Use only []string for values, implement add

This commit is contained in:
Alex 2020-01-19 18:24:21 +01:00
parent 131297a33f
commit 2bfb6b4ced

103
main.go
View file

@ -58,26 +58,12 @@ func parseConsulResult(data []*consul.KVPair) (map[string]Entry, error) {
if _, exists := aggregator[dn]; !exists {
aggregator[dn] = Entry{}
}
var value interface{}
var value []string
err := json.Unmarshal(val, &value)
if err != nil {
return nil, err
}
if vlist, ok := value.([]interface{}); ok {
vlist2 := []string{}
for _, v := range vlist {
if vstr, ok := v.(string); ok {
vlist2 = append(vlist2, vstr)
} else {
return nil, fmt.Errorf("Not a string: %#v", v)
}
}
aggregator[dn][attr] = vlist2
} else if vstr, ok := value.(string); ok {
aggregator[dn][attr] = vstr
} else {
return nil, fmt.Errorf("Not a string or a list of strings: %#v", value)
}
aggregator[dn][attr] = value
}
return aggregator, nil
@ -119,7 +105,7 @@ type State struct {
bindDn string
}
type Entry map[string]interface{}
type Entry map[string][]string
func main() {
//ldap logger
@ -152,6 +138,7 @@ func main() {
routes := ldap.NewRouteMux()
routes.Bind(gobottin.handleBind)
routes.Search(gobottin.handleSearch)
routes.Add(gobottin.handleAdd)
ldapserver.Handle(routes)
// listen on 10389
@ -179,13 +166,13 @@ func (server *Server) init() error {
base_attributes := Entry{
"objectClass": []string{"top", "dcObject", "organization"},
"structuralObjectClass": "Organization",
"structuralObjectClass": []string{"Organization"},
}
suffix_dn, err := parseDN(server.config.Suffix)
if err != nil {
return err
}
base_attributes[suffix_dn[0].Type] = suffix_dn[0].Value
base_attributes[suffix_dn[0].Type] = []string{suffix_dn[0].Value}
err = server.addElements(server.config.Suffix, base_attributes)
if err != nil {
@ -200,10 +187,10 @@ func (server *Server) init() error {
admin_dn := "cn=admin," + server.config.Suffix
admin_attributes := Entry{
"objectClass": []string{"simpleSecurityObject", "organizationalRole"},
"description": "LDAP administrator",
"cn": "admin",
"userpassword": admin_pass_hash,
"structuralObjectClass": "organizationalRole",
"description": []string{"LDAP administrator"},
"cn": []string{"admin"},
"userpassword": []string{admin_pass_hash},
"structuralObjectClass": []string{"organizationalRole"},
"permissions": []string{"read", "write"},
}
@ -241,7 +228,7 @@ func (server *Server) handleBind(s ldap.UserState, w ldap.ResponseWriter, m *lda
state := s.(*State)
r := m.GetBindRequest()
result_code, err := server.handleBindInternal(state, w, &r)
result_code, err := server.handleBindInternal(state, &r)
res := ldap.NewBindResponse(result_code)
if err != nil {
@ -251,7 +238,7 @@ func (server *Server) handleBind(s ldap.UserState, w ldap.ResponseWriter, m *lda
w.Write(res)
}
func (server *Server) handleBindInternal(state *State, w ldap.ResponseWriter, r *message.BindRequest) (int, error) {
func (server *Server) handleBindInternal(state *State, r *message.BindRequest) (int, error) {
pair, _, err := server.kv.Get(dnToConsul(string(r.Name()))+"/attribute=userpassword", nil)
if err != nil {
@ -340,17 +327,10 @@ func (server *Server) handleSearchInternal(state *State, w ldap.ResponseWriter,
}
}
// Send result
if val_str, ok := val.(string); ok {
e.AddAttribute(message.AttributeDescription(attr),
message.AttributeValue(val_str))
} else if val_strlist, ok := val.([]string); ok {
for _, v := range val_strlist {
for _, v := range val {
e.AddAttribute(message.AttributeDescription(attr),
message.AttributeValue(v))
}
} else {
panic(fmt.Sprintf("Invalid value: %#v", val))
}
}
w.Write(e)
}
@ -402,20 +382,12 @@ func applyFilter(entry Entry, filter message.Filter) (bool, error) {
// Case insensitive attribute search
for entry_desc, value := range entry {
if strings.EqualFold(entry_desc, desc) {
if vstr, ok := value.(string); ok {
// If we have one value for the key, match exactly
return vstr == target, nil
} else if vlist, ok := value.([]string); ok {
// If we have several values for the key, one must match
for _, val := range vlist {
for _, val := range value {
if val == target {
return true, nil
}
}
return false, nil
} else {
panic(fmt.Sprintf("Invalid value: %#v", value))
}
}
}
return false, nil
@ -423,3 +395,50 @@ func applyFilter(entry Entry, filter message.Filter) (bool, error) {
return false, fmt.Errorf("Unsupported filter: %#v %T", filter, filter)
}
}
func (server *Server) handleAdd(s ldap.UserState, w ldap.ResponseWriter, m *ldap.Message) {
state := s.(*State)
r := m.GetAddRequest()
code, err := server.handleAddInternal(state, &r)
res := ldap.NewResponse(code)
if err != nil {
res.SetDiagnosticMessage(err.Error())
}
w.Write(message.AddResponse(res))
}
func (server *Server) handleAddInternal(state *State, r *message.AddRequest) (int, error) {
dn := string(r.Entry())
prefix := dnToConsul(dn) + "/"
data, _, err := server.kv.List(prefix, nil)
if err != nil {
return ldap.LDAPResultOperationsError, err
}
if len(data) > 0 {
return ldap.LDAPResultEntryAlreadyExists, nil
}
// TODO check permissions
entry := Entry{}
for _, attribute := range r.Attributes() {
key := string(attribute.Type_())
vals_str := []string{}
for _, val := range attribute.Vals() {
vals_str = append(vals_str, string(val))
}
entry[key] = vals_str
}
err = server.addElements(dn, entry)
if err != nil {
return ldap.LDAPResultOperationsError, err
}
return ldap.LDAPResultSuccess, nil
}