diff options
Diffstat (limited to 'src/eldap_utils.erl')
| -rw-r--r-- | src/eldap_utils.erl | 177 |
1 files changed, 33 insertions, 144 deletions
diff --git a/src/eldap_utils.erl b/src/eldap_utils.erl index 9b9e5fbce..40771d4ad 100644 --- a/src/eldap_utils.erl +++ b/src/eldap_utils.erl @@ -5,7 +5,7 @@ %%% Created : 12 Oct 2006 by Mickael Remond <mremond@process-one.net> %%% %%% -%%% ejabberd, Copyright (C) 2002-2016 ProcessOne +%%% ejabberd, Copyright (C) 2002-2019 ProcessOne %%% %%% This program is free software; you can redistribute it and/or %%% modify it under the terms of the GNU General Public License as @@ -25,15 +25,13 @@ -module(eldap_utils). --behaviour(ejabberd_config). -author('mremond@process-one.net'). --export([generate_subfilter/1, find_ldap_attrs/2, +-export([generate_subfilter/1, find_ldap_attrs/2, check_filter/1, get_ldap_attr/2, get_user_part/2, make_filter/2, - get_state/2, case_insensitive_match/2, get_config/2, - decode_octet_string/3, uids_domain_subst/2, opt_type/1]). + get_state/2, case_insensitive_match/2, + decode_octet_string/3, uids_domain_subst/2]). --include("ejabberd.hrl"). -include("logger.hrl"). -include("eldap.hrl"). @@ -137,6 +135,11 @@ make_filter(Data, UIDs) -> eldap:'and'(Filter) end. +check_filter(F) -> + NewF = iolist_to_binary(F), + {ok, _} = eldap_filter:parse(NewF), + NewF. + -spec case_insensitive_match(binary(), binary()) -> boolean(). case_insensitive_match(X, Y) -> @@ -155,128 +158,54 @@ get_state(Server, Module) -> %% we look from alias domain (%d) and make the substitution %% with the actual host domain %% This help when you need to configure many virtual domains. --spec uids_domain_subst(binary(), [{binary(), binary()}]) -> +-spec uids_domain_subst(binary(), [{binary(), binary()}]) -> [{binary(), binary()}]. uids_domain_subst(Host, UIDs) -> lists:map(fun({U,V}) -> {U, eldap_filter:do_sub(V,[{<<"%d">>, Host}])}; - (A) -> A + (A) -> A end, UIDs). --spec get_config(binary(), list()) -> eldap_config(). - -get_config(Host, Opts) -> - Servers = gen_mod:get_opt({ldap_servers, Host}, Opts, - fun(L) -> - [iolist_to_binary(H) || H <- L] - end, [<<"localhost">>]), - Backups = gen_mod:get_opt({ldap_backups, Host}, Opts, - fun(L) -> - [iolist_to_binary(H) || H <- L] - end, []), - Encrypt = gen_mod:get_opt({ldap_encrypt, Host}, Opts, - fun(tls) -> tls; - (starttls) -> starttls; - (none) -> none - end, none), - TLSVerify = gen_mod:get_opt({ldap_tls_verify, Host}, Opts, - fun(hard) -> hard; - (soft) -> soft; - (false) -> false - end, false), - TLSCAFile = gen_mod:get_opt({ldap_tls_cacertfile, Host}, Opts, - fun iolist_to_binary/1), - TLSDepth = gen_mod:get_opt({ldap_tls_depth, Host}, Opts, - fun(I) when is_integer(I), I>=0 -> I end), - Port = gen_mod:get_opt({ldap_port, Host}, Opts, - fun(I) when is_integer(I), I>0 -> I end, - case Encrypt of - tls -> ?LDAPS_PORT; - starttls -> ?LDAP_PORT; - _ -> ?LDAP_PORT - end), - RootDN = gen_mod:get_opt({ldap_rootdn, Host}, Opts, - fun iolist_to_binary/1, - <<"">>), - Password = gen_mod:get_opt({ldap_password, Host}, Opts, - fun iolist_to_binary/1, - <<"">>), - Base = gen_mod:get_opt({ldap_base, Host}, Opts, - fun iolist_to_binary/1, - <<"">>), - OldDerefAliases = gen_mod:get_opt({deref_aliases, Host}, Opts, - fun(never) -> never; - (searching) -> searching; - (finding) -> finding; - (always) -> always - end, unspecified), - DerefAliases = - if OldDerefAliases == unspecified -> - gen_mod:get_opt({ldap_deref_aliases, Host}, Opts, - fun(never) -> never; - (searching) -> searching; - (finding) -> finding; - (always) -> always - end, never); - true -> - ?WARNING_MSG("Option 'deref_aliases' is deprecated. " - "The option is still supported " - "but it is better to fix your config: " - "use 'ldap_deref_aliases' instead.", []), - OldDerefAliases - end, - #eldap_config{servers = Servers, - backups = Backups, - tls_options = [{encrypt, Encrypt}, - {tls_verify, TLSVerify}, - {tls_cacertfile, TLSCAFile}, - {tls_depth, TLSDepth}], - port = Port, - dn = RootDN, - password = Password, - base = Base, - deref_aliases = DerefAliases}. - -%%---------------------------------------- +%%---------------------------------------- %% Borrowed from asn1rt_ber_bin_v2.erl %%---------------------------------------- %%% The tag-number for universal types --define(N_BOOLEAN, 1). --define(N_INTEGER, 2). +-define(N_BOOLEAN, 1). +-define(N_INTEGER, 2). -define(N_BIT_STRING, 3). -define(N_OCTET_STRING, 4). --define(N_NULL, 5). --define(N_OBJECT_IDENTIFIER, 6). --define(N_OBJECT_DESCRIPTOR, 7). --define(N_EXTERNAL, 8). --define(N_REAL, 9). --define(N_ENUMERATED, 10). --define(N_EMBEDDED_PDV, 11). --define(N_SEQUENCE, 16). --define(N_SET, 17). +-define(N_NULL, 5). +-define(N_OBJECT_IDENTIFIER, 6). +-define(N_OBJECT_DESCRIPTOR, 7). +-define(N_EXTERNAL, 8). +-define(N_REAL, 9). +-define(N_ENUMERATED, 10). +-define(N_EMBEDDED_PDV, 11). +-define(N_SEQUENCE, 16). +-define(N_SET, 17). -define(N_NumericString, 18). -define(N_PrintableString, 19). -define(N_TeletexString, 20). -define(N_VideotexString, 21). -define(N_IA5String, 22). --define(N_UTCTime, 23). --define(N_GeneralizedTime, 24). +-define(N_UTCTime, 23). +-define(N_GeneralizedTime, 24). -define(N_GraphicString, 25). -define(N_VisibleString, 26). -define(N_GeneralString, 27). -define(N_UniversalString, 28). -define(N_BMPString, 30). -decode_octet_string(Buffer, Range, Tags) -> +decode_octet_string(Buffer, Range, Tags) -> % NewTags = new_tags(HasTag,#tag{class=?UNIVERSAL,number=?N_OCTET_STRING}), decode_restricted_string(Buffer, Range, Tags). decode_restricted_string(Tlv, Range, TagsIn) -> Val = match_tags(Tlv, TagsIn), - Val2 = + Val2 = case Val of PartList = [_H|_T] -> % constructed val collect_parts(PartList); @@ -300,12 +229,12 @@ check_and_convert_restricted_string(Val, Range) -> NewVal; {{Lb,_Ub},_Ext=[Min|_]} when StrLen >= Lb; StrLen >= Min -> NewVal; - {{Lb1,Ub1},{Lb2,Ub2}} when StrLen >= Lb1, StrLen =< Ub1; + {{Lb1,Ub1},{Lb2,Ub2}} when StrLen >= Lb1, StrLen =< Ub1; StrLen =< Ub2, StrLen >= Lb2 -> NewVal; StrLen -> % fixed length constraint NewVal; - {_,_} -> + {_,_} -> exit({error,{asn1,{length,Range,Val}}}); _Len when is_integer(_Len) -> exit({error,{asn1,{length,Range,Val}}}); @@ -313,9 +242,9 @@ check_and_convert_restricted_string(Val, Range) -> NewVal end. -%%---------------------------------------- -%% Decode the in buffer to bits -%%---------------------------------------- +%%---------------------------------------- +%% Decode the in buffer to bits +%%---------------------------------------- match_tags({T,V},[T]) -> V; match_tags({T,V}, [T|Tt]) -> @@ -341,47 +270,7 @@ collect_parts([{_T,V}|Rest],Acc) -> collect_parts([],Acc) -> list_to_binary(lists:reverse(Acc)). -collect_parts_bit([{?N_BIT_STRING,<<Unused,Bits/binary>>}|Rest],Acc,Uacc) -> +collect_parts_bit([{?N_BIT_STRING,<<Unused,Bits/binary>>}|Rest],Acc,Uacc) -> collect_parts_bit(Rest,[Bits|Acc],Unused+Uacc); collect_parts_bit([],Acc,Uacc) -> list_to_binary([Uacc|lists:reverse(Acc)]). - -opt_type(deref_aliases) -> - fun (never) -> never; - (searching) -> searching; - (finding) -> finding; - (always) -> always - end; -opt_type(ldap_backups) -> - fun (L) -> [iolist_to_binary(H) || H <- L] end; -opt_type(ldap_base) -> fun iolist_to_binary/1; -opt_type(ldap_deref_aliases) -> - fun (never) -> never; - (searching) -> searching; - (finding) -> finding; - (always) -> always - end; -opt_type(ldap_encrypt) -> - fun (tls) -> tls; - (starttls) -> starttls; - (none) -> none - end; -opt_type(ldap_password) -> fun iolist_to_binary/1; -opt_type(ldap_port) -> - fun (I) when is_integer(I), I > 0 -> I end; -opt_type(ldap_rootdn) -> fun iolist_to_binary/1; -opt_type(ldap_servers) -> - fun (L) -> [iolist_to_binary(H) || H <- L] end; -opt_type(ldap_tls_cacertfile) -> fun iolist_to_binary/1; -opt_type(ldap_tls_depth) -> - fun (I) when is_integer(I), I >= 0 -> I end; -opt_type(ldap_tls_verify) -> - fun (hard) -> hard; - (soft) -> soft; - (false) -> false - end; -opt_type(_) -> - [deref_aliases, ldap_backups, ldap_base, - ldap_deref_aliases, ldap_encrypt, ldap_password, - ldap_port, ldap_rootdn, ldap_servers, - ldap_tls_cacertfile, ldap_tls_depth, ldap_tls_verify]. |