zishuo/golib
1
0
Fork 0
mirror of https://github.com/nabbar/golib.git synced 2025-09-27 04:06:05 +08:00
Code Issues Packages Projects Releases Wiki Activity
Files
ca39d7ad26dbd95cdce8d18a3d860cf8d2ca4f8c
golib/ldap/ldap.go
Nicolas JUHEL ca39d7ad26 Refactor package errors + packages names : 
- Refactor ErrorType, list errors managment, codeError
- Add interface Error with error interface implement
- Add type CodeError assign typiclly to const that represent code of error
- Add func to registry func to retrieve message from an uint16 codeError (typicaly a switch of each codeError const)
- Add default errorCode with default errorMessage if no one code or message is found
- Add modeError to manage how to manage compatibility between Error interface and error interface
- Add Error interface that allow parent link (parent as error or Error interface), code and trace management
- Add trace finder to allow find func/file/line caller when Error is call
- Add http 2 transport in httpcli
- Add http 2 transport in httpserver
- Add function to get client http with timeout management in httpcli
- Add function to get Error if occurs of http client in httpcli
- Add test for smtp package
- Chg return error by returning Error in all packages
- Chg package njs-archive by archive
- Chg package njs-certif by certificates
- Chg package njs-console by console
- Chg package njs-crypt by crypt
- Chg package njs-errors by errors
- Chg package njs-httpcli by httpcli
- Chg package njs-httpserver by httpserver
- Chg package njs-ioutils by ioutils
- Chg package njs-ldap by ldap
- Chg package njs-logger by logger
- Chg package njs-password by password
- Chg package njs-progress by progress
- Chg package njs-router by router
- Chg package njs-semaphore by semaphore
- Chg package njs-smtp by smtp
- Chg package njs-static by static
- Chg package njs-status by status
- Chg package njs-version by version
- Fix dependancies gopkg by github/go-ldap for go module compatibility
- Fix gin Abort call by gin Abort with Error in static package
- Fix issue #18 in status package : replace partner by component
- Fix go vet error
- Del deprecated function
- Del useless function & files
- Bump dependancies
- Apply CHG in README.md
2020-07-14 11:00:57 +02:00

391 lines
9.5 KiB
Go
Raw Blame History

/*
* MIT License
*
* Copyright (c) 2019 Nicolas JUHEL
*
* Permission is hereby granted, free of charge, to any person obtaining a copy
* of this software and associated documentation files (the "Software"), to deal
* in the Software without restriction, including without limitation the rights
* to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
* copies of the Software, and to permit persons to whom the Software is
* furnished to do so, subject to the following conditions:
*
* The above copyright notice and this permission notice shall be included in all
* copies or substantial portions of the Software.
*
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
* AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
* LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
* OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
* SOFTWARE.
*
*/
package ldap
import (
"crypto/tls"
"fmt"
"strings"
"github.com/go-ldap/ldap/v3"
njs_certif "github.com/nabbar/golib/certificates"
. "github.com/nabbar/golib/errors"
. "github.com/nabbar/golib/logger"
)
//HelperLDAP struct use to manage connection to server and request it
type HelperLDAP struct {
Attributes []string
conn *ldap.Conn
config *Config
tlsConfig *tls.Config
tlsMode TLSMode
bindDN string
bindPass string
}
//NewLDAP build a new LDAP helper based on config struct given
func NewLDAP(cnf *Config, attributes []string) (*HelperLDAP, Error) {
if cnf == nil {
return nil, EMPTY_PARAMS.Error(nil)
}
return &HelperLDAP{
Attributes: attributes,
tlsConfig: njs_certif.GetTLSConfig(cnf.Uri),
tlsMode: tlsmode_init,
config: cnf.Clone(),
}, nil
}
//SetCredentials used to defined the BindDN and password for connection
func (lc *HelperLDAP) SetCredentials(user, pass string) {
lc.bindDN = user
lc.bindPass = pass
}
//SetCredentials used to defined the BindDN and password for connection
func (lc *HelperLDAP) ForceTLSMode(tlsMode TLSMode, tlsConfig *tls.Config) {
switch tlsMode {
case TLSMODE_TLS, TLSMODE_STARTTLS, TLSMODE_NONE:
