]>
Commit | Line | Data |
---|---|---|
7179962a | 1 | /* |
7179962a | 2 | * SARG Squid Analysis Report Generator http://sarg.sourceforge.net |
61d965f3 | 3 | * 1998, 2012 |
7179962a PO |
4 | * |
5 | * SARG donations: | |
6 | * please look at http://sarg.sourceforge.net/donations.php | |
ac422f9b FM |
7 | * Support: |
8 | * http://sourceforge.net/projects/sarg/forums/forum/363374 | |
7179962a PO |
9 | * --------------------------------------------------------------------- |
10 | * | |
11 | * This program is free software; you can redistribute it and/or modify | |
12 | * it under the terms of the GNU General Public License as published by | |
13 | * the Free Software Foundation; either version 2 of the License, or | |
14 | * (at your option) any later version. | |
15 | * | |
16 | * This program is distributed in the hope that it will be useful, | |
17 | * but WITHOUT ANY WARRANTY; without even the implied warranty of | |
18 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | |
19 | * GNU General Public License for more details. | |
20 | * | |
21 | * You should have received a copy of the GNU General Public License | |
22 | * along with this program; if not, write to the Free Software | |
23 | * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111, USA. | |
24 | * | |
25 | */ | |
26 | ||
27 | #include "include/conf.h" | |
28 | #include "include/defs.h" | |
29 | ||
965c4a6f FM |
30 | #ifdef HAVE_LDAP_H |
31 | #define LDAP_DEPRECATED 1 | |
32 | ||
7179962a PO |
33 | #include <ldap.h> |
34 | #include <ldap_cdefs.h> | |
35 | #include <ldap_features.h> | |
965c4a6f | 36 | #endif //HAVE_LDAP_H |
7179962a | 37 | |
965c4a6f FM |
38 | enum UserTabEnum |
39 | { | |
9bd92830 FM |
40 | //! Users matched against the ::UserTabFile file. |
41 | UTT_File, | |
42 | //! Users matched agains a LDAP. | |
43 | UTT_Ldap, | |
44 | //! No user matching performed. | |
45 | UTT_None | |
965c4a6f FM |
46 | }; |
47 | ||
48 | enum UserTabEnum which_usertab=UTT_None; | |
7179962a | 49 | |
965c4a6f | 50 | static char *userfile=NULL; |
7179962a | 51 | |
965c4a6f FM |
52 | #ifdef HAVE_LDAP_H |
53 | static LDAP *ldap_handle=NULL; | |
54 | #endif //HAVE_LDAP_H | |
55 | ||
56 | static void init_file_usertab(const char *UserTabFile) | |
57 | { | |
9bd92830 FM |
58 | FILE *fp_usr; |
59 | long int nreg; | |
60 | char buf[MAXLEN]; | |
61 | int z1, z2; | |
965c4a6f | 62 | |
9bd92830 FM |
63 | if((fp_usr=fopen(UserTabFile,"r"))==NULL) { |
64 | debuga(_("(usertab) Cannot open file %s - %s\n"),UserTabFile,strerror(errno)); | |
65 | exit(EXIT_FAILURE); | |
66 | } | |
67 | if (fseek(fp_usr, 0, SEEK_END)==-1) { | |
68 | debuga(_("Failed to move till the end of the usertab file %s: %s\n"),UserTabFile,strerror(errno)); | |
69 | exit(EXIT_FAILURE); | |
70 | } | |
71 | nreg = ftell(fp_usr); | |
72 | if (nreg<0) { | |
c4633554 | 73 | debuga(_("Cannot get the size of file %s\n"),UserTabFile); |
9bd92830 FM |
74 | exit(EXIT_FAILURE); |
75 | } | |
76 | nreg += 100; | |
77 | if (fseek(fp_usr, 0, SEEK_SET)==-1) { | |
78 | debuga(_("Failed to rewind the usertab file %s: %s\n"),UserTabFile,strerror(errno)); | |
