--- /dev/null
+/**************************************************
+opengate server
+ module for Authentication by LDAP
+
+Copyright (C) 2007 Opengate Project Team
+Written by Yoshiaki Watanabe
+
+This program is free software; you can redistribute it and/or
+modify it under the terms of the GNU General Public License
+as published by the Free Software Foundation; either version 2
+of the License, or (at your option) any later version.
+
+This program is distributed in the hope that it will be useful,
+but WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+GNU General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with this program; if not, write to the Free Software
+Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
+
+Email: watanaby@is.saga-u.ac.jp
+**************************************************/
+#include "opengatesrv.h"
+
+
+#ifndef LDAP_NOT_INSTALLED
+ #include <ldap.h>
+ #include <lber.h>
+#endif
+
+/*****************************************/
+/* Authenticate by LDAP */
+/*****************************************/
+int authLdap(char *userid, char *passwd)
+{
+
+#ifdef LDAP_NOT_INSTALLED
+ err_msg("ERR at %s#%d: No LDAP. Install openldap-client and rebuild Opengate.",
+ __FILE__,__LINE__);
+ return DENY;
+#else
+
+ LDAP *ld;
+ int desiredVersion = LDAP_VERSION3;
+ char *uri; /* ldap server URI */
+ char filter[BUFFMAXLN]="";
+ char *baseDn;
+ LDAPMessage *result;
+ LDAPMessage *entry;
+ char *dn;
+ int ret;
+
+ /* get LDAP server URI */
+ uri=GetConfValue("AuthServer/Uri");
+ if(isNull(uri)) uri=NULL; /* means ldap://localhost */
+
+ /* get LDAP search base DN */
+ baseDn=GetConfValue("AuthServer/BaseDN");
+ if(isNull(baseDn)) baseDn=NULL; /* set in uri */
+
+ /* get handle */
+ if((ld=(LDAP*)ldap_init(0, 0)) == NULL){
+ err_msg("ERR at %s#%d: Can not initialize the LDAP server",
+ __FILE__,__LINE__);
+ return DENY;
+ }
+
+ /* set LDAP version */
+ if(ldap_set_option(ld,LDAP_OPT_PROTOCOL_VERSION,&desiredVersion)
+ != LDAP_OPT_SUCCESS){
+ err_msg("ERR at %s#%d: error in LDAP set version",
+ __FILE__,__LINE__);
+ return DENY;
+ }
+
+ /* set URI such as [ldaps://ldap.saga-u.ac.jp:999] */
+ ret=ldap_set_option(ld, LDAP_OPT_URI, uri);
+ if(ret==LDAP_PARAM_ERROR){
+ err_msg("ERR at %s#%d: parameter error in LDAP set URI",
+ __FILE__,__LINE__);
+ return DENY;
+ }
+
+ /* set filter */
+ strncpy(filter, "(uid=", BUFFMAXLN);
+ strncat(filter, userid, BUFFMAXLN);
+ strncat(filter, ")", BUFFMAXLN);
+
+ /* search LDAP entry */
+ if((ldap_search_s(ld,baseDn,LDAP_SCOPE_SUBTREE,filter,NULL,0,&result))
+ !=LDAP_SUCCESS){
+ err_msg("ERR at %s#%d: error in LDAP search",
+ __FILE__,__LINE__);
+ return DENY;
+ }
+
+ /* count of matched entry must be one */
+ if(ldap_count_entries(ld,result)!=1){
+ return DENY;
+ }
+
+ /* get the entry */
+ entry=ldap_first_entry(ld,result);
+
+ /* get the DN */
+ dn=ldap_get_dn(ld, entry);
+
+ /* authenticate by binding */
+ ret=ldap_simple_bind_s(ld,dn,passwd);