lc.tlsConfig = tlsConfig
}
if tlsConfig != nil {
lc.tlsConfig = tlsConfig
}
}
func (lc *HelperLDAP) tryConnect() (TLSMode, Error) {
var (
l *ldap.Conn
err error
)
defer func() {
if l != nil {
l.Close()
}
}()
if lc.config.Portldaps != 0 {
l, err = ldap.DialTLS("tcp", lc.config.ServerAddr(true), lc.tlsConfig)
if err == nil {
DebugLevel.Logf("ldap connected with tls mode '%s'", lc.tlsMode.String())
return TLSMODE_TLS, nil
}
}
if lc.config.PortLdap == 0 {
return tlsmode_init, LDAP_SERVER_CONFIG.Error(nil)
}
l, err = ldap.Dial("tcp", lc.config.ServerAddr(false))
if err != nil {
return 0, LDAP_SERVER_DIAL.ErrorParent(err)
}
if err = l.StartTLS(lc.tlsConfig); err == nil {
DebugLevel.Logf("ldap connected with tls mode '%s'", lc.tlsMode.String())
return TLSMODE_STARTTLS, nil
}
DebugLevel.Logf("ldap connected with tls mode '%s'", lc.tlsMode.String())
return TLSMODE_NONE, nil
}
func (lc *HelperLDAP) connect() Error {
if lc.conn == nil {
var (
l *ldap.Conn
err error
)
if lc.tlsMode == tlsmode_init {
m, e := lc.tryConnect()
if e != nil {
return e
}
lc.tlsMode = m
}
if lc.tlsMode == TLSMODE_TLS {
l, err = ldap.DialTLS("tcp", lc.config.ServerAddr(true), lc.tlsConfig)
if err != nil {
return LDAP_SERVER_TLS.ErrorParent(err)
}
}
if lc.tlsMode == TLSMODE_NONE || lc.tlsMode == TLSMODE_STARTTLS {
l, err = ldap.Dial("tcp", lc.config.ServerAddr(false))
if err != nil {
return LDAP_SERVER_DIAL.ErrorParent(err)
}
}
if lc.tlsMode == TLSMODE_STARTTLS {
err = l.StartTLS(lc.tlsConfig)
if err != nil {
return LDAP_SERVER_STARTTLS.ErrorParent(err)
}
}
DebugLevel.Logf("ldap connected with tls mode '%s'", lc.tlsMode.String())
lc.conn = l
}
return nil
}
//Check used to check if connection success (without any bind)
func (lc *HelperLDAP) Check() Error {
if err := lc.connect(); err != nil {
return err
}
lc.Close()
return nil
}
//Close used to close connection object
func (lc *HelperLDAP) Close() {
if lc.conn != nil {
lc.conn.Close()
lc.conn = nil
}
}
//AuthUser used to test bind given user uid and password
func (lc *HelperLDAP) AuthUser(username, password string) Error {
if err := lc.connect(); err != nil {
return err
}
if username == "" || password == "" {
return EMPTY_PARAMS.Error(nil)
}
err := lc.conn.Bind(username, password)
return LDAP_BIND.Iferror(err)
}
//Connect used to connect and bind to server
func (lc *HelperLDAP) Connect() Error {
if err := lc.AuthUser(lc.bindDN, lc.bindPass); err != nil {
return err
}
DebugLevel.Logf("Bind success on LDAP server %s with tls mode '%s'", lc.config.ServerAddr(lc.tlsMode == TLSMODE_TLS), lc.tlsMode.String())
return nil
}
func (lc *HelperLDAP) runSearch(filter string, attributes []string) (*ldap.SearchResult, Error) {
var (
err error
src *ldap.SearchResult
)
if e := lc.Connect(); e != nil {
return nil, e
}
defer lc.Close()
searchRequest := ldap.NewSearchRequest(
lc.config.Basedn,
ldap.ScopeWholeSubtree,
ldap.NeverDerefAliases,
100, 0, false,
filter,
attributes,
nil,
)
if src, err = lc.conn.Search(searchRequest); err != nil {
return nil, LDAP_SEARCH.ErrorParent(err)
}
DebugLevel.Logf("Search success on server '%s' with tls mode '%s', with filter [%s] and attribute %v", lc.config.ServerAddr(lc.tlsMode == TLSMODE_TLS), lc.tlsMode.String(), filter, attributes)
return src, nil
}
//UserInfo used to retrieve the information of a given username
func (lc *HelperLDAP) UserInfo(username string) (map[string]string, Error) {
var (
e Error
src *ldap.SearchResult
userRes map[string]string
)
if username == "" {
usr := lc.ParseEntries(lc.bindDN)
username = usr["uid"][0]
}
userRes = make(map[string]string)
attributes := append(lc.Attributes, "cn")
src, e = lc.runSearch(fmt.Sprintf(lc.config.FilterUser, username), attributes)
if e != nil {
return userRes, e
}
if len(src.Entries) != 1 {
if len(src.Entries) > 1 {
return userRes, LDAP_USER_NOT_UNIQ.Error(nil)
} else {
return userRes, LDAP_USER_NOT_FOUND.Error(nil)
}
}
for _, attr := range attributes {
userRes[attr] = src.Entries[0].GetAttributeValue(attr)
}
if _, ok := userRes["DN"]; !ok {
userRes["DN"] = src.Entries[0].DN
}
DebugLevel.Logf("Map info retrieve in ldap server '%s' with tls mode '%s' about user [%s] : %v", lc.config.ServerAddr(lc.tlsMode == TLSMODE_TLS), lc.tlsMode.String(), username, userRes)
return userRes, nil
}
//UserMemberOf returns the group list of a given user.
