This repository has been archived by the owner on Aug 28, 2024. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 6
/
Copy pathauthn.js
110 lines (105 loc) · 3.84 KB
/
authn.js
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
'use strict';
var async = require('async');
var util = require('util');
exports._verify_user = function (userdn, passwd, cb, connection) {
var pool = connection.server.notes.ldappool;
var onError = function(err) {
connection.logerror('Could not verify userdn and password: ' + util.inspect(err));
cb(false);
};
if (!pool) {
return onError('LDAP Pool not found');
}
pool._create_client(function (err, client) {
if (err) { return onError(err); }
client.bind(userdn, passwd, function(err) {
if (err) {
connection.logdebug('Login failed, could not bind ' + util.inspect(userdn) + ': ' + util.inspect(err));
return cb(false);
}
else {
client.unbind();
return cb(true);
}
});
});
};
exports._get_search_conf = function(user, connection) {
var pool = connection.server.notes.ldappool;
var filter = pool.config.authn.searchfilter || '(&(objectclass=*)(uid=%u))';
filter = filter.replace(/%u/g, user);
var config = {
basedn: pool.config.authn.basedn || pool.config.basedn,
filter: filter,
scope: pool.config.authn.scope || pool.config.scope,
attributes: ['dn']
};
return config;
};
exports._get_dn_for_uid = function (uid, callback, connection) {
var plugin = this;
var pool = connection.server.notes.ldappool;
var onError = function(err) {
connection.logerror('Could not get DN for UID ' + util.inspect(uid) + ': ' + util.inspect(err));
callback(err);
};
if (!pool) {
return onError('LDAP Pool not found!');
}
var search = function (err, client) {
if (err) {
return onError(err);
}
else {
var config = plugin._get_search_conf(uid, connection);
connection.logdebug('Getting DN for uid: ' + util.inspect(config));
try {
client.search(config.basedn, config, function(search_error, res) {
if (search_error) { onError(search_error); }
var userdn=[];
res.on('searchEntry', function(entry) {
userdn.push(entry.object.dn);
});
res.on('error', onError);
res.on('end', function() {
callback(null, userdn);
});
});
}
catch (e) {
return onError(e);
}
}
};
pool.get(search);
};
exports.check_plain_passwd = function (connection, user, passwd, cb) {
var plugin = this;
var pool = connection.server.notes.ldappool;
if (Array.isArray(pool.config.authn.dn)) {
connection.logdebug('Looking up user ' + util.inspect(user) + ' by DN.');
var search = function(userdn, searchCallback) {
var userdn = userdn.replace(/%u/g, user);
return plugin._verify_user(userdn, passwd, searchCallback, connection);
};
var asyncCallback = function(result) {
cb(result !== undefined && result !== null);
};
return async.detect(pool.config.authn.dn, search, asyncCallback);
}
var callback = function(err, userdn) {
if (err) {
connection.logerror('Could not use LDAP for password check: ' + util.inspect(err));
return cb(false);
}
else if (userdn.length !== 1) {
connection.logdebug('None or nonunique LDAP search result for user ' + util.inspect(user) + ', access denied');
cb(false);
}
else {
return plugin._verify_user(userdn[0], passwd, cb, connection);
}
};
connection.logdebug('Looking up user ' + util.inspect(user) + ' by search.');
plugin._get_dn_for_uid(user, callback, connection);
};