tes (985d13a6) · Commits · tuxist / authdb

plugin/ad/ad.cpp

+184 −249

Original line number	Diff line number	Diff line
		@@ -385,25 +385,17 @@ void ActiveDirectory::loadDomains() {
		_Domains.clear();

		Domain domain;
		size_t rd = sizeof(authdb::AuthHeader), end = _AdminBackend.end();

		while (rd < end) {
		std::shared_ptr<authdb::AuthData::Record> cur =
		std::make_shared<authdb::AuthData::Record>();
		cur->type = EmptyData;
		_AdminBackend.setPos(rd);
		_AdminBackend.read((unsigned char*)cur.get(), sizeof(AuthData::Record));
		rd = _AdminBackend.getPos() + cur->datasize;

		if (cur->type == DataType::DomainData &&
		strcmp(cur->fieldname, "domainname") == 0) {
		class DomainData ddat(cur->ruid);
		std::vector<uuid::uuid> dids;
		domain.list(_AdminBackend, dids);

		for (auto &did : dids) {
		class DomainData ddat(did);
		try {
		size_t dpos = sizeof(authdb::AuthHeader);
		domain.info(_AdminBackend, ddat, dpos);

		DomainInfo di;
		di.domainId = uuid::uuid(cur->ruid);
		di.domainId = did;
		di.domainName = ddat.getDomainName();
		di.baseDN = domainToBaseDN(di.domainName);
		di.storageType = ddat.getStorageType();
		@@ -419,7 +411,6 @@ void ActiveDirectory::loadDomains() {
		std::cerr << "AD: domain load error: " << e.what() << std::endl;
		}
		}
		}

		/* Always include admin.local */
		DomainInfo admin;
		@@ -753,18 +744,11 @@ bool ActiveDirectory::authenticateSimple(const std::string &bindDN,

		/* Scan for the user */
		User user;
		size_t rd = sizeof(authdb::AuthHeader), end = backend->end();
		std::shared_ptr<authdb::AuthData::Record> cur =
		std::make_shared<authdb::AuthData::Record>();

		while (rd < end) {
		cur->type = EmptyData;
		backend->setPos(rd);
		backend->read((unsigned char*)cur.get(), sizeof(AuthData::Record));
		rd = backend->getPos() + cur->datasize;

		if (cur->type == UserData && strcmp(cur->fieldname, "username") == 0) {
		class UserData udat(cur->ruid);
		std::vector<uuid::uuid> uids;
		user.list(*backend, uids);

		for (auto &uid : uids) {
		class UserData udat(uid);
		try {
		size_t upos = sizeof(authdb::AuthHeader);
		user.info(*backend, udat, upos);
		@@ -773,14 +757,13 @@ bool ActiveDirectory::authenticateSimple(const std::string &bindDN,
		pwhash == udat.getPwHash()) {
		session.authenticated = true;
		session.bindDN = bindDN;
		session.userUid = uuid::uuid(cur->ruid);
		session.userUid = uid;
		session.realm = di.domainName;
		return true;
		}
		} catch (...) {}
		}
		}
		}

		return false;
		}
		@@ -1016,18 +999,11 @@ void ActiveDirectory::enumerateUsers(AuthBackend &backend, const std::string &ba
		const LdapFilter &filter,
		std::vector<LdapEntry> &results) {
		User user;
		size_t rd = sizeof(authdb::AuthHeader), end = backend.end();
		std::shared_ptr<authdb::AuthData::Record> cur =
		std::make_shared<authdb::AuthData::Record>();

		while (rd < end) {
		cur->type = EmptyData;
		backend.setPos(rd);
		backend.read((unsigned char*)cur.get(), sizeof(AuthData::Record));
		rd = backend.getPos() + cur->datasize;

		if (cur->type == UserData && strcmp(cur->fieldname, "username") == 0) {
		class UserData udat(cur->ruid);
		std::vector<uuid::uuid> uids;
		user.list(backend, uids);

