/* # Copyright (c) 2008, Perforce Software, Inc. All rights reserved. # # Redistribution and use in source and binary forms, with or without # modification, are permitted provided that the following conditions are met: # # 1. Redistributions of source code must retain the above copyright # notice, this list of conditions and the following disclaimer. # # 2. Redistributions in binary form must reproduce the above copyright # notice, this list of conditions and the following disclaimer in the # documentation and/or other materials provided with the distribution. # # THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" # AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE # IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE # ARE DISCLAIMED. IN NO EVENT SHALL PERFORCE SOFTWARE, INC. BE LIABLE FOR ANY # DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES # (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; # LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND # ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT # (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF # THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. ** This is an example of an 'auth-check' trigger used by Perforce (2005.2 ** onwards) to authenticate a user against an LDAP server. ** ** When enabled, this example uses TLS to encrypt the password verification ** and has been tested against openldap (slapd) on Linux26x68_64. This ** example builds on both Windows and Linux using the Microsoft LDAP API or ** the OpenLDAP c API respectivly. ** ** The password is sent to this triggers <stdin> with an argument list of ** host (hostname of ldap server), port (port of ldap server), dn ** ** e.g. ldap.mycompany.com 389 uid=joeb,cn=users,dc=mycompany,dc=com ** ** The Perforce trigger definition would looks something like this:- ** ** example auth-check auth /scripts/checkpass localhost 389 uid=%user%,cn ** =users,dc=wombat,dc=perforce,dc=com" */ #include <stdio.h> #ifdef WIN32 #include "windows.h" #include "winldap.h" #define ldap_init ldap_initA #define ldap_start_tls_s ldap_start_tls_sA #define ldap_simple_bind_s ldap_simple_bind_sA #else #define LDAP_DEPRECATED 1 #include "ldap.h" #include <stdlib.h> #endif int requested_version = LDAP_VERSION3; int authCheck(char *host, char *port, char *bind_dn, char *bind_pw, bool TLS=false); int main(int argc, char **argv) { char oldPassword[128]; if( argc != 4 ) { printf( "wrong number of arguments!\n" ); return( -1 ); } /* read the password from <stdin> and truncate the newline */ if( fgets( oldPassword, 128, stdin ) == NULL ) { printf( "Didn't receive old password!\n" ); return( -1 ); } oldPassword[ strlen(oldPassword) - 1 ] = '\0'; return( authCheck( argv[1], argv[2], argv[3], oldPassword ) ); } int authCheck( char *host, char *port, char *bind_dn, char *bind_pw, bool TLS) { LDAP *ld; int rc; int portnumber = atoi( port ); /* Get a handle to an LDAP connection. */ if( ( ld = ldap_init(host, portnumber ) ) == NULL ) { printf( "Can't initialize %s : %d\n" , host, portnumber ); return( -1 ); } ldap_set_option( ld, LDAP_OPT_PROTOCOL_VERSION, &requested_version ); /* If appropriate, switch to a secure connection */ if (TLS == true) { #ifdef WIN32 rc = ldap_start_tls_s( ld, NULL, NULL, NULL, NULL); #else rc = ldap_start_tls_s( ld, NULL, NULL); #endif if ( rc != LDAP_SUCCESS ) { printf( "Can't initialize tls\n" ); return( -1 ); } } /* bind */ rc = ldap_simple_bind_s( ld, bind_dn, bind_pw); /* check result, report errors */ if ( rc != LDAP_SUCCESS ) { printf( "password incorrect\n" ); return( -1 ); } /* bind worked - user password verified */ ldap_unbind_s( ld ); return( 0 ); }
# | Change | User | Description | Committed | |
---|---|---|---|---|---|
#1 | 6513 | Nick Poole |
Modified p4authenticate.c to use the Microsoft LDAP API when WIN32 is defined, and added LDAP_DEPRECATED flag for building with current versions of OpenLDAP when WIN32 is not defined. Also added nice big generic disclaimer. Building under Windows (with Visual Studio 2005): (first rename to *.cpp) c:\>cl /EHs p4authenticate.cpp /DWIN32 /link Wldap32.Lib Building under *nix (with G++): $ g++ -o LDAPauth p4authenticate.c -lldap |
||
//guest/perforce_software/triggers/p4authenticate.c | |||||
#1 | 5202 | michael |
Authentication trigger examples for 2005.2. Updated index page to follow. |