closed-social
/
gitea
3
0
Fork 0
Code Issues 0 Pull Requests 0 Projects 0 Releases 0 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
3159 Commits
2 Branches
178 MiB
Tree: 968edb3e44
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '968edb3e44'
${ noResults }
gitea/modules/ldap/search.go

350 lines
10 KiB
Raw Normal View History

Remove ldap dep
10 years ago
 
  1. // Copyright 2011 The Go Authors. All rights reserved.

  2. // Use of this source code is governed by a BSD-style

  3. // license that can be found in the LICENSE file.

  4. //

  5. // File contains Search functionality

  6. //

  7. // https://tools.ietf.org/html/rfc4511

  8. //

  9. //         SearchRequest ::= [APPLICATION 3] SEQUENCE {

  10. //              baseObject      LDAPDN,

  11. //              scope           ENUMERATED {

  12. //                   baseObject              (0),

  13. //                   singleLevel             (1),

  14. //                   wholeSubtree            (2),

  15. //                   ...  },

  16. //              derefAliases    ENUMERATED {

  17. //                   neverDerefAliases       (0),

  18. //                   derefInSearching        (1),

  19. //                   derefFindingBaseObj     (2),

  20. //                   derefAlways             (3) },

  21. //              sizeLimit       INTEGER (0 ..  maxInt),

  22. //              timeLimit       INTEGER (0 ..  maxInt),

  23. //              typesOnly       BOOLEAN,

  24. //              filter          Filter,

  25. //              attributes      AttributeSelection }

  26. //

  27. //         AttributeSelection ::= SEQUENCE OF selector LDAPString

  28. //                         -- The LDAPString is constrained to

  29. //                         -- <attributeSelector> in Section 4.5.1.8

  30. //

  31. //         Filter ::= CHOICE {

  32. //              and             [0] SET SIZE (1..MAX) OF filter Filter,

  33. //              or              [1] SET SIZE (1..MAX) OF filter Filter,

  34. //              not             [2] Filter,

  35. //              equalityMatch   [3] AttributeValueAssertion,

  36. //              substrings      [4] SubstringFilter,

  37. //              greaterOrEqual  [5] AttributeValueAssertion,

  38. //              lessOrEqual     [6] AttributeValueAssertion,

  39. //              present         [7] AttributeDescription,

  40. //              approxMatch     [8] AttributeValueAssertion,

  41. //              extensibleMatch [9] MatchingRuleAssertion,

  42. //              ...  }

  43. //

  44. //         SubstringFilter ::= SEQUENCE {

  45. //              type           AttributeDescription,

  46. //              substrings     SEQUENCE SIZE (1..MAX) OF substring CHOICE {

  47. //                   initial [0] AssertionValue,  -- can occur at most once

  48. //                   any     [1] AssertionValue,

  49. //                   final   [2] AssertionValue } -- can occur at most once

  50. //              }

  51. //

  52. //         MatchingRuleAssertion ::= SEQUENCE {

  53. //              matchingRule    [1] MatchingRuleId OPTIONAL,

  54. //              type            [2] AttributeDescription OPTIONAL,

  55. //              matchValue      [3] AssertionValue,

  56. //              dnAttributes    [4] BOOLEAN DEFAULT FALSE }

  57. //

  58. //

  59. 

  60. package ldap
  61. 

  62. import (
  63. 	"errors"
  64. 	"fmt"
  65. 	"strings"
  66. 

  67. 	"github.com/gogits/gogs/modules/asn1-ber"
  68. )
  69. 

  70. const (
  71. 	ScopeBaseObject   = 0
  72. 	ScopeSingleLevel  = 1
  73. 	ScopeWholeSubtree = 2
  74. )
  75. 

  76. var ScopeMap = map[int]string{
  77. 	ScopeBaseObject:   "Base Object",
  78. 	ScopeSingleLevel:  "Single Level",
  79. 	ScopeWholeSubtree: "Whole Subtree",
  80. }
  81. 

