/*
* @uid: user's uid, list all users if * is passed in.
*/
static int ldap_count_users (CcnetUserManager *manager, const char *uid)
{
LDAP *ld = NULL;
int res;
GString *filter;
char *filter_str;
char *attrs[2];
LDAPMessage *msg = NULL;
ld = ldap_init_and_bind (manager->ldap_host,
#ifdef WIN32
manager->use_ssl,
#endif
manager->user_dn,
manager->password);
if (!ld)
return -1;
filter = g_string_new (NULL);
if (!manager->filter)
g_string_printf (filter, "(%s=%s)", manager->login_attr, uid);
else
g_string_printf (filter, "(&(%s=%s) (%s))",
manager->login_attr, uid, manager->filter);
filter_str = g_string_free (filter, FALSE);
attrs[0] = manager->login_attr;
attrs[1] = NULL;
char **base;
int count = 0;
for (base = manager->base_list; *base; ++base) {
res = ldap_search_s (ld, *base, LDAP_SCOPE_SUBTREE,
filter_str, attrs, 0, &msg);
if (res != LDAP_SUCCESS) {
ccnet_warning ("ldap_search failed: %s.\n", ldap_err2string(res));
ldap_msgfree (msg);
count = -1;
goto out;
}
count += ldap_count_entries (ld, msg);
ldap_msgfree (msg);
}
out:
g_free (filter_str);
if (ld) ldap_unbind_s (ld);
return count;
}
/*
* @uid: user's uid, list all users if * is passed in.
*/
static int ldap_count_users (CcnetUserManager *manager, const char *uid)
{
LDAP *ld = NULL;
int res;
GString *filter;
char *filter_str;
char *attrs[2];
LDAPMessage *msg = NULL;
int count = -1;
ld = ldap_init_and_bind (manager->ldap_host,
manager->user_dn,
manager->password);
if (!ld)
return -1;
filter = g_string_new (NULL);
g_string_printf (filter, "(%s=%s)", manager->login_attr, uid);
filter_str = g_string_free (filter, FALSE);
attrs[0] = manager->login_attr;
attrs[1] = NULL;
res = ldap_search_s (ld, manager->base, LDAP_SCOPE_SUBTREE,
filter_str, attrs, 0, &msg);
if (res != LDAP_SUCCESS) {
ccnet_warning ("ldap_search failed: %s.\n", ldap_err2string(res));
goto out;
}
count = ldap_count_entries (ld, msg);
out:
ldap_msgfree (msg);
g_free (filter_str);
if (ld) ldap_unbind_s (ld);
return count;
}
/*
* @uid: user's uid, list all users if * is passed in.
*/
static GList *ldap_list_users (CcnetUserManager *manager, const char *uid)
{
LDAP *ld = NULL;
GList *ret = NULL;
int res;
GString *filter;
char *filter_str;
char *attrs[2];
LDAPMessage *msg = NULL, *entry;
ld = ldap_init_and_bind (manager->ldap_host,
manager->user_dn,
manager->password);
if (!ld)
return NULL;
filter = g_string_new (NULL);
g_string_printf (filter, "(%s=%s)", manager->login_attr, uid);
filter_str = g_string_free (filter, FALSE);
attrs[0] = manager->login_attr;
attrs[1] = NULL;
res = ldap_search_s (ld, manager->base, LDAP_SCOPE_SUBTREE,
filter_str, attrs, 0, &msg);
if (res != LDAP_SUCCESS) {
ccnet_warning ("ldap_search failed: %s.\n", ldap_err2string(res));
ret = NULL;
goto out;
}
for (entry = ldap_first_entry (ld, msg);
entry != NULL;
entry = ldap_next_entry (ld, entry))
{
char *attr;
char **vals;
BerElement *ber;
CcnetEmailUser *user;
attr = ldap_first_attribute (ld, entry, &ber);
vals = ldap_get_values (ld, entry, attr);
user = g_object_new (CCNET_TYPE_EMAIL_USER,
"id", 0,
"email", vals[0],
"is_staff", FALSE,
"is_active", TRUE,
"ctime", (gint64)0,
NULL);
ret = g_list_prepend (ret, user);
ldap_memfree (attr);
ldap_value_free (vals);
ber_free (ber, 0);
}
out:
ldap_msgfree (msg);
g_free (filter_str);
if (ld) ldap_unbind_s (ld);
return ret;
}
static int ldap_verify_user_password (CcnetUserManager *manager,
const char *uid,
const char *password)
{
LDAP *ld = NULL;
int res;
GString *filter;
char *filter_str = NULL;
char *attrs[2];
LDAPMessage *msg = NULL, *entry;
char *dn = NULL;
int ret = 0;
/* First search for the DN with the given uid. */
ld = ldap_init_and_bind (manager->ldap_host,
manager->user_dn,
manager->password);
if (!ld)
return -1;
filter = g_string_new (NULL);
g_string_printf (filter, "(%s=%s)", manager->login_attr, uid);
filter_str = g_string_free (filter, FALSE);
attrs[0] = manager->login_attr;
attrs[1] = NULL;
res = ldap_search_s (ld, manager->base, LDAP_SCOPE_SUBTREE,
filter_str, attrs, 0, &msg);
if (res != LDAP_SUCCESS) {
ccnet_warning ("ldap_search failed: %s.\n", ldap_err2string(res));
ret = -1;
goto out;
}
entry = ldap_first_entry (ld, msg);
if (!entry) {
ccnet_warning ("user with uid %s not found in LDAP.\n", uid);
ret = -1;
goto out;
}
dn = ldap_get_dn (ld, entry);
/* Then bind the DN with password. */
ldap_unbind_s (ld);
ld = ldap_init_and_bind (manager->ldap_host, dn, password);
if (!ld) {
ccnet_warning ("Password check for %s failed.\n", uid);
ret = -1;
}
out:
ldap_msgfree (msg);
ldap_memfree (dn);
g_free (filter_str);
if (ld) ldap_unbind_s (ld);
return ret;
}
/*
* @uid: user's uid, list all users if * is passed in.
