mirror of
https://gitlab.xiph.org/xiph/icecast-server.git
synced 2024-12-04 14:46:30 -05:00
Feature: Added support for LDAP auth.
This adds a type="ldap" to the <role> tag allowing for users to be authenticated against a LDAP database.
This commit is contained in:
parent
785c32bfc5
commit
cc597be97f
@ -35,6 +35,7 @@ AC_HEADER_TIME
|
||||
|
||||
AC_CHECK_HEADERS([alloca.h sys/timeb.h])
|
||||
AC_CHECK_HEADERS([pwd.h unistd.h grp.h sys/types.h],,,AC_INCLUDES_DEFAULT)
|
||||
AC_CHECK_HEADERS([ldap.h],ICECAST_OPTIONAL="$ICECAST_OPTIONAL auth_ldap.o")
|
||||
AC_CHECK_FUNCS([setuid])
|
||||
AC_CHECK_FUNCS([chroot])
|
||||
AC_CHECK_FUNCS([chown])
|
||||
|
@ -12,7 +12,7 @@ noinst_HEADERS = admin.h cfgfile.h logging.h sighandler.h connection.h \
|
||||
global.h util.h slave.h source.h stats.h refbuf.h client.h \
|
||||
compat.h fserve.h xslt.h yp.h md5.h \
|
||||
event.h event_log.h event_exec.h event_url.h \
|
||||
acl.h auth.h auth_htpasswd.h auth_url.h auth_anonymous.h auth_static.h \
|
||||
acl.h auth.h auth_htpasswd.h auth_ldap.h auth_url.h auth_anonymous.h auth_static.h \
|
||||
format.h format_ogg.h format_mp3.h format_ebml.h \
|
||||
format_vorbis.h format_theora.h format_flac.h format_speex.h format_midi.h \
|
||||
format_kate.h format_skeleton.h format_opus.h
|
||||
@ -24,7 +24,7 @@ icecast_SOURCES = cfgfile.c main.c logging.c sighandler.c connection.c global.c
|
||||
event.c event_log.c event_exec.c \
|
||||
acl.c auth.c auth_htpasswd.c auth_anonymous.c auth_static.c
|
||||
EXTRA_icecast_SOURCES = yp.c \
|
||||
auth_url.c event_url.c \
|
||||
auth_ldap.c auth_url.c event_url.c \
|
||||
format_vorbis.c format_theora.c format_speex.c
|
||||
|
||||
icecast_DEPENDENCIES = @ICECAST_OPTIONAL@ common/net/libicenet.la common/thread/libicethread.la \
|
||||
|
@ -29,6 +29,7 @@
|
||||
#include "auth_url.h"
|
||||
#include "auth_anonymous.h"
|
||||
#include "auth_static.h"
|
||||
#include "auth_ldap.h"
|
||||
#include "source.h"
|
||||
#include "client.h"
|
||||
#include "cfgfile.h"
|
||||
@ -425,6 +426,10 @@ static int get_authenticator (auth_t *auth, config_options_t *options)
|
||||
if (auth_get_static_auth(auth, options) < 0)
|
||||
return -1;
|
||||
break;
|
||||
} else if (strcmp(auth->type, AUTH_TYPE_LDAP) == 0) {
|
||||
if (auth_get_ldap_auth(auth, options) < 0)
|
||||
return -1;
|
||||
break;
|
||||
}
|
||||
|
||||
ICECAST_LOG_ERROR("Unrecognised authenticator type: \"%s\"", auth->type);
|
||||
|
@ -34,6 +34,7 @@ struct auth_tag;
|
||||
#define AUTH_TYPE_LEGACY_PASSWORD "legacy-password"
|
||||
#define AUTH_TYPE_URL "url"
|
||||
#define AUTH_TYPE_HTPASSWD "htpasswd"
|
||||
#define AUTH_TYPE_LDAP "ldap"
|
||||
|
||||
typedef enum
|
||||
{
|
||||
|
113
src/auth_ldap.c
Normal file
113
src/auth_ldap.c
Normal file
@ -0,0 +1,113 @@
|
||||
/* Icecast
|
||||
*
|
||||
* This program is distributed under the GNU General Public License, version 2.
|
||||
* A copy of this license is included with this source.
