diff options
-rw-r--r-- | main.go | 111 |
1 files changed, 65 insertions, 46 deletions
@@ -58,26 +58,12 @@ func parseConsulResult(data []*consul.KVPair) (map[string]Entry, error) { if _, exists := aggregator[dn]; !exists { aggregator[dn] = Entry{} } - var value interface{} + var value []string err := json.Unmarshal(val, &value) if err != nil { return nil, err } - if vlist, ok := value.([]interface{}); ok { - vlist2 := []string{} - for _, v := range vlist { - if vstr, ok := v.(string); ok { - vlist2 = append(vlist2, vstr) - } else { - return nil, fmt.Errorf("Not a string: %#v", v) - } - } - aggregator[dn][attr] = vlist2 - } else if vstr, ok := value.(string); ok { - aggregator[dn][attr] = vstr - } else { - return nil, fmt.Errorf("Not a string or a list of strings: %#v", value) - } + aggregator[dn][attr] = value } return aggregator, nil @@ -119,7 +105,7 @@ type State struct { bindDn string } -type Entry map[string]interface{} +type Entry map[string][]string func main() { //ldap logger @@ -152,6 +138,7 @@ func main() { routes := ldap.NewRouteMux() routes.Bind(gobottin.handleBind) routes.Search(gobottin.handleSearch) + routes.Add(gobottin.handleAdd) ldapserver.Handle(routes) // listen on 10389 @@ -179,13 +166,13 @@ func (server *Server) init() error { base_attributes := Entry{ "objectClass": []string{"top", "dcObject", "organization"}, - "structuralObjectClass": "Organization", + "structuralObjectClass": []string{"Organization"}, } suffix_dn, err := parseDN(server.config.Suffix) if err != nil { return err } - base_attributes[suffix_dn[0].Type] = suffix_dn[0].Value + base_attributes[suffix_dn[0].Type] = []string{suffix_dn[0].Value} err = server.addElements(server.config.Suffix, base_attributes) if err != nil { @@ -200,10 +187,10 @@ func (server *Server) init() error { admin_dn := "cn=admin," + server.config.Suffix admin_attributes := Entry{ "objectClass": []string{"simpleSecurityObject", "organizationalRole"}, - "description": "LDAP administrator", - "cn": "admin", - "userpassword": admin_pass_hash, - "structuralObjectClass": "organizationalRole", + "description": []string{"LDAP administrator"}, + "cn": []string{"admin"}, + "userpassword": []string{admin_pass_hash}, + "structuralObjectClass": []string{"organizationalRole"}, "permissions": []string{"read", "write"}, } @@ -241,7 +228,7 @@ func (server *Server) handleBind(s ldap.UserState, w ldap.ResponseWriter, m *lda state := s.(*State) r := m.GetBindRequest() - result_code, err := server.handleBindInternal(state, w, &r) + result_code, err := server.handleBindInternal(state, &r) res := ldap.NewBindResponse(result_code) if err != nil { @@ -251,7 +238,7 @@ func (server *Server) handleBind(s ldap.UserState, w ldap.ResponseWriter, m *lda w.Write(res) } -func (server *Server) handleBindInternal(state *State, w ldap.ResponseWriter, r *message.BindRequest) (int, error) { +func (server *Server) handleBindInternal(state *State, r *message.BindRequest) (int, error) { pair, _, err := server.kv.Get(dnToConsul(string(r.Name()))+"/attribute=userpassword", nil) if err != nil { @@ -340,16 +327,9 @@ func (server *Server) handleSearchInternal(state *State, w ldap.ResponseWriter, } } // Send result - if val_str, ok := val.(string); ok { + for _, v := range val { e.AddAttribute(message.AttributeDescription(attr), - message.AttributeValue(val_str)) - } else if val_strlist, ok := val.([]string); ok { - for _, v := range val_strlist { - e.AddAttribute(message.AttributeDescription(attr), - message.AttributeValue(v)) - } - } else { - panic(fmt.Sprintf("Invalid value: %#v", val)) + message.AttributeValue(v)) } } w.Write(e) @@ -402,20 +382,12 @@ func applyFilter(entry Entry, filter message.Filter) (bool, error) { // Case insensitive attribute search for entry_desc, value := range entry { if strings.EqualFold(entry_desc, desc) { - if vstr, ok := value.(string); ok { - // If we have one value for the key, match exactly - return vstr == target, nil - } else if vlist, ok := value.([]string); ok { - // If we have several values for the key, one must match - for _, val := range vlist { - if val == target { - return true, nil - } + for _, val := range value { + if val == target { + return true, nil } - return false, nil - } else { - panic(fmt.Sprintf("Invalid value: %#v", value)) } + return false, nil } } return false, nil @@ -423,3 +395,50 @@ func applyFilter(entry Entry, filter message.Filter) (bool, error) { return false, fmt.Errorf("Unsupported filter: %#v %T", filter, filter) } } + +func (server *Server) handleAdd(s ldap.UserState, w ldap.ResponseWriter, m *ldap.Message) { + state := s.(*State) + r := m.GetAddRequest() + + code, err := server.handleAddInternal(state, &r) + + res := ldap.NewResponse(code) + if err != nil { + res.SetDiagnosticMessage(err.Error()) + } + w.Write(message.AddResponse(res)) +} + +func (server *Server) handleAddInternal(state *State, r *message.AddRequest) (int, error) { + dn := string(r.Entry()) + + prefix := dnToConsul(dn) + "/" + + data, _, err := server.kv.List(prefix, nil) + if err != nil { + return ldap.LDAPResultOperationsError, err + } + if len(data) > 0 { + return ldap.LDAPResultEntryAlreadyExists, nil + } + + // TODO check permissions + + entry := Entry{} + for _, attribute := range r.Attributes() { + key := string(attribute.Type_()) + vals_str := []string{} + for _, val := range attribute.Vals() { + vals_str = append(vals_str, string(val)) + } + entry[key] = vals_str + } + + err = server.addElements(dn, entry) + if err != nil { + return ldap.LDAPResultOperationsError, err + } + + return ldap.LDAPResultSuccess, nil +} + |