)
AC_ARG_VAR([LDAP_LIBS], [linker flags for openldap])
+
+ AC_CHECK_HEADERS([krb5.h],
+ [],
+ [AC_MSG_ERROR([Kerberos header (krb5.h) not found])]
+ )
+
+ AC_ARG_VAR([KRB5_LIBS], [linker flag to add Kerberos 5 libraries])
+
+ AC_CHECK_LIB([krb5], [krb5_init_context],
+ [
+ KRB5_LIBS="-lkrb5"
+ ]
+ )
+
+ AC_CHECK_FUNCS([krb5_get_init_creds_opt_set_default_flags])
])
ldapbackend.cc ldapbackend.hh \
powerldap.cc powerldap.hh \
utils.hh exceptions.hh \
- ldaputils.hh ldaputils.cc
+ ldaputils.hh ldaputils.cc \
+ ldapauthenticator.hh ldapauthenticator_p.hh ldapauthenticator.cc
libldapbackend_la_LDFLAGS = -module -avoid-version
-libldapbackend_la_LIBADD = $(LDAP_LIBS)
+libldapbackend_la_LIBADD = $(LDAP_LIBS) $(KRB5_LIBS)
-ldapbackend.lo powerldap.lo ldaputils.lo
+ldapbackend.lo powerldap.lo ldaputils.lo ldapauthenticator.lo
-$(LDAP_LIBS)
+$(LDAP_LIBS) $(KRB5_LIBS)
--- /dev/null
+/*
+ * PowerDNS LDAP Backend
+ * Copyright (C) 2011 Grégory Oestreicher <greg@kamago.net>
+ * Copyright (C) 2003-2007 Norbert Sendetzky <norbert@linuxnetworks.de>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2
+ * as published by the Free Software Foundation.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
+ */
+
+#include <pdns/logger.hh>
+#include "ldapauthenticator_p.hh"
+#include "ldaputils.hh"
+
+/*****************************
+ *
+ * LdapSimpleAuthenticator
+ *
+ ****************************/
+
+LdapSimpleAuthenticator::LdapSimpleAuthenticator( const std::string& dn, const std::string& pw, int tmout )
+ : binddn( dn ), bindpw( pw ), timeout( tmout )
+{
+}
+
+bool LdapSimpleAuthenticator::authenticate( LDAP *conn )
+{
+ int msgid;
+
+#ifdef HAVE_LDAP_SASL_BIND
+ int rc;
+ struct berval passwd;
+
+ passwd.bv_val = (char *)bindpw.c_str();
+ passwd.bv_len = strlen( passwd.bv_val );
+
+ if( ( rc = ldap_sasl_bind( conn, binddn.c_str(), LDAP_SASL_SIMPLE, &passwd, NULL, NULL, &msgid ) ) != LDAP_SUCCESS )
+ {
+ fillLastError( conn, rc );
+ return false;
+ }
+#else
+ if( ( msgid = ldap_bind( conn, binddn.c_str(), bindpw.c_str(), LDAP_AUTH_SIMPLE ) ) == -1 )
+ {
+ fillLastError( conn, msgid );
+ return false;
+ }
+#endif
+
+ ldapWaitResult( conn, msgid, timeout, NULL );
+ return true;
+}
+
+std::string LdapSimpleAuthenticator::getError() const
+{
+ return lastError;
+}
+
+void LdapSimpleAuthenticator::fillLastError( LDAP* conn, int code )
+{
+ lastError = ldapGetError( conn, code );
+}
--- /dev/null
+/*
+ * PowerDNS LDAP Backend
+ * Copyright (C) 2011 Grégory Oestreicher <greg@kamago.net>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2
+ * as published by the Free Software Foundation.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
+ */
+
+#include <ldap.h>
+#include <string>
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+#endif
+
+#ifndef LDAPAUTHENTICATOR_HH
+#define LDAPAUTHENTICATOR_HH
+
+class LdapAuthenticator
+{
+public:
+ virtual ~LdapAuthenticator() {}
+ virtual bool authenticate( LDAP *connection ) = 0;
+ virtual std::string getError() const = 0;
+};
+
+#endif // LDAPAUTHENTICATOR_HH
--- /dev/null
+/*
+ * PowerDNS LDAP Backend
+ * Copyright (C) 2011 Grégory Oestreicher <greg@kamago.net>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2
