From d2fd50360b5e60df0edefbec38e670722bf2bfe2 Mon Sep 17 00:00:00 2001 From: Sam Moore Date: Mon, 30 Sep 2013 18:02:28 +0800 Subject: [PATCH] Add ldap login test program Looks like this will actually be easier than rolling our own login system. --- testing/login/ldap/ldap_test.c | 97 ++++++++++++++++++++++++++++++++++ 1 file changed, 97 insertions(+) create mode 100644 testing/login/ldap/ldap_test.c diff --git a/testing/login/ldap/ldap_test.c b/testing/login/ldap/ldap_test.c new file mode 100644 index 0000000..ea324f9 --- /dev/null +++ b/testing/login/ldap/ldap_test.c @@ -0,0 +1,97 @@ +// Build with gcc -std=c99 -lldap +// Requires libldap2-dev + +#define _BSD_SOURCE +#define _XOPEN_SOURCE +#define LDAP_DEPRECATED 1 // Needed for ldap_simple_bind_s + + +#include +#include +#include +#include +#include +#include + + +#include +#include +#include +#include + + +bool BindTheDemon(const char * username, const char * passwd) +{ + static LDAP * ld = NULL; + + + static int auth_method = LDAP_AUTH_SIMPLE; + static int version = LDAP_VERSION3; + static char uri[] = "ldaps://ldap.pheme.uwa.edu.au"; + char dn[BUFSIZ]; // The "dn" is essentially the username plus a bunch of cruft that for some (presumably good) reason LDAP requires + + if (ld == NULL) + { + ldap_initialize(&ld, uri); // This is deprecated. + if (ld == NULL) + { + fprintf(stderr, "ldap_init failed - %s\n", strerror(errno)); + return false; + } + + printf("ldap_init succeeded\n"); + if (ldap_set_option(ld, LDAP_OPT_PROTOCOL_VERSION, &version) != LDAP_OPT_SUCCESS) // This is also deprecated. + { + fprintf(stderr, "ldap_set_option failed - %s\n", strerror(errno)); + return false; + } + + printf("ldap_set_option succeeded\n"); + } + + char * user_type = "Students"; + if (username[0] == '0') + user_type = "Staff"; + + if (sprintf(dn, "cn=%s,ou=%s,ou=Users,ou=UWA,dc=uwads,dc=uwa,dc=edu,dc=au", username, user_type) >= BUFSIZ) + { + fprintf(stderr, "LDAP DN string too long!\n"); + return false; + } + + printf("ldap_bind_s ...\n"); + + //printf("dn = %s\npasswd = %s\n", dn, passwd); + + struct berval creds; + creds.bv_val = (char*)passwd; + if (ldap_simple_bind_s(ld, dn, passwd) != LDAP_SUCCESS) // Yep. Deprecated. + //if (ldap_sasl_bind_s(ld, dn, LDAP_SASL_SIMPLE , &creds, NULL, NULL, NULL) != LDAP_SUCCESS) // Doesn't work + { + fprintf(stderr,"ldap_bind_s failed - %s", strerror(errno)); + return false; + } + return true; + +} + +int main(int argc, char ** argv) +{ + + // Get the username and password + // Need to get these passed through HTTPS at some point + printf("Username: "); + char username[BUFSIZ]; + if (fgets(username, BUFSIZ, stdin) != username) + { + fprintf(stderr, "Username too long!\n"); + exit(EXIT_FAILURE); + } + + username[strlen(username)-1] = '\0'; + + char * password = getpass("Password: "); //NOTE: getpass is deprecated. Just here for testing. + + printf("Could we bind the demon? %d\n", BindTheDemon(username, password)); + return 0; +} -- 2.20.1