1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77
|
#define BITLBEE_CORE
#define LDAP_DEPRECATED 1
#include "bitlbee.h"
#include <ldap.h>
static storage_status_t ldap_check_pass(const char *nick, const char *password)
{
LDAP *ldap;
LDAPMessage *msg, *entry;
char *dn = NULL;
char *filter;
char *attrs[1] = { NULL };
int ret, count;
if((ret = ldap_initialize(&ldap, NULL)) != LDAP_SUCCESS) {
log_message(LOGLVL_WARNING, "ldap_initialize failed: %s", ldap_err2string(ret));
return STORAGE_OTHER_ERROR;
}
/* First we do an anonymous bind to map uid=$nick to a DN*/
if((ret = ldap_simple_bind_s(ldap, NULL, NULL)) != LDAP_SUCCESS) {
ldap_unbind_s(ldap);
log_message(LOGLVL_WARNING, "Anonymous bind failed: %s", ldap_err2string(ret));
return STORAGE_OTHER_ERROR;
}
/* We search and process the result */
filter = g_strdup_printf("(uid=%s)", nick);
ret = ldap_search_ext_s(ldap, NULL, LDAP_SCOPE_SUBTREE, filter, attrs, 0, NULL, NULL, NULL, 1, &msg);
g_free(filter);
if(ret != LDAP_SUCCESS) {
ldap_unbind_s(ldap);
log_message(LOGLVL_WARNING, "uid search failed: %s", ldap_err2string(ret));
return STORAGE_OTHER_ERROR;
}
count = ldap_count_entries(ldap, msg);
if (count == -1) {
ldap_get_option(ldap, LDAP_OPT_ERROR_NUMBER, &ret);
ldap_msgfree(msg);
ldap_unbind_s(ldap);
log_message(LOGLVL_WARNING, "uid search failed: %s", ldap_err2string(ret));
return STORAGE_OTHER_ERROR;
}
if (!count) {
ldap_msgfree(msg);
ldap_unbind_s(ldap);
return STORAGE_NO_SUCH_USER;
}
entry = ldap_first_entry(ldap, msg);
dn = ldap_get_dn(ldap, entry);
ldap_msgfree(msg);
/* And now we bind as the user to authenticate */
ret = ldap_simple_bind_s(ldap, dn, password);
g_free(dn);
ldap_unbind_s(ldap);
switch (ret) {
case LDAP_SUCCESS:
return STORAGE_OK;
case LDAP_INVALID_CREDENTIALS:
return STORAGE_INVALID_PASSWORD;
default:
log_message(LOGLVL_WARNING, "Authenticated bind failed: %s", ldap_err2string(ret));
return STORAGE_OTHER_ERROR;
}
}
auth_backend_t auth_ldap = {
.name = "ldap",
.check_pass = ldap_check_pass,
};
|