		for (auto &uid : uids) {
		class UserData udat(uid);
		try {
		size_t upos = sizeof(authdb::AuthHeader);
		user.info(backend, udat, upos);
		@@ -1042,7 +1018,7 @@ void ActiveDirectory::enumerateUsers(AuthBackend &backend, const std::string &ba
		entry.addAttribute("cn", username);
		entry.addAttribute("sAMAccountName", username);
		entry.addAttribute("distinguishedName", dn);
		entry.addAttribute("objectGUID", uuid::uuid(cur->ruid).c_str());
		entry.addAttribute("objectGUID", uid.c_str());
		entry.addAttribute("userPrincipalName",
		username + "@" + toUpper(baseDN)); /* UPN */

		@@ -1060,7 +1036,6 @@ void ActiveDirectory::enumerateUsers(AuthBackend &backend, const std::string &ba
		} catch (...) {}
		}
		}
		}

		/******************************************************************************
		* Directory Enumeration — Groups
		@@ -1068,20 +1043,13 @@ void ActiveDirectory::enumerateUsers(AuthBackend &backend, const std::string &ba
		void ActiveDirectory::enumerateGroups(AuthBackend &backend, const std::string &baseDN,
		const LdapFilter &filter,
		std::vector<LdapEntry> &results) {
		size_t rd = sizeof(authdb::AuthHeader), end = backend.end();
		std::shared_ptr<authdb::AuthData::Record> cur =
		std::make_shared<authdb::AuthData::Record>();

		while (rd < end) {
		cur->type = EmptyData;
		backend.setPos(rd);
		backend.read((unsigned char*)cur.get(), sizeof(AuthData::Record));
		rd = backend.getPos() + cur->datasize;

		if (cur->type == DataType::GroupData && strcmp(cur->fieldname, "name") == 0) {
		class GroupData gdat(cur->ruid);
		try {
		Group group;
		std::vector<uuid::uuid> gids;
		group.list(backend, gids);

		for (auto &gid : gids) {
		class GroupData gdat(gid);
		try {
		size_t gpos = sizeof(authdb::AuthHeader);
		group.info(backend, gdat, gpos);

		@@ -1095,7 +1063,7 @@ void ActiveDirectory::enumerateGroups(AuthBackend &backend, const std::string &b
		entry.addAttribute("cn", groupName);
		entry.addAttribute("sAMAccountName", groupName);
		entry.addAttribute("distinguishedName", dn);
		entry.addAttribute("objectGUID", uuid::uuid(cur->ruid).c_str());
		entry.addAttribute("objectGUID", gid.c_str());
		entry.addAttribute("objectCategory",
		"CN=Group,CN=Schema,CN=Configuration," + baseDN);
		entry.addAttribute("groupType", "-2147483646"); /* Global security group */
		@@ -1104,30 +1072,15 @@ void ActiveDirectory::enumerateGroups(AuthBackend &backend, const std::string &b
		/* Enumerate members */
		std::vector<uuid::uuid> members;
		gdat.getMembers(members);
		for (auto &mid : members) {
		/* Resolve member username */
		User user;
		size_t mrd = sizeof(authdb::AuthHeader);
		std::shared_ptr<authdb::AuthData::Record> mcur =
		std::make_shared<authdb::AuthData::Record>();
		while (mrd < end) {
		mcur->type = EmptyData;
		backend.setPos(mrd);
		backend.read((unsigned char*)mcur.get(), sizeof(AuthData::Record));
		mrd = backend.getPos() + mcur->datasize;
		if (mcur->type == UserData &&
		strcmp(mcur->fieldname, "username") == 0 &&
		mid == uuid::uuid(mcur->ruid)) {
		class UserData mudat(mcur->ruid);
		for (auto &mid : members) {
		class UserData mudat(mid);
		try {
		size_t mupos = sizeof(authdb::AuthHeader);
		user.info(backend, mudat, mupos);
		entry.addAttribute("member",
		"CN=" + mudat.getUsername() + ",CN=Users," + baseDN);
		} catch (...) {}
		break;
		}
		}
		}

		if (filter.matches(entry))
		@@ -1135,7 +1088,6 @@ void ActiveDirectory::enumerateGroups(AuthBackend &backend, const std::string &b
		} catch (...) {}
		}
		}
		}

