Hey,
I've finally gotten some time together (yeah, like I was gonna do back in
May...) and wrote up the LDAP authentication code for the new
authentication API. Everything works out very nicely with the new code!
Well, everything except for MD5 passwords. So here's the new draft of the
authldap.c, which should be a drop-in for dbauth*sql.c
Please do NOT use this code for a production machine. It is ALPHA only!
Some notes:
- write operations are not implemented (such as adding users, etc)
- MD5 authentication is not implemented (I need the real password to bind)
- configuration file code is kinda sorta so so eh. needs work.
I haven't actually tested this code yet. It does compile without warnings,
and so at this point I want to start the sharing process. I'll spend some
more time on it this weekend, getting things to actually work and whatnot,
and post an updated version next week (hopefully).
Enjoy!
Aaron
/*
* $Id: authldap.c $
* (c) 2002 Aaron Stone, [EMAIL PROTECTED]
* User authentication functions for LDAP.
*/
#include "auth.h"
#include "ldap.h"
#include "list.h"
#include "debug.h"
#include <stdlib.h>
#include <stdio.h>
#include <string.h>
#include "db.h"
#include "dbmd5.h"
#include <crypt.h>
#include "config.h"
#include <time.h>
#define AUTH_QUERY_SIZE 1024
/* string to be returned by db_getencryption() */
#define _DESCSTRLEN 50
char __auth_encryption_desc_string[_DESCSTRLEN];
extern char *configFile;
static LDAP *_ldap_conn;
static LDAPMessage *_ldap_res;
static LDAPMessage *_ldap_msg;
static int _ldap_err;
static int _ldap_scope = LDAP_SCOPE_SUBTREE; /* Should be a config item */
static int _ldap_attrsonly = 0;
static int _ldap_num_entries;
static char *_ldap_dn;
static char **_ldap_vals;
static char **_ldap_attrs = NULL;
static char _ldap_query[AUTH_QUERY_SIZE];
static char *_cfg_ldap_bind_dn,
*_cfg_ldap_bind_pw,
*_cfg_ldap_base_dn,
*_cfg_ldap_scope,
*_cfg_ldap_hostname,
*_cfg_ldap_port,
*_cfg_ldap_field_uid,
*_cfg_ldap_field_cid,
*_cfg_ldap_field_nid,
*_cfg_ldap_field_mail,
*_cfg_ldap_field_mailalt,
*_cfg_ldap_field_maxmail;
field_t _auth_host, _auth_user, _auth_db, _auth_pass;
static void _get_ldap_config()
{
field_t val;
struct list ldapItems;
ReadConfig("LDAP", configFile, &ldapItems);
SetTraceLevel(&ldapItems);
GetConfigValue("BIND_DN", &ldapItems, val);
if (strlen(val) == 0)
trace(TRACE_DEBUG, "_get_ldap_config(): no value for BIND_DN in config
file");
trace(TRACE_DEBUG, "SetConfigItems(): bind_dn [%s]\n", val);
_cfg_ldap_bind_dn = val;
GetConfigValue("BIND_PW", &ldapItems, val);
if (strlen(val) == 0)
trace(TRACE_DEBUG, "_get_ldap_config(): no value for BIND_DN in config
file");
trace(TRACE_DEBUG, "SetConfigItems(): bind_pw [%s]\n", val);
_cfg_ldap_bind_pw = val;
GetConfigValue("BASE_DN", &ldapItems, val);
if (strlen(val) == 0)
