packages
/
light-apiengine


			
				
					
						
						
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123
							package auth

import (
	"git.qianqiusoft.com/qianqiusoft/light-apiengine/ldap"
	"git.qianqiusoft.com/qianqiusoft/light-apiengine/entitys"
	"git.qianqiusoft.com/qianqiusoft/light-apiengine/logs"
	"git.qianqiusoft.com/qianqiusoft/light-apiengine/config"
	"git.qianqiusoft.com/qianqiusoft/light-apiengine/models"
	"git.qianqiusoft.com/qianqiusoft/light-apiengine/utils"
	"net"
	"fmt"
	"strings"
)
type LdapAuth struct {
	App entitys.ApiEngineInterface
	IAuth
}

func NewLdapAuth(app entitys.ApiEngineInterface) *LdapAuth {
	return &LdapAuth{App:app}
}

func (this *LdapAuth)Login(c *entitys.CtrlContext) {
}

func (this *LdapAuth)Logout(c *entitys.CtrlContext){
}

func (this* LdapAuth)Init(){

	s := ldap.NewServer()

	// register Bind and Search function handlers
	handler := ldapHandler{this.App}
	s.BindFunc("", handler)
	s.SearchFunc("", handler)

	// start the server
	listen :=fmt.Sprintf(":%d", config.AppConfig.LdapPort)
	logs.Info("Starting example LDAP server on %s", listen)
	if err := s.ListenAndServe(listen); err != nil {
		logs.Error("LDAP Server Failed: %s", err.Error())
	}
}

type ldapHandler struct {
	App entitys.ApiEngineInterface
}

///////////// Allow anonymous binds only
func (h ldapHandler) Bind(bindDN, bindSimplePw string, conn net.Conn) (ldap.LDAPResultCode, error) {
	fmt.Println("bind:",bindDN)
	fmt.Println("pwd:", bindSimplePw)

	if bindDN == "cn=qianqiuiot" {
		if bindSimplePw == "qianqiuiot.com" {
			return ldap.LDAPResultSuccess, nil
		}else {
			return ldap.LDAPResultCompareFalse, nil
		}
	}
	userName := bindDN[3:]
	password := bindSimplePw
	var user models.SysUser
	ret, err := h.App.GetBusinessDb("qianqiuiot.com").SQL(models.SqlUserLogin, userName).Get(&user)

	if ret && err == nil {
		md5Pwd := utils.HashPassword(password, "")
		//密码错误
		if !strings.EqualFold(user.Password, md5Pwd) {
			fmt.Println("密码错误")
			return ldap.LDAPResultCompareFalse, nil
		}else {
			fmt.Println("密码正确")
			return ldap.LDAPResultSuccess, nil
		}
	}
	fmt.Println("出错", err)
	return ldap.LDAPResultCompareFalse, err
}

///////////// Return some hardcoded search results - we'll respond to any baseDN for testing
func (h ldapHandler) Search(boundDN string, searchReq ldap.SearchRequest, conn net.Conn) (ldap.ServerSearchResult, error) {
	fmt.Printf("search......basedn:%s, searchreq:%s\n", boundDN, searchReq)
	userName := ""
	if boundDN == "cn=qianqiuiot" {
		fmt.Println("filter:", searchReq.Filter)
		fmt.Println("BaseDN:", searchReq.BaseDN)
		start := strings.Index(searchReq.Filter, "uid=")
		if start > 0 {
			end := strings.Index(searchReq.Filter[start:], ")")
			fmt.Println("%d,%d", start, end)
			userName = searchReq.Filter[start+4 : start+end]
			fmt.Println(userName)
		}else {
			if len(searchReq.BaseDN)>3 {
				userName = searchReq.BaseDN[3:]
			}
		}
	}else {
		userName = boundDN[3:]
	}
	if userName != "" {
		var user models.SysUser
		ret, err := h.App.GetBusinessDb("qianqiuiot.com").SQL(models.SqlUserLogin, userName).Get(&user)

		if ret && err == nil {
			entries := []*ldap.Entry{
				&ldap.Entry{"cn=" + user.LoginId, []*ldap.EntryAttribute{
					&ldap.EntryAttribute{"cn", []string{user.Name}},
					&ldap.EntryAttribute{"uidNumber", []string{user.Id}},
					&ldap.EntryAttribute{"accountStatus", []string{"active"}},
					&ldap.EntryAttribute{"uid", []string{user.LoginId}},
					&ldap.EntryAttribute{"description", []string{user.Name}},
					&ldap.EntryAttribute{"email", []string{user.Email}},
					&ldap.EntryAttribute{"objectClass", []string{"posixAccount"}},
				}},
			}
			return ldap.ServerSearchResult{entries, []string{}, []ldap.Control{}, ldap.LDAPResultSuccess}, nil
		}
	}
	return ldap.ServerSearchResult{nil, []string{}, []ldap.Control{}, ldap.LDAPResultSuccess}, nil
}