  m_uid = uid;
39  m_ip = ip;
40  bool isPublicSite = WsGlobalProperties::instance()->get("global", "public_site", "false") == "true" ? true : false;
41  if (isPublicSite) {
42  string guest = WsGlobalProperties::instance()->get("global", "guest_group", "guest");
43  if (!ipValid(ip) || uid == guest) {
44  LOG(INFO) << "WsLdapAuth::authentify() : IP not valid " << ip << " For user " << uid;
45  /* Generate unique id for the guest */
46  int ran = rand() % 10000000 + 1;
47  m_uid = m_uid + "-" + boost::lexical_cast<string>(ran);
48  m_groups.insert(guest);
49  return ErrorCode::Success;
50  }
51  }
52  m_ldapStatus = notLoaded;
53  m_properties = WsGlobalProperties::instance();
54  gdCLdapServer cLdapServer;
55  cLdapServer.strServer = m_properties->get("ldap", "server", "");
56  cLdapServer.strDisplayName = m_properties->get("ldap", "server_name", "");
57  /* Common settings for groups and uid */
58  gdCLdap cLdap;
59  gdCLdapAttributes cWitchAttrs;
60  gdCLdapFilter cFilter;
61  gdCLdapEntries cEntries;
62  cFilter.pServer = &cLdapServer;
63  cFilter.nScope = LDAP_SCOPE_SUB;
64  /* Uid specific settings */
65  cFilter.strInitialSearchBase = m_properties->get("ldap", "search_base_uid", "");
66  LOG(DEBUG) << "WsLdapAuth :: getting filter for uid " << m_uid;
67  cFilter.strFilter = m_properties->getAndReplace("ldap", "filter_uid", m_uid, "");
68  LOG(DEBUG) << "WsLdapAuth :: Filter for uid " << cFilter.strFilter;
69  cWitchAttrs.push_back(new gdCLdapAttribute(m_properties->get("ldap", "sn_key", "")));
70  cWitchAttrs.push_back(new gdCLdapAttribute(m_properties->get("ldap", "gn_key", "")));
71  cWitchAttrs.push_back(new gdCLdapAttribute(m_properties->get("ldap", "mail_key", "")));
72  cWitchAttrs.push_back(new gdCLdapAttribute("dn"));
73  if ( !cLdap.GetInfo(cFilter, cWitchAttrs, cEntries) ) {
74  LOG(ERROR) << "WsLdapAuth::authentify() : Could not query ldap !" << endl;
75  m_ldapStatus = onError;
76  /* Free memory */
77  for (int i = 0; i < cWitchAttrs.size(); ++i) {
78  delete cWitchAttrs[i];
79  }
80  return ErrorCode::Failure;
81  }
82  if ( cEntries.size() != 1 ) {
83  LOG(ERROR) << "WsLdapAuth::authentify() : Null or too much entries when querying LDAP !" << endl;
84  m_ldapStatus = onError;
85  for (int i = 0; i < cWitchAttrs.size(); ++i) {
86  delete cWitchAttrs[i];
87  }
88  return ErrorCode::Failure;
89  }
90  /* Retrive uid related data */
91  for (int nEntry = 0; nEntry < cEntries.size(); nEntry++) {
92  for (int nAttr = 0; nAttr < cEntries[nEntry]->Attrs.size(); nAttr++) {
93  if ( cEntries[nEntry]->Attrs[nAttr]->Attr == m_properties->get("ldap", "sn_key", "")) {
94  m_surname = cEntries[nEntry]->Attrs[nAttr]->Values[0]->ToStr();
95  continue;
96  }
97  if ( cEntries[nEntry]->Attrs[nAttr]->Attr == m_properties->get("ldap", "gn_key", "")) {
98  m_name = cEntries[nEntry]->Attrs[nAttr]->Values[0]->ToStr();
99  continue;
100  }
101  if ( cEntries[nEntry]->Attrs[nAttr]->Attr == m_properties->get("ldap", "mail_key", "")) {
102  m_email = cEntries[nEntry]->Attrs[nAttr]->Values[0]->ToStr();
103  continue;
104  }
105  if ( cEntries[nEntry]->Attrs[nAttr]->Attr == "dn" ) {
106  m_dn = cEntries[nEntry]->Attrs[nAttr]->Values[0]->ToStr();
107  continue;
108  }
109  }
110  }
111  // Authenticate in ldap db : require the DN + password. The DN is retrieved by the previous query based on the uid passed as argument.
