diff options
Diffstat (limited to 'src/eldap_utils.erl')
| -rw-r--r-- | src/eldap_utils.erl | 194 |
1 files changed, 26 insertions, 168 deletions
diff --git a/src/eldap_utils.erl b/src/eldap_utils.erl index 47e18aac3..40771d4ad 100644 --- a/src/eldap_utils.erl +++ b/src/eldap_utils.erl @@ -25,14 +25,12 @@ -module(eldap_utils). --behaviour(ejabberd_config). -author('mremond@process-one.net'). -export([generate_subfilter/1, find_ldap_attrs/2, check_filter/1, get_ldap_attr/2, get_user_part/2, make_filter/2, - get_state/2, case_insensitive_match/2, get_config/2, - decode_octet_string/3, uids_domain_subst/2, opt_type/1, - options/1]). + get_state/2, case_insensitive_match/2, + decode_octet_string/3, uids_domain_subst/2]). -include("logger.hrl"). -include("eldap.hrl"). @@ -160,110 +158,54 @@ get_state(Server, Module) -> %% we look from alias domain (%d) and make the substitution %% with the actual host domain %% This help when you need to configure many virtual domains. --spec uids_domain_subst(binary(), [{binary(), binary()}]) -> +-spec uids_domain_subst(binary(), [{binary(), binary()}]) -> [{binary(), binary()}]. uids_domain_subst(Host, UIDs) -> lists:map(fun({U,V}) -> {U, eldap_filter:do_sub(V,[{<<"%d">>, Host}])}; - (A) -> A + (A) -> A end, UIDs). --spec get_config(binary(), list()) -> eldap_config(). - -get_config(Host, Opts) -> - Servers = get_opt(ldap_servers, Host, Opts, [<<"localhost">>]), - Backups = get_opt(ldap_backups, Host, Opts, []), - Encrypt = get_opt(ldap_encrypt, Host, Opts, none), - TLSVerify = get_opt(ldap_tls_verify, Host, Opts, false), - TLSCertFile = get_opt(ldap_tls_certfile, Host, Opts), - TLSCAFile = get_opt(ldap_tls_cacertfile, Host, Opts), - TLSDepth = get_opt(ldap_tls_depth, Host, Opts), - Port = case get_opt(ldap_port, Host, Opts) of - undefined -> - case Encrypt of - tls -> ?LDAPS_PORT; - starttls -> ?LDAP_PORT; - _ -> ?LDAP_PORT - end; - P -> - P - end, - RootDN = get_opt(ldap_rootdn, Host, Opts, <<"">>), - Password = get_opt(ldap_password, Host, Opts, <<"">>), - Base = get_opt(ldap_base, Host, Opts, <<"">>), - OldDerefAliases = get_opt(deref_aliases, Host, Opts, unspecified), - DerefAliases = - if OldDerefAliases == unspecified -> - get_opt(ldap_deref_aliases, Host, Opts, never); - true -> - ?WARNING_MSG("Option 'deref_aliases' is deprecated. " - "The option is still supported " - "but it is better to fix your config: " - "use 'ldap_deref_aliases' instead.", []), - OldDerefAliases - end, - #eldap_config{servers = Servers, - backups = Backups, - tls_options = [{encrypt, Encrypt}, - {tls_verify, TLSVerify}, - {tls_certfile, TLSCertFile}, - {tls_cacertfile, TLSCAFile}, - {tls_depth, TLSDepth}], - port = Port, - dn = RootDN, - password = Password, - base = Base, - deref_aliases = DerefAliases}. - -get_opt(Opt, Host, Opts) -> - get_opt(Opt, Host, Opts, undefined). - -get_opt(Opt, Host, Opts, Default) -> - case proplists:get_value(Opt, Opts) of - undefined -> ejabberd_config:get_option({Opt, Host}, Default); - Value -> Value - end. - -%%---------------------------------------- +%%---------------------------------------- %% Borrowed from asn1rt_ber_bin_v2.erl %%---------------------------------------- %%% The tag-number for universal types --define(N_BOOLEAN, 1). --define(N_INTEGER, 2). +-define(N_BOOLEAN, 1). +-define(N_INTEGER, 2). -define(N_BIT_STRING, 3). -define(N_OCTET_STRING, 4). --define(N_NULL, 5). --define(N_OBJECT_IDENTIFIER, 6). --define(N_OBJECT_DESCRIPTOR, 7). --define(N_EXTERNAL, 8). --define(N_REAL, 9). --define(N_ENUMERATED, 10). --define(N_EMBEDDED_PDV, 11). --define(N_SEQUENCE, 16). --define(N_SET, 17). +-define(N_NULL, 5). +-define(N_OBJECT_IDENTIFIER, 6). +-define(N_OBJECT_DESCRIPTOR, 7). +-define(N_EXTERNAL, 8). +-define(N_REAL, 9). +-define(N_ENUMERATED, 10). +-define(N_EMBEDDED_PDV, 11). +-define(N_SEQUENCE, 16). +-define(N_SET, 17). -define(N_NumericString, 18). -define(N_PrintableString, 19). -define(N_TeletexString, 20). -define(N_VideotexString, 21). -define(N_IA5String, 22). --define(N_UTCTime, 23). --define(N_GeneralizedTime, 24). +-define(N_UTCTime, 23). +-define(N_GeneralizedTime, 