79 | exit(EXIT_FAILURE); | |
80 | } | |
81 | if((userfile=(char *) malloc(nreg))==NULL){ | |
c4633554 | 82 | debuga(_("ERROR: Cannot load. Memory fault\n")); |
9bd92830 FM |
83 | exit(EXIT_FAILURE); |
84 | } | |
85 | userfile[0]='\t'; | |
86 | z2=1; | |
87 | while(fgets(buf,sizeof(buf),fp_usr)!=NULL) { | |
88 | if (buf[0]=='#') continue; | |
89 | fixendofline(buf); | |
90 | z1=0; | |
91 | while(buf[z1] && (unsigned char)buf[z1]>' ') { | |
92 | if (z2+3>=nreg) { //need at least 3 additional bytes for the minimum string "\n\t\0" | |
93 | debuga(_("The list of the users is too long in your %s file.\n"),UserTabFile); | |
94 | exit(EXIT_FAILURE); | |
95 | } | |
96 | userfile[z2++]=buf[z1++]; | |
97 | } | |
98 | while(buf[z1] && (unsigned char)buf[z1]<=' ') z1++; | |
99 | userfile[z2++]='\n'; | |
100 | while(buf[z1] && (unsigned char)buf[z1]>=' ') { | |
101 | if (z2+2>=nreg) { //need at least 2 additional bytes for "\t\0" | |
102 | debuga(_("The list of the users is too long in your %s file.\n"),UserTabFile); | |
103 | exit(EXIT_FAILURE); | |
104 | } | |
105 | userfile[z2++]=buf[z1++]; | |
106 | } | |
107 | while(userfile[z2-1]==' ') z2--; | |
108 | userfile[z2++]='\t'; | |
109 | } | |
110 | userfile[z2]='\0'; | |
111 | fclose(fp_usr); | |
965c4a6f FM |
112 | } |
113 | ||
114 | static void get_usertab_name(const char *user,char *name,int namelen) | |
115 | { | |
9bd92830 FM |
116 | char warea[MAXLEN]; |
117 | char *str; | |
965c4a6f | 118 | |
9bd92830 FM |
119 | sprintf(warea,"\t%s\n",user); |
120 | if((str=(char *) strstr(userfile,warea)) == (char *) NULL ) { | |
a87d4d11 | 121 | safe_strcpy(name,user,namelen); |
9bd92830 FM |
122 | } else { |
123 | str=strchr(str+1,'\n'); | |
124 | str++; | |
a87d4d11 | 125 | namelen--; |
9bd92830 FM |
126 | for(z1=0; *str != '\t' && z1<namelen ; z1++) { |
127 | name[z1]=*str++; | |
128 | } | |
a87d4d11 | 129 | name[z1]='\0'; |
9bd92830 | 130 | } |
965c4a6f FM |
131 | } |
132 | ||
133 | #ifdef HAVE_LDAP_H | |
134 | static void init_ldap_usertab(void) { | |
0ee7618e FM |
135 | char *ldapuri; |
136 | LDAPURLDesc url; | |
137 | int rc; | |
138 | ||
9bd92830 | 139 | ldap_handle = NULL; |
0ee7618e FM |
140 | |
141 | /* Setting LDAP connection and initializing cache */ | |
142 | memset(&url,0,sizeof(url)); | |
143 | url.lud_scheme = "ldap"; | |
144 | url.lud_host = LDAPHost; | |
145 | url.lud_port = LDAPPort; | |
146 | url.lud_scope = LDAP_SCOPE_DEFAULT; | |
147 | ldapuri = ldap_url_desc2str(&url); | |
148 | if (ldapuri==NULL) { | |
149 | debuga(_("Cannot prepare ldap URI for server %s on port %d\n"),LDAPHost,LDAPPort); | |
9bd92830 FM |
150 | exit(EXIT_FAILURE); |
151 | } | |
7179962a | 152 | |
0ee7618e FM |
153 | rc = ldap_initialize(&ldap_handle, ldapuri); |
154 | if (rc != LDAP_SUCCESS) { | |
155 | debuga(_("Unable to connect to LDAP server %s on port %d: %d (%s)\n"), LDAPHost, LDAPPort, rc, ldap_err2string(rc)); | |
156 | exit(EXIT_FAILURE); | |
157 | } | |
158 | ldap_memfree(ldapuri); | |
159 | ||
52fe76a6 FM |