  82. const (
  83. 	NeverDerefAliases   = 0
  84. 	DerefInSearching    = 1
  85. 	DerefFindingBaseObj = 2
  86. 	DerefAlways         = 3
  87. )
  88. 

  89. var DerefMap = map[int]string{
  90. 	NeverDerefAliases:   "NeverDerefAliases",
  91. 	DerefInSearching:    "DerefInSearching",
  92. 	DerefFindingBaseObj: "DerefFindingBaseObj",
  93. 	DerefAlways:         "DerefAlways",
  94. }
  95. 

  96. type Entry struct {
  97. 	DN         string
  98. 	Attributes []*EntryAttribute
  99. }
  100. 

  101. func (e *Entry) GetAttributeValues(attribute string) []string {
  102. 	for _, attr := range e.Attributes {
  103. 		if attr.Name == attribute {
  104. 			return attr.Values
  105. 		}
  106. 	}
  107. 	return []string{}
  108. }
  109. 

  110. func (e *Entry) GetAttributeValue(attribute string) string {
  111. 	values := e.GetAttributeValues(attribute)
  112. 	if len(values) == 0 {
  113. 		return ""
  114. 	}
  115. 	return values[0]
  116. }
  117. 

  118. func (e *Entry) Print() {
  119. 	fmt.Printf("DN: %s\n", e.DN)
  120. 	for _, attr := range e.Attributes {
  121. 		attr.Print()
  122. 	}
  123. }
  124. 

  125. func (e *Entry) PrettyPrint(indent int) {
  126. 	fmt.Printf("%sDN: %s\n", strings.Repeat(" ", indent), e.DN)
  127. 	for _, attr := range e.Attributes {
  128. 		attr.PrettyPrint(indent + 2)
  129. 	}
  130. }
  131. 

  132. type EntryAttribute struct {
  133. 	Name   string
  134. 	Values []string
  135. }
  136. 

  137. func (e *EntryAttribute) Print() {
  138. 	fmt.Printf("%s: %s\n", e.Name, e.Values)
  139. }
  140. 

  141. func (e *EntryAttribute) PrettyPrint(indent int) {
  142. 	fmt.Printf("%s%s: %s\n", strings.Repeat(" ", indent), e.Name, e.Values)
  143. }
  144. 

  145. type SearchResult struct {
  146. 	Entries   []*Entry
  147. 	Referrals []string
  148. 	Controls  []Control
  149. }
  150. 

  151. func (s *SearchResult) Print() {
  152. 	for _, entry := range s.Entries {
  153. 		entry.Print()
  154. 	}
  155. }
  156. 

  157. func (s *SearchResult) PrettyPrint(indent int) {
  158. 	for _, entry := range s.Entries {
  159. 		entry.PrettyPrint(indent)
  160. 	}
  161. }
  162. 

  163. type SearchRequest struct {
  164. 	BaseDN       string
  165. 	Scope        int
  166. 	DerefAliases int
  167. 	SizeLimit    int
  168. 	TimeLimit    int
  169. 	TypesOnly    bool
  170. 	Filter       string
  171. 	Attributes   []string
  172. 	Controls     []Control
  173. }
  174. 

  175. func (s *SearchRequest) encode() (*ber.Packet, error) {
  176. 	request := ber.Encode(ber.ClassApplication, ber.TypeConstructed, ApplicationSearchRequest, nil, "Search Request")
  177. 	request.AppendChild(ber.NewString(ber.ClassUniversal, ber.TypePrimitive, ber.TagOctetString, s.BaseDN, "Base DN"))
  178. 	request.AppendChild(ber.NewInteger(ber.ClassUniversal, ber.TypePrimitive, ber.TagEnumerated, uint64(s.Scope), "Scope"))
  179. 	request.AppendChild(ber.NewInteger(ber.ClassUniversal, ber.TypePrimitive, ber.TagEnumerated, uint64(s.DerefAliases), "Deref Aliases"))
  180. 	request.AppendChild(ber.NewInteger(ber.ClassUniversal, ber.TypePrimitive, ber.TagInteger, uint64(s.SizeLimit), "Size Limit"))
  181. 	request.AppendChild(ber.NewInteger(ber.ClassUniversal, ber.TypePrimitive, ber.TagInteger, uint64(s.TimeLimit), "Time Limit"))
  182. 	request.AppendChild(ber.NewBoolean(ber.ClassUniversal, ber.TypePrimitive, ber.TagBoolean, s.TypesOnly, "Types Only"))
  183. 	// compile and encode filter

