2006-10-17 14:35:47 +02:00
|
|
|
%%%----------------------------------------------------------------------
|
|
|
|
%%% File : eldap_utils.erl
|
2007-12-24 14:57:53 +01:00
|
|
|
%%% Author : Mickael Remond <mremond@process-one.net>
|
2006-10-17 14:35:47 +02:00
|
|
|
%%% Purpose : ejabberd LDAP helper functions
|
2007-12-24 14:57:53 +01:00
|
|
|
%%% Created : 12 Oct 2006 by Mickael Remond <mremond@process-one.net>
|
|
|
|
%%%
|
|
|
|
%%%
|
2020-01-28 13:34:02 +01:00
|
|
|
%%% ejabberd, Copyright (C) 2002-2020 ProcessOne
|
2007-12-24 14:57:53 +01:00
|
|
|
%%%
|
|
|
|
%%% This program is free software; you can redistribute it and/or
|
|
|
|
%%% modify it under the terms of the GNU General Public License as
|
|
|
|
%%% published by the Free Software Foundation; either version 2 of the
|
|
|
|
%%% License, or (at your option) any later version.
|
|
|
|
%%%
|
|
|
|
%%% This program is distributed in the hope that it will be useful,
|
|
|
|
%%% but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
|
|
%%% MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
|
|
|
%%% General Public License for more details.
|
2009-01-12 15:44:42 +01:00
|
|
|
%%%
|
2014-02-22 11:27:40 +01:00
|
|
|
%%% You should have received a copy of the GNU General Public License along
|
|
|
|
%%% with this program; if not, write to the Free Software Foundation, Inc.,
|
|
|
|
%%% 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
|
2007-12-24 14:57:53 +01:00
|
|
|
%%%
|
2006-10-17 14:35:47 +02:00
|
|
|
%%%----------------------------------------------------------------------
|
|
|
|
|
|
|
|
-module(eldap_utils).
|
2015-06-01 14:38:27 +02:00
|
|
|
|
2007-12-24 14:57:53 +01:00
|
|
|
-author('mremond@process-one.net').
|
2006-10-17 14:35:47 +02:00
|
|
|
|
2017-04-28 12:23:32 +02:00
|
|
|
-export([generate_subfilter/1, find_ldap_attrs/2, check_filter/1,
|
2015-06-01 14:38:27 +02:00
|
|
|
get_ldap_attr/2, get_user_part/2, make_filter/2,
|
2019-06-14 11:33:26 +02:00
|
|
|
get_state/2, case_insensitive_match/2,
|
|
|
|
decode_octet_string/3, uids_domain_subst/2]).
|
2006-10-17 14:35:47 +02:00
|
|
|
|
2013-04-08 11:12:54 +02:00
|
|
|
-include("logger.hrl").
|
2013-03-14 10:33:02 +01:00
|
|
|
-include("eldap.hrl").
|
2011-06-15 12:06:32 +02:00
|
|
|
|
2006-10-17 14:35:47 +02:00
|
|
|
%% Generate an 'or' LDAP query on one or several attributes
|
|
|
|
%% If there is only one attribute
|
|
|
|
generate_subfilter([UID]) ->
|
|
|
|
subfilter(UID);
|
|
|
|
%% If there is several attributes
|
|
|
|
generate_subfilter(UIDs) ->
|
2013-03-14 10:33:02 +01:00
|
|
|
iolist_to_binary(["(|", [subfilter(UID) || UID <- UIDs], ")"]).
|
2006-10-17 14:35:47 +02:00
|
|
|
%% Subfilter for a single attribute
|
2013-03-14 10:33:02 +01:00
|
|
|
|
2006-10-17 14:35:47 +02:00
|
|
|
subfilter({UIDAttr, UIDAttrFormat}) ->
|
|
|
|
%% The default UiDAttrFormat is %u
|
2013-03-14 10:33:02 +01:00
|
|
|
<<$(, UIDAttr/binary, $=, UIDAttrFormat/binary, $)>>;
|
|
|
|
%% The default UiDAttrFormat is <<"%u">>
|
2006-10-17 14:35:47 +02:00
|
|
|
subfilter({UIDAttr}) ->
|
2013-03-14 10:33:02 +01:00
|
|
|
<<$(, UIDAttr/binary, $=, "%u)">>.
