2023-07-22 05:36:57 +00:00
|
|
|
/*
|
|
|
|
Model-User handles everything having to do with the user.
|
|
|
|
*/
|
|
|
|
package main
|
|
|
|
|
|
|
|
import (
|
|
|
|
"fmt"
|
|
|
|
"log"
|
2023-07-22 06:28:23 +00:00
|
|
|
"strings"
|
2023-07-22 05:36:57 +00:00
|
|
|
|
|
|
|
"github.com/go-ldap/ldap/v3"
|
|
|
|
)
|
|
|
|
|
2023-07-22 06:17:20 +00:00
|
|
|
func get(user User, config *ConfigFile, ldapConn *ldap.Conn) (*User, error) {
|
|
|
|
searchReq := ldap.NewSearchRequest(
|
2023-07-22 07:16:23 +00:00
|
|
|
user.DN,
|
|
|
|
ldap.ScopeBaseObject,
|
2023-07-22 06:43:53 +00:00
|
|
|
ldap.NeverDerefAliases,
|
2023-07-22 06:17:20 +00:00
|
|
|
0,
|
|
|
|
0,
|
|
|
|
false,
|
2023-07-22 07:16:23 +00:00
|
|
|
"(objectClass=*)",
|
2023-07-22 06:17:20 +00:00
|
|
|
[]string{
|
2023-07-22 06:43:53 +00:00
|
|
|
"cn",
|
|
|
|
"givenName",
|
|
|
|
"displayName",
|
|
|
|
"uid",
|
|
|
|
"sn",
|
|
|
|
"mail",
|
|
|
|
"description",
|
2023-07-22 06:17:20 +00:00
|
|
|
},
|
2023-07-22 06:43:53 +00:00
|
|
|
nil)
|
2023-07-22 06:17:20 +00:00
|
|
|
searchRes, err := ldapConn.Search(searchReq)
|
|
|
|
if err != nil {
|
2023-07-22 06:35:39 +00:00
|
|
|
log.Printf("get User : %v", err)
|
|
|
|
log.Printf("get User : %v", searchReq)
|
|
|
|
log.Printf("get User : %v", searchRes)
|
2023-07-22 06:17:20 +00:00
|
|
|
return nil, err
|
|
|
|
}
|
2023-07-22 06:31:35 +00:00
|
|
|
userEntry := searchRes.Entries[0]
|
2023-07-22 06:17:20 +00:00
|
|
|
resUser := User{
|
|
|
|
DN: user.DN,
|
|
|
|
GivenName: searchRes.Entries[0].GetAttributeValue("givenName"),
|
|
|
|
DisplayName: searchRes.Entries[0].GetAttributeValue("displayName"),
|
2023-07-22 08:15:26 +00:00
|
|
|
Description: searchRes.Entries[0].GetAttributeValue("description"),
|
2023-07-22 06:17:20 +00:00
|
|
|
SN: searchRes.Entries[0].GetAttributeValue("sn"),
|
|
|
|
UID: searchRes.Entries[0].GetAttributeValue("uid"),
|
|
|
|
CN: searchRes.Entries[0].GetAttributeValue("cn"),
|
2023-07-22 07:57:32 +00:00
|
|
|
Mail: searchRes.Entries[0].GetAttributeValue("mail"),
|
2023-07-22 06:28:23 +00:00
|
|
|
CanAdmin: strings.EqualFold(user.DN, config.AdminAccount),
|
|
|
|
CanInvite: true,
|
2023-07-22 06:31:35 +00:00
|
|
|
UserEntry: userEntry,
|
2023-07-22 06:17:20 +00:00
|
|
|
}
|
2023-07-22 07:32:33 +00:00
|
|
|
searchReq.BaseDN = config.GroupCanAdmin
|
|
|
|
searchReq.Filter = "(member=" + user.DN + ")"
|
|
|
|
searchRes, err = ldapConn.Search(searchReq)
|
2023-07-22 07:35:07 +00:00
|
|
|
if err == nil {
|
|
|
|
if len(searchRes.Entries) > 0 {
|
|
|
|
resUser.CanAdmin = true
|
|
|
|
}
|
2023-07-22 07:32:33 +00:00
|
|
|
}
|
2023-07-22 06:17:20 +00:00
|
|
|
return &resUser, nil
|
2023-07-22 05:36:57 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
func add(user User, config *ConfigFile, ldapConn *ldap.Conn) error {
|
|
|
|
log.Printf(fmt.Sprint("Adding New User"))
|
|
|
|
|
|
|
|
dn := user.DN
|
|
|
|
req := ldap.NewAddRequest(dn, nil)
|
2023-07-22 09:51:05 +00:00
|
|
|
req.Attribute("objectClass", []string{"top", "person", "organizationalPerson", "inetOrgPerson"})
|
2023-07-22 05:36:57 +00:00
|
|
|
if user.DisplayName != "" {
|
|
|
|
req.Attribute("displayName", []string{user.DisplayName})
|
|
|
|
}
|
|
|
|
if user.GivenName != "" {
|
|
|
|
req.Attribute("givenName", []string{user.GivenName})
|
|
|
|
}
|
|
|
|
if user.Mail != "" {
|
|
|
|
req.Attribute("mail", []string{user.Mail})
|
|
|
|
}
|
|
|
|
if user.UID != "" {
|
|
|
|
req.Attribute("uid", []string{user.UID})
|
|
|
|
}
|
|
|
|
// if user.Member != "" {
|
|
|
|
// req.Attribute("member", []string{user.Member})
|