160 | if (ldap_set_option(ldap_handle, LDAP_OPT_REFERRALS, LDAP_OPT_OFF) != LDAP_OPT_SUCCESS) { |
161 | debuga(_("Could not disable LDAP_OPT_REFERRALS\n")); | |
162 | exit(EXIT_FAILURE); | |
163 | } | |
9bd92830 FM |
164 | int ldap_protocol_version = LDAPProtocolVersion; |
165 | if (ldap_set_option(ldap_handle, LDAP_OPT_PROTOCOL_VERSION, &ldap_protocol_version) != LDAP_SUCCESS) { | |
166 | debuga(_("Could not set LDAP protocol version %d\n"), ldap_protocol_version); | |
167 | exit(EXIT_FAILURE); | |
168 | } | |
7179962a | 169 | |
9bd92830 | 170 | /* Bind to the LDAP server. */ |
9bd92830 FM |
171 | rc = ldap_simple_bind_s( ldap_handle, LDAPBindDN, LDAPBindPW ); |
172 | if ( rc != LDAP_SUCCESS ) { | |
173 | debuga(_("Cannot bind to LDAP server: %s\n"), ldap_err2string(rc)); | |
174 | exit(EXIT_FAILURE); | |
175 | } | |
965c4a6f | 176 | |
9bd92830 | 177 | /* Initializing cache */ |
7179962a | 178 | |
9bd92830 | 179 | init_cache(); |
7179962a PO |
180 | } |
181 | ||
965c4a6f FM |
182 | static void get_ldap_name(const char *userlogin,char *mappedname,int namelen) |
183 | { | |
9bd92830 FM |
184 | /* Start searching username in cache */ |
185 | // According to rfc2254 section 4, only *()\ and NUL must be escaped. This list is rather conservative ! | |
186 | const char strictchars[] = " ~!@^&(){}|<>?:;\"\'\\[]`,\r\n\0"; | |
187 | char filtersearch[256], *searched_in_cache; | |
188 | char searchloginname[3*MAX_USER_LEN]; | |
189 | char *attr, **vals; | |
0ee7618e | 190 | const char *ptr; |
9bd92830 FM |
191 | LDAPMessage *result, *e; |
192 | BerElement *ber; | |
193 | int i; | |
d1d8390c FM |
194 | int slen; |
195 | int rc; | |
0bfbafc0 | 196 | char *attrs[2]; |
0ee7618e FM |
197 | |
198 | searched_in_cache = search_in_cache(userlogin); | |
199 | if (searched_in_cache!=NULL) { | |
a87d4d11 | 200 | safe_strcpy(mappedname, searched_in_cache,namelen); |
0ee7618e FM |
201 | return; |
202 | } | |
1b048c43 | 203 | |
0ee7618e | 204 | // escape characters according to rfc2254 section 4 |
d1d8390c | 205 | for (slen=0 , ptr=userlogin ; slen<sizeof(searchloginname)-1 && *ptr ; ptr++) { |
0ee7618e | 206 | if (strchr(strictchars,*ptr)) { |
d1d8390c | 207 | if (slen+3>=sizeof(searchloginname)-1) break; |
63413116 | 208 | slen+=sprintf(searchloginname+slen,"\\%02X",*ptr); |
9bd92830 | 209 | } else { |
d1d8390c | 210 | searchloginname[slen++]=*ptr; |
9bd92830 FM |
211 | } |
212 | } | |
d1d8390c FM |
213 | searchloginname[slen]='\0'; |
214 | ||
215 | i=0; | |
216 | ptr=LDAPFilterSearch; | |
217 | while (i<sizeof(filtersearch)-1 && *ptr) { | |
218 | if (ptr[0]=='%' && ptr[1]=='s') { | |
219 | if (i+slen>=sizeof(filtersearch)) break; | |
220 | memcpy(filtersearch+i,searchloginname,slen); | |
221 | i+=slen; | |
222 | ptr+=2; | |
223 | } else { | |
224 | filtersearch[i++]=*ptr++; | |
225 | } | |
226 | } | |
227 | filtersearch[i]='\0'; | |
965c4a6f | 228 | |
0ee7618e FM |
229 | /* Search record(s) in LDAP base */ |
230 | attrs[0]=LDAPTargetAttr; | |
0bfbafc0 | 231 | attrs[1]=NULL; |
d1d8390c | 232 | rc= ldap_search_ext_s(ldap_handle, LDAPBaseSearch, LDAP_SCOPE_SUBTREE, filtersearch, attrs, 0, NULL, NULL, NULL, -1, &result); |