trace(TRACE_DEBUG, "_get_ldap_config(): no value for BIND_DN in config
file");
trace(TRACE_DEBUG, "SetConfigItems(): timeout [%s] seconds", val);
_cfg_ldap_base_dn = val;
GetConfigValue("PORT", &ldapItems, val);
if (strlen(val) == 0)
trace(TRACE_DEBUG, "_get_ldap_config(): no value for BIND_DN in config
file");
trace(TRACE_DEBUG, "SetConfigItems(): timeout [%s] seconds", val);
_cfg_ldap_port = val;
GetConfigValue("HOSTNAME", &ldapItems, val);
if (strlen(val) == 0)
trace(TRACE_DEBUG, "_get_ldap_config(): no value for BIND_DN in config
file");
trace(TRACE_DEBUG, "SetConfigItems(): timeout [%s] seconds", val);
_cfg_ldap_hostname = val;
GetConfigValue("FIELD_UID", &ldapItems, val);
if (strlen(val) == 0)
trace(TRACE_DEBUG, "_get_ldap_config(): no value for BIND_DN in config
file");
trace(TRACE_DEBUG, "SetConfigItems(): timeout [%s] seconds", val);
_cfg_ldap_field_uid = val;
GetConfigValue("FIELD_CID", &ldapItems, val);
if (strlen(val) == 0)
trace(TRACE_DEBUG, "_get_ldap_config(): no value for BIND_DN in config
file");
trace(TRACE_DEBUG, "SetConfigItems(): timeout [%s] seconds", val);
_cfg_ldap_field_cid = val;
GetConfigValue("FIELD_NID", &ldapItems, val);
if (strlen(val) == 0)
trace(TRACE_DEBUG, "_get_ldap_config(): no value for BIND_DN in config
file");
trace(TRACE_DEBUG, "SetConfigItems(): timeout [%s] seconds", val);
_cfg_ldap_field_nid = val;
GetConfigValue("FIELD_MAIL", &ldapItems, val);
if (strlen(val) == 0)
trace(TRACE_DEBUG, "_get_ldap_config(): no value for BIND_DN in config
file");
trace(TRACE_DEBUG, "SetConfigItems(): timeout [%s] seconds", val);
_cfg_ldap_field_mail = val;
GetConfigValue("FIELD_MAILALT", &ldapItems, val);
if (strlen(val) == 0)
trace(TRACE_DEBUG, "_get_ldap_config(): no value for BIND_DN in config
file");
trace(TRACE_DEBUG, "SetConfigItems(): timeout [%s] seconds", val);
_cfg_ldap_field_mailalt = val;
GetConfigValue("FIELD_MAXMAIL", &ldapItems, val);
if (strlen(val) == 0)
trace(TRACE_DEBUG, "_get_ldap_config(): no value for BIND_DN in config
file");
trace(TRACE_DEBUG, "SetConfigItems(): timeout [%s] seconds", val);
_cfg_ldap_field_maxmail = val;
}
/*
* auth_connect()
*
* initializes the connection for authentication.
*
* returns 0 on success, -1 on failure
*/
int auth_connect()
{
_ldap_conn = ldap_init( _cfg_ldap_hostname, atoi( _cfg_ldap_port ) );
_ldap_err = ldap_bind_s( _ldap_conn, _cfg_ldap_bind_dn, _cfg_ldap_bind_pw,
LDAP_AUTH_SIMPLE );
if( _ldap_err )
{
trace(TRACE_ERROR,"auth_connect(): ldap_bind_s failed: %s",
ldap_err2string( ldap_error( _ldap_err ) ) );
return -1;
}
return 0;
}
int auth_disconnect()
{
ldap_unbind( _ldap_conn );
return 0;
}
u64_t auth_user_exists(const char *username)
{
u64_t uid;
if (!username)
{
trace(TRACE_ERROR,"auth_user_exists(): got NULL as username\n");
return 0;
}
snprintf( _ldap_query, AUTH_QUERY_SIZE, "%s=%s", _cfg_ldap_field_uid,
