1
0
mirror of https://gitlab.xiph.org/xiph/icecast-server.git synced 2024-12-04 14:46:30 -05:00

Feature: Added support for LDAP auth.

This adds a type="ldap" to the <role> tag allowing for users
to be authenticated against a LDAP database.
This commit is contained in:
Philipp Schafft 2014-12-26 21:48:32 +00:00
parent 785c32bfc5
commit cc597be97f
6 changed files with 146 additions and 2 deletions

View File

@ -35,6 +35,7 @@ AC_HEADER_TIME
AC_CHECK_HEADERS([alloca.h sys/timeb.h])
AC_CHECK_HEADERS([pwd.h unistd.h grp.h sys/types.h],,,AC_INCLUDES_DEFAULT)
AC_CHECK_HEADERS([ldap.h],ICECAST_OPTIONAL="$ICECAST_OPTIONAL auth_ldap.o")
AC_CHECK_FUNCS([setuid])
AC_CHECK_FUNCS([chroot])
AC_CHECK_FUNCS([chown])

View File

@ -12,7 +12,7 @@ noinst_HEADERS = admin.h cfgfile.h logging.h sighandler.h connection.h \
global.h util.h slave.h source.h stats.h refbuf.h client.h \
compat.h fserve.h xslt.h yp.h md5.h \
event.h event_log.h event_exec.h event_url.h \
acl.h auth.h auth_htpasswd.h auth_url.h auth_anonymous.h auth_static.h \
acl.h auth.h auth_htpasswd.h auth_ldap.h auth_url.h auth_anonymous.h auth_static.h \
format.h format_ogg.h format_mp3.h format_ebml.h \
format_vorbis.h format_theora.h format_flac.h format_speex.h format_midi.h \
format_kate.h format_skeleton.h format_opus.h
@ -24,7 +24,7 @@ icecast_SOURCES = cfgfile.c main.c logging.c sighandler.c connection.c global.c
event.c event_log.c event_exec.c \
acl.c auth.c auth_htpasswd.c auth_anonymous.c auth_static.c
EXTRA_icecast_SOURCES = yp.c \
auth_url.c event_url.c \
auth_ldap.c auth_url.c event_url.c \
format_vorbis.c format_theora.c format_speex.c
icecast_DEPENDENCIES = @ICECAST_OPTIONAL@ common/net/libicenet.la common/thread/libicethread.la \

View File

@ -29,6 +29,7 @@
#include "auth_url.h"
#include "auth_anonymous.h"
#include "auth_static.h"
#include "auth_ldap.h"
#include "source.h"
#include "client.h"
#include "cfgfile.h"
@ -425,6 +426,10 @@ static int get_authenticator (auth_t *auth, config_options_t *options)
if (auth_get_static_auth(auth, options) < 0)
return -1;
break;
} else if (strcmp(auth->type, AUTH_TYPE_LDAP) == 0) {
if (auth_get_ldap_auth(auth, options) < 0)
return -1;
break;
}
ICECAST_LOG_ERROR("Unrecognised authenticator type: \"%s\"", auth->type);

View File

@ -34,6 +34,7 @@ struct auth_tag;
#define AUTH_TYPE_LEGACY_PASSWORD "legacy-password"
#define AUTH_TYPE_URL "url"
#define AUTH_TYPE_HTPASSWD "htpasswd"
#define AUTH_TYPE_LDAP "ldap"
typedef enum
{

113
src/auth_ldap.c Normal file
View File

@ -0,0 +1,113 @@
/* Icecast
*
* This program is distributed under the GNU General Public License, version 2.
* A copy of this license is included with this source.
*
* Copyright 2014, Philipp "ph3-der-loewe" Schafft <lion@lion.leolix.org>,
*/
/**
* Client authentication functions
*/
#ifdef HAVE_CONFIG_H
#include <config.h>
#endif
/* for strcmp() and strdup() */
#include <string.h>
#include <ldap.h>
#include "auth.h"
#include "client.h"
#include "logging.h"
#define CATMODULE "auth_ldap"
typedef struct auth_ldap {
char *uri;
char *userprefix;
char *usersuffix;
} auth_ldap_t;
static auth_result ldap_auth (auth_client *auth_user) {
unsigned long version = LDAP_VERSION3;
client_t *client = auth_user->client;
auth_t *auth = client->auth;
auth_ldap_t *auth_info = auth->state;
LDAP *ld;
struct berval cred;
int err;
size_t userlen;
char *user;
if (!client->username || !client->password)
return AUTH_NOMATCH;
userlen = strlen(auth_info->userprefix) + strlen(auth_info->usersuffix) + strlen(client->username) + 1;
user = malloc(userlen);
if (!user)
return AUTH_FAILED;
snprintf(user, userlen, "%s%s%s", auth_info->userprefix, client->username, auth_info->usersuffix);
cred.bv_val = client->password;
cred.bv_len = strlen(client->password);
if (ldap_initialize(&ld, auth_info->uri) != LDAP_SUCCESS)
return AUTH_FAILED;
ldap_set_option(ld, LDAP_OPT_PROTOCOL_VERSION, (void*)&version);
err = ldap_sasl_bind_s(ld, user, LDAP_SASL_SIMPLE, &cred, NULL, NULL, NULL);
free(user);
ldap_unbind_ext_s(ld, NULL, NULL);
if (err == LDAP_SUCCESS)
return AUTH_OK;
return AUTH_FAILED;
}
static void clear_auth (auth_t *auth) {
auth_ldap_t *auth_info = auth->state;
if (auth_info->uri) free(auth_info->uri);
free(auth_info->userprefix);
free(auth_info->usersuffix);
free(auth_info);
auth->state = NULL;
}
int auth_get_ldap_auth (auth_t *authenticator, config_options_t *options) {
auth_ldap_t *auth_info;
auth_info = calloc(1, sizeof(auth_ldap_t));
if (!auth_info)
return -1;
authenticator->authenticate_client = ldap_auth;
authenticator->free = clear_auth;
authenticator->state = auth_info;
while (options) {
if (strcmp(options->name, "uri") == 0) {
if (auth_info->uri) free(auth_info->uri);
auth_info->uri = strdup(options->value);
} else if (strcmp(options->name, "userprefix") == 0) {
if (auth_info->userprefix) free(auth_info->userprefix);
auth_info->userprefix = strdup(options->value);
} else if (strcmp(options->name, "usersuffix") == 0) {
if (auth_info->usersuffix) free(auth_info->usersuffix);
auth_info->usersuffix = strdup(options->value);
} else {
ICECAST_LOG_ERROR("Unknown option: %s", options->name);
}
options = options->next;
}
if (!auth_info->userprefix) auth_info->userprefix = strdup("");
if (!auth_info->usersuffix) auth_info->usersuffix = strdup("");
return 0;
}

24
src/auth_ldap.h Normal file
View File

@ -0,0 +1,24 @@
/* Icecast
*
* This program is distributed under the GNU General Public License, version 2.
* A copy of this license is included with this source.
*
* Copyright 2000-2004, Jack Moffitt <jack@xiph.org,
* Michael Smith <msmith@xiph.org>,
* oddsock <oddsock@xiph.org>,
* Karl Heyes <karl@xiph.org>
* and others (see AUTHORS for details).
*/
#ifndef __AUTH_LDAP_H__
#define __AUTH_LDAP_H__
#ifdef HAVE_CONFIG_H
#include <config.h>
#endif
int auth_get_ldap_auth(auth_t *auth, config_options_t *options);
#endif