0ee7618e FM |
233 | if (rc != LDAP_SUCCESS) { |
234 | debuga(_("LDAP search failed: %s\n"), ldap_err2string(rc)); | |
235 | debuga(_("looking for \"%s\" at or below \"%s\"\n"),filtersearch,LDAPBaseSearch); | |
a87d4d11 | 236 | safe_strcpy(mappedname,userlogin,namelen); |
0ee7618e FM |
237 | return; |
238 | } | |
965c4a6f | 239 | |
0ee7618e FM |
240 | if (!(e = ldap_first_entry(ldap_handle, result))) { |
241 | insert_to_cache(userlogin, userlogin); | |
a87d4d11 | 242 | safe_strcpy(mappedname, userlogin,namelen); |
0ee7618e FM |
243 | return; |
244 | } | |
965c4a6f | 245 | |
0ee7618e FM |
246 | for (attr = ldap_first_attribute(ldap_handle, e, &ber); attr != NULL; attr = ldap_next_attribute(ldap_handle, e, ber)) { |
247 | if (!strcasecmp(attr, LDAPTargetAttr)) { | |
248 | if ((vals = (char **)ldap_get_values(ldap_handle, e, attr))!=NULL) { | |
249 | insert_to_cache(userlogin, vals[0]); | |
a87d4d11 | 250 | safe_strcpy(mappedname, vals[0],namelen); |
0ee7618e | 251 | ldap_memfree(vals); |
9bd92830 | 252 | } |
0ee7618e FM |
253 | ldap_memfree(attr); |
254 | break; | |
255 | } | |
256 | ldap_memfree(attr); | |
9bd92830 | 257 | } |
0ee7618e | 258 | ldap_msgfree(result); |
965c4a6f FM |
259 | } |
260 | #endif //HAVE_LDAP_H | |
261 | ||
262 | void init_usertab(const char *UserTabFile) | |
263 | { | |
9bd92830 FM |
264 | if (strcmp(UserTabFile, "ldap") == 0) { |
265 | if(debug) | |
266 | debuga(_("Loading User table: %s\n"),UserTabFile); | |
965c4a6f | 267 | #ifdef HAVE_LDAP_H |
9bd92830 FM |
268 | which_usertab=UTT_Ldap; |
269 | init_ldap_usertab(); | |
965c4a6f | 270 | #else |
9bd92830 FM |
271 | debuga(_("LDAP module not compiled in sarg\n")); |
272 | exit(EXIT_FAILURE); | |
965c4a6f | 273 | #endif //HAVE_LDAP_H |
9bd92830 FM |
274 | } else if (UserTabFile[0] != '\0') { |
275 | if(debug) | |
276 | debuga(_("Loading User table: %s\n"),UserTabFile); | |
277 | which_usertab=UTT_File; | |
278 | init_file_usertab(UserTabFile); | |
279 | } else { | |
280 | which_usertab=UTT_None; | |
281 | } | |
965c4a6f FM |
282 | } |
283 | ||
284 | void user_find(char *mappedname, int namelen, const char *userlogin) | |
285 | { | |
9bd92830 FM |
286 | if (which_usertab==UTT_File) { |
287 | get_usertab_name(userlogin,mappedname,namelen); | |
288 | } | |
965c4a6f | 289 | #ifdef HAVE_LDAP_H |
9bd92830 FM |
290 | else if (which_usertab==UTT_Ldap) { |
291 | get_ldap_name(userlogin,mappedname,namelen); | |
292 | } | |
965c4a6f | 293 | #endif //HAVE_LDAP_H |
9bd92830 | 294 | else { |
a87d4d11 | 295 | safe_strcpy(mappedname,userlogin,namelen); |
9bd92830 | 296 | } |
7179962a PO |
297 | } |
298 | ||
965c4a6f FM |
299 | void close_usertab(void) |
300 | { | |
301 | #ifdef HAVE_LDAP_H | |
9bd92830 FM |
302 | if (ldap_handle) { |
303 | destroy_cache(); | |
304 | ldap_unbind(ldap_handle); | |
305 | ldap_handle=NULL; | |
306 | } | |
965c4a6f | 307 | #endif //HAVE_LDAP_H |
9bd92830 FM |
308 | if(userfile) { |
309 | free(userfile); | |
310 | userfile=NULL; | |
311 | } | |
7179962a PO |
312 | } |
313 |