112  if ( isPublicSite && uid.size() > 0 ) {
113  cLdapServer.DisConnect();
114  cLdapServer.strLogon = m_dn;
115  cLdapServer.strPassword = pass;
116  if ( !cLdapServer.Connect() ) {
117  LOG(DEBUG) << "WsLdapAuth::authentify() : Cannot connect with uid " << m_uid;
118  m_ldapStatus = onError;
119  return ErrorCode::Failure;
120  } else
121  LOG(DEBUG) << "WsLdapAuth :: Connected with dn " << m_dn;
122  }
123  /* Groups specific settings */
124  cFilter.strInitialSearchBase = m_properties->get("ldap", "search_base_groups", "");
125  cFilter.strFilter = m_properties->getAndReplace("ldap", "filter_groups", m_uid, "");
126  LOG(DEBUG) << "WsLdapAuth::authentify() : Filter for groups " << cFilter.strFilter;
127  gdCLdapAttributes cWitchAttrs2;
128  gdCLdapEntries cEntries2;
129  cWitchAttrs2.push_back(new gdCLdapAttribute(m_properties->get("ldap", "groups_key", "")));
130  cLdap.setManageDSAIT(true);
131  if ( !cLdap.GetInfo(cFilter, cWitchAttrs2, cEntries2) ) {
132  LOG(ERROR) << "WsLdapAuth::authentify() : Could not query ldap !";
133  m_ldapStatus = onError;
134  for (int i = 0 ; i < cWitchAttrs2.size(); ++i) {
135  delete cWitchAttrs[i];
136  }
137  return ErrorCode::Failure;
138  }
139  LOG(DEBUG) << "WsLdapAuth::authentify() : groups entries size : " << cEntries2.size();
140  for (int nEntry = 0; nEntry < cEntries2.size(); nEntry++) {
141  for (int nAttr = 0; nAttr < cEntries2[nEntry]->Attrs.size(); nAttr++) {
142  if ( cEntries2[nEntry]->Attrs[nAttr]->Attr == m_properties->get("ldap", "groups_key", "")) {
143  for (int nVal = 0; nVal < cEntries2[nEntry]->Attrs[nAttr]->Values.size(); nVal++) {
144  m_groups.insert(cEntries2[nEntry]->Attrs[nAttr]->Values[nVal]->ToStr().c_str());
145  }
146  continue;
147  }
148  }
149  }
150  for (int i = 0 ; i < cWitchAttrs2.size(); ++i) {
151  delete cWitchAttrs[i];
152  }
153  m_ldapStatus = loaded;
154  return ErrorCode::Success;
155 }
156 
157 string WsLdapAuth::getUid()
158 {
159  return m_uid;
160 }
161 
162 string WsLdapAuth::getFirstName()
163 {
164  return m_name;
165 }
166 
167 string WsLdapAuth::getSurname()
168 {
169  return m_surname;
170 }
171 
172 string WsLdapAuth::getEmail()
173 {
174  return m_email;
175 }
176 
177 set<string> WsLdapAuth::getUserGroups()
178 {
179  return m_groups;
180 }
181 
182 set<string> WsLdapAuth::getAllGroups()
183 {
184  m_ldapStatus = notLoaded;
185  m_properties = WsGlobalProperties::instance();
186  gdCLdapServer cLdapServer;
187  cLdapServer.strServer = m_properties->get("ldap", "server", "");
188  cLdapServer.strDisplayName = m_properties->get("ldap", "server_name", "");
189  /* Common settings for groups */
190  gdCLdap cLdap;
191  gdCLdapFilter cFilter;
192  cFilter.pServer = &cLdapServer;
193  cFilter.nScope = LDAP_SCOPE_SUB;
194  /* Groups specific settings */
195  cFilter.strInitialSearchBase = m_properties->get("ldap", "search_base_allgroups", "");
196  cFilter.strFilter = m_properties->get("ldap", "filter_allgroups", "");
197  gdCLdapAttributes cWitchAttrs2;
198  gdCLdapEntries cEntries2;
199  cWitchAttrs2.push_back(new gdCLdapAttribute(m_properties->get("ldap", "allgroups_key", "")));
200  cLdap.setManageDSAIT(true);
201  if ( !cLdap.GetInfo(cFilter, cWitchAttrs2, cEntries2) ) {
