X-Git-Url: https://gerrit.opnfv.org/gerrit/gitweb?a=blobdiff_plain;f=src%2Fceph%2Fsrc%2Frgw%2Frgw_ldap.h;fp=src%2Fceph%2Fsrc%2Frgw%2Frgw_ldap.h;h=ab84d82b41e5ec3089ab4b8478f6284a5dc3a0cd;hb=812ff6ca9fcd3e629e49d4328905f33eee8ca3f5;hp=0000000000000000000000000000000000000000;hpb=15280273faafb77777eab341909a3f495cf248d9;p=stor4nfv.git diff --git a/src/ceph/src/rgw/rgw_ldap.h b/src/ceph/src/rgw/rgw_ldap.h new file mode 100644 index 0000000..ab84d82 --- /dev/null +++ b/src/ceph/src/rgw/rgw_ldap.h @@ -0,0 +1,143 @@ +// -*- mode:C++; tab-width:8; c-basic-offset:2; indent-tabs-mode:t -*- +// vim: ts=8 sw=2 smarttab + +#ifndef RGW_LDAP_H +#define RGW_LDAP_H + +#include "acconfig.h" + +#if defined(HAVE_OPENLDAP) +#define LDAP_DEPRECATED 1 +#include "ldap.h" +#endif + +#include +#include +#include +#include +#include +#include + +namespace rgw { + +#if defined(HAVE_OPENLDAP) + + class LDAPHelper + { + std::string uri; + std::string binddn; + std::string bindpw; + std::string searchdn; + std::string searchfilter; + std::string dnattr; + LDAP *ldap; + bool msad = false; /* TODO: possible future specialization */ + std::mutex mtx; + + public: + using lock_guard = std::lock_guard; + + LDAPHelper(std::string _uri, std::string _binddn, std::string _bindpw, + std::string _searchdn, std::string _searchfilter, std::string _dnattr) + : uri(std::move(_uri)), binddn(std::move(_binddn)), + bindpw(std::move(_bindpw)), searchdn(_searchdn), searchfilter(_searchfilter), dnattr(_dnattr), + ldap(nullptr) { + // nothing + } + + int init() { + int ret; + ret = ldap_initialize(&ldap, uri.c_str()); + if (ret == LDAP_SUCCESS) { + unsigned long ldap_ver = LDAP_VERSION3; + ret = ldap_set_option(ldap, LDAP_OPT_PROTOCOL_VERSION, + (void*) &ldap_ver); + } + if (ret == LDAP_SUCCESS) { + ret = ldap_set_option(ldap, LDAP_OPT_REFERRALS, LDAP_OPT_OFF); + } + return (ret == LDAP_SUCCESS) ? ret : -EINVAL; + } + + int bind() { + int ret; + ret = ldap_simple_bind_s(ldap, binddn.c_str(), bindpw.c_str()); + return (ret == LDAP_SUCCESS) ? ret : -EINVAL; + } + + int rebind() { + if (ldap) { + (void) ldap_unbind(ldap); + (void) init(); + return bind(); + } + return -EINVAL; + } + + int simple_bind(const char *dn, const std::string& pwd) { + LDAP* tldap; + int ret = ldap_initialize(&tldap, uri.c_str()); + if (ret == LDAP_SUCCESS) { + unsigned long ldap_ver = LDAP_VERSION3; + ret = ldap_set_option(tldap, LDAP_OPT_PROTOCOL_VERSION, + (void*) &ldap_ver); + if (ret == LDAP_SUCCESS) { + ret = ldap_simple_bind_s(tldap, dn, pwd.c_str()); + if (ret == LDAP_SUCCESS) { + (void) ldap_unbind(tldap); + } + } + } + return ret; // OpenLDAP client error space + } + + int auth(const std::string uid, const std::string pwd); + + ~LDAPHelper() { + if (ldap) + (void) ldap_unbind(ldap); + } + + }; /* LDAPHelper */ + +#else + + class LDAPHelper + { + public: + LDAPHelper(std::string _uri, std::string _binddn, std::string _bindpw, + std::string _searchdn, std::string _searchfilter, std::string _dnattr) + {} + + int init() { + return -ENOTSUP; + } + + int bind() { + return -ENOTSUP; + } + + int auth(const std::string uid, const std::string pwd) { + return -EACCES; + } + + ~LDAPHelper() {} + + }; /* LDAPHelper */ + + +#endif /* HAVE_OPENLDAP */ + +} /* namespace rgw */ + +#include "common/ceph_context.h" +#include "common/common_init.h" +#include "common/dout.h" +#include "common/safe_io.h" +#include + +#include "include/assert.h" + +std::string parse_rgw_ldap_bindpw(CephContext* ctx); + +#endif /* RGW_LDAP_H */