		/******************************************************************************
		* Directory Enumeration — Clients (Computers)
		@@ -1143,20 +1095,13 @@ void ActiveDirectory::enumerateGroups(AuthBackend &backend, const std::string &b
		void ActiveDirectory::enumerateClients(AuthBackend &backend, const std::string &baseDN,
		const LdapFilter &filter,
		std::vector<LdapEntry> &results) {
		size_t rd = sizeof(authdb::AuthHeader), end = backend.end();
		std::shared_ptr<authdb::AuthData::Record> cur =
		std::make_shared<authdb::AuthData::Record>();

		while (rd < end) {
		cur->type = EmptyData;
		backend.setPos(rd);
		backend.read((unsigned char*)cur.get(), sizeof(AuthData::Record));
		rd = backend.getPos() + cur->datasize;

		if (cur->type == DataType::ClientData && strcmp(cur->fieldname, "clientname") == 0) {
		class ClientData cdat(cur->ruid);
		try {
		Client client;
		std::vector<uuid::uuid> clids;
		client.list(backend, clids);

		for (auto &clid : clids) {
		class ClientData cdat(clid);
		try {
		size_t cpos = sizeof(authdb::AuthHeader);
		client.info(backend, cdat, cpos);

		@@ -1170,7 +1115,7 @@ void ActiveDirectory::enumerateClients(AuthBackend &backend, const std::string &
		entry.addAttribute("cn", clientName);
		entry.addAttribute("sAMAccountName", clientName + "$");
		entry.addAttribute("distinguishedName", dn);
		entry.addAttribute("objectGUID", uuid::uuid(cur->ruid).c_str());
		entry.addAttribute("objectGUID", clid.c_str());
		entry.addAttribute("dNSHostName", clientName);
		entry.addAttribute("objectCategory",
		"CN=Computer,CN=Schema,CN=Configuration," + baseDN);
		@@ -1182,7 +1127,6 @@ void ActiveDirectory::enumerateClients(AuthBackend &backend, const std::string &
		} catch (...) {}
		}
		}
		}

		/******************************************************************************
		* Directory Enumeration — Services
		@@ -1190,21 +1134,13 @@ void ActiveDirectory::enumerateClients(AuthBackend &backend, const std::string &
		void ActiveDirectory::enumerateServices(AuthBackend &backend, const std::string &baseDN,
		const LdapFilter &filter,
		std::vector<LdapEntry> &results) {
		size_t rd = sizeof(authdb::AuthHeader), end = backend.end();
		std::shared_ptr<authdb::AuthData::Record> cur =
		std::make_shared<authdb::AuthData::Record>();

		while (rd < end) {
		cur->type = EmptyData;
		backend.setPos(rd);
		backend.read((unsigned char*)cur.get(), sizeof(AuthData::Record));
		rd = backend.getPos() + cur->datasize;

		if (cur->type == DataType::ServiceData &&
		strcmp(cur->fieldname, "servicename") == 0) {
		class ServiceData sdat(cur->ruid);
		try {
		ServiceManager svc;
		std::vector<uuid::uuid> sids;
		svc.list(backend, sids);

		for (auto &sid : sids) {
		class ServiceData sdat(sid);
		try {
		size_t spos = sizeof(authdb::AuthHeader);
		svc.info(backend, sdat, spos);

		@@ -1223,7 +1159,7 @@ void ActiveDirectory::enumerateServices(AuthBackend &backend, const std::string
		"top", "serviceConnectionPoint"});
		entry.addAttribute("cn", cn);
		entry.addAttribute("distinguishedName", dn);
		entry.addAttribute("objectGUID", uuid::uuid(cur->ruid).c_str());
		entry.addAttribute("objectGUID", sid.c_str());
		entry.addAttribute("servicePrincipalName",
		svcName + "/" + hostname);
		entry.addAttribute("objectCategory",
		@@ -1235,7 +1171,6 @@ void ActiveDirectory::enumerateServices(AuthBackend &backend, const std::string
		} catch (...) {}
		}
		}
		}