|
2006-10-17 14:35:47 +02:00
|
|
|
|
|
|
|
%% Not tail-recursive, but it is not very terribly.
|
|
|
|
%% It stops finding on the first not empty value.
|
2013-03-14 10:33:02 +01:00
|
|
|
-spec find_ldap_attrs([{binary()} | {binary(), binary()}],
|
|
|
|
[{binary(), [binary()]}]) -> <<>> | {binary(), binary()}.
|
|
|
|
|
2010-03-08 06:04:56 +01:00
|
|
|
find_ldap_attrs([{Attr} | Rest], Attributes) ->
|
2013-03-14 10:33:02 +01:00
|
|
|
find_ldap_attrs([{Attr, <<"%u">>} | Rest], Attributes);
|
2006-10-17 14:35:47 +02:00
|
|
|
find_ldap_attrs([{Attr, Format} | Rest], Attributes) ->
|
2010-03-08 06:04:56 +01:00
|
|
|
case get_ldap_attr(Attr, Attributes) of
|
2013-03-14 10:33:02 +01:00
|
|
|
Value when is_binary(Value), Value /= <<>> ->
|
2010-03-08 06:04:56 +01:00
|
|
|
{Value, Format};
|
2006-10-17 14:35:47 +02:00
|
|
|
_ ->
|
2010-03-08 06:04:56 +01:00
|
|
|
find_ldap_attrs(Rest, Attributes)
|
|
|
|
end;
|
2006-10-17 14:35:47 +02:00
|
|
|
find_ldap_attrs([], _) ->
|
2013-03-14 10:33:02 +01:00
|
|
|
<<>>.
|
|
|
|
|
|
|
|
-spec get_ldap_attr(binary(), [{binary(), [binary()]}]) -> binary().
|
2006-10-17 14:35:47 +02:00
|
|
|
|
|
|
|
get_ldap_attr(LDAPAttr, Attributes) ->
|
|
|
|
Res = lists:filter(
|
|
|
|
fun({Name, _}) ->
|
|
|
|
case_insensitive_match(Name, LDAPAttr)
|
|
|
|
end, Attributes),
|
|
|
|
case Res of
|
|
|
|
[{_, [Value|_]}] -> Value;
|
2013-03-14 10:33:02 +01:00
|
|
|
_ -> <<>>
|
2006-10-17 14:35:47 +02:00
|
|
|
end.
|
|
|
|
|
2013-03-14 10:33:02 +01:00
|
|
|
-spec get_user_part(binary(), binary()) -> {ok, binary()} | {error, badmatch}.
|
2006-10-17 14:35:47 +02:00
|
|
|
|
|
|
|
get_user_part(String, Pattern) ->
|
|
|
|
F = fun(S, P) ->
|
2013-03-14 10:33:02 +01:00
|
|
|
First = str:str(P, <<"%u">>),
|
|
|
|
TailLength = byte_size(P) - (First+1),
|
|
|
|
str:sub_string(S, First, byte_size(S) - TailLength)
|
2006-10-17 14:35:47 +02:00
|
|
|
end,
|
|
|
|
case catch F(String, Pattern) of
|
|
|
|
{'EXIT', _} ->
|
|
|
|
{error, badmatch};
|
|
|
|
Result ->
|
2013-03-14 10:33:02 +01:00
|
|
|
case catch ejabberd_regexp:replace(Pattern, <<"%u">>, Result) of
|
2011-12-19 07:10:48 +01:00
|
|
|
{'EXIT', _} ->
|
|
|
|
{error, badmatch};
|
|
|
|
StringRes ->
|
2013-03-14 10:33:02 +01:00
|
|
|
case case_insensitive_match(StringRes, String) of
|
2011-06-23 07:14:15 +02:00
|
|
|
true ->
|
|
|
|
{ok, Result};
|
|
|
|
false ->
|
|
|
|
{error, badmatch}
|
2011-12-19 07:10:48 +01:00
|
|
|
end
|
|
|
|
end
|
2006-10-17 14:35:47 +02:00
|
|
|
end.