24). -define(N_GraphicString, 25). -define(N_VisibleString, 26). -define(N_GeneralString, 27). -define(N_UniversalString, 28). -define(N_BMPString, 30). -decode_octet_string(Buffer, Range, Tags) -> +decode_octet_string(Buffer, Range, Tags) -> % NewTags = new_tags(HasTag,#tag{class=?UNIVERSAL,number=?N_OCTET_STRING}), decode_restricted_string(Buffer, Range, Tags). decode_restricted_string(Tlv, Range, TagsIn) -> Val = match_tags(Tlv, TagsIn), - Val2 = + Val2 = case Val of PartList = [_H|_T] -> % constructed val collect_parts(PartList); @@ -287,12 +229,12 @@ check_and_convert_restricted_string(Val, Range) -> NewVal; {{Lb,_Ub},_Ext=[Min|_]} when StrLen >= Lb; StrLen >= Min -> NewVal; - {{Lb1,Ub1},{Lb2,Ub2}} when StrLen >= Lb1, StrLen =< Ub1; + {{Lb1,Ub1},{Lb2,Ub2}} when StrLen >= Lb1, StrLen =< Ub1; StrLen =< Ub2, StrLen >= Lb2 -> NewVal; StrLen -> % fixed length constraint NewVal; - {_,_} -> + {_,_} -> exit({error,{asn1,{length,Range,Val}}}); _Len when is_integer(_Len) -> exit({error,{asn1,{length,Range,Val}}}); @@ -300,9 +242,9 @@ check_and_convert_restricted_string(Val, Range) -> NewVal end. -%%---------------------------------------- -%% Decode the in buffer to bits -%%---------------------------------------- +%%---------------------------------------- +%% Decode the in buffer to bits +%%---------------------------------------- match_tags({T,V},[T]) -> V; match_tags({T,V}, [T|Tt]) -> @@ -328,91 +270,7 @@ collect_parts([{_T,V}|Rest],Acc) -> collect_parts([],Acc) -> list_to_binary(lists:reverse(Acc)). -collect_parts_bit([{?N_BIT_STRING,<<Unused,Bits/binary>>}|Rest],Acc,Uacc) -> +collect_parts_bit([{?N_BIT_STRING,<<Unused,Bits/binary>>}|Rest],Acc,Uacc) -> collect_parts_bit(Rest,[Bits|Acc],Unused+Uacc); collect_parts_bit([],Acc,Uacc) -> list_to_binary([Uacc|lists:reverse(Acc)]). - --spec opt_type(atom()) -> fun((any()) -> any()) | [atom()]. -opt_type(deref_aliases) -> - fun(unspecified) -> unspecified; - (never) -> never; - (searching) -> searching; - (finding) -> finding; - (always) -> always - end; -opt_type(ldap_backups) -> - fun (L) -> [iolist_to_binary(H) || H <- L] end; -opt_type(ldap_base) -> fun iolist_to_binary/1; -opt_type(ldap_deref_aliases) -> - fun (never) -> never; - (searching) -> searching; - (finding) -> finding; - (always) -> always - end; -opt_type(ldap_encrypt) -> - fun (tls) -> tls; - (starttls) -> starttls; - (none) -> none - end; -opt_type(ldap_password) -> fun iolist_to_binary/1; -opt_type(ldap_port) -> - fun(undefined) -> undefined; - (I) when is_integer(I), I > 0 -> I - end; -opt_type(ldap_rootdn) -> fun iolist_to_binary/1; -opt_type(ldap_servers) -> - fun (L) -> [iolist_to_binary(H) || H <- L] end; -opt_type(ldap_tls_certfile) -> - fun(undefined) -> undefined; - (S) -> binary_to_list(ejabberd_pkix:try_certfile(S)) - end; -opt_type(ldap_tls_cacertfile) -> - fun(undefined) -> undefined; - (S) -> binary_to_list(misc:try_read_file(S)) - end; -opt_type(ldap_tls_depth) -> - fun(undefined) -> undefined; - (I) when is_integer(I), I >= 0 -> I - end; -opt_type(ldap_tls_verify) -> - fun (hard) -> hard; - (soft) -> soft; - (false) -> false - end; -opt_type(ldap_filter) -> - fun(<<"">>) -> <<"">>; - (F) -> check_filter(F) - end; -opt_type(ldap_uids) -> - fun (Us) -> - lists:map(fun ({U, P}) -> - {iolist_to_binary(U), iolist_to_binary(P)}; - ({U}) -> {iolist_to_binary(U)}; - (U) -> {iolist_to_binary(U)} - end, - lists:flatten(Us)) - end; -opt_type(_) -> - [deref_aliases, ldap_backups, ldap_base, ldap_uids, - ldap_deref_aliases, ldap_encrypt, ldap_password, - ldap_port, ldap_rootdn, ldap_servers, ldap_filter, - ldap_tls_certfile, ldap_tls_cacertfile, ldap_tls_depth, - ldap_tls_verify]. - -options(_) -> - [{deref_aliases, unspecified}, - {ldap_backups, []}, - {ldap_base, <<"">>}, - {ldap_uids, [{<<"uid">>, <<"%u">>}]}, - {ldap_deref_aliases, never}, - {ldap_encrypt, none}, - {ldap_password, <<"">>}, - {ldap_port, undefined}, - {ldap_rootdn, <<"">>}, - {ldap_servers, [<<"localhost">>]}, - {ldap_filter, <<"">>}, - {ldap_tls_certfile, undefined}, - {ldap_tls_cacertfile, undefined}, - {ldap_tls_depth, undefined}, - {ldap_tls_verify, false}]. |