|
|
|
// }
|
|
|
|
if user.SN != "" {
|
|
|
|
req.Attribute("sn", []string{user.SN})
|
|
|
|
}
|
|
|
|
if user.Description != "" {
|
|
|
|
req.Attribute("description", []string{user.Description})
|
|
|
|
}
|
|
|
|
// if user.Password != "" {
|
|
|
|
// pwdEncoded, _ := encodePassword(user.Password)
|
|
|
|
// // if err != nil {
|
|
|
|
// // log.Printf("Error encoding password: %s", err)
|
|
|
|
// // return err
|
|
|
|
// // }
|
|
|
|
// req.Attribute("userPassword", []string{pwdEncoded})
|
|
|
|
// }
|
|
|
|
|
|
|
|
// conn :=
|
|
|
|
|
|
|
|
err := ldapConn.Add(req)
|
|
|
|
if err != nil {
|
|
|
|
log.Printf(fmt.Sprintf("71: %v", err))
|
|
|
|
log.Printf(fmt.Sprintf("72: %v", req))
|
|
|
|
log.Printf(fmt.Sprintf("73: %v", user))
|
|
|
|
return err
|
|
|
|
} else {
|
|
|
|
passwordModifyRequest := ldap.NewPasswordModifyRequest(user.DN, "", user.Password)
|
|
|
|
_, err = ldapConn.PasswordModify(passwordModifyRequest)
|
|
|
|
if err != nil {
|
|
|
|
return err
|
|
|
|
}
|
|
|
|
return nil
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
func modify(user User, config *ConfigFile, ldapConn *ldap.Conn) error {
|
|
|
|
modify_request := ldap.NewModifyRequest(user.DN, nil)
|
2023-07-22 07:41:09 +00:00
|
|
|
previousUser, err := get(user, config, ldapConn)
|
|
|
|
if err != nil {
|
|
|
|
return err
|
|
|
|
}
|
|
|
|
replaceIfContent(modify_request, "displayName", user.DisplayName, previousUser.DisplayName)
|
|
|
|
replaceIfContent(modify_request, "givenName", user.GivenName, previousUser.GivenName)
|
|
|
|
replaceIfContent(modify_request, "sn", user.SN, previousUser.SN)
|
|
|
|
replaceIfContent(modify_request, "description", user.Description, previousUser.Description)
|
|
|
|
err = ldapConn.Modify(modify_request)
|
2023-07-22 05:36:57 +00:00
|
|
|
if err != nil {
|
2023-07-22 07:45:12 +00:00
|
|
|
log.Printf(fmt.Sprintf("71: %v", err))
|
|
|
|
log.Printf(fmt.Sprintf("72: %v", modify_request))
|
|
|
|
log.Printf(fmt.Sprintf("73: %v", user))
|
2023-07-22 05:36:57 +00:00
|
|
|
return err
|
|
|
|
}
|
|
|
|
return nil
|
|
|
|
}
|
|
|
|
|
2023-07-22 05:43:41 +00:00
|
|
|
func passwd(user User, config *ConfigFile, ldapConn *ldap.Conn) error {
|
|
|
|
passwordModifyRequest := ldap.NewPasswordModifyRequest(user.DN, "", user.Password)
|
|
|
|
_, err := ldapConn.PasswordModify(passwordModifyRequest)
|
2023-07-25 06:46:12 +00:00
|
|
|
log.Printf(fmt.Sprintf("passwd 162 : %v %v", err, ldapConn))
|
|
|
|
log.Printf(fmt.Sprintf("passwd 163 : %v", user))
|
2023-07-22 05:43:41 +00:00
|
|
|
return err
|
|
|
|
}
|
|
|
|
|
2023-07-22 06:03:22 +00:00
|
|
|
func bind(user User, config *ConfigFile, ldapConn *ldap.Conn) error {
|
|
|
|
return ldapConn.Bind(user.DN, user.Password)
|
|
|
|
}
|
|
|
|
|
2023-07-22 08:04:25 +00:00
|
|
|
func replaceIfContent(modifReq *ldap.ModifyRequest, key string, value string, previousValue string) error {
|
2023-07-22 05:36:57 +00:00
|
|
|
if value != "" {
|
|
|
|
modifReq.Replace(key, []string{value})
|
2023-07-22 08:07:58 +00:00
|
|
|
} else if previousValue != "" {
|
2023-07-22 08:04:25 +00:00
|
|
|
modifReq.Delete(key, []string{previousValue})
|
2023-07-22 05:36:57 +00:00
|
|
|
}
|
|
|
|
return nil
|
|
|
|
}
|
|
|
|
|
|
|
|
// func encodePassword(inPassword string) (string, error) {
|
|
|
|
// utf16 := unicode.UTF16(unicode.LittleEndian, unicode.IgnoreBOM)
|
|
|
|
// return utf16.NewEncoder().String("\"" + inPassword + "\"")
|
|
|
|
// // if err != nil {
|
|
|
|
// // log.Printf("Error encoding password: %s", err)
|
|
|
|
// // return err
|
|
|
|
// // }
|
|
|
|
|
|
|
|
// }
|