username );
_ldap_err = ldap_search_s( _ldap_conn, _cfg_ldap_base_dn, *_cfg_ldap_scope,
_ldap_query, _ldap_attrs, _ldap_attrsonly, &_ldap_res );
if ( _ldap_err )
{
trace(TRACE_ERROR, "auth_user_exists(): could not execute query: %s\n",
ldap_err2string( ldap_error( _ldap_err ) ) );
return -1;
}
_ldap_msg = ldap_first_entry( _ldap_conn, _ldap_res );
if ( _ldap_msg == NULL )
{
ldap_get_option(_ldap_conn, LDAP_OPT_ERROR_NUMBER, &_ldap_err);
trace(TRACE_ERROR,"auth_user_exists(): ldap_first_entry failed: %s",
ldap_err2string( ldap_error( _ldap_err ) ) );
return -1;
}
_ldap_vals = ldap_get_values( _ldap_conn, _ldap_msg, _cfg_ldap_field_uid );
uid = ( *_ldap_vals ) ? strtoull( *_ldap_vals, 0, 0 ) : 0;
ldap_value_free( _ldap_vals );
return uid;
}
/* return a list of existing users. -2 on mem error, -1 on db-error, 0 on
succes */
int auth_get_known_users(struct list *users)
{
int i, j;
if (!users)
{
trace(TRACE_ERROR,"auth_get_known_users(): got a NULL pointer as
argument\n");
return -2;
}
list_init(users);
/* do a inverted (DESC) query because adding the names to the final list
inverts again */
snprintf( _ldap_query, AUTH_QUERY_SIZE, "(objectClass=*)");
_ldap_err = ldap_search_s( _ldap_conn, _cfg_ldap_base_dn, *_cfg_ldap_scope,
_ldap_query, _ldap_attrs, _ldap_attrsonly, &_ldap_res );
if ( _ldap_err )
{
trace( TRACE_ERROR, "auth_get_known_users(): could not retrieve user
list: %s", ldap_err2string( ldap_error( _ldap_err ) ) );
return -1;
}
/* find out how many results for our query */
j = ldap_count_entries( _ldap_conn, _ldap_res );
if( j > 0 )
{
/* for the first result we use ldap_first_entry */
_ldap_msg = ldap_first_entry( _ldap_conn, _ldap_res );
if ( _ldap_msg == NULL)
{
ldap_get_option(_ldap_conn, LDAP_OPT_ERROR_NUMBER, &_ldap_err);
trace(TRACE_ERROR,"auth_get_known_users(): ldap_first_entry failed:
%s", ldap_err2strings( ldap_error( _ldap_err ) ) );
return -1;
}
_ldap_vals = ldap_get_values( _ldap_conn, _ldap_msg, _cfg_ldap_field_uid
);
if( _ldap_vals == NULL )
{
ldap_get_option(_ldap_conn, LDAP_OPT_ERROR_NUMBER, &_ldap_err);
trace(TRACE_ERROR,"auth_get_known_users(): ldap_get_values failed:
%s", ldap_err2strings( ldap_error( _ldap_err ) ) );
return -1;
}
if ( !list_nodeadd( users, *_ldap_vals, strlen( *_ldap_vals ) + 1 ) )
{
list_freelist( &users->start );
return -2;
}
/* for subsequent results we use ldap_next_entry */
for ( i = 0; i < j; i++ )
{
/* the LDAPMessage structure has entries for "res" and "msg" so we
use just one of them here */
_ldap_msg = ldap_next_entry( _ldap_conn, _ldap_msg );
if ( _ldap_msg == NULL)
{
ldap_get_option(_ldap_conn, LDAP_OPT_ERROR_NUMBER, &_ldap_err);
trace(TRACE_ERROR,"auth_get_known_user(): ldap_next_entry failed:
%s", ldap_err2strings( ldap_error( _ldap_err ) ) );
return -1;
}
_ldap_vals = ldap_get_values( _ldap_conn, _ldap_msg,