*/
static GList *ldap_list_users (CcnetUserManager *manager, const char *uid,
int start, int limit)
{
LDAP *ld = NULL;
GList *ret = NULL;
int res;
GString *filter;
char *filter_str;
char *attrs[2];
LDAPMessage *msg = NULL, *entry;
ld = ldap_init_and_bind (manager->ldap_host,
#ifdef WIN32
manager->use_ssl,
#endif
manager->user_dn,
manager->password);
if (!ld)
return NULL;
filter = g_string_new (NULL);
if (!manager->filter)
g_string_printf (filter, "(%s=%s)", manager->login_attr, uid);
else
g_string_printf (filter, "(&(%s=%s) (%s))",
manager->login_attr, uid, manager->filter);
filter_str = g_string_free (filter, FALSE);
attrs[0] = manager->login_attr;
attrs[1] = NULL;
int i = 0;
if (start == -1)
start = 0;
char **base;
for (base = manager->base_list; *base; ++base) {
res = ldap_search_s (ld, *base, LDAP_SCOPE_SUBTREE,
filter_str, attrs, 0, &msg);
if (res != LDAP_SUCCESS) {
ccnet_warning ("ldap_search failed: %s.\n", ldap_err2string(res));
ret = NULL;
ldap_msgfree (msg);
goto out;
}
for (entry = ldap_first_entry (ld, msg);
entry != NULL;
entry = ldap_next_entry (ld, entry), ++i) {
char *attr;
char **vals;
BerElement *ber;
CcnetEmailUser *user;
if (i < start)
continue;
if (limit >= 0 && i >= start + limit) {
ldap_msgfree (msg);
goto out;
}
attr = ldap_first_attribute (ld, entry, &ber);
vals = ldap_get_values (ld, entry, attr);
char *email_l = g_ascii_strdown (vals[0], -1);
user = g_object_new (CCNET_TYPE_EMAIL_USER,
"id", 0,
"email", email_l,
"is_staff", FALSE,
"is_active", TRUE,
"ctime", (gint64)0,
"source", "LDAP",
NULL);
g_free (email_l);
ret = g_list_prepend (ret, user);
ldap_memfree (attr);
ldap_value_free (vals);
ber_free (ber, 0);
}
ldap_msgfree (msg);
}
out:
g_free (filter_str);
if (ld) ldap_unbind_s (ld);
return ret;
}
static int ldap_verify_user_password (CcnetUserManager *manager,
const char *uid,
const char *password)
{
LDAP *ld = NULL;
int res;
GString *filter;
char *filter_str = NULL;
char *attrs[2];
LDAPMessage *msg = NULL, *entry;
char *dn = NULL;
int ret = 0;
/* First search for the DN with the given uid. */
ld = ldap_init_and_bind (manager->ldap_host,
#ifdef WIN32
manager->use_ssl,
#endif
manager->user_dn,
manager->password);
if (!ld)
return -1;
filter = g_string_new (NULL);
if (!manager->filter)
g_string_printf (filter, "(%s=%s)", manager->login_attr, uid);
else
g_string_printf (filter, "(&(%s=%s) (%s))",
manager->login_attr, uid, manager->filter);
filter_str = g_string_free (filter, FALSE);
attrs[0] = manager->login_attr;
attrs[1] = NULL;
char **base;
for (base = manager->base_list; *base; base++) {
res = ldap_search_s (ld, *base, LDAP_SCOPE_SUBTREE,
filter_str, attrs, 0, &msg);
if (res != LDAP_SUCCESS) {
ccnet_warning ("ldap_search failed: %s.\n", ldap_err2string(res));
ret = -1;
ldap_msgfree (msg);
goto out;
}
entry = ldap_first_entry (ld, msg);
if (entry) {
dn = ldap_get_dn (ld, entry);
ldap_msgfree (msg);
break;
}
ldap_msgfree (msg);
}
if (!dn) {
ccnet_warning ("Can't find user %s in LDAP.\n", uid);
ret = -1;
goto out;
}
/* Then bind the DN with password. */
ldap_unbind_s (ld);
ld = ldap_init_and_bind (manager->ldap_host,
#ifdef WIN32
manager->use_ssl,
#endif
dn, password);
if (!ld) {
ccnet_warning ("Password check for %s failed.\n", uid);
ret = -1;
}
out:
ldap_memfree (dn);
g_free (filter_str);
if (ld) ldap_unbind_s (ld);
return ret;
}