liquid_feedback_frontend

changeset 1640:15bde6a79d41

find changesets by author, revision, files, or words in the commit message
Added TLS support for ldap
author bsw
date Tue Feb 09 17:40:50 2021 +0100 (2021-02-09)
parents 0f42dbf74270
children ab837b075cf7 45287f1037fb
files env/ldap/bind.lua lib/mldap/mldap.c
line diff
     1.1 --- a/env/ldap/bind.lua	Tue Feb 09 17:40:05 2021 +0100
     1.2 +++ b/env/ldap/bind.lua	Tue Feb 09 17:40:50 2021 +0100
     1.3 @@ -30,6 +30,7 @@
     1.4      local err, errno
     1.5      ldap, err, errno = libldap.bind{
     1.6        uri = host.uri,
     1.7 +      tls = host.tls,
     1.8        timeout = host.timeout,
     1.9        who = dn,
    1.10        password = password

     2.1 --- a/lib/mldap/mldap.c	Tue Feb 09 17:40:05 2021 +0100
     2.2 +++ b/lib/mldap/mldap.c	Tue Feb 09 17:40:50 2021 +0100
     2.3 @@ -151,6 +151,51 @@
     2.4  }
     2.5  
     2.6  
     2.7 +static bool mldap_get_named_boolean_arg(
     2.8 +  // gets a named argument of type "boolean" from a table at the given stack position
     2.9 +
    2.10 +  lua_State *L,             // pointer to lua_State variable
    2.11 +  int idx,                  // stack index of the table containing the named arguments
    2.12 +  const char *argname,      // name of the argument
    2.13 +  int mandatory,            // if not 0, then the argument is mandatory and an error is raised if it isn't found
    2.14 +  bool default_value        // default value to return, if the argument is not mandatory and nil
    2.15 +
    2.16 +  // opposed to 'mldap_get_named_string_arg', this function leaves no element on the stack
    2.17 +) {
    2.18 +
    2.19 +  bool value;  // value to return
    2.20 +
    2.21 +  // pushes the table entry with the given argument name on top of the stack:
    2.22 +  lua_getfield(L, idx, argname);
    2.23 +
    2.24 +  // check, if the entry is nil:
    2.25 +  if (lua_isnil(L, -1)) {
    2.26 +
    2.27 +    // throw error, if named argument is mandatory:
    2.28 +    if (mandatory) return luaL_error(L, "Named argument '%s' missing", argname), 0;
    2.29 +
    2.30 +    // set default value as return value, if named argument is not mandatory:
    2.31 +    value = default_value;
    2.32 +
    2.33 +  } else {
    2.34 +
    2.35 +    // throw error, if the value of the argument is not a number:
    2.36 +    if (lua_type(L, -1) != LUA_TBOOLEAN) return luaL_error(L, "Named argument '%s' is not a boolean", argname), 0;
    2.37 +
    2.38 +    // set return value to the number:
    2.39 +    value = lua_toboolean(L, -1);
    2.40 +
    2.41 +  }
    2.42 +
    2.43 +  // remove unnecessary element from stack (not needed to avoid garbage collection):
    2.44 +  lua_pop(L, 1);
    2.45 +  
    2.46 +  return value;
    2.47 +
    2.48 +  // leaves no new elements on the stack
    2.49 +}
    2.50 +
    2.51 +
    2.52  static int mldap_scope(
    2.53    // converts a string ("base", "onelevel", "subtree", "children") to an integer representing the LDAP scope
    2.54    // and throws an error for any unknown string
    2.55 @@ -183,9 +228,11 @@
    2.56    // "who"      (string)  DN to bind as
    2.57    // "password" (string)  password for DN to bind as
    2.58    // "timeout"  (number)  timeout in seconds
    2.59 +  // "tls"      (boolean) use TLS
    2.60  
    2.61    static const int ldap_version = LDAP_VERSION3;  // providing a pointer (&ldap_version) to set LDAP protocol version 3
    2.62    const char *uri;           // C string for "uri" argument
    2.63 +  bool tls;                  // boolean indicating if TLS is to be used
    2.64    const char *who;           // C string for "who" argument
    2.65    struct berval cred;        // credentials ("password") are stored as struct berval
    2.66    lua_Number timeout_float;  // float (lua_Number) for timeout
    2.67 @@ -201,6 +248,7 @@
    2.68  
    2.69    // extract arguments:
    2.70    uri = mldap_get_named_string_arg(L, 1, "uri", true);
    2.71 +  tls = mldap_get_named_boolean_arg(L, 1, "tls", false, false);
    2.72    who = mldap_get_named_string_arg(L, 1, "who", false);
    2.73    cred.bv_val = (char *)mldap_get_named_string_arg(L, 1, "password", false);
    2.74    // use (char *) cast to suppress compiler warning (should be const anyway)
    2.75 @@ -225,6 +273,12 @@
    2.76    // on error, jump to label "mldap_queryconn_error2", as ldap_unbind_ext_s() must be called:
    2.77    if (ldap_error != LDAP_SUCCESS) goto mldap_queryconn_error2;
    2.78  
    2.79 +  // initiate TLS if requested
    2.80 +  if (tls) {
    2.81 +    ldap_error = ldap_start_tls_s(ldp, NULL, NULL);  
    2.82 +    if (ldap_error != LDAP_SUCCESS) goto mldap_queryconn_error2;
    2.83 +  }
    2.84 +
    2.85    // connect to LDAP server:
    2.86    ldap_error = ldap_sasl_bind_s(
    2.87      ldp,               // pointer to opaque OpenLDAP structure representing the connection

Impressum / About Us