+
+ /* unbinding */
+ ldap_unbind_s(ld);
+
+ /* return the auth result */
+ if(ret==LDAP_SUCCESS){
+ return ACCEPT;
+ }
+ else{
+ return DENY;
+ }
+#endif
+}
+
+
+
+
+int AuthLdap(char *userid, char *passwd)
+{
+ int ret;
+
+ if(debug>1) err_msg("DEBUG:=>authLdap(%s,passwd)",userid);
+ ret=authLdap(userid,passwd);
+ if(debug>1) err_msg("DEBUG:(%d)<=authLdap( )",ret);
+
+ return ret;
+}
+
+
+
+
+
int ipType=IPV4; /* using IP type */
int listenfd[2]; /* file descriptor for listen port */
+int hasSock6=TRUE; /* can get the socket for IPv6 */
int connfd; /* file descriptor for connection port */
int connectMode = NOCONNECT; /* the TCP connection mode */
listenfd[0]=Socket(AF_INET, SOCK_STREAM, 0);
listenfd[1]=Socket(AF_INET6, SOCK_STREAM, 0);
- if(listenfd[0]<0 || listenfd[1]<0){ /* if error, return */
- return -1;
- }
+ if(listenfd[0]<0) return -1; /* if error, return */
+ if(listenfd[1]<0) hasSock6=FALSE; /* IPv6 disabled */
- if(listenfd[0]>=FD_SETSIZE && listenfd[1]>=FD_SETSIZE){
- return -1;
+ if(hasSock6){
+ /* case of socket IPv6 is enabled */
+ if(listenfd[0]>=FD_SETSIZE && listenfd[1]>=FD_SETSIZE) return -1;
+
+ if((bind(listenfd[0], (SA *)&servaddr4, sizeof(servaddr4))==0) &&
+ (bind(listenfd[1], (SA *)&servaddr6, sizeof(servaddr6))==0) ){
+ break;
+ }
+
+ Close(listenfd[0]);
+ Close(listenfd[1]);
}
-
- if((bind(listenfd[0], (SA *)&servaddr4, sizeof(servaddr4))==0) &&
- (bind(listenfd[1], (SA *)&servaddr6, sizeof(servaddr6))==0) ){
- break;
+ else{
+ /* case of socket IPv6 is disabled */
+ if(listenfd[0]>=FD_SETSIZE) return -1;
+ if(bind(listenfd[0], (SA *)&servaddr4, sizeof(servaddr4))==0)break;
+ Close(listenfd[0]);
}
-
- Close(listenfd[0]);
- Close(listenfd[1]);
}
+
if(portNo>portmax) return -1; /* cannot get unused port */
if(Listen(listenfd[0], LISTENQ)<0) return -1; /* if error, return */
- if(Listen(listenfd[1], LISTENQ)<0) return -1;
-
+ if(hasSock6){
+ if(Listen(listenfd[1], LISTENQ)<0) return -1;
+ }
return portNo;
}
/* select socket */
FD_ZERO(&rfd0);
FD_SET(listenfd[0], &rfd0);
- FD_SET(listenfd[1], &rfd0);
+ if(hasSock6) FD_SET(listenfd[1], &rfd0);
- if(listenfd[0]>listenfd[1]) smax=listenfd[0]+1;
- else smax=listenfd[1]+1;
+ if(hasSock6){
+ if(listenfd[0]>listenfd[1]) smax=listenfd[0]+1;
+ else smax=listenfd[1]+1;
+ }else{
+ smax=listenfd[0]+1;
+ }
if((n = select(smax, &rfd0, NULL, NULL, NULL)) > 0){
/* wait connection */
if(FD_ISSET(listenfd[0], &rfd0)){
- if((connfd=accept(listenfd[0], (struct sockaddr *)&cliaddr, &len)) >= 0){
+ if((connfd=accept(listenfd[0],(struct sockaddr *)&cliaddr, &len))>=0){
/* connect by ipv4 */
ipType=IPV4;
}
}
- if(FD_ISSET(listenfd[1], &rfd0)){
+ if(hasSock6){
+ if(FD_ISSET(listenfd[1], &rfd0)){
- if((connfd=accept(listenfd[1], (struct sockaddr *)&cliaddr, &len)) >= 0){
+ if((connfd=accept(listenfd[1],(struct sockaddr *)&cliaddr, &len))>=0){
- /* connect by ipv6 */
- ipType=IPV6;
+ /* connect by ipv6 */
+ ipType=IPV6;
+ }
}
}
}