		/******************************************************************************
		* Directory Enumeration — Container entries (CN=Users, CN=Groups, etc.)

src/backend.h

+1 −10

Original line number	Diff line number	Diff line
		@@ -52,10 +52,6 @@ namespace authdb{
		class ServiceManager;
		class RecordIndex;
		class DomainBackend;
		class Session;
		class LocalSession;
		class ClusterSession;
		class SessionData;
		class Export;
		class Import;

		@@ -137,19 +133,14 @@ namespace authdb{
		friend class ServiceManager;
		friend class RecordIndex;
		friend class DomainBackend;
		friend class Session;
		friend class LocalSession;
		friend class ClusterSession;
		friend class Export;
		friend class Import;
		friend SessionData *createSessionData(AuthBackend &backend, uuid::uuid domainid, uuid::uuid userid);
		friend void reloadSessionData(AuthBackend &backend, SessionData *cursess);

		friend void createRecord(AuthBackend &backend, AuthData &rec, int type);
		friend bool getRecord(AuthBackend &backend, AuthData &rec, int type);
		friend bool editRecord(AuthBackend &backend, AuthData &rec, int type);
		friend void delRecord(AuthBackend &backend, const uuid::uuid &uid, int type);
		friend int searchValue(AuthBackend &backend, const char fieldname, const char value);
		friend void vacuumRecords(AuthBackend &backend);

		private:
		int _Type;

src/session.cpp

+54 −73

Original line number	Diff line number	Diff line
		@@ -32,6 +32,7 @@
		#include "authdb.h"
		#include "backend.h"
		#include "group.h"
		#include "user.h"
		#include "gpo.h"
		#include "gpo_default.h"
		#include "types.h"
		@@ -235,37 +236,25 @@ namespace authdb {

		SessionData *createSessionData(AuthBackend &backend, uuid::uuid domainid, uuid::uuid userid){
		std::string username;
		std::shared_ptr<AuthData::Record> cur=std::make_shared<AuthData::Record>();

		size_t rd=sizeof(AuthHeader),end=backend.end();
		while(rd<end){
		cur->type=EmptyData;
		backend.setPos(rd);
		backend.read(reinterpret_cast<unsigned char*>(cur.get()),sizeof(AuthData::Record));
		rd=backend.getPos()+cur->datasize;
		if(cur->type == UserData && strcmp(cur->fieldname,"username")==0
		&& userid==cur->ruid){
		unsigned char *tmp = new unsigned char[cur->datasize];
		backend.read(tmp,cur->datasize);
		username=reinterpret_cast<char*>(tmp);
		delete[] tmp;
		}
		}
		// Get username via User::info
		User user;
		class UserData udat(userid);
		size_t upos=sizeof(AuthHeader);
		user.info(backend, udat, upos);
		username=udat.getUsername();

		// Collect group memberships
		std::shared_ptr<std::vector<uuid::uuid>> mbs = std::make_shared<std::vector<uuid::uuid>>();
		rd=sizeof(AuthHeader);
		while(rd<end){
		backend.setPos(rd);
		backend.read(reinterpret_cast<unsigned char*>(cur.get()),sizeof(AuthData::Record));
		rd=backend.getPos()+cur->datasize;
		if( !uuid::uuid(cur->ruid).empty() && cur->type == GroupData && strcmp(cur->fieldname,"groupname")==0){
		Group group;
		std::shared_ptr<class GroupData> grpi=std::make_shared<class GroupData>(cur->ruid);
		size_t upos=sizeof(AuthHeader);
		group.info(backend,*grpi,upos);
		std::vector<uuid::uuid> gids;
		group.list(backend, gids);
		for(auto &gid : gids){
		std::shared_ptr<class GroupData> grpi=std::make_shared<class GroupData>(gid);
		size_t gpos=sizeof(AuthHeader);
		group.info(backend,*grpi,gpos);
		if(grpi->isMember(userid)){
		mbs->emplace_back(cur->ruid);
		}
		mbs->emplace_back(gid);
		}
		}