|
||||
*
|
||||
* Copyright 2014, Philipp "ph3-der-loewe" Schafft <lion@lion.leolix.org>,
|
||||
*/
|
||||
|
||||
/**
|
||||
* Client authentication functions
|
||||
*/
|
||||
|
||||
#ifdef HAVE_CONFIG_H
|
||||
#include <config.h>
|
||||
#endif
|
||||
|
||||
/* for strcmp() and strdup() */
|
||||
#include <string.h>
|
||||
|
||||
#include <ldap.h>
|
||||
|
||||
#include "auth.h"
|
||||
#include "client.h"
|
||||
|
||||
#include "logging.h"
|
||||
#define CATMODULE "auth_ldap"
|
||||
|
||||
typedef struct auth_ldap {
|
||||
char *uri;
|
||||
char *userprefix;
|
||||
char *usersuffix;
|
||||
} auth_ldap_t;
|
||||
|
||||
static auth_result ldap_auth (auth_client *auth_user) {
|
||||
unsigned long version = LDAP_VERSION3;
|
||||
client_t *client = auth_user->client;
|
||||
auth_t *auth = client->auth;
|
||||
auth_ldap_t *auth_info = auth->state;
|
||||
LDAP *ld;
|
||||
struct berval cred;
|
||||
int err;
|
||||
size_t userlen;
|
||||
char *user;
|
||||
|
||||
if (!client->username || !client->password)
|
||||
return AUTH_NOMATCH;
|
||||
|
||||
userlen = strlen(auth_info->userprefix) + strlen(auth_info->usersuffix) + strlen(client->username) + 1;
|
||||
user = malloc(userlen);
|
||||
if (!user)
|
||||
return AUTH_FAILED;
|
||||
|
||||
snprintf(user, userlen, "%s%s%s", auth_info->userprefix, client->username, auth_info->usersuffix);
|
||||
|
||||
cred.bv_val = client->password;
|
||||
cred.bv_len = strlen(client->password);
|
||||
|
||||
if (ldap_initialize(&ld, auth_info->uri) != LDAP_SUCCESS)
|
||||
return AUTH_FAILED;
|
||||
|
||||
ldap_set_option(ld, LDAP_OPT_PROTOCOL_VERSION, (void*)&version);
|
||||
|
||||
err = ldap_sasl_bind_s(ld, user, LDAP_SASL_SIMPLE, &cred, NULL, NULL, NULL);
|
||||
free(user);
|
||||
|
||||
ldap_unbind_ext_s(ld, NULL, NULL);
|
||||
|
||||
if (err == LDAP_SUCCESS)
|
||||
return AUTH_OK;
|
||||
return AUTH_FAILED;
|
||||
}
|
||||
|
||||
static void clear_auth (auth_t *auth) {
|
||||
auth_ldap_t *auth_info = auth->state;
|
||||
if (auth_info->uri) free(auth_info->uri);
|
||||
free(auth_info->userprefix);
|
||||
free(auth_info->usersuffix);
|
||||
free(auth_info);
|
||||
auth->state = NULL;
|
||||
}
|
||||
|
||||
int auth_get_ldap_auth (auth_t *authenticator, config_options_t *options) {
|
||||
auth_ldap_t *auth_info;
|
||||
|
||||
auth_info = calloc(1, sizeof(auth_ldap_t));
|
||||
if (!auth_info)
|
||||
return -1;
|
||||
|
||||
authenticator->authenticate_client = ldap_auth;
|
||||
authenticator->free = clear_auth;
|
||||
authenticator->state = auth_info;
|
||||
|
||||
while (options) {
|
||||
if (strcmp(options->name, "uri") == 0) {
|
||||
if (auth_info->uri) free(auth_info->uri);
|
||||
auth_info->uri = strdup(options->value);
|
||||
} else if (strcmp(options->name, "userprefix") == 0) {
|
||||
if (auth_info->userprefix) free(auth_info->userprefix);
|
||||
auth_info->userprefix = strdup(options->value);
|
||||
} else if (strcmp(options->name, "usersuffix") == 0) {
|
||||
if (auth_info->usersuffix) free(auth_info->usersuffix);
|
||||
auth_info->usersuffix = strdup(options->value);
|
||||
} else {
|
||||
ICECAST_LOG_ERROR("Unknown option: %s", options->name);
|
||||
}
|
||||
options = options->next;
|
||||
}
|
||||
|
||||
if (!auth_info->userprefix) auth_info->userprefix = strdup("");
|
||||
if (!auth_info->usersuffix) auth_info->usersuffix = strdup("");
|
||||
|
||||
return 0;
|
||||
}
|
24
src/auth_ldap.h
Normal file
24
src/auth_ldap.h
Normal file
@ -0,0 +1,24 @@
|
||||
/* Icecast
|
||||
*
|
||||
* This program is distributed under the GNU General Public License, version 2.
|
||||
* A copy of this license is included with this source.
|
||||
*
|
||||
* Copyright 2000-2004, Jack Moffitt <jack@xiph.org,
|
||||
* Michael Smith <msmith@xiph.org>,
|
||||
* oddsock <oddsock@xiph.org>,
|
||||
* Karl Heyes <karl@xiph.org>
|
||||
* and others (see AUTHORS for details).
|
||||
*/
|
||||
|
||||
#ifndef __AUTH_LDAP_H__
|
||||
#define __AUTH_LDAP_H__
|
||||
|
||||
#ifdef HAVE_CONFIG_H
|
||||
#include <config.h>
|
||||
#endif
|
||||
|
||||
int auth_get_ldap_auth(auth_t *auth, config_options_t *options);
|
||||
|
||||
#endif
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user