202  LOG(ERROR) << "WsLdapAuth::authentify() : Could not query ldap !";
203  m_ldapStatus = onError;
204  return set<string>();
205  }
206  for (int nEntry = 0; nEntry < cEntries2.size(); nEntry++) {
207  for (int nAttr = 0; nAttr < cEntries2[nEntry]->Attrs.size(); nAttr++) {
208  if ( cEntries2[nEntry]->Attrs[nAttr]->Attr == m_properties->get("ldap", "allgroups_key", "")) {
209  for (int nVal = 0; nVal < cEntries2[nEntry]->Attrs[nAttr]->Values.size(); nVal++) {
210  m_allGroups.insert(cEntries2[nEntry]->Attrs[nAttr]->Values[nVal]->ToStr().c_str());
211  }
212  continue;
213  }
214  }
215  }
216  m_ldapStatus = loaded;
217  return m_allGroups;
218 }
219 
220 bool WsLdapAuth::ipValid(string ip)
221 {
222  string ipMask = WsGlobalProperties::instance()->get("ldap", "ip_mask", "*");
223  if (ipMask == "*")
224  return true;
225  typedef boost::tokenizer<boost::char_separator<char> > tokenizer;
226  boost::char_separator<char> sep(".");
227  tokenizer maskTok(ipMask, sep);
228  tokenizer uipTok(ip, sep);
229  tokenizer::iterator mask_iter = maskTok.begin();
230  tokenizer::iterator ip_iter = uipTok.begin();
231  for (; ip_iter != uipTok.end(); ++mask_iter, ++ip_iter) {
232  if (mask_iter == maskTok.end())
233  return false;
234  if (*mask_iter == "*")
235  continue;
236  if (*ip_iter != *mask_iter)
237  return false;
238  }
239  return true;
240 }
DEBUG
#define DEBUG
Definition: WsLogger.h:27
WsLdapAuth::ipValid
bool ipValid(std::string ip)
return true or false whether the ip is valid (ie match the mask in the configuration file ...
Definition: WsLdapAuth.cpp:220
WsLdapAuth.h
Ldap connector class.
ErrorCode::Failure
const int Failure
Definition: WsGlobalConfig.h:21
WsLdapAuth::authentify
int authentify(const std::string &uid, const std::string &pass="", const std::string &ip="")
authenticate the user by retrieving his info from ldap
Definition: WsLdapAuth.cpp:36
WsLdapAuth::getUserGroups
std::set< std::string > getUserGroups()
get the groups of the user
Definition: WsLdapAuth.cpp:177
LOG
#define LOG
Definition: WsLogger.h:22
INFO
#define INFO
Definition: WsLogger.h:32
WsLdapAuth::getSurname
std::string getSurname()
Get the surname of the user.
Definition: WsLdapAuth.cpp:167
WsGlobalProperties::get
std::string get(const std::string &section, const std::string &id, const std::string &def)
Definition: WsGlobalProperties.cpp:38
WsGlobalProperties::instance
static WsGlobalProperties * instance()
Definition: WsGlobalProperties.cpp:28
WsLdapAuth::getUid
std::string getUid()
Get the uid of the user.
Definition: WsLdapAuth.cpp:157
WsLdapAuth::getFirstName
std::string getFirstName()
Get the first name of the user.
Definition: WsLdapAuth.cpp:162
WsLdapAuth::getAllGroups
std::set< std::string > getAllGroups()
get all the groups in the ldap
Definition: WsLdapAuth.cpp:182
WsLdapAuth::WsLdapAuth
WsLdapAuth()
Constructor.
Definition: WsLdapAuth.cpp:31
WsLdapAuthInit
void WsLdapAuthInit(void)
Definition: WsLdapAuth.cpp:21
WsLdapAuth::getEmail
std::string getEmail()
Get the email of the user.
Definition: WsLdapAuth.cpp:172
ErrorCode::Success
const int Success
Definition: WsGlobalConfig.h:20
ERROR
#define ERROR
Definition: WsLogger.h:42
Generated on Wed Apr 23 2014 14:00:11 for Wittyshare by   doxygen 1.8.6