_cfg_ldap_field_uid );
if ( *_ldap_vals == NULL )
{
ldap_get_option(_ldap_conn, LDAP_OPT_ERROR_NUMBER, &_ldap_err);
trace(TRACE_ERROR,"auth_get_known_users(): ldap_get_values
failed: %s", ldap_err2strings( ldap_error( _ldap_err ) ) );
return -1;
}
if ( !list_nodeadd( users, *_ldap_vals, strlen( *_ldap_vals ) + 1 ) )
{
list_freelist( &users->start );
return -2;
}
}
}
else
{
trace(TRACE_ERROR,"auth_get_known_users(): no users found\n" );
}
ldap_value_free( _ldap_vals );
return 0;
}
u64_t auth_getclientid(u64_t useridnr)
{
u64_t cid;
if (!useridnr)
{
trace(TRACE_ERROR,"auth_getclientid(): got NULL as useridnr\n");
return 0;
}
snprintf( _ldap_query, AUTH_QUERY_SIZE, "(%s=%llu)", _cfg_ldap_field_cid,
useridnr );
_ldap_err = ldap_search_s( _ldap_conn, _cfg_ldap_base_dn, *_cfg_ldap_scope,
_ldap_query, _ldap_attrs, _ldap_attrsonly, &_ldap_res );
if ( _ldap_err )
{
trace(TRACE_ERROR, "auth_getclientid(): could not execute query: %s\n",
ldap_err2string( ldap_error( _ldap_err ) ) );
return -1;
}
_ldap_msg = ldap_first_entry( _ldap_conn, _ldap_res );
if ( _ldap_msg == NULL )
{
ldap_get_option(_ldap_conn, LDAP_OPT_ERROR_NUMBER, &_ldap_err);
trace(TRACE_ERROR,"auth_getclientid(): ldap_first_entry failed: %s",
ldap_err2string( ldap_error( _ldap_err ) ) );
return -1;
}
_ldap_vals = ldap_get_values( _ldap_conn, _ldap_msg, _cfg_ldap_field_cid );
cid = ( (char *)_ldap_vals ) ? strtoull( (char *)_ldap_vals, 0, 0 ) : 0;
ldap_value_free( _ldap_vals );
return cid;
}
u64_t auth_getmaxmailsize(u64_t useridnr)
{
u64_t maxmailsize;
if (!useridnr)
{
trace(TRACE_ERROR,"auth_getmaxmailsize(): got NULL as useridnr\n");
return 0;
}
snprintf( _ldap_query, AUTH_QUERY_SIZE, "(%s=%llu)", _cfg_ldap_field_maxmail,
useridnr );
_ldap_err = ldap_search_s( _ldap_conn, _cfg_ldap_base_dn, *_cfg_ldap_scope,
_ldap_query, _ldap_attrs, _ldap_attrsonly, &_ldap_res );
if ( _ldap_err )
{
trace(TRACE_ERROR, "auth_getmaxmailsize(): could not execute query:
%s\n", ldap_err2string( ldap_error( _ldap_err ) ) );
return -1;
}
_ldap_msg = ldap_first_entry( _ldap_conn, _ldap_res );
if ( _ldap_msg == NULL )
{
ldap_get_option(_ldap_conn, LDAP_OPT_ERROR_NUMBER, &_ldap_err);
trace(TRACE_ERROR,"auth_getmaxmailsize(): ldap_first_entry failed: %s",
ldap_err2string( ldap_error( _ldap_err ) ) );
return -1;
}
_ldap_vals = ldap_get_values( _ldap_conn, _ldap_msg, _cfg_ldap_field_cid );
maxmailsize = ( (char *)_ldap_vals ) ? strtoull( (char *)_ldap_vals, 0, 10 )
: -1;
ldap_value_free( _ldap_vals );
return maxmailsize;
}
/*
* auth_getencryption()
*
* returns a string describing the encryption used for the passwd storage
* for this user.
* The string is valid until the next function call; in absence of any
* encryption the string will be empty (not null).
*
* If the specified user does not exist an empty string will be returned.