func (lc *HelperLDAP) UserMemberOf(username string) ([]string, Error) {
var (
err Error
src *ldap.SearchResult
grp []string
)
if username == "" {
usr := lc.ParseEntries(lc.bindDN)
username = usr["uid"][0]
}
grp = make([]string, 0)
src, err = lc.runSearch(fmt.Sprintf(lc.config.FilterUser, username), []string{"memberOf"})
if err != nil {
return grp, err
}
for _, entry := range src.Entries {
for _, mmb := range entry.GetAttributeValues("memberOf") {
DebugLevel.Logf("Group find for uid '%s' on server '%s' with tls mode '%s' : %v", username, lc.config.ServerAddr(lc.tlsMode == TLSMODE_TLS), lc.tlsMode.String(), mmb)
mmo := lc.ParseEntries(mmb)
grp = append(grp, mmo["cn"]...)
}
}
DebugLevel.Logf("Groups find for uid '%s' on server '%s' with tls mode '%s' : %v", username, lc.config.ServerAddr(lc.tlsMode == TLSMODE_TLS), lc.tlsMode.String(), grp)
return grp, nil
}
//UserIsInGroup used to check if a given username is a group member of a list of reference group name
func (lc *HelperLDAP) UserIsInGroup(username string, groupname []string) (bool, Error) {
var (
err Error
grpMmbr []string
)
if username == "" {
usr := lc.ParseEntries(lc.bindDN)
username = usr["uid"][0]
}
grpMmbr, err = lc.UserMemberOf(username)
if err != nil {
return false, err
}
for _, grpSrch := range groupname {
for _, grpItem := range grpMmbr {
if strings.EqualFold(grpSrch, grpItem) {
return true, nil
}
}
}
return false, nil
}
//UsersOfGroup used to retrieve the member list of a given group name
func (lc *HelperLDAP) UsersOfGroup(groupname string) ([]string, Error) {
var (
err Error
src *ldap.SearchResult
grp []string
)
grp = make([]string, 0)
src, err = lc.runSearch(fmt.Sprintf(lc.config.FilterGroup, groupname), []string{"member"})
if err != nil {
return grp, err
}
for _, entry := range src.Entries {
for _, mmb := range entry.GetAttributeValues("member") {
member := lc.ParseEntries(mmb)
grp = append(grp, member["uid"]...)
}
}
DebugLevel.Logf("Member of groups [%s] find on server '%s' with tls mode '%s' : %v", groupname, lc.config.ServerAddr(lc.tlsMode == TLSMODE_TLS), lc.tlsMode.String(), grp)
return grp, nil
}
//ParseEntries used to clean attributes of an object class
func (lc HelperLDAP) ParseEntries(entry string) map[string][]string {
var listEntries = make(map[string][]string)
for _, ent := range strings.Split(entry, ",") {
key := strings.SplitN(ent, "=", 2)
if len(key) != 2 || len(key[0]) < 1 || len(key[1]) < 1 {
continue
}
key[0] = strings.TrimSpace(key[0])
key[1] = strings.TrimSpace(key[1])
if _, ok := listEntries[key[0]]; !ok {
listEntries[key[0]] = []string{}
}
listEntries[key[0]] = append(listEntries[key[0]], key[1])
}
return listEntries
}
Reference in New Issue View Git Blame Copy Permalink