|
|
|
|
|
2013-03-14 10:33:02 +01:00
|
|
|
-spec make_filter([{binary(), [binary()]}], [{binary(), binary()}]) -> any().
|
|
|
|
|
2006-10-17 14:35:47 +02:00
|
|
|
make_filter(Data, UIDs) ->
|
2013-03-14 10:33:02 +01:00
|
|
|
NewUIDs = [{U, eldap_filter:do_sub(
|
|
|
|
UF, [{<<"%u">>, <<"*%u*">>, 1}])} || {U, UF} <- UIDs],
|
2006-10-17 14:35:47 +02:00
|
|
|
Filter = lists:flatmap(
|
|
|
|
fun({Name, [Value | _]}) ->
|
|
|
|
case Name of
|
2013-03-14 10:33:02 +01:00
|
|
|
<<"%u">> when Value /= <<"">> ->
|
2006-10-17 14:35:47 +02:00
|
|
|
case eldap_filter:parse(
|
2013-03-14 10:33:02 +01:00
|
|
|
generate_subfilter(NewUIDs),
|
|
|
|
[{<<"%u">>, Value}]) of
|
2006-10-17 14:35:47 +02:00
|
|
|
{ok, F} -> [F];
|
|
|
|
_ -> []
|
|
|
|
end;
|
2013-03-14 10:33:02 +01:00
|
|
|
_ when Value /= <<"">> ->
|
|
|
|
[eldap:substrings(
|
|
|
|
Name,
|
|
|
|
[{any, Value}])];
|
2006-10-17 14:35:47 +02:00
|
|
|
_ ->
|
|
|
|
[]
|
|
|
|
end
|
|
|
|
end, Data),
|
|
|
|
case Filter of
|
|
|
|
[F] ->
|
|
|
|
F;
|
|
|
|
_ ->
|
|
|
|
eldap:'and'(Filter)
|
|
|
|
end.
|
|
|
|
|
2017-04-28 12:23:32 +02:00
|
|
|
check_filter(F) ->
|
|
|
|
NewF = iolist_to_binary(F),
|
|
|
|
{ok, _} = eldap_filter:parse(NewF),
|
|
|
|
NewF.
|
|
|
|
|
2013-03-14 10:33:02 +01:00
|
|
|
-spec case_insensitive_match(binary(), binary()) -> boolean().
|
|
|
|
|
2006-10-17 14:35:47 +02:00
|
|
|
case_insensitive_match(X, Y) ->
|
2013-03-14 10:33:02 +01:00
|
|
|
X1 = str:to_lower(X),
|
|
|
|
Y1 = str:to_lower(Y),
|
2006-10-17 14:35:47 +02:00
|
|
|
if
|
|
|
|
X1 == Y1 -> true;
|
|
|
|
true -> false
|
|
|
|
end.
|
|
|
|
|
2007-01-27 17:40:37 +01:00
|
|
|
get_state(Server, Module) ->
|
|
|
|
Proc = gen_mod:get_module_proc(Server, Module),
|
|
|
|
gen_server:call(Proc, get_state).
|
|
|
|
|
|
|
|
%% From the list of uids attribute:
|
|
|
|
%% we look from alias domain (%d) and make the substitution
|
|
|
|
%% with the actual host domain
|
|
|
|
%% This help when you need to configure many virtual domains.
|
2019-06-14 11:33:26 +02:00
|
|
|
-spec uids_domain_subst(binary(), [{binary(), binary()}]) ->
|
2013-03-14 10:33:02 +01:00
|
|
|
[{binary(), binary()}].