+ * as published by the Free Software Foundation.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
+ */
+
+#include "ldapauthenticator.hh"
+
+#ifndef LDAPAUTHENTICATOR_P_HH
+#define LDAPAUTHENTICATOR_P_HH
+
+class LdapSimpleAuthenticator : public LdapAuthenticator
+{
+ std::string binddn;
+ std::string bindpw;
+ int timeout;
+ std::string lastError;
+
+ void fillLastError( LDAP *conn, int code );
+
+public:
+ LdapSimpleAuthenticator( const std::string &dn, const std::string &pw, int timeout );
+ virtual bool authenticate( LDAP *conn );
+ virtual std::string getError() const;
+};
+
+#endif // LDAPAUTHENTICATOR_P_HH
#include "config.h"
#endif
#include "exceptions.hh"
+#include "ldapauthenticator_p.hh"
#include "ldapbackend.hh"
unsigned int ldap_host_index = 0;
m_msgid = 0;
m_qname.clear();
m_pldap = NULL;
+ m_authenticator = NULL;
m_ttl = 0;
m_axfrqlen = 0;
m_last_modified = 0;
m_pldap = new PowerLDAP( hoststr.c_str(), LDAP_PORT, mustDo( "starttls" ) );
m_pldap->setOption( LDAP_OPT_DEREF, LDAP_DEREF_ALWAYS );
m_pldap->bind( getArg( "binddn" ), getArg( "secret" ), LDAP_AUTH_SIMPLE, getArgAsNum( "timeout" ) );
+ m_authenticator = new LdapSimpleAuthenticator( getArg( "binddn" ), getArg( "secret" ), getArgAsNum( "timeout" ) );
+ m_pldap->bind( m_authenticator );
L << Logger::Notice << m_myname << " Ldap connection succeeded" << endl;
return;
LdapBackend::~LdapBackend()
{
- if( m_pldap != NULL ) { delete( m_pldap ); }
- try {
- L << Logger::Notice << m_myname << " Ldap connection closed" << endl;
- }
- catch (...) {
- }
+ delete( m_pldap );
+ delete( m_authenticator );
+ L << Logger::Notice << m_myname << " Ldap connection closed" << endl;
}
using std::string;
using std::vector;
-
+class LdapAuthenticator;
/*
* Known DNS RR types
string m_myname;
DNSName m_qname;
PowerLDAP* m_pldap;
+ LdapAuthenticator *m_authenticator;
PowerLDAP::sentry_t m_result;
PowerLDAP::sentry_t::iterator m_attribute;
vector<string>::iterator m_value;
#include "config.h"
#endif
#include "exceptions.hh"
+#include "ldapauthenticator.hh"
#include "ldaputils.hh"
#include "powerldap.hh"
#include "pdns/misc.hh"
}
+void PowerLDAP::bind( LdapAuthenticator* authenticator )
+{
+ if ( !authenticator->authenticate( d_ld ) )
+ throw LDAPException( "Failed to bind to LDAP server: " + authenticator->getError() );
+}
+
+
void PowerLDAP::bind( const string& ldapbinddn, const string& ldapsecret, int method, int timeout )
{
int msgid;
int PowerLDAP::waitResult( int msgid, int timeout, LDAPMessage** result )
{
try {
- ldapWaitResult( d_ld, msgid, timeout, result );
+ return ldapWaitResult( d_ld, msgid, timeout, result );
}
catch ( LDAPException &e ) {
ensureConnect();
using std::string;
using std::vector;
+class LdapAuthenticator;
+
class PowerLDAP
{
LDAP* d_ld;
void getOption( int option, int* value );
void setOption( int option, int value );
+ void bind( LdapAuthenticator *authenticator );
void bind( const string& ldapbinddn = "", const string& ldapsecret = "", int method = LDAP_AUTH_SIMPLE, int timeout = 5 );
void simpleBind( const string& ldapbinddn = "", const string& ldapsecret = "" );
int search( const string& base, int scope, const string& filter, const char** attr = 0 );
projects / thirdparty / pdns.git / commitdiff