		@@ -278,23 +267,21 @@ SessionData *createSessionData(AuthBackend &backend, uuid::uuid domainid, uuid::

		SessionData::GPOResult *gpores=&newSession->_GPOResult;

		// Evaluate GPOs
		Gpo gpo;
		std::vector<uuid::uuid> allow;
		rd=sizeof(AuthHeader);

		while(rd<end){
		backend.setPos(rd);
		backend.read(reinterpret_cast<unsigned char*>(cur.get()),sizeof(AuthData::Record));
		rd=backend.getPos()+cur->datasize;
		if(cur->type == PolicyData && strcmp(cur->fieldname,"gponame")==0){
		std::shared_ptr<class GpoData> gpodat=std::make_shared<class GpoData>(cur->ruid);
		size_t upos=sizeof(AuthHeader);
		gpo.info(backend,*gpodat,upos);
		std::vector<uuid::uuid> gpoids;
		gpo.list(backend, gpoids);

		for(auto &gpoid : gpoids){
		std::shared_ptr<class GpoData> gpodat=std::make_shared<class GpoData>(gpoid);
		size_t gpos2=sizeof(AuthHeader);
		gpo.info(backend,*gpodat,gpos2);
		if(!gpores->GPOId.empty()){
		gpores->next=new SessionData::GPOResult();
		gpores=gpores->next;
		}
		gpores->GPOId=cur->ruid;
		gpores->GPOId=gpoid;
		gpores->GPORes=gpodat->getGpoValue();

		allow.clear();
		@@ -308,7 +295,6 @@ SessionData *createSessionData(AuthBackend &backend, uuid::uuid domainid, uuid::
		}
		}
		}
		}

		// Populate default GPOs that are missing from the backend and create them
		for(size_t i=0; gpo_default[i][0]!=nullptr; ++i){
		@@ -347,27 +333,22 @@ void reloadSessionData(AuthBackend &backend, SessionData *cursess){

		cursess->_members.clear();

		std::shared_ptr<AuthData::Record> cur=std::make_shared<AuthData::Record>();
		size_t rd=sizeof(AuthHeader),end=backend.end();
		while(rd<end){
		cur->type=EmptyData;
		backend.setPos(rd);
		backend.read(reinterpret_cast<unsigned char*>(cur.get()),sizeof(AuthData::Record));
		rd=backend.getPos()+cur->datasize;

		if(cur->type == UserData && strcmp(cur->fieldname,"username")==0
		&& uuid::uuid(cur->ruid)==cursess->_uid.value){
		const std::shared_ptr<unsigned char[]>tmp(new unsigned char[cur->datasize]);
		backend.read(tmp.get(),cur->datasize);
		username=reinterpret_cast<char*>(tmp.get());
		}
		if(cur->type == GroupData && strcmp(cur->fieldname,"groupname")==0){
		std::shared_ptr<class GroupData> grpi=std::make_shared<class GroupData>(cur->ruid);
		// Get username via User::info
		User user;
		class UserData udat(cursess->_uid.value);
		size_t upos=sizeof(AuthHeader);
		group.info(backend,*grpi,upos);
		user.info(backend, udat, upos);
		username=udat.getUsername();

		// Collect group memberships
		std::vector<uuid::uuid> gids;
		group.list(backend, gids);
		for(auto &gid : gids){
		std::shared_ptr<class GroupData> grpi=std::make_shared<class GroupData>(gid);
		size_t gpos=sizeof(AuthHeader);
		group.info(backend,*grpi,gpos);
		if(grpi->isMember(cursess->_uid.value))
		cursess->_members.emplace_back(cur->ruid);
		}
		cursess->_members.emplace_back(gid);
		}
		cursess->_username=username;
		}