git:janakj/ldap: ldap digest-md5 authentication support added - sr-dev

12 Feb 2009

Module: sip-router
Branch: janakj/ldap
Commit: 475e846da568742c555a629a622fa0a75ae9e5f8
URL:    http://git.sip-router.org/cgi-bin/gitweb.cgi/sip-router/?a=commit;h=475e846d...
Author: Gergely Kovacs gergo@iptel.org
Committer: Gergely Kovacs gergo@iptel.org
Date:   Thu Jun 26 12:45:50 2008 +0000
ldap digest-md5 authentication support added
---
modules/db_ldap/ld_cfg.c |   19 ++++++++++--
 modules/db_ldap/ld_cfg.h |    1 +
 modules/db_ldap/ld_con.c |   72 +++++++++++++++++++++++++++++++++++++++++++--
 modules/db_ldap/ld_uri.c |    2 +
 modules/db_ldap/ld_uri.h |   18 +++++++++--
 5 files changed, 102 insertions(+), 10 deletions(-)

diff --git a/modules/db_ldap/ld_cfg.c b/modules/db_ldap/ld_cfg.c
index 49ae339..642c0b3 100644
--- a/modules/db_ldap/ld_cfg.c
+++ b/modules/db_ldap/ld_cfg.c
@@ -24,6 +24,7 @@
#include "ld_cfg.h"
 #include "ld_mod.h"
+#include "ld_uri.h"
#include "../../cfg_parser.h"
 #include "../../mem/mem.h"
@@ -43,7 +44,6 @@ enum section_type {
    LDAP_TABLE_SECTION
 };
-
 static struct ld_cfg* cfg = NULL;
static struct ld_con_info* con = NULL;
@@ -258,11 +258,21 @@ static cfg_option_t ldap_tab_options[] = {
 };
+static cfg_option_t auth_values[] = {
+	{"none",       .val = LDAP_AUTHMECH_NONE},
+	{"simple",     .val = LDAP_AUTHMECH_SIMPLE},
+	{"digest-md5", .val = LDAP_AUTHMECH_DIGESTMD5},
+	{"external",   .val = LDAP_AUTHMECH_EXTERNAL},
+	{0}
+};
+
+
 static cfg_option_t ldap_con_options[] = {
-	{"host", .f = cfg_parse_str_opt, .flags = CFG_STR_PKGMEM},
-	{"port", .f = cfg_parse_int_opt},
+	{"host",     .f = cfg_parse_str_opt, .flags = CFG_STR_PKGMEM},
+	{"port",     .f = cfg_parse_int_opt},
    {"username", .f = cfg_parse_str_opt, .flags = CFG_STR_PKGMEM},
    {"password", .f = cfg_parse_str_opt, .flags = CFG_STR_PKGMEM},
+	{"authtype", .param = auth_values, .f = cfg_parse_enum_opt},
    {0}
 };
@@ -329,6 +339,9 @@ static int parse_section(void* param, cfg_parser_t* st, unsigned int flags)
    	ldap_con_options[1].param = &con->port;
    	ldap_con_options[2].param = &con->username;
    	ldap_con_options[3].param = &con->password;
+		for(i = 0; auth_values[i].name; i++) {
+			auth_values[i].param = &con->authmech;
+		}
    } else {
    	BUG("%s:%d:%d: Unsupported section type %c\n",
    		st->file, t.start.line, t.start.col, t.type);
diff --git a/modules/db_ldap/ld_cfg.h b/modules/db_ldap/ld_cfg.h
index aaf7334..1a36ee4 100644
--- a/modules/db_ldap/ld_cfg.h
+++ b/modules/db_ldap/ld_cfg.h
@@ -48,6 +48,7 @@ struct ld_con_info {
    unsigned int port;
    str username;
    str password;
+	int authmech;
    struct ld_con_info* next;
 };
diff --git a/modules/db_ldap/ld_con.c b/modules/db_ldap/ld_con.c
index 21df896..103f1bb 100644
--- a/modules/db_ldap/ld_con.c
+++ b/modules/db_ldap/ld_con.c
@@ -1,5 +1,5 @@
-/* 
- * $Id$ 
+/*
+ * $Id$
  *
  * LDAP Database Driver for SER
  *
@@ -18,7 +18,7 @@
  * details.
  *
  * You should have received a copy of the GNU General Public License along
- * with this program; if not, write to the Free Software Foundation, Inc., 
+ * with this program; if not, write to the Free Software Foundation, Inc.,
  * 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA.
  */
@@ -43,6 +43,7 @@
 #include <stdlib.h>
 #include <string.h>
+#include <sasl/sasl.h>
/** Free all memory allocated for a ld_con structure.
  * This function function frees all memory that is in use by
@@ -124,6 +125,52 @@ int ld_con(db_con_t* con)