|
|
|
|
|
2007-01-27 17:40:37 +01:00
|
|
|
uids_domain_subst(Host, UIDs) ->
|
|
|
|
lists:map(fun({U,V}) ->
|
2013-03-14 10:33:02 +01:00
|
|
|
{U, eldap_filter:do_sub(V,[{<<"%d">>, Host}])};
|
2019-06-14 11:33:26 +02:00
|
|
|
(A) -> A
|
2007-01-27 17:40:37 +01:00
|
|
|
end,
|
2007-12-06 23:12:27 +01:00
|
|
|
UIDs).
|
2011-06-15 12:06:32 +02:00
|
|
|
|
2019-06-14 11:33:26 +02:00
|
|
|
%%----------------------------------------
|
2013-03-14 10:33:02 +01:00
|
|
|
%% Borrowed from asn1rt_ber_bin_v2.erl
|
|
|
|
%%----------------------------------------
|
|
|
|
|
|
|
|
%%% The tag-number for universal types
|
2019-06-14 11:33:26 +02:00
|
|
|
-define(N_BOOLEAN, 1).
|
|
|
|
-define(N_INTEGER, 2).
|
2013-03-14 10:33:02 +01:00
|
|
|
-define(N_BIT_STRING, 3).
|
|
|
|
-define(N_OCTET_STRING, 4).
|
2019-06-14 11:33:26 +02:00
|
|
|
-define(N_NULL, 5).
|
|
|
|
-define(N_OBJECT_IDENTIFIER, 6).
|
|
|
|
-define(N_OBJECT_DESCRIPTOR, 7).
|
|
|
|
-define(N_EXTERNAL, 8).
|
|
|
|
-define(N_REAL, 9).
|
|
|
|
-define(N_ENUMERATED, 10).
|
|
|
|
-define(N_EMBEDDED_PDV, 11).
|
|
|
|
-define(N_SEQUENCE, 16).
|
|
|
|
-define(N_SET, 17).
|
2013-03-14 10:33:02 +01:00
|
|
|
-define(N_NumericString, 18).
|
|
|
|
-define(N_PrintableString, 19).
|
|
|
|
-define(N_TeletexString, 20).
|
|
|
|
-define(N_VideotexString, 21).
|
|
|
|
-define(N_IA5String, 22).
|
2019-06-14 11:33:26 +02:00
|
|
|
-define(N_UTCTime, 23).
|
|
|
|
-define(N_GeneralizedTime, 24).
|
2013-03-14 10:33:02 +01:00
|
|
|
-define(N_GraphicString, 25).
|
|
|
|
-define(N_VisibleString, 26).
|
|
|
|
-define(N_GeneralString, 27).
|
|
|
|
-define(N_UniversalString, 28).
|
|
|
|
-define(N_BMPString, 30).
|
|
|
|
|
2019-06-14 11:33:26 +02:00
|
|
|
decode_octet_string(Buffer, Range, Tags) ->
|
2013-03-14 10:33:02 +01:00
|
|
|
% NewTags = new_tags(HasTag,#tag{class=?UNIVERSAL,number=?N_OCTET_STRING}),
|
|
|
|
decode_restricted_string(Buffer, Range, Tags).
|
|
|
|
|
|
|
|
decode_restricted_string(Tlv, Range, TagsIn) ->
|
|
|
|
Val = match_tags(Tlv, TagsIn),
|
2019-06-14 11:33:26 +02:00
|
|
|
Val2 =
|
2013-03-14 10:33:02 +01:00
|
|
|
case Val of
|
|
|
|
PartList = [_H|_T] -> % constructed val
|
|
|
|
collect_parts(PartList);
|
|
|
|
Bin ->
|
|
|
|
Bin
|
|
|
|
end,
|
|
|
|
check_and_convert_restricted_string(Val2, Range).