*/
char* auth_getencryption(u64_t useridnr)
{
/* ldap does not support fancy passwords */
return 0;
}
/* recursive function, should be called with checks == -1 from main routine */
int auth_check_user (const char *username, struct list *userids, int checks)
{
int occurences=0, r;
int i, j;
trace(TRACE_DEBUG,"auth_check_user(): checking user [%s] in alias
table",username);
if (checks > MAX_CHECKS_DEPTH)
{
trace(TRACE_ERROR, "auth_check_user(): maximum checking depth reached,
there probably is a loop in your alias table\n");
return -1;
}
snprintf ( _ldap_query, AUTH_QUERY_SIZE, "(%s=%s)", _cfg_ldap_field_uid,
username );
_ldap_err = ldap_search_s( _ldap_conn, _cfg_ldap_base_dn, *_cfg_ldap_scope,
_ldap_query, _ldap_attrs, _ldap_attrsonly, &_ldap_res );
if ( _ldap_err )
{
trace(TRACE_ERROR, "auth_check_user(): could not execute query: %s",
ldap_err2string( ldap_error( _ldap_err ) ) );
return -1;
}
/* we're just using a little counter variable, since we'll use it in the for
loop later */
j = ldap_count_entries( _ldap_conn, _ldap_res );
if ( j < 1 )
{
if ( checks > 0 )
{
/* found the last one, this is the deliver to
* but checks needs to be bigger then 0 because
* else it could be the first query failure */
list_nodeadd( userids, username, strlen( username ) + 1 );
trace (TRACE_DEBUG,"auth_check_user(): adding [%s] to deliver_to
address\n",username);
return 1;
}
else
{
trace (TRACE_DEBUG,"auth_check_user(): user [%s] not in aliases
table\n",username);
return 0;
}
}
trace (TRACE_DEBUG,"auth_check_user(): into checking loop\n");
/* do the first entry here */
_ldap_msg = ldap_first_entry( _ldap_conn, _ldap_res );
if ( _ldap_msg == NULL )
{
ldap_get_option(_ldap_conn, LDAP_OPT_ERROR_NUMBER, &_ldap_err);
trace(TRACE_ERROR,"auth_check_user(): ldap_first_entry failed: %s",
ldap_err2string( ldap_error( _ldap_err ) ) );
return -1;
}
/* we'll get the next entry at the _end_ of the loop! */
for ( i = 0; i < j; i++ )
{
_ldap_vals = ldap_get_values( _ldap_conn, _ldap_msg, _cfg_ldap_field_cid );
// FIXME: what field is this?
/* do a recursive search for deliver_to */
trace (TRACE_DEBUG,"auth_check_user(): checking user %s to %s",username,
(char *)_ldap_vals);
r = auth_check_user ((char *)_ldap_vals, userids, (checks < 0) ? 1 :
checks+1);
if (r < 0)
{
/* loop detected */
ldap_value_free( _ldap_vals );
if (checks > 0)
return -1; /* still in recursive call */
if (userids->start)
{
list_freelist(&userids->start);
userids->total_nodes = 0;
}
return 0; /* report to calling routine: no results */
}
occurences += r;
/* do the next entry here */
_ldap_msg = ldap_next_entry( _ldap_conn, _ldap_msg );
if ( _ldap_msg == NULL )
{
ldap_get_option(_ldap_conn, LDAP_OPT_ERROR_NUMBER, &_ldap_err);
trace(TRACE_ERROR,"auth_check_user(): ldap_next_entry failed: %s",
ldap_err2string( ldap_error( _ldap_err ) ) );
return -1;
}
}
trace(TRACE_DEBUG,"auth_check_user(): executing query, checks [%d]", checks);
/* trace(TRACE_INFO,"auth_check_user(): user [%s] has [%d]
entries",username,occurences); */
return occurences;
}
/*
* auth_check_user_ext()
*
* As auth_check_user() but adds the numeric ID of the user found
* to userids or the forward to the fwds.
*
* returns the number of occurences.