 }
+int lutil_sasl_interact(
+	LDAP *ld,
+	unsigned flags,
+	void *defaults,
+	void *in )
+{
+	sasl_interact_t *interact = in;
+	const char *dflt = interact->defresult;
+
+
+	if (ld == NULL)
+		return LDAP_PARAM_ERROR;
+
+	while (interact->id != SASL_CB_LIST_END) {
+		switch( interact->id ) {
+			// the username to authenticate
+			case SASL_CB_AUTHNAME:
+				if (defaults)
+					dflt = ((struct ld_uri*)defaults)->username;
+				break;
+			// the password for the provided username
+			case SASL_CB_PASS:
+				if (defaults)
+					dflt = ((struct ld_uri*)defaults)->password;
+				break;
+			// the realm for the authentication attempt
+			case SASL_CB_GETREALM:
+			// the username to use for proxy authorization
+			case SASL_CB_USER:
+			// generic prompt for input with input echoing disabled
+			case SASL_CB_NOECHOPROMPT:
+			// generic prompt for input with input echoing enabled
+			case SASL_CB_ECHOPROMPT:
+				break;
+		}
+
+		interact->result = (dflt && *dflt) ? dflt : "";
+		interact->len = strlen(interact->result);
+
+		interact++;
+	}
+
+	return LDAP_SUCCESS;
+}
+
+
 int ld_con_connect(db_con_t* con)
 {
    struct ld_con* lcon;
@@ -160,7 +207,24 @@ int ld_con_connect(db_con_t* con)
    	goto error;
    }
-	ret = ldap_simple_bind_s(lcon->con, luri->username, luri->password);
+	switch (luri->authmech) {
+		case LDAP_AUTHMECH_NONE:
+			ret = ldap_simple_bind_s(lcon->con, NULL, NULL);
+			break;
+		case LDAP_AUTHMECH_SIMPLE:
+			ret = ldap_simple_bind_s(lcon->con, luri->username, luri->password);
+			break;
+		case LDAP_AUTHMECH_DIGESTMD5:
+			ret = ldap_sasl_interactive_bind_s( lcon->con, NULL,
+					LDAP_MECHANISM_STR_DIGESTMD5, NULL, NULL,
+					0, lutil_sasl_interact, luri );
+			break;
+		case LDAP_AUTHMECH_EXTERNAL:
+		default:
+			ret = !LDAP_SUCCESS;
+			break;
+	}
+
    if (ret != LDAP_SUCCESS) {
    	ERR("ldap: Bind to %s failed: %s\n",
    		luri->uri, ldap_err2string(ret));
diff --git a/modules/db_ldap/ld_uri.c b/modules/db_ldap/ld_uri.c
index d95807f..5476e51 100644
--- a/modules/db_ldap/ld_uri.c
+++ b/modules/db_ldap/ld_uri.c
@@ -284,6 +284,8 @@ int parse_ldap_uri(struct ld_uri* res, str* scheme, str* uri)
    		}
    	}
+		res->authmech = cfg_conn_info->authmech;
+
    	break;
    default:
    	goto err;
diff --git a/modules/db_ldap/ld_uri.h b/modules/db_ldap/ld_uri.h
index f125767..27bfa15 100644
--- a/modules/db_ldap/ld_uri.h
+++ b/modules/db_ldap/ld_uri.h
@@ -1,5 +1,5 @@
-/* 
- * $Id$ 
+/*
+ * $Id$
  *
  * LDAP Database Driver for SER
  *
@@ -18,7 +18,7 @@
  * details.
  *
  * You should have received a copy of the GNU General Public License along
- * with this program; if not, write to the Free Software Foundation, Inc., 
+ * with this program; if not, write to the Free Software Foundation, Inc.,
  * 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA.
  */
@@ -38,6 +38,17 @@
#include <ldap.h>
+enum auth_type {
+	LDAP_AUTHMECH_NONE = 0,
+	LDAP_AUTHMECH_SIMPLE,
+	LDAP_AUTHMECH_DIGESTMD5,
+	LDAP_AUTHMECH_EXTERNAL
+};
+
+#define LDAP_MECHANISM_STR_DIGESTMD5 "digest-md5"
+#define LDAP_MECHANISM_STR_EXTERNAL "external"
+
+
/** LDAP driver specific payload to attach to db_uri structures.
  * This is the LDAP specific structure that will be attached
@@ -49,6 +60,7 @@ struct ld_uri {
    char* username;
    char* password;
    char* uri;             /**< The whole URI, including scheme */
+	int authmech;
    LDAPURLDesc* ldap_url; /**< URI parsed by the ldap client library */
 };

    