|
|
|
|
|
|
|
|
check_and_convert_restricted_string(Val, Range) ->
|
|
|
|
{StrLen,NewVal} = if is_binary(Val) ->
|
|
|
|
{size(Val), Val};
|
|
|
|
true ->
|
|
|
|
{length(Val), list_to_binary(Val)}
|
|
|
|
end,
|
|
|
|
case Range of
|
|
|
|
[] -> % No length constraint
|
|
|
|
NewVal;
|
|
|
|
{Lb,Ub} when StrLen >= Lb, Ub >= StrLen -> % variable length constraint
|
|
|
|
NewVal;
|
|
|
|
{{Lb,_Ub},[]} when StrLen >= Lb ->
|
|
|
|
NewVal;
|
|
|
|
{{Lb,_Ub},_Ext=[Min|_]} when StrLen >= Lb; StrLen >= Min ->
|
|
|
|
NewVal;
|
2019-06-14 11:33:26 +02:00
|
|
|
{{Lb1,Ub1},{Lb2,Ub2}} when StrLen >= Lb1, StrLen =< Ub1;
|
2013-03-14 10:33:02 +01:00
|
|
|
StrLen =< Ub2, StrLen >= Lb2 ->
|
|
|
|
NewVal;
|
|
|
|
StrLen -> % fixed length constraint
|
|
|
|
NewVal;
|
2019-06-14 11:33:26 +02:00
|
|
|
{_,_} ->
|
2013-03-14 10:33:02 +01:00
|
|
|
exit({error,{asn1,{length,Range,Val}}});
|
|
|
|
_Len when is_integer(_Len) ->
|
|
|
|
exit({error,{asn1,{length,Range,Val}}});
|
|
|
|
_ -> % some strange constraint that we don't support yet
|
|
|
|
NewVal
|
|
|
|
end.
|
|
|
|
|
2019-06-14 11:33:26 +02:00
|
|
|
%%----------------------------------------
|
|
|
|
%% Decode the in buffer to bits
|
|
|
|
%%----------------------------------------
|
2013-03-14 10:33:02 +01:00
|
|
|
match_tags({T,V},[T]) ->
|
|
|
|
V;
|
|
|
|
match_tags({T,V}, [T|Tt]) ->
|
|
|
|
match_tags(V,Tt);
|
|
|
|
match_tags([{T,V}],[T|Tt]) ->
|
|
|
|
match_tags(V, Tt);
|
|
|
|
match_tags(Vlist = [{T,_V}|_], [T]) ->
|
|
|
|
Vlist;
|
|
|
|
match_tags(Tlv, []) ->
|
|
|
|
Tlv;
|
|
|
|
match_tags({Tag,_V},[T|_Tt]) ->
|
|
|
|
{error,{asn1,{wrong_tag,{Tag,T}}}}.
|
|
|
|
|
|
|
|
collect_parts(TlvList) ->
|
|
|
|
collect_parts(TlvList,[]).
|
|
|
|
|
|
|
|
collect_parts([{_,L}|Rest],Acc) when is_list(L) ->
|
|
|
|
collect_parts(Rest,[collect_parts(L)|Acc]);
|
|
|
|
collect_parts([{?N_BIT_STRING,<<Unused,Bits/binary>>}|Rest],_Acc) ->
|
|
|
|
collect_parts_bit(Rest,[Bits],Unused);
|
|
|
|
collect_parts([{_T,V}|Rest],Acc) ->
|
|
|
|
collect_parts(Rest,[V|Acc]);
|
|
|
|
collect_parts([],Acc) ->
|
|
|
|
list_to_binary(lists:reverse(Acc)).
|
|
|
|
|
2019-06-14 11:33:26 +02:00
|
|
|
collect_parts_bit([{?N_BIT_STRING,<<Unused,Bits/binary>>}|Rest],Acc,Uacc) ->
|
2013-03-14 10:33:02 +01:00
|
|
|
collect_parts_bit(Rest,[Bits|Acc],Unused+Uacc);
|
|
|
|
collect_parts_bit([],Acc,Uacc) ->
|
|
|
|
list_to_binary([Uacc|lists:reverse(Acc)]).
|