*/
int auth_check_user_ext(const char *username, struct list *userids, struct list
*fwds, int checks)
{
int i, j;
int occurences=0;
u64_t id;
char *endptr = NULL;
trace(TRACE_DEBUG,"auth_check_user_ext(): checking user [%s] in alias
table",username);
snprintf( _ldap_query, AUTH_QUERY_SIZE, "(%s=%s)", _cfg_ldap_field_uid,
username );
trace(TRACE_DEBUG,"auth_check_user_ext(): executing query, checks [%d]",
checks);
_ldap_err = ldap_search_s( _ldap_conn, _cfg_ldap_base_dn, *_cfg_ldap_scope,
_ldap_query, _ldap_attrs, _ldap_attrsonly, &_ldap_res );
if ( _ldap_err )
{
trace(TRACE_ERROR, "auth_check_user_ext(): could not execute query: %s",
ldap_err2string( ldap_error( _ldap_err ) ) );
return -1;
}
/* we're just using a little counter variable, since we'll use it in the for
loop later */
j = ldap_count_entries( _ldap_conn, _ldap_res );
if ( i < 1 )
{
if (checks>0)
{
/* found the last one, this is the deliver to
* but checks needs to be bigger then 0 because
* else it could be the first query failure */
id = strtoull(username, &endptr, 10);
if (*endptr == 0)
list_nodeadd(userids, &id, sizeof(id)); /* numeric deliver-to -->
this is a userid */
else
list_nodeadd(fwds, username, strlen(username)+1);
trace (TRACE_DEBUG,"auth_check_user_ext(): adding [%s] to deliver_to
address",username);
return 1;
}
else
{
trace (TRACE_DEBUG,"auth_check_user_ext(): user [%s] not in aliases
table", username);
return 0;
}
}
trace (TRACE_DEBUG,"auth_check_user_ext(): into checking loop");
/* do the first entry here */
_ldap_msg = ldap_first_entry( _ldap_conn, _ldap_res );
if ( _ldap_msg == NULL )
{
ldap_get_option(_ldap_conn, LDAP_OPT_ERROR_NUMBER, &_ldap_err);
trace(TRACE_ERROR,"auth_check_user_ext(): ldap_first_entry failed: %s",
ldap_err2string( ldap_error( _ldap_err ) ) );
return -1;
}
/* we'll get the next entry at the _end_ of the loop! */
for ( i = 0; i < j; i++ )
{
_ldap_vals = ldap_get_values( _ldap_conn, _ldap_msg, _cfg_ldap_field_cid
); // FIXME: what field is this?
/* do a recursive search for deliver_to */
trace (TRACE_DEBUG,"auth_check_user_ext(): checking user %s to
%s",username, (char *)_ldap_vals);
occurences += auth_check_user_ext((char *)_ldap_vals, userids, fwds, 1);
/* do the next entry here */
_ldap_msg = ldap_next_entry( _ldap_conn, _ldap_msg );
if ( _ldap_msg == NULL )
{
ldap_get_option(_ldap_conn, LDAP_OPT_ERROR_NUMBER, &_ldap_err);
trace(TRACE_ERROR,"auth_check_user_ext(): ldap_next_entry failed:
%s", ldap_err2string( ldap_error( _ldap_err ) ) );
return -1;
}
}
/* trace(TRACE_INFO,"auth_check_user(): user [%s] has [%d]
entries",username,occurences); */
return occurences;
}
/*
* auth_adduser()
*
* adds a new user to the database
* and adds a INBOX
* returns a useridnr on succes, -1 on failure
*/
u64_t auth_adduser (char *username, char *password, char *enctype, char
*clientid, char *maxmail)
{
return -1;
}
int auth_delete_user(const char *username)
{
return -1;
}
int auth_change_username(u64_t useridnr, const char *newname)
{
return -1;
}
int auth_change_password(u64_t useridnr, const char *newpass, const char
*enctype)
{
return -1;
}
int auth_change_clientid(u64_t useridnr, u64_t newcid)
{
return -1;
}
int auth_change_mailboxsize(u64_t useridnr, u64_t newsize)
{
return -1;
}
/*
* auth_validate()
*
* tries to validate user 'user'
*
* returns useridnr on OK, 0 on validation failed, -1 on error
*/
u64_t auth_validate (char *user, char *password)
{
u64_t id;
int is_validated = 0;
char timestr[30];
time_t td;
struct tm tm;
time(&td); /* get time */
tm = *localtime(&td); /* get components */
strftime(timestr, sizeof(timestr), "%G-%m-%d %H:%M:%S", &tm);
snprintf( _ldap_query, AUTH_QUERY_SIZE, "(%s=%s)", _cfg_ldap_field_uid, user
);
_ldap_err = ldap_search_s( _ldap_conn, _cfg_ldap_base_dn, *_cfg_ldap_scope,
_ldap_query, _ldap_attrs, _ldap_attrsonly, &_ldap_res );
if ( _ldap_err )
{
trace(TRACE_ERROR, "auth_validate(): could not select user information:
%s", ldap_err2string( ldap_error( _ldap_err ) ) );
return -1;
}
if ( ldap_count_entries( _ldap_conn, _ldap_res ) )
{
_ldap_msg = ldap_first_entry( _ldap_conn, _ldap_res );
if( _ldap_msg == NULL )
{
trace(TRACE_ERROR, "auth_validate(): could not select user
information: %s", ldap_err2string( ldap_error( _ldap_err ) ) );
return -1;
}
}
else
{
/* user does not exist */
ldap_free_value( _ldap_vals );
return 0;
}
_ldap_vals = ldap_get_values( _ldap_conn, _ldap_msg, "dn" );
/* now, try to rebind as the given DN using the supplied password */
trace (TRACE_DEBUG,"auth_validate(): rebinding as [%s] to validate
password\n",(char *)_ldap_vals);
_ldap_err = ldap_bind_s( _ldap_conn, (char *)_ldap_vals, password,
LDAP_AUTH_SIMPLE );
// FIXME: do we need to bind back to the dbmail "superuser" again?
