本站源代码
Nevar pievienot vairāk kā 25 tēmas Tēmai ir jāsākas ar burtu vai ciparu, tā var saturēt domu zīmes ('-') un var būt līdz 35 simboliem gara.

136 rindas
4.1KB

  1. package ldap
  2. import (
  3. "errors"
  4. "fmt"
  5. "gopkg.in/asn1-ber.v1"
  6. )
  7. // SimpleBindRequest represents a username/password bind operation
  8. type SimpleBindRequest struct {
  9. // Username is the name of the Directory object that the client wishes to bind as
  10. Username string
  11. // Password is the credentials to bind with
  12. Password string
  13. // Controls are optional controls to send with the bind request
  14. Controls []Control
  15. // AllowEmptyPassword sets whether the client allows binding with an empty password
  16. // (normally used for unauthenticated bind).
  17. AllowEmptyPassword bool
  18. }
  19. // SimpleBindResult contains the response from the server
  20. type SimpleBindResult struct {
  21. Controls []Control
  22. }
  23. // NewSimpleBindRequest returns a bind request
  24. func NewSimpleBindRequest(username string, password string, controls []Control) *SimpleBindRequest {
  25. return &SimpleBindRequest{
  26. Username: username,
  27. Password: password,
  28. Controls: controls,
  29. AllowEmptyPassword: false,
  30. }
  31. }
  32. func (bindRequest *SimpleBindRequest) encode() *ber.Packet {
  33. request := ber.Encode(ber.ClassApplication, ber.TypeConstructed, ApplicationBindRequest, nil, "Bind Request")
  34. request.AppendChild(ber.NewInteger(ber.ClassUniversal, ber.TypePrimitive, ber.TagInteger, 3, "Version"))
  35. request.AppendChild(ber.NewString(ber.ClassUniversal, ber.TypePrimitive, ber.TagOctetString, bindRequest.Username, "User Name"))
  36. request.AppendChild(ber.NewString(ber.ClassContext, ber.TypePrimitive, 0, bindRequest.Password, "Password"))
  37. return request
  38. }
  39. // SimpleBind performs the simple bind operation defined in the given request
  40. func (l *Conn) SimpleBind(simpleBindRequest *SimpleBindRequest) (*SimpleBindResult, error) {
  41. if simpleBindRequest.Password == "" && !simpleBindRequest.AllowEmptyPassword {
  42. return nil, NewError(ErrorEmptyPassword, errors.New("ldap: empty password not allowed by the client"))
  43. }
  44. packet := ber.Encode(ber.ClassUniversal, ber.TypeConstructed, ber.TagSequence, nil, "LDAP Request")
  45. packet.AppendChild(ber.NewInteger(ber.ClassUniversal, ber.TypePrimitive, ber.TagInteger, l.nextMessageID(), "MessageID"))
  46. encodedBindRequest := simpleBindRequest.encode()
  47. packet.AppendChild(encodedBindRequest)
  48. if len(simpleBindRequest.Controls) > 0 {
  49. packet.AppendChild(encodeControls(simpleBindRequest.Controls))
  50. }
  51. if l.Debug {
  52. ber.PrintPacket(packet)
  53. }
  54. msgCtx, err := l.sendMessage(packet)
  55. if err != nil {
  56. return nil, err
  57. }
  58. defer l.finishMessage(msgCtx)
  59. packetResponse, ok := <-msgCtx.responses
  60. if !ok {
  61. return nil, NewError(ErrorNetwork, errors.New("ldap: response channel closed"))
  62. }
  63. packet, err = packetResponse.ReadPacket()
  64. l.Debug.Printf("%d: got response %p", msgCtx.id, packet)
  65. if err != nil {
  66. return nil, err
  67. }
  68. if l.Debug {
  69. if err = addLDAPDescriptions(packet); err != nil {
  70. return nil, err
  71. }
  72. ber.PrintPacket(packet)
  73. }
  74. result := &SimpleBindResult{
  75. Controls: make([]Control, 0),
  76. }
  77. if len(packet.Children) == 3 {
  78. for _, child := range packet.Children[2].Children {
  79. decodedChild, decodeErr := DecodeControl(child)
  80. if decodeErr != nil {
  81. return nil, fmt.Errorf("failed to decode child control: %s", decodeErr)
  82. }
  83. result.Controls = append(result.Controls, decodedChild)
  84. }
  85. }
  86. err = GetLDAPError(packet)
  87. return result, err
  88. }
  89. // Bind performs a bind with the given username and password.
  90. //
  91. // It does not allow unauthenticated bind (i.e. empty password). Use the UnauthenticatedBind method
  92. // for that.
  93. func (l *Conn) Bind(username, password string) error {
  94. req := &SimpleBindRequest{
  95. Username: username,
  96. Password: password,
  97. AllowEmptyPassword: false,
  98. }
  99. _, err := l.SimpleBind(req)
  100. return err
  101. }
  102. // UnauthenticatedBind performs an unauthenticated bind.
  103. //
  104. // A username may be provided for trace (e.g. logging) purpose only, but it is normally not
  105. // authenticated or otherwise validated by the LDAP server.
  106. //
  107. // See https://tools.ietf.org/html/rfc4513#section-5.1.2 .
  108. // See https://tools.ietf.org/html/rfc4513#section-6.3.1 .
  109. func (l *Conn) UnauthenticatedBind(username string) error {
  110. req := &SimpleBindRequest{
  111. Username: username,
  112. Password: "",
  113. AllowEmptyPassword: true,
  114. }
  115. _, err := l.SimpleBind(req)
  116. return err
  117. }
上海开阖软件有限公司 沪ICP备12045867号-1