diff options
| author | Dennis Kaarsemaker <dennis@kaarsemaker.net> | 2016-02-23 20:14:57 +0100 |
|---|---|---|
| committer | Dennis Kaarsemaker <dennis@kaarsemaker.net> | 2016-03-25 19:07:53 +0100 |
| commit | 50bb49039b264ac599ad1ddee2be86cfc7cb68ce (patch) | |
| tree | cf8bbc7389ba680db21a68209d0298a35a7ebac2 | |
| parent | a6005da78ae1563ae4577179d1e54fff74cfe21a (diff) | |
ldap authentication backend
We only support the openldap scheme for now, with users that are
posixAccounts. Moreover, as the plugin cannot be configured directly,
you must configure libldap correctly in /etc/openldap/ldap.conf
| -rw-r--r-- | .travis.yml | 5 | ||||
| -rw-r--r-- | auth.c | 9 | ||||
| -rw-r--r-- | auth_ldap.c | 77 | ||||
| -rw-r--r-- | bitlbee.conf | 1 | ||||
| -rw-r--r-- | conf.c | 3 | ||||
| -rwxr-xr-x | configure | 13 | ||||
| -rw-r--r-- | tests/Makefile | 2 |
7 files changed, 106 insertions, 4 deletions
diff --git a/.travis.yml b/.travis.yml index 992ede90..9162ca4c 100644 --- a/.travis.yml +++ b/.travis.yml @@ -2,7 +2,7 @@ sudo: false language: c script: - - ./configure --pam=1 + - ./configure --pam=1 --ldap=1 - make check - BITLBEE_SKYPE=plugin dpkg-buildpackage -uc -us -d @@ -29,12 +29,13 @@ addons: - libpurple-dev - check - libpam0g-dev + - libldap2-dev coverity_scan: project: name: "bitlbee/bitlbee" description: "An IRC to other chat networks gateway" notification_email: dx@dxzone.com.ar - build_command_prepend: ./configure --otr=1 --debug=1 --pam=1 + build_command_prepend: ./configure --otr=1 --debug=1 --pam=1 --ldap=1 build_command: make branch_pattern: coverity_scan @@ -4,6 +4,9 @@ #ifdef WITH_PAM extern auth_backend_t auth_pam; #endif +#ifdef WITH_LDAP +extern auth_backend_t auth_ldap; +#endif GList *auth_init(const char *backend) { @@ -15,6 +18,12 @@ GList *auth_init(const char *backend) ok = 1; } #endif +#ifdef WITH_LDAP + gl = g_list_append(gl, &auth_ldap); + if (backend && !strcmp(backend, "ldap")) { + ok = 1; + } +#endif return ok ? gl : NULL; } diff --git a/auth_ldap.c b/auth_ldap.c new file mode 100644 index 00000000..e2cff8f7 --- /dev/null +++ b/auth_ldap.c @@ -0,0 +1,77 @@ +#define BITLBEE_CORE +#define LDAP_DEPRECATED 1 +#include "bitlbee.h" +#include <ldap.h> + +static storage_status_t ldap_check_pass(const char *nick, const char *password) +{ + LDAP *ldap; + LDAPMessage *msg, *entry; + char *dn = NULL; + char *filter; + char *attrs[1] = { NULL }; + int ret, count; + + if((ret = ldap_initialize(&ldap, NULL)) != LDAP_SUCCESS) { + log_message(LOGLVL_WARNING, "ldap_initialize failed: %s", ldap_err2string(ret)); + return STORAGE_OTHER_ERROR; + } + + /* First we do an anonymous bind to map uid=$nick to a DN*/ + if((ret = ldap_simple_bind_s(ldap, NULL, NULL)) != LDAP_SUCCESS) { + ldap_unbind_s(ldap); + log_message(LOGLVL_WARNING, "Anonymous bind failed: %s", ldap_err2string(ret)); + return STORAGE_OTHER_ERROR; + } + + + /* We search and process the result */ + filter = g_strdup_printf("(uid=%s)", nick); + ret = ldap_search_ext_s(ldap, NULL, LDAP_SCOPE_SUBTREE, filter, attrs, 0, NULL, NULL, NULL, 1, &msg); + g_free(filter); + + if(ret != LDAP_SUCCESS) { + ldap_unbind_s(ldap); + log_message(LOGLVL_WARNING, "uid search failed: %s", ldap_err2string(ret)); + return STORAGE_OTHER_ERROR; + } + + count = ldap_count_entries(ldap, msg); + if (count == -1) { + ldap_get_option(ldap, LDAP_OPT_ERROR_NUMBER, &ret); + ldap_msgfree(msg); + ldap_unbind_s(ldap); + log_message(LOGLVL_WARNING, "uid search failed: %s", ldap_err2string(ret)); + return STORAGE_OTHER_ERROR; + } + + if (!count) { + ldap_msgfree(msg); + ldap_unbind_s(ldap); + return STORAGE_NO_SUCH_USER; + } + + entry = ldap_first_entry(ldap, msg); + dn = ldap_get_dn(ldap, entry); + ldap_msgfree(msg); + + /* And now we bind as the user to authenticate */ + ret = ldap_simple_bind_s(ldap, dn, password); + g_free(dn); + ldap_unbind_s(ldap); + + switch (ret) { + case LDAP_SUCCESS: + return STORAGE_OK; + case LDAP_INVALID_CREDENTIALS: + return STORAGE_INVALID_PASSWORD; + default: + log_message(LOGLVL_WARNING, "Authenticated bind failed: %s", ldap_err2string(ret)); + return STORAGE_OTHER_ERROR; + } +} + +auth_backend_t auth_ldap = { + .name = "ldap", + .check_pass = ldap_check_pass, +}; diff --git a/bitlbee.conf b/bitlbee.conf index d781a7b1..b6544378 100644 --- a/bitlbee.conf +++ b/bitlbee.conf @@ -65,6 +65,7 @@ ## ## - storage (internal storage) ## - pam (Linux PAM authentication) +## - ldap (LDAP server configured in the openldap settings) # # AuthBackend = storage # @@ -244,7 +244,8 @@ static int conf_loadini(conf_t *conf, char *file) } else if (g_strcasecmp(ini->key, "authbackend") == 0) { if (g_strcasecmp(ini->value, "storage") == 0) { conf->auth_backend = NULL; - } else if (g_strcasecmp(ini->value, "pam") == 0) { + } else if (g_strcasecmp(ini->value, "pam") == 0 || + g_strcasecmp(ini->value, "ldap") == 0) { g_free(conf->auth_backend); conf->auth_backend = g_strdup(ini->value); } else { @@ -52,6 +52,7 @@ events=glib ssl=auto pam=0 +ldap=0 pie=1 @@ -136,6 +137,7 @@ Option Description Default (automatically disables other protocol modules) --pam=0/1 Disable/enable PAM authentication $pam +--ldap=0/1 Disable/enable LDAP authentication $ldap --doc=0/1 Disable/enable help.txt generation $doc --debug=0/1 Disable/enable debugging $debug @@ -645,6 +647,17 @@ else authobjs=$authobjs'auth_pam.o ' authlibs=$authlibs'-lpam ' fi +if [ "$ldap" = 0 ]; then + echo '#undef WITH_LDAP' >> config.h +else + if ! echo '#include <ldap.h>' | $CC -E - >/dev/null 2>/dev/null; then + echo 'Cannot find libldap development libraries, aborting. (Install libldap2-dev?)' + exit 1 + fi + echo '#define WITH_LDAP' >> config.h + authobjs=$authobjs'auth_ldap.o ' + authlibs=$authlibs'-lldap ' +fi echo AUTH_OBJS=$authobjs >> Makefile.settings echo EFLAGS+=$authlibs >> Makefile.settings diff --git a/tests/Makefile b/tests/Makefile index 77ed2273..7756c17f 100644 --- a/tests/Makefile +++ b/tests/Makefile @@ -14,7 +14,7 @@ clean: distclean: clean -main_objs = bitlbee.o conf.o dcc.o help.o ipc.o irc.o irc_cap.o irc_channel.o irc_commands.o irc_im.o irc_send.o irc_user.o irc_util.o irc_commands.o log.o nick.o query.o root_commands.o set.o storage.o storage_xml.o auth.o auth_pam.o +main_objs = bitlbee.o conf.o dcc.o help.o ipc.o irc.o irc_cap.o irc_channel.o irc_commands.o irc_im.o irc_send.o irc_user.o irc_util.o irc_commands.o log.o nick.o query.o root_commands.o set.o storage.o storage_xml.o auth.o auth_pam.o auth_ldap.o test_objs = check.o check_util.o check_nick.o check_md5.o check_arc.o check_irc.o check_help.o check_user.o check_set.o check_jabber_sasl.o check_jabber_util.o |