if( _ldap_err )
{
trace(TRACE_ERROR,"auth_validate(): ldap_bind_s failed: %s",
ldap_err2string( ldap_error( _ldap_err ) ) );
ldap_free_value( _ldap_vals );
return 0;
}
else
{
_ldap_vals = ldap_get_values( _ldap_conn, _ldap_msg, _cfg_ldap_field_nid
);
id = ((char *)_ldap_vals) ? strtoull((char *)_ldap_vals, NULL, 10) : 0;
/* FIXME: implement this in LDAP... log login in the dbase
snprintf(__auth_query_data, AUTH_QUERY_SIZE, "UPDATE users SET last_login
= '%s' "
"WHERE user_idnr = %llu", timestr, id);
if (__auth_query(__auth_query_data)==-1)
trace(TRACE_ERROR, "auth_validate(): could not update user login time");
*/
}
ldap_free_value( _ldap_vals );
return id;
}
u64_t auth_md5_validate (char *username,unsigned char *md5_apop_he, char
*apop_stamp)
{
/* returns useridnr on OK, 0 on validation failed, -1 on error */
return 0;
}
/* Given a useridnr, find the account/login name
* return 0 if not found, NULL on error
*/
char *auth_get_userid (u64_t *useridnr)
{
char *returnid = NULL;
if ( !useridnr )
{
trace(TRACE_ERROR,"auth_get_userid(): got NULL as useridnr\n");
return 0;
}
snprintf( _ldap_query, AUTH_QUERY_SIZE, "(%s=%llu)", _cfg_ldap_field_nid,
useridnr );
_ldap_err = ldap_search_s( _ldap_conn, _cfg_ldap_base_dn, *_cfg_ldap_scope,
_ldap_query, _ldap_attrs, _ldap_attrsonly, &_ldap_res );
if ( _ldap_err )
{
trace(TRACE_ERROR, "auth_get_userid(): could not execute query: %s\n",
ldap_err2string( ldap_error( _ldap_err ) ) );
return NULL;
}
if ( ldap_count_entries( _ldap_conn, _ldap_res ) < 1 )
{
trace (TRACE_DEBUG,"auth_get_userid(): user has no username?");
return 0;
}
_ldap_msg = ldap_first_entry( _ldap_conn, _ldap_res );
if ( _ldap_msg == NULL )
{
ldap_get_option(_ldap_conn, LDAP_OPT_ERROR_NUMBER, &_ldap_err);
trace(TRACE_ERROR,"auth_get_userid(): ldap_first_entry failed: %s",
ldap_err2string( ldap_error( _ldap_err ) ) );
return NULL;
}
_ldap_vals = ldap_get_values( _ldap_conn, _ldap_msg, _cfg_ldap_field_cid );
if ( _ldap_vals )
{
if ( !( returnid = (char *)my_malloc( strlen( (char *)_ldap_vals ) + 1 )
) )
{
trace( TRACE_ERROR, "auth_get_userid(): out of memory" );
return NULL;
}
strcpy ( returnid, (char *)_ldap_vals );
}
ldap_value_free( _ldap_vals );
return returnid;
}