  184. 	filterPacket, err := CompileFilter(s.Filter)
  185. 	if err != nil {
  186. 		return nil, err
  187. 	}
  188. 	request.AppendChild(filterPacket)
  189. 	// encode attributes

  190. 	attributesPacket := ber.Encode(ber.ClassUniversal, ber.TypeConstructed, ber.TagSequence, nil, "Attributes")
  191. 	for _, attribute := range s.Attributes {
  192. 		attributesPacket.AppendChild(ber.NewString(ber.ClassUniversal, ber.TypePrimitive, ber.TagOctetString, attribute, "Attribute"))
  193. 	}
  194. 	request.AppendChild(attributesPacket)
  195. 	return request, nil
  196. }
  197. 

  198. func NewSearchRequest(
  199. 	BaseDN string,
  200. 	Scope, DerefAliases, SizeLimit, TimeLimit int,
  201. 	TypesOnly bool,
  202. 	Filter string,
  203. 	Attributes []string,
  204. 	Controls []Control,
  205. ) *SearchRequest {
  206. 	return &SearchRequest{
  207. 		BaseDN:       BaseDN,
  208. 		Scope:        Scope,
  209. 		DerefAliases: DerefAliases,
  210. 		SizeLimit:    SizeLimit,
  211. 		TimeLimit:    TimeLimit,
  212. 		TypesOnly:    TypesOnly,
  213. 		Filter:       Filter,
  214. 		Attributes:   Attributes,
  215. 		Controls:     Controls,
  216. 	}
  217. }
  218. 

  219. func (l *Conn) SearchWithPaging(searchRequest *SearchRequest, pagingSize uint32) (*SearchResult, error) {
  220. 	if searchRequest.Controls == nil {
  221. 		searchRequest.Controls = make([]Control, 0)
  222. 	}
  223. 

  224. 	pagingControl := NewControlPaging(pagingSize)
  225. 	searchRequest.Controls = append(searchRequest.Controls, pagingControl)
  226. 	searchResult := new(SearchResult)
  227. 	for {
  228. 		result, err := l.Search(searchRequest)
  229. 		l.Debug.Printf("Looking for Paging Control...")
  230. 		if err != nil {
  231. 			return searchResult, err
  232. 		}
  233. 		if result == nil {
  234. 			return searchResult, NewError(ErrorNetwork, errors.New("ldap: packet not received"))
  235. 		}
  236. 

  237. 		for _, entry := range result.Entries {
  238. 			searchResult.Entries = append(searchResult.Entries, entry)
  239. 		}
  240. 		for _, referral := range result.Referrals {
  241. 			searchResult.Referrals = append(searchResult.Referrals, referral)
  242. 		}
  243. 		for _, control := range result.Controls {
  244. 			searchResult.Controls = append(searchResult.Controls, control)
  245. 		}
  246. 

  247. 		l.Debug.Printf("Looking for Paging Control...")
  248. 		pagingResult := FindControl(result.Controls, ControlTypePaging)
  249. 		if pagingResult == nil {
  250. 			pagingControl = nil
  251. 			l.Debug.Printf("Could not find paging control.  Breaking...")
  252. 			break
  253. 		}
  254. 

  255. 		cookie := pagingResult.(*ControlPaging).Cookie
  256. 		if len(cookie) == 0 {
  257. 			pagingControl = nil
  258. 			l.Debug.Printf("Could not find cookie.  Breaking...")
  259. 			break
  260. 		}
  261. 		pagingControl.SetCookie(cookie)
  262. 	}
  263. 

  264. 	if pagingControl != nil {
  265. 		l.Debug.Printf("Abandoning Paging...")
  266. 		pagingControl.PagingSize = 0
  267. 		l.Search(searchRequest)
  268. 	}
  269. 

  270. 	return searchResult, nil
  271. }
  272. 

  273. func (l *Conn) Search(searchRequest *SearchRequest) (*SearchResult, error) {
  274. 	messageID := l.nextMessageID()
  275. 	packet := ber.Encode(ber.ClassUniversal, ber.TypeConstructed, ber.TagSequence, nil, "LDAP Request")
  276. 	packet.AppendChild(ber.NewInteger(ber.ClassUniversal, ber.TypePrimitive, ber.TagInteger, messageID, "MessageID"))
  277. 	// encode search request

  278. 	encodedSearchRequest, err := searchRequest.encode()
  279. 	if err != nil {
  280. 		return nil, err
  281. 	}
  282. 	packet.AppendChild(encodedSearchRequest)
  283. 	// encode search controls

  284. 	if searchRequest.Controls != nil {
  285. 		packet.AppendChild(encodeControls(searchRequest.Controls))
  286. 	}
  287. 

  288. 	l.Debug.PrintPacket(packet)
  289. 

  290. 	channel, err := l.sendMessage(packet)
  291. 	if err != nil {
  292. 		return nil, err
  293. 	}
  294. 	if channel == nil {
  295. 		return nil, NewError(ErrorNetwork, errors.New("ldap: could not send message"))
  296. 	}
  297. 	defer l.finishMessage(messageID)
  298. 

  299. 	result := &SearchResult{
  300. 		Entries:   make([]*Entry, 0),
  301. 		Referrals: make([]string, 0),
  302. 		Controls:  make([]Control, 0)}
  303. 

  304. 	foundSearchResultDone := false
  305. 	for !foundSearchResultDone {
  306. 		l.Debug.Printf("%d: waiting for response", messageID)
  307. 		packet = <-channel
  308. 		l.Debug.Printf("%d: got response %p", messageID, packet)
  309. 		if packet == nil {
  310. 			return nil, NewError(ErrorNetwork, errors.New("ldap: could not retrieve message"))
  311. 		}
  312. 

  313. 		if l.Debug {
  314. 			if err := addLDAPDescriptions(packet); err != nil {
  315. 				return nil, err
  316. 			}
  317. 			ber.PrintPacket(packet)
  318. 		}
  319. 

  320. 		switch packet.Children[1].Tag {
  321. 		case 4:
  322. 			entry := new(Entry)
  323. 			entry.DN = packet.Children[1].Children[0].Value.(string)
  324. 			for _, child := range packet.Children[1].Children[1].Children {
  325. 				attr := new(EntryAttribute)
  326. 				attr.Name = child.Children[0].Value.(string)
  327. 				for _, value := range child.Children[1].Children {
  328. 					attr.Values = append(attr.Values, value.Value.(string))
  329. 				}
  330. 				entry.Attributes = append(entry.Attributes, attr)
  331. 			}
  332. 			result.Entries = append(result.Entries, entry)
  333. 		case 5:
  334. 			resultCode, resultDescription := getLDAPResultCode(packet)
  335. 			if resultCode != 0 {
  336. 				return result, NewError(resultCode, errors.New(resultDescription))
  337. 			}
  338. 			if len(packet.Children) == 3 {
  339. 				for _, child := range packet.Children[2].Children {
  340. 					result.Controls = append(result.Controls, DecodeControl(child))
  341. 				}
  342. 			}
  343. 			foundSearchResultDone = true
  344. 		case 19:
  345. 			result.Referrals = append(result.Referrals, packet.Children[1].Children[0].Value.(string))
  346. 		}
  347. 	}
  348. 	l.Debug.Printf("%d: returning", messageID)
